Re: [Unionfs] Oops when inserting rw branch with unionfs on root filesystem

Tue, 25 Mar 2008 14:55:06 -0700 

In message <[EMAIL PROTECTED]>, Klaus Fuerstberger writes:
> Hi,
> 
> I have a unionfs root filesystem. Sometimes I want to sync the unionfs 
> changes in ram back to the CF card. This is done with rsync and ist no 
> problem. But now I want to free the used ram of the unionfs. Mostly it 
> works, if I simlpe delete the /ram/changes/*, but sometimes the system 
> freezes.
> Now I thought it would be the cleanest to insert another leftmost 
> read-write branch at highest priority and delete the old read-write 
> branch with the used memory. This resulted in the crash below.
> Is there any clean method, beside a reboot, to free the used memory of 
> the union after the rsync?
> 
> ### This ist what I tried and what caused the Oops:
> mount -t unionfs -o remount,incgen none /
> mount -t ext3 -o remount,rw /dev/hda1 /ram/rootfs
> # Synchronize the changes to the CF-Card
> rsync -av --exclude=/tmp/ --exclude=/ram/ --exclude=/proc/ 
> --exclude=/sys/ --exclude=/dev/ --delete / /ram/rootfs/
> # Try to free the used memory in /rootfs/changes in inserting a leftmost 
> RW branch and deleting the old RW branch
> mkdir /ram/changes2
> mount -t unionfs -o remount,add=/ram/changes2=rw none /
> ..............Oops...............
> 
> # The initramfs script
> ### /usr/share/initramfs-tools/scripts/union
> mountroot()
> {
> RAM=/ram
> ROOTFS=$RAM/rootfs
> CHANGES=$RAM/changes
> 
> mkdir $RAM
> mount -t tmpfs -o size=90% tmpfs $RAM
> mkdir $ROOTFS
> mkdir $CHANGES
> mount -r -t ext3 /dev/hda1 $ROOTFS
> mount -t unionfs -o dirs=$CHANGES=rw:$ROOTFS=ro unionfs ${rootmnt}
> 
> # Das overlay zugaenglich machen
> mkdir ${rootmnt}$RAM 2>/dev/null
> mount -o move $RAM ${rootmnt}$RAM
> }
> ###############################
> 
> ### /etc/fstab
> proc            /proc           proc    defaults 
>          0  0
> none            /               unionfs dirs=/ram/changes=rw:/=ro 
>      0  0
> ###############################
> 
> ### Oops
> BUG: unable to handle kernel NULL pointer dereference at virtual address 
> 00000060
> printing eip: d0827646 *pde = 00000000
> Oops: 0000 [#1]
> Modules linked in: ipv6 dm_snapshot dm_mirror dm_mod leds_alix led_class 
> xt_mac xt_limit ips
> 
> Pid: 1816, comm: mount Not tainted (2.6.24.2-alix #3)
> EIP: 0060:[<d0827646>] EFLAGS: 00010206 CPU: 0
> EIP is at unionfs_remount_fs+0x4be/0x748 [unionfs]
> EAX: 00000060 EBX: 00000003 ECX: 00000002 EDX: cf6da6c0
> ESI: ce556400 EDI: cf7bf004 EBP: ce6ecce0 ESP: cec55db0
>   DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> Process mount (pid: 1816, ti=cec54000 task=ce5ed030 task.ti=cec54000)
> Stack: ce74a6e0 cec55df4 00000002 cec55df4 cec55e10 ce556400 cf4ab620 
> ce6ecce0
>         00000002 cf4ab620 cf4ab620 ce74a6e0 ce74a6e0 00000000 ffffffff 
> 7fffffff
>         00000000 00000002 00000000 d0833de8 ce556400 cf7bf000 00000000 
> c0153337
> Call Trace:
>   [<c0153337>] do_remount_sb+0xc2/0xe9
>   [<c0163539>] do_mount+0x193/0x5e5
>   [<c0129d7c>] update_wall_time+0x540/0x6ae
>   [<c0114ee0>] update_curr+0x52/0xc8
>   [<c01283ef>] hrtimer_run_queues+0x12/0x133
>   [<c011e8b0>] run_timer_softirq+0x12/0x141
>   [<c012bd73>] tick_handle_periodic+0xf/0x54
>   [<c011c038>] tasklet_action+0x32/0x52
>   [<c011bfa0>] __do_softirq+0x35/0x75
>   [<c0105b9c>] do_IRQ+0x58/0x6b
>   [<c013dcfd>] __alloc_pages+0x5d/0x2d4
>   [<c0104553>] common_interrupt+0x23/0x28
>   [<c01625ca>] copy_mount_options+0xa3/0x10d
>   [<c01639fd>] sys_mount+0x72/0xa9
>   [<c0103baa>] syscall_call+0x7/0xb
>   =======================
> Code: d2 eb 12 8b 4c 24 24 89 d0 c1 e0 04 8b 04 08 83 c0 60 ff 00 42 39 
> da 7c ea 31 c9 eb 1
> EIP: [<d0827646>] unionfs_remount_fs+0x4be/0x748 [unionfs] SS:ESP 
> 0068:cec55db0
> ---[ end trace a38d4d4b3dc9a968 ]---
> WARNING: at kernel/exit.c:917 do_exit()
> Pid: 1816, comm: mount Tainted: G      D 2.6.24.2-alix #3
>   [<c011ab0c>] do_exit+0x48/0x5ed
>   [<c0118ee9>] printk+0x1b/0x1f
>   [<c0104d9b>] die+0x1b1/0x1b9
>   [<c011408e>] do_page_fault+0x43c/0x51a
>   [<c0113c52>] do_page_fault+0x0/0x51a
>   [<c02a0f9a>] error_code+0x6a/0x70
>   [<d0827646>] unionfs_remount_fs+0x4be/0x748 [unionfs]
>   [<c0153337>] do_remount_sb+0xc2/0xe9
>   [<c0163539>] do_mount+0x193/0x5e5
>   [<c0129d7c>] update_wall_time+0x540/0x6ae
>   [<c0114ee0>] update_curr+0x52/0xc8
>   [<c01283ef>] hrtimer_run_queues+0x12/0x133
>   [<c011e8b0>] run_timer_softirq+0x12/0x141
>   [<c012bd73>] tick_handle_periodic+0xf/0x54
>   [<c011c038>] tasklet_action+0x32/0x52
>   [<c011bfa0>] __do_softirq+0x35/0x75
>   [<c0105b9c>] do_IRQ+0x58/0x6b
>   [<c013dcfd>] __alloc_pages+0x5d/0x2d4
>   [<c0104553>] common_interrupt+0x23/0x28
>   [<c01625ca>] copy_mount_options+0xa3/0x10d
>   [<c01639fd>] sys_mount+0x72/0xa9
>   [<c0103baa>] syscall_call+0x7/0xb
> ###############################
> 
> Bye,
> Klaus

Klaus, life is ironic.  Less than an hour after releasing unionfs-2.3, I've
quite by accident discovered this bug, and fixed it.  I also believe that
this affected other people (e.g., Dave Miller).  The oops stack trace I've
seen for the bug is identical to yours (with unionfs_remount_fs in the mix).

Patch below.

And now I'll have to release 2.3.1 rsn...

Enjoy,
Erez.


diff --git a/fs/unionfs/super.c b/fs/unionfs/super.c
index e5cb235..4cddc83 100644
--- a/fs/unionfs/super.c
+++ b/fs/unionfs/super.c
@@ -755,7 +755,7 @@ out_no_change:
        /* grab new lower super references; release old ones */
        for (i = 0; i < new_branches; i++)
                atomic_inc(&new_data[i].sb->s_active);
-       for (i = 0; i < new_branches; i++)
+       for (i = 0; i < sbmax(sb); i++)
                atomic_dec(&UNIONFS_SB(sb)->data[i].sb->s_active);
 
        /* copy new vectors into their correct place */
_______________________________________________
unionfs mailing list: http://unionfs.filesystems.org/
unionfs@mail.fsl.cs.sunysb.edu
http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs

Reply via email to