double fault during log(LOG_DEBUG)

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Robin Haberkorn <robin.haberkorn_at_googlemail.com>
Date: Sun, 03 Nov 2024 14:56:31 UTC
Hello,

while I am waiting for my reviews.freebsd.org account to be approved, I 
would like understand a particular crash that I observed while hacking a 
kernel driver:

#33 0xffffffff810346be in panic (fmt=0xffffffff81a69212 "double fault")
     at /usr/src/sys/kern/kern_shutdown.c:891
#34 0xffffffff81819ae2 in dblfault_handler (frame=0xfffffe001ea4ff30)
     at /usr/src/sys/amd64/amd64/trap.c:1012
#35 <signal handler called>
#36 0xffffffff810bb574 in kvprintf (fmt=0xffffffff8197a48b ">", func=0x0,
     arg=0xfffffe00f8029440, radix=10, ap=0xfffffe00f8029370)
     at /usr/src/sys/kern/subr_prf.c:907
#37 0xffffffff810bc728 in sprintf (buf=0xfffffe00f8029440 "<",
     cfmt=0xffffffff8197a488 "<%d>") at /usr/src/sys/kern/subr_prf.c:526
#38 0xffffffff810b4409 in msgbuf_addstr (mbp=0xfffff804417fffb8, pri=7,
     str=0xfffffe00f8029a00 "Unhandled devclass: drm\n", filter_cr=1)
     at /usr/src/sys/kern/subr_msgbuf.c:205
#39 0xffffffff810bc65b in msglogstr (
     str=0xfffffe00f8029a00 "Unhandled devclass: drm\n", pri=7, filter_cr=1)
     at /usr/src/sys/kern/subr_prf.c:1029
#40 0xffffffff810bd152 in prf_putbuf (
     bufr=0xfffffe00f8029a00 "Unhandled devclass: drm\n", flags=5, pri=7)
     at /usr/src/sys/kern/subr_prf.c:442
#41 0xffffffff810bd300 in putbuf (c=10, ap=0xfffffe00f80299b8)
     at /usr/src/sys/kern/subr_prf.c:470
#42 0xffffffff810bbe7d in putchar (c=10, arg=0xfffffe00f80299b8)
     at /usr/src/sys/kern/subr_prf.c:513
#43 0xffffffff810b9cf6 in kvprintf (fmt=0xffffffff8492e0ac "",
     func=0xffffffff810bbdd0 <putchar>, arg=0xfffffe00f80299b8, radix=10,
     ap=0xfffffe00f8029b00) at /usr/src/sys/kern/subr_prf.c:688
#44 0xffffffff810bc405 in _vprintf (level=7, flags=5,
     fmt=0xffffffff8492e095 "Unhandled devclass: %s\n", ap=0xfffffe00f8029b00)
     at /usr/src/sys/kern/subr_prf.c:295
#45 0xffffffff810bc331 in vlog (level=7,
     fmt=0xffffffff8492e095 "Unhandled devclass: %s\n", ap=0xfffffe00f8029b00)
     at /usr/src/sys/kern/subr_prf.c:326
#46 0xffffffff810b953d in log (level=7,
     fmt=0xffffffff8492e095 "Unhandled devclass: %s\n")
     at /usr/src/sys/kern/subr_prf.c:318
#47 0xffffffff8492a5ca in linsysfs_run_bus (dev=0xfffff8001542cc00,
     dir=0xfffff800159f6900, scsi=0xfffff8000d289b00,
     chardev=0xfffff8000d27d800, drm=0xfffff8000d289800,
     path=0xfffff80015a05000 "/pci0000:00/0000:00:02.0",
     prefix=0xffffffff8492e31a "0000")
     at /usr/src/sys/compat/linsysfs/linsysfs.c:540

The "double fault" is reliably caused by the log(LOG_DEBUG) call (frame #46).
Once I commented it out, it was gone.
Interestingly, I couldn't provoke this bug in my VirtualBox, but only when I tried
to test it on my main installation. I don't have a "drm" device in VirtualBox, though.
The string "drm", it tries to log, comes from devclass_get_name(). I suppose this
string has static lifetime - it shouldn't be possible to become invalid.
And in fact, the double fault is obviously caused long after the string 
has been read.

Best regards,
Robin