Bug 194838 - virtio: linux kvm kernel stack traces
Summary: virtio: linux kvm kernel stack traces
Status: Closed DUPLICATE of bug 192013
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.0-RELEASE
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-virtualization (Nobody)
Depends on:
Reported: 2014-11-05 16:51 UTC by Ruben Kerkhof
Modified: 2015-05-19 20:32 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ruben Kerkhof 2014-11-05 16:51:41 UTC
I work for a cloud provider and we run various version of FreeBSD under KVM (host is CentOS 6.5). When our customers enable pf, the host logs the following stack trace:

------------[ cut here ]------------
WARNING: at net/core/dev.c:1907 skb_warn_bad_offload+0xc2/0xf0() (Tainted: G        W  ---------------   )
Hardware name: X9DR3-F
802.1Q VLAN Support: caps=(0x114825, 0x0) len=1618 data_len=0 ip_summed=0
Modules linked in: dm_snapshot ebt_log ebt_ip6 ebt_arp ebt_ip ebtable_filter ebtable_nat ebtables ipmi_devintf cpufreq_ondemand acpi_cpufreq freq_table mperf bridge bonding 8021q garp stp llc ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_NOTRACK iptable_raw ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack xt_comment ip6table_filter ip6_tables ipv6 xt_limit ebt_limit vhost_net macvtap macvlan tun kvm_intel kvm microcode acpi_pad sg ses enclosure sb_edac edac_core i2c_i801 lpc_ich mfd_core ioatdma igb dca i2c_algo_bit i2c_core ptp pps_core ext4 jbd2 mbcache sd_mod crc_t10dif megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]
Pid: 32328, comm: vhost-32324 Tainted: G        W  ---------------    2.6.32-431.17.1.el6.x86_64 #1
Call Trace:
 <IRQ>  [<ffffffff81071a97>] ? warn_slowpath_common+0x87/0xc0
 [<ffffffff81071b86>] ? warn_slowpath_fmt+0x46/0x50
 [<ffffffff8145b062>] ? skb_warn_bad_offload+0xc2/0xf0
 [<ffffffff8152a7a5>] ? _read_unlock_bh+0x15/0x20
 [<ffffffff81460151>] ? __skb_gso_segment+0x71/0xc0
 [<ffffffff814601b3>] ? skb_gso_segment+0x13/0x20
 [<ffffffff8146025b>] ? dev_hard_start_xmit+0x9b/0x480
 [<ffffffffa037c810>] ? br_dev_queue_push_xmit+0x0/0xc0 [bridge]
 [<ffffffff8146087d>] ? dev_queue_xmit+0x1bd/0x320
 [<ffffffffa037c898>] ? br_dev_queue_push_xmit+0x88/0xc0 [bridge]
 [<ffffffffa037c928>] ? br_forward_finish+0x58/0x60 [bridge]
 [<ffffffffa037c9da>] ? __br_forward+0xaa/0xd0 [bridge]
 [<ffffffff814896c6>] ? nf_hook_slow+0x76/0x120
 [<ffffffffa037ca5d>] ? br_forward+0x5d/0x70 [bridge]
 [<ffffffffa037da8b>] ? br_handle_frame_finish+0x17b/0x2a0 [bridge]
 [<ffffffffa012c396>] ? igb_poll+0xb66/0x1020 [igb]
 [<ffffffffa037dd5a>] ? br_handle_frame+0x1aa/0x250 [bridge]
 [<ffffffff8145b659>] ? __netif_receive_skb+0x529/0x750
 [<ffffffff8142bcb8>] ? dma_issue_pending_all+0x68/0xa0
 [<ffffffff8145b91a>] ? process_backlog+0x9a/0x100
 [<ffffffff81460bd3>] ? net_rx_action+0x103/0x2f0
 [<ffffffff8107a551>] ? __do_softirq+0xc1/0x1e0
 [<ffffffff8100c30c>] ? call_softirq+0x1c/0x30
 <EOI>  [<ffffffff8100fa75>] ? do_softirq+0x65/0xa0
 [<ffffffff81461058>] ? netif_rx_ni+0x28/0x30
 [<ffffffffa0244759>] ? tun_sendmsg+0x229/0x4ec [tun]
 [<ffffffffa025cd95>] ? handle_tx+0x275/0x5e0 [vhost_net]
 [<ffffffffa025d135>] ? handle_tx_kick+0x15/0x20 [vhost_net]
 [<ffffffffa025a55c>] ? vhost_worker+0xbc/0x140 [vhost_net]
 [<ffffffffa025a4a0>] ? vhost_worker+0x0/0x140 [vhost_net]
 [<ffffffff8109ab56>] ? kthread+0x96/0xa0
 [<ffffffff8100c20a>] ? child_rip+0xa/0x20
 [<ffffffff8109aac0>] ? kthread+0x0/0xa0
 [<ffffffff8100c200>] ? child_rip+0x0/0x20
---[ end trace 2ecb09f2dc7bf7a9 ]---

I found this on -hackers: http://comments.gmane.org/gmane.os.freebsd.devel.hackers/53927 but could not find an existing bug report in Bugzilla.

I can reliably reproduce this on both amd64 and i386. Please let me know when more info is needed.
Comment 1 Brian Rak 2014-12-31 22:13:31 UTC
It seems you missed the end of that mailing list thread.. this is definitely #192013 ... but there's been no real progress on that one.
Comment 2 John Baldwin freebsd_committer freebsd_triage 2015-05-19 20:32:05 UTC

*** This bug has been marked as a duplicate of bug 192013 ***