def finalize_iteration(self): try: self.control.send('F') self.control.recv(1) except: log_exception() log_qemu("finalize_iteration failed...", self.qemu_id)
def set_payload(self, payload): if self.exiting: sys.exit(0) # TODO: enforce single global size limit through frontend/mutations/backend # PAYLOAD_SIZE-sizeof(uint32)-sizeof(uint8) = 131067! payload_limit = self.payload_size - 16 if len(payload) > payload_limit: payload = payload[:payload_limit] try: self.fs_shm.seek(0) input_len = to_string_32(len(payload)) self.fs_shm.write_byte(input_len[3]) self.fs_shm.write_byte(input_len[2]) self.fs_shm.write_byte(input_len[1]) self.fs_shm.write_byte(input_len[0]) self.fs_shm.write(payload) self.fs_shm.flush() except: if self.exiting: sys.exit(0) # Qemu crashed. Could be due to prior payload but more likely harness/config is broken.. print_fail("Failed to set new payload - Qemu crash?") log_qemu("Failed to set new payload - Qemu crash?", self.qemu_id) raise
def set_init_state(self, payload=None): self.crashed = False self.timeout = False self.kasan = False self.handshake_stage_1 = True self.handshake_stage_2 = True self.start_ticks = 0 self.end_ticks = 0 self.__set_binary(self.binary_filename, self.config.argument_values['executable'], (128 << 20)) self.__debug_recv_expect(qemu_protocol.RELEASE + qemu_protocol.PT_TRASHED) log_qemu("Initial stage 1 handshake done...", self.qemu_id) self.__debug_send(qemu_protocol.RELEASE) self.__debug_recv_expect(qemu_protocol.ACQUIRE + qemu_protocol.PT_TRASHED) log_qemu("Initial stage 2 handshake done...", self.qemu_id) if payload: self.set_payload(payload) self.send_payload(timeout_detection=False, apply_patches=False) self.crashed = False self.timeout = False self.kasan = False
def soft_reload(self): log_qemu("soft reload", self.qemu_id) self.crashed = False self.timeout = False self.kasan = False self.start_ticks = 0 self.end_ticks = 0 self.control.settimeout(10.0) # ask qemu to reload the VM and wait for acknowledgement self.control.send('L') while True: ch = self.control.recv(1) if ch == 'L' or ch == '' : break # wait for the initial handshake (acquire) v = self.control.recv(1) self.__set_binary(self.binary_filename, self.config.argument_values['executable'], (16 << 20)) if v != 'D': raise Exception("this better not happen! v == %r" % v) #self.control.send('R') #v = self.control.recv(1) # now wait for the hypercall_next_payload from vm before continuing v = self.control.recv(1) self.control.settimeout(5.0)
def __qemu_handshake(self): if self.config.argument_values['agent']: self.__set_agent() # self.__debug_recv_expect(qemu_protocol.RELEASE + qemu_protocol.PT_TRASHED) # self.__debug_recv_expect(qemu_protocol.ACQUIRE) # self.__debug_send(qemu_protocol.RELEASE) # log_qemu("Stage 1 handshake done [INIT]", self.qemu_id) # # TODO: notify user if target/VM loads really slow or not at all.. # #ready = select.select([self.control], [], [], 0.5) # #while not ready[0]: # # print("[Slave %d] Waiting for Qemu handshake..." % self.qemu_id) # # ready = select.select([self.control], [], [], 1) # self.handshake_stage_1 = False # # self.__debug_recv_expect(qemu_protocol.ACQUIRE + qemu_protocol.PT_TRASHED) # self.__debug_recv_expect(qemu_protocol.ACQUIRE) # self.__debug_send(qemu_protocol.RELEASE) # log_qemu("Stage 2 handshake done [READY]", self.qemu_id) # self.handshake_stage_2 = False self.__debug_send(qemu_protocol.RELEASE) # unlock while True: res = self.__debug_recv() if res == qemu_protocol.LOCK: break self.__debug_send(qemu_protocol.RELEASE) self.__debug_recv_expect(qemu_protocol.RELEASE) self.__debug_recv() log_qemu("Handshake done [INIT]", self.qemu_id)
def start(self, verbose=False, serout=None): if verbose: self.process = subprocess.Popen(filter(None, self.cmd.split(" ")), stdin=None, stdout=serout, #None, stderr=None) else: if serout is None : serout = subprocess.PIPE self.process = subprocess.Popen(filter(None, self.cmd.split(" ")), stdin=subprocess.PIPE, stdout=serout, #subprocess.PIPE, stderr=subprocess.PIPE) log_qemu("process pid %d" % self.process.pid, self.qemu_id) self.stat_fd = open("/proc/" + str(self.process.pid) + "/stat") self.init() try: self.set_init_state() except: log_exception() return False self.initial_mem_usage = resource.getrusage(resource.RUSAGE_SELF).ru_maxrss #time.sleep(1) self.kafl_shm.seek(0x0) self.kafl_shm.write(self.virgin_bitmap) self.kafl_shm.flush() return True
def __debug_recv_expect(self, cmd): res = '' while True: res = self.__debug_recv() if res in cmd: break # TODO: the I/O handling here really sucks. # Below we are returning OK to set_init_state() in order to silence handshake error message during kafl_info.py. # We need to factor out the debug stuff and properly support required vs optional/intermediate control messages... elif res == qemu_protocol.INFO: break elif res is None: # Timeout is detected separately in debug_recv(), so we should never get here.. assert False else: # Reaching this part typically means there is a bug in the agent or target setup which # messes up the expected interaction. Throw an error and exit. log_qemu( "Fatal error in debug_recv(): Got " + str(res) + ", Expected: " + str(cmd) + ")", self.qemu_id) print_fail( "Slave %d: Error in debug_recv(): Got %s, Expected: %s" % (self.qemu_id, str(res), str(cmd))) assert False if res == qemu_protocol.PT_TRASHED: log_qemu("PT_TRASHED", self.qemu_id) return False return True
def __debug_recv(self): while True: try: res = self.control.recv(1) except ConnectionResetError: if self.exiting: sys.exit(0) raise if (len(res) == 0): # Another case of socket error, apparently on Qemu reset/crash # Default: assume Qemu exit is fatal bug in harness/setup log_qemu("Fatal error in __debug_recv()", self.qemu_id) sig = self.shutdown() if sig == 0: # regular shutdown? still report as KASAN return qemu_protocol.KASAN else: raise BrokenPipeError("Qemu exited with signal: %s" % str(sig)) if res == qemu_protocol.PRINTF: self.__debug_hprintf() self.hprintf_print_mode = False else: self.hprintf_print_mode = True if self.debug_mode: try: self.__dump_recv_res(res) except: pass return res
def finalize_iteration(self): try: self.__debug_send(qemu_protocol.FINALIZE) self.__debug_recv() except: log_qemu("finalize_iteration failed...", self.qemu_id) log_qemu("%s" % traceback.format_exc())
def verifiy_input(self, payload, bitmap, payload_size, runs=3, apply_patches=True): crashed = self.crashed timeout = self.timeout kasan = self.kasan failed = False try: self.enable_sampling_mode() init = True tmp_bitmap1 = bitmap for i in range(runs): if not init: tmp_bitmap1 = self.send_payload( timeout_detection=False, apply_patches=apply_patches) if (self.crashed or self.kasan or self.timeout): break else: self.submit_sampling_run() tmp_bitmap2 = self.send_payload(timeout_detection=False, apply_patches=apply_patches) if (self.crashed or self.kasan or self.timeout): break else: self.submit_sampling_run() if tmp_bitmap1 == tmp_bitmap2: break init = False except: log_qemu("verification phase failed %s" % traceback.format_exc(), self.qemu_id) failed = True self.crashed = crashed or self.crashed self.timeout = timeout or self.timeout self.kasan = kasan or self.kasan try: #if not self.timeout: self.submit_sampling_run() self.disable_sampling_mode() if not failed: return tmp_bitmap2 else: return bitmap except: log_qemu( "verification phase failed 2 (timeout?) %s" % traceback.format_exc(), self.qemu_id) #self.timeout = True return bitmap
def soft_reload(self): return self.__debug_send(qemu_protocol.RELOAD) self.__debug_recv_expect(qemu_protocol.RELOAD) success = self.__debug_recv_expect(qemu_protocol.ACQUIRE + qemu_protocol.PT_TRASHED) if not success: log_qemu("soft reload failed (ipt ovp quirk)", self.qemu_id) self.soft_reload()
def check_recv(self, timeout_detection=True): log_qemu("check recv", self.qemu_id) if timeout_detection: self.control.settimeout(1.25) try: result = self.control.recv(1) #except socket_error, e: except socket.timeout, e: log_exception() #raise Exception("XXX DEBUG TIMEOUT") return "TIMEOUT"
def __qemu_handshake(self): if self.config.argument_values['agent']: self.__set_agent() self.__debug_send(qemu_protocol.RELEASE) # unlock while True: res = self.__debug_recv() if res == qemu_protocol.LOCK: break self.__debug_send(qemu_protocol.RELEASE) self.__debug_recv_expect(qemu_protocol.RELEASE) self.__debug_recv() log_qemu("Handshake done [INIT]", self.qemu_id)
def __debug_recv(self): while True: res = self.control.recv(1) if (len(res) == 0): log_qemu("__debug_recv error?", self.qemu_id) break if res == qemu_protocol.PRINTF: self.__debug_hprintf() self.hprintf_print_mode = False else: self.hprintf_print_mode = True if self.debug_mode: if res == qemu_protocol.ACQUIRE: self.debug_counter = 0 #try: info = "" if self.handshake_stage_1 and res == qemu_protocol.RELEASE: info = " (Loader Handshake)" elif self.handshake_stage_2 and res == qemu_protocol.ACQUIRE: info = " (Initial Handshake Iteration)" elif res == qemu_protocol.INFO: print("[RECV] \t" + '\033[1m' + '\033[92m' + self.CMDS[res] + info + '\033[0m') print( "------------------------------------------------------" ) try: for line in open("/tmp/kAFL_info.txt"): print line, os.remove("/tmp/kAFL_info.txt") except: pass print( "------------------------------------------------------" ) os._exit(0) elif res == qemu_protocol.ABORT: print(common.color.FAIL + self.CMDS[res] + common.color.ENDC) #print("[RECV] \t" + common.color.FAIL + self.CMDS[res] + common.color.ENDC) os._exit(0) if res == qemu_protocol.CRASH or res == qemu_protocol.KASAN: print("[RECV] \t" + '\033[1m' + '\033[91m' + self.CMDS[res] + info + '\033[0m') else: print("[RECV] \t" + '\033[1m' + '\033[92m' + self.CMDS[res] + info + '\033[0m') #except Exception as e: # print("[RECV] \t" + "unknown cmd '" + res + "'" + str(e)) return res
def shutdown(self): log_qemu("Shutting down Qemu after %d execs.." % self.persistent_runs, self.qemu_id) if not self.process: # start() has never been called, all files/shm are closed. return 0 # If Qemu exists, try to graciously read its I/O and SIGTERM it. # If still alive, attempt SIGKILL or loop-wait on kill -9. output = "<no output received>\n" try: self.process.terminate() output = strdump(self.process.communicate(timeout=1)[0], verbatim=True) except: pass if self.process.returncode is None: try: self.process.kill() except: pass log_qemu("Qemu exit code: %s" % str(self.process.returncode), self.qemu_id) header = "\n=================<Qemu %s Console Output>==================\n" % self.qemu_id footer = "====================</Console Output>======================\n" log_qemu(header + output + footer, self.qemu_id) header = "\n=================<Qemu %s Serial Output>==================\n" % self.qemu_id footer = "====================</Serial Output>======================\n" serial_out = strdump(read_binary_file(self.qemu_serial_log), verbatim=True) log_qemu(header + serial_out + footer, self.qemu_id) try: self.kafl_shm.close() except: pass try: self.fs_shm.close() except: pass try: os.close(self.kafl_shm_f) except: pass try: os.close(self.fs_shm_f) except: pass try: if self.stat_fd: self.stat_fd.close() except: pass return self.process.returncode
def execute_in_trace_mode(self, timeout_detection): log_qemu("Performing trace iteration...", self.qemu_id) exec_res = None try: self.soft_reload() self.send_enable_trace() exec_res = self.send_payload(timeout_detection=timeout_detection) self.soft_reload() self.send_disable_trace() except Exception as e: log_qemu("Error during trace: %s" % str(e), self.qemu_id) return None return exec_res
def __del__(self): log_qemu("kill qemu pid %d" % self.process.pid, self.qemu_id) os.system("kill -9 " + str(self.process.pid)) try: if self.process: try: self.process.kill() except: log_exception() if self.e: if self.control_fileno: self.e.unregister(self.control_fileno) if self.intervm_tty_write: self.intervm_tty_write.close() if self.control: self.control.close() except OSError: log_exception() pass try: self.kafl_shm.close() except: log_exception() pass try: self.fs_shm.close() except: log_exception() pass try: if self.stat_fd: self.stat_fd.close() except: log_exception() pass if self.global_bitmap is not None : self.global_bitmap.close() self.global_bitmap = None if self.global_bitmap_fd is not None : os.close(self.global_bitmap_fd) self.global_bitmap_fd = None
def soft_reload(self): return log_qemu("soft_reload()", self.qemu_id) self.crashed = False self.timeout = False self.kasan = False self.start_ticks = 0 self.end_ticks = 0 self.__debug_send(qemu_protocol.RELOAD) self.__debug_recv_expect(qemu_protocol.RELOAD) success = self.__debug_recv_expect(qemu_protocol.ACQUIRE + qemu_protocol.PT_TRASHED) if not success: log_qemu("soft reload failed (ipt ovp quirk)", self.qemu_id) self.soft_reload()
def set_payload(self, irp): if self.exiting: sys.exit(0) # actual payload is limited to payload_size - sizeof(uint32) - sizeof(uint8) try: self.fs_shm.seek(0) self.fs_shm.write(p32(irp.Command)) self.fs_shm.write(p32(irp.IoControlCode)) self.fs_shm.write(p32(irp.InBufferLength)) self.fs_shm.write(p32(irp.OutBufferLength)) self.fs_shm.write(bytes(irp.InBuffer)) self.fs_shm.flush() except ValueError: if self.exiting: sys.exit(0) # Qemu crashed. Could be due to prior payload but more likely harness/config is broken.. #print_fail("Failed to set new payload - Qemu crash?"); log_qemu("Failed to set new payload - Qemu crash?", self.qemu_id) raise
def send_irp(self, irp, retry=0): try: #log(f"iocode: {hex(irp.IoControlCode)}, payload: {bytes(irp.InBuffer[:0x10])}.., len: {hex(irp.InBufferLength)}", label='IRP') self.set_payload(irp) return self.send_payload() except (ValueError, BrokenPipeError): if retry > 2: # TODO if it reliably kills qemu, perhaps log to master for harvesting.. print_fail( "Process aborting due to repeated SHM/socket error. Check logs." ) log_qemu("Aborting due to repeated SHM/socket error", self.qemu_id) raise print_warning("SHM/socket error on Process (retry %d)" % retry) log_qemu("SHM/socket error, trying to restart qemu...", self.qemu_id) if not self.restart(): raise return self.send_irp(irp, retry=retry + 1)
def execute_in_redqueen_mode(self, payload): log_qemu("Performing redqueen iteration...", self.qemu_id) try: self.soft_reload() self.send_rq_set_light_instrumentation() self.send_enable_redqueen() self.set_payload(payload) self.send_payload(timeout_detection=False) if self.exit_reason() != "regular": print_warning("RQ execution returned %s", self.exit_reason()) except Exception as e: log_qemu("%s" % traceback.format_exc(), self.qemu_id) return False #log_qemu("Disabling redqueen mode...", self.qemu_id) try: self.send_disable_redqueen() self.set_payload(payload) self.send_payload(timeout_detection=False) self.soft_reload() if self.exit_reason() != "regular": print_warning("RQ execution returned %s", self.exit_reason()) except Exception as e: log_qemu("%s" % traceback.format_exc(), self.qemu_id) return False return True
def start(self): if self.exiting: return False self.persistent_runs = 0 self.handshake_stage_1 = True self.handshake_stage_2 = True if self.qemu_id == "0" or self.qemu_id == "1337": ## 1337 is debug instance! log_qemu("Launching virtual machine...CMD:\n" + ' '.join(self.cmd), self.qemu_id) else: log_qemu("Launching virtual machine...", self.qemu_id) # Launch Qemu. stderr to stdout, stdout is logged on VM exit # os.setpgrp() prevents signals from being propagated to Qemu, instead allowing an # organized shutdown via async_exit() self.process = subprocess.Popen(self.cmd, preexec_fn=os.setpgrp, stdin=subprocess.PIPE, #stdout=subprocess.PIPE, stderr=subprocess.STDOUT) try: self.__qemu_connect() self.__qemu_handshake() except (OSError, BrokenPipeError) as e: if not self.exiting: print_fail("Failed to launch Qemu, please see logs. Error: " + str(e)) log_qemu("Fatal error: Failed to launch Qemu: " + str(e), self.qemu_id) self.shutdown() return False return True
def send_payload(self, timeout_detection=True): self.start_ticks = self.__get_pid_guest_ticks() try: self.control.send("R") except OSError: log_qemu("Failed to send payload...", self.qemu_id) return None self.crashed = False self.timeout = False self.kasan = False if timeout_detection: counter = 0 while True: value = self.check_recv() if value == 2: self.end_ticks = self.__get_pid_guest_ticks() if (self.end_ticks - self.start_ticks) >= self.tick_timeout_treshold: break if counter >= 10: break counter += 1 else: break self.end_ticks = self.__get_pid_guest_ticks() else: value = self.check_recv(timeout_detection=False) if value == 1: self.crashed = True self.finalize_iteration() elif value == 2: self.timeout = True self.finalize_iteration() elif value == 3: self.kasan = True self.finalize_iteration() self.kafl_shm.seek(0x0) return self.kafl_shm.read(self.bitmap_size)
def __debug_recv(self): while True: try: res = self.control.recv(1) except ConnectionResetError: if self.exiting: sys.exit(0) if (len(res) == 0): # Another case of socket error, apparently on Qemu reset/crash if self.catch_vm_reboots: # Treat event as Qemu reset triggered by target, and log as KASAN log_qemu( "Qemu exit? - Assuming target crash/reset (KASAN)", self.qemu_id) return qemu_protocol.KASAN else: # Default: assume Qemu exit is fatal bug in harness/setup log_qemu("Fatal error in __debug_recv()", self.qemu_id) sig = self.shutdown() if sig == 0: # regular shutdown? still report as KASAN return qemu_protocol.KASAN else: raise EOFError("Qemu exited with signal: %s" % str(sig)) if res == qemu_protocol.PRINTF: self.__debug_hprintf() self.hprintf_print_mode = False else: self.hprintf_print_mode = True if self.debug_mode: try: self.__dump_recv_res(res) except: pass return res
def set_init_state(self): self.start_ticks = 0 self.end_ticks = 0 if self.config.argument_values['agent']: self.__set_agent() self.__debug_recv_expect(qemu_protocol.RELEASE + qemu_protocol.PT_TRASHED) self.__debug_send(qemu_protocol.RELEASE) log_qemu("Stage 1 handshake done [INIT]", self.qemu_id) # notify user if harness loads slow or not at all.. #ready = select.select([self.control], [], [], 0.5) #while not ready[0]: # print("[Slave %d] Waiting for Qemu handshake..." % self.qemu_id) # ready = select.select([self.control], [], [], 1) self.handshake_stage_1 = False self.__debug_recv_expect(qemu_protocol.ACQUIRE + qemu_protocol.PT_TRASHED) log_qemu("Stage 2 handshake done [READY]", self.qemu_id) self.handshake_stage_2 = False
def send_payload(self, timeout_detection=True): """Send a test case to qemu, wait for a response, and read back the coverage map""" log_qemu("send payload", self.qemu_id) self.start_ticks = self.__get_pid_guest_ticks() try: # vm was waiting for next payload, unlock them now that its been provided self.control.send("R") except OSError: log_exception() log_qemu("Failed to send payload...", self.qemu_id) return None self.crashed = False self.timeout = False self.kasan = False if timeout_detection: counter = 0 while True: value = self.check_recv() if value == "TIMEOUT": self.end_ticks = self.__get_pid_guest_ticks() if (self.end_ticks-self.start_ticks) >= self.tick_timeout_treshold: break if counter >= 10: break counter += 1 else: break self.end_ticks = self.__get_pid_guest_ticks() else: value = self.check_recv(timeout_detection=False) log_qemu("check_recv val %s" % value, self.qemu_id) if value == "CRASH": self.crashed = True self.finalize_iteration() elif value == "TIMEOUT": self.timeout = True self.finalize_iteration() elif value == "KASAN": self.kasan = True self.finalize_iteration() elif value == "EOF": log_qemu("QEMU control channel unexpectedly shut down!", self.qemu_id) self.timeout = True # XXX was really qemu shutting down! self.finalize_iteration() self.kafl_shm.seek(0x0) return self.kafl_shm.read(self.bitmap_size)
def set_payload(self, payload): if self.exiting: sys.exit(0) # actual payload is limited to payload_size - sizeof(uint32) - sizeof(uint8) if len(payload) > self.payload_size - 5: payload = payload[:self.payload_size - 5] try: self.fs_shm.seek(0) input_len = to_string_32(len(payload)) self.fs_shm.write_byte(input_len[3]) self.fs_shm.write_byte(input_len[2]) self.fs_shm.write_byte(input_len[1]) self.fs_shm.write_byte(input_len[0]) self.fs_shm.write(payload) self.fs_shm.flush() except ValueError: if self.exiting: sys.exit(0) # Qemu crashed. Could be due to prior payload but more likely harness/config is broken.. #print_fail("Failed to set new payload - Qemu crash?"); log_qemu("Failed to set new payload - Qemu crash?", self.qemu_id) raise
def set_init_state(self): # since we've reloaded the VM - let's assume there is no panic state... self.crashed = False self.timeout = False self.kasan = False self.start_ticks = 0 self.end_ticks = 0 # wait for initial hypercall_acquire from vm self.control.settimeout(10.0) v = self.control.recv(1) log_qemu("Initial stage 1 handshake ["+ str(v) + "] done...", self.qemu_id) self.__set_binary(self.binary_filename, self.config.argument_values['executable'], (16 << 20)) if v != 'D': raise Exception("this better not happen! v = %r" % v) #self.control.send('R') #v = self.control.recv(1) #log_qemu("Initial stage 2 handshake ["+ str(v) + "] done...", self.qemu_id) # now wait for the hypercall_next_payload from vm before continuing v = self.control.recv(1) log_qemu("Initial stage 3 handshake ["+ str(v) + "] done...", self.qemu_id) self.control.settimeout(5.0)
def start(self): if self.exiting: return False if self.qemu_id == "0" or self.qemu_id == "1337": ## 1337 is debug instance! log_qemu("Launching virtual machine...CMD:\n" + ' '.join(self.cmd), self.qemu_id) else: log_qemu("Launching virtual machine...CMD:\n" + ' '.join(self.cmd), self.qemu_id) #log_qemu("Launching virtual machine...", self.qemu_id) self.persistent_runs = 0 # Have not received+send first RELEASE (init handshake) self.handshake_stage_1 = True # Have not received first ACQUIRE (ready for payload execution) self.handshake_stage_2 = True # Launch Qemu. stderr to stdout, stdout is logged on VM exit # os.setpgrp() prevents signals from being propagated to Qemu, instead allowing an # organized shutdown via async_exit() if self.verbose: self.process = subprocess.Popen(self.cmd, preexec_fn=os.setpgrp, stdin=subprocess.PIPE, stdout=get_log_file(), stderr=get_log_file()) else: self.process = subprocess.Popen(self.cmd, preexec_fn=os.setpgrp, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) try: self.stat_fd = open("/proc/" + str(self.process.pid) + "/stat") self.init() self.set_init_state() except: if not self.exiting: print_fail("Failed to launch Qemu, please see logs.") log_qemu("Fatal error: Failed to launch Qemu.", self.qemu_id) self.shutdown() return False self.initial_mem_usage = resource.getrusage( resource.RUSAGE_SELF).ru_maxrss self.kafl_shm.seek(0x0) self.kafl_shm.write(self.virgin_bitmap) self.kafl_shm.flush() return True
def execute_in_trace_mode(self, debug_mode, timeout_detection): log_qemu("Performing trace iteration...", self.qemu_id) if debug_mode: print("Performing trace iteration...") try: self.soft_reload() self.send_enable_trace() self.send_payload(timeout_detection=timeout_detection) except Exception as e: if debug_mode: print("Fail 1...(" + str(e) + ")") log_qemu("Fail 1...(" + str(e) + ")", self.qemu_id) return False try: self.soft_reload() self.send_disable_trace() except Exception as e: log_qemu("Fail 3...(" + str(e) + ")", self.qemu_id) log_qemu("%s" % traceback.format_exc(), self.qemu_id) return False return True