提问人:zpwei 提问时间:11/16/2023 最后编辑:Peter Cordeszpwei 更新时间:11/16/2023 访问量:47
寄存器突变,是CPU硬件问题还是软件问题
Register mutation, is it a CPU hardware issue or a software issue
问:
我的安卓系统运行猴子,一个很奇怪的bug,寄存器突变,是CPU硬件问题还是软件问题?
控制台日志: -(3)[860:] 无法处理从虚拟地址0000000000000010处的不可读内存中读取内核
崩溃工具回溯
crash> bt
PID: 860 TASK: ffffff802d9b8000 CPU: 3 COMMAND: "android.anim"
#0 [ffffffc01001b9c0] crash_kexec at ffffffc010372e2c
#1 [ffffffc01001ba30] die at ffffffc01024766c
#2 [ffffffc01001ba70] die_kernel_fault at ffffffc01025f0b4
#3 [ffffffc01001baa0] __do_kernel_fault at ffffffc01025f034
#4 [ffffffc01001bad0] do_page_fault$4df5decbea5d08a63349aa36f07426b2 at ffffffc010fd8d2c
#5 [ffffffc01001bb30] do_translation_fault$4df5decbea5d08a63349aa36f07426b2 at ffffffc010fd8c84
#6 [ffffffc01001bb40] do_mem_abort at ffffffc010081638
#7 [ffffffc01001bcb0] el1_ia at ffffffc010083c40
PC: ffffffc01030a3cc [cpuacct_account_field+48]
LR: ffffffc01030a3c0 [cpuacct_account_field+36]
SP: ffffffc01001bcc0 PSTATE: 80400085
X29: ffffffc01001bcc0 X28: 0000000000000001 X27: ffffff80dc5e8c80
X26: ffffffc010ff6590 X25: ffffff80aaf4d940 X24: ffffff802d9b8000
X23: 0000000000000000 X22: 0000000000000000 X21: ffffff802d9b8000
X20: 0000000000000002 X19: 00000000003c0008 X18: ffffffc01001d060
X17: 000000000005bde0 X16: 000000000000a000 X15: ffffffc00bac6000
X14: ffffffc00bac32e0 X13: ffffffc00bac32e0 X12: 0000000000000432
X11: 0000000000000432 X10: 000004c10369e3ba X9: ffffffc011cb0cc0
X8: 0000000000000000 X7: 79726f6d656d2072 X6: ffffff80d8400eaf
X5: 0000000000000003 X4: 0000000000000080 X3: 0000000000000001
X2: 00000000003c0008 X1: 0000000000000002 X0: ffffff802d9b8000
#8 [ffffffc01001bcc0] cpuacct_account_field at ffffffc01030a3c8
#9 [ffffffc01001bcf0] account_system_index_time at ffffffc0102eb260
#10 [ffffffc01001bd40] irqtime_account_process_tick at ffffffc0102eb8d0
#11 [ffffffc01001bda0] account_process_tick at ffffffc0102eb5c4
#12 [ffffffc01001bdc0] update_process_times at ffffffc010346384
#13 [ffffffc01001bdf0] tick_sched_timer$2e93e54c57d54c141bd5e65a4951d56c at ffffffc01035d4c8
#14 [ffffffc01001be20] __run_hrtimer at ffffffc01034a508
#15 [ffffffc01001beb0] hrtimer_interrupt at ffffffc010349070
#16 [ffffffc01001bf20] arch_timer_handler_phys$46ba900623fca114e70958b64dec54b9 at ffffffc010b6eb78
#17 [ffffffc01001bf40] handle_percpu_devid_irq at ffffffc010326828
#18 [ffffffc01001bfa0] __handle_domain_irq at ffffffc01031e594
#19 [ffffffc01001bfe0] gic_handle_irq at ffffffc010081108
--- <IRQ stack> ---
#20 [ffffffc01abdb7e0] el1_irq at ffffffc010083fc0
PC: ffffffc01031b364 [console_unlock+904]
LR: ffffffc01031b360 [console_unlock+900]
SP: ffffffc01abdb7f0 PSTATE: 20400005
X29: ffffffc01abdb820 X28: 000000000000008d X27: 0000000000000000
X26: ffffffc010ffb508 X25: ffffffc011cb2708 X24: ffffffc011cb2618
X23: ffffffc011e54000 X22: 0000000000000000 X21: ffffffc011e54000
X20: ffffffc011e54000 X19: 0000000000000000 X18: ffffffc017fc9080
X17: 000000000005bde0 X16: 00000000000000c0 X15: ffffffc010fc3bd8
X14: 3030303030303030 X13: 0000000000f2e3f2 X12: 0000000000000000
X11: 0000000000000000 X10: 00000000ffffffff X9: 0000000100000001
X8: 0000000100000001 X7: 79726f6d656d2072 X6: ffffff80d8400eaf
X5: 0000000000000003 X4: 0000000000000007 X3: 000000000000008d
X2: 0000000000000000 X1: 0000000000000000 X0: ffffffc011cb2708
#21 [ffffffc01abdb820] console_unlock at ffffffc01031b360
#22 [ffffffc01abdb8b0] vprintk_emit at ffffffc01031af18
#23 [ffffffc01abdb940] vprintk_default at ffffffc01031b714
#24 [ffffffc01abdb9a0] vprintk_func at ffffffc01031e078
#25 [ffffffc01abdba60] printk at ffffffc010319da4
#26 [ffffffc01abdba70] die_kernel_fault at ffffffc01025f090
#27 [ffffffc01abdbaa0] do_page_fault$4df5decbea5d08a63349aa36f07426b2 at ffffffc010fd8eb4
#28 [ffffffc01abdbb00] do_translation_fault$4df5decbea5d08a63349aa36f07426b2 at ffffffc010fd8c84
#29 [ffffffc01abdbb10] do_mem_abort at ffffffc010081638
#30 [ffffffc01abdbc80] el1_ia at ffffffc010083c40
PC: ffffffc01049c0b8 [mem_cgroup_throttle_swaprate+48]
LR: ffffffc01049c0ac [mem_cgroup_throttle_swaprate+36]
SP: ffffffc01abdbc90 PSTATE: 60400005
X29: ffffffc01abdbc90 X28: 0000000000000002 X27: 0000000000000000
X26: ffffff802d9b8000 X25: ffffff80d67c0080 X24: ffffff802d9b8000
X23: 0000000000000000 X22: ffffff80dba61000 X21: ffffffff016a8700
X20: ffffff80c3e519f8 X19: 0000000000000000 X18: ffffffc017fc9038
X17: ffffffc011d73cb0 X16: ffffffc011d73c38 X15: ffffffc011d73bc0
X14: 000000000000003c X13: 0000000000000078 X12: 0000000000000000
X11: 0000000004731803 X10: ffffffc0ca9ac000 X9: ffffff802d9b8000
X8: 0000000000000000 X7: ffffffc011d74070 X6: ffffffc011d73ff8
X5: ffffffc011d73f80 X4: 0000000000000000 X3: ffffffc01abdbcb0
X2: 0000000000000cc0 X1: 0000000000000000 X0: 0000000000000000
#31 [ffffffc01abdbc90] mem_cgroup_throttle_swaprate at ffffffc01049c0b4
#32 [ffffffc01abdbcc0] do_anonymous_page at ffffffc010475c48
#33 [ffffffc01abdbd00] handle_pte_fault at ffffffc010475978
#34 [ffffffc01abdbdc0] handle_mm_fault at ffffffc010472d44
#35 [ffffffc01abdbe10] do_page_fault$4df5decbea5d08a63349aa36f07426b2 at ffffffc010fd8f28
#36 [ffffffc01abdbe70] do_translation_fault$4df5decbea5d08a63349aa36f07426b2 at ffffffc010fd8c84
#37 [ffffffc01abdbe80] do_mem_abort at ffffffc010081638
#38 [ffffffc01abdbff0] el0_da at ffffffc0100847c4
PC: 70145552 LR: 701ff0b3 SP: bdad7cb0 PSTATE: 200a0030
X12: 00000072 X11: 6fe1ffc8 X10: 0000006a X9: ef429200
X8: 00000000 X7: 00000040 X6: 00000008 X5: 13a45fa0
X4: 132fcbb3 X3: 00000062 X2: 00000000 X1: 132fcb80
X0: 13a46000
crash> struct task_struct.cgroups ffffff802d9b8000
cgroups = 0xffffff80978a8a00
crash>
crash>
crash>
crash> struct task_struct.cgroups ffffff802d9b8000
cgroups = 0xffffff80978a8a00
crash>
crash>
crash>
crash> dis mem_cgroup_throttle_swaprate
0xffffffc01049c088 <mem_cgroup_throttle_swaprate>: str x30, [x18],#8
0xffffffc01049c08c <mem_cgroup_throttle_swaprate+4>: stp x29, x30, [sp,#-32]!
0xffffffc01049c090 <mem_cgroup_throttle_swaprate+8>: str x19, [sp,#16]
0xffffffc01049c094 <mem_cgroup_throttle_swaprate+12>: mov x29, sp
0xffffffc01049c098 <mem_cgroup_throttle_swaprate+16>: cbz x0, 0xffffffc01049c160 <mem_cgroup_throttle_swaprate+216>
0xffffffc01049c09c <mem_cgroup_throttle_swaprate+20>: tbz w2, #6, 0xffffffc01049c160 <mem_cgroup_throttle_swaprate+216>
0xffffffc01049c0a0 <mem_cgroup_throttle_swaprate+24>: mov w19, w1
0xffffffc01049c0a4 <mem_cgroup_throttle_swaprate+28>: bl 0xffffffc010337730 <__rcu_read_lock>
0xffffffc01049c0a8 <mem_cgroup_throttle_swaprate+32>: bl 0xffffffc0102d3b74 <kthread_blkcg>
0xffffffc01049c0ac <mem_cgroup_throttle_swaprate+36>: cbnz x0, 0xffffffc01049c0c0 <mem_cgroup_throttle_swaprate+56>
0xffffffc01049c0b0 <mem_cgroup_throttle_swaprate+40>: mrs x8, sp_el0
0xffffffc01049c0b4 <mem_cgroup_throttle_swaprate+44>: ldr x8, [x8,#2368]
0xffffffc01049c0b8 <mem_cgroup_throttle_swaprate+48>: ldr x0, [x8,#24]
0xffffffc01049c0bc <mem_cgroup_throttle_swaprate+52>: cbz x0, 0xffffffc01049c0d4 <mem_cgroup_throttle_swaprate+76>
0xffffffc01049c0c0 <mem_cgroup_throttle_swaprate+56>: ldr x8, [x0]
0xffffffc01049c0c4 <mem_cgroup_throttle_swaprate+60>: ldr w8, [x8,#2448]
0xffffffc01049c0c8 <mem_cgroup_throttle_swaprate+64>: cbnz w8, 0xffffffc01049c0dc <mem_cgroup_throttle_swaprate+84>
0xffffffc01049c0cc <mem_cgroup_throttle_swaprate+68>: ldr x0, [x0,#264]
0xffffffc01049c0d0 <mem_cgroup_throttle_swaprate+72>: cbnz x0, 0xffffffc01049c0c0 <mem_cgroup_throttle_swaprate+56>
0xffffffc01049c0d4 <mem_cgroup_throttle_swaprate+76>: bl 0xffffffc010337744 <__rcu_read_unlock>
0xffffffc01049c0d8 <mem_cgroup_throttle_swaprate+80>: b 0xffffffc01049c160 <mem_cgroup_throttle_swaprate+216>
0xffffffc01049c0dc <mem_cgroup_throttle_swaprate+84>: bl 0xffffffc010337744 <__rcu_read_unlock>
0xffffffc01049c0e0 <mem_cgroup_throttle_swaprate+88>: mrs x8, sp_el0
0xffffffc01049c0e4 <mem_cgroup_throttle_swaprate+92>: ldr x8, [x8,#2720]
0xffffffc01049c0e8 <mem_cgroup_throttle_swaprate+96>: cbnz x8, 0xffffffc01049c160 <mem_cgroup_throttle_swaprate+216>
0xffffffc01049c0ec <mem_cgroup_throttle_swaprate+100>: adrp x0, 0xffffffc011cd6000 <init_mm+384>
0xffffffc01049c0f0 <mem_cgroup_throttle_swaprate+104>: add x0, x0, #0x3b8
0xffffffc01049c0f4 <mem_cgroup_throttle_swaprate+108>: bl 0xffffffc010fd6e08 <_raw_spin_lock>
0xffffffc01049c0f8 <mem_cgroup_throttle_swaprate+112>: adrp x8, 0xffffffc011e5e000 <memblock_reserved_init_regions+3464>
0xffffffc01049c0fc <mem_cgroup_throttle_swaprate+116>: ldr x9, [x8,#520]
0xffffffc01049c100 <mem_cgroup_throttle_swaprate+120>: mov w10, #0xffffffd8 // #-40
0xffffffc01049c104 <mem_cgroup_throttle_swaprate+124>: mov x11, #0xfffffffffffffe78 // #-392
0xffffffc01049c108 <mem_cgroup_throttle_swaprate+128>: sxtw x8, w19
0xffffffc01049c10c <mem_cgroup_throttle_swaprate+132>: add x9, x9, w19, sxtw #4
0xffffffc01049c110 <mem_cgroup_throttle_swaprate+136>: smaddl x10, w19, w10, x11
0xffffffc01049c114 <mem_cgroup_throttle_swaprate+140>: mov w11, #0x28 // #40
0xffffffc01049c118 <mem_cgroup_throttle_swaprate+144>: mov x12, x9
0xffffffc01049c11c <mem_cgroup_throttle_swaprate+148>: ldr x12, [x12]
0xffffffc01049c120 <mem_cgroup_throttle_swaprate+152>: add x12, x12, x10
0xffffffc01049c124 <mem_cgroup_throttle_swaprate+156>: madd x13, x8, x11, x12
0xffffffc01049c128 <mem_cgroup_throttle_swaprate+160>: add x13, x13, #0x188
0xffffffc01049c12c <mem_cgroup_throttle_swaprate+164>: cmp x13, x9
0xffffffc01049c130 <mem_cgroup_throttle_swaprate+168>: b.eq 0xffffffc01049c154 <mem_cgroup_throttle_swaprate+204>
0xffffffc01049c134 <mem_cgroup_throttle_swaprate+172>: ldr x13, [x12,#184]
0xffffffc01049c138 <mem_cgroup_throttle_swaprate+176>: madd x12, x8, x11, x12
0xffffffc01049c13c <mem_cgroup_throttle_swaprate+180>: add x12, x12, #0x188
0xffffffc01049c140 <mem_cgroup_throttle_swaprate+184>: cbz x13, 0xffffffc01049c11c <mem_cgroup_throttle_swaprate+148>
0xffffffc01049c144 <mem_cgroup_throttle_swaprate+188>: ldr x8, [x13,#160]
0xffffffc01049c148 <mem_cgroup_throttle_swaprate+192>: mov w1, #0x1 // #1
0xffffffc01049c14c <mem_cgroup_throttle_swaprate+196>: ldr x0, [x8,#1360]
0xffffffc01049c150 <mem_cgroup_throttle_swaprate+200>: bl 0xffffffc010760124 <blkcg_schedule_throttle>
0xffffffc01049c154 <mem_cgroup_throttle_swaprate+204>: adrp x0, 0xffffffc011cd6000 <init_mm+384>
0xffffffc01049c158 <mem_cgroup_throttle_swaprate+208>: add x0, x0, #0x3b8
0xffffffc01049c15c <mem_cgroup_throttle_swaprate+212>: bl 0xffffffc010fd6ee0 <_raw_spin_unlock>
0xffffffc01049c160 <mem_cgroup_throttle_swaprate+216>: ldr x19, [sp,#16]
0xffffffc01049c164 <mem_cgroup_throttle_swaprate+220>: ldp x29, x30, [sp],#32
0xffffffc01049c168 <mem_cgroup_throttle_swaprate+224>: ldr x30, [x18,#-8]!
0xffffffc01049c16c <mem_cgroup_throttle_swaprate+228>: ret
crash>
crash> struct task_struct.cgroups ffffff802d9b8000
cgroups = 0xffffff80978a8a00
crash>
crash>
我的分析
// sp_el0 is current task TASK: ffffff802d9b800
0xffffffc01049c0b0 <mem_cgroup_throttle_swaprate+40>: mrs x8, sp_el0
// load task_struct.cgroups cgroups = 0xffffff80978a8a00
0xffffffc01049c0b4 <mem_cgroup_throttle_swaprate+44>: ldr x8, [x8,#2368]
// bug is here x8 now is 0
0xffffffc01049c0b8 <mem_cgroup_throttle_swaprate+48>: ldr x0, [x8,#24]
帮帮我,是CPU硬件问题还是软件问题?
答: 暂无答案
评论