Segment fault when nfs_opendir.

[Calcor]

I got a segment fault occasionally when call nfs_opendir function.
I'm using the 2.0.0 release version.

This is the gdb output:

(gdb) bt
#0 0x00007ffff7db0b74 in nfs_opendir_cb () from /usr/lib/libnfs.so.11
#1 0x00007ffff7dbb006 in rpc_timeout_scan () from /usr/lib/libnfs.so.11
#2 0x00007ffff7dbb329 in rpc_service () from /usr/lib/libnfs.so.11
#3 0x00007ffff7da7106 in nfs_service () from /usr/lib/libnfs.so.11
#4 0x00007ffff7db5313 in wait_for_nfs_reply () from /usr/lib/libnfs.so.11
#5 0x00007ffff7db6506 in nfs_opendir () from /usr/lib/libnfs.so.11
#6 0x0000000000403478 in nfpi_nfs_scandir (ctx=0x50b010, path=0x408a8a "/test_scan", namelist=0x7fffffffdf48) at mod_nfs.c:251
#7 0x0000000000402958 in nfpi_scandir (ctx=0x50b010, path=0x408a8a "/test_scan", namelist=0x7fffffffdf48) at libnfpi.c:94
#8 0x0000000000402573 in test_scan (url=0x7fffffffe36e "nfs://172.24.137.25/home/share") at test.c:130
#9 0x00000000004025e4 in main (argc=2, argv=0x7fffffffe118) at test.c:140
(gdb) info r
rax 0x0 0
rbx 0x7ffff7ffdc20 140737354128416
rcx 0x5137e0 5322720
rdx 0x0 0
rsi 0x3 3
rdi 0x50e100 5300480
rbp 0x7fffffffdd30 0x7fffffffdd30
rsp 0x7fffffffdc50 0x7fffffffdc50
r8 0x7ffff7db0996 140737351715222
r9 0x40000 262144
r10 0x0 0
r11 0x7ffff7178540 140737338901824
r12 0x0 0
r13 0x7fffffffe110 140737488347408
r14 0x0 0
r15 0x0 0
rip 0x7ffff7db0b74 0x7ffff7db0b74 <nfs_opendir_cb+478>
eflags 0x10202 [ IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb)

[Calcor]

Seams like command_data is NULL and status is RPC_STATUS_TIMEOUT cause a 0 address access at the line "if (res->status != NFS3_OK) {" .

static void nfs_opendir_cb(struct rpc_context *rpc, int status, void *command_data, void *private_data)
{
READDIRPLUS3res *res = command_data;
struct nfs_cb_data *data = private_data;
struct nfs_context *nfs = data->nfs;
struct nfsdir *nfsdir = data->continue_data;
struct entryplus3 *entry;
uint64_t cookie = 0;

assert(rpc->magic == RPC_CONTEXT_MAGIC);

if (status == RPC_STATUS_ERROR ||
    (status == RPC_STATUS_SUCCESS && res->status == NFS3ERR_NOTSUPP)) {
	READDIR3args args;

	args.dir = data->fh;
	args.cookie = cookie;
	memset(&args.cookieverf, 0, sizeof(cookieverf3));
	args.count = 8192;

	if (rpc_nfs3_readdir_async(nfs->rpc, nfs_opendir2_cb, &args, data) != 0) {
		rpc_set_error(nfs->rpc, "RPC error: Failed to send READDIR call for %s", data->path);
		data->cb(-ENOMEM, nfs, rpc_get_error(nfs->rpc), data->private_data);
		nfs_free_nfsdir(nfsdir);
		data->continue_data = NULL;
		free_nfs_cb_data(data);
		return;
	}
	return;
}

if (status == RPC_STATUS_CANCEL) {
	data->cb(-EINTR, nfs, "Command was cancelled", data->private_data);
	nfs_free_nfsdir(nfsdir);
	data->continue_data = NULL;
	free_nfs_cb_data(data);
	return;
}

if (res->status != NFS3_OK) {
	rpc_set_error(nfs->rpc, "NFS: READDIRPLUS of %s failed with %s(%d)", data->saved_path, nfsstat3_to_str(res->status), nfsstat3_to_errno(res->status));
	data->cb(nfsstat3_to_errno(res->status), nfs, rpc_get_error(nfs->rpc), data->private_data);
	nfs_free_nfsdir(nfsdir);
	data->continue_data = NULL;
	free_nfs_cb_data(data);
	return;
}

...

[cosmoer]

The latest code has fixed this issue.

void nfs_opendir_cb(int status, struct nfs_context *nfs, void *data, void *private_data)
{
struct client *client = private_data;
struct nfsdir *nfsdir = data;
struct nfsdirent *nfsdirent;

if (status < 0) {
	printf("opendir failed with \"%s\"\n", (char *)data);
	exit(10);
}

printf("opendir successful\n");
while((nfsdirent = nfs_readdir(nfs, nfsdir)) != NULL) {
	printf("Inode:%d Name:%s\n", (int)nfsdirent->inode, nfsdirent->name);
}
nfs_closedir(nfs, nfsdir);

mount_context = rpc_init_context();
if (mount_getexports_async(mount_context, client->server, mount_export_cb, client) != 0) {
	printf("Failed to start MOUNT/EXPORT\n");
	exit(10);
}

}