failed to connect to debugger

[FINatiend]

After installation. I Run command as https://github.com/seclab-ucr/SyzGenPlusPlus/blob/main/docs/linux.md
python main.py --target autofs --find_cmds --dynamic
But the error message：
main: error: unrecognized arguments: --find_cmds
So I used the following command instead (not sure if it is correct, but the program seems to be running normally)
python3 main.py --target zero -s FIND_CMD --dynamic
But after a while, the program running log will show：

INFO    | 2024-05-30 15:33:32,551 | syzgen.debugger.proxy | start server, waiting for debugger to connect...
ERROR   | 2024-05-30 15:35:32,651 | syzgen.debugger.proxy | failed to connect to debugger
qemu-system-x86_64: terminating on signal 15 from pid 1817906 (python3)

Please tell me if the command I am using is correct and how can I solve this problem?
The following is all the logs of the program running：

llmtest@llmtest-ThinkStation-P920:~/SyzGenPlusPlus$ python3 main.py --target zero -s FIND_CMD --dynamic
plugin debug: False
plugin timeout: 600
plugin ignore_error: True
plugin hook_point: None
plugin dynamic: True
plugin debug_vm: False
plugin syscall_suffix:
plugin process_once: False
VisitedFunctionsPlugin print_function: False
RecordAccessPathPlugin infer_dependence: True
InputRecoveryPlugin zero_unused: False
InputRecoveryPlugin max_syscalls: 64
InputRecoveryPlugin max_specs: 16
InputRecoveryPlugin max_diff: 8
InputRecoveryPlugin min_diff: 1
InputRecoveryPlugin non_empty: True
ForkProfilePlugin fork_profile: False
VisitedBlocksPlugin cover: False
SymbolizationPlugin no_symbolization: False
INFO | 2024-05-30 15:33:15,899 | syzgen.target | loading linux with qemu for project 6.2
INFO | 2024-05-30 15:33:15,901 | syzgen.target.linux | successfully generate init model
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-manager github.com/google/syzkaller/syz-manager
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-runtest github.com/google/syzkaller/tools/syz-runtest
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-repro github.com/google/syzkaller/tools/syz-repro
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-mutate github.com/google/syzkaller/tools/syz-mutate
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-prog2c github.com/google/syzkaller/tools/syz-prog2c
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-db github.com/google/syzkaller/tools/syz-db
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-upgrade github.com/google/syzkaller/tools/syz-upgrade
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-syzgen github.com/google/syzkaller/tools/syz-syzgen
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-run github.com/google/syzkaller/tools/syz-run
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -static-pie -DGOOS_linux=1 -DGOARCH_amd64=1
-DHOSTGOOS_linux=1 -DGIT_REVISION="cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+"
INFO | 2024-05-30 15:33:22,423 | syzgen.analysis.interface | initializing LinuxCommandExtractor......
INFO | 2024-05-30 15:33:22,423 | syzgen.analysis.command | Start to extract commands
Warning: Permanently added '[localhost]:27450' (ECDSA) to the list of known hosts.
/root
make -C /home/llmtest/SyzGenPlusPlus/linux-distro/linux-6.2-raw M=/home/llmtest/SyzGenPlusPlus/hooks/linux modules > /dev/null
getfd 100% 17KB 14.6MB/s 00:00
hook.ko 100% 23KB 18.4MB/s 00:00
/root
disabling close$ibv_device: no syscalls can create resource fd_rdma, enable some syscalls that can create it [openat$uverbs0]
new prog:
write$zero_Group0_0_syzgen(0xffffffffffffffff, &(0x7f0000000000)="115d11dce08bdbd4649ce8ef71d874719dab10b82dd9aed6c49a7e9f2d060dfb611af367fafbbc454ea736d9483af3171a8ba74dac1e5bd31b8dd64cc53eddf38adfc5b34ee80b65f13dbb7f72e1ebc92e34d3d5e6525a2b8eb8e34f854c4b9b53a1d4bdba4a042e6f7dadb249b6cfd6ab5131a7ac88be70157b876b15f5b3b2b1deff226bd7c060b93ff46c776b43e79584cf61ec3bd0991b66588ee13f84c6405cfdec8814325f638f531841939cbfb867e00668a72e19519763c87ba9d29c734c25ed93cbcdfabd201e10d5fcd289d2126e0651774d2285bc3d227e2ba060814afa8a348e09d21ac096f66047760da8d3e546bae5c6353bafe034f59683f114eee94f3fa943974d31fe1c6a6259c2b16f2583bc70779fa33dcd004eede928ecf7ab4d88b8f56ed1c793ae1759f7342861dcb7fc50ab56dbce3dadea4a478939a2ec5fe1198a5c62213a931f5f29c05cea984a0da189a360ee6a155c49d41fe83d6bf6437d10ce95ee12767227e86a5317d15b8332e459a013a6de475f825a26878a8e7721ee56425e595aa4c0296377abd353b70617dec68157149229b052ec2ac7083db7a5cd4aa775dc3200333034caee723e913b8dbe93f8f829cd38ec624ddeca2fd7aa232ff2b46a795fc3e054df61444269c86f72bfb8323c293626ee0620797559873b4c1760456081649dbfc0e12b265803552755e28475cfc68fadd586dd74e0e07d2864c309636d3ed02d56b8535b441ed3f340ee424b682550f5fd52df2b4d22495b4b740ca3cc890a5f6a9dba1a6191b2ef1e3e0f616652b808c664f9a4a2935139f7b47a4493c88369b32207d9f6a64f198e7fcc998aa93a1d6ec779d6e876ee3f48dedcedd0bb71cbf9f598cff254d568148d407d7f224a85477ecb563f773201d7edef193a779de6cdd537acd3f409e418ab1e9882b4b3423c5e213cc26b091b8200c9f67ef3de87bf00ad5b98e234862ef6fa297e9c87d20988a9bd42bfaa0b6c4541aef8a4e33e93f48a53ee48bf9fb75ec9602d1174bf5401cc1c03c981ae662c309e7f10cbaabe670db545f3a2a2a4a54285e548a4f9bdad6a4058b767e47a6d2318118f7ef68edbef84a3f931148c2d3fb2360ab21d52434c1f293edcf31151c33e1df2f8626304a357786fa706996ef238442d0a5459f4d2492433ab7285149f57d774fa8bee0d1fdf6ad8cf011a2baa11c785dd71530262b01c8ef48018abe92ff34c5ba943f284e94d88192c0d482dcad7f9a86977477e51c460259cfcc2a49974b34bab61fe7a1c029653013e84d73961c3b13fd22cb650372f572b1eabca7ec142119eda876cc3c665cbf886985c13ca9edb1bf2b5442b6b66782298a5692112e9f09fa3640bdba19c5fbeb14b8ca13153ca6ac8216bac41448a1ef811028a8990892092a8b8d234e19003057bbf5a4ed2fcf672c6a5c55b123e4a1781d843b9157d6fe82fecfb7ce676fadc7297f150fdf2cbd5580bc72fc62924c9f7a79f76165e917e9786b6e798b09bac448eed7444e0fe83dd79fddeb4bcbf66dece749ce1eccb36851b2b4d795b00540a8a6e1d6721cf12cb8100bfe70034c5238f184f98b2332aa65ea7cff081356e5af65255434258fc231dd10c97e465a019ecf953e15912063161dfe2775044da0c230beb2dbb12105aa31daf53d04ab6b8c86b02e42d6462d905adf68649e6aaea455528fb607f66535d5439b4a413d663862dce3c69d4118a85367f40cf8cb0d822e8445c6e371e6ebb4b53d49d36aba164c718ce399740ffce3ea14b28a3c917a9843f3dd3c67fb4e47a3e3dfd1304cf713d4d2d59bcf71f223da790986d4112ab56df41e786f791ed2fba26f1e3401e208f95343b85c060acf90fee65e0829357d4b1ead6b3924bb38980694717c8dce20dfd40ef9e669193bef181566164a963b4bd41daaa78a0c673e2b45dd56e78239bfd9c5dafab025024f9f1fc8d6104d6c52202b5057677c687e5abe39286329914444da5a55d9f7a9641b49d7dd3925230265e36b307d97b85138de9d6597a63fb7fe5b9a91f2f3a0df57f55ea7660c990f0df568067c58a223beb076291941a38a283a5a372ea3daadd52e1b15c032d5d2777a5e01c90db4997a5ddcc4e5571979c8f07d036998bbde1a7d5dcbb83dbc58aca0e0cc4f74f056ef877474f94956bc750dcae4deb77aadf093683ab61e23bdb28494c713b4b8da41fb33012aa33bd40cfe08aeb026c8ecb1ae5a32fcdbf52e35f9f04a72c0ced3e9a0c5ef2851de1653a0b685b4b1ee76a106d4d92873631e0f93761650b56eed12fcb6ee23dec1dc93ab0c2d9649b425a59af3a4805697499f0673308b7c97fea2315c58408a34ddc8193349cfc2dae1f96478fd6141f0d59254c2982d69d594bfe73045ca207ee1213296c392204c8fe6f8e3ee0e3e88162a0b5cc75a02ff9f5f6b31a0e05791928a3128027c56c5a12bd2076bc88e76f7ce4dca1c78fbb4941c2b881cb48fd813f8189ac127d70bdc0e8eab8d871605dc558a1182bd9b73b11b2f18b9484eeddaab82e70e6caa4468cb8de213294e9bd6627d04202ab40b15f841d0ce7328eb17844fd5ad6f672cbce74ab630935927819af06fef9a64ec062695191449494d8201df7df03766bae38673dd6759c0a5d1f38018a1d40c55c256824711c04c5835e39b52f818749fe7f6a9c0c808e93cb5eb1c0a854c79456694b3def586995ffa9d5762893b4b1d96e50049858dbdc5438b23426805086ad1867ae0f6cb8221d4e49c4b2ba15958edaa25fd7adc056c430ecbda10dff95e77c5c44fcb7047ee61dc04f61cfc6c429ebf183141ee5cb9b1bdea889f8ed4c5206f64fa6a9569d2bbc228939404226fdfddf408b141d7924df753490858d02834baabe43323c6cdf437f02c04765e7acba669c68ec5e14dfbd0038963571ede032941a70b64ccd8c410ccb422c3f561d0440367910158fb6281d251aeab2400a71ac40fab97bcd2f08217f3d978563306738450d141f591fa22e29bcd6537cd9a6afae8c6b0b07d1adfbe64f7595eaa5665becd0d2ff40a0aca886276acd15ed1d329bafb7b44cd49b3e3cacabc15660714eef6cbd17bb785f48d91d54a0a1ef737baef61d76bd428f431b90719e38f1be85b44197a2ea021786ab29be110466bea51042159add20fee1af9706a841f0402c968d02207817d685f358189846af4c01b7071cc232a71daf124586259b6ce84d8626bac864f751094b0c0fdd9b71fb71e39c2e1b0c8b3809e26db2895501f2dae99f261bbdcf80f84c7861775fdca36d80aa6e65783d82cf81605ba1cb009e520ad7f99dbb49701dad92d2e88998e0bcc201c20e96cf37b2ca37975a7001f25b64196c1ad89387a939ab164ec074e259c3da9103fd04d7d19f10877b9a099185d1e02155c96ef87e3ee8fab5464a298368d30261b1b8e5aa035c1edd98e461c996a4e4492c6583a23d3652f981b9c9c2e0330051efdb955628dd94bf4eda56b152249228d3dc7a91cd39d037fb5d59e3f6d1455c26493ccdb52cb0070f83d05bb290d0a9663bd1bf89045f9affab3b7e1ceff6972022ed4dad870cc972b4ff51990fe3f9176a5a52d692950cd3b4d3975df2dfdce6b24015bb0622a56c75135b49915d84df3c78f6abef6d4870d25e37d6a0a3a402da8fd05a1b3e25a14bce26819f903901941b2b59794da8f4d1f7edf8b32d96c9786bfa56eed4f8e687772048d61e3b3276446c4250c49adebcacb19e9755d8fa1b128a6a8110fefb7adb7ec1af39a6e3ba051067d481745ccc9dabf6872ceee10a7ac3c06a2850d34b8b5ffd78e89218dad60bc4ed0f5ee70990a2c4501fb179348702dfd5bbb629e9f10fd0f5535a70920abf13ff311199f58a043dbd2f99f981d761e043cebbdd62b945b3c9d085fdd3f1c2f420fac6f42db66b0a69451c7d017a0d6b34c5b5fa70fa2aead907b1107f6ac66a0228aeb8e530ae47b785a03ba6ad76e24831cdfd923987d8f595c9dffd38eb3f7917260b2a1b249d5e2b3ba4de1d288db198af38b1fef5c4d8c11cbcd95f832872b484d5ee4c852e9e61c2e11f432d70df9fe914dd1f7d14b37c918d1a81b60766cc6f69e2f85abd76f22ac66b7f27daf5d9199cd1969550c4b213a87a145f02ccf970da9fe75b292f15b1e3668a8670c3764d75fa1ea782ef24e837522728569253b2e8b4074d61bf877f614f8ca0425c487f60da64f5bc306af84501dec1adf6247b2b0b42b4ea61f9515e4763a9d09a7acc1a2a7b5ce55e12f807f2ff154adbf9140506e62118b52a823de37ef41f13fd92aa56f74d10eeb3718200a4b744bd2e476ec433da5eeb2af78da5d593a4ffc177880f9682d2d9e0597cb6387bafb3802d2b577530591d51bc121bcaee18ef8126aadc85ceb56d079177769da72cec4c975a742f1ae4ba70e13ea9260d0a353b2639d43fe6941298782c3b711ac006ec739ee8747c70f3906243ce303dbc290b38e57d3d41ec1afad2673f612a17473d4aebfa096d36f469b5ed374a6e7a40f29abba9c669fbb9691745fe91e300be6b6a1e6ce8175bb086ee60a24c7d162b8b3a3960d44f2380fabaf6a6bccff106f6273b0c8b038c12096413578b4942bef41ff5068a04642308dc0b6457cb7d510fd698b7d672e3114cf30282b6c080732ccd5f9066e39a0148425d14ee43e22e71e59b3af9bb9d30a02da60a03838cff7457305fd303cfb2469b899765e992d5105a6c1314d43f0173d9da541819be7d6e5d90e59c28fa29a34f9003ddbe0e12b6755361488f38fa8a8493f18409dbf1a24708549f1af3eb6c8060a970910f33e3f40c6983869e1ab2d41fdab25463f2d3ea05d7704c7106bd6f607cb96fb7d350176201a1da9f17559fb08567efdcaff676fceaefce45f711268e4dbb73e12fc5c789082ef4085c7b4a36892c02c3a0a780473de9fccbd8411308e25953e4e29af41c32bb91c616aac12576cd96c4ca2093f9d2a2dcc83f25b1de28b78d163c2ecfbfdc62b4347ad4eb4396eac88ef49e85d1b75f596108fa84452aaa0d53d425158167dec7a22181a992e9b5319f2badd2bf0030b5eb0728e52e85cbb17ab07a9f637214be65c803a5e3ed4035840da12b85e86ff93351fa7bccd96a63f4b79274647606b5de25ace1330ff8fcd10ba460cc4aae587eeb6c0d8537a8c8c70a39100b3b2efd051ee2f926363c1490d1aa6c04a3eb55607e732f8b57556108e320ff417b08c96ac3c3cf8a2a6ad25f38fafbf3e8cf5648a6a8cc164e2c94dc294750ea2c04d489b6d950cfb45bc6a81d56fe9cc8eec307a0d5a886a8a3ed08b0134568bbba5af05b3b85e13820157def1b80725974a7acc1e8120186a0e4de01150c8d033fd8d131f413e9299732ce08d6ea7885465d6d9d9119ead579eb86f95ebdf1b9cfbb09e8f65b2692a7c038de0e5f7555b702479ddc774f4fb9a6389652e9df4b03bcc7f56b3c3db9cf0e706fd06fa5ee7779e16da40f093bb8be8794e43ae35c5b530b7f45fdfd839aebd72184f205ca59a1b7266809f52252da2b43f0409bc5064c891f18121788bb35c73b626970df3ffdb04bba6c908c20cfeaa12c177f19772b56d4584e84a47013df7740b0e4dea402f30d1353d368e979e415ae4d5c3c770751d32b3cbe9a5708857e704fa58a47f8c0f5363afa40466af98c1262681f4f8cdeb975f48238fc06e0dc9a191dd9082c60adca9b019ba7d7e9cd067d81143314be0260999768767d94d47812f67dd184d0e3578261a49d7861", 0x1000)

prog:

r0 = openat$zero_syzgen(0xffffffffffffff9c, &(0x7f0000001000), 0x20002, 0x0)

write$zero_Group0_0_syzgen(r0, &(0x7f0000000000)="115d11dce08bdbd4649ce8ef71d874719dab10b82dd9aed6c49a7e9f2d060dfb611af367fafbbc454ea736d9483af3171a8ba74dac1e5bd31b8dd64cc53eddf38adfc5b34ee80b65f13dbb7f72e1ebc92e34d3d5e6525a2b8eb8e34f854c4b9b53a1d4bdba4a042e6f7dadb249b6cfd6ab5131a7ac88be70157b876b15f5b3b2b1deff226bd7c060b93ff46c776b43e79584cf61ec3bd0991b66588ee13f84c6405cfdec8814325f638f531841939cbfb867e00668a72e19519763c87ba9d29c734c25ed93cbcdfabd201e10d5fcd289d2126e0651774d2285bc3d227e2ba060814afa8a348e09d21ac096f66047760da8d3e546bae5c6353bafe034f59683f114eee94f3fa943974d31fe1c6a6259c2b16f2583bc70779fa33dcd004eede928ecf7ab4d88b8f56ed1c793ae1759f7342861dcb7fc50ab56dbce3dadea4a478939a2ec5fe1198a5c62213a931f5f29c05cea984a0da189a360ee6a155c49d41fe83d6bf6437d10ce95ee12767227e86a5317d15b8332e459a013a6de475f825a26878a8e7721ee56425e595aa4c0296377abd353b70617dec68157149229b052ec2ac7083db7a5cd4aa775dc3200333034caee723e913b8dbe93f8f829cd38ec624ddeca2fd7aa232ff2b46a795fc3e054df61444269c86f72bfb8323c293626ee0620797559873b4c1760456081649dbfc0e12b265803552755e28475cfc68fadd586dd74e0e07d2864c309636d3ed02d56b8535b441ed3f340ee424b682550f5fd52df2b4d22495b4b740ca3cc890a5f6a9dba1a6191b2ef1e3e0f616652b808c664f9a4a2935139f7b47a4493c88369b32207d9f6a64f198e7fcc998aa93a1d6ec779d6e876ee3f48dedcedd0bb71cbf9f598cff254d568148d407d7f224a85477ecb563f773201d7edef193a779de6cdd537acd3f409e418ab1e9882b4b3423c5e213cc26b091b8200c9f67ef3de87bf00ad5b98e234862ef6fa297e9c87d20988a9bd42bfaa0b6c4541aef8a4e33e93f48a53ee48bf9fb75ec9602d1174bf5401cc1c03c981ae662c309e7f10cbaabe670db545f3a2a2a4a54285e548a4f9bdad6a4058b767e47a6d2318118f7ef68edbef84a3f931148c2d3fb2360ab21d52434c1f293edcf31151c33e1df2f8626304a357786fa706996ef238442d0a5459f4d2492433ab7285149f57d774fa8bee0d1fdf6ad8cf011a2baa11c785dd71530262b01c8ef48018abe92ff34c5ba943f284e94d88192c0d482dcad7f9a86977477e51c460259cfcc2a49974b34bab61fe7a1c029653013e84d73961c3b13fd22cb650372f572b1eabca7ec142119eda876cc3c665cbf886985c13ca9edb1bf2b5442b6b66782298a5692112e9f09fa3640bdba19c5fbeb14b8ca13153ca6ac8216bac41448a1ef811028a8990892092a8b8d234e19003057bbf5a4ed2fcf672c6a5c55b123e4a1781d843b9157d6fe82fecfb7ce676fadc7297f150fdf2cbd5580bc72fc62924c9f7a79f76165e917e9786b6e798b09bac448eed7444e0fe83dd79fddeb4bcbf66dece749ce1eccb36851b2b4d795b00540a8a6e1d6721cf12cb8100bfe70034c5238f184f98b2332aa65ea7cff081356e5af65255434258fc231dd10c97e465a019ecf953e15912063161dfe2775044da0c230beb2dbb12105aa31daf53d04ab6b8c86b02e42d6462d905adf68649e6aaea455528fb607f66535d5439b4a413d663862dce3c69d4118a85367f40cf8cb0d822e8445c6e371e6ebb4b53d49d36aba164c718ce399740ffce3ea14b28a3c917a9843f3dd3c67fb4e47a3e3dfd1304cf713d4d2d59bcf71f223da790986d4112ab56df41e786f791ed2fba26f1e3401e208f95343b85c060acf90fee65e0829357d4b1ead6b3924bb38980694717c8dce20dfd40ef9e669193bef181566164a963b4bd41daaa78a0c673e2b45dd56e78239bfd9c5dafab025024f9f1fc8d6104d6c52202b5057677c687e5abe39286329914444da5a55d9f7a9641b49d7dd3925230265e36b307d97b85138de9d6597a63fb7fe5b9a91f2f3a0df57f55ea7660c990f0df568067c58a223beb076291941a38a283a5a372ea3daadd52e1b15c032d5d2777a5e01c90db4997a5ddcc4e5571979c8f07d036998bbde1a7d5dcbb83dbc58aca0e0cc4f74f056ef877474f94956bc750dcae4deb77aadf093683ab61e23bdb28494c713b4b8da41fb33012aa33bd40cfe08aeb026c8ecb1ae5a32fcdbf52e35f9f04a72c0ced3e9a0c5ef2851de1653a0b685b4b1ee76a106d4d92873631e0f93761650b56eed12fcb6ee23dec1dc93ab0c2d9649b425a59af3a4805697499f0673308b7c97fea2315c58408a34ddc8193349cfc2dae1f96478fd6141f0d59254c2982d69d594bfe73045ca207ee1213296c392204c8fe6f8e3ee0e3e88162a0b5cc75a02ff9f5f6b31a0e05791928a3128027c56c5a12bd2076bc88e76f7ce4dca1c78fbb4941c2b881cb48fd813f8189ac127d70bdc0e8eab8d871605dc558a1182bd9b73b11b2f18b9484eeddaab82e70e6caa4468cb8de213294e9bd6627d04202ab40b15f841d0ce7328eb17844fd5ad6f672cbce74ab630935927819af06fef9a64ec062695191449494d8201df7df03766bae38673dd6759c0a5d1f38018a1d40c55c256824711c04c5835e39b52f818749fe7f6a9c0c808e93cb5eb1c0a854c79456694b3def586995ffa9d5762893b4b1d96e50049858dbdc5438b23426805086ad1867ae0f6cb8221d4e49c4b2ba15958edaa25fd7adc056c430ecbda10dff95e77c5c44fcb7047ee61dc04f61cfc6c429ebf183141ee5cb9b1bdea889f8ed4c5206f64fa6a9569d2bbc228939404226fdfddf408b141d7924df753490858d02834baabe43323c6cdf437f02c04765e7acba669c68ec5e14dfbd0038963571ede032941a70b64ccd8c410ccb422c3f561d0440367910158fb6281d251aeab2400a71ac40fab97bcd2f08217f3d978563306738450d141f591fa22e29bcd6537cd9a6afae8c6b0b07d1adfbe64f7595eaa5665becd0d2ff40a0aca886276acd15ed1d329bafb7b44cd49b3e3cacabc15660714eef6cbd17bb785f48d91d54a0a1ef737baef61d76bd428f431b90719e38f1be85b44197a2ea021786ab29be110466bea51042159add20fee1af9706a841f0402c968d02207817d685f358189846af4c01b7071cc232a71daf124586259b6ce84d8626bac864f751094b0c0fdd9b71fb71e39c2e1b0c8b3809e26db2895501f2dae99f261bbdcf80f84c7861775fdca36d80aa6e65783d82cf81605ba1cb009e520ad7f99dbb49701dad92d2e88998e0bcc201c20e96cf37b2ca37975a7001f25b64196c1ad89387a939ab164ec074e259c3da9103fd04d7d19f10877b9a099185d1e02155c96ef87e3ee8fab5464a298368d30261b1b8e5aa035c1edd98e461c996a4e4492c6583a23d3652f981b9c9c2e0330051efdb955628dd94bf4eda56b152249228d3dc7a91cd39d037fb5d59e3f6d1455c26493ccdb52cb0070f83d05bb290d0a9663bd1bf89045f9affab3b7e1ceff6972022ed4dad870cc972b4ff51990fe3f9176a5a52d692950cd3b4d3975df2dfdce6b24015bb0622a56c75135b49915d84df3c78f6abef6d4870d25e37d6a0a3a402da8fd05a1b3e25a14bce26819f903901941b2b59794da8f4d1f7edf8b32d96c9786bfa56eed4f8e687772048d61e3b3276446c4250c49adebcacb19e9755d8fa1b128a6a8110fefb7adb7ec1af39a6e3ba051067d481745ccc9dabf6872ceee10a7ac3c06a2850d34b8b5ffd78e89218dad60bc4ed0f5ee70990a2c4501fb179348702dfd5bbb629e9f10fd0f5535a70920abf13ff311199f58a043dbd2f99f981d761e043cebbdd62b945b3c9d085fdd3f1c2f420fac6f42db66b0a69451c7d017a0d6b34c5b5fa70fa2aead907b1107f6ac66a0228aeb8e530ae47b785a03ba6ad76e24831cdfd923987d8f595c9dffd38eb3f7917260b2a1b249d5e2b3ba4de1d288db198af38b1fef5c4d8c11cbcd95f832872b484d5ee4c852e9e61c2e11f432d70df9fe914dd1f7d14b37c918d1a81b60766cc6f69e2f85abd76f22ac66b7f27daf5d9199cd1969550c4b213a87a145f02ccf970da9fe75b292f15b1e3668a8670c3764d75fa1ea782ef24e837522728569253b2e8b4074d61bf877f614f8ca0425c487f60da64f5bc306af84501dec1adf6247b2b0b42b4ea61f9515e4763a9d09a7acc1a2a7b5ce55e12f807f2ff154adbf9140506e62118b52a823de37ef41f13fd92aa56f74d10eeb3718200a4b744bd2e476ec433da5eeb2af78da5d593a4ffc177880f9682d2d9e0597cb6387bafb3802d2b577530591d51bc121bcaee18ef8126aadc85ceb56d079177769da72cec4c975a742f1ae4ba70e13ea9260d0a353b2639d43fe6941298782c3b711ac006ec739ee8747c70f3906243ce303dbc290b38e57d3d41ec1afad2673f612a17473d4aebfa096d36f469b5ed374a6e7a40f29abba9c669fbb9691745fe91e300be6b6a1e6ce8175bb086ee60a24c7d162b8b3a3960d44f2380fabaf6a6bccff106f6273b0c8b038c12096413578b4942bef41ff5068a04642308dc0b6457cb7d510fd698b7d672e3114cf30282b6c080732ccd5f9066e39a0148425d14ee43e22e71e59b3af9bb9d30a02da60a03838cff7457305fd303cfb2469b899765e992d5105a6c1314d43f0173d9da541819be7d6e5d90e59c28fa29a34f9003ddbe0e12b6755361488f38fa8a8493f18409dbf1a24708549f1af3eb6c8060a970910f33e3f40c6983869e1ab2d41fdab25463f2d3ea05d7704c7106bd6f607cb96fb7d350176201a1da9f17559fb08567efdcaff676fceaefce45f711268e4dbb73e12fc5c789082ef4085c7b4a36892c02c3a0a780473de9fccbd8411308e25953e4e29af41c32bb91c616aac12576cd96c4ca2093f9d2a2dcc83f25b1de28b78d163c2ecfbfdc62b4347ad4eb4396eac88ef49e85d1b75f596108fa84452aaa0d53d425158167dec7a22181a992e9b5319f2badd2bf0030b5eb0728e52e85cbb17ab07a9f637214be65c803a5e3ed4035840da12b85e86ff93351fa7bccd96a63f4b79274647606b5de25ace1330ff8fcd10ba460cc4aae587eeb6c0d8537a8c8c70a39100b3b2efd051ee2f926363c1490d1aa6c04a3eb55607e732f8b57556108e320ff417b08c96ac3c3cf8a2a6ad25f38fafbf3e8cf5648a6a8cc164e2c94dc294750ea2c04d489b6d950cfb45bc6a81d56fe9cc8eec307a0d5a886a8a3ed08b0134568bbba5af05b3b85e13820157def1b80725974a7acc1e8120186a0e4de01150c8d033fd8d131f413e9299732ce08d6ea7885465d6d9d9119ead579eb86f95ebdf1b9cfbb09e8f65b2692a7c038de0e5f7555b702479ddc774f4fb9a6389652e9df4b03bcc7f56b3c3db9cf0e706fd06fa5ee7779e16da40f093bb8be8794e43ae35c5b530b7f45fdfd839aebd72184f205ca59a1b7266809f52252da2b43f0409bc5064c891f18121788bb35c73b626970df3ffdb04bba6c908c20cfeaa12c177f19772b56d4584e84a47013df7740b0e4dea402f30d1353d368e979e415ae4d5c3c770751d32b3cbe9a5708857e704fa58a47f8c0f5363afa40466af98c1262681f4f8cdeb975f48238fc06e0dc9a191dd9082c60adca9b019ba7d7e9cd067d81143314be0260999768767d94d47812f67dd184d0e3578261a49d7861", 0x1000)

resource: &{{11304 1} 0 0 0 map[0xc0003a04e0:true]} *prog.ResultArg zero_fd out
new testcase:
r0 = openat$zero_syzgen(0xffffffffffffff9c, &(0x7f0000001000), 0x20002, 0x0)
syz_invoke_driver$check_resource(0x1, r0, 0x0)

tmpojo7_pg4_poc 100% 17KB 14.1MB/s 00:00
/root
tmp0jxolkxz_poc 100% 20KB 14.7MB/s 00:00
/root
INFO | 2024-05-30 15:33:32,551 | syzgen.debugger.proxy | start server, waiting for debugger to connect...
ERROR | 2024-05-30 15:35:32,651 | syzgen.debugger.proxy | failed to connect to debugger
qemu-system-x86_64: terminating on signal 15 from pid 1817906 (python3)

[Symatrix6]

So I used the following command instead (not sure if it is correct, but the program seems to be running normally) python3 main.py --target zero -s FIND_CMD --dynamic

Hi, I am also running the same command as you do, but I crashed a little bit earlier than you. The error message shows that I don't have a executable file called syz-syzgen. I searched your log and found this line:

GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-syzgen github.com/google/syzkaller/tools/syz-syzgen

... but I could not find syskaller/tools/syz-syzgen in my syzkaller. I thought it was because the syzkaller I used was too new, so I searched for GitRevision in your line, but I could not find the git revision in syzkaller's commit. Going back to syzkaller before gitRevisionDate 20230315 did not help either. Could you please tell me how to get syz-syzgen? Thanks in advance!

[FINatiend]

So I used the following command instead (not sure if it is correct, but the program seems to be running normally) python3 main.py --target zero -s FIND_CMD --dynamic

Hi, I am also running the same command as you do, but I crashed a little bit earlier than you. The error message shows that I don't have a executable file called syz-syzgen. I searched your log and found this line:

GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cb30bdee3e77c679054ea2ca001a3b3cbdfa183f+ -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230315-002626'" -o ./bin/syz-syzgen github.com/google/syzkaller/tools/syz-syzgen

... but I could not find syskaller/tools/syz-syzgen in my syzkaller. I thought it was because the syzkaller I used was too new, so I searched for GitRevision in your line, but I could not find the git revision in syzkaller's commit. Going back to syzkaller before gitRevisionDate 20230315 did not help either. Could you please tell me how to get syz-syzgen? Thanks in advance!

Make sure the syzkaller branch you are using is the syzgen branch, you can get the relevant commands in setup.sh
git clone -b syzgen https://github.com/CvvT/syzkaller.git
Configuring according to setup.sh can reduce many errors

[Symatrix6]

Make sure the syzkaller branch you are using is the syzgen branch, you can get the relevant commands in setup.sh git clone -b syzgen https://github.com/CvvT/syzkaller.git Configuring according to setup.sh can reduce many errors

Thanks for replying! I met the same problem as you did, and I did a little debugging. It turns out that in syzgen/vm/init.py function attach_debugger(), there is a self.suspend() that blocks the following execution of debugger. I don't understand the meaning of it, but it seems removing it from code works fine.

However, I met another bug here, which relates to the angr and z3 solver. If I don't add "--dynamic" flag, it will use static analyzer, which crashed with "ValueError: Exceeds the limit (4300) for integer string conversion: value has 9807 digits". The full crash log is listed below:

Traceback (most recent call last):
  File "/home/sy/SyzGenPlusPlus/syzgen/analysis/explore/__init__.py", line 114, in explore
    simgr = self.step(simgr)
  File "/home/sy/SyzGenPlusPlus/syzgen/analysis/explore/__init__.py", line 234, in step
    return simgr.step()
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_manager.py", line 383, in step
    successors = self.step_state(state, successor_func=successor_func, **run_args)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_manager.py", line 423, in step_state
    successors = self.successors(state, successor_func=successor_func, **run_args)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_manager.py", line 467, in successors
    return self._project.factory.successors(state, **run_args)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/factory.py", line 60, in successors
    return self.default_engine.process(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/slicing.py", line 19, in process
    return super().process(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/engine.py", line 158, in process
    self.process_successors(self.successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/failure.py", line 21, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/syscall.py", line 18, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/hook.py", line 54, in process_successors
    return super().process_successors(successors, procedure=procedure, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/unicorn.py", line 303, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/soot/engine.py", line 65, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/heavy.py", line 151, in process_successors
    self.handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/super_fastpath.py", line 24, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/slicing.py", line 26, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/actions.py", line 30, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/inspect.py", line 45, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/light.py", line 448, in handle_vex_block
    self._handle_vex_defaultexit(irsb.next, irsb.jumpkind)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/slicing.py", line 36, in _handle_vex_defaultexit
    super()._handle_vex_defaultexit(expr, jumpkind)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/light.py", line 451, in _handle_vex_defaultexit
    self._perform_vex_defaultexit(
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/actions.py", line 200, in _perform_vex_defaultexit
    super()._perform_vex_defaultexit(target, jumpkind)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/heavy.py", line 321, in _perform_vex_defaultexit
    self.successors.add_successor(self.state, expr, self.state.scratch.guard, jumpkind,
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/successors.py", line 123, in add_successor
    self._preprocess_successor(state, add_guard=add_guard)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/successors.py", line 169, in _preprocess_successor
    state._inspect('fork', BP_AFTER)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_state.py", line 385, in _inspect
    self.inspect.action(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/inspect.py", line 282, in action
    bp.fire(self.state)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/inspect.py", line 226, in fire
    self.action(state)
  File "/home/sy/SyzGenPlusPlus/syzgen/analysis/plugins/fork_manager.py", line 41, in _fork_profile_onFork
    if not state.solver.satisfiable(extra_constraints=(state.history.jump_guard, )):
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/sim_action_object.py", line 57, in ast_stripper
    return f(*new_args, **new_kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/solver.py", line 89, in wrapped_f
    return f(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/solver.py", line 655, in satisfiable
    return self._solver.satisfiable(extra_constraints=self._adjust_constraint_list(extra_constraints), exact=exact)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontend_mixins/constraint_filter_mixin.py", line 34, in satisfiable
    return super(ConstraintFilterMixin, self).satisfiable(extra_constraints=ec, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontend_mixins/sat_cache_mixin.py", line 44, in satisfiable
    r = super(SatCacheMixin, self).satisfiable(
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontends/composite_frontend.py", line 303, in satisfiable
    return self.check_satisfiability(extra_constraints=extra_constraints, exact=exact) == 'SAT'
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontends/composite_frontend.py", line 280, in check_satisfiability
    extra_solver_satness = extra_solver.check_satisfiability(extra_constraints=extra_constraints, exact=exact)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontends/full_frontend.py", line 96, in check_satisfiability
    return self._solver_backend.check_satisfiability(
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/__init__.py", line 624, in check_satisfiability
    return self._check_satisfiability(extra_constraints=self.convert_list(extra_constraints), solver=solver, model_callback=model_callback)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/__init__.py", line 635, in _check_satisfiability
    return 'SAT' if self.satisfiable(extra_constraints=extra_constraints, solver=solver, model_callback=model_callback) else 'UNSAT'
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/__init__.py", line 646, in satisfiable
    return self._satisfiable(extra_constraints=self.convert_list(extra_constraints), solver=solver, model_callback=model_callback)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 766, in _satisfiable
    model_callback(self._generic_model(solver.model()))
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 752, in _generic_model
    model[n] = self._abstract_to_primitive(me.ctx.ctx, me.ast)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 536, in _abstract_to_primitive
    return self._abstract_bv_val(ctx, ast)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 587, in _abstract_bv_val
    return int(z3.Z3_get_numeral_string(ctx, ast))
ValueError: Exceeds the limit (4300) for integer string conversion: value has 9807 digits; use sys.set_int_max_str_digits() to increase the limit

It looks like angr is not compatible with z3, but I am not sure. Did you try to remove "--dynamic" option and got similar warnings?

[FINatiend]

Make sure the syzkaller branch you are using is the syzgen branch, you can get the relevant commands in setup.sh git clone -b syzgen https://github.com/CvvT/syzkaller.git Configuring according to setup.sh can reduce many errors

Thanks for replying! I met the same problem as you did, and I did a little debugging. It turns out that in syzgen/vm/init.py function attach_debugger(), there is a self.suspend() that blocks the following execution of debugger. I don't understand the meaning of it, but it seems removing it from code works fine.感谢您的回复！我遇到了和你一样的问题，并进行了一番调试。原来，在 syzgen/vm/init.py 函数 attach_debugger()中，有一个 self.suspend()会阻止调试器的后续执行。我不明白它的含义，但似乎从代码中删除它就能正常工作。

However, I met another bug here, which relates to the angr and z3 solver. If I don't add "--dynamic" flag, it will use static analyzer, which crashed with "ValueError: Exceeds the limit (4300) for integer string conversion: value has 9807 digits". The full crash log is listed below:不过，我在这里遇到了另一个 bug，它与 angr 和 z3 求解器有关。如果我不添加"--动态 "标记，它就会使用静态分析器，结果会出现 "ValueError：Exceeds the limit (4300) for integer string conversion: value has 9807 digits"。完整的崩溃日志如下：

Traceback (most recent call last):
  File "/home/sy/SyzGenPlusPlus/syzgen/analysis/explore/__init__.py", line 114, in explore
    simgr = self.step(simgr)
  File "/home/sy/SyzGenPlusPlus/syzgen/analysis/explore/__init__.py", line 234, in step
    return simgr.step()
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_manager.py", line 383, in step
    successors = self.step_state(state, successor_func=successor_func, **run_args)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_manager.py", line 423, in step_state
    successors = self.successors(state, successor_func=successor_func, **run_args)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_manager.py", line 467, in successors
    return self._project.factory.successors(state, **run_args)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/factory.py", line 60, in successors
    return self.default_engine.process(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/slicing.py", line 19, in process
    return super().process(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/engine.py", line 158, in process
    self.process_successors(self.successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/failure.py", line 21, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/syscall.py", line 18, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/hook.py", line 54, in process_successors
    return super().process_successors(successors, procedure=procedure, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/unicorn.py", line 303, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/soot/engine.py", line 65, in process_successors
    return super().process_successors(successors, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/heavy.py", line 151, in process_successors
    self.handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/super_fastpath.py", line 24, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/slicing.py", line 26, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/actions.py", line 30, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/inspect.py", line 45, in handle_vex_block
    super().handle_vex_block(irsb)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/light.py", line 448, in handle_vex_block
    self._handle_vex_defaultexit(irsb.next, irsb.jumpkind)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/slicing.py", line 36, in _handle_vex_defaultexit
    super()._handle_vex_defaultexit(expr, jumpkind)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/light/light.py", line 451, in _handle_vex_defaultexit
    self._perform_vex_defaultexit(
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/actions.py", line 200, in _perform_vex_defaultexit
    super()._perform_vex_defaultexit(target, jumpkind)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/vex/heavy/heavy.py", line 321, in _perform_vex_defaultexit
    self.successors.add_successor(self.state, expr, self.state.scratch.guard, jumpkind,
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/successors.py", line 123, in add_successor
    self._preprocess_successor(state, add_guard=add_guard)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/engines/successors.py", line 169, in _preprocess_successor
    state._inspect('fork', BP_AFTER)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/sim_state.py", line 385, in _inspect
    self.inspect.action(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/inspect.py", line 282, in action
    bp.fire(self.state)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/inspect.py", line 226, in fire
    self.action(state)
  File "/home/sy/SyzGenPlusPlus/syzgen/analysis/plugins/fork_manager.py", line 41, in _fork_profile_onFork
    if not state.solver.satisfiable(extra_constraints=(state.history.jump_guard, )):
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/sim_action_object.py", line 57, in ast_stripper
    return f(*new_args, **new_kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/solver.py", line 89, in wrapped_f
    return f(*args, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/angr/state_plugins/solver.py", line 655, in satisfiable
    return self._solver.satisfiable(extra_constraints=self._adjust_constraint_list(extra_constraints), exact=exact)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontend_mixins/constraint_filter_mixin.py", line 34, in satisfiable
    return super(ConstraintFilterMixin, self).satisfiable(extra_constraints=ec, **kwargs)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontend_mixins/sat_cache_mixin.py", line 44, in satisfiable
    r = super(SatCacheMixin, self).satisfiable(
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontends/composite_frontend.py", line 303, in satisfiable
    return self.check_satisfiability(extra_constraints=extra_constraints, exact=exact) == 'SAT'
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontends/composite_frontend.py", line 280, in check_satisfiability
    extra_solver_satness = extra_solver.check_satisfiability(extra_constraints=extra_constraints, exact=exact)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/frontends/full_frontend.py", line 96, in check_satisfiability
    return self._solver_backend.check_satisfiability(
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/__init__.py", line 624, in check_satisfiability
    return self._check_satisfiability(extra_constraints=self.convert_list(extra_constraints), solver=solver, model_callback=model_callback)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/__init__.py", line 635, in _check_satisfiability
    return 'SAT' if self.satisfiable(extra_constraints=extra_constraints, solver=solver, model_callback=model_callback) else 'UNSAT'
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/__init__.py", line 646, in satisfiable
    return self._satisfiable(extra_constraints=self.convert_list(extra_constraints), solver=solver, model_callback=model_callback)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 766, in _satisfiable
    model_callback(self._generic_model(solver.model()))
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 752, in _generic_model
    model[n] = self._abstract_to_primitive(me.ctx.ctx, me.ast)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 536, in _abstract_to_primitive
    return self._abstract_bv_val(ctx, ast)
  File "/home/sy/SyzGenPlusPlus/fuzz/lib/python3.10/site-packages/claripy/backends/backend_z3.py", line 587, in _abstract_bv_val
    return int(z3.Z3_get_numeral_string(ctx, ast))
ValueError: Exceeds the limit (4300) for integer string conversion: value has 9807 digits; use sys.set_int_max_str_digits() to increase the limit

It looks like angr is not compatible with z3, but I am not sure. Did you try to remove "--dynamic" option and got similar warnings?看起来 angr 与 z3 不兼容，但我不确定。你是否尝试删除"--dynamic"（动态）选项并得到类似的警告？

No warning appears after removing --dynamic flag

[Symatrix6]

No warning appears after removing --dynamic flag

Then it should be my environment setting problem. Could you please tell me the version of angr and z3 solver you use?