VirtualBox 2.1.0 module vboxnetflt created kernel panic

[Kevin Veroneau]

This issue has been reported a few times in different ways, for example after this kernel panic, one loses complete keyboard control on both the host and guest. The mouse still functions, and if the user is in X11, they can still open and use applications until terminating X11. The only way to bring the host back to normal, is to power off and power back on the host. The host does respond to Ctrl-Alt-Delete, however it crashes upon entering runlevel 6.

To reproduce this issue, simply enable Host Networking in the guest and attach it to your primary interface, eth0. Start the guest. As soon as the guest attempts to initialize the interface, the kernel will panic and the guest will continue to boot. The guest can be safely shutdown using the ACPI shutdown from the Close box. However, if the mouse is captured in the guest, you will need to use the mouse in the guest to safely shutdown the guest.

According to other reports, it appears to be affecting almost all Linux-based hosts. If you feel confident and have a journaling file system such as ext3, please try to re-produce this and report if your host is also affected. It would also be advised to enter in your kernel version, and distro. Simple use 'uname -r' in a terminal to obtain the kernel version. This will assist Sun in better pin pointing where the issue may be.

Captured from /var/log/kern.log:
Dec 24 21:38:22 dell kernel: BUG: unable to handle kernel paging request at virtual address ffffff94
Dec 24 21:38:22 dell kernel:  printing eip:
Dec 24 21:38:22 dell kernel: d0ec1669
Dec 24 21:38:22 dell kernel: *pde = 00004067
Dec 24 21:38:22 dell kernel: *pte = 00000000
Dec 24 21:38:22 dell kernel: Oops: 0000 [#1]
Dec 24 21:38:22 dell kernel: SMP 
Dec 24 21:38:22 dell kernel: Modules linked in: r128 drm tun vboxnetflt vboxdrv ipv6 fuse loop serio_raw floppy parport_pc parport rtc psmouse snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd soundcore snd_page_alloc intel_agp agpgart shpchp pci_hotplug i2c_i801 pcspkr i2c_core tsdev evdev ext3 jbd mbcache sha256 aes sd_mod dm_crypt dm_mirror dm_snapshot dm_mod ide_generic usb_storage scsi_mod usbhid ide_cd cdrom ide_disk uhci_hcd 3c59x mii piix generic usbcore ide_core processor
Dec 24 21:38:22 dell kernel: CPU:    0
Dec 24 21:38:22 dell kernel: EIP:    0060:[<d0ec1669>]    Not tainted VLI
Dec 24 21:38:22 dell kernel: EFLAGS: 00010286   (2.6.18-6-686 #1) 
Dec 24 21:38:22 dell kernel: EIP is at vboxNetFltLinuxXmitTask+0x17/0x178 [vboxnetflt]
Dec 24 21:38:22 dell kernel: eax: 00000000   ebx: cfa17f60   ecx: 00000296   edx: 00000200
Dec 24 21:38:22 dell kernel: esi: cfe0e0b8   edi: ffffff5c   ebp: 00000296   esp: cfa17f5c
Dec 24 21:38:22 dell kernel: ds: 007b   es: 007b   ss: 0068
Dec 24 21:38:22 dell kernel: Process events/0 (pid: 4, ti=cfa16000 task=cff66aa0 task.ti=cfa16000)
Dec 24 21:38:22 dell kernel: Stack: cfa17f60 00000000 cfe0e0b4 cfe0e0b8 cfa56240 00000296 c012ab80 d0ec1652 
Dec 24 21:38:22 dell kernel:        00000000 cfa56254 cfa56240 cfa5624c 00000000 c012b46a 00000001 00000000 
Dec 24 21:38:22 dell kernel:        cfa01f3c 00010000 00000000 00000000 cff66aa0 c01176f0 00100100 00200200 
Dec 24 21:38:22 dell kernel: Call Trace:
Dec 24 21:38:22 dell kernel:  [<c012ab80>] run_workqueue+0x78/0xb5
Dec 24 21:38:22 dell kernel:  [<d0ec1652>] vboxNetFltLinuxXmitTask+0x0/0x178 [vboxnetflt]
Dec 24 21:38:22 dell kernel:  [<c012b46a>] worker_thread+0xd9/0x10b
Dec 24 21:38:22 dell kernel:  [<c01176f0>] default_wake_function+0x0/0xc
Dec 24 21:38:22 dell kernel:  [<c012b391>] worker_thread+0x0/0x10b
Dec 24 21:38:22 dell kernel:  [<c012d7e3>] kthread+0xc2/0xef
Dec 24 21:38:22 dell kernel:  [<c012d721>] kthread+0x0/0xef
Dec 24 21:38:22 dell kernel:  [<c0101005>] kernel_thread_helper+0x5/0xb
Dec 24 21:38:22 dell kernel: Code: 36 ef 31 c0 86 45 60 83 c4 0c b8 01 00 00 00 5b 5e 5f 5d c3 55 57 56 53 83 ec 04 89 e3 c7 04 24 00 00 00 00 8d b8 5c ff ff ff 53 <ff> 77 38 e8 15 39 00 00 8a 47 40 84 c0 5e 5d 74 1c ba 01 00 00 
Dec 24 21:38:22 dell kernel: EIP: [<d0ec1669>] vboxNetFltLinuxXmitTask+0x17/0x178 [vboxnetflt] SS:ESP 0068:cfa17f5c
Dec 24 21:39:07 dell kernel:  <6>device eth0 left promiscuous mode

[Kevin Veroneau]

My Kernel is 2.6.18-6-686 Distro is Debian Etch 4.1

[Kevin Veroneau]

The kernel panic happens when the guest attempts to communicate using the HostIF. For example, a DHCP query would cause it to happen during guest boot if the guest is configured for DHCP. Setting the guest to a static IP address will still cause a kernel panic, if an program in the guest attempts to communicate using the HostIF. This occurs on any host interface used, even the TUN device. This makes it difficult for a host and a guest to correct communicate with each other using HostIF.

[Juliano F. Ravasi]

I'm also getting frequent crashes with VirtualBox 2.1.0. I'm not sure if it has anything to do with DHCP, it doesn't seem so. Fedora 8, Linux 2.6.26.6-49.fc8 #1 SMP Fri Oct 17 15:59:36 EDT 2008 i686 i686 i386 GNU/Linux

kernel BUG at net/core/skbuff.c:608!
invalid opcode: 0000 [#1] SMP 
Modules linked in: lirc_serial lirc_dev tun nfsd lockd nfs_acl auth_rpcgss
exportfs vboxnetflt(U) vboxdrv(U) autofs4 lm85 hwmon_vid hwmon fuse sunrpc
bridge nf_conntrack_netbios_ns iptable_nat nf_nat xt_comment ipt_LOG
nf_conntrack_ipv4 iptable_filter iptable_raw xt_length xt_CLASSIFY xt_multiport
iptable_mangle ip_tables ip6table_mangle xt_tcpudp ip6t_LOG xt_limit
nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables x_tables
reiserfs loop dm_multipath ipv6 snd_usb_audio snd_emu10k1_synth snd_seq_dummy
snd_emux_synth firewire_ohci snd_seq_virmidi firewire_core pcspkr
snd_seq_midi_emul parport_pc snd_seq_oss iTCO_wdt parport snd_intel8x0 i2c_i801
snd_emu10k1 snd_seq_midi_event 3c59x floppy crc_itu_t emu10k1_gp mii snd_seq
snd_ac97_codec iTCO_vendor_support r8169 gameport ac97_bus snd_util_mem
snd_pcm_oss snd_mixer_oss snd_pcm nvidia(P)(U) snd_timer snd_page_alloc
snd_usb_lib i2c_core snd_rawmidi snd_seq_device snd_hwdep snd soundcore sg
sr_mod cdrom dm_snapshot dm_zero dm_mirror dm_log dm_mod pata_acpi ata_generic
ata_piix libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd
[last unloaded: lirc_dev]

Pid: 4685, comm: events/1 Tainted: P          (2.6.26.6-49.fc8 #1)
EIP: 0060:[<c05bd976>] EFLAGS: 00010282 CPU: 1
EIP is at skb_copy+0x6c/0x83
EAX: fffffff2 EBX: 00000048 ECX: 00000000 EDX: 00000048
ESI: dbe26600 EDI: e002ad00 EBP: f4488f7c ESP: f4488f6c
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process events/1 (pid: 4685, ti=f4488000 task=dc43cb00 task.ti=f4488000)
Stack: d8b32612 e002ad00 dbe26600 f5f87210 f4488f98 f910565f 00000001 00000000 
       f7846080 f5f872b4 f91055e8 f4488fac c0436224 f7846080 c0436965 f784608c 
       f4488fd0 c0436a19 00000000 dc43cb00 c0438d81 f4488fc0 f4488fc0 f7846080 
Call Trace:
 [<f910565f>] ? vboxNetFltLinuxXmitTask+0x77/0x184 [vboxnetflt]
 [<f91055e8>] ? vboxNetFltLinuxXmitTask+0x0/0x184 [vboxnetflt]
 [<c0436224>] ? run_workqueue+0x77/0xf9
 [<c0436965>] ? worker_thread+0x0/0xbf
 [<c0436a19>] ? worker_thread+0xb4/0xbf
 [<c0438d81>] ? autoremove_wake_function+0x0/0x33
 [<c0438cac>] ? kthread+0x3b/0x63
 [<c0438c71>] ? kthread+0x0/0x63
 [<c04057e3>] ? kernel_thread_helper+0x7/0x10
 =======================
Code: 00 00 89 c3 01 86 9c 00 00 00 89 f0 e8 03 f5 ff ff 8b 8e a4 00 00 00 89
da 03 5f 50 f7 da 89 f8 53 e8 80 ee ff ff 5a 85 c0 74 04 <0f> 0b eb fe 89 fa 89
f0 e8 dc e1 ff ff 8d 65 f4 89 f0 5b 5e 5f 
EIP: [<c05bd976>] skb_copy+0x6c/0x83 SS:ESP 0068:f4488f6c



kernel BUG at net/core/skbuff.c:608!
invalid opcode: 0000 [#1] SMP 
Modules linked in: nfsd lockd nfs_acl auth_rpcgss exportfs vboxnetflt(U)
vboxdrv(U) lirc_serial lirc_dev autofs4 lm85 hwmon_vid hwmon fuse sunrpc bridge
nf_conntrack_netbios_ns iptable_nat nf_nat xt_comment ipt_LOG nf_conntrack_ipv4
iptable_filter iptable_raw xt_length xt_CLASSIFY xt_multiport iptable_mangle
ip_tables ip6table_mangle xt_tcpudp ip6t_LOG xt_limit nf_conntrack_ipv6
xt_state nf_conntrack ip6table_filter ip6_tables x_tables reiserfs loop
dm_multipath ipv6 snd_usb_audio snd_emu10k1_synth snd_emux_synth
snd_seq_virmidi snd_seq_midi_emul 3c59x snd_seq_dummy iTCO_wdt snd_emu10k1
parport_pc snd_intel8x0 parport firewire_ohci emu10k1_gp firewire_core floppy
iTCO_vendor_support snd_ac97_codec gameport i2c_i801 pcspkr mii r8169
snd_util_mem ac97_bus nvidia(P)(U) crc_itu_t snd_seq_oss snd_seq_midi_event
i2c_core snd_seq snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc
snd_usb_lib snd_rawmidi snd_seq_device snd_hwdep snd soundcore sg sr_mod cdrom
dm_snapshot dm_zero dm_mirror dm_log dm_mod pata_acpi ata_generic ata_piix
libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last
unloaded: microcode]

Pid: 10, comm: events/1 Tainted: P          (2.6.26.6-49.fc8 #1)
EIP: 0060:[<c05bd976>] EFLAGS: 00010282 CPU: 1
EIP is at skb_copy+0x6c/0x83
EAX: fffffff2 EBX: 000000b4 ECX: 00000000 EDX: 000000b4
ESI: f4c68600 EDI: f57cc800 EBP: f7866f7c ESP: f7866f6c
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process events/1 (pid: 10, ti=f7866000 task=f7868c80 task.ti=f7866000)
Stack: d1c42412 f57cc800 f4c68600 e698b010 f7866f98 f910565f 00000001 00000000 
       f7846080 e698b0b4 f91055e8 f7866fac c0436224 f7846080 c0436965 f784608c 
       f7866fd0 c0436a19 00000000 f7868c80 c0438d81 f7866fc0 f7866fc0 f7846080 
Call Trace:
 [<f910565f>] ? vboxNetFltLinuxXmitTask+0x77/0x184 [vboxnetflt]
 [<f91055e8>] ? vboxNetFltLinuxXmitTask+0x0/0x184 [vboxnetflt]
 [<c0436224>] ? run_workqueue+0x77/0xf9
 [<c0436965>] ? worker_thread+0x0/0xbf
 [<c0436a19>] ? worker_thread+0xb4/0xbf
 [<c0438d81>] ? autoremove_wake_function+0x0/0x33
 [<c0438cac>] ? kthread+0x3b/0x63
 [<c0438c71>] ? kthread+0x0/0x63
 [<c04057e3>] ? kernel_thread_helper+0x7/0x10
 =======================
Code: 00 00 89 c3 01 86 9c 00 00 00 89 f0 e8 03 f5 ff ff 8b 8e a4 00 00 00 89
da 03 5f 50 f7 da 89 f8 53 e8 80 ee ff ff 5a 85 c0 74 04 <0f> 0b eb fe 89 fa 89
f0 e8 dc e1 ff ff 8d 65 f4 89 f0 5b 5e 5f 
EIP: [<c05bd976>] skb_copy+0x6c/0x83 SS:ESP 0068:f7866f6c

[Aleksey Ilyushin]

Appears to be the same problem as #2827. The fix will be included into the next maintenance release. Since netflt driver always comes with source code those who urgently need the fix may apply the following patch to src/vboxnetflt/linux/VBoxNetFlt-linux.c (the path is relative to your vbox installation directory):

1031c1031
<     INIT_WORK(&pThis->u.s.XmitTask, vboxNetFltLinuxXmitTask, NULL);
---
>     INIT_WORK(&pThis->u.s.XmitTask, vboxNetFltLinuxXmitTask, &pThis->u.s.XmitTask);

Then, kernel modules need to be re-built with

/etc/init.d/vboxdrv setup

[Frank Mehnert]

Duplicate of #2827.