# du vs df - shows different size for root fs



## Peacekeeper2000 (Aug 10, 2014)

Hi, since I upgraded to FreeBSD 10.0p7 I have a bit of a strange behavior : "df" shows increasing usage of the root fs, while "du" shows still the expected used capacity.

When I execute: `du -hxd 1|sort -h` I get the following list:

```
512B	./dev
4,0K	./.snap
4,0K	./media
4,0K	./proc
 12K	./mnt
 12K	./storage
 24K	./srv
248K	./libexec
1,2M	./bin
2,9M	./etc
3,8M	./tmp
5,7M	./rescue
7,1M	./sbin
8,9M	./lib
854M	./boot
2,7G	./var
5,0G	./root
 21G	./usr
 29G	.
```
So I use overall 29GB for my root fs and that is what I expect. Now when I do a quick check with df -h I get a different picture:

```
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ada4p2    112G     41G     63G    39%    /
```
Here it shows 41GB usage ( BTW: 5min ago it was only 40GB). So something is strange ? Has anybody seen similar behavior ?

As my system was today at 107% capacity , I did the recovery by stopping all services and then unmounting the ZFS FS and pool. Shame on me , I have not verified if the situation has improved after each unmount/stop of service.
When I finished all stopping and unmounting, the rootFS was suddenly again down to the start value. While I was happy, I have no clue where the leakage is.  :q


----------



## Peacekeeper2000 (Aug 10, 2014)

Ah, at least I found which service it is: netatalk! After stopping that, df() has shown again the expected 29GB. 

Nevertheless: how can df() detect this , while du() still shows the old value?


----------



## wblock@ (Aug 10, 2014)

Have you seen http://www.freebsd.org/doc/en/books/faq/disks.html#DU-VS-DF?


----------



## Peacekeeper2000 (Aug 11, 2014)

Ahhh - thanks for pointing me to this.  :beer That was helpful and I am sure it is the solution. Then I assume that netatalk is using a file that has no directory entry. hmm, need to further investigate.

I was ripping a lot of CD's with iTunes over net/netatalk to a zRAID that is mounted as AFP Share. So I expected a growth of usage on the RAID, but not on the root-fs disk. The last sizing of the gap has matched the sizing of all ripped CD's at that time. :stud  Maybe - I hope not - net/netatalk stores the file temporary under the root-fs and doesn't release it in a clean way.

Anyhow , I will move  net/netatalk  in a jail and then I hope I am protected so that root-fs is not swammed.

Thanks for your help - appreciate it !


----------

