search

0xFireWolf / RealtekCardReaderFriend

A Lilu plugin that makes System Information recognize your Realtek card reader as a native one
BSD 3-Clause "New" or "Revised" License
77 stars 12 forks source link

Kernel panic on 10.15.7 #6

Closed Goshin closed 2 years ago

Goshin commented 2 years ago

Hi, I get a kernel panic on booting up, with Lilu 1.5.8 and RealtekCardReaderFriend 1.0.2/master.

panic(cpu 4 caller 0xffffff800a448baa): Kernel trap at 0xffffff800a8b8796, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0xfffffa4a652c6820, CR3: 0x000000028ed23002, CR4: 0x00000000003626e0
RAX: 0x0000000000000000, RBX: 0xffffff802bce6600, RCX: 0xfffffeb28e5b8000, RDX: 0x0000000000002000
RSP: 0xffffff81f746b118, RBP: 0xffffff81f746b120, RSI: 0xffffff802bbe6820, RDI: 0xffffff802bce6600
R8:  0x0000000000001000, R9:  0xffffff81f746b5b4, R10: 0x0000000000000000, R11: 0xffffff81f746b848
R12: 0x0000000000001000, R13: 0x0000000000002000, R14: 0x0000000000001000, R15: 0xfffffeb28e5b8000
RFL: 0x0000000000010246, RIP: 0xffffff800a8b8796, CS:  0x0000000000000008, SS:  0x0000000000000000
Fault CR2: 0xfffffa4a652c6820, Error code: 0x0000000000000002, Fault CPU: 0x4, PL: 0, VF: 1

Backtrace (CPU 4), Frame : Return Address
0xffffff81f746ab70 : 0xffffff800a31c50d mach_kernel : _handle_debugger_trap + 0x49d
0xffffff81f746abc0 : 0xffffff800a456c75 mach_kernel : _kdp_i386_trap + 0x155
0xffffff81f746ac00 : 0xffffff800a4487fe mach_kernel : _kernel_trap + 0x4ee
0xffffff81f746ac50 : 0xffffff800a2c2a40 mach_kernel : _return_from_trap + 0xe0
0xffffff81f746ac70 : 0xffffff800a31bbd7 mach_kernel : _DebuggerTrapWithState + 0x17
0xffffff81f746ad70 : 0xffffff800a31bfc7 mach_kernel : _panic_trap_to_debugger + 0x227
0xffffff81f746adc0 : 0xffffff800aac0e4c mach_kernel : _panic + 0x54
0xffffff81f746ae30 : 0xffffff800a448baa mach_kernel : _sync_iss_to_iks + 0x2aa
0xffffff81f746afb0 : 0xffffff800a4488a8 mach_kernel : _kernel_trap + 0x598
0xffffff81f746b000 : 0xffffff800a2c2a40 mach_kernel : _return_from_trap + 0xe0
0xffffff81f746b020 : 0xffffff800a8b8796 mach_kernel : _cs_validate_range + 0x6
0xffffff81f746b120 : 0xffffff7f8e7f95f4 science.firewolf.rtsf : __ZL19wrapCSValidateRangeP5vnodeP8ipc_portyPKvmPj + 0x72
0xffffff81f746b570 : 0xffffff7f8e34d056 as.vit9696.Lilu : __ZN11UserPatcher14injectRestrictEP8ipc_port + 0x526
0xffffff81f746b5a0 : 0xffffff800a3a98a5 mach_kernel : _vm_page_validate_cs_mapped_slow + 0x85
0xffffff81f746b5c0 : 0xffffff800a3a9743 mach_kernel : _vm_page_validate_cs + 0x103
0xffffff81f746b5f0 : 0xffffff800a3a852f mach_kernel : _vm_fault_enter + 0x2ef
0xffffff81f746b740 : 0xffffff800a3ab664 mach_kernel : _vm_pre_fault + 0x1d84
0xffffff81f746b9a0 : 0xffffff800a85f368 mach_kernel : _kctl_fill_socketinfo + 0x2828
0xffffff81f746bd70 : 0xffffff800a86568e mach_kernel : _posix_spawn + 0x3efe
0xffffff81f746bdf0 : 0xffffff800a866822 mach_kernel : ___mac_execve + 0x372
0xffffff81f746be90 : 0xffffff800a866dbb mach_kernel : _load_init_program + 0x1db
0xffffff81f746bf00 : 0xffffff800a82badd mach_kernel : _bsdinit_task + 0x6d
0xffffff81f746bf20 : 0xffffff800a313e59 mach_kernel : _ast_taken_user + 0x119
0xffffff81f746bf60 : 0xffffff800a2c2a0c mach_kernel : _return_from_trap + 0xac
      Kernel Extensions in backtrace:
         as.vit9696.Lilu(1.5.8)[3E44E561-C07C-31E8-B2D7-0F31B5266E45]@0xffffff7f8e33b000->0xffffff7f8e365fff
         science.firewolf.rtsf(1.0.2)[BFE35DFB-310C-37F1-9032-3548D1004C7D]@0xffffff7f8e7f8000->0xffffff7f8e800fff
            dependency: as.vit9696.Lilu(1.5.8)[3E44E561-C07C-31E8-B2D7-0F31B5266E45]@0xffffff7f8e33b000

BSD process name corresponding to current thread: init
Boot args: -v keepsyms=1 debug=0x100 darkwake=0 ps2rst=0 brcmfx-country=#a igfxfw=2

Mac OS version:
Not yet set

Kernel version:
Darwin Kernel Version 19.6.0: Tue Oct 12 18:34:05 PDT 2021; root:xnu-6153.141.43~1/RELEASE_X86_64
Kernel UUID: 4B98EE82-CC78-38C9-949B-100413F93A04
Kernel slide:     0x000000000a000000
Kernel text base: 0xffffff800a200000
__HIB  text base: 0xffffff800a100000
System model name: MacBookPro15,3 (Mac-1E7E29AD0135F9BC)
System shutdown begun: NO
Panic diags file available: NO (0xe00002d8)

System uptime in nanoseconds: 4687527954

I tried it several times, one of which stated it is a double fault issue.

Seems like the panic happens when invoking the original _cs_validate_range function according to the backtrace above, and I also verified that by commenting out the other parts in wrapCSValidateRange().

https://github.com/0xFireWolf/RealtekCardReaderFriend/blob/7f6639a64194a723651aad2fdfd09c1181f519c1/RealtekCardReaderFriend/RealtekCardReaderFriend.cpp#L147

0xFireWolf commented 2 years ago

Can you test if you encounter a kernel panic with Lilu 1.5.8 and the latest FeatureUnlock installed on macOS Catalina 10.15.7? Please make sure that you have RealtekCardReaderFriend disabled when you test the above kext combination. Should you notice a kernel panic, please file a bug report to Acidanthera/Lilu.

Goshin commented 2 years ago

Fixed in Lilu 1.5.9.