Bug 7040 - Oops when removing full snapshot
Oops when removing full snapshot
Product: IO/Storage
Classification: Unclassified
Component: LVM2/DM
i386 Linux
: P2 normal
Assigned To: Alasdair G Kergon
Depends on:
  Show dependency treegraph
Reported: 2006-08-22 04:24 UTC by Damian Pietras
Modified: 2006-12-05 08:32 UTC (History)
1 user (show)

See Also:
Kernel Version:
Tree: Mainline
Regression: ---

dmesg with oops when removing a full snapshot (2.94 KB, text/plain)
2006-08-22 04:26 UTC, Damian Pietras

Description Damian Pietras 2006-08-22 04:24:46 UTC
Most recent kernel where this bug did not occur: (only stable tested)
Distribution: custom/Debian
Hardware Environment: P IV, 3ware SATA controller, 1GB RAM
Software Environment: LVM 
Problem Description: Invoking lvremove /dev/vg/snapshot when snapshot is full
(100% displayed by lvs in Snap% column) causes Oops in most cases. THe snapshot
can be removed after reboot.

Steps to reproduce:

1. Create a volume and a snapshot:

lvcreate -n lv -L 2G vg
lvcreate -s -n snap -L 128M vg

2. Write to the volume more than the snapshot size:

dd if=/dev/zero of=/dev/vg/lv bs=1M count=256

3. Try to remove the snapshot:
lvremove -f /dev/vg/snap

Now you should see segmentation fault and an Oops. The snapshot still exists.
Comment 1 Damian Pietras 2006-08-22 04:26:17 UTC
Created attachment 8848 [details]
dmesg with oops when removing a full snapshot
Comment 2 Damian Pietras 2006-09-12 11:35:44 UTC
I found out that reversing this patch:
fixes the problem: I can remove the snapshot without Oops and everything works fine.
Comment 3 Alasdair G Kergon 2006-09-13 09:12:27 UTC
Possible patch:
(to apply may require earlier snapshot patches listed in the series file)
Comment 4 Damian Pietras 2006-09-14 02:43:39 UTC
I've applied the patch to my (I had to do it by hand in some places)
and it resolves the problem. Thanks.
Comment 5 Alasdair G Kergon 2006-09-14 15:12:18 UTC
Would you try the following patch to see if it's sufficient?


Index: linux-2.6.17/drivers/md/dm-snap.c
--- linux-2.6.17.orig/drivers/md/dm-snap.c	2006-09-14 23:05:18.000000000 +0100
+++ linux-2.6.17/drivers/md/dm-snap.c	2006-09-14 23:15:29.000000000 +0100
@@ -691,6 +691,7 @@ static void pending_complete(struct pend
+		remove_exception(&pe->e);
 		goto out;

Comment 6 Damian Pietras 2006-09-15 03:59:56 UTC
This simple patch also works.
Comment 7 Alasdair G Kergon 2006-09-22 15:09:43 UTC
OK.  The fix is already in the queue for 2.6.19, but let's get that one line
patch queued for -stable.

Note You need to log in before you can comment on or make changes to this bug.