Comments (7)
It seems that KF/x doesn't complete the PT decoding before AFL++ quits:
https://github.com/intel/kernel-fuzzer-for-xen-project/blob/master/src/ptcov.c#L166
I thought that this must be a timing issue, so I tried moving afl_report
before pt_decode
. Interestingly in this case AFL++ dies earlier, again by reading 0 length from the same pipe:
A modified the code further with military grade printf's to see whether afl_wait
is called at all. The answer turns out to be: sometimes o.O
Scratch that, afl_wait
runs as expected, New Years hangover reduced my vision...
from kernel-fuzzer-for-xen-project.
Moving pt_decode
before afl_report
is not a good idea - the coverage map only gets updated after pt_decode
is done, so if you signal to afl you are done then afl will take the empty/half-baked coverage map.
from kernel-fuzzer-for-xen-project.
Yeah I know, I just wanted to test if it's the decoding delay thas is causing this.
from kernel-fuzzer-for-xen-project.
I don't think I can help you much here, the read should never return 0 and as far as I can see, this should only happen when the pipe gets closed /EOF - so not timing related.
If you retry the write a few times, does it work for obscure reasons, or will the read it always return 0?
from kernel-fuzzer-for-xen-project.
Would be good to understand where the communication gets stuck. If afl_setup
worked and you get data from afl through the read
in afl_wait
then the pipe is working. Does afl get the PID back that's sent in afl_wait
? Then afl_report
will write 4 bytes (either 0 or SIGABRT) to signal its done with the data and the coverage map is ready. So is afl returning from their read
before that happens? Is there some timeout in afl that bails too early?
from kernel-fuzzer-for-xen-project.
Also, btw, usually when I see "Unable to communicate with fork server" that just means KF/x exited early. Always verify that kfx runs fine first standalone and that it doesn't report a crash. Just replace @@
with the path to one of your seeds and keep all options the same.
from kernel-fuzzer-for-xen-project.
It is a segfault in libxdc :P As I understand writes don't block the sender, so KF/x can send whatever, then by the time AFL++ tries to read the data the fork either crashed or not. It's interesting why this happens non-deterministically (sometimes libxdc can decode all traces, but during most startups it can't).
Closing this for now, thanks for your help!
from kernel-fuzzer-for-xen-project.
Related Issues (20)
- Report crash when tracing fails HOT 1
- Fail to fork xen domain when running on AMD processor HOT 12
- [FAQ request] How my target runs exactly? What rules are there for harnessing? HOT 3
- Scaling HOT 7
- PT initialization fails when mapping PT buffer HOT 26
- Paging mode not set during harness setup HOT 3
- Saving and restoring setup state: Device model spawn failed HOT 5
- Performance monitoring HOT 2
- Network setting problem HOT 2
- Unable to request new process from fork server (OOM?) HOT 3
- Error installing debian iso HOT 2
- When installing debian every time I am unable to connect to a network mirror and access wifi from within the vm HOT 22
- Too early input file read HOT 1
- Handling 0 length inputs (and/or improve IPC) HOT 2
- Error building Xen HOT 2
- Reopen file for new input HOT 2
- VM Network issue HOT 1
- VM network settings failed HOT 6
- Unable to request new process from fork server (OOM?) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kernel-fuzzer-for-xen-project.