Setting MSR i3 (c0000080) to 1ad40d032ceb49 Setting CR 4 to 22030d031aeb36 Setting CR 0 to ffff001ae95b0000 Canonicalized 0 to 0 Setting EFER_LMA Disabling hook cmpxchg Disabling hook rep_outs Disabling hook rep_stos Disabling hook read_io Disabling hook write_io Disabling hook write_cr Disabling hook invlpg Setting EFER_LMA Setting EFER_LMA -- State -- addr / sp size: 16 / 16 cr0: ffff001ae95b0001 cr3: 0 cr4: 22030d031aeb36 rip: 0 Setting EFER_LMA EFER: 1ad40d032cef49 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: c9 maybe_fail read: X86EMUL_OKAY read: 03 ff Emulation result: 0 Setting EFER_LMA Setting EFER_LMA -- State -- addr / sp size: 16 / 16 cr0: ffff001ae95b0001 cr3: 0 cr4: 22030d031aeb36 rip: 1 Setting EFER_LMA EFER: 1ad40d032cef49 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: f3 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 0f maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 05 Setting EFER_LMA maybe_fail write_segment: X86EMUL_OKAY maybe_fail write_segment: X86EMUL_OKAY Emulation result: 0 Setting EFER_LMA Setting EFER_LMA -- State -- addr / sp size: 64 / 64 cr0: ffff001ae95b0001 cr3: 0 cr4: 22030d031aeb36 rip: 0 Setting EFER_LMA EFER: 1ad40d032cef49 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 4c maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 4c maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 4c maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 0f maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: ac maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 30 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 03 maybe_fail read: X86EMUL_OKAY read: 4c 4c 2b 0d b6 80 18 c9 maybe_fail write: X86EMUL_OKAY Emulation result: 0 Setting EFER_LMA Setting EFER_LMA -- State -- addr / sp size: 64 / 64 cr0: ffff001ae95b0001 cr3: 0 cr4: 22030d031aeb36 rip: 7 Setting EFER_LMA EFER: 1ad40d032cef49 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: ff maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: f3 maybe_fail write: X86EMUL_OKAY Emulation result: 0 Setting EFER_LMA Setting EFER_LMA -- State -- addr / sp size: 64 / 64 cr0: ffff001ae95b0001 cr3: 0 cr4: 22030d031aeb36 rip: 9 Setting EFER_LMA EFER: 1ad40d032cef49 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 01 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 00 maybe_fail read: X86EMUL_OKAY read: 64 4c 6a 4c Emulation result: 0 Setting EFER_LMA Setting EFER_LMA -- State -- addr / sp size: 64 / 64 cr0: ffff001ae95b0001 cr3: 0 cr4: 22030d031aeb36 rip: b Setting EFER_LMA EFER: 1ad40d032cef49 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 4c maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 0f maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: 03 maybe_fail insn_fetch: X86EMUL_OKAY insn_fetch: d4 maybe_fail read: X86EMUL_OKAY read: 00 00 00 4c 37 4c 4c 77 afl-harness: fuzz-emul.c:177: int fuzz_read(enum x86_segment, unsigned long, void *, unsigned int, struct x86_emulate_ctxt *): Assertion `is_x86_system_segment(seg) && !(offset >> 16)' failed. Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff7a6e3fa in __GI_abort () at abort.c:89 #2 0x00007ffff7a65e37 in __assert_fail_base (fmt=, assertion=assertion@entry=0x443082 "is_x86_system_segment(seg) && !(offset >> 16)", file=file@entry=0x442fde "fuzz-emul.c", line=line@entry=177, function=function@entry=0x442fea "int fuzz_read(enum x86_segment, unsigned long, void *, unsigned int, struct x86_emulate_ctxt *)") at assert.c:92 #3 0x00007ffff7a65ee2 in __GI___assert_fail (assertion=0x443082 "is_x86_system_segment(seg) && !(offset >> 16)", file=0x442fde "fuzz-emul.c", line=177, function=0x442fea "int fuzz_read(enum x86_segment, unsigned long, void *, unsigned int, struct x86_emulate_ctxt *)") at assert.c:101 #4 0x0000000000403b7e in fuzz_read (seg=, offset=, p_data=0x8, bytes=4294955200, ctxt=0x0) at fuzz-emul.c:177 #5 0x0000000000441afa in protmode_load_seg (seg=, sel=, is_ret=, sreg=, ctxt=, ops=) at ./x86_emulate/x86_emulate.c:1824 #6 0x000000000041888f in x86_emulate (ctxt=, ops=) at ./x86_emulate/x86_emulate.c:5238 #7 0x000000000044240b in x86_emulate_wrapper (ctxt=0x7fffffffe320, ops=0x7fffffffd0c0) at ./x86_emulate/x86_emulate.c:7921 #8 0x00000000004028b4 in runtest (state=, ctxt=) at fuzz-emul.c:911 #9 0x0000000000402ae4 in LLVMFuzzerTestOneInput (data_p=0x6571c0 "\250\254\020\067\003\367\025\016\b", size=112) at fuzz-emul.c:949 #10 0x0000000000401418 in main (argc=, argv=) at afl-harness.c:108