Translation of GVA 0x1cdbb0e2000 failed
hardik05 opened this issue · comments
I created a simple fuzzer and used a program here:https://github.com/hardik05/Damn_Vulnerable_C_Program
while this works fine for few seconds, i get following error :
Translation of GVA 0x1cdbb0e2000 failed
- I have taken snapshot with 4gb of ram and 1 processor on hyper-v using bdump.js
- page file is disabled on the guest vm and i have also used lockmem for the exe to avoid any paging issues.
here is the server output:
F:\snapshotfuzzing\wtf\targets\test_wtf>..\..\bin\wtf.exe master --max_len=1000000 --runs=10000000 --target . --name test_wtf
Seeded with 7356353582325302432
Iterating through the corpus..
Sorting through the 1 entries..
Running server on tcp://localhost:31337..
#0 cov: 0 (+0) corp: 0 (0.0b) exec/s: 0.0 (0 nodes) lastcov: 23.0s crash: 0 timeout: 0 cr3: 0 uptime: 23.0s
#0 cov: 0 (+0) corp: 0 (0.0b) exec/s: 9223372036854.8m (1 nodes) lastcov: 23.0s crash: 0 timeout: 0 cr3: 0 uptime: 23.0s
Saving output in .\outputs\04d38663dfd23fec845cf44e6316dbf5
Saving output in .\outputs\cr3-ec01551ff146a5b180433595a4535861
Saving output in .\outputs\652bb9957ec3084be8a40c04461e99b8
Saving output in .\outputs\crash-18b40315a975bcb6be8dc1a2cb4e3af0
Saving output in .\outputs\crash-273660dd2e546cfc0acdfdaf5fcc6bec
Saving output in .\outputs\crash-328ea8a4429f7cf931acac7fc5c7e8d3
Saving output in .\outputs\crash-7134ff62ecbbf6a8f63ccaf654adb8e4
Saving output in .\outputs\cr3-36512c40f885fddb48cd792e7c11ae3f
Saving output in .\outputs\cr3-899b611f98d6e3d0a25f5c2dc88fd1dd
Could not receive size (-1)
Receive failed
#42 cov: 31693 (+31693) corp: 10 (324.0b) exec/s: 21.0 (0 nodes) lastcov: 1.0s crash: 21 timeout: 0 cr3: 13 uptime: 25.0s
here is the client output:
F:\snapshotfuzzing\wtf\targets\test_wtf>..\..\bin\wtf.exe fuzz --backend=bochscpu --name test_wtf --limit 10000000
Initializing the debugger instance.. (this takes a bit of time)
Setting debug register status to zero.
Setting debug register status to zero.
Could not set a breakpoint at hal!HalpPerfInterrupt.
Failed to set breakpoint on HalpPerfInterrupt, but ignoring..
Dialing to tcp://localhost:31337/..
Test WTF : ProcessImage finish
Test WTF : ProcessImage finish
Test WTF : ProcessImage finish
Test WTF : ProcessImage finish
Test WTF : ProcessImage finish
Test WTF : ProcessImage finish
Test WTF : ProcessImage finish
Test WTF : ProcessImage finish
Translation of GVA 0x1cdbb0e2000 failed
This ProcessImage is getting executed random times, some i get this GVA error after 2 iteration sometime it works for like 10-20 times.. i am not sure what is the issue, i tred taking snapshot couple of times but no luck..
i can share snapshot+harness+compiled wtf if needed in DM if that helps?
Thank you for the detailed report! This error means that your fuzzing module is trying to access memory that isn't accessible in the dump file; so either there's something buggy about the logic you have in there (when inserting the testcase, etc.) or the logic is right but you are trying to access a page that isn't included in the dump for another reason.
The fuzzer module source-code & state folder would be enough for me to reproduce / debug this the fastest yes :)
Cheers
I have sorted this out. basically program had 1024 bytes of buffer while on running server I was giving max length as 100000(i just copy pasted server.bat from other example so missed this)
after I corrected server.bat this is working fine.
Thank you so much for responding..
not a bug.
Hehe cool, so you were overflowing your buffer :) and no worries.
Cheers