plummm / syzscope Goto Github PK
View Code? Open in Web Editor NEWSyzScope is a research project that aims to reveal high-risk security bugs on Syzbot. Learn more details in our paper.
License: MIT License
SyzScope is a research project that aims to reveal high-risk security bugs on Syzbot. Learn more details in our paper.
License: MIT License
References in the paper include such positions:
https://syzkaller.appspot.com/bug?id=2389bfc4b1c4ea3969629ed19bef0b3b2ec741f2/
which lead to a 404.
I suppose that the finishing slash should have been omitted.
I am trying to fuzz with Syzscope. But I am encountering :
Failed to get detail of a case https://syzkaller.appspot.com/bug?id=e98d2e8aa7283d11aa8e0b718d8afa1a058e6ae0
Failed to get detail of a case https://syzkaller.appspot.com/bug?id=ff42415ad0066959950f184d479c5c9e9f033e9e
Failed to get detail of a case https://syzkaller.appspot.com/bug?id=ff39495cd7e7333b7fa2c150e33e52df49ea0377
Failed to get detail of a case https://syzkaller.appspot.com/bug?id=fdcd1733bbe482196c0e15d4b42a25fe941046d0
There are a lot more. I am behind a proxy, I have set the http and https proxy path. I do see some completed test cases in the work directory.
Hi, I have used the image-ready2go, but when running the example, there will always be a requests.exceptions.ConnectionError error. I have investigated DNS, firewall, and network issues, but the problem remains unresolved.
docker pull etenal/syzscope:ready2go
docker run -it -d --name syzscope -p 2222:22 --privileged etenal/syzscope:ready2go
docker attach syzscope
cd /root/SyzScope
git pull
root@a9155f7a0272:~/SyzScope# python3 syzscope -i f99edaeec58ad40380ed5813d89e205861be2896
[+] Building image
[+] Building gcc and clang
[+] Building llvm
[+] Build static analysis tool
[+] Download pwndbg
[+] Setup golang environment
[+] Setup syzkaller
[+] Clean unfinished jobs
rm: cannot remove 'linux-/.git/index.lock': No such file or directory
Removing index.lock
rm: cannot remove 'linux-/THIS_KERNEL_IS_BEING_USED': No such file or directory
All set
[] hash: f99edaeec58ad40380ed5813d89e205861be2896
[] url: https://syzkaller.appspot.com/upstream/fixed
[] max: 9999
[] key: ['']
[] deduplicate: []
[] alert: ['']
root : root kvm
KVM is ready to go
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 160, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 677, in urlopen
chunked=chunked,
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 976, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 308, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.6/dist-packages/urllib3/connection.py", line 172, in _new_conn
self, "Failed to establish a new connection: %s" % e
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7efd6f2f84e0>: Failed to establish a new connection: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py", line 725, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/local/lib/python3.6/dist-packages/urllib3/util/retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='syzkaller.appspot.com', port=443): Max retries exceeded with url: /bug?id=f99edaeec58ad40380ed5813d89e205861be2896 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7efd6f2f84e0>: Failed to establish a new connection: [Errno 111] Connection refused',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
"main", mod_spec)
File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "syzscope/main.py", line 305, in
crawler.run_one_case(args.input)
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 85, in run_one_case
if self.retreive_case(hash) == -1:
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 122, in retreive_case
detail = self.request_detail(hash)
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 215, in request_detail
tables = self.__get_table(url)
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 278, in __get_table
req = requests.request(method='GET', url=url)
File "/usr/local/lib/python3.6/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='syzkaller.appspot.com', port=443): Max retries exceeded with url: /bug?id=f99edaeec58ad40380ed5813d89e205861be2896 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7efd6f2f84e0>: Failed to establish a new connection: [Errno 111] Connection refused',))
root@a9155f7a0272:~/SyzScope#
The kernel version in the current container is 5.10
Can syzscope fuzz on other kernel versions?
If possible,besides using other versions of the Linux kernel to build the runtime environment, what other code or configurations should be changed?
Thanks!
Hi, Is there any Detailed Bug Report List available please, I did not find them in the repo.
root@779e7d7baa0b:~/SyzScope# python3 syzscope -i f99edaeec58ad40380ed5813d89e205861be2896 -KF
[+] Building image
[+] Building gcc and clang
[+] Building llvm
[+] Build static analysis tool
[+] Download pwndbg
[+] Setup golang environment
[+] Setup syzkaller
[+] Clean unfinished jobs
rm: cannot remove 'linux-*/.git/index.lock': No such file or directory
Removing index.lock
rm: cannot remove 'linux-*/THIS_KERNEL_IS_BEING_USED': No such file or directory
All set
[*] hash: f99edaeec58ad40380ed5813d89e205861be2896
[*] url: https://syzkaller.appspot.com/upstream/fixed
[*] max: 9999
[*] key: ['']
[*] deduplicate: []
[*] alert: ['']
root : root kvm
KVM is ready to go
Thread 0: run case f99edaeec58ad40380ed5813d89e205861be2896 [0/1] left
2023-10-07 06:10:52,378 Thread 0: run: scripts/linux-clone.sh 0 linux
running linux-clone.sh
2023-10-07 06:10:52,382 Thread 0: f99edae f99edaeec58ad40380ed5813d89e205861be2896
2023-10-07 06:10:53,236 Thread 0: f99edae Found duplicated case in /root/SyzScope/work/error/f99edae
2023-10-07 06:10:53,237 Thread 0: f99edae run: scripts/deploy.sh
2023-10-07 06:10:55,810 Thread 0: f99edae script/deploy.sh is done with exitcode 2
2023-10-07 06:10:55,811 Thread 0: f99edae Error occur in deploy.sh
2023-10-07 06:10:55,811 Thread 0: f99edae case f99edaeec58ad40380ed5813d89e205861be2896 encounter an error. See log for details.
2023-10-07 06:10:55,811 Thread 0: f99edae Copy to error
Thread 0 exit->
root@779e7d7baa0b:~/SyzScope# tail -f -n 10 work/error/f99edae/log
2023-10-07 06:10:55,794 [0] b'If you want to create a new branch to retain commits you create, you may\n'
2023-10-07 06:10:55,794 [0] b'do so (now or later) by using -b with the checkout command again. Example:\n'
2023-10-07 06:10:55,794 [0] b'\n'
2023-10-07 06:10:55,794 [0] b' git checkout -b <new-branch-name>\n'
2023-10-07 06:10:55,794 [0] b'\n'
2023-10-07 06:10:55,794 [0] b'HEAD is now at 9b1f3e665 prog: control program length\n'
2023-10-07 06:10:55,797 [0] b'+ make clean\n'
2023-10-07 06:10:55,809 [0] b"tools/syz-env/env.go:14:2: no required module provides package github.com/google/syzkaller/pkg/osutil: go.mod file not found in current directory or any parent directory; see 'go help modules'\n"
2023-10-07 06:10:55,809 [0] b"tools/syz-env/env.go:15:2: no required module provides package github.com/google/syzkaller/sys/targets: go.mod file not found in current directory or any parent directory; see 'go help modules'\n"
2023-10-07 06:10:55,810 [0] b'Makefile:35: *** syz-env failed. Stop.\n'
whatever case I run, it will be this. I have used the ready2go、 Implemented environmental configuration and run python3 syzscope --install-requirements.
Thanks.
Hi all,
I'm experimenting a bit with syzscope
and currently I'm the stage where I can reproduce the crash inside the vm but I cannot upload the testcase
. I have already verified the suggestions from the readme file and all the necessary files are in the correct place.
I have tried to run lunch_vm.sh
manually and to run the scp
file and all works perfectly. Unfortunately if I run the vm via the python script the scp
which is supposed to push the testcase
does not proceed and it goes in timeout.
I'm surprise because the -RP
works fine so my setup should be correct.
Have you ever seen this problem before? Could you try to run a similar test case. I have just used python3 syzscope -i hash -RP -SE --timeout-symbolic-execution 360
.
I have also checked the logs and I can see that the vmlinux
is loaded correctly in angr
and that all the necessary symbols are found. I have even add -vvv
to the scp
command. I know certainly that the ssh
connection is establish but scp
fails.
hash: 41d9ed9b6dcd7b7c5611ed5eb64835b1a554e998
➜ sym-ori git:(master) ✗ tail -f -n 13 vm.log-0
+ scp -vvvv -F /dev/null -o UserKnownHostsFile=/dev/null -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -i /home/<path>/SyzScope/work/incomplete/41d9ed9/img/stretch.img.key -P 33777 ./testcase root@localhost:/root
Executing: program /usr/bin/ssh host localhost, user root, command scp -v -t /root
OpenSSH_8.9p1 Ubuntu-3ubuntu0.3, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /dev/null
debug2: resolving "localhost" port 33777
debug3: resolve_host: lookup localhost:33777
debug3: ssh_connect_direct: entering
debug1: Connecting to localhost [127.0.0.1] port 33777.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/<path>/SyzScope/work/incomplete/41d9ed9/img/stretch.img.key type 0
debug1: identity file /home/<path>/SyzScope/work/incomplete/41d9ed9/img/stretch.img.key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.3
<STUCK HERE>
Thanks
Hi, I am using Syzscope from the ready2go docker and got the following Error:
root@ea0c0bd44dff:~/SyzScope# python3 syzscope -k="INFO:" -RP -KF --timeout-kernel-fuzzing 3 -SA --timeout-static-analysis 3600 -pm 8 --debug
[+] Building image
[+] Building gcc and clang
[+] Building llvm
[+] Build static analysis tool
[+] Download pwndbg
[+] Setup golang environment
[+] Setup syzkaller
[+] Clean unfinished jobs
rm: cannot remove 'linux-*/.git/index.lock': No such file or directory
Removing index.lock
rm: cannot remove 'linux-*/THIS_KERNEL_IS_BEING_USED': No such file or directory
All set
[*] hash: None
[*] url: https://syzkaller.appspot.com/upstream/fixed
[*] max: 9999
[*] key: ['INFO:']
[*] deduplicate: []
[*] alert: ['']
root : root kvm
KVM is ready to go
debug mode runs on single thread
INFO | 2023-03-22 07:16:27,727 | syzscope.modules.syzbotCrawler | Get table from https://syzkaller.appspot.com/upstream/fixed
DEBUG | 2023-03-22 07:16:42,409 | syzscope.modules.syzbotCrawler | [0] Find a suitable case:
INFO: rcu detected stall in ext4_file_write_iter (6)
ext4
Traceback (most recent call last):
File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "syzscope/__main__.py", line 316, in <module>
crawler.run()
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 68, in run
cases_hash, high_risk_impacts = self.gather_cases()
File "/root/SyzScope/syzscope/modules/syzbotCrawler.py", line 195, in gather_cases
href = title.next.attrs['href']
File "/usr/local/lib/python3.6/dist-packages/bs4/element.py", line 742, in __getattr__
self.__class__.__name__, attr))
AttributeError: 'NavigableString' object has no attribute 'attrs'
etenal/syzscope:ready2go
with git pull
python3 syzscope -k="WARNING" -k="INFO:" -RP -KF --timeout-kernel-fuzzing 3 -SA --timeout-static-analysis 3600 -pm 8 --debug
python3 syzscope -k="INFO:"
has the same error as well)I briefly analyze the error trace and the syzbot page printed by debug mode. I think maybe the code href = title.next.attrs['href']
in syzbotCrawler.py:195
no longer fits the current format of the syzbot pages. Not sure about this, I guess there may be some compatibility issues in other format parsers which are hard-encoded in the crawler.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.