slow syz-executor?

18 views
Skip to first unread message

Joey Jiao

unread,
Sep 30, 2022, 3:01:48 AMSep 30
to syzkaller
Hi,
I wrote a simple open and then write corpus to compare the execution speed with and without running by syz-executor.
It looks like running under syz-executor slows 60 times.
Any possible to accelarate it? I might slowdown the fuzz, right?

# /system/bin/time -v ./syz-execprog -repeat=1 -output -collide=0 ./poc.log
2022/09/30 01:34:36 parsed 1 programs
2022/09/30 01:34:36 code coverage           : CONFIG_KCOV is not enabled
2022/09/30 01:34:36 comparison tracing      : CONFIG_KCOV is not enabled
2022/09/30 01:34:36 extra coverage          : CONFIG_KCOV is not enabled
2022/09/30 01:34:36 delay kcov mmap         : CONFIG_KCOV is not enabled
2022/09/30 01:34:36 setuid sandbox          : enabled
2022/09/30 01:34:36 namespace sandbox       : /proc/self/ns/user does not exist
2022/09/30 01:34:36 Android sandbox         : enabled
2022/09/30 01:34:36 fault injection         : CONFIG_FAULT_INJECTION is not enabled
2022/09/30 01:34:36 leak checking           : CONFIG_DEBUG_KMEMLEAK is not enabled
2022/09/30 01:34:36 net packet injection    : enabled
2022/09/30 01:34:36 net device setup        : enabled
2022/09/30 01:34:36 concurrency sanitizer   : /sys/kernel/debug/kcsan does not exist
2022/09/30 01:34:36 devlink PCI setup       : PCI device 0000:00:10.0 is not available
2022/09/30 01:34:36 NIC VF setup            : PCI device 0000:00:11.0 is not available
2022/09/30 01:34:36 USB emulation           : /dev/raw-gadget does not exist
2022/09/30 01:34:36 hci packet injection    : /dev/vhci does not exist
2022/09/30 01:34:36 wifi device emulation   : /sys/class/mac80211_hwsim/ does not exist
2022/09/30 01:34:36 802.15.4 emulation      : /sys/bus/platform/devices/mac802154_hwsim does not exist
2022/09/30 01:34:36 executed programs: 0
2022/09/30 01:34:36 executing program 1:
openat$test(0xffffffffffffff9c, &(0x7f0000001000)='./file0\x00', 0x191042, 0x0)
write$test(0xffffffffffffffff, &(0x7f0000000100)='Q', 0x1)
Real time (s): 2.091598
User time (s): 0.483405
System time (s): 0.398648
Max RSS (KiB): 34032
Major faults: 99
Minor faults: 6284
File system inputs: 23728
File system outputs: 48
Voluntary context switches: 723
Involuntary context switches: 181
# /system/bin/time -v ./syz-execprog -repeat=1  -collide=0 ./poc.log
2022/09/30 01:34:55 parsed 1 programs
2022/09/30 01:34:55 executed programs: 0
Real time (s): 0.845164
User time (s): 0.461893
System time (s): 0.296582
Max RSS (KiB): 34232
Major faults: 2
Minor faults: 6400
File system inputs: 0
File system outputs: 16
Voluntary context switches: 819
Involuntary context switches: 151

// compile poc.log to c prog
/data/local/tmp # /system/bin/time -v ./poc
Real time (s): 0.013186
User time (s): 0.000000
System time (s): 0.002914
Max RSS (KiB): 3472
Major faults: 1
Minor faults: 19
File system inputs: 544
File system outputs: 0
Voluntary context switches: 1
Involuntary context switches: 2


THX
Joey

Dmitry Vyukov

unread,
Sep 30, 2022, 3:09:48 AMSep 30
to Joey Jiao, syzkaller
Hi Joey,

Did you convert the syzkaller program to C program with maximum
enabled options (syz-prog2c -threaded -sandbox=none -segv -tmpdir
-enable=all etc)? Otherwise it's not doing as much as the syz-executor
version.

Also syz-executor is expected to run multiple programs. If you repeat
the test 100 times, does it still show such a big difference?
Reply all
Reply to author
Forward
0 new messages