Yes, nfsd_users is protected by the nfsd_mutex. But the following log
confuse me, why were they printed in a very short period when crash?
[24225.575708] nfsd: last server has exited, flushing export cache
[24225.580242] NFSD: starting 90-second grace period (net f0000030)
...
[24225.807458] NFSD: starting 90-second grace period (net f0000030)
Why was callback_wq queued that it had already been freed? And a new
callback_wq was created. I’ve added some new vmcore analysis to the link:
https://chenxiaosong.com/en/nfs/en-null-ptr-deref-in-nfsd4_probe_callback.html
在 2025/6/18 19:50, Jeff Layton 写道:
Isn't nfsd_users protected by the nfsd_mutex? It looks like it's held
in all of the places this counter is accessed.
