Bug 224231

Summary: [ipfw] kernel panic when using ipfw nat
Product: Base System Reporter: Rin Cat <me>
Component: kernAssignee: freebsd-ipfw (Nobody) <ipfw>
Status: Closed FIXED    
Severity: Affects Only Me CC: ae
Priority: ---    
Version: 11.1-RELEASE   
Hardware: amd64   
OS: Any   

Description Rin Cat 2017-12-10 21:13:53 UTC 
Fatal trap 9: general protection fault while in kernel mode
cpuid = 6: apic id = 06 
instruction pointer = Ox20:8xffffffff80ae9aa3 
stack pointer       = Ox28:8xfffffe085620e370 
frame pointer       = Ox28:0xfffffe085620e3a0 
code segment        = base rx0, limit 0xfffff, type 0x1b 
                    = DPL 0, pres 1, long 1, def32 0. gran 1 
processor eflags    = interrupt enabled, resume, IOPL = 0 
current process     = 952 (syncthing) 
trap number         = 9 
panic: general protection fault 
cpuid = 6 
KDB: stack backtrace: 
#0 0xffffffff80aadac7 at kdb_backtrace+0x67 
#1 0xffffffff80a6bba6 at vpanic+0x186 
#2 0xffffffff80a6ba13 at panic+0x43 
#3 0xffffffff80edf832 at trap_fatal+0x322 
#4 0xffffffff80edee9e at trap+0x5e 
#5 0xffffffff88ec36d1 at calltrap+0x8 
#6 0xffffffff80c80d37 at ip6_fragment+0x2e7 
#7 0xffffffff80c82bce at ip6_output+0x1d5e 
#8 0xffffffff80c532f9 at tcp_output+0x1939 
#9 0xffffffff80c60fab at tcp6_usr_connect+0x2bb 
#10 0xffffffff80af9c7f at kern_connectat+Ox11f 
#11 0xffffffff80af9b37 at sys connect+0x77 
#12 0xffffffff80ee0394 at amd64_sysca11+0x6c4 
#13 0xffffffff8Oec39bb at Xfast_syscall+Oxfb

This happened repeatedly when I do in-kernel nat with ipfw.
When I disabled nat, no more panic.

Memory dump available if needed (over 1GB).
Comment 1 Andrey V. Elsukov freebsd_committer freebsd_triage 2017-12-11 08:38:43 UTC 
This should be fixed after r326142. As workaround use "ip4" opcode for NAT rules.
Comment 2 Andrey V. Elsukov freebsd_committer freebsd_triage 2017-12-13 09:46:11 UTC 
Fixed in head/ and stable/11.