syzkaller icon indicating copy to clipboard operation
syzkaller copied to clipboard

Published 20 hours ago verified publisher icon google

pkg/repro: consider jobs in the repro queue when fuzzing

Open ramosian-glider opened this issue 1 year ago • 3 comments

When a new crash is discovered, it is put into the repro queue, and stays there until one of the VMs becomes free.

With physical devices serving as VMs, this may take up to an hour, when the fuzzing process is aborted and the VM is rebooted.

It might be good to abort fuzzing earlier when the repro queue is not empty.

ramosian-glider avatar Jan 10 '24 10:01 ramosian-glider

We should already do this here: https://github.com/google/syzkaller/blob/b438bd66d6f95113d52f25c25bfef0e963c8ce8d/syz-manager/manager.go#L403-L405

Perhaps you have some VMs reserved for fuzzing?

dvyukov avatar Jan 10 '24 10:01 dvyukov

No, I have explicitly commented out fuzzing_vms from the config before running the manager.

ramosian-glider avatar Jan 10 '24 10:01 ramosian-glider

We should already do this here:

This specific problem appeared when the crash was discovered during corpus triaging. In that case, canRepro() was false.

a-nogikh avatar Jan 10 '24 11:01 a-nogikh