arm64内核crash分析--- Unable to handle kernel paging request at virtual address dead000000000100

单车少年ing

已于 2024-10-24 19:55:49 修改

阅读量1.8k

点赞数 12

于 2024-10-24 18:05:46 首次发布

本文链接：https://blog.csdn.net/weixin_43412488/article/details/143215976

版权

一、正文

下面是在实际工作中遇到的一次内核（5.4.195）访问非法内存地址（空指针）导致出错的现场，在这里记录一下简单的分析流程为以后遇到类似的问题作为参考。

[    T9] 000: Unable to handle kernel paging request at virtual address dead000000000100
[    T9] 000: Mem abort info:
[    T9] 000:   ESR = 0x96000004
[    T9] 000:   EC = 0x25: DABT (current EL), IL = 32 bits
[    T9] 000:   SET = 0, FnV = 0
[    T9] 000:   EA = 0, S1PTW = 0
[    T9] 000: Data abort info:
[    T9] 000:   ISV = 0, ISS = 0x00000004
[    T9] 000:   CM = 0, WnR = 0
[    T9] 000: [dead000000000100] address between user and kernel address ranges
[    T9] 000: Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP
[T241148] 003: free_user_queue_list:260 Potential queue leak, Process Id 241110 
[    T9] 000: Modules linked in: ip6table_filter ip6_tables fuse nf_log_ipv4 nf_log_common xt_LOG xt_ecn xt_comment xt_mark xt_multiport rg_mtdoops(O) rg_thread_det(O) rg_edac(O) pshk(O) proc_monitor(O) lpbk_1000m(O) aer_print(O) aer_attach(O) btrfs xor xor_neon zstd_decompress zstd_compress xxhash lzo_compress raid6_pq i2c_mux_pca954x lpc_cpld_dev(O) rte_kni(O) igb_uio(O) board_mgr(O) phytium_ce(O) yt6801(O)
[    T9] 000: CPU: 0 PID: 9 Comm: ksoftirqd/0 Tainted: G        W  O      5.4.195-rt74+ #1
[    T9] 000: Hardware name: Ps2364 Development Board (DT)
[    T9] 000: pstate: 80000009 (Nzcv daif -PAN -UAO)
[    T9] 000: pc : __wake_up_common+0xd4/0x170
[    T9] 000: lr : __wake_up_common+0x80/0x170
[    T9] 000: sp : ffff800010fcb310
[    T9] 000: x29: ffff800010fcb310 x28: 00000000acbdfd94 
[    T9] 000: x27: 0000000000000000 x26: 0000000000000000 
[    T9] 000: x25: 0000000000000003 x24: 0000000000000001 
[    T9] 000: x23: 0000000000000001 x22: ffff800010fcb3b0 
[    T9] 000: x21: ffff0105b5cee258 x20: 0000000000000001 
[    T9] 000: x19: dead0000000000e8 x18: 0000000000000000 
[    T9] 000: x17: 0000000000000000 x16: 0000000000000000 
[    T9] 000: x15: 0000000000000000 x14: 0005000001804800 
[    T9] 000: x13: 0000000000000001 x12: 0000000000000000 
[    T9] 000: x11: 0000000000000000 x10: 0000000000000068 
[    T9] 000: x9 : ffff0106d6010520 x8 : 0000000040000000 
[    T9] 000: x7 : 0000000000210d00 x6 : ffff8000dc09bdc0 
[    T9] 000: x5 : ffff8000100f4d50 x4 : 0000000000000000 
[    T9] 000: x3 : 0000000000000000 x2 : 0000000000000001 
[    T9] 000: x1 : 0000000000000000 x0 : 0000000000000000 
[    T9] 000: Call trace:
[    T9] 000:  __wake_up_common+0xd4/0x170
[    T9] 000:  __wake_up_common_lock+0x74/0xc0
[    T9] 000:  __wake_up+0x14/0x20
[    T9] 000:  ep_poll_callback+0x9c/0x230
[    T9] 000:  __wake_up_common+0x80/0x170
[    T9] 000:  __wake_up_common_lock+0x74/0xc0
[    T9] 000:  __wake_up+0x14/0x20
[    T9] 000:  __sctp_write_space+0xb0/0xe0
[    T9] 000:  sctp_wfree+0xf0/0x1e0
[    T9] 000:  skb_release_head_state+0x40/0xc0
[    T9] 000:  skb_release_all+0x14/0x30
[    T9] 000:  consume_skb+0x40/0x120
[    T9] 000:  sctp_chunk_put+0x58/0x80
[    T9] 000:  sctp_chunk_free+0x24/0x30
[    T9] 000:  sctp_outq_sack+0x340/0x560
[    T9] 000:  sctp_do_sm+0xe48/0x1530
[    T9] 000:  sctp_assoc_bh_rcv+0xdc/0x220
[    T9] 000:  sctp_inq_push+0x48/0x60
[    T9] 000:  sctp_rcv+0x4d8/0xcb0
[    T9] 000:  ip_protocol_deliver_rcu+0x3c/0x210
[    T9] 000:  ip_local_deliver_finish+0x64/0x80
[    T9] 000:  ip_local_deliver+0xf4/0x100
[    T9] 000:  ip_rcv_finish+0

最低0.47元/天解锁文章