Exception: lr : rcu_do_batch+0x2dc at virtual address ffff0000312ebe00

from: https://lore.kernel.org/all/2aaa078a-100c-4974-be5b-b58a7f3a6dbb@kzalloc.com/

 

콜 스택은 다음과 같습니다:

[  194.911744] Call trace:
[  194.911747]  0xffff0000312ebe00 (P)
[  194.911759]  rcu_core+0x2a0/0x4e8
[  194.911767]  rcu_core_si+0x1c/0x30
[  194.911773]  handle_softirqs+0x1b4/0x588
[  194.911782]  run_ksoftirqd+0x5c/0xf8
[  194.911787]  smpboot_thread_fn+0x27c/0x490
[  194.911794]  kthread+0x2ac/0x318
[  194.911802]  ret_from_fork+0x10/0x20

rcu_core+0x2a0 주소를 보니, 아래와 같은 심벌을 확인할 수 있습니다.

 

x27 레지스터에 저장된 주소인 0xffff0000312ebe00 로 브랜치를 하는 코드를 실행하다가 익셉션이 유발됐군요.

조금 더 구체적으로 확인하면,

rhp->func에 0xffff0000312ebe00 주소가 저장되어 있어서 익셉션이 유발됐습니다.

https://elixir.bootlin.com/linux/v6.15-rc4/source/kernel/rcu/tree.c
static void rcu_do_batch(struct rcu_data *rdp)
{
long bl;
long count = 0;
[...]
for (; rhp; rhp = rcu_cblist_dequeue(&rcl)) {
rcu_callback_t f;

count++;
debug_rcu_head_unqueue(rhp);

rcu_lock_acquire(&rcu_callback_map);
trace_rcu_invoke_callback(rcu_state.name, rhp);

f = rhp->func;
debug_rcu_head_callback(rhp);
WRITE_ONCE(rhp->func, (rcu_callback_t)0L);
f(rhp); //<<--