iptables -t nat -L segmentation fault
The iptables command segfaults when trying to list NAT rules like below:
blackenergy:~# iptables -t nat -L
Segmentation fault
The following kernel dmesg output can be seen when this happens:
[ 433.656021] Unable to handle kernel paging request at virtual address ffffffc9bab83f98
[ 433.656034] Mem abort info:
[ 433.656044] ESR = 0x96000005
[ 433.656056] Exception class = DABT (current EL), IL = 32 bits
[ 433.656066] SET = 0, FnV = 0
[ 433.656076] EA = 0, S1PTW = 0
[ 433.656084] Data abort info:
[ 433.656094] ISV = 0, ISS = 0x00000005
[ 433.656104] CM = 0, WnR = 0
[ 433.656122] swapper pgtable: 4k pages, 39-bit VAs, pgdp = 00000000c3dca3b0
[ 433.656132] [ffffffc9bab83f98] pgd=0000000000000000, pud=0000000000000000
[ 433.656165] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 433.657698] Modules linked in: iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_tables x_tables ipv6 af_packet cdc_acm cp210x ftdi_sio usbserial brcmfmac brcmutil sha256_generic bcm2835_codec(C) v4l2_mem2mem bcm2835_v4l2(C) bcm2835_mmal_vchiq(C) videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 v4l2_common videobuf2_common cfg80211 videodev media vc_sm_cma(C) rfkill vchiq(C) uio_pdrv_genirq uio sdhci_iproc squashfs
[ 433.669495] Process iptables (pid: 1501, stack limit = 0x00000000c9d64d9c)
[ 433.671984] CPU: 1 PID: 1501 Comm: iptables Tainted: G C 4.19.41-0-rpi #1-Alpine
[ 433.676905] Hardware name: Raspberry Pi 3 Model B Plus Rev 1.3 (DT)
[ 433.679414] pstate: 20000005 (nzCv daif -PAN -UAO)
[ 433.681984] pc : alloc_counters.isra.4+0xc8/0x148 [ip_tables]
[ 433.684644] lr : alloc_counters.isra.4+0x68/0x148 [ip_tables]
[ 433.687270] sp : ffffff800b10bc60
[ 433.689900] x29: ffffff800b10bc60 x28: ffffffcab9571d00
[ 433.692612] x27: 0000000000000000 x26: 0000000000000000
[ 433.695325] x25: ffffffab02988804 x24: ffffffab02989130
[ 433.698063] x23: ffffffca9afcc800 x22: ffffffca9afcc840
[ 433.700763] x21: ffffffab029886c8 x20: ffffffaa02852f98
[ 433.703429] x19: ffffff80082c5000 x18: 0000000000000000
[ 433.706010] x17: 0000000000000000 x16: ffffffab025350b8
[ 433.708500] x15: 0000000000000000 x14: 0000000000000000
[ 433.710866] x13: 0000000000000000 x12: 0000000000000000
[ 433.713086] x11: 0000000000000018 x10: 0140000000000000
[ 433.715162] x9 : 0000000000000000 x8 : ffffffca9addb980
[ 433.717127] x7 : 0000000000000000 x6 : ffffff80084c5000
[ 433.718958] x5 : 0000000000000000 x4 : 0000001fb8331000
[ 433.720673] x3 : ffffffca9afcc840 x2 : ffffffc9bab83f98
[ 433.722325] x1 : ffffffbebff98000 x0 : 0000000000000000
[ 433.723916] Call trace:
[ 433.725394] alloc_counters.isra.4+0xc8/0x148 [ip_tables]
[ 433.726923] do_ipt_get_ctl+0x244/0x3f8 [ip_tables]
[ 433.728432] nf_getsockopt+0x5c/0xa0
[ 433.729975] ip_getsockopt+0xe4/0x150
[ 433.731439] raw_getsockopt+0x3c/0x58
[ 433.732908] sock_common_getsockopt+0x1c/0x28
[ 433.734392] __arm64_sys_getsockopt+0x74/0xd8
[ 433.735843] el0_svc_common+0x90/0x118
[ 433.737297] el0_svc_handler+0x2c/0x80
[ 433.738737] el0_svc+0x8/0xc
[ 433.740130] Code: d50339bf b9400046 6b0400df 54000200 (b9400044)
[ 433.741647] ---[ end trace 40ae03fa06c944c9 ]---
This bug results in (among others) the inability to properly start the docker daemon.
I am running the most recent 3.15.0 Alpine Linux image on a Raspberry Pi 3 Model B Plus Rev 1.3. The system's packages are current:
blackenergy:~# cat /etc/alpine-release
3.15.0
blackenergy:~# uname -a
Linux blackenergy 4.19.41-0-rpi #1-Alpine SMP PREEMPT Thu May 9 10:54:28 UTC 2019 aarch64 Linux
blackenergy:~# cat /etc/apk/repositories
/media/mmcblk0p1/apks
http://dl-cdn.alpinelinux.org/alpine/latest-stable/main
http://dl-cdn.alpinelinux.org/alpine/latest-stable/community
blackenergy:~# apk update
fetch http://dl-cdn.alpinelinux.org/alpine/latest-stable/main/aarch64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/latest-stable/community/aarch64/APKINDEX.tar.gz
3.9.4 [/media/mmcblk0p1/apks]
v3.15.0-242-gf2c09d7474 [http://dl-cdn.alpinelinux.org/alpine/latest-stable/main]
v3.15.0-239-g755d336b9e [http://dl-cdn.alpinelinux.org/alpine/latest-stable/community]
OK: 15776 distinct packages available
blackenergy:~# apk upgrade
OK: 303 MiB in 105 packages
blackenergy:~#
The iptables-related packages installed are:
blackenergy:~# apk info iptables xtables-addons
iptables-1.8.7-r1 description:
Linux kernel firewall, NAT and packet mangling tools
iptables-1.8.7-r1 webpage:
https://www.netfilter.org/projects/iptables/index.html
iptables-1.8.7-r1 installed size:
1756 KiB
xtables-addons-3.18-r0 description:
Netfilter userspace extensions for iptables
xtables-addons-3.18-r0 webpage:
https://inai.de/projects/xtables-addons/
xtables-addons-3.18-r0 installed size:
348 KiB
How can I debug this?