On Wed, 2009-10-14 at 14:50 -0700, Alexandros Batsakis wrote:
> a) nfs41_sequence_done() called after destroy_session() that leads to
> a NULL pointer dereference
> b) a BADSESSION reply to a sequence operation triggers a
> reset_session() at the same time with destroy_session() (called by
> umount) that leads to another NULL pointer dereference.
This would mean that nfs41_sequence_done is being called _after_ the
nfs_client (and hence the session) has been destroyed. That sounds like
the real bug that needs to be fixed.
Cheers
Trond