I tried to get Tartiflette running on three different machines, but every time the instance crashes with the following assertion error:
spawning on cores: [1]
child spawned and bound to core 1
I am broker!!.
231443 PostFork
Connected to port 1337
[/root/.cargo/registry/src/github.com-1ecc6299db9ec823/libafl-0.6.1/src/bolts/llmp.rs:2196] "New connection" = "New connection"
[/root/.cargo/registry/src/github.com-1ecc6299db9ec823/libafl-0.6.1/src/bolts/llmp.rs:2196] addr = 127.0.0.1:38916
[/root/.cargo/registry/src/github.com-1ecc6299db9ec823/libafl-0.6.1/src/bolts/llmp.rs:2196] stream.peer_addr().unwrap() = 127.0.0.1:38916
Setting core affinity to CoreId { id: 1 }
[/root/.cargo/registry/src/github.com-1ecc6299db9ec823/libafl-0.6.1/src/events/llmp.rs:834] "Spawning next client (id {})" = "Spawning next client (id {})"
[/root/.cargo/registry/src/github.com-1ecc6299db9ec823/libafl-0.6.1/src/events/llmp.rs:834] ctr = 0
Awaiting safe_to_unmap_blocking
We're a client, let's fuzz :)
First run. Let's set it all up
Added 758 coverage breakpoints
Loading file "./data/corpus/pepeclown.gif" ...
thread 'main' panicked at 'assertion failed: `(left == right)`
left: `0`,
right: `2`: Invalid number of msrs returned', /root/Tartiflette/vm/src/vm.rs:707:13
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread 'main' panicked at 'Fuzzer-respawner: Storing state in crashed fuzzer instance did not work, no point to spawn the next client! (Child exited with: 25856)', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/libafl-0.6.1/src/events/llmp.rs:867:21
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
In order to build the vm module successfully, I updated the kvm-bindings module to 0.6.0 and used the fam-wrappers module:
kvm-bindings = { version = "0.6.0", features = ["fam-wrappers"]}
Debugging
To debug the issue, I tried two things so far:
Query other MSRs (0x40000104 and 0x40000105) . Those can be retrieved successfully
Use the get_msr_index_list api to retrieve the supported MSRs. Those don't include IA32_FS_BASE and IA32_GS_BASE (0xC0000100 and 0xC0000101). The full list can be found below.
Bug
I tried to get Tartiflette running on three different machines, but every time the instance crashes with the following assertion error:
In order to build the
vmmodule successfully, I updated thekvm-bindingsmodule to0.6.0and used thefam-wrappersmodule:Debugging
To debug the issue, I tried two things so far:
0x40000104and0x40000105) . Those can be retrieved successfullyIA32_FS_BASEandIA32_GS_BASE(0xC0000100and0xC0000101). The full list can be found below.Returned MSRs from get_msr_index_list
``` mem_allocator: [ kvm_msr_list { nmsrs: 0x5a, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x174, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x175, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x176, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0000081, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0000083, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0000102, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0000084, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0000082, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x10, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x277, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010117, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0000103, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x48, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc1, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc2, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x186, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x187, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010000, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010001, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010002, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010003, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010004, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010005, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010006, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010007, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010200, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010202, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010204, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010206, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010208, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc001020a, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010201, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010203, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010205, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010207, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010209, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc001020b, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x12, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x11, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d01, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d00, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000000, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000001, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000020, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000021, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000022, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000023, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000100, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000101, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000102, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000103, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000104, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000105, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000003, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000002, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000010, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000080, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x400000b0, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000073, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000106, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000107, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x40000108, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x400000ff, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x400000f1, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x400000f2, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x400000f3, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x400000f4, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x400000f5, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d02, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d03, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d04, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d06, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d07, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x3b, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x6e0, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x10a, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x345, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x1a0, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x17a, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x17b, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x9e, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x34, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xce, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x140, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc001011f, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0000104, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x1fc, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x8b, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0xc0010015, indices: __IncompleteArrayField, }, kvm_msr_list { nmsrs: 0x4b564d05, indices: __IncompleteArrayField, } ```Repro
kvm-bindingsmodule to0.6.0and includefam-wrappersfeature (see above)cargo runinfuzzers/giflibSystem information
Any idea how to resolve this?