[Unionfs] segfault when moving symlinks, and mono

Rubén Rodríguez Pérez ruben at trisquel.uvigo.es
Fri Jul 6 07:28:42 EDT 2007 

Hi. I'm a developer of trisquel GNU/Linux. We are working in a live cd using 
linux 2.6.21.5 and unionfs rc2-u3. Trisquel is based on debian testing and 
uses live-initramfs for the live environment.

I'm getting a segfault when moving a symlink, but only if it already exists in 
the r-o branch. Filesystem access becomes unavailable after the crash. My 
mounts are:
none on /sys type sysfs (rw,nosuid,nodev,noexec)
none on /proc type proc (rw,nosuid,nodev,noexec)
udev on /dev type tmpfs (rw)
/dev/hdc on /live_media type iso9660 (ro)
/dev/loop0 on /trisquel.squashfs type squashfs (ro)
tmpfs on /cow type tmpfs (rw)
unionfs on /root type unionfs (rw,dirs=/cow=rw:/trisquel.squashfs=ro)
tmpfs on /root/cow type tmpfs (rw)

And this is the output:

kernel BUG at fs/unionfs/rename.c:258!
invalid opcode: 0000 [#1]
PREEMPT SMP
Modules linked in: ipv6 binfmt_misc rfcomm l2cap bluetooth joydev button ac 
battery fuse dm_snapshot dm_mirror dm_mod snd_mixer_oss snd cpufreq_ondemand 
ntfs parport_pc parport pcspkr i2c_piix4 i2c_core intel_agp agpgart tsdev 
unionfs squashfs loop ide_cd cdrom ide_disk ata_piix ata_generic libata 
ehci_hcd pcnet32 mptspi mptscsih mptbase piix generic ide_core uhci_hcd 
thermal processor fan
CPU:    1
EIP:    0060:[<e09bdf21>]    Not tainted VLI
EFLAGS: 00010246   (2.6.21.5trisquel #2)
EIP is at unionfs_rename+0xc01/0xe50 [unionfs]
eax: 0000a000   ebx: d3a55c6c   ecx: 00000000   edx: d3a55c6c
esi: dd5f49d8   edi: ffffffff   ebp: 00000001   esp: d3c6be04
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process mv (pid: 5958, ti=d3c6a000 task=ded05070 task.ti=d3c6a000)
Stack: 00000000 d3a55ccc 00000007 00000000 0000001d 00000000 e09bee45 dd4ad2b0
       c0178b50 dd637d34 e09b6c10 dd637d84 dd4ad2b0 c0178b50 dd637d34 e09b6c10
       dd637d84 dd60eeac 00000003 dd637d34 d3a55c6c dd637d34 0000001d 00000001
Call Trace:
 [<e09bee45>] unionfs_lookup_backend+0x2b5/0xa90 [unionfs]
 [<c0178b50>] shmem_permission+0x0/0x10
 [<e09b6c10>] unionfs_permission+0x160/0x370 [unionfs]
 [<c0178b50>] shmem_permission+0x0/0x10
 [<e09b6c10>] unionfs_permission+0x160/0x370 [unionfs]
 [<c0184a62>] vfs_rename+0x3a2/0x3e0
 [<c0184cda>] __lookup_hash+0xaa/0xf0
 [<c01864da>] sys_renameat+0x19a/0x1d0
 [<c016a099>] __handle_mm_fault+0x239/0x940
 [<c011c8e8>] do_page_fault+0x358/0x670
 [<c0186537>] sys_rename+0x27/0x30
 [<c01041e4>] sysenter_past_esp+0x5d/0x89
 =======================
Code: eb fe 83 7c 24 78 ff 0f 85 57 f8 ff ff e9 d8 f8 ff ff c7 04 24 c4 33 9c 
e0 e8 bc 86 76 df c7 44 24 58 fb ff ff ff e9 bf f8 ff ff <0f> 0b eb fe 0f 0b 
eb fe 8d b4 26 00 00 00 00 8b 4f 58 e9 7c f5
EIP: [<e09bdf21>] unionfs_rename+0xc01/0xe50 [unionfs] SS:ESP 0068:d3c6be04



Starting a mono app crashes too:

root at trisquel:~# /usr/bin/beagled
/usr/bin/beagled: line 121:  5945 Fallo de segmento       exec -a 
$PROCESS_NAME $CMDLINE
Beagle Daemon exited with errors.  See ~/.beagle/Log/current-Beagle for more 
details.

BUG: unable to handle kernel NULL pointer dereference at virtual address 
00000000
 printing eip:
00000000
*pde = 0280a067
*pte = 00000000
Oops: 0000 [#1]
PREEMPT SMP
Modules linked in: binfmt_misc ipv6 rfcomm l2cap bluetooth joydev button ac 
battery fuse dm_snapshot dm_mirror dm_mod snd_mixer_oss snd cpufreq_ondemand 
ntfs parport_pc parport i2c_piix4 i2c_core intel_agp pcspkr agpgart tsdev 
unionfs squashfs loop ide_cd cdrom ide_disk ata_piix ata_generic libata 
ehci_hcd pcnet32 piix uhci_hcd mptspi mptscsih mptbase generic ide_core 
thermal processor fan
CPU:    1
EIP:    0060:[<00000000>]    Not tainted VLI
EFLAGS: 00010246   (2.6.21.5trisquel #2)
EIP is at _stext+0x3fefecf0/0x20
eax: c2ded6c0   ebx: 00000000   ecx: 00000000   edx: c104ad80
esi: c104ad80   edi: dc037150   ebp: 00000000   esp: ca1d9e04
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process mono (pid: 6203, ti=ca1d8000 task=da321580 task.ti=ca1d8000)
Stack: c015eedf 000000d0 00000000 c104a1c0 c2ded6c0 dc0370a0 c74e1500 e09c776f
       c2ded6c0 00000000 c2539c50 c104a1c0 00000000 00000000 c104a1c0 00000000
       c2ded6c0 c2539c5c c104a1c0 00000000 c104ad60 00000000 c0163553 000000d0
Call Trace:
 [<c015eedf>] read_cache_page+0x8f/0x150
 [<e09c776f>] unionfs_readpage+0x7f/0x2f0 [unionfs]
 [<c0163553>] __do_page_cache_readahead+0x1c3/0x260
 [<c01868b4>] sys_mkdirat+0x44/0xd0
 [<c015f43e>] filemap_nopage+0x2ee/0x430
 [<c0169fa7>] __handle_mm_fault+0x147/0x940
 [<c011c6c9>] do_page_fault+0x139/0x670
 [<c011c590>] do_page_fault+0x0/0x670
 [<c03e20bc>] error_code+0x7c/0x90
 =======================
Code:  Bad EIP value.
EIP: [<00000000>] _stext+0x3fefecf0/0x20 SS:ESP 0068:ca1d9e04

I can send you more info, or upload a iso to our server if that helps.
Thanks
-- 
Rubén Rodríguez Pérez
--
Proyecto Trisquel
http://trisquel.uvigo.es
Tlf: (+34) 646454276
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.fsl.cs.sunysb.edu/pipermail/unionfs/attachments/20070706/f9918360/attachment.bin

More information about the unionfs mailing list