Distribution: Whitebox linux 3.0 Hardware Environment: IBM xseries 330, dual cpu Pentium III, 2 GB memory, qla2300 FC-HBA. Software Environment: Mainly a NFS-server. All software is up2date standard installation from the Whitebox-distribution, except the addition of XFS bits and 2.6.7-rc3 kernel. I was running with nfs-utils-1.0.6-21EL when the oops happened. Afterwards I upgraded to kernel 2.6.7, and nfs-utils-1.0.6-7.EL and mounted /proc/fs/nfsd and /var/lib/nfs/rpc_pipefs. Problem Description: I got this in my kernel log while downloading 3 600MB iso-images on a NFS-client: nfsd: page allocation failure. order:4, mode:0x50 [<c0139b91>] __alloc_pages+0x2f1/0x350 [<c0139c0f>] __get_free_pages+0x1f/0x40 [<c013d08e>] kmem_getpages+0x1e/0xd0 [<c013dc91>] cache_grow+0x91/0x1f0 [<c013deb5>] cache_alloc_refill+0xc5/0x220 [<c013e4f1>] __kmalloc+0x71/0x90 [<c02292bc>] xfs_iext_realloc+0x13c/0x240 [<c01fed1a>] xfs_bmap_insert_exlist+0x2a/0xc0 [<c01fb91c>] xfs_bmap_add_extent_hole_delay+0x31c/0x510 [<c0135ec9>] find_lock_page+0x29/0xa0 [<c01f91d7>] xfs_bmap_add_extent+0x3d7/0x490 [<c0201866>] xfs_bmapi+0x1136/0x15f0 [<c023fbc9>] xfs_trans_log_buf+0x69/0xa0 [<c02009f7>] xfs_bmapi+0x2c7/0x15f0 [<c01066c4>] common_interrupt+0x18/0x20 [<c020381d>] xfs_bmap_eof+0x7d/0xb0 [<c022c6e6>] xfs_iomap_write_delay+0x4c6/0x680 [<c023f0f0>] xfs_trans_unlocked_item+0x30/0x50 [<c022b68e>] xfs_imap_to_bmap+0x2e/0x290 [<c022bbea>] xfs_iomap+0x2fa/0x4b0 [<c024c02f>] linvfs_get_block_core+0x8f/0x2e0 [<c02252c7>] xfs_ilock+0x57/0x100 [<c024c2b3>] linvfs_get_block+0x33/0x40 [<c0156304>] __block_prepare_write+0x1f4/0x410 [<c0139b9e>] __alloc_pages+0x2fe/0x350 [<c0135a4e>] add_to_page_cache+0x4e/0xc0 [<c0156c88>] block_prepare_write+0x28/0x50 [<c024c280>] linvfs_get_block+0x0/0x40 [<c01377a4>] generic_file_aio_write_nolock+0x354/0x970 [<c024c280>] linvfs_get_block+0x0/0x40 [<c022ab2c>] xfs_ichgtime+0xfc/0xfe [<c0252f6a>] xfs_write+0x26a/0x7a0 [<c035dbe7>] sock_alloc_send_pskb+0xc7/0x1e0 [<c02a2e9b>] as_add_request+0x16b/0x1c0 [<c024f091>] linvfs_writev+0xc1/0x140 [<c036f320>] pfifo_fast_enqueue+0x0/0x80 [<c036321f>] dev_queue_xmit+0x20f/0x280 [<c037fcd0>] ip_finish_output2+0x0/0x18a [<c037fd71>] ip_finish_output2+0xa1/0x18a [<c024efd0>] linvfs_writev+0x0/0x140 [<c01534ed>] do_readv_writev+0x14d/0x230 [<c0152fe0>] do_sync_write+0x0/0xb0 [<c024f31a>] linvfs_open+0x6a/0x70 [<c0153db9>] open_private_file+0x89/0x90 [<c01536a1>] vfs_writev+0x61/0x70 [<c01cb4e5>] nfsd_write+0xf5/0x320 [<c0117ab0>] recalc_task_prio+0x80/0x160 [<c01d2388>] nfsd3_proc_write+0xb8/0x120 [<c01d3ed0>] nfs3svc_decode_writeargs+0x0/0x160 [<c01c77de>] nfsd_dispatch+0xbe/0x19c [<c03c9e02>] svc_process+0x4d2/0x5f9 [<c0119de0>] default_wake_function+0x0/0x10 [<c01c7590>] nfsd+0x1b0/0x340 [<c01c73e0>] nfsd+0x0/0x340 [<c0103fad>] kernel_thread_helper+0x5/0x18 Unable to handle kernel paging request at virtual address 00008000 printing eip: c02089ff *pde = 00000000 Oops: 0002 [#1] SMP Modules linked in: ipv6 lp ipt_REJECT ipt_state ip_conntrack iptable_filter ip_tables ohci_hcd CPU: 0 EIP: 0060:[<c02089ff>] Not tainted EFLAGS: 00010206 (2.6.7-rc3-ql) EIP is at xfs_bmbt_set_all+0x2f/0x60 eax: 00008000 ebx: 00000000 ecx: 006d2dff edx: f74da850 esi: 000001ff edi: 00000000 ebp: 00000001 esp: f74da610 ds: 007b es: 007b ss: 0068 Process nfsd (pid: 2780, threadinfo=f74da000 task=c22b9750) Stack: f74da86c 00000001 00008000 c01fed8c 00000000 00000001 00000800 00000800 00000000 00000010 00000800 c01fb91c f74da850 00000000 f7017690 01828298 f7017694 c0135ec9 00000000 c4948bc0 00000050 00000000 00000000 00000000 Call Trace: [<c01fed8c>] xfs_bmap_insert_exlist+0x9c/0xc0 [<c01fb91c>] xfs_bmap_add_extent_hole_delay+0x31c/0x510 [<c0135ec9>] find_lock_page+0x29/0xa0 [<c01f91d7>] xfs_bmap_add_extent+0x3d7/0x490 [<c0201866>] xfs_bmapi+0x1136/0x15f0 [<c023fbc9>] xfs_trans_log_buf+0x69/0xa0 [<c02009f7>] xfs_bmapi+0x2c7/0x15f0 [<c01066c4>] common_interrupt+0x18/0x20 [<c020381d>] xfs_bmap_eof+0x7d/0xb0 [<c022c6e6>] xfs_iomap_write_delay+0x4c6/0x680 [<c023f0f0>] xfs_trans_unlocked_item+0x30/0x50 [<c022b68e>] xfs_imap_to_bmap+0x2e/0x290 [<c022bbea>] xfs_iomap+0x2fa/0x4b0 [<c024c02f>] linvfs_get_block_core+0x8f/0x2e0 [<c02252c7>] xfs_ilock+0x57/0x100 [<c024c2b3>] linvfs_get_block+0x33/0x40 [<c0156304>] __block_prepare_write+0x1f4/0x410 [<c0139b9e>] __alloc_pages+0x2fe/0x350 [<c0135a4e>] add_to_page_cache+0x4e/0xc0 [<c0156c88>] block_prepare_write+0x28/0x50 [<c024c280>] linvfs_get_block+0x0/0x40 [<c01377a4>] generic_file_aio_write_nolock+0x354/0x970 [<c024c280>] linvfs_get_block+0x0/0x40 [<c022ab2c>] xfs_ichgtime+0xfc/0xfe [<c0252f6a>] xfs_write+0x26a/0x7a0 [<c035dbe7>] sock_alloc_send_pskb+0xc7/0x1e0 [<c02a2e9b>] as_add_request+0x16b/0x1c0 [<c024f091>] linvfs_writev+0xc1/0x140 [<c036f320>] pfifo_fast_enqueue+0x0/0x80 [<c036321f>] dev_queue_xmit+0x20f/0x280 [<c037fcd0>] ip_finish_output2+0x0/0x18a [<c037fd71>] ip_finish_output2+0xa1/0x18a [<c024efd0>] linvfs_writev+0x0/0x140 [<c01534ed>] do_readv_writev+0x14d/0x230 [<c0152fe0>] do_sync_write+0x0/0xb0 [<c024f31a>] linvfs_open+0x6a/0x70 [<c0153db9>] open_private_file+0x89/0x90 [<c01536a1>] vfs_writev+0x61/0x70 [<c01cb4e5>] nfsd_write+0xf5/0x320 [<c0117ab0>] recalc_task_prio+0x80/0x160 [<c01d2388>] nfsd3_proc_write+0xb8/0x120 [<c01d3ed0>] nfs3svc_decode_writeargs+0x0/0x160 [<c01c77de>] nfsd_dispatch+0xbe/0x19c [<c03c9e02>] svc_process+0x4d2/0x5f9 [<c0119de0>] default_wake_function+0x0/0x10 [<c01c7590>] nfsd+0x1b0/0x340 [<c01c73e0>] nfsd+0x0/0x340 [<c0103fad>] kernel_thread_helper+0x5/0x18 Code: 89 08 09 fb 31 c9 89 58 04 8b 5a 08 8b 72 0c 8b 52 10 0f a4 Steps to reproduce:
Looks more like it might be yet another XFS bug, but I'll let Neil decide whether or not he wants to pass this on to Christoph & co.
Yep. Undoutedly an XFS problem. fs/xfs/xfs_inode.c line 2577. Called to kmem_realloc. Return value isn't checked for NULL (and similar call to kmem_alloc a few lines up).
This issue has been fixed, the changes are in Linus/Andrews queues for merging and I expect they'll show up in the tree for 2.6.8. thanks.
Marking resolved, as per previous note. cheers.