Write_virtual_memory function at memory_access.c failed

[u609]

Hi Sergey and mxmssh ，
Thank you for the great tool & research!

I am trying to do fuzzing of kafl_vuln_test using kAFL but I have a problem. I managed to install everything (qemu, KVM and etc.) according with the guide provided in README.md step by step including installation of vulnerable driver. （Forgive me，mxmmsh）

But I got this error :
FAIL 1 0xxxxxxx;
After debugging, I found that the problem appeared here.
write_virtual_memory function at memory_access.c

    phys_addr = cpu_get_phys_page_attrs_debug(cpu, (address & x86_64_PAGE_MASK), &attrs);

    if (phys_addr == -1){
        printf("FAIL 1 (%lx)!\n", address);
        return false;
    }

Do you have any ideas how to fix that ?

Thank you in advance!

[u609]

error:
PANIC: ffffffff846870e3
FAIL 1 (ffffffff846870e3)!
Program: abcd0000

[timnewsham]

This looks like you called the hypercall to set the panic address, and it tried to write over the panic function with the panic handler, and found that it couldn't. It might be due to passing in the wrong address from your agent.

I ran across a problem like this and found that the assembly to generate the hypercall was causing some incorrect values to be passed in the hypercall registers. In my case the fix was to reformulate the hypercall function as:

static inline uint64_t kAFL_hypercall(uint64_t rbx, uint64_t rcx){
uint64_t ret;
register uint64_t rax asm("rax") = HYPERCALL_KAFL_RAX_ID;
asm volatile ("vmcall" : "=r"(ret) : "a"(rax), "b"(rbx), "c"(rcx));
return ret;
}

You should check if that is the real panic address you intended to pass in, and verify that it is correct. If its not the address you passed in, you might need to fix your hypercall function.