死机了,还没打开KDB开关,直接重启了。
进行处理之前先了解一些基础知识:
Mips共有32个通用寄存器,其中$0,$31这两个寄存器有特殊作用,其它寄存器硬件没有做限制,理论上可以随便使用,但为了可读性和兼容性,基本上所有mips处理器都遵循下面的习惯用法,相应于习惯用法对寄存器有一套命名约定,定义在内核<regdef.h>头文件中,经过这个头文件的预处理后,反汇编后的汇编代码中寄存器就不再是$0,$1…$30,$31这些编号,而是头文件中定义的习惯命名,也叫助记符。
1 Cpu 0 2 $ 0 : 0000000000000000 ffffffffc0101d58 0000000046306a40 ffffffffc00f7448 3 $ 4 : a800000268fffd38 ffffffff80000000 0000000000000000 ffffffff80764eb0 4 $ 8 : a8000001021ef6a0 fffffffffffffffc 0000000000000039 0000000000000000 5 $12 : 0000000000000018 ffffffff803aa620 0000000000000000 0000000000000000 6 $16 : 0000000000000100 0000000013bd3f1a 0000000000000001 0000000000000100 7 $20 : ffffffffc05d0000 00000000000005a8 000000004ef67788 ffffffffc4b65038 8 $24 : 0000000000000000 ffffffffc0101b98 9 $28 : a8000001eaf88000 a8000001eaf8bd78 0000000007ffffff ffffffffc56953b8
$0 zero 永远返回0
$1 at (assembly temporary)保留给汇编器使用
$2-$3 v0-v1 子程序返回值
$4-$7 a0-a3 (argument)调用子程序时前4个参数
$8-$15 t0-t7 (temporaries)临时变量,子程序使用时不必保存原值
$16-$23 s0-s7 (stack)子程序使用时必须将原值保存在栈里,在返回调用函数时恢复原值
$24-$25 t8-t9 同t0-t7
$26-$27 k0-k1 保留给异常处理程序使用
$28 gp(global pointer) 一般用于存取static变量,因为mips汇编一条指令是4个字节,存取一个数据的偏移最大只能是2^16(前后32k),这样存取一个数据就需要两条指令,先获取地址高位,再在高位基础上加偏移,gp的作用就是对于一些静态变量,让gp指向静态数据的中间,对于前后32k的数据存取一条指令就可完成
$29 sp (stack pointer) 堆栈指针,用于子函数存取临时变量和返回调用函数时需要还原的s0-s7寄存器的值,通常每个函数的第一条指令都是压栈操作,即在子程序的入口将sp压至该子程序可能用到的最低点
$30 f8/s8 (frame pointer)帧指针,作用类似于sp,只在当栈底在编译时还不能确定的情况下使用
$31 ra (return address)子程序返回地址,在每个子程序的入口ra自动保存调用函数的返回地址,典型的子程序都以一条jr ra指令结尾,当该子程序又需要嵌套调用其它子程序时,必须先将ra的值压栈
a函数:… b函数:ra = … c函数:ra = …
jal b jal c
lw t1 vo lw t1 vo
jr ra
异常程序计数器即异常返回地址(EPC): 保存异常返回点,即导致异常的指令地址,使用kdb定位问题的入口
原因寄存器(cause): 记录异常类型,只有一位比较重要,最高位表示异常发生在分支延迟槽,这时真正导致异常指令应该是epc的下一条指令
状态寄存器(SR): 与通常状态寄存器是只读的不同,cpo的SR是可写的,用于控制cpu的工作模式:尾端,协处理器使能,中断使能,大写端配置等
ErrorEPC寄存器: 发生cache error时,异常受害指令为ErrorEPC
下面看一下记录的异常信息:
1 Exception: Cache/Bus Error Exception 2 SCU[L2] Error Registers: 3 L2_ERROR_LOG0 : 0x3507 4 Op type : Load 5 Error Type : Double-bit Tag RAM 6 SCU Error Address : 0x269000010 7 8 Jiffies: 4298954978 9 Occur time: Tue Dec 17 16:34:09 2019(1576571649s) 10 Cpu 0 11 $ 0 : 0000000000000000 ffffffffc0101d58 0000000046306a40 ffffffffc00f7448 12 $ 4 : a800000268fffd38 ffffffff80000000 0000000000000000 ffffffff80764eb0 13 $ 8 : a8000001021ef6a0 fffffffffffffffc 0000000000000039 0000000000000000 14 $12 : 0000000000000018 ffffffff803aa620 0000000000000000 0000000000000000 15 $16 : 0000000000000100 0000000013bd3f1a 0000000000000001 0000000000000100 16 $20 : ffffffffc05d0000 00000000000005a8 000000004ef67788 ffffffffc4b65038 17 $24 : 0000000000000000 ffffffffc0101b98 18 $28 : a8000001eaf88000 a8000001eaf8bd78 0000000007ffffff ffffffffc56953b8 19 Hi : 0000000000000000 20 Lo : 0000000000249060 21 epc : ffffffffc56953b0 vsm_dp_link_port_down+0x168/0x350 [conplat_dp] 22 ra : ffffffffc56953b8 vsm_dp_link_port_down+0x170/0x350 [conplat_dp] 23 Status: 5000f8e5 KX SX UX KERNEL ERL IE 24 Cause : 80800078 25 PrId : 000c1203 (Netlogic XLP208 Rev B1) 26 Process cfg (pid: 4607, threadinfo=a8000001eaf88000, task=a8000002395dcf38) 27 Code: 02c2b02d dfa30008 0096202d <0060f809> 8c8402d8 14400005 dfa30000 de846c90 095a5514 28 29 (sizeof(unsigned long) * 128) bytes trace back from stack: 30 0000000002318352 ffffffffc00f7448 0000000000000001 0000000000000000 31 000000ffffbde110 0000000040000015 0000000000000000 ffffffffc0790000 32 ffffffffc5b2f1a0 0000000000000000 0000000000000000 ffffffffc5130cfc 33 0000000000000001 0000000000000000 0000000000880000 0000000000880000 34 0000000000000000 0000000000000001 000000ffffbde110 0000000000000200 35 0000000000000000 00000001200fde6c 000000012e6fd608 000000012e6fdf88 36 0000000000000000 0000000000000000 0000000000000000 ffffffff80118d34 37 0000000000000000 ffffffff803aa204 00000000000014c8 00000000000004d0 38 0000000000880000 0000000040000015 0000000000000000 0000000000000000 39 000000ffffbde110 0000000040000015 0000000000000000 0000000000000000 40 00000000f0000000 000000fff4ecf7f8 000000fff4ec3350 000000ffffbdd880 41 0000000000000003 0000000000000000 0000000000008914 000000ffffbddc28 42 0000000000000000 0000000000000001 0000000000000000 0000000000000000 43 000000fff4ebb0f8 000000fff4df8558 0000000000000000 0000000000000000 44 000000fff4eb2100 000000ffffbde110 0000000000000000 000000fff4e72cc8 45 000000004000f8f3 0000000000000000 00000000000068d0 000000fff4cdd694 46 0000000000800020 000000fff4df8594 0000000000000000 0000000000000000 47 0000000000000000 0000000000000000 0000000000000000 0000000000000000 48 0000000000000000 0000000000000000 00000000e0000000 0000000000000000 49 0000000000000000 ffffffff80838000 ffffffff80838000 ffffffff80838000 50 a
死在了vsm_dp_link_port_down的168位置,而这个函数一共有350那么大。所以先把整个函数的汇编打出来:
1 [0]kdb> id vsm_dp_link_port_down 2 0xffffffffc5699ee8 vsm_dp_link_port_down: daddiu sp,sp,-96 3 0xffffffffc5699eec vsm_dp_link_port_down+0x4: sd ra,88(sp) 4 0xffffffffc5699ef0 vsm_dp_link_port_down+0x8: sd s8,80(sp) 5 0xffffffffc5699ef4 vsm_dp_link_port_down+0xc: sd s7,72(sp) 6 0xffffffffc5699ef8 vsm_dp_link_port_down+0x10: sd s6,64(sp) 7 0xffffffffc5699efc vsm_dp_link_port_down+0x14: sd s5,56(sp) 8 0xffffffffc5699f00 vsm_dp_link_port_down+0x18: sd s4,48(sp) 9 0xffffffffc5699f04 vsm_dp_link_port_down+0x1c: sd s3,40(sp) 10 0xffffffffc5699f08 vsm_dp_link_port_down+0x20: sd s2,32(sp) 11 0xffffffffc5699f0c vsm_dp_link_port_down+0x24: sd s1,24(sp) 12 0xffffffffc5699f10 vsm_dp_link_port_down+0x28: sd s0,16(sp) 13 0xffffffffc5699f14 vsm_dp_link_port_down+0x2c: b 0xffffffffc5699f28 vsm_dp_link_port_down+0x40 14 0xffffffffc5699f18 vsm_dp_link_port_down+0x30: daddiu v1,v1,29120 15 0xffffffffc5699f1c vsm_dp_link_port_down+0x34: move at,ra 16 0xffffffffc5699f20 vsm_dp_link_port_down+0x38: jalr v1 17 0xffffffffc5699f24 vsm_dp_link_port_down+0x3c: nop 18 [0]kdb> 19 0xffffffffc5699f28 vsm_dp_link_port_down+0x40: lui v0,0xc079 20 0xffffffffc5699f2c vsm_dp_link_port_down+0x44: lw v1,7756(v0) 21 0xffffffffc5699f30 vsm_dp_link_port_down+0x48: li v0,1 22 0xffffffffc5699f34 vsm_dp_link_port_down+0x4c: bne v1,v0,0xffffffffc569a204 vsm_dp_link_port_down+0x31c 23 0xffffffffc5699f38 vsm_dp_link_port_down+0x50: move v0,zero 24 0xffffffffc5699f3c vsm_dp_link_port_down+0x54: lui s4,0xc05d 25 0xffffffffc5699f40 vsm_dp_link_port_down+0x58: ld v0,27952(s4) 26 0xffffffffc5699f44 vsm_dp_link_port_down+0x5c: beqz v0,0xffffffffc569a204 vsm_dp_link_port_down+0x31c 27 0xffffffffc5699f48 vsm_dp_link_port_down+0x60: li v0,-1 28 0xffffffffc5699f4c vsm_dp_link_port_down+0x64: lui v0,0xc02c 29 0xffffffffc5699f50 vsm_dp_link_port_down+0x68: daddiu v0,v0,29216 30 0xffffffffc5699f54 vsm_dp_link_port_down+0x6c: jalr v0 31 0xffffffffc5699f58 vsm_dp_link_port_down+0x70: nop 32 0xffffffffc5699f5c vsm_dp_link_port_down+0x74: lui v1,0xc079 33 0xffffffffc5699f60 vsm_dp_link_port_down+0x78: lw a0,7724(v1) 34 0xffffffffc5699f64 vsm_dp_link_port_down+0x7c: lui v1,0x4000 35 [0]kdb> 36 0xffffffffc5699f68 vsm_dp_link_port_down+0x80: bne a0,v1,0xffffffffc5699f90 vsm_dp_link_port_down+0xa8 37 0xffffffffc5699f6c vsm_dp_link_port_down+0x84: li v1,16 38 0xffffffffc5699f70 vsm_dp_link_port_down+0x88: beq v0,v1,0xffffffffc5699f80 vsm_dp_link_port_down+0x98 39 0xffffffffc5699f74 vsm_dp_link_port_down+0x8c: li v1,8 40 0xffffffffc5699f78 vsm_dp_link_port_down+0x90: bne v0,v1,0xffffffffc5699f94 vsm_dp_link_port_down+0xac 41 0xffffffffc5699f7c vsm_dp_link_port_down+0x94: lui v0,0xc000 42 0xffffffffc5699f80 vsm_dp_link_port_down+0x98: lui v0,0xc7e0 43 0xffffffffc5699f84 vsm_dp_link_port_down+0x9c: lw v0,-15980(v0) 44 0xffffffffc5699f88 vsm_dp_link_port_down+0xa0: beqz v0,0xffffffffc569a204 vsm_dp_link_port_down+0x31c 45 0xffffffffc5699f8c vsm_dp_link_port_down+0xa4: move v0,zero 46 0xffffffffc5699f90 vsm_dp_link_port_down+0xa8: lui v0,0xc000 47 0xffffffffc5699f94 vsm_dp_link_port_down+0xac: daddiu v0,v0,344 48 0xffffffffc5699f98 vsm_dp_link_port_down+0xb0: jalr v0 49 0xffffffffc5699f9c vsm_dp_link_port_down+0xb4: nop 50 0xffffffffc5699fa0 vsm_dp_link_port_down+0xb8: move s0,v0 51 0xffffffffc5699fa4 vsm_dp_link_port_down+0xbc: lui v0,0xc02c 52 [0]kdb> 53 0xffffffffc5699fa8 vsm_dp_link_port_down+0xc0: daddiu v0,v0,29400 54 0xffffffffc5699fac vsm_dp_link_port_down+0xc4: jalr v0 55 0xffffffffc5699fb0 vsm_dp_link_port_down+0xc8: nop 56 0xffffffffc5699fb4 vsm_dp_link_port_down+0xcc: bnez v0,0xffffffffc5699ff8 vsm_dp_link_port_down+0x110 57 0xffffffffc5699fb8 vsm_dp_link_port_down+0xd0: lui v0,0xc4b7 58 0xffffffffc5699fbc vsm_dp_link_port_down+0xd4: li s5,1448 59 0xffffffffc5699fc0 vsm_dp_link_port_down+0xd8: ld a0,27952(s4) 60 0xffffffffc5699fc4 vsm_dp_link_port_down+0xdc: mult s0,s5 61 0xffffffffc5699fc8 vsm_dp_link_port_down+0xe0: mflo v0 62 0xffffffffc5699fcc vsm_dp_link_port_down+0xe4: mfhi s5 63 0xffffffffc5699fd0 vsm_dp_link_port_down+0xe8: dsll32 v0,v0,0x0 64 0xffffffffc5699fd4 vsm_dp_link_port_down+0xec: dsrl32 v0,v0,0x0 65 0xffffffffc5699fd8 vsm_dp_link_port_down+0xf0: dsll32 s5,s5,0x0 66 0xffffffffc5699fdc vsm_dp_link_port_down+0xf4: or s5,s5,v0 67 0xffffffffc5699fe0 vsm_dp_link_port_down+0xf8: daddu a0,a0,s5 68 0xffffffffc5699fe4 vsm_dp_link_port_down+0xfc: lw v0,4(a0) 69 [0]kdb> 70 0xffffffffc5699fe8 vsm_dp_link_port_down+0x100: bnez v0,0xffffffffc569a014 vsm_dp_link_port_down+0x12c 71 0xffffffffc5699fec vsm_dp_link_port_down+0x104: lui s8,0x7ff 72 0xffffffffc5699ff0 vsm_dp_link_port_down+0x108: j 0xffffffffc569a10c vsm_dp_link_port_down+0x224 73 0xffffffffc5699ff4 vsm_dp_link_port_down+0x10c: lw v0,0(a0) 74 0xffffffffc5699ff8 vsm_dp_link_port_down+0x110: daddiu v0,v0,-32104 75 0xffffffffc5699ffc vsm_dp_link_port_down+0x114: jalr v0 76 0xffffffffc569a000 vsm_dp_link_port_down+0x118: nop 77 0xffffffffc569a004 vsm_dp_link_port_down+0x11c: beqz v0,0xffffffffc5699fc0 vsm_dp_link_port_down+0xd8 78 0xffffffffc569a008 vsm_dp_link_port_down+0x120: li s5,1448 79 0xffffffffc569a00c vsm_dp_link_port_down+0x124: j 0xffffffffc569a208 vsm_dp_link_port_down+0x320 80 0xffffffffc569a010 vsm_dp_link_port_down+0x128: ld ra,88(sp) 81 0xffffffffc569a014 vsm_dp_link_port_down+0x12c: lui v0,0xc00f 82 0xffffffffc569a018 vsm_dp_link_port_down+0x130: lui s7,0xc4b7 83 0xffffffffc569a01c vsm_dp_link_port_down+0x134: li s2,1 84 0xffffffffc569a020 vsm_dp_link_port_down+0x138: daddiu v0,v0,29768 85 0xffffffffc569a024 vsm_dp_link_port_down+0x13c: sd zero,0(sp) 86 [0]kdb> 87 0xffffffffc569a028 vsm_dp_link_port_down+0x140: ori s8,s8,0xffff 88 0xffffffffc569a02c vsm_dp_link_port_down+0x144: daddiu s7,s7,-31816 89 0xffffffffc569a030 vsm_dp_link_port_down+0x148: li s3,256 90 0xffffffffc569a034 vsm_dp_link_port_down+0x14c: sd v0,8(sp) 91 0xffffffffc569a038 vsm_dp_link_port_down+0x150: ld v1,0(sp) 92 0xffffffffc569a03c vsm_dp_link_port_down+0x154: dsll s6,v1,0x2 93 0xffffffffc569a040 vsm_dp_link_port_down+0x158: dsll v0,v1,0x5 94 0xffffffffc569a044 vsm_dp_link_port_down+0x15c: daddu s6,s6,v0 95 0xffffffffc569a048 vsm_dp_link_port_down+0x160: ld v1,8(sp) 96 0xffffffffc569a04c vsm_dp_link_port_down+0x164: daddu a0,a0,s6 97 0xffffffffc569a050 vsm_dp_link_port_down+0x168: jalr v1 98 0xffffffffc569a054 vsm_dp_link_port_down+0x16c: lw a0,728(a0) 99 0xffffffffc569a058 vsm_dp_link_port_down+0x170: bnez v0,0xffffffffc569a070 vsm_dp_link_port_down+0x188 100 0xffffffffc569a05c vsm_dp_link_port_down+0x174: ld v1,0(sp) 101 0xffffffffc569a060 vsm_dp_link_port_down+0x178: ld a0,27952(s4) 102 0xffffffffc569a064 vsm_dp_link_port_down+0x17c: j 0xffffffffc569a0f0 vsm_dp_link_port_down+0x208 103 [0]kdb> 104 0xffffffffc569a068 vsm_dp_link_port_down+0x180: daddu a0,a0,s5 105 0xffffffffc569a06c vsm_dp_link_port_down+0x184: nop 106 0xffffffffc569a070 vsm_dp_link_port_down+0x188: ld v0,27952(s4) 107 0xffffffffc569a074 vsm_dp_link_port_down+0x18c: move s0,zero 108 0xffffffffc569a078 vsm_dp_link_port_down+0x190: dsll s1,v1,0x3 109 0xffffffffc569a07c vsm_dp_link_port_down+0x194: daddu v0,v0,s5 110 0xffffffffc569a080 vsm_dp_link_port_down+0x198: daddu s1,s1,v1 111 0xffffffffc569a084 vsm_dp_link_port_down+0x19c: sra v1,s0,0x5 112 0xffffffffc569a088 vsm_dp_link_port_down+0x1a0: sllv a1,s2,s0 113 0xffffffffc569a08c vsm_dp_link_port_down+0x1a4: daddu v1,s1,v1 114 0xffffffffc569a090 vsm_dp_link_port_down+0x1a8: daddiu v1,v1,180 115 0xffffffffc569a094 vsm_dp_link_port_down+0x1ac: dsll v1,v1,0x2 116 0xffffffffc569a098 vsm_dp_link_port_down+0x1b0: daddu v1,v0,v1 117 0xffffffffc569a09c vsm_dp_link_port_down+0x1b4: lw v1,12(v1) 118 0xffffffffc569a0a0 vsm_dp_link_port_down+0x1b8: and v1,a1,v1 119 0xffffffffc569a0a4 vsm_dp_link_port_down+0x1bc: beqz v1,0xffffffffc569a0e0 vsm_dp_link_port_down+0x1f8 120 [0]kdb> 121 0xffffffffc569a0a8 vsm_dp_link_port_down+0x1c0: move a0,v0 122 0xffffffffc569a0ac vsm_dp_link_port_down+0x1c4: daddu v0,v0,s6 123 0xffffffffc569a0b0 vsm_dp_link_port_down+0x1c8: lw a0,728(v0) 124 0xffffffffc569a0b4 vsm_dp_link_port_down+0x1cc: lui v0,0x3000 125 0xffffffffc569a0b8 vsm_dp_link_port_down+0x1d0: sll a0,a0,0x8 126 0xffffffffc569a0bc vsm_dp_link_port_down+0x1d4: addu a0,a0,s0 127 0xffffffffc569a0c0 vsm_dp_link_port_down+0x1d8: and a0,a0,s8 128 0xffffffffc569a0c4 vsm_dp_link_port_down+0x1dc: jalr s7 129 0xffffffffc569a0c8 vsm_dp_link_port_down+0x1e0: or a0,a0,v0 130 0xffffffffc569a0cc vsm_dp_link_port_down+0x1e4: bnez v0,0xffffffffc569a208 vsm_dp_link_port_down+0x320 131 0xffffffffc569a0d0 vsm_dp_link_port_down+0x1e8: ld ra,88(sp) 132 0xffffffffc569a0d4 vsm_dp_link_port_down+0x1ec: ld v0,27952(s4) 133 0xffffffffc569a0d8 vsm_dp_link_port_down+0x1f0: daddu v0,v0,s5 134 0xffffffffc569a0dc vsm_dp_link_port_down+0x1f4: move a0,v0 135 0xffffffffc569a0e0 vsm_dp_link_port_down+0x1f8: addiu s0,s0,1 136 0xffffffffc569a0e4 vsm_dp_link_port_down+0x1fc: bne s0,s3,0xffffffffc569a088 vsm_dp_link_port_down+0x1a0 137 [0]kdb> 138 0xffffffffc569a0e8 vsm_dp_link_port_down+0x200: sra v1,s0,0x5 139 0xffffffffc569a0ec vsm_dp_link_port_down+0x204: ld v1,0(sp) 140 0xffffffffc569a0f0 vsm_dp_link_port_down+0x208: addiu v1,v1,1 141 0xffffffffc569a0f4 vsm_dp_link_port_down+0x20c: sd v1,0(sp) 142 0xffffffffc569a0f8 vsm_dp_link_port_down+0x210: lw v0,4(a0) 143 0xffffffffc569a0fc vsm_dp_link_port_down+0x214: sltu v0,v1,v0 144 0xffffffffc569a100 vsm_dp_link_port_down+0x218: bnez v0,0xffffffffc569a03c vsm_dp_link_port_down+0x154 145 0xffffffffc569a104 vsm_dp_link_port_down+0x21c: ld v1,0(sp) 146 0xffffffffc569a108 vsm_dp_link_port_down+0x220: lw v0,0(a0) 147 0xffffffffc569a10c vsm_dp_link_port_down+0x224: beqz v0,0xffffffffc569a200 vsm_dp_link_port_down+0x318 148 0xffffffffc569a110 vsm_dp_link_port_down+0x228: lui v0,0xc00f 149 0xffffffffc569a114 vsm_dp_link_port_down+0x22c: lui s8,0x7ff 150 0xffffffffc569a118 vsm_dp_link_port_down+0x230: lui s7,0xc4b7 151 0xffffffffc569a11c vsm_dp_link_port_down+0x234: li s2,1 152 0xffffffffc569a120 vsm_dp_link_port_down+0x238: daddiu v0,v0,29768 153 0xffffffffc569a124 vsm_dp_link_port_down+0x23c: sd zero,0(sp) 154 [0]kdb> 155 0xffffffffc569a128 vsm_dp_link_port_down+0x240: ori s8,s8,0xffff 156 0xffffffffc569a12c vsm_dp_link_port_down+0x244: daddiu s7,s7,-31816 157 0xffffffffc569a130 vsm_dp_link_port_down+0x248: li s3,256 158 0xffffffffc569a134 vsm_dp_link_port_down+0x24c: sd v0,8(sp) 159 0xffffffffc569a138 vsm_dp_link_port_down+0x250: ld v0,0(sp) 160 0xffffffffc569a13c vsm_dp_link_port_down+0x254: ld v1,8(sp) 161 0xffffffffc569a140 vsm_dp_link_port_down+0x258: dsll s6,v0,0x2 162 0xffffffffc569a144 vsm_dp_link_port_down+0x25c: dsll v0,v0,0x5 163 0xffffffffc569a148 vsm_dp_link_port_down+0x260: daddu s6,s6,v0 164 0xffffffffc569a14c vsm_dp_link_port_down+0x264: daddu a0,a0,s6 165 0xffffffffc569a150 vsm_dp_link_port_down+0x268: jalr v1 166 0xffffffffc569a154 vsm_dp_link_port_down+0x26c: lw a0,8(a0) 167 0xffffffffc569a158 vsm_dp_link_port_down+0x270: bnez v0,0xffffffffc569a16c vsm_dp_link_port_down+0x284 168 0xffffffffc569a15c vsm_dp_link_port_down+0x274: ld v1,0(sp) 169 0xffffffffc569a160 vsm_dp_link_port_down+0x278: ld a0,27952(s4) 170 0xffffffffc569a164 vsm_dp_link_port_down+0x27c: j 0xffffffffc569a1e8 vsm_dp_link_port_down+0x300 171 [0]kdb> 172 0xffffffffc569a168 vsm_dp_link_port_down+0x280: daddu a0,a0,s5 173 0xffffffffc569a16c vsm_dp_link_port_down+0x284: ld v0,27952(s4) 174 0xffffffffc569a170 vsm_dp_link_port_down+0x288: move s0,zero 175 0xffffffffc569a174 vsm_dp_link_port_down+0x28c: dsll s1,v1,0x3 176 0xffffffffc569a178 vsm_dp_link_port_down+0x290: daddu v0,v0,s5 177 0xffffffffc569a17c vsm_dp_link_port_down+0x294: daddu s1,s1,v1 178 0xffffffffc569a180 vsm_dp_link_port_down+0x298: sra v1,s0,0x5 179 0xffffffffc569a184 vsm_dp_link_port_down+0x29c: sllv a1,s2,s0 180 0xffffffffc569a188 vsm_dp_link_port_down+0x2a0: daddu v1,s1,v1 181 0xffffffffc569a18c vsm_dp_link_port_down+0x2a4: dsll v1,v1,0x2 182 0xffffffffc569a190 vsm_dp_link_port_down+0x2a8: daddu v1,v0,v1 183 0xffffffffc569a194 vsm_dp_link_port_down+0x2ac: lw v1,12(v1) 184 0xffffffffc569a198 vsm_dp_link_port_down+0x2b0: and v1,a1,v1 185 0xffffffffc569a19c vsm_dp_link_port_down+0x2b4: beqz v1,0xffffffffc569a1d8 vsm_dp_link_port_down+0x2f0 186 0xffffffffc569a1a0 vsm_dp_link_port_down+0x2b8: move a0,v0 187 0xffffffffc569a1a4 vsm_dp_link_port_down+0x2bc: daddu v0,v0,s6 188 [0]kdb> 189 0xffffffffc569a1a8 vsm_dp_link_port_down+0x2c0: lw a0,8(v0) 190 0xffffffffc569a1ac vsm_dp_link_port_down+0x2c4: lui v0,0x3000 191 0xffffffffc569a1b0 vsm_dp_link_port_down+0x2c8: sll a0,a0,0x8 192 0xffffffffc569a1b4 vsm_dp_link_port_down+0x2cc: addu a0,a0,s0 193 0xffffffffc569a1b8 vsm_dp_link_port_down+0x2d0: and a0,a0,s8 194 0xffffffffc569a1bc vsm_dp_link_port_down+0x2d4: jalr s7 195 0xffffffffc569a1c0 vsm_dp_link_port_down+0x2d8: or a0,a0,v0 196 0xffffffffc569a1c4 vsm_dp_link_port_down+0x2dc: bnez v0,0xffffffffc569a208 vsm_dp_link_port_down+0x320 197 0xffffffffc569a1c8 vsm_dp_link_port_down+0x2e0: ld ra,88(sp) 198 0xffffffffc569a1cc vsm_dp_link_port_down+0x2e4: ld v0,27952(s4) 199 0xffffffffc569a1d0 vsm_dp_link_port_down+0x2e8: daddu v0,v0,s5 200 0xffffffffc569a1d4 vsm_dp_link_port_down+0x2ec: move a0,v0 201 0xffffffffc569a1d8 vsm_dp_link_port_down+0x2f0: addiu s0,s0,1 202 0xffffffffc569a1dc vsm_dp_link_port_down+0x2f4: bne s0,s3,0xffffffffc569a184 vsm_dp_link_port_down+0x29c 203 0xffffffffc569a1e0 vsm_dp_link_port_down+0x2f8: sra v1,s0,0x5 204 0xffffffffc569a1e4 vsm_dp_link_port_down+0x2fc: ld v1,0(sp) 205 [0]kdb> 206 0xffffffffc569a1e8 vsm_dp_link_port_down+0x300: addiu v1,v1,1 207 0xffffffffc569a1ec vsm_dp_link_port_down+0x304: sd v1,0(sp) 208 0xffffffffc569a1f0 vsm_dp_link_port_down+0x308: lw v0,0(a0) 209 0xffffffffc569a1f4 vsm_dp_link_port_down+0x30c: sltu v0,v1,v0 210 0xffffffffc569a1f8 vsm_dp_link_port_down+0x310: bnez v0,0xffffffffc569a13c vsm_dp_link_port_down+0x254 211 0xffffffffc569a1fc vsm_dp_link_port_down+0x314: ld v0,0(sp) 212 0xffffffffc569a200 vsm_dp_link_port_down+0x318: move v0,zero 213 0xffffffffc569a204 vsm_dp_link_port_down+0x31c: ld ra,88(sp) 214 0xffffffffc569a208 vsm_dp_link_port_down+0x320: ld s8,80(sp) 215 0xffffffffc569a20c vsm_dp_link_port_down+0x324: ld s7,72(sp) 216 0xffffffffc569a210 vsm_dp_link_port_down+0x328: ld s6,64(sp) 217 0xffffffffc569a214 vsm_dp_link_port_down+0x32c: ld s5,56(sp) 218 0xffffffffc569a218 vsm_dp_link_port_down+0x330: ld s4,48(sp) 219 0xffffffffc569a21c vsm_dp_link_port_down+0x334: ld s3,40(sp) 220 0xffffffffc569a220 vsm_dp_link_port_down+0x338: ld s2,32(sp) 221 0xffffffffc569a224 vsm_dp_link_port_down+0x33c: ld s1,24(sp) 222 [0]kdb> 223 0xffffffffc569a228 vsm_dp_link_port_down+0x340: ld s0,16(sp) 224 0xffffffffc569a22c vsm_dp_link_port_down+0x344: jr ra 225 0xffffffffc569a230 vsm_dp_link_port_down+0x348: daddiu sp,sp,96
我们jalr v*通常是函数内调用了子函数,所以此处可以直接看一下v1寄存器中是啥值。
1 [0]kdb> ffffffffc00f7448 2 ffffffffc00f7448 = 0xffffffffc00f7448 (if_slot_is_available[conplat_net])
直接就显示了死掉的函数,有点一拳打棉花上的感觉。
看一下死机的上下文吧。
1 0xffffffffc569a028 vsm_dp_link_port_down+0x140: ori s8,s8,0xffff 2 0xffffffffc569a02c vsm_dp_link_port_down+0x144: daddiu s7,s7,-31816 3 0xffffffffc569a030 vsm_dp_link_port_down+0x148: li s3,256 4 0xffffffffc569a034 vsm_dp_link_port_down+0x14c: sd v0,8(sp) 5 0xffffffffc569a038 vsm_dp_link_port_down+0x150: ld v1,0(sp) 6 0xffffffffc569a03c vsm_dp_link_port_down+0x154: dsll s6,v1,0x2 7 0xffffffffc569a040 vsm_dp_link_port_down+0x158: dsll v0,v1,0x5 8 0xffffffffc569a044 vsm_dp_link_port_down+0x15c: daddu s6,s6,v0 9 0xffffffffc569a048 vsm_dp_link_port_down+0x160: ld v1,8(sp) 10 0xffffffffc569a04c vsm_dp_link_port_down+0x164: daddu a0,a0,s6 11 0xffffffffc569a050 vsm_dp_link_port_down+0x168: jalr v1
12 0xffffffffc569a054 vsm_dp_link_port_down+0x16c: lw a0,728(a0)
可见a0是第一且唯一的一个参数。且后边的a0偏移728位也是符合实际的。那么只能是因为传入参数a0是非法指针。接下来就要看一下a0到底啥值。由于前一次没有开KDB导致直接重启,死机现象不存在了,所以此时在kdb中看a0的值明显是正常的。只能等下次复现是执行下面的命令:
1 [0]kdb> md a800000268fffd38
vsm_dp_link_port_down