Mips内核调试遇到Unhandled kernel unaligned access[#1]:以及BadVA : dead4ead

在内核加了netfilter的一个match功能，分析Http数据包。
通过五元组，tcp seq形成链表将分段的http报文进行重组，在一定时间超时后就删掉报文。
调试过程中遇到如下错误：

[   80.484000] Unhandled kernel unaligned access[#1]:
[   80.484000] Cpu 0
[   80.484000] $ 0   : 00000000 00000001 dead4ead 837c2180
[   80.484000] $ 4   : 00000000 00000000 ffffffff 00003b1a
[   80.484000] $ 8   : 0001ffff 0000000a 0000000a 00000000
[   80.484000] $12   : 00000010 00000008 00000030 00000024
[   80.484000] $16   : 837c2180 837c2200 8003b1f4 c0266f20
[   80.484000] $20   : c0266d30 c0266c2c c0260000 c0260000
[   80.484000] $24   : e13e7700 801d6ab0                  
[   80.484000] $28   : 8043e000 8043fa98 837c4680 c02663e8
[   80.484000] Hi    : 00000000
[   80.484000] Lo    : 06853000
[   80.484000] epc   : c0266458 store_http_get+0xec/0x17c [xt_httpextr]
[   80.484000]     Tainted: P           
[   80.484000] ra    : c02663e8 store_http_get+0x7c/0x17c [xt_httpextr]
[   80.484000] Status: 11008302    KERNEL EXL 
[   80.484000] Cause : 40808014
[   80.484000] BadVA : dead4ead
[   80.484000] PrId  : 00019650 (MIPS 24Kc)
[   80.484000] Modules linked in: hw_nat(P) xt_time xt_state xt_multiport xt_mark xt_mac xt_limit xt_httpextr xt_conntrack xt_comment xt_NOTRACK xt_CT ppp_async nf_nat_irc nf_conntrack_irc iptable_raw iptable_mangle iptable_filter ipt_REJECT ipt_REDIRECT ipt_LOG crc_ccitt ralink_wdt ip6t_REJECT ip6t_LOG ip6t_rt ip6t_hbh ip6t_mh ip6t_ipv6header ip6t_frag ip6t_eui64 ip6t_ah ip6table_raw ip6_queue ip6table_mangle ip6table_filter ip6_tables nf_conntrack_ipv6 ntfs
[   80.484000] Process swapper (pid: 0, threadinfo=8043e000, task=80440820, tls=00000000)
[   80.484000] Stack : 803f76f4 c0266d30 000000d5 8043fab0 837c2180 80450000 837c2180 8003afe4
[   80.484000]         8352e668 8364a888 837c2200 83644740 c0260000 835dd000 8374a280 8045d9b0
[   80.484000]         804e1a90 c02665ac 8045d9b0 800184f0 00003fed b6acca29 000000fd 8364a874
[   80.484000]         00000001 8364a888 8364a89c c0266718 8043fadf 0000000f 00000001 8043fadf
[   80.484000]         8364a888 8364a874 00000001 8364a874 835dd000 83644740 8364a874 8364a888
[   80.484000]         ...
[   80.484000] Call Trace:
[   80.484000] [<c0266458>] store_http_get+0xec/0x17c [xt_httpextr]
[   80.484000] [<c02665ac>] process_http_get_data+0xc4/0x11c [xt_httpextr]
[   80.484000] [<c0266718>] process_http_data+0x10c/0x13c [xt_httpextr]
[   80.484000] [<c02667c8>] decode_http_content+0x80/0x194 [xt_httpextr]
[   80.484000] [<c02668bc>] decode_http_content+0x174/0x194 [xt_httpextr]
[   80.484000] [<8031246c>] ipt_do_table+0x310/0x48c
[   80.484000] [<8029bd20>] nf_iterate+0xd8/0x110
[   80.484000] [<8029be24>] nf_hook_slow+0xcc/0x184
[   80.484000] [<802c651c>] ip_local_deliver+0x5c/0xac
[   80.484000] [<80359b10>] br_handle_frame+0x20c/0x294
[   80.484000] [<8027da9c>] __netif_receive_skb+0x18c/0x4ec
[   80.484000] [<8027dea4>] process_backlog+0xa8/0x180
[   80.484000] [<8027e240>] net_rx_action+0xd4/0x198
[   80.484000] [<80041098>] __do_softirq+0xbc/0x158
[   80.484000] [<8004119c>] do_softirq+0x68/0x70
[   80.484000] [<800192d0>] rt_irq_dispatch+0xf0/0x108
[   80.484000] [<8000c42c>] ret_from_irq+0x0/0x4
[   80.484000] [<8001b15c>] r4k_wait_irqoff+0x20/0x24
[   80.484000] [<8001bb10>] cpu_idle+0x34/0x58
[   80.484000] [<804658b8>] start_kernel+0x348/0x360
[   80.484000] 
[   80.484000] 
[   80.484000] Code: ae110004  ae300000  ae220004 <ac510000> 3c02c026  244261f4  0040f809  02202821  8fbf0044 
[   81.108000] Kernel panic - not syncing: Fatal exception in interrupt
[   81.120000] Rebooting in 3 seconds..wdg reset 

最后发现原因是，之前kzalloc的一个结构体加入链表之后，不小心被kfree掉，再次用到这个结构体的时候就导致了系统crash。
发现一个特点，mips遇到调用被kfree的内存，都会返回指针地址为：dead4ead的指针，不清楚为啥，以后再探明，先记录下~。