| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
No extra changes, just a newer Docker container to minimize noise in the
following commits.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
It seems incredibly difficult to clean up the side effects of this
kernel functionality.
Keep it enabled only on a new config dedicated specifically for the
snapshot-based instance.
Closes #5956.
|
| |
|
|
| |
Enable RUST as well as other Rust-related configs.
|
| |
|
|
| |
The bugs that were popping up during image tests now seem to be fixed.
|
| |
|
|
|
|
|
|
|
| |
A config bisection between our LTS and Android configs have pointed to
the SERIAL_8250_RUNTIME_UARTS option determining whether the kernel
will hang during boot in qemu.
Set SERIAL_8250_RUNTIME_UARTS=4 on our Android kernels to make them
bootable.
|
| |
|
|
| |
Use the latest linux-next and torvalds releases.
|
| | |
|
| | |
|
| |
|
|
| |
To enable new USB drivers from the distro configs added in the last patch.
|
| |
|
|
| |
Regenerate the configs using the latest Linux revisions.
|
| |
|
|
|
| |
1) Migration to a new Docker image changed toolchain versions.
2) Regenerate cuttlefish configs that were previously omitted.
|
| |
|
|
| |
This will let users boot directly from the vmlinux file.
|
| |
|
|
|
|
|
| |
Bump the Android kernels to their latest SHAs and generate
the kernel configs using tools/syz-env.
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d341bdbd6837aa0214ee9dfd1c3ddfc58c2a0c9c.
The bump of CONFIG_FRAME_WARN was done for Android 5.10 with the hope
to get rid of the -Wframe-larger-than errors that were hit when
KASAN_STACK && CC_IS_CLANG were set. Unfortunately this didn't fix the
build as the stack instrumentation when using clang is broken and the
errors were hit again as we can't predict the increase of the stack. The
fix is to disable CONFIG_WERROR which now is done because we just bumped
the Android 5.10 kernel config (which contains CONFIG_WERROR=y) and the
kernel config tweak that disables CONFIG_WERROR now does its job
(see dashboard/config/linux/bits/base.yml).
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
|
| |
|
|
|
|
|
| |
Update configs to latest android12-5.4-lts. Get rid of
CONFIG_REFCOUNT_FULL as the patch removing it got integrated.
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
|
| |
|
|
|
| |
We are not able to build Android 5.10 because of that warning for
already more than 100 days. Just in case bump it for all Androids.
|
| | |
|
| |
|
|
|
|
|
| |
Update the configs to the latest Linux versions: v6.2-rc5 and
next-20230124.
Enable CONFIG_NMI_CHECK_CPU and rcupdate.rcu_cpu_stall_cputime.
|
| |
|
|
|
| |
See discussion here about why this affected android 5.4:
https://github.com/google/syzkaller/pull/3518#issuecomment-1313533618
|
| |
|
|
|
| |
Enable some new configs that are reachable in VMs
and some new debugging configs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update linux upstream configs to the latest mainline/linux-next tags.
- RANDOM_TRUST_CPU was removed (defaults to y)
- RANDOM_TRUST_BOOTLOADER was removed (defaults to y)
- X86_SGX now requires X86_X2APIC
- DRM_VMWGFX_FBCON was removed
- ANDROID was removed
- NFT_OBJREF was removed
- CAN_SLCAN now requires new CAN_NETLINK
- CRYPTO_BLAKE2S was split into CRYPTO_BLAKE2S_X86 and CRYPTO_BLAKE2S_ARM
- DEBUG_VM_VMACACHE was removed
- CONTEXT_TRACKING_FORCE was removed
- DRM_DP_AUX_CHARDEV now requires DRM_I915 (or some other DRM driver)
- CRYPTO_SM4 was split into x86_64 amd arm64 configs
- ARM_CRYPTO was removed
- BINFMT_SHARED_FLAT was removed
Also update all configs that were marked as linux-next.
|
| |
|
|
|
|
|
|
| |
They are actually enabled now but merely because they are inherited from def configs.
Enable them explicitly.
But coredump_filter=0xffff cmd line argument is useful,
it will allow to test more parts of the core dumping functionality.
|
| |
|
|
| |
Also, factor emulation-dependent consts into a separate file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Randomly changing MSRs can have unpredictable results.
We tried to protect from writes on descriptions level,
but it does not work well, the fuzzer has figured out:
03:37:28 executing program 3:
syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
pwritev(r0, ...)
Fortunately there is a command line argument that disables all writes.
Use it instead.
Note: older kernels will need:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7e1f67ed29f
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02a16aa13574
|
| |
|
|
|
|
| |
As asked by Hillf here:
https://lore.kernel.org/all/20220419134616.GE4285@paulmck-ThinkPad-P17-Gen-1/
This config can provide more precise diagnostic for some bugs.
|
| |
|
|
|
|
| |
Switch arm64 instances to clang.
Enable KCOV for arm64.
Regenerate configs with clang13.
|
| |
|
|
|
|
|
|
|
| |
Move CONFIG_AID_FOR_SYZBOT to verbatim since it has for some reason
disappeared from the linux-next tree.
Add CONFIG_RCU_EXP_CPU_STALL_TIMEOUT and set it to the maximum value.
Otherwise it overwhelms syzbot with `INFO: rcu_preempt detected
expedited stalls on CPUs/tasks` crashes.
|
| |
|
|
|
|
| |
make configs uses host compilers.
This produces constant diffs in the generated configs related to different compiler versions.
Suggest to run make configs under syz-env and check-in configs produced this way.
|
| |
|
|
|
|
|
| |
5.15 was released, update a few TODOs that were dependent on 5.15 being
properly released.
Re-generate all configs.
|
| |
|
|
|
|
| |
Also, create only 2 binder devices at binderfs creation - we don't need
32 devices anymore, as a separate binderfs instance is now created per
each syz-executor.
|
| |
|
|
|
|
|
|
|
|
|
| |
I think it's secretmem.enable rather than secretmem_enable.
I can't find any useful docs. Here:
module_param_named(enable, secretmem_enable, bool, 0400);
What is the param name?
If it's prefixed with module name, what's the module name for non-modules?
What are the values for bool flags? Does no value at all enable it?
|
| |
|
|
|
|
|
| |
secretmem_enable is required to enable memfd_secret syscall:
https://elixir.bootlin.com/linux/v5.15-rc6/source/mm/secretmem.c#L202
(the android 5.10 base config was not generated on HEAD somehow)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a number of one-off "BUG: stack guard page was hit" bugs:
https://syzkaller.appspot.com/bug?extid=b9419ddbdb57ce0e7f36
https://syzkaller.appspot.com/bug?extid=1ea34900b9a6fb8526c4
https://syzkaller.appspot.com/bug?extid=cd2009ad04934b665765
https://syzkaller.appspot.com/bug?extid=4e1ccdc40f48e600d960
Most likely these have the same root cause (recursion via call_netdevice_notifiers),
and we should attribute them to one of top frames as we do for stalls.
But we can't do this because in all these cases the stack is truncated and ends with:
Lost 408 message(s)!
Lost 394 message(s)!
Lost 519 message(s)!
These messages come from kernel/printk/printk_safe.c and happen when
a "safe" buffer overflows. Increasing CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT
should help to get complete parsable stack traces.
The default value is 13 (8K).
The largest number of lost lines I found is 519 and the longest
line in the stack trace is 67 bytes. So that's 67*519+8K = 42965.
Increase the config to 16 (64K).
There are 2 such buffers per CPU (safe and nmi), so this will
increase memory consumption to 128K per CPU. Should be fine.
|
| |
|
|
|
| |
Move the sysctl into config, so that kernels can opt out of it if necessary
(not all kernels enable it and interested in testing).
|
| |
|
|
|
| |
PAGE_OWNER allows to get alloc/free stacks for UAFs on freed pages,
which is useful for debugging of such reports.
|
| |
|
|
|
|
|
|
| |
netdev_unregister_timeout_secs
Disable CONFIG_PCPU_DEV_REFCNT, it should provide refcount underflow detection.
Set netdev_unregister_timeout_secs to the timeout used for task hung detection,
it should avoid false "unregister_netdevice: waiting for DEV to become free" crashes.
|
| | |
|
| |
|
|
|
|
|
|
| |
Move x86-specific cmdline parameter to x86_64.yml.
Remove redundant cmdline parameters (defined by kernel configs).
Move vivid/nr_devs parameters to arch configs.
Disable bluetooth/wireless/hamradio in non-x86 configs,
non-x86 instances are slow, so the intention is to reduce test space.
|
| |
|
|
|
|
| |
It feels that they belong better to x86_64 rather than subsystems.
These are x86-specific and we need compat in baseline config as well
and it's enabled there today anyway.
|
| |
|
|
| |
These instances ignore WARNINGs, so they don't want panic_on_warn.
|
| |
|
|
| |
This is required for proper testing of BPF_LSM (syz_btf_id_by_name).
|
| |
|
|
|
|
| |
Qemu emulation makes execution slower so we need to scale all
hang/stall timeouts as well. Scale them by 3 to account for
sys/targets.Timeouts.Scale which is set to 3.
|
| |
|
|
| |
I don't think we need it. We disable RANDOMIZE_BASE.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add arm64 config for qemu.
The config disables lots of hardware drivers enabled by defconfig,
we don't test them but they slow down boot a lot.
Some similar changes to common config bits were required as well.
For example, disabling some I2C, tablet, etc drivers.
Update #2171
|
| |
|
|
| |
Fixes #2339
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ESD_FS/INCREMENTAL_FS were supposed to be enabled in full config only,
but they were enabled only in baseline config.
Split chromeos.yml to chromeos.yml and chromeos-subsystems.yml
to avoid this mistake in future and the need to write [-baseline].
Also enabled UBS_CONFIG_FS as it seems to be enabled on real devices.
Do the same for Android.
|
| | |
|
| |
|
|
|
|
|
| |
Android stopped booting on GCE after the config update:
https://syzkaller.appspot.com/bug?id=14d0e93b7c644132089efdc7e3c8ac595b18d448
(can't find root device).
Let's try to enable kvm_guest for android.
|
