In message <[EMAIL PROTECTED]>, Klaus Fuerstberger writes: > Hi, > > I have a unionfs root filesystem. Sometimes I want to sync the unionfs > changes in ram back to the CF card. This is done with rsync and ist no > problem. But now I want to free the used ram of the unionfs. Mostly it > works, if I simlpe delete the /ram/changes/*, but sometimes the system > freezes. > Now I thought it would be the cleanest to insert another leftmost > read-write branch at highest priority and delete the old read-write > branch with the used memory. This resulted in the crash below. > Is there any clean method, beside a reboot, to free the used memory of > the union after the rsync? > > ### This ist what I tried and what caused the Oops: > mount -t unionfs -o remount,incgen none / > mount -t ext3 -o remount,rw /dev/hda1 /ram/rootfs > # Synchronize the changes to the CF-Card > rsync -av --exclude=/tmp/ --exclude=/ram/ --exclude=/proc/ > --exclude=/sys/ --exclude=/dev/ --delete / /ram/rootfs/ > # Try to free the used memory in /rootfs/changes in inserting a leftmost > RW branch and deleting the old RW branch > mkdir /ram/changes2 > mount -t unionfs -o remount,add=/ram/changes2=rw none / > ..............Oops............... > > # The initramfs script > ### /usr/share/initramfs-tools/scripts/union > mountroot() > { > RAM=/ram > ROOTFS=$RAM/rootfs > CHANGES=$RAM/changes > > mkdir $RAM > mount -t tmpfs -o size=90% tmpfs $RAM > mkdir $ROOTFS > mkdir $CHANGES > mount -r -t ext3 /dev/hda1 $ROOTFS > mount -t unionfs -o dirs=$CHANGES=rw:$ROOTFS=ro unionfs ${rootmnt} > > # Das overlay zugaenglich machen > mkdir ${rootmnt}$RAM 2>/dev/null > mount -o move $RAM ${rootmnt}$RAM > } > ############################### > > ### /etc/fstab > proc /proc proc defaults > 0 0 > none / unionfs dirs=/ram/changes=rw:/=ro > 0 0 > ############################### > > ### Oops > BUG: unable to handle kernel NULL pointer dereference at virtual address > 00000060 > printing eip: d0827646 *pde = 00000000 > Oops: 0000 [#1] > Modules linked in: ipv6 dm_snapshot dm_mirror dm_mod leds_alix led_class > xt_mac xt_limit ips > > Pid: 1816, comm: mount Not tainted (2.6.24.2-alix #3) > EIP: 0060:[<d0827646>] EFLAGS: 00010206 CPU: 0 > EIP is at unionfs_remount_fs+0x4be/0x748 [unionfs] > EAX: 00000060 EBX: 00000003 ECX: 00000002 EDX: cf6da6c0 > ESI: ce556400 EDI: cf7bf004 EBP: ce6ecce0 ESP: cec55db0 > DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 > Process mount (pid: 1816, ti=cec54000 task=ce5ed030 task.ti=cec54000) > Stack: ce74a6e0 cec55df4 00000002 cec55df4 cec55e10 ce556400 cf4ab620 > ce6ecce0 > 00000002 cf4ab620 cf4ab620 ce74a6e0 ce74a6e0 00000000 ffffffff > 7fffffff > 00000000 00000002 00000000 d0833de8 ce556400 cf7bf000 00000000 > c0153337 > Call Trace: > [<c0153337>] do_remount_sb+0xc2/0xe9 > [<c0163539>] do_mount+0x193/0x5e5 > [<c0129d7c>] update_wall_time+0x540/0x6ae > [<c0114ee0>] update_curr+0x52/0xc8 > [<c01283ef>] hrtimer_run_queues+0x12/0x133 > [<c011e8b0>] run_timer_softirq+0x12/0x141 > [<c012bd73>] tick_handle_periodic+0xf/0x54 > [<c011c038>] tasklet_action+0x32/0x52 > [<c011bfa0>] __do_softirq+0x35/0x75 > [<c0105b9c>] do_IRQ+0x58/0x6b > [<c013dcfd>] __alloc_pages+0x5d/0x2d4 > [<c0104553>] common_interrupt+0x23/0x28 > [<c01625ca>] copy_mount_options+0xa3/0x10d > [<c01639fd>] sys_mount+0x72/0xa9 > [<c0103baa>] syscall_call+0x7/0xb > ======================= > Code: d2 eb 12 8b 4c 24 24 89 d0 c1 e0 04 8b 04 08 83 c0 60 ff 00 42 39 > da 7c ea 31 c9 eb 1 > EIP: [<d0827646>] unionfs_remount_fs+0x4be/0x748 [unionfs] SS:ESP > 0068:cec55db0 > ---[ end trace a38d4d4b3dc9a968 ]--- > WARNING: at kernel/exit.c:917 do_exit() > Pid: 1816, comm: mount Tainted: G D 2.6.24.2-alix #3 > [<c011ab0c>] do_exit+0x48/0x5ed > [<c0118ee9>] printk+0x1b/0x1f > [<c0104d9b>] die+0x1b1/0x1b9 > [<c011408e>] do_page_fault+0x43c/0x51a > [<c0113c52>] do_page_fault+0x0/0x51a > [<c02a0f9a>] error_code+0x6a/0x70 > [<d0827646>] unionfs_remount_fs+0x4be/0x748 [unionfs] > [<c0153337>] do_remount_sb+0xc2/0xe9 > [<c0163539>] do_mount+0x193/0x5e5 > [<c0129d7c>] update_wall_time+0x540/0x6ae > [<c0114ee0>] update_curr+0x52/0xc8 > [<c01283ef>] hrtimer_run_queues+0x12/0x133 > [<c011e8b0>] run_timer_softirq+0x12/0x141 > [<c012bd73>] tick_handle_periodic+0xf/0x54 > [<c011c038>] tasklet_action+0x32/0x52 > [<c011bfa0>] __do_softirq+0x35/0x75 > [<c0105b9c>] do_IRQ+0x58/0x6b > [<c013dcfd>] __alloc_pages+0x5d/0x2d4 > [<c0104553>] common_interrupt+0x23/0x28 > [<c01625ca>] copy_mount_options+0xa3/0x10d > [<c01639fd>] sys_mount+0x72/0xa9 > [<c0103baa>] syscall_call+0x7/0xb > ############################### > > Bye, > Klaus
Klaus, life is ironic. Less than an hour after releasing unionfs-2.3, I've quite by accident discovered this bug, and fixed it. I also believe that this affected other people (e.g., Dave Miller). The oops stack trace I've seen for the bug is identical to yours (with unionfs_remount_fs in the mix). Patch below. And now I'll have to release 2.3.1 rsn... Enjoy, Erez. diff --git a/fs/unionfs/super.c b/fs/unionfs/super.c index e5cb235..4cddc83 100644 --- a/fs/unionfs/super.c +++ b/fs/unionfs/super.c @@ -755,7 +755,7 @@ out_no_change: /* grab new lower super references; release old ones */ for (i = 0; i < new_branches; i++) atomic_inc(&new_data[i].sb->s_active); - for (i = 0; i < new_branches; i++) + for (i = 0; i < sbmax(sb); i++) atomic_dec(&UNIONFS_SB(sb)->data[i].sb->s_active); /* copy new vectors into their correct place */ _______________________________________________ unionfs mailing list: http://unionfs.filesystems.org/ unionfs@mail.fsl.cs.sunysb.edu http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs