I work for a cloud provider and we run various version of FreeBSD under KVM (host is CentOS 6.5). When our customers enable pf, the host logs the following stack trace: ------------[ cut here ]------------ WARNING: at net/core/dev.c:1907 skb_warn_bad_offload+0xc2/0xf0() (Tainted: G W --------------- ) Hardware name: X9DR3-F 802.1Q VLAN Support: caps=(0x114825, 0x0) len=1618 data_len=0 ip_summed=0 Modules linked in: dm_snapshot ebt_log ebt_ip6 ebt_arp ebt_ip ebtable_filter ebtable_nat ebtables ipmi_devintf cpufreq_ondemand acpi_cpufreq freq_table mperf bridge bonding 8021q garp stp llc ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_NOTRACK iptable_raw ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack xt_comment ip6table_filter ip6_tables ipv6 xt_limit ebt_limit vhost_net macvtap macvlan tun kvm_intel kvm microcode acpi_pad sg ses enclosure sb_edac edac_core i2c_i801 lpc_ich mfd_core ioatdma igb dca i2c_algo_bit i2c_core ptp pps_core ext4 jbd2 mbcache sd_mod crc_t10dif megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan] Pid: 32328, comm: vhost-32324 Tainted: G W --------------- 2.6.32-431.17.1.el6.x86_64 #1 Call Trace: <IRQ> [<ffffffff81071a97>] ? warn_slowpath_common+0x87/0xc0 [<ffffffff81071b86>] ? warn_slowpath_fmt+0x46/0x50 [<ffffffff8145b062>] ? skb_warn_bad_offload+0xc2/0xf0 [<ffffffff8152a7a5>] ? _read_unlock_bh+0x15/0x20 [<ffffffff81460151>] ? __skb_gso_segment+0x71/0xc0 [<ffffffff814601b3>] ? skb_gso_segment+0x13/0x20 [<ffffffff8146025b>] ? dev_hard_start_xmit+0x9b/0x480 [<ffffffffa037c810>] ? br_dev_queue_push_xmit+0x0/0xc0 [bridge] [<ffffffff8146087d>] ? dev_queue_xmit+0x1bd/0x320 [<ffffffffa037c898>] ? br_dev_queue_push_xmit+0x88/0xc0 [bridge] [<ffffffffa037c928>] ? br_forward_finish+0x58/0x60 [bridge] [<ffffffffa037c9da>] ? __br_forward+0xaa/0xd0 [bridge] [<ffffffff814896c6>] ? nf_hook_slow+0x76/0x120 [<ffffffffa037ca5d>] ? br_forward+0x5d/0x70 [bridge] [<ffffffffa037da8b>] ? br_handle_frame_finish+0x17b/0x2a0 [bridge] [<ffffffffa012c396>] ? igb_poll+0xb66/0x1020 [igb] [<ffffffffa037dd5a>] ? br_handle_frame+0x1aa/0x250 [bridge] [<ffffffff8145b659>] ? __netif_receive_skb+0x529/0x750 [<ffffffff8142bcb8>] ? dma_issue_pending_all+0x68/0xa0 [<ffffffff8145b91a>] ? process_backlog+0x9a/0x100 [<ffffffff81460bd3>] ? net_rx_action+0x103/0x2f0 [<ffffffff8107a551>] ? __do_softirq+0xc1/0x1e0 [<ffffffff8100c30c>] ? call_softirq+0x1c/0x30 <EOI> [<ffffffff8100fa75>] ? do_softirq+0x65/0xa0 [<ffffffff81461058>] ? netif_rx_ni+0x28/0x30 [<ffffffffa0244759>] ? tun_sendmsg+0x229/0x4ec [tun] [<ffffffffa025cd95>] ? handle_tx+0x275/0x5e0 [vhost_net] [<ffffffffa025d135>] ? handle_tx_kick+0x15/0x20 [vhost_net] [<ffffffffa025a55c>] ? vhost_worker+0xbc/0x140 [vhost_net] [<ffffffffa025a4a0>] ? vhost_worker+0x0/0x140 [vhost_net] [<ffffffff8109ab56>] ? kthread+0x96/0xa0 [<ffffffff8100c20a>] ? child_rip+0xa/0x20 [<ffffffff8109aac0>] ? kthread+0x0/0xa0 [<ffffffff8100c200>] ? child_rip+0x0/0x20 ---[ end trace 2ecb09f2dc7bf7a9 ]--- I found this on -hackers: http://comments.gmane.org/gmane.os.freebsd.devel.hackers/53927 but could not find an existing bug report in Bugzilla. I can reliably reproduce this on both amd64 and i386. Please let me know when more info is needed.
It seems you missed the end of that mailing list thread.. this is definitely #192013 ... but there's been no real progress on that one.
*** This bug has been marked as a duplicate of bug 192013 ***