帮助 Linux 内核转储崩溃:无法处理虚拟地址 00000001 处的内核 NULL 指针取消引用
Helping with Linux kernel dump crash: Unable to handle kernel NULL pointer dereference at virtual address 00000001
我是 Linux 驱动程序 Field.Now 的新手,我刚刚完成 Linux 驱动程序的编写,我正在测试该驱动程序功能的准确性。我的驱动程序的目标是通过 PCIe 通信使用具有 CPU ARMv7 的 FPGA 卡,并在此卡中进行加密和解密。当我测试我的内核模块时,我看到了这个内核恐慌。在我的测试用例中,我连续向FPGA卡发送多个数据包以实现encryption/decryption。然而,在做好几个数据包之后,Linux 内核崩溃了。起初,我认为这个内核崩溃错误与分配内核内存和释放此内存(kzalloc 函数和 kfree 函数)有关。可能是为某些指针分配的内存不会立即释放。任何人都可以提出此内核崩溃的原因和解决方案吗?
[ 532.593938] Unable to handle kernel NULL pointer dereference at virtual address 00000001
[ 532.602069] pgd = ecb8c000
[ 532.604780] [00000001] *pgd=2ca83831, *pte=00000000, *ppte=00000000
[532.611066] Internal error: Oops: 17 [#1] SMP ARM
[ 532.615777] Modules linked in: testcrypto(+) huy_crypto xdma ath9k ath9k_common pppoe ppp_async ath9k_hw ath10k_pci ath10k_core ath pppox ppp_generic nf_conntrack_ipv6 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_policy xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables crc_ccitt compat sch_cake
[ 532.686456] act_connmark nf_conntrack sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred cryptodev nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ifb ip6_vti ip_vti xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet ipcomp6 xfrm6_tunnel esp6 ah6 xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet ipcomp esp4 ah4 ip6_tunnel tunnel6 tunnel4 ip_tunnel mpls_iptunnel mpls_router mpls_gso xfrm_user xfrm_ipcomp af_key xfrm_algo algif_skcipher algif_hash af_alg sha512_generic md5 echainiv cbc authenc gpio_button_hotplug [last unloaded: testcrypto]
[ 532.748684] CPU: 0 PID: 5563 Comm: insmod Not tainted 4.14.176 #0
[ 532.754789] Hardware name: Marvell Armada 380/385 (Device Tree)
[ 532.760721] task: ef3bde00 task.stack: ef182000
[ 532.765263] PC is at __kmalloc_track_caller+0x100/0x144
[ 532.770499] LR is at 0x89a5
[ 532.773297] pc : [<c01ee8b4>] lr : [<000089a5>] psr: 20000013
[ 532.779576] sp : ef183d98 ip : a0000013 fp : ffffee4b
[ 532.784811] r10: 00000009 r9 : 00008124 r8 : 00000002
[ 532.790046] r7 : 00000001 r6 : ecfe2a40 r5 : 014000c0 r4 : ef001e40
[ 532.796586] r3 : 00000000 r2 : ef7d6a34 r1 : 2ee8d000 r0 : 000089a6
[ 532.803128] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 532.810278] Control: 10c5387d Table: 2cb8c04a DAC: 00000051
[ 532.816035] Process insmod (pid: 5563, stack limit = 0xef182210)
[ 532.822054] Stack: (0xef183d98 to 0xef184000)
[ 532.826419] 3d80: 00000008 c024eb40
[ 532.834616] 3da0: ecfe24c0 00000124 00000002 c01c73b8 ec94b540 ef0181c0 ec94b540 c024eb40
[ 532.842812] 3dc0: 00000000 00000124 bf6780c8 ec94b540 c07088c8 ec94b540 00000124 bf6780c8
[ 532.851008] 3de0: 00000000 c024fcc8 00000000 c07088c8 ec94b540 c025173c 00000000 edfed95c
[ 532.859204] 3e00: ec94b540 c025207c 00001000 00000000 c07088c8 edfed95c 00000000 00000000
[ 532.867401] 3e20: edfed800 edfeda58 ec94b540 c0252a5c 00000000 00000000 c07e21ec c07e21d8
[ 532.875597] 3e40: 00000008 ef183f40 edfed800 edfeda34 edfeda70 0000002c 014000c0 bf678080
[ 532.883793] 3e60: c0a03c48 c0193a30 bf67808c 00007fff bf678080 c0191330 c0a5dce8 bf6780c8
[ 532.891990] 3e80: c0190a50 bf67808c c0702ce4 bf678170 c082dfd8 c07da244 c07da3a0 c0a03c48
[ 532.900186] 3ea0: c07da250 f1523fff ffe00000 ef0e8600 fffff000 c0a5dcc0 014002c0 00000011
[ 532.908382] 3ec0: 00000000 00000000 00000000 00000000 00000000 00000000 6e72656b 00006c65
[ 532.916578] 3ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 532.924774] 3f00: 00000000 00000000 00000000 00000000 00000000 c9929c40 00000080 00000fe4
[ 532.932970] 3f20: 00000000 00642ff4 f1523fe4 ffffe000 b6f74230 00000051 00000000 c0194110
[ 532.941166] 3f40: f1515bcc f1513000 00010fe4 f1523904 f1523748 f151f760 00004000 00004080
[ 532.949362] 3f60: 00000000 00000000 00000000 000036d0 00000029 0000002a 00000017 00000000
[ 532.957558] 3f80: 00000012 00000000 00000000 00000000 00000003 00000080 c01077a4 ef182000
[ 532.965755] 3fa0: 00000080 c01075a0 00000000 00000000 00632010 00010fe4 b6f74230 00000700
[ 532.973951] 3fc0: 00000000 00000000 00000003 00000080 00010fe4 00000000 00000020 00000000
[ 532.982148] 3fe0: beca6d1c beca6d00 00011d50 b6f2abac 60000010 00632010 00000000 00000000
[ 532.990350] [<c01ee8b4>] (__kmalloc_track_caller) from [<c01c73b8>] (kstrdup+0x30/0x54)
[ 532.998378] [<c01c73b8>] (kstrdup) from [<c024eb40>] (__kernfs_new_node+0x28/0x130)
[ 533.006055] [<c024eb40>] (__kernfs_new_node) from [<c024fcc8>] (kernfs_new_node+0x1c/0x38)
[ 533.014340] [<c024fcc8>] (kernfs_new_node) from [<c025173c>] (__kernfs_create_file+0x18/0xa4)
[ 533.022885] [<c025173c>] (__kernfs_create_file) from [<c025207c>] (sysfs_add_file_mode_ns+0x13c/0x194)
[ 533.032213] [<c025207c>] (sysfs_add_file_mode_ns) from [<c0252a5c>] (internal_create_group+0x194/0x2e8)
[ 533.041630] [<c0252a5c>] (internal_create_group) from [<c0193a30>] (load_module+0x1b74/0x2118)
[ 533.050262] [<c0193a30>] (load_module) from [<c0194110>] (SyS_init_module+0x13c/0x174)
[ 533.058201] [<c0194110>] (SyS_init_module) from [<c01075a0>] (ret_fast_syscall+0x0/0x54)
[ 533.066312] Code: ea00000f e121f00c eaffffd2 e5943014 (e7973003)
[ 533.072445] ---[ end trace bb93ca4b64a48f93 ]---
[ 533.079218] Kernel panic - not syncing: Fatal exception
[ 533.084457] CPU1: stopping
[ 533.087173] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 4.14.176 #0
[ 533.094497] Hardware name: Marvell Armada 380/385 (Device Tree)
[ 533.100436] [<c010ecf8>] (unwind_backtrace) from [<c010a9b0>] (show_stack+0x10/0x14)
[ 533.108202] [<c010a9b0>] (show_stack) from [<c0636974>] (dump_stack+0x94/0xa8)
[ 533.115442] [<c0636974>] (dump_stack) from [<c010db38>] (handle_IPI+0xe4/0x190)
[ 533.122769] [<c010db38>] (handle_IPI) from [<c0101494>] (gic_handle_irq+0x8c/0x90)
[ 533.130357] [<c0101494>] (gic_handle_irq) from [<c010b64c>] (__irq_svc+0x6c/0x90)
[ 533.137855] Exception stack(0xef067f80 to 0xef067fc8)
[ 533.142919] 7f80: 00000001 00000000 00000000 c01145a0 ffffe000 c0a03cb8 c0a03c6c 00000000
[ 533.151115] 7fa0: 00000000 414fc091 00000000 00000000 ef067fc8 ef067fd0 c0107f68 c0107f6c
[ 533.159309] 7fc0: 60000013 ffffffff
[ 533.162807] [<c010b64c>] (__irq_svc) from [<c0107f6c>] (arch_cpu_idle+0x34/0x38)
[ 533.170224] [<c0107f6c>] (arch_cpu_idle) from [<c015f6d4>] (do_idle+0xdc/0x19c)
[ 533.177551] [<c015f6d4>] (do_idle) from [<c015f9f0>] (cpu_startup_entry+0x18/0x1c)
[ 533.185139] [<c015f9f0>] (cpu_startup_entry) from [<0010182c>] (0x10182c)
[ 533.193813] Rebooting in 3 seconds..
(已更新)
而且,内核在处理了几个数据包后就崩溃了。在日志中,我看到一些与 Insmod 功能相关的错误信息。这是我在 Init 函数模块中的代码:(在我的 Init 函数中,我通过使用循环 for 和 module_param 值多次实现 encryption/decryption 与一个数据包请求。)
static int __init test_init(void)
{
for (i = 0; i < req_num; i ++)
{
if (cipher_choice == 3)
{
test_esp_rfc4106(test_choice,endec);
mdelay(1000);
pr_err("--------------------------%d-------------------:
%s - PID:%d\n",__LINE__ , __func__ , current->pid);
pr_err("------------------------Number of req-----------
--------: %d\n",i);
}
}
return 0;
}
您可以从日志中看出,这发生在模块加载时(好吧,在加载期间),因为 insmod 仍然是 运行。它正在“/sys”中创建一个条目。这让您了解崩溃之前可能发生的事情。
由于崩溃发生在 kstrdup/kmalloc 内部并且与您的代码没有直接关系,最可能的原因是模块代码中的双重释放或缓冲区溢出。由于是在加载模块后不久,问题可能出在模块的 init.d 文件中。没有人能够准确地告诉您哪里出了问题,因为您没有 post 任何代码。
我是 Linux 驱动程序 Field.Now 的新手,我刚刚完成 Linux 驱动程序的编写,我正在测试该驱动程序功能的准确性。我的驱动程序的目标是通过 PCIe 通信使用具有 CPU ARMv7 的 FPGA 卡,并在此卡中进行加密和解密。当我测试我的内核模块时,我看到了这个内核恐慌。在我的测试用例中,我连续向FPGA卡发送多个数据包以实现encryption/decryption。然而,在做好几个数据包之后,Linux 内核崩溃了。起初,我认为这个内核崩溃错误与分配内核内存和释放此内存(kzalloc 函数和 kfree 函数)有关。可能是为某些指针分配的内存不会立即释放。任何人都可以提出此内核崩溃的原因和解决方案吗?
[ 532.593938] Unable to handle kernel NULL pointer dereference at virtual address 00000001
[ 532.602069] pgd = ecb8c000
[ 532.604780] [00000001] *pgd=2ca83831, *pte=00000000, *ppte=00000000
[532.611066] Internal error: Oops: 17 [#1] SMP ARM
[ 532.615777] Modules linked in: testcrypto(+) huy_crypto xdma ath9k ath9k_common pppoe ppp_async ath9k_hw ath10k_pci ath10k_core ath pppox ppp_generic nf_conntrack_ipv6 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_policy xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY slhc nf_reject_ipv4 nf_nat_redirect nf_nat_masquerade_ipv4 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables crc_ccitt compat sch_cake
[ 532.686456] act_connmark nf_conntrack sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred cryptodev nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ifb ip6_vti ip_vti xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet ipcomp6 xfrm6_tunnel esp6 ah6 xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet ipcomp esp4 ah4 ip6_tunnel tunnel6 tunnel4 ip_tunnel mpls_iptunnel mpls_router mpls_gso xfrm_user xfrm_ipcomp af_key xfrm_algo algif_skcipher algif_hash af_alg sha512_generic md5 echainiv cbc authenc gpio_button_hotplug [last unloaded: testcrypto]
[ 532.748684] CPU: 0 PID: 5563 Comm: insmod Not tainted 4.14.176 #0
[ 532.754789] Hardware name: Marvell Armada 380/385 (Device Tree)
[ 532.760721] task: ef3bde00 task.stack: ef182000
[ 532.765263] PC is at __kmalloc_track_caller+0x100/0x144
[ 532.770499] LR is at 0x89a5
[ 532.773297] pc : [<c01ee8b4>] lr : [<000089a5>] psr: 20000013
[ 532.779576] sp : ef183d98 ip : a0000013 fp : ffffee4b
[ 532.784811] r10: 00000009 r9 : 00008124 r8 : 00000002
[ 532.790046] r7 : 00000001 r6 : ecfe2a40 r5 : 014000c0 r4 : ef001e40
[ 532.796586] r3 : 00000000 r2 : ef7d6a34 r1 : 2ee8d000 r0 : 000089a6
[ 532.803128] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 532.810278] Control: 10c5387d Table: 2cb8c04a DAC: 00000051
[ 532.816035] Process insmod (pid: 5563, stack limit = 0xef182210)
[ 532.822054] Stack: (0xef183d98 to 0xef184000)
[ 532.826419] 3d80: 00000008 c024eb40
[ 532.834616] 3da0: ecfe24c0 00000124 00000002 c01c73b8 ec94b540 ef0181c0 ec94b540 c024eb40
[ 532.842812] 3dc0: 00000000 00000124 bf6780c8 ec94b540 c07088c8 ec94b540 00000124 bf6780c8
[ 532.851008] 3de0: 00000000 c024fcc8 00000000 c07088c8 ec94b540 c025173c 00000000 edfed95c
[ 532.859204] 3e00: ec94b540 c025207c 00001000 00000000 c07088c8 edfed95c 00000000 00000000
[ 532.867401] 3e20: edfed800 edfeda58 ec94b540 c0252a5c 00000000 00000000 c07e21ec c07e21d8
[ 532.875597] 3e40: 00000008 ef183f40 edfed800 edfeda34 edfeda70 0000002c 014000c0 bf678080
[ 532.883793] 3e60: c0a03c48 c0193a30 bf67808c 00007fff bf678080 c0191330 c0a5dce8 bf6780c8
[ 532.891990] 3e80: c0190a50 bf67808c c0702ce4 bf678170 c082dfd8 c07da244 c07da3a0 c0a03c48
[ 532.900186] 3ea0: c07da250 f1523fff ffe00000 ef0e8600 fffff000 c0a5dcc0 014002c0 00000011
[ 532.908382] 3ec0: 00000000 00000000 00000000 00000000 00000000 00000000 6e72656b 00006c65
[ 532.916578] 3ee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 532.924774] 3f00: 00000000 00000000 00000000 00000000 00000000 c9929c40 00000080 00000fe4
[ 532.932970] 3f20: 00000000 00642ff4 f1523fe4 ffffe000 b6f74230 00000051 00000000 c0194110
[ 532.941166] 3f40: f1515bcc f1513000 00010fe4 f1523904 f1523748 f151f760 00004000 00004080
[ 532.949362] 3f60: 00000000 00000000 00000000 000036d0 00000029 0000002a 00000017 00000000
[ 532.957558] 3f80: 00000012 00000000 00000000 00000000 00000003 00000080 c01077a4 ef182000
[ 532.965755] 3fa0: 00000080 c01075a0 00000000 00000000 00632010 00010fe4 b6f74230 00000700
[ 532.973951] 3fc0: 00000000 00000000 00000003 00000080 00010fe4 00000000 00000020 00000000
[ 532.982148] 3fe0: beca6d1c beca6d00 00011d50 b6f2abac 60000010 00632010 00000000 00000000
[ 532.990350] [<c01ee8b4>] (__kmalloc_track_caller) from [<c01c73b8>] (kstrdup+0x30/0x54)
[ 532.998378] [<c01c73b8>] (kstrdup) from [<c024eb40>] (__kernfs_new_node+0x28/0x130)
[ 533.006055] [<c024eb40>] (__kernfs_new_node) from [<c024fcc8>] (kernfs_new_node+0x1c/0x38)
[ 533.014340] [<c024fcc8>] (kernfs_new_node) from [<c025173c>] (__kernfs_create_file+0x18/0xa4)
[ 533.022885] [<c025173c>] (__kernfs_create_file) from [<c025207c>] (sysfs_add_file_mode_ns+0x13c/0x194)
[ 533.032213] [<c025207c>] (sysfs_add_file_mode_ns) from [<c0252a5c>] (internal_create_group+0x194/0x2e8)
[ 533.041630] [<c0252a5c>] (internal_create_group) from [<c0193a30>] (load_module+0x1b74/0x2118)
[ 533.050262] [<c0193a30>] (load_module) from [<c0194110>] (SyS_init_module+0x13c/0x174)
[ 533.058201] [<c0194110>] (SyS_init_module) from [<c01075a0>] (ret_fast_syscall+0x0/0x54)
[ 533.066312] Code: ea00000f e121f00c eaffffd2 e5943014 (e7973003)
[ 533.072445] ---[ end trace bb93ca4b64a48f93 ]---
[ 533.079218] Kernel panic - not syncing: Fatal exception
[ 533.084457] CPU1: stopping
[ 533.087173] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 4.14.176 #0
[ 533.094497] Hardware name: Marvell Armada 380/385 (Device Tree)
[ 533.100436] [<c010ecf8>] (unwind_backtrace) from [<c010a9b0>] (show_stack+0x10/0x14)
[ 533.108202] [<c010a9b0>] (show_stack) from [<c0636974>] (dump_stack+0x94/0xa8)
[ 533.115442] [<c0636974>] (dump_stack) from [<c010db38>] (handle_IPI+0xe4/0x190)
[ 533.122769] [<c010db38>] (handle_IPI) from [<c0101494>] (gic_handle_irq+0x8c/0x90)
[ 533.130357] [<c0101494>] (gic_handle_irq) from [<c010b64c>] (__irq_svc+0x6c/0x90)
[ 533.137855] Exception stack(0xef067f80 to 0xef067fc8)
[ 533.142919] 7f80: 00000001 00000000 00000000 c01145a0 ffffe000 c0a03cb8 c0a03c6c 00000000
[ 533.151115] 7fa0: 00000000 414fc091 00000000 00000000 ef067fc8 ef067fd0 c0107f68 c0107f6c
[ 533.159309] 7fc0: 60000013 ffffffff
[ 533.162807] [<c010b64c>] (__irq_svc) from [<c0107f6c>] (arch_cpu_idle+0x34/0x38)
[ 533.170224] [<c0107f6c>] (arch_cpu_idle) from [<c015f6d4>] (do_idle+0xdc/0x19c)
[ 533.177551] [<c015f6d4>] (do_idle) from [<c015f9f0>] (cpu_startup_entry+0x18/0x1c)
[ 533.185139] [<c015f9f0>] (cpu_startup_entry) from [<0010182c>] (0x10182c)
[ 533.193813] Rebooting in 3 seconds..
(已更新) 而且,内核在处理了几个数据包后就崩溃了。在日志中,我看到一些与 Insmod 功能相关的错误信息。这是我在 Init 函数模块中的代码:(在我的 Init 函数中,我通过使用循环 for 和 module_param 值多次实现 encryption/decryption 与一个数据包请求。)
static int __init test_init(void)
{
for (i = 0; i < req_num; i ++)
{
if (cipher_choice == 3)
{
test_esp_rfc4106(test_choice,endec);
mdelay(1000);
pr_err("--------------------------%d-------------------:
%s - PID:%d\n",__LINE__ , __func__ , current->pid);
pr_err("------------------------Number of req-----------
--------: %d\n",i);
}
}
return 0;
}
您可以从日志中看出,这发生在模块加载时(好吧,在加载期间),因为 insmod 仍然是 运行。它正在“/sys”中创建一个条目。这让您了解崩溃之前可能发生的事情。
由于崩溃发生在 kstrdup/kmalloc 内部并且与您的代码没有直接关系,最可能的原因是模块代码中的双重释放或缓冲区溢出。由于是在加载模块后不久,问题可能出在模块的 init.d 文件中。没有人能够准确地告诉您哪里出了问题,因为您没有 post 任何代码。