managarm
managarm copied to clipboard
managarm
Unhandled page fault when running the MiniBrowser
When running the MiniBrowser, I run into a SMAP violation. If I comment out the SMAP enable code, I can reproduce the page fault, albeit later.
Backtrace:
(gdb) bt
#0 thor::panic () at ../../../src/managarm/kernel/thor/generic/debug.cpp:149
#1 thor::PanicSink::operator() (this=<optimized out>, msg=<optimized out>) at ../../../src/managarm/kernel/thor/generic/debug.cpp:190
#2 0xffffffff800723d3 in frg::stack_buffer_logger<thor::PanicSink, 128ul>::_emit (this=0xffffffff80164960 <thor::pioLogHandler>, this@entry=0xffffe00008b0f8a0,
message=0xffffe00008b0f8a0 "\033[31mthor: SMAP fault.\033[39m") at ../../../src/managarm/subprojects/frigg/include/frg/logging.hpp:92
#3 frg::stack_buffer_logger<thor::PanicSink, 128ul>::item::operator<< (this=0xffffe00008b0f898) at ../../../src/managarm/subprojects/frigg/include/frg/logging.hpp:44
#4 thor::handlePageFault (image=..., address=address@entry=160, errorCode=<optimized out>) at ../../../src/managarm/kernel/thor/generic/main.cpp:379
#5 0xffffffff8010eaae in onPlatformFault (image=..., number=<optimized out>) at ../../../src/managarm/kernel/thor/arch/x86/ints.cpp:351
#6 0xffffffff80000518 in faultStubPage () at ../../../src/managarm/kernel/thor/arch/x86/stubs.S:200
#7 0x00000000000000a0 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Further investigation shows it's not a SMAP fault. We do have some more info, and a new backtrace
(gdb) bt
#0 thor::panic () at ../../../src/managarm/kernel/thor/generic/debug.cpp:149
#1 thor::PanicSink::operator() (this=<optimized out>, msg=<optimized out>) at ../../../src/managarm/kernel/thor/generic/debug.cpp:190
#2 0xffffffff80071ddf in frg::stack_buffer_logger<thor::PanicSink, 128ul>::_emit (this=0xffffffff8015d950 <thor::pioLogHandler>, this@entry=0xffffffffffffffff,
message=0xffffe000169008a8 "\033[31mthor: Page fault in kernel, at 0xffffffff8015dd18, faulting ip: 0xffffffff8015dd18") at ../../../src/managarm/subprojects/frigg/include/frg/logging.hpp:92
#3 frg::stack_buffer_logger<thor::PanicSink, 128ul>::item::operator<< (this=0xffffe000169008a0) at ../../../src/managarm/subprojects/frigg/include/frg/logging.hpp:44
#4 thor::handlePageFault (image=..., address=<optimized out>, address@entry=18446744071563500824, errorCode=<optimized out>) at ../../../src/managarm/kernel/thor/generic/main.cpp:412
#5 0xffffffff8010875e in onPlatformFault (image=..., number=14) at ../../../src/managarm/kernel/thor/arch/x86/ints.cpp:351
#6 0xffffffff80000518 in faultStubPage () at ../../../src/managarm/kernel/thor/arch/x86/stubs.S:200
#7 0xffffffff8015dd18 in ?? ()
#8 0xffffe00018980000 in ?? ()
#9 0xffffe00016900b90 in ?? ()
#10 0xffffffff8001134f in frg::unique_lock<thor::IrqSpinlock>::lock (this=<optimized out>) at ../../../src/managarm/subprojects/frigg/include/frg/mutex.hpp:57
#11 frg::unique_lock<thor::IrqSpinlock>::unique_lock (mutex=..., this=<optimized out>) at ../../../src/managarm/subprojects/frigg/include/frg/mutex.hpp:35
#12 frg::slab_pool<thor::KernelVirtualAlloc, thor::IrqSpinlock>::free_in_slab_ (this=0x1, slb=0x246, p=0xffffe00016900ce0) at ../../../src/managarm/subprojects/frigg/include/frg/slab.hpp:328
Backtrace stopped: Cannot access memory at address 0xa8
(gdb)
E9 error
thor: Unhandled page fault at 0xffffffff8015dd18, faulting ip: 0xffffffff8015dd18
thor: Page fault at 0xffffffff8015dd18, faulting ip: 0xffffffff8015dd18
Errors: (Supervisor) (Access violation) (Instruction fetch)
thor: Page fault in kernel, at 0xffffffff8015dd18, faulting ip: 0xffffffff8015dd18
objdump -dS
ffffffff80070723: c6 05 e7 d5 0e 00 01 movb $0x1,0xed5e7(%rip) # ffffffff8015dd11 <_ZN4thor18kernelVirtualAllocE+0x1>
infoLogger() << "thor: Number of available pages: "
<< physicalAllocator->numFreePages() << frg::endlog;
kernelVirtualAlloc.initialize();
kernelHeap.initialize(*kernelVirtualAlloc);
ffffffff8007072a: 48 c7 c7 18 dd 15 80 mov $0xffffffff8015dd18,%rdi
ffffffff80070731: 48 c7 c6 10 dd 15 80 mov $0xffffffff8015dd10,%rsi
ffffffff80070738: e8 73 4b 00 00 call ffffffff800752b0 <_ZN3frg10manual_boxINS_9slab_poolIN4thor18KernelVirtualAllocENS2_11IrqSpinlockEEEE10initializeIJRS3_EEEvDpOT_>
FRG_ASSERT(_initialized);
ffffffff8007073d: 80 3d 8c d7 0e 00 00 cmpb $0x0,0xed78c(%rip) # ffffffff8015ded0 <_ZN4thor10kernelHeapE+0x1b8>
ffffffff80070744: 0f 84 ae fe ff ff je ffffffff800705f8 <thorInitialize+0x338>
FRG_ASSERT(!_initialized);
ffffffff8007074a: 80 3d 8f d7 0e 00 00 cmpb $0x0,0xed78f(%rip) # ffffffff8015dee0 <_ZN4thor11kernelAllocE+0x8>
ffffffff80070751: 0f 85 e7 00 00 00 jne ffffffff8007083e <thorInitialize+0x57e>
: pool_{pool} { }
ffffffff80070757: 48 c7 05 76 d7 0e 00 movq $0xffffffff8015dd18,0xed776(%rip) # ffffffff8015ded8 <_ZN4thor11kernelAllocE>
ffffffff8007075e: 18 dd 15 80
_initialized = true;
With KASAN enabled, we get
Fault #8, with IF=0, cs: 0x20, ip: 0xffffffff8013aca7
Error code: 0x0, SS: 0x38, RSP: 0xffffffffffffffd9
Backtrace:
(gdb) bt
#0 thor::panic () at ../../../src/managarm/kernel/thor/generic/debug.cpp:149
#1 thor::PanicSink::operator() (this=<optimized out>, msg=<optimized out>) at ../../../src/managarm/kernel/thor/generic/debug.cpp:190
#2 0xffffffff80427943 in frg::stack_buffer_logger<thor::PanicSink, 128ul>::_emit (this=0xffffffff80528bb0 <thor::pioLogHandler>, message=0xa <error: Cannot access memory at address 0xa>)
at ../../../src/managarm/subprojects/frigg/include/frg/logging.hpp:92
#3 frg::stack_buffer_logger<thor::PanicSink, 128ul>::item::operator<< (this=<optimized out>) at ../../../src/managarm/subprojects/frigg/include/frg/logging.hpp:44
#4 onPlatformFault (image=..., number=8) at ../../../src/managarm/kernel/thor/arch/x86/ints.cpp:333
#5 0xffffffff800002dc in faultStubDouble () at ../../../src/managarm/kernel/thor/arch/x86/stubs.S:194
#6 0xffffffff8013aca7 in thor::IrqObject::raise (this=<optimized out>) at ../../../src/managarm/kernel/thor/generic/irq.cpp:484
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)
Which is interesting, as irq.cpp:484 is this line.
Running with SMAP and SMEP disabled, -smp 1 on the command line.