Package: nbd-server
Version: 2.9.8-1
Severity: important
Tags: patch
Hi,
nbd-server works fine if there is only one export configured in
/etc/nbd-server/config. If there is more than one export, the server
forks to serve the connection, but the child immediately segfaults - see
attached gdb backtrace and strace output. nbd-client just hangs at this
point:
---------------------8<---------------------
dl-client:~# nbd-client dl-server 5053 /dev/nbd0
Negotiation:
---------------------8<---------------------
The attached patch seems to work - I didn't delve to much into the code
though, so take it with a grain of salt. Essentially I copied the
assignment of serve from earlier in the source.
Cheers, Til
Core was generated by `nbd-server'.
Program terminated with signal 11, Segmentation fault.
#0 0x0804ca7d in serveloop (servers=0x8051400) at nbd-server.c:1455
1455 close(serve->socket);
(gdb) bt
#0 0x0804ca7d in serveloop (servers=0x8051400) at nbd-server.c:1455
#1 0x0804cba4 in main (argc=134552808, argv=0x2) at nbd-server.c:1690
Process 2865 attached - interrupt to quit
accept(3, {sa_family=AF_INET, sin_port=htons(4804),
sin_addr=inet_addr("192.168.5.36")}, [16]) = 5
getpeername(5, {sa_family=AF_INET, sin_port=htons(4804),
sin_addr=inet_addr("192.168.5.36")}, [16]) = 0
futex(0xb7e9ad08, FUTEX_WAKE, 2147483647) = 0
time([1195032037]) = 1195032037
open("/etc/localtime", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f31000
read(6, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"..., 4096) = 685
close(6) = 0
munmap(0xb7f31000, 4096) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0) = 6
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
connect(6, {sa_family=AF_FILE, path="/dev/log"}, 16) = 0
send(6, "<30>Nov 14 10:20:37 nbd_server[2"..., 91, MSG_NOSIGNAL) = 91
open(NULL, O_RDONLY|O_LARGEFILE) = -1 EFAULT (Bad address)
time([1195032037]) = 1195032037
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
send(6, "<30>Nov 14 10:20:37 nbd_server[2"..., 89, MSG_NOSIGNAL) = 89
time([1195032037]) = 1195032037
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=685, ...}) = 0
send(6, "<30>Nov 14 10:20:37 nbd_server[2"..., 55, MSG_NOSIGNAL) = 55
clone(Process 2869 attached
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7d4e708) = 2869
[pid 2865] close(5) = 0
[pid 2865] select(5, [3 4], NULL, NULL, {0, 500} <unfinished ...>
[pid 2869] close(0) = 0
[pid 2869] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 2869 detached
<... select resumed> ) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGSEGV}], WNOHANG) = 2869
waitpid(-1, 0xbfe4aeac, WNOHANG) = -1 ECHILD (No child processes)
=== nbd-server.c
==================================================================
--- nbd-server.c (revision 3)
+++ nbd-server.c (local)
@@ -1451,7 +1451,7 @@
/* child */
g_hash_table_destroy(children);
for(i=0;i<servers->len;i++) {
- serve=g_array_index(servers, SERVER*, i);
+ serve=&(g_array_index(servers, SERVER, i));
close(serve->socket);
}
/* FALSE does not free the
