TNT decoder returned: decoder_error

[M3noetius]

The fuzzer is working and reports coverage and finds the bug from the windows kernel example.

When I perform fuzz cov I receive the following error coming from [here]

My system has a i7-1360P and I do not know if intel has done some updates on the instructions or in general they have start using know an unknown or somewhat not used "pt-instruction" more?

Is it possible to give me a hint on what might be the fault, so I can look for it ? The error is 90% coming from libxdc ? Should I check how Intel-PT works ?

Thank you !

Also check this commits from libipt [here][here]

0xfffff803444d0000	0xfffff803444d7000	\??\C:\Users\vagrant\Desktop\src\kafl_vulnerable_driver\x64\Debug\kAFL vulnerable driver\kAFLvulnerabledriver.sys
                                                                                                                                   herecess-1:   0%|                                                                                              | 0/6 [00:00<?, ?it/s]

Processing payload_00001..
/home/user/kAFL/kafl/qemu/nyx/auxiliary_buffer.c:175:9: runtime error: load of misaligned address 0x7fb488601182 for type 'volatile uint32_t', which requires 4 byte alignment
0x7fb488601182: note: pointer points here
 00 00  01 04 00 00 00 00 00 01  01 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00
              ^ 
ptdump of payload_00001 failed with return code 1. Output:

ERR: 	TNT 11 at position <0xfffff803444d1574,0xfffff8033a02a6b5>
[*] decoder returned: decoder_error
[*] page fault addr:   	0x0


Processing payload_00002..
ptdump of payload_00002 failed with return code 1. Output:

ERR: 	TNT 12 at position <0xfffff803444d1574,0xfffff8033a02a6b5>
[*] decoder returned: decoder_error
[*] page fault addr:   	0x0


Processing payload_00003..
ptdump of payload_00003 failed with return code 1. Output:

ERR: 	TNT 12 at position <0xfffff803444d1574,0xfffff8033a02a6b5>
[*] decoder returned: decoder_error
[*] page fault addr:   	0x0


Processing payload_00004..
ptdump of payload_00004 failed with return code 1. Output:

ERR: 	TNT 9 at position <0xfffff803444d1574,0xfffff8033a02a6b5>
[*] decoder returned: decoder_error
[*] page fault addr:   	0x0


Processing payload_00005..
ptdump of payload_00005 failed with return code 1. Output:

ERR: 	TNT 13 at position <0xfffff803444d1574,0xfffff8033a02a6b5>
[*] decoder returned: decoder_error
[*] page fault addr:   	0x0


Processing payload_00006..
ptdump of payload_00006 failed with return code 1. Output:

ERR: 	TNT 14 at position <0xfffff803444d1574,0xfffff8033a02a6b5>
[*] decoder returned: decoder_error
[*] page fault addr:   	0x0

/home/user/kAFL/kafl/qemu/x86_64-softmmu/qemu-system-x86_64
	-enable-kvm
	-machine kAFL64-v1
	-cpu kAFL64-Hypervisor-v1,+vmx
	-no-reboot
	-net none
	-display none
	-chardev socket,server,id=nyx_socket,path=/dev/shm/kafl_user_Process-1/interface_1337
	-device nyx,chardev=nyx_socket,workdir=/dev/shm/kafl_user_Process-1,worker_id=1337,bitmap_size=65536,input_buffer_size=131072,dump_pt_trace,ip0_a=0xfffff8006dc20000,ip0_b=0xfffff8006dc27000
	-device isa-serial,chardev=kafl_serial
	-chardev file,id=kafl_serial,mux=on,path=/dev/shm/kafl_user_Process-1/serial_1337.log
	-m 4096
	-drive file=/home/user/.local/share/libvirt/images/windows_x86_64_vagrant-kafl-windows.img
	-monitor unix:/tmp/monitor.sock,server,nowait
	-fast_vm_reload path=/dev/shm/kafl_user_Process-1/snapshot/,load=off

[M3noetius]

Of course now I see that when I run kafl cov an new instance of qemu is running and the driver is getting loaded on another memory region so thats why i guess the error occurs.

[Wenzel]

Hi @M3noetius,

yes, when you run kafl cov, you should specify the --resume paramter, to start from the same kAFL snapshot that was using during the fuzzing campaign.

This isn't well documented at this point, but i'm working on a new Linux kernel tutorial that will better explain these concepts.

Tell me if your issue is solved.