Failing unserviceable task #2706
Description
Failing unserviceable task
- I am running the latest version
- I did read the README!
- I checked the documentation and found no answer
- I checked to make sure that this issue has not already been filed
- I'm reporting the issue to the correct repository (for multi-repository projects)
- I have read and checked all configs (with all optional parts)
Expected Behavior
Once submitting a payload, capev2 should run the vm and start the analysis
Current Behavior
After I submitted the malicious software, capev2 failed to operate kvm as expected
Failure Information (for bugs)
- I think this might be a permission issue, but I'm not sure if it's a bug.
- Whether the virtual machine is started or not, capev2 cannot turn the machine on or off
- I'm able to use virsh --connect qemu:///system list --all from the cape user, and run the vm.
- There may be a crucial mistake here
libvirt.libvirtError: operation failed: domain is not running
- After the installation of CapeV2 is completed, has Linux been restarted?
- yes
- Has CapeV2 been successfully run after installation
- Yes, but it only ran successfully once. After Linux restarted, capev2 failed to run
- The attempts I have made
- Restart the cape service
- Restart the libvirtd service
Steps to Reproduce
Please provide detailed steps for reproducing the issue.
1.submit payload
- Takes a while
- Get failed_analysis
Configuration
kvm.conf
[kvm]
machines = win10
interface = virbr1
dsn = qemu:///system
[cape1]
label = cape1
platform = linux
ip = 192.168.66.1
arch = x64
[win10]
label = win10
platform = windows
ip = 192.168.66.166
snapshot = win10sandbox
arch = x64
Failure Logs
2025-09-24 02:52:11,151 [lib.cuckoo.core.machinery_manager] INFO: Using MachineryManager[kvm] with max_machines_count=10
2025-09-24 02:52:11,151 [lib.cuckoo.core.scheduler] INFO: Creating scheduler with max_analysis_count=unlimited
2025-09-24 02:52:11,177 [lib.cuckoo.core.machinery_manager] INFO: Loaded 1 machine
2025-09-24 02:52:11,202 [lib.cuckoo.core.machinery_manager] INFO: max_vmstartup_count for BoundedSemaphore = 5
2025-09-24 02:52:11,203 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks
2025-09-24 03:00:53,743 [lib.cuckoo.core.machinery_manager] INFO: Task #13: found useable machine win10 (arch=x64, platform=windows)
2025-09-24 03:00:53,743 [lib.cuckoo.core.scheduler] INFO: Task #13: Processing task
2025-09-24 03:00:53,772 [lib.cuckoo.core.analysis_manager] INFO: Task #13: File already exists at '/opt/CAPEv2/storage/binaries/be808fba3f74f9083abf04b2f2725cc46c79ba71368564a1338aaca9990f73fb'
2025-09-24 03:00:53,773 [lib.cuckoo.core.analysis_manager] INFO: Task #13: Starting analysis of FILE '/tmp/cuckoo-tmp/upload_3006c4px/mbr.exe'
2025-09-24 03:01:08,033 [lib.cuckoo.core.analysis_manager] ERROR: Task #13: Unable to restore snapshot win10sandbox on virtual machine win10
Traceback (most recent call last):
File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 434, in start
self.vms[label].revertToSnapshot(snapshot, flags=0)
File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/libvirt.py", line 2456, in revertToSnapshot
raise libvirtError('virDomainRevertToSnapshot() failed')
libvirt.libvirtError: operation failed: domain is not running
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 310, in machine_running
self.machinery_manager.start_machine(self.machine)
File "/opt/CAPEv2/lib/cuckoo/core/machinery_manager.py", line 305, in start_machine
self.machinery.start(machine.label)
File "/opt/CAPEv2/modules/machinery/kvm.py", line 37, in start
super(KVM, self).start(label)
File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 437, in start
raise CuckooMachineError(msg) from e
lib.cuckoo.common.exceptions.CuckooMachineError: Unable to restore snapshot win10sandbox on virtual machine win10
2025-09-24 03:01:08,084 [lib.cuckoo.core.analysis_manager] ERROR: Task #13: failure in AnalysisManager.run
Traceback (most recent call last):
File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 434, in start
self.vms[label].revertToSnapshot(snapshot, flags=0)
File "/home/cape/.cache/pypoetry/virtualenvs/capev2-t2x27zRb-py3.12/lib/python3.12/site-packages/libvirt.py", line 2456, in revertToSnapshot
raise libvirtError('virDomainRevertToSnapshot() failed')
libvirt.libvirtError: operation failed: domain is not running
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 310, in machine_running
self.machinery_manager.start_machine(self.machine)
File "/opt/CAPEv2/lib/cuckoo/core/machinery_manager.py", line 305, in start_machine
self.machinery.start(machine.label)
File "/opt/CAPEv2/modules/machinery/kvm.py", line 37, in start
super(KVM, self).start(label)
File "/opt/CAPEv2/lib/cuckoo/common/abstracts.py", line 437, in start
raise CuckooMachineError(msg) from e
lib.cuckoo.common.exceptions.CuckooMachineError: Unable to restore snapshot win10sandbox on virtual machine win10
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 511, in run
self.launch_analysis()
File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 472, in launch_analysis
success = self.perform_analysis()
^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 456, in perform_analysis
with self.machine_running(), self.result_server(), self.network_routing(), self.run_auxiliary():
File "/usr/lib/python3.12/contextlib.py", line 137, in __enter__
return next(self.gen)
^^^^^^^^^^^^^^
File "/opt/CAPEv2/lib/cuckoo/core/analysis_manager.py", line 335, in machine_running
raise CuckooDeadMachine(self.machine.name) from e
lib.cuckoo.core.analysis_manager.CuckooDeadMachine: win10 is dead!
2025-09-24 03:01:08,818 [lib.cuckoo.core.scheduler] INFO: Task #13: Failing unserviceable task