死机了,还没打开KDB开关,直接重启了。

进行处理之前先了解一些基础知识:

Mips共有32个通用寄存器,其中$0,$31这两个寄存器有特殊作用,其它寄存器硬件没有做限制,理论上可以随便使用,但为了可读性和兼容性,基本上所有mips处理器都遵循下面的习惯用法,相应于习惯用法对寄存器有一套命名约定,定义在内核<regdef.h>头文件中,经过这个头文件的预处理后,反汇编后的汇编代码中寄存器就不再是$0,$1…$30,$31这些编号,而是头文件中定义的习惯命名,也叫助记符。

1 Cpu 0
2 $ 0   : 0000000000000000 ffffffffc0101d58 0000000046306a40 ffffffffc00f7448
3 $ 4   : a800000268fffd38 ffffffff80000000 0000000000000000 ffffffff80764eb0
4 $ 8   : a8000001021ef6a0 fffffffffffffffc 0000000000000039 0000000000000000
5 $12   : 0000000000000018 ffffffff803aa620 0000000000000000 0000000000000000
6 $16   : 0000000000000100 0000000013bd3f1a 0000000000000001 0000000000000100
7 $20   : ffffffffc05d0000 00000000000005a8 000000004ef67788 ffffffffc4b65038
8 $24   : 0000000000000000 ffffffffc0101b98
9 $28   : a8000001eaf88000 a8000001eaf8bd78 0000000007ffffff ffffffffc56953b8

$0     zero 永远返回0
$1     at (assembly temporary)保留给汇编器使用
$2-$3     v0-v1 子程序返回值
$4-$7     a0-a3 (argument)调用子程序时前4个参数
$8-$15   t0-t7 (temporaries)临时变量,子程序使用时不必保存原值
$16-$23   s0-s7 (stack)子程序使用时必须将原值保存在栈里,在返回调用函数时恢复原值
$24-$25   t8-t9 同t0-t7
$26-$27   k0-k1 保留给异常处理程序使用
$28     gp(global pointer) 一般用于存取static变量,因为mips汇编一条指令是4个字节,存取一个数据的偏移最大只能是2^16(前后32k),这样存取一个数据就需要两条指令,先获取地址高位,再在高位基础上加偏移,gp的作用就是对于一些静态变量,让gp指向静态数据的中间,对于前后32k的数据存取一条指令就可完成

$29     sp (stack pointer) 堆栈指针,用于子函数存取临时变量和返回调用函数时需要还原的s0-s7寄存器的值,通常每个函数的第一条指令都是压栈操作,即在子程序的入口将sp压至该子程序可能用到的最低点
$30     f8/s8 (frame pointer)帧指针,作用类似于sp,只在当栈底在编译时还不能确定的情况下使用
$31     ra (return address)子程序返回地址,在每个子程序的入口ra自动保存调用函数的返回地址,典型的子程序都以一条jr ra指令结尾,当该子程序又需要嵌套调用其它子程序时,必须先将ra的值压栈
a函数:… b函数:ra = … c函数:ra = …

jal b jal c
lw t1 vo lw t1 vo
jr ra

异常程序计数器即异常返回地址(EPC):  保存异常返回点,即导致异常的指令地址,使用kdb定位问题的入口
原因寄存器(cause):              记录异常类型,只有一位比较重要,最高位表示异常发生在分支延迟槽,这时真正导致异常指令应该是epc的下一条指令
状态寄存器(SR):              与通常状态寄存器是只读的不同,cpo的SR是可写的,用于控制cpu的工作模式:尾端,协处理器使能,中断使能,大写端配置等
ErrorEPC寄存器:             发生cache error时,异常受害指令为ErrorEPC

下面看一下记录的异常信息:

 1 Exception: Cache/Bus Error Exception
 2 SCU[L2] Error Registers:
 3         L2_ERROR_LOG0   : 0x3507
 4         Op type : Load
 5         Error Type      : Double-bit Tag RAM
 6         SCU Error Address       : 0x269000010
 7
 8 Jiffies: 4298954978
 9 Occur time: Tue Dec 17 16:34:09 2019(1576571649s)
10 Cpu 0
11 $ 0   : 0000000000000000 ffffffffc0101d58 0000000046306a40 ffffffffc00f7448
12 $ 4   : a800000268fffd38 ffffffff80000000 0000000000000000 ffffffff80764eb0
13 $ 8   : a8000001021ef6a0 fffffffffffffffc 0000000000000039 0000000000000000
14 $12   : 0000000000000018 ffffffff803aa620 0000000000000000 0000000000000000
15 $16   : 0000000000000100 0000000013bd3f1a 0000000000000001 0000000000000100
16 $20   : ffffffffc05d0000 00000000000005a8 000000004ef67788 ffffffffc4b65038
17 $24   : 0000000000000000 ffffffffc0101b98
18 $28   : a8000001eaf88000 a8000001eaf8bd78 0000000007ffffff ffffffffc56953b8
19 Hi    : 0000000000000000
20 Lo    : 0000000000249060
21 epc   : ffffffffc56953b0 vsm_dp_link_port_down+0x168/0x350 [conplat_dp]
22 ra    : ffffffffc56953b8 vsm_dp_link_port_down+0x170/0x350 [conplat_dp]
23 Status: 5000f8e5    KX SX UX KERNEL ERL IE
24 Cause : 80800078
25 PrId  : 000c1203 (Netlogic XLP208 Rev B1)
26 Process cfg (pid: 4607, threadinfo=a8000001eaf88000, task=a8000002395dcf38)
27 Code: 02c2b02d  dfa30008  0096202d <0060f809> 8c8402d8  14400005  dfa30000  de846c90  095a5514
28
29 (sizeof(unsigned long) * 128) bytes trace back from stack:
30 0000000002318352 ffffffffc00f7448 0000000000000001 0000000000000000
31 000000ffffbde110 0000000040000015 0000000000000000 ffffffffc0790000
32 ffffffffc5b2f1a0 0000000000000000 0000000000000000 ffffffffc5130cfc
33 0000000000000001 0000000000000000 0000000000880000 0000000000880000
34 0000000000000000 0000000000000001 000000ffffbde110 0000000000000200
35 0000000000000000 00000001200fde6c 000000012e6fd608 000000012e6fdf88
36 0000000000000000 0000000000000000 0000000000000000 ffffffff80118d34
37 0000000000000000 ffffffff803aa204 00000000000014c8 00000000000004d0
38 0000000000880000 0000000040000015 0000000000000000 0000000000000000
39 000000ffffbde110 0000000040000015 0000000000000000 0000000000000000
40 00000000f0000000 000000fff4ecf7f8 000000fff4ec3350 000000ffffbdd880
41 0000000000000003 0000000000000000 0000000000008914 000000ffffbddc28
42 0000000000000000 0000000000000001 0000000000000000 0000000000000000
43 000000fff4ebb0f8 000000fff4df8558 0000000000000000 0000000000000000
44 000000fff4eb2100 000000ffffbde110 0000000000000000 000000fff4e72cc8
45 000000004000f8f3 0000000000000000 00000000000068d0 000000fff4cdd694
46 0000000000800020 000000fff4df8594 0000000000000000 0000000000000000
47 0000000000000000 0000000000000000 0000000000000000 0000000000000000
48 0000000000000000 0000000000000000 00000000e0000000 0000000000000000
49 0000000000000000 ffffffff80838000 ffffffff80838000 ffffffff80838000
50 a800000227490000 0000000000000000 0000000000000000 0000000000000000
51 0000000000000000 0000000000000000 0000000000000000 0000000000000000
52 0000000000000000 0000000000000000 0000000000000000 0000000000000000
53 0000000000000000 0000000000000000 0000000000000000 0000000000000000
54 0000000000000000 0000000000000000 0000000000000000 0000000000000000
55 0000000000000000 0000000000000000 0000000000000000 0000000000000000
56 0000000000000000 0000000000000000 0000000000000000 0000000000000000
57 0000000000000000 0000000000000000 0000000000000000 0000000000000000
58 0000000000000000 0000000000000000 0000000000000000 0000000000000000
59 0000000000000000 0000000000000000 0000000000000000 0000000000000000
60 0000000000000000 0000000000000000 0000000000000000 0000000000000000
61 0000000000000000 0000000000000000 0000000000000000 0000000000000000 

死在了vsm_dp_link_port_down的168位置,而这个函数一共有350那么大。所以先把整个函数的汇编打出来:

  1 [0]kdb> id vsm_dp_link_port_down
  2 0xffffffffc5699ee8 vsm_dp_link_port_down:         daddiu        sp,sp,-96
  3 0xffffffffc5699eec vsm_dp_link_port_down+0x4:     sd    ra,88(sp)
  4 0xffffffffc5699ef0 vsm_dp_link_port_down+0x8:     sd    s8,80(sp)
  5 0xffffffffc5699ef4 vsm_dp_link_port_down+0xc:     sd    s7,72(sp)
  6 0xffffffffc5699ef8 vsm_dp_link_port_down+0x10:    sd    s6,64(sp)
  7 0xffffffffc5699efc vsm_dp_link_port_down+0x14:    sd    s5,56(sp)
  8 0xffffffffc5699f00 vsm_dp_link_port_down+0x18:    sd    s4,48(sp)
  9 0xffffffffc5699f04 vsm_dp_link_port_down+0x1c:    sd    s3,40(sp)
 10 0xffffffffc5699f08 vsm_dp_link_port_down+0x20:    sd    s2,32(sp)
 11 0xffffffffc5699f0c vsm_dp_link_port_down+0x24:    sd    s1,24(sp)
 12 0xffffffffc5699f10 vsm_dp_link_port_down+0x28:    sd    s0,16(sp)
 13 0xffffffffc5699f14 vsm_dp_link_port_down+0x2c:    b     0xffffffffc5699f28 vsm_dp_link_port_down+0x40
 14 0xffffffffc5699f18 vsm_dp_link_port_down+0x30:    daddiu        v1,v1,29120
 15 0xffffffffc5699f1c vsm_dp_link_port_down+0x34:    move  at,ra
 16 0xffffffffc5699f20 vsm_dp_link_port_down+0x38:    jalr  v1
 17 0xffffffffc5699f24 vsm_dp_link_port_down+0x3c:    nop
 18 [0]kdb>
 19 0xffffffffc5699f28 vsm_dp_link_port_down+0x40:    lui   v0,0xc079
 20 0xffffffffc5699f2c vsm_dp_link_port_down+0x44:    lw    v1,7756(v0)
 21 0xffffffffc5699f30 vsm_dp_link_port_down+0x48:    li    v0,1
 22 0xffffffffc5699f34 vsm_dp_link_port_down+0x4c:    bne   v1,v0,0xffffffffc569a204 vsm_dp_link_port_down+0x31c
 23 0xffffffffc5699f38 vsm_dp_link_port_down+0x50:    move  v0,zero
 24 0xffffffffc5699f3c vsm_dp_link_port_down+0x54:    lui   s4,0xc05d
 25 0xffffffffc5699f40 vsm_dp_link_port_down+0x58:    ld    v0,27952(s4)
 26 0xffffffffc5699f44 vsm_dp_link_port_down+0x5c:    beqz  v0,0xffffffffc569a204 vsm_dp_link_port_down+0x31c
 27 0xffffffffc5699f48 vsm_dp_link_port_down+0x60:    li    v0,-1
 28 0xffffffffc5699f4c vsm_dp_link_port_down+0x64:    lui   v0,0xc02c
 29 0xffffffffc5699f50 vsm_dp_link_port_down+0x68:    daddiu        v0,v0,29216
 30 0xffffffffc5699f54 vsm_dp_link_port_down+0x6c:    jalr  v0
 31 0xffffffffc5699f58 vsm_dp_link_port_down+0x70:    nop
 32 0xffffffffc5699f5c vsm_dp_link_port_down+0x74:    lui   v1,0xc079
 33 0xffffffffc5699f60 vsm_dp_link_port_down+0x78:    lw    a0,7724(v1)
 34 0xffffffffc5699f64 vsm_dp_link_port_down+0x7c:    lui   v1,0x4000
 35 [0]kdb>
 36 0xffffffffc5699f68 vsm_dp_link_port_down+0x80:    bne   a0,v1,0xffffffffc5699f90 vsm_dp_link_port_down+0xa8
 37 0xffffffffc5699f6c vsm_dp_link_port_down+0x84:    li    v1,16
 38 0xffffffffc5699f70 vsm_dp_link_port_down+0x88:    beq   v0,v1,0xffffffffc5699f80 vsm_dp_link_port_down+0x98
 39 0xffffffffc5699f74 vsm_dp_link_port_down+0x8c:    li    v1,8
 40 0xffffffffc5699f78 vsm_dp_link_port_down+0x90:    bne   v0,v1,0xffffffffc5699f94 vsm_dp_link_port_down+0xac
 41 0xffffffffc5699f7c vsm_dp_link_port_down+0x94:    lui   v0,0xc000
 42 0xffffffffc5699f80 vsm_dp_link_port_down+0x98:    lui   v0,0xc7e0
 43 0xffffffffc5699f84 vsm_dp_link_port_down+0x9c:    lw    v0,-15980(v0)
 44 0xffffffffc5699f88 vsm_dp_link_port_down+0xa0:    beqz  v0,0xffffffffc569a204 vsm_dp_link_port_down+0x31c
 45 0xffffffffc5699f8c vsm_dp_link_port_down+0xa4:    move  v0,zero
 46 0xffffffffc5699f90 vsm_dp_link_port_down+0xa8:    lui   v0,0xc000
 47 0xffffffffc5699f94 vsm_dp_link_port_down+0xac:    daddiu        v0,v0,344
 48 0xffffffffc5699f98 vsm_dp_link_port_down+0xb0:    jalr  v0
 49 0xffffffffc5699f9c vsm_dp_link_port_down+0xb4:    nop
 50 0xffffffffc5699fa0 vsm_dp_link_port_down+0xb8:    move  s0,v0
 51 0xffffffffc5699fa4 vsm_dp_link_port_down+0xbc:    lui   v0,0xc02c
 52 [0]kdb>
 53 0xffffffffc5699fa8 vsm_dp_link_port_down+0xc0:    daddiu        v0,v0,29400
 54 0xffffffffc5699fac vsm_dp_link_port_down+0xc4:    jalr  v0
 55 0xffffffffc5699fb0 vsm_dp_link_port_down+0xc8:    nop
 56 0xffffffffc5699fb4 vsm_dp_link_port_down+0xcc:    bnez  v0,0xffffffffc5699ff8 vsm_dp_link_port_down+0x110
 57 0xffffffffc5699fb8 vsm_dp_link_port_down+0xd0:    lui   v0,0xc4b7
 58 0xffffffffc5699fbc vsm_dp_link_port_down+0xd4:    li    s5,1448
 59 0xffffffffc5699fc0 vsm_dp_link_port_down+0xd8:    ld    a0,27952(s4)
 60 0xffffffffc5699fc4 vsm_dp_link_port_down+0xdc:    mult  s0,s5
 61 0xffffffffc5699fc8 vsm_dp_link_port_down+0xe0:    mflo  v0
 62 0xffffffffc5699fcc vsm_dp_link_port_down+0xe4:    mfhi  s5
 63 0xffffffffc5699fd0 vsm_dp_link_port_down+0xe8:    dsll32        v0,v0,0x0
 64 0xffffffffc5699fd4 vsm_dp_link_port_down+0xec:    dsrl32        v0,v0,0x0
 65 0xffffffffc5699fd8 vsm_dp_link_port_down+0xf0:    dsll32        s5,s5,0x0
 66 0xffffffffc5699fdc vsm_dp_link_port_down+0xf4:    or    s5,s5,v0
 67 0xffffffffc5699fe0 vsm_dp_link_port_down+0xf8:    daddu a0,a0,s5
 68 0xffffffffc5699fe4 vsm_dp_link_port_down+0xfc:    lw    v0,4(a0)
 69 [0]kdb>
 70 0xffffffffc5699fe8 vsm_dp_link_port_down+0x100:   bnez  v0,0xffffffffc569a014 vsm_dp_link_port_down+0x12c
 71 0xffffffffc5699fec vsm_dp_link_port_down+0x104:   lui   s8,0x7ff
 72 0xffffffffc5699ff0 vsm_dp_link_port_down+0x108:   j     0xffffffffc569a10c vsm_dp_link_port_down+0x224
 73 0xffffffffc5699ff4 vsm_dp_link_port_down+0x10c:   lw    v0,0(a0)
 74 0xffffffffc5699ff8 vsm_dp_link_port_down+0x110:   daddiu        v0,v0,-32104
 75 0xffffffffc5699ffc vsm_dp_link_port_down+0x114:   jalr  v0
 76 0xffffffffc569a000 vsm_dp_link_port_down+0x118:   nop
 77 0xffffffffc569a004 vsm_dp_link_port_down+0x11c:   beqz  v0,0xffffffffc5699fc0 vsm_dp_link_port_down+0xd8
 78 0xffffffffc569a008 vsm_dp_link_port_down+0x120:   li    s5,1448
 79 0xffffffffc569a00c vsm_dp_link_port_down+0x124:   j     0xffffffffc569a208 vsm_dp_link_port_down+0x320
 80 0xffffffffc569a010 vsm_dp_link_port_down+0x128:   ld    ra,88(sp)
 81 0xffffffffc569a014 vsm_dp_link_port_down+0x12c:   lui   v0,0xc00f
 82 0xffffffffc569a018 vsm_dp_link_port_down+0x130:   lui   s7,0xc4b7
 83 0xffffffffc569a01c vsm_dp_link_port_down+0x134:   li    s2,1
 84 0xffffffffc569a020 vsm_dp_link_port_down+0x138:   daddiu        v0,v0,29768
 85 0xffffffffc569a024 vsm_dp_link_port_down+0x13c:   sd    zero,0(sp)
 86 [0]kdb>
 87 0xffffffffc569a028 vsm_dp_link_port_down+0x140:   ori   s8,s8,0xffff
 88 0xffffffffc569a02c vsm_dp_link_port_down+0x144:   daddiu        s7,s7,-31816
 89 0xffffffffc569a030 vsm_dp_link_port_down+0x148:   li    s3,256
 90 0xffffffffc569a034 vsm_dp_link_port_down+0x14c:   sd    v0,8(sp)
 91 0xffffffffc569a038 vsm_dp_link_port_down+0x150:   ld    v1,0(sp)
 92 0xffffffffc569a03c vsm_dp_link_port_down+0x154:   dsll  s6,v1,0x2
 93 0xffffffffc569a040 vsm_dp_link_port_down+0x158:   dsll  v0,v1,0x5
 94 0xffffffffc569a044 vsm_dp_link_port_down+0x15c:   daddu s6,s6,v0
 95 0xffffffffc569a048 vsm_dp_link_port_down+0x160:   ld    v1,8(sp)
 96 0xffffffffc569a04c vsm_dp_link_port_down+0x164:   daddu a0,a0,s6
 97 0xffffffffc569a050 vsm_dp_link_port_down+0x168:   jalr  v1
 98 0xffffffffc569a054 vsm_dp_link_port_down+0x16c:   lw    a0,728(a0)
 99 0xffffffffc569a058 vsm_dp_link_port_down+0x170:   bnez  v0,0xffffffffc569a070 vsm_dp_link_port_down+0x188
100 0xffffffffc569a05c vsm_dp_link_port_down+0x174:   ld    v1,0(sp)
101 0xffffffffc569a060 vsm_dp_link_port_down+0x178:   ld    a0,27952(s4)
102 0xffffffffc569a064 vsm_dp_link_port_down+0x17c:   j     0xffffffffc569a0f0 vsm_dp_link_port_down+0x208
103 [0]kdb>
104 0xffffffffc569a068 vsm_dp_link_port_down+0x180:   daddu a0,a0,s5
105 0xffffffffc569a06c vsm_dp_link_port_down+0x184:   nop
106 0xffffffffc569a070 vsm_dp_link_port_down+0x188:   ld    v0,27952(s4)
107 0xffffffffc569a074 vsm_dp_link_port_down+0x18c:   move  s0,zero
108 0xffffffffc569a078 vsm_dp_link_port_down+0x190:   dsll  s1,v1,0x3
109 0xffffffffc569a07c vsm_dp_link_port_down+0x194:   daddu v0,v0,s5
110 0xffffffffc569a080 vsm_dp_link_port_down+0x198:   daddu s1,s1,v1
111 0xffffffffc569a084 vsm_dp_link_port_down+0x19c:   sra   v1,s0,0x5
112 0xffffffffc569a088 vsm_dp_link_port_down+0x1a0:   sllv  a1,s2,s0
113 0xffffffffc569a08c vsm_dp_link_port_down+0x1a4:   daddu v1,s1,v1
114 0xffffffffc569a090 vsm_dp_link_port_down+0x1a8:   daddiu        v1,v1,180
115 0xffffffffc569a094 vsm_dp_link_port_down+0x1ac:   dsll  v1,v1,0x2
116 0xffffffffc569a098 vsm_dp_link_port_down+0x1b0:   daddu v1,v0,v1
117 0xffffffffc569a09c vsm_dp_link_port_down+0x1b4:   lw    v1,12(v1)
118 0xffffffffc569a0a0 vsm_dp_link_port_down+0x1b8:   and   v1,a1,v1
119 0xffffffffc569a0a4 vsm_dp_link_port_down+0x1bc:   beqz  v1,0xffffffffc569a0e0 vsm_dp_link_port_down+0x1f8
120 [0]kdb>
121 0xffffffffc569a0a8 vsm_dp_link_port_down+0x1c0:   move  a0,v0
122 0xffffffffc569a0ac vsm_dp_link_port_down+0x1c4:   daddu v0,v0,s6
123 0xffffffffc569a0b0 vsm_dp_link_port_down+0x1c8:   lw    a0,728(v0)
124 0xffffffffc569a0b4 vsm_dp_link_port_down+0x1cc:   lui   v0,0x3000
125 0xffffffffc569a0b8 vsm_dp_link_port_down+0x1d0:   sll   a0,a0,0x8
126 0xffffffffc569a0bc vsm_dp_link_port_down+0x1d4:   addu  a0,a0,s0
127 0xffffffffc569a0c0 vsm_dp_link_port_down+0x1d8:   and   a0,a0,s8
128 0xffffffffc569a0c4 vsm_dp_link_port_down+0x1dc:   jalr  s7
129 0xffffffffc569a0c8 vsm_dp_link_port_down+0x1e0:   or    a0,a0,v0
130 0xffffffffc569a0cc vsm_dp_link_port_down+0x1e4:   bnez  v0,0xffffffffc569a208 vsm_dp_link_port_down+0x320
131 0xffffffffc569a0d0 vsm_dp_link_port_down+0x1e8:   ld    ra,88(sp)
132 0xffffffffc569a0d4 vsm_dp_link_port_down+0x1ec:   ld    v0,27952(s4)
133 0xffffffffc569a0d8 vsm_dp_link_port_down+0x1f0:   daddu v0,v0,s5
134 0xffffffffc569a0dc vsm_dp_link_port_down+0x1f4:   move  a0,v0
135 0xffffffffc569a0e0 vsm_dp_link_port_down+0x1f8:   addiu s0,s0,1
136 0xffffffffc569a0e4 vsm_dp_link_port_down+0x1fc:   bne   s0,s3,0xffffffffc569a088 vsm_dp_link_port_down+0x1a0
137 [0]kdb>
138 0xffffffffc569a0e8 vsm_dp_link_port_down+0x200:   sra   v1,s0,0x5
139 0xffffffffc569a0ec vsm_dp_link_port_down+0x204:   ld    v1,0(sp)
140 0xffffffffc569a0f0 vsm_dp_link_port_down+0x208:   addiu v1,v1,1
141 0xffffffffc569a0f4 vsm_dp_link_port_down+0x20c:   sd    v1,0(sp)
142 0xffffffffc569a0f8 vsm_dp_link_port_down+0x210:   lw    v0,4(a0)
143 0xffffffffc569a0fc vsm_dp_link_port_down+0x214:   sltu  v0,v1,v0
144 0xffffffffc569a100 vsm_dp_link_port_down+0x218:   bnez  v0,0xffffffffc569a03c vsm_dp_link_port_down+0x154
145 0xffffffffc569a104 vsm_dp_link_port_down+0x21c:   ld    v1,0(sp)
146 0xffffffffc569a108 vsm_dp_link_port_down+0x220:   lw    v0,0(a0)
147 0xffffffffc569a10c vsm_dp_link_port_down+0x224:   beqz  v0,0xffffffffc569a200 vsm_dp_link_port_down+0x318
148 0xffffffffc569a110 vsm_dp_link_port_down+0x228:   lui   v0,0xc00f
149 0xffffffffc569a114 vsm_dp_link_port_down+0x22c:   lui   s8,0x7ff
150 0xffffffffc569a118 vsm_dp_link_port_down+0x230:   lui   s7,0xc4b7
151 0xffffffffc569a11c vsm_dp_link_port_down+0x234:   li    s2,1
152 0xffffffffc569a120 vsm_dp_link_port_down+0x238:   daddiu        v0,v0,29768
153 0xffffffffc569a124 vsm_dp_link_port_down+0x23c:   sd    zero,0(sp)
154 [0]kdb>
155 0xffffffffc569a128 vsm_dp_link_port_down+0x240:   ori   s8,s8,0xffff
156 0xffffffffc569a12c vsm_dp_link_port_down+0x244:   daddiu        s7,s7,-31816
157 0xffffffffc569a130 vsm_dp_link_port_down+0x248:   li    s3,256
158 0xffffffffc569a134 vsm_dp_link_port_down+0x24c:   sd    v0,8(sp)
159 0xffffffffc569a138 vsm_dp_link_port_down+0x250:   ld    v0,0(sp)
160 0xffffffffc569a13c vsm_dp_link_port_down+0x254:   ld    v1,8(sp)
161 0xffffffffc569a140 vsm_dp_link_port_down+0x258:   dsll  s6,v0,0x2
162 0xffffffffc569a144 vsm_dp_link_port_down+0x25c:   dsll  v0,v0,0x5
163 0xffffffffc569a148 vsm_dp_link_port_down+0x260:   daddu s6,s6,v0
164 0xffffffffc569a14c vsm_dp_link_port_down+0x264:   daddu a0,a0,s6
165 0xffffffffc569a150 vsm_dp_link_port_down+0x268:   jalr  v1
166 0xffffffffc569a154 vsm_dp_link_port_down+0x26c:   lw    a0,8(a0)
167 0xffffffffc569a158 vsm_dp_link_port_down+0x270:   bnez  v0,0xffffffffc569a16c vsm_dp_link_port_down+0x284
168 0xffffffffc569a15c vsm_dp_link_port_down+0x274:   ld    v1,0(sp)
169 0xffffffffc569a160 vsm_dp_link_port_down+0x278:   ld    a0,27952(s4)
170 0xffffffffc569a164 vsm_dp_link_port_down+0x27c:   j     0xffffffffc569a1e8 vsm_dp_link_port_down+0x300
171 [0]kdb>
172 0xffffffffc569a168 vsm_dp_link_port_down+0x280:   daddu a0,a0,s5
173 0xffffffffc569a16c vsm_dp_link_port_down+0x284:   ld    v0,27952(s4)
174 0xffffffffc569a170 vsm_dp_link_port_down+0x288:   move  s0,zero
175 0xffffffffc569a174 vsm_dp_link_port_down+0x28c:   dsll  s1,v1,0x3
176 0xffffffffc569a178 vsm_dp_link_port_down+0x290:   daddu v0,v0,s5
177 0xffffffffc569a17c vsm_dp_link_port_down+0x294:   daddu s1,s1,v1
178 0xffffffffc569a180 vsm_dp_link_port_down+0x298:   sra   v1,s0,0x5
179 0xffffffffc569a184 vsm_dp_link_port_down+0x29c:   sllv  a1,s2,s0
180 0xffffffffc569a188 vsm_dp_link_port_down+0x2a0:   daddu v1,s1,v1
181 0xffffffffc569a18c vsm_dp_link_port_down+0x2a4:   dsll  v1,v1,0x2
182 0xffffffffc569a190 vsm_dp_link_port_down+0x2a8:   daddu v1,v0,v1
183 0xffffffffc569a194 vsm_dp_link_port_down+0x2ac:   lw    v1,12(v1)
184 0xffffffffc569a198 vsm_dp_link_port_down+0x2b0:   and   v1,a1,v1
185 0xffffffffc569a19c vsm_dp_link_port_down+0x2b4:   beqz  v1,0xffffffffc569a1d8 vsm_dp_link_port_down+0x2f0
186 0xffffffffc569a1a0 vsm_dp_link_port_down+0x2b8:   move  a0,v0
187 0xffffffffc569a1a4 vsm_dp_link_port_down+0x2bc:   daddu v0,v0,s6
188 [0]kdb>
189 0xffffffffc569a1a8 vsm_dp_link_port_down+0x2c0:   lw    a0,8(v0)
190 0xffffffffc569a1ac vsm_dp_link_port_down+0x2c4:   lui   v0,0x3000
191 0xffffffffc569a1b0 vsm_dp_link_port_down+0x2c8:   sll   a0,a0,0x8
192 0xffffffffc569a1b4 vsm_dp_link_port_down+0x2cc:   addu  a0,a0,s0
193 0xffffffffc569a1b8 vsm_dp_link_port_down+0x2d0:   and   a0,a0,s8
194 0xffffffffc569a1bc vsm_dp_link_port_down+0x2d4:   jalr  s7
195 0xffffffffc569a1c0 vsm_dp_link_port_down+0x2d8:   or    a0,a0,v0
196 0xffffffffc569a1c4 vsm_dp_link_port_down+0x2dc:   bnez  v0,0xffffffffc569a208 vsm_dp_link_port_down+0x320
197 0xffffffffc569a1c8 vsm_dp_link_port_down+0x2e0:   ld    ra,88(sp)
198 0xffffffffc569a1cc vsm_dp_link_port_down+0x2e4:   ld    v0,27952(s4)
199 0xffffffffc569a1d0 vsm_dp_link_port_down+0x2e8:   daddu v0,v0,s5
200 0xffffffffc569a1d4 vsm_dp_link_port_down+0x2ec:   move  a0,v0
201 0xffffffffc569a1d8 vsm_dp_link_port_down+0x2f0:   addiu s0,s0,1
202 0xffffffffc569a1dc vsm_dp_link_port_down+0x2f4:   bne   s0,s3,0xffffffffc569a184 vsm_dp_link_port_down+0x29c
203 0xffffffffc569a1e0 vsm_dp_link_port_down+0x2f8:   sra   v1,s0,0x5
204 0xffffffffc569a1e4 vsm_dp_link_port_down+0x2fc:   ld    v1,0(sp)
205 [0]kdb>
206 0xffffffffc569a1e8 vsm_dp_link_port_down+0x300:   addiu v1,v1,1
207 0xffffffffc569a1ec vsm_dp_link_port_down+0x304:   sd    v1,0(sp)
208 0xffffffffc569a1f0 vsm_dp_link_port_down+0x308:   lw    v0,0(a0)
209 0xffffffffc569a1f4 vsm_dp_link_port_down+0x30c:   sltu  v0,v1,v0
210 0xffffffffc569a1f8 vsm_dp_link_port_down+0x310:   bnez  v0,0xffffffffc569a13c vsm_dp_link_port_down+0x254
211 0xffffffffc569a1fc vsm_dp_link_port_down+0x314:   ld    v0,0(sp)
212 0xffffffffc569a200 vsm_dp_link_port_down+0x318:   move  v0,zero
213 0xffffffffc569a204 vsm_dp_link_port_down+0x31c:   ld    ra,88(sp)
214 0xffffffffc569a208 vsm_dp_link_port_down+0x320:   ld    s8,80(sp)
215 0xffffffffc569a20c vsm_dp_link_port_down+0x324:   ld    s7,72(sp)
216 0xffffffffc569a210 vsm_dp_link_port_down+0x328:   ld    s6,64(sp)
217 0xffffffffc569a214 vsm_dp_link_port_down+0x32c:   ld    s5,56(sp)
218 0xffffffffc569a218 vsm_dp_link_port_down+0x330:   ld    s4,48(sp)
219 0xffffffffc569a21c vsm_dp_link_port_down+0x334:   ld    s3,40(sp)
220 0xffffffffc569a220 vsm_dp_link_port_down+0x338:   ld    s2,32(sp)
221 0xffffffffc569a224 vsm_dp_link_port_down+0x33c:   ld    s1,24(sp)
222 [0]kdb>
223 0xffffffffc569a228 vsm_dp_link_port_down+0x340:   ld    s0,16(sp)
224 0xffffffffc569a22c vsm_dp_link_port_down+0x344:   jr    ra
225 0xffffffffc569a230 vsm_dp_link_port_down+0x348:   daddiu        sp,sp,96

我们jalr v*通常是函数内调用了子函数,所以此处可以直接看一下v1寄存器中是啥值。

1 [0]kdb> ffffffffc00f7448
2 ffffffffc00f7448 = 0xffffffffc00f7448 (if_slot_is_available[conplat_net])

直接就显示了死掉的函数,有点一拳打棉花上的感觉。

 看一下死机的上下文吧。

 1 0xffffffffc569a028 vsm_dp_link_port_down+0x140:   ori   s8,s8,0xffff
 2 0xffffffffc569a02c vsm_dp_link_port_down+0x144:   daddiu        s7,s7,-31816
 3 0xffffffffc569a030 vsm_dp_link_port_down+0x148:   li    s3,256
 4 0xffffffffc569a034 vsm_dp_link_port_down+0x14c:   sd    v0,8(sp)
 5 0xffffffffc569a038 vsm_dp_link_port_down+0x150:   ld    v1,0(sp)
 6 0xffffffffc569a03c vsm_dp_link_port_down+0x154:   dsll  s6,v1,0x2
 7 0xffffffffc569a040 vsm_dp_link_port_down+0x158:   dsll  v0,v1,0x5
 8 0xffffffffc569a044 vsm_dp_link_port_down+0x15c:   daddu s6,s6,v0
 9 0xffffffffc569a048 vsm_dp_link_port_down+0x160:   ld    v1,8(sp)
10 0xffffffffc569a04c vsm_dp_link_port_down+0x164:   daddu a0,a0,s6
11 0xffffffffc569a050 vsm_dp_link_port_down+0x168:   jalr  v1
12 0xffffffffc569a054 vsm_dp_link_port_down+0x16c: lw a0,728(a0)

可见a0是第一且唯一的一个参数。且后边的a0偏移728位也是符合实际的。那么只能是因为传入参数a0是非法指针。接下来就要看一下a0到底啥值。由于前一次没有开KDB导致直接重启,死机现象不存在了,所以此时在kdb中看a0的值明显是正常的。只能等下次复现是执行下面的命令:

1 [0]kdb> md a800000268fffd38
vsm_dp_link_port_down
12-20 18:44