funfuzz icon indicating copy to clipboard operation
funfuzz copied to clipboard
verified publisher icon MozillaSecurity

Error when running funfuzz

Open pratikbhd opened this issue 6 years ago • 4 comments

Hey! I am trying to run funfuzz to test SpiderMonkey for a project I am working on and I can't seem to get around an error I have been receiving for the last 2 days:

Traceback (most recent call last):
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
    conn.connect()
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect
    ssl_context=context)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 357, in ssl_wrap_socket
    return context.wrap_socket(sock)
  File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 814, in __init__
    self.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1068, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:833)

This seems to be some connection error. I am running FuzzManager on localhost in the background as well. Following this initial error, a whole host of other errors start popping up:

Traceback (most recent call last):
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
    conn.connect()
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connection.py", line 344, in connect
    ssl_context=context)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 357, in ssl_wrap_socket
    return context.wrap_socket(sock)
  File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/lib/python3.6/ssl.py", line 814, in __init__
    self.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 1068, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:833)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/urllib3/util/retry.py", line 398, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=8000): Max retries exceeded with url: /crashmanager/rest/signatures/download/ (Caused by SSLError(SSLError(1, '[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:833)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/funFuzz/funfuzz/src/funfuzz/bot.py", line 241, in <module>
    main()
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/funFuzz/funfuzz/src/funfuzz/bot.py", line 106, in main
    collector.refresh()
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/Reporter/Reporter.py", line 43, in decorator
    return wrapped(self, *args, **kwargs)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/Reporter/Reporter.py", line 53, in decorator
    return wrapped(self, *args, **kwargs)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/Collector/Collector.py", line 56, in refresh
    response = self.get(url, stream=True)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/Reporter/Reporter.py", line 170, in get
    return requests_retry(self._session.get)(*args, **kwds)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/Reporter/Reporter.py", line 65, in wrapper
    response = wrapped(*args, **kwds)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/requests/sessions.py", line 546, in get
    return self.request('GET', url, **kwargs)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='127.0.0.1', port=8000): Max retries exceeded with url: /crashmanager/rest/signatures/download/ (Caused by SSLError(SSLError(1, '[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:833)'),))
Something went wrong when calling: ['/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/bin/python', '-u', '-m', 'funfuzz.bot', '-b', '--random', '--target-time', '28800']
CalledProcessError(1, ['/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/bin/python', '-u', '-m', 'funfuzz.bot', '-b', '--random', '--target-time', '28800'])
Traceback (most recent call last):
  File "funfuzz/loop_bot.py", line 32, in loop_seq
    subprocess.run(cmd, check=True)
  File "/usr/lib/python3.6/subprocess.py", line 418, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/scratch/new_lhome/pratikbhandari/myFuzzTests/fuzz_venv/bin/python', '-u', '-m', 'funfuzz.bot', '-b', '--random', '--target-time', '28800']' returned non-zero exit status 1.

Waiting 60 seconds...

Any suggestions to why might be happening and how to solve this would be very helpful. Thanks!

pratikbhd avatar Feb 07 '19 21:02 pratikbhd

I'm not sure what's going on there. However, can you try following the steps in these videos (part 1 and part 2) and see if you can reproduce your issues?

The video demos use VirtualBox, so the programs used in the demo should be available for free.

nth10sd avatar Feb 07 '19 22:02 nth10sd

Thanks for the quick response. I will go through the steps in the video and see if the issue persists.

pratikbhd avatar Feb 07 '19 22:02 pratikbhd

I followed the steps described in the videos and the GitHub repository linked to it and it worked perfectly in the VirtualBox. Thanks for pointing me in that direction! The previous issue must have been some dependency issue with my machine. I do have a question related to this. I am looking to fuzz v8 using jsfunfuzz which I think can be done but I am not entirely sure how I should proceed with that. Any pointers on what I need to do to get started with it? Thanks!

pratikbhd avatar Feb 18 '19 21:02 pratikbhd

It's going to be non-trivial, though possible.

  • repos_update only works on Mozilla's Mercurial repositories
  • compile_shell needs to be replaced with something that works with the v8 shell
  • inspect_shell should be updated to work with v8
  • shell_flags as well
  • known_broken_earliest_working has to be updated with the earliest known compilable version and also broken ranges ought to be updated
  • Do v8 processes use Mercurial? Because autobisectjs uses hg bisect, so it'll have to be changed
  • v8 does not support some SpiderMonkey-only functions that are in jsfunfuzz so those will have to be disabled

I'd suggest focusing on a v8-form of compile_shell and bot, disabling inspect_shell and SpiderMonkey-only functions, testing only on v8's master and fixating a known set of shell_flags as a start. You should write pytests for each function that you refactor, I will gladly help you review and land them if they make a function non-SpiderMonkey-specific and thus more generic. (For now, I don't think I can say the same for code specific to v8, for obvious reasons)

I've known that there have been patch stacks in the past that have found issues in v8 many years ago, but they've long since bitrotted. Is it still possible to fuzz v8 to find issues using funfuzz? Yes, I most definitely think so. There's plenty of work to get there, though.

nth10sd avatar Feb 20 '19 02:02 nth10sd