References in the paper include such positions:

https://syzkaller.appspot.com/bug?id=2389bfc4b1c4ea3969629ed19bef0b3b2ec741f2/

which lead to a 404.
I suppose that the finishing slash should have been omitted.

I am trying to fuzz with Syzscope. But I am encountering :

Failed to get detail of a case https://syzkaller.appspot.com/bug?id=e98d2e8aa7283d11aa8e0b718d8afa1a058e6ae0
Failed to get detail of a case https://syzkaller.appspot.com/bug?id=ff42415ad0066959950f184d479c5c9e9f033e9e
Failed to get detail of a case https://syzkaller.appspot.com/bug?id=ff39495cd7e7333b7fa2c150e33e52df49ea0377
Failed to get detail of a case https://syzkaller.appspot.com/bug?id=fdcd1733bbe482196c0e15d4b42a25fe941046d0

There are a lot more. I am behind a proxy, I have set the http and https proxy path. I do see some completed test cases in the work directory.

Hi， I have used the image-ready2go, but when running the example, there will always be a requests.exceptions.ConnectionError error. I have investigated DNS, firewall, and network issues, but the problem remains unresolved.
docker pull etenal/syzscope:ready2go
docker run -it -d --name syzscope -p 2222:22 --privileged etenal/syzscope:ready2go
docker attach syzscope
cd /root/SyzScope
git pull

root@a9155f7a0272:~/SyzScope# python3 syzscope -i f99edaeec58ad40380ed5813d89e205861be2896
[+] Building image
[+] Building gcc and clang
[+] Building llvm
[+] Build static analysis tool
[+] Download pwndbg
[+] Setup golang environment
[+] Setup syzkaller
[+] Clean unfinished jobs
rm: cannot remove 'linux-/.git/index.lock': No such file or directory
Removing index.lock
rm: cannot remove 'linux-/THIS_KERNEL_IS_BEING_USED': No such file or directory
All set
[] hash: f99edaeec58ad40380ed5813d89e205861be2896
[] url: https://syzkaller.appspot.com/upstream/fixed
[] max: 9999
[] key: ['']
[] deduplicate: []
[] alert: ['']
root : root kvm
KVM is ready to go
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 160, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 677, in urlopen
chunked=chunked,
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 976, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 308, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 172, in _new_conn
self, "Failed to establish a new connection: %s" % e
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7efd6f2f84e0>: Failed to establish a new connection: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 725, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='syzkaller.appspot.com', port=443): Max retries exceeded with url: /bug?id=f99edaeec58ad40380ed5813d89e205861be2896 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7efd6f2f84e0>: Failed to establish a new connection: [Errno 111] Connection refused',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
"main", mod_spec)
File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "syzscope/main.py", line 305, in
crawler.run_one_case(args.input)
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 85, in run_one_case
if self.retreive_case(hash) == -1:
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 122, in retreive_case
detail = self.request_detail(hash)
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 215, in request_detail
tables = self.__get_table(url)
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 278, in __get_table
req = requests.request(method='GET', url=url)
File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='syzkaller.appspot.com', port=443): Max retries exceeded with url: /bug?id=f99edaeec58ad40380ed5813d89e205861be2896 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7efd6f2f84e0>: Failed to establish a new connection: [Errno 111] Connection refused',))
root@a9155f7a0272:~/SyzScope#

The kernel version in the current container is 5.10
Can syzscope fuzz on other kernel versions？
If possible，besides using other versions of the Linux kernel to build the runtime environment, what other code or configurations should be changed?
Thanks！

Hi, Is there any Detailed Bug Report List available please, I did not find them in the repo.

 root@779e7d7baa0b:~/SyzScope# python3 syzscope -i f99edaeec58ad40380ed5813d89e205861be2896 -KF
[+] Building image
[+] Building gcc and clang
[+] Building llvm
[+] Build static analysis tool
[+] Download pwndbg
[+] Setup golang environment
[+] Setup syzkaller
[+] Clean unfinished jobs
rm: cannot remove 'linux-*/.git/index.lock': No such file or directory
Removing index.lock
rm: cannot remove 'linux-*/THIS_KERNEL_IS_BEING_USED': No such file or directory
All set
[*] hash: f99edaeec58ad40380ed5813d89e205861be2896
[*] url: https://syzkaller.appspot.com/upstream/fixed
[*] max: 9999
[*] key: ['']
[*] deduplicate: []
[*] alert: ['']
root : root kvm
KVM is ready to go
Thread 0: run case f99edaeec58ad40380ed5813d89e205861be2896 [0/1] left
2023-10-07 06:10:52,378 Thread 0: run: scripts/linux-clone.sh 0 linux
running linux-clone.sh
2023-10-07 06:10:52,382 Thread 0: f99edae f99edaeec58ad40380ed5813d89e205861be2896
2023-10-07 06:10:53,236 Thread 0: f99edae Found duplicated case in /root/SyzScope/work/error/f99edae
2023-10-07 06:10:53,237 Thread 0: f99edae run: scripts/deploy.sh
2023-10-07 06:10:55,810 Thread 0: f99edae script/deploy.sh is done with exitcode 2
2023-10-07 06:10:55,811 Thread 0: f99edae Error occur in deploy.sh
2023-10-07 06:10:55,811 Thread 0: f99edae case f99edaeec58ad40380ed5813d89e205861be2896 encounter an error. See log for details.
2023-10-07 06:10:55,811 Thread 0: f99edae Copy to error
Thread 0 exit->

root@779e7d7baa0b:~/SyzScope# tail -f -n 10 work/error/f99edae/log
2023-10-07 06:10:55,794 [0] b'If you want to create a new branch to retain commits you create, you may\n'
2023-10-07 06:10:55,794 [0] b'do so (now or later) by using -b with the checkout command again. Example:\n'
2023-10-07 06:10:55,794 [0] b'\n'
2023-10-07 06:10:55,794 [0] b'  git checkout -b <new-branch-name>\n'
2023-10-07 06:10:55,794 [0] b'\n'
2023-10-07 06:10:55,794 [0] b'HEAD is now at 9b1f3e665 prog: control program length\n'
2023-10-07 06:10:55,797 [0] b'+ make clean\n'
2023-10-07 06:10:55,809 [0] b"tools/syz-env/env.go:14:2: no required module provides package github.com/google/syzkaller/pkg/osutil: go.mod file not found in current directory or any parent directory; see 'go help modules'\n"
2023-10-07 06:10:55,809 [0] b"tools/syz-env/env.go:15:2: no required module provides package github.com/google/syzkaller/sys/targets: go.mod file not found in current directory or any parent directory; see 'go help modules'\n"
2023-10-07 06:10:55,810 [0] b'Makefile:35: *** syz-env failed.  Stop.\n'

whatever case I run, it will be this. I have used the ready2go、 Implemented environmental configuration and run python3 syzscope --install-requirements.
Thanks.

Hi all,
I'm experimenting a bit with syzscope and currently I'm the stage where I can reproduce the crash inside the vm but I cannot upload the testcase. I have already verified the suggestions from the readme file and all the necessary files are in the correct place.

I have tried to run lunch_vm.sh manually and to run the scp file and all works perfectly. Unfortunately if I run the vm via the python script the scp which is supposed to push the testcase does not proceed and it goes in timeout.

I'm surprise because the -RP works fine so my setup should be correct.

Have you ever seen this problem before? Could you try to run a similar test case. I have just used python3 syzscope -i hash -RP -SE --timeout-symbolic-execution 360.

I have also checked the logs and I can see that the vmlinux is loaded correctly in angr and that all the necessary symbols are found. I have even add -vvv to the scp command. I know certainly that the ssh connection is establish but scp fails.

Example

hash: 41d9ed9b6dcd7b7c5611ed5eb64835b1a554e998

➜  sym-ori git:(master) ✗ tail -f -n 13 vm.log-0
+ scp -vvvv -F /dev/null -o UserKnownHostsFile=/dev/null -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -i /home/<path>/SyzScope/work/incomplete/41d9ed9/img/stretch.img.key -P 33777 ./testcase root@localhost:/root
Executing: program /usr/bin/ssh host localhost, user root, command scp -v -t /root
OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /dev/null
debug2: resolving "localhost" port 33777
debug3: resolve_host: lookup localhost:33777
debug3: ssh_connect_direct: entering
debug1: Connecting to localhost [127.0.0.1] port 33777.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/<path>/SyzScope/work/incomplete/41d9ed9/img/stretch.img.key type 0
debug1: identity file /home/<path>/SyzScope/work/incomplete/41d9ed9/img/stretch.img.key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3

<STUCK HERE>

Thanks

Hi, I am using Syzscope from the ready2go docker and got the following Error:

root@ea0c0bd44dff:~/SyzScope# python3 syzscope -k="INFO:" -RP -KF --timeout-kernel-fuzzing 3 -SA --timeout-static-analysis 3600 -pm 8 --debug
[+] Building image
[+] Building gcc and clang
[+] Building llvm
[+] Build static analysis tool
[+] Download pwndbg
[+] Setup golang environment
[+] Setup syzkaller
[+] Clean unfinished jobs
rm: cannot remove 'linux-*/.git/index.lock': No such file or directory
Removing index.lock
rm: cannot remove 'linux-*/THIS_KERNEL_IS_BEING_USED': No such file or directory
All set
[*] hash: None
[*] url: https://syzkaller.appspot.com/upstream/fixed
[*] max: 9999
[*] key: ['INFO:']
[*] deduplicate: []
[*] alert: ['']
root : root kvm
KVM is ready to go
debug mode runs on single thread
INFO    | 2023-03-22 07:16:27,727 | syzscope.modules.syzbotCrawler | Get table from https://syzkaller.appspot.com/upstream/fixed
DEBUG   | 2023-03-22 07:16:42,409 | syzscope.modules.syzbotCrawler | [0] Find a suitable case:
INFO: rcu detected stall in ext4_file_write_iter (6)
ext4

Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "syzscope/__main__.py", line 316, in <module>
    crawler.run()
  File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 68, in run
    cases_hash, high_risk_impacts = self.gather_cases()
  File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 195, in gather_cases
    href = title.next.attrs['href']
  File "/usr/local/lib/python3.6/dist-packages/bs4/element.py", line 742, in __getattr__
    self.__class__.__name__, attr))
AttributeError: 'NavigableString' object has no attribute 'attrs'

• Test envrironment: etenal/syzscope:ready2go with git pull
• Test command: python3 syzscope -k="WARNING" -k="INFO:" -RP -KF --timeout-kernel-fuzzing 3 -SA --timeout-static-analysis 3600 -pm 8 --debug
  • (Note that, the simpler command: python3 syzscope -k="INFO:" has the same error as well)

I briefly analyze the error trace and the syzbot page printed by debug mode. I think maybe the code href = title.next.attrs['href'] in syzbotCrawler.py:195 no longer fits the current format of the syzbot pages. Not sure about this, I guess there may be some compatibility issues in other format parsers which are hard-encoded in the crawler.