无法执行init，导致Kernel panic

您好，当我对一个基于Openwrt+Luci的第三方固件进行仿真的时候，提示Starting init: /sbin/init exists but couldn't execute it (error -8)，进而导致Kernel panic。目前在Ubuntu20.04以及16.04环境下进行过测试，均有这个问题。请问，您有什么好的解决方案吗？（推测架构错误，固件中的软件使用aarch64，但qemu的镜像是zImage.armel）

[+] Extracting the firmware...
[+] Image ID: 1
[+] Identifying architecture...
[+] Architecture: armel
[+] Building QEMU disk image...
[+] Setting up the network connection, please standby...
[+] [info] Running firmware 1: terminating after 60 secs...
qemu-system-arm: terminating on signal 2 from pid 12402
[+] [info] Inferring network...
[+] [info] Interfaces: []
[+] [info] Done!
[+] Using qemu-system-arm from /home/a/src/firmware-analysis-plus/qemu-builds/2.5.0
[+] All set! Press ENTER to run the firmware...
[+] When running, press Ctrl + A X to terminate qemu
[+] Command line: /home/a/src/firmware-analysis-plus/firmadyne/scratch/1/run.sh
Starting firmware emulation... use Ctrl-a + x to exit
root
Warning: hub port hub3port0 has no peer
Warning: vlan 3 with no nics
Warning: hub port hub2port0 has no peer
Warning: vlan 2 with no nics
Warning: hub port hub1port0 has no peer
Warning: vlan 1 with no nics
Warning: hub port hub0port0 has no peer
Warning: vlan 0 with no nics
Warning: netdev hub0port0 has no peer
Warning: netdev hub1port0 has no peer
Warning: netdev hub2port0 has no peer
Warning: netdev hub3port0 has no peer
Warning: requested NIC (anonymous, model unspecified) was not created (not supported by this machine?)
Warning: requested NIC (anonymous, model unspecified) was not created (not supported by this machine?)
Warning: requested NIC (anonymous, model unspecified) was not created (not supported by this machine?)
Warning: requested NIC (anonymous, model unspecified) was not created (not supported by this machine?)
[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 4.1.17+ (vagrant@vagrant-ubuntu-trusty-64) (gcc version 5.3.0 (GCC) ) #1 Thu Feb 18 01:05:21 UTC 2016
[    0.000000] CPU: ARMv7 Processor [412fc0f1] revision 1 (ARMv7), cr=10c5387d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache
[    0.000000] Machine model: linux,dummy-virt
[    0.000000] debug: ignoring loglevel setting.
[    0.000000] Memory policy: Data cache writeback
[    0.000000] On node 0 totalpages: 65536
[    0.000000] free_area_init_node: node 0, pgdat c061dfe8, node_mem_map cfdf9000
[    0.000000]   Normal zone: 512 pages used for memmap
[    0.000000]   Normal zone: 0 pages reserved
[    0.000000]   Normal zone: 65536 pages, LIFO batch:15
[    0.000000] psci: probing for conduit method from DT.
[    0.000000] psci: PSCIv0.2 detected in firmware.
[    0.000000] psci: Using standard PSCI v0.2 function IDs
[    0.000000] CPU: All CPU(s) started in SVC mode.
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 65024
[    0.000000] Kernel command line: root=/dev/vda1 console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31 firmadyne.syscall=0
[    0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes)
[    0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[    0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Memory: 253340K/262144K available (4297K kernel code, 170K rwdata, 1584K rodata, 180K init, 148K bss, 8804K reserved, 0K cma-reserved)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xffc00000 - 0xfff00000   (3072 kB)
[    0.000000]     vmalloc : 0xd0800000 - 0xff000000   ( 744 MB)
[    0.000000]     lowmem  : 0xc0000000 - 0xd0000000   ( 256 MB)
[    0.000000]     modules : 0xbf000000 - 0xc0000000   (  16 MB)
[    0.000000]       .text : 0xc0008000 - 0xc05c67bc   (5882 kB)
[    0.000000]       .init : 0xc05c7000 - 0xc05f4000   ( 180 kB)
[    0.000000]       .data : 0xc05f4000 - 0xc061e840   ( 171 kB)
[    0.000000]        .bss : 0xc0621000 - 0xc06462d4   ( 149 kB)
[    0.000000] NR_IRQS:16 nr_irqs:16 16
[    0.000000] Architected cp15 timer(s) running at 62.50MHz (virt).
[    0.000000] clocksource arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x1cd42e208c, max_idle_ns: 881590405314 ns
[    0.000079] sched_clock: 56 bits at 62MHz, resolution 16ns, wraps every 4398046511096ns
[    0.000146] Switching to timer-based delay loop, resolution 16ns
[    0.001777] Console: colour dummy device 80x30
[    0.001953] Calibrating delay loop (skipped), value calculated using timer frequency.. 125.00 BogoMIPS (lpj=625000)
[    0.002031] pid_max: default: 32768 minimum: 301
[    0.002545] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.002567] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.006032] CPU: Testing write buffer coherency: ok
[    0.010538] Setting up static identity map for 0x40008240 - 0x40008298
[    0.018496] VFP support v0.3: implementor 41 architecture 4 part 30 variant f rev 0
[    0.024691] clocksource jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.029238] NET: Registered protocol family 16
[    0.030792] DMA: preallocated 256 KiB pool for atomic coherent allocations
[    0.033324] cpuidle: using governor ladder
[    0.033401] cpuidle: using governor menu
[    0.045482] Serial: AMBA PL011 UART driver
[    0.046689] 9000000.pl011: ttyS0 at MMIO 0x9000000 (irq = 53, base_baud = 0) is a PL011 rev1
[    0.051695] console [ttyS0] enabled
[    0.066092] vgaarb: loaded
[    0.067155] SCSI subsystem initialized
[    0.067927] usbcore: registered new interface driver usbfs
[    0.068151] usbcore: registered new interface driver hub
[    0.068487] usbcore: registered new device driver usb
[    0.074567] cfg80211: Calling CRDA to update world regulatory domain
[    0.076141] Switched to clocksource arch_sys_counter
[    0.087967] NET: Registered protocol family 2
[    0.091790] TCP established hash table entries: 2048 (order: 1, 8192 bytes)
[    0.092108] TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
[    0.092469] TCP: Hash tables configured (established 2048 bind 2048)
[    0.093179] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.093491] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.094626] NET: Registered protocol family 1
[    0.094927] PCI: CLS 0 bytes, default 64
[    0.099312] NetWinder Floating Point Emulator V0.97 (extended precision)
[    0.101077] futex hash table entries: 256 (order: -1, 3072 bytes)
[    0.104850] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.105470] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
[    0.106393] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[    0.114031] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
[    0.114273] io scheduler noop registered
[    0.114547] io scheduler cfq registered (default)
[    0.115480] firmadyne: devfs: 1, execute: 1, procfs: 1, syscall: 0
[    0.117182] ------------[ cut here ]------------
[    0.117469] WARNING: CPU: 0 PID: 1 at /home/vagrant/firmadyne-kernel/kernel-v4.1/fs/sysfs/dir.c:31 sysfs_warn_dup+0x50/0x6c()
[    0.117813] sysfs: cannot create duplicate filename '/class/gpio'
[    0.118010] Modules linked in:
[    0.118669] CPU: 0 PID: 1 Comm: swapper Not tainted 4.1.17+ #1
[    0.118783] Hardware name: Generic DT based system
[    0.119487] [<c001c99c>] (unwind_backtrace) from [<c0019d30>] (show_stack+0x10/0x14)
[    0.119745] [<c0019d30>] (show_stack) from [<c0024ab4>] (warn_slowpath_common+0x80/0xa8)
[    0.119936] [<c0024ab4>] (warn_slowpath_common) from [<c0024b08>] (warn_slowpath_fmt+0x2c/0x3c)
[    0.120182] [<c0024b08>] (warn_slowpath_fmt) from [<c00e363c>] (sysfs_warn_dup+0x50/0x6c)
[    0.120361] [<c00e363c>] (sysfs_warn_dup) from [<c00e3714>] (sysfs_create_dir_ns+0x74/0x84)
[    0.120538] [<c00e3714>] (sysfs_create_dir_ns) from [<c018e6ac>] (kobject_add_internal+0xb8/0x2ac)
[    0.120894] [<c018e6ac>] (kobject_add_internal) from [<c018e9a8>] (kset_register+0x1c/0x44)
[    0.121074] [<c018e9a8>] (kset_register) from [<c02090b4>] (__class_register+0xa8/0x198)
[    0.121555] [<c02090b4>] (__class_register) from [<c02091e4>] (__class_create+0x40/0x70)
[    0.122301] [<c02091e4>] (__class_create) from [<c01adf68>] (register_devfs_stubs+0x314/0xbb4)
[    0.122494] [<c01adf68>] (register_devfs_stubs) from [<c05d9b08>] (init_module+0x28/0xa4)
[    0.122760] [<c05d9b08>] (init_module) from [<c0009670>] (do_one_initcall+0x104/0x1b4)
[    0.123001] [<c0009670>] (do_one_initcall) from [<c05c7d08>] (kernel_init_freeable+0xf0/0x1b0)
[    0.123143] [<c05c7d08>] (kernel_init_freeable) from [<c040f28c>] (kernel_init+0x8/0xe4)
[    0.123364] [<c040f28c>] (kernel_init) from [<c0016da8>] (ret_from_fork+0x14/0x2c)
[    0.123848] ---[ end trace 44250c57ecd70552 ]---
[    0.124097] ------------[ cut here ]------------
[    0.124255] WARNING: CPU: 0 PID: 1 at /home/vagrant/firmadyne-kernel/kernel-v4.1/lib/kobject.c:240 kobject_add_internal+0x240/0x2ac()
[    0.124465] kobject_add_internal failed for gpio with -EEXIST, don't try to register things with the same name in the same directory.
[    0.124749] Modules linked in:
[    0.124926] CPU: 0 PID: 1 Comm: swapper Tainted: G        W       4.1.17+ #1
[    0.125261] Hardware name: Generic DT based system
[    0.125442] [<c001c99c>] (unwind_backtrace) from [<c0019d30>] (show_stack+0x10/0x14)
[    0.125642] [<c0019d30>] (show_stack) from [<c0024ab4>] (warn_slowpath_common+0x80/0xa8)
[    0.125864] [<c0024ab4>] (warn_slowpath_common) from [<c0024b08>] (warn_slowpath_fmt+0x2c/0x3c)
[    0.126689] [<c0024b08>] (warn_slowpath_fmt) from [<c018e834>] (kobject_add_internal+0x240/0x2ac)
[    0.126872] [<c018e834>] (kobject_add_internal) from [<c018e9a8>] (kset_register+0x1c/0x44)
[    0.127120] [<c018e9a8>] (kset_register) from [<c02090b4>] (__class_register+0xa8/0x198)
[    0.127325] [<c02090b4>] (__class_register) from [<c02091e4>] (__class_create+0x40/0x70)
[    0.127552] [<c02091e4>] (__class_create) from [<c01adf68>] (register_devfs_stubs+0x314/0xbb4)
[    0.127838] [<c01adf68>] (register_devfs_stubs) from [<c05d9b08>] (init_module+0x28/0xa4)
[    0.128321] [<c05d9b08>] (init_module) from [<c0009670>] (do_one_initcall+0x104/0x1b4)
[    0.128518] [<c0009670>] (do_one_initcall) from [<c05c7d08>] (kernel_init_freeable+0xf0/0x1b0)
[    0.128771] [<c05c7d08>] (kernel_init_freeable) from [<c040f28c>] (kernel_init+0x8/0xe4)
[    0.129056] [<c040f28c>] (kernel_init) from [<c0016da8>] (ret_from_fork+0x14/0x2c)
[    0.129291] ---[ end trace 44250c57ecd70553 ]---
[    0.129486] firmadyne: Cannot create device class: gpio!
[    0.131655] firmadyne: Cannot register character device: watchdog, 0xa, 0x82!
[    0.131825] firmadyne: Cannot register character device: wdt, 0xfd, 0x0!
[    0.194292] PCI host bridge /pcie@10000000 ranges:
[    0.194723]    IO 0x3eff0000..0x3effffff -> 0x00000000
[    0.194987]   MEM 0x10000000..0x3efeffff -> 0x10000000
[    0.195111]   MEM 0x8000000000..0xffffffffff -> 0x8000000000
[    0.195791] pci-host-generic 3f000000.pcie: resource collision: [mem 0x00000000-0xffffffff] conflicts with /pl011@9000000 [mem 0x09000000-0x09000fff]
[    0.197244] pci-host-generic: probe of 3f000000.pcie failed with error -16
[    0.203390] Non-volatile memory driver v1.3
[    0.217619] brd: module loaded
[    0.223686] loop: module loaded
[    0.231690]  vda: vda1
[    0.237510] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
[    0.237942] Intel/Sharp Extended Query Table at 0x0031
[    0.238693] Using buffer write method
[    0.239024] erase region 0: offset=0x0,size=0x80000,blocks=128
[    0.242383] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
[    0.242561] Intel/Sharp Extended Query Table at 0x0031
[    0.243270] Using buffer write method
[    0.243527] erase region 0: offset=0x0,size=0x80000,blocks=128
[    0.243784] Concatenating MTD devices:
[    0.243898] (0): "0.flash"
[    0.243988] (1): "0.flash"
[    0.244032] into device "0.flash"
[    0.251097] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[    0.251249] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[    0.251398] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[    0.251513] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[    0.251602] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[    0.251730] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[    0.252079] nand: device found, Manufacturer ID: 0x98, Chip ID: 0x39
[    0.252188] nand: Toshiba NAND 128MiB 1,8V 8-bit
[    0.252257] nand: 128 MiB, SLC, erase size: 16 KiB, page size: 512, OOB size: 16
[    0.253076] flash size: 128 MiB
[    0.253181] page size: 512 bytes
[    0.253223] OOB area size: 16 bytes
[    0.253269] sector size: 16 KiB
[    0.253329] pages number: 262144
[    0.253786] pages per sector: 32
[    0.253856] bus width: 8
[    0.254093] bits in sector size: 14
[    0.254209] bits in page size: 9
[    0.254358] bits in OOB size: 4
[    0.254426] flash size with OOB: 135168 KiB
[    0.254474] page address bytes: 4
[    0.254531] sector address bytes: 3
[    0.254602] options: 0x42
[    0.258166] Scanning device for bad blocks
[    0.353704] firmadyne: do_execve: /firmadyne/console
[    0.353872] OFFSETS: offset of pid: 0x190 offset of comm: 0x270
[    0.354190] Creating 11 MTD partitions on "NAND 128MiB 1,8V 8-bit":
[    0.354462] 0x000000000000-0x000000100000 : "NAND simulator partition 0"
[    0.356339] 0x000000100000-0x000000200000 : "NAND simulator partition 1"
[    0.357418] 0x000000200000-0x000000300000 : "NAND simulator partition 2"
[    0.358458] 0x000000300000-0x000000400000 : "NAND simulator partition 3"
[    0.359423] 0x000000400000-0x000000500000 : "NAND simulator partition 4"
[    0.360508] 0x000000500000-0x000000600000 : "NAND simulator partition 5"
[    0.361505] 0x000000600000-0x000000700000 : "NAND simulator partition 6"
[    0.362570] 0x000000700000-0x000000800000 : "NAND simulator partition 7"
[    0.363528] 0x000000800000-0x000000900000 : "NAND simulator partition 8"
[    0.364526] 0x000000900000-0x000000a00000 : "NAND simulator partition 9"
[    0.365509] 0x000000a00000-0x000008000000 : "NAND simulator partition 10"
[    0.370296] tun: Universal TUN/TAP device driver, 1.6
[    0.370423] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[    0.370765] PPP generic driver version 2.4.2
[    0.371261] PPP BSD Compression module registered
[    0.371462] PPP Deflate Compression module registered
[    0.371652] PPP MPPE Compression module registered
[    0.371801] NET: Registered protocol family 24
[    0.372138] PPTP driver version 0.8.5
[    0.373318] usbcore: registered new interface driver usb-storage
[    0.377128] rtc-pl031 9010000.pl031: rtc core: registered pl031 as rtc0
[    0.377664] hidraw: raw HID events driver (C) Jiri Kosina
[    0.378101] usbcore: registered new interface driver usbhid
[    0.378298] usbhid: USB HID core driver
[    0.378738] Netfilter messages via NETLINK v0.30.
[    0.379176] nf_conntrack version 0.5.0 (3958 buckets, 15832 max)
[    0.380178] ctnetlink v0.93: registering with nfnetlink.
[    0.381639] ipip: IPv4 over IPv4 tunneling driver
[    0.383478] gre: GRE over IPv4 demultiplexor driver
[    0.383783] ip_gre: GRE over IPv4 tunneling driver
[    0.387679] ip_tables: (C) 2000-2006 Netfilter Core Team
[    0.388645] arp_tables: (C) 2002 David S. Miller
[    0.389288] Initializing XFRM netlink socket
[    0.389656] NET: Registered protocol family 10
[    0.393327] ip6_tables: (C) 2000-2006 Netfilter Core Team
[    0.394429] sit: IPv6 over IPv4 tunneling driver
[    0.397135] NET: Registered protocol family 17
[    0.397553] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    0.397928] Bridge firewalling registered
[    0.398102] Ebtables v2.0 registered
[    0.399073] 8021q: 802.1Q VLAN Support v1.8
[    0.399654] Registering SWP/SWPB emulation handler
[    0.401947] rtc-pl031 9010000.pl031: setting system clock to 2022-10-11 03:27:28 UTC (1665458848)
[    0.408850] EXT4-fs (vda1): couldn't mount as ext3 due to feature incompatibilities
[    0.411175] EXT4-fs (vda1): mounting ext2 file system using the ext4 subsystem
[    0.420496] EXT4-fs (vda1): warning: mounting unchecked fs, running e2fsck is recommended
[    0.422479] EXT4-fs (vda1): mounted filesystem without journal. Opts: (null)
[    0.423112] VFS: Mounted root (ext2 filesystem) on device 254:1.
[    0.428000] Freeing unused kernel memory: 180K (c05c7000 - c05f4000)
[    0.453004] request_module: runaway loop modprobe binfmt-464c
[    0.462294] Starting init: /sbin/init exists but couldn't execute it (error -8)
[    0.482910] request_module: runaway loop modprobe binfmt-464c
[    0.489695] Starting init: /bin/sh exists but couldn't execute it (error -8)
[    0.489875] Kernel panic - not syncing: No working init found.  Try passing init= option to kernel. See Linux Documentation/init.txt for guidance.
[    0.490119] CPU: 0 PID: 1 Comm: swapper Tainted: G        W       4.1.17+ #1
[    0.490224] Hardware name: Generic DT based system
[    0.490335] [<c001c99c>] (unwind_backtrace) from [<c0019d30>] (show_stack+0x10/0x14)
[    0.490522] [<c0019d30>] (show_stack) from [<c0410b78>] (panic+0x70/0x1c8)
[    0.490672] [<c0410b78>] (panic) from [<c040f33c>] (kernel_init+0xb8/0xe4)
[    0.490829] [<c040f33c>] (kernel_init) from [<c0016da8>] (ret_from_fork+0x14/0x2c)
[    0.491250] ---[ end Kernel panic - not syncing: No working init found.  Try passing init= option to kernel. See Linux Documentation/init.txt for guidance.

执行的命令如下，第二条是ps显示的。

./fap.py -q ./qemu-builds/2.5.0/ /home/a/ER3200G3-MNW210-R0118.img
/home/a/src/firmware-analysis-plus/qemu-builds/2.5.0/qemu-system-arm -m 256 -M virt -kernel /home/a/src/firmware-analysis-plus/firmadyne/binaries//zImage.armel -drive if=none,file=/home/a/src/firmware-analysis-plus/firmadyne/scratch//1//image.raw,format=raw,id=rootfs -device virtio-blk-device,drive=rootfs -append root=/dev/vda1 console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31 firmadyne.syscall=0 -nographic -net nic,vlan=0 -net socket,vlan=0,listen=:2000 -net nic,vlan=1 -net socket,vlan=1,listen=:2001 -net nic,vlan=2 -net socket,vlan=2,listen=:2002 -net nic,vlan=3 -net socket,vlan=3,listen=:2003

liyansong2018 / firmware-analysis-plus

无法执行init，导致Kernel panic #46