| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Ext4 is necessary for normal boot, enable it unconditionally in base.
|
| |
|
|
| |
Disable rust by default for all instance, only enabling it where it's specified.
|
| |
|
|
| |
Use v6.18-rc1 and the latest linux-next tag.
|
| | |
|
| |
|
|
|
| |
It must have been fixed since Linux 5.18 and Clang 13.
See #5773.
|
| |
|
|
|
| |
The kernel is not able to pass the test at the moment. See:
https://lore.kernel.org/all/66eb52dc.050a0220.92ef1.0006.GAE@google.com/T/
|
| |
|
|
|
| |
Regenerate the configs using the latest mainline, linux-next and stable
versions.
|
| |
|
|
|
| |
It's not the default for most kernels, so it makes sense to test it more.
E.g. for KCSAN, KMSAN we have only 1 instance, makes sense to test LRU_GEN.
|
| |
|
|
|
|
|
| |
KMSAN is currently reporting boot-time false positives in debugging code
called from stackdepot.c (see https://github.com/google/syzkaller/issues/4504)
Disable CONFIG_DEBUG_LIST under KMSAN until the fix lands.
|
| |
|
|
| |
Regenerate the configs using the latest Linux revisions.
|
| |
|
|
|
|
|
| |
Allow modules in config if `modules` are specified in main.yml.
Added Cuttlefish instances for android13-5.10, android13-5.15, and
android14-5.15 branches.
|
| |
|
|
|
|
|
| |
Update configs to latest android12-5.4-lts. Get rid of
CONFIG_REFCOUNT_FULL as the patch removing it got integrated.
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Update the configs to the latest Linux versions: v6.2-rc5 and
next-20230124.
Enable CONFIG_NMI_CHECK_CPU and rcupdate.rcu_cpu_stall_cputime.
|
| |
|
|
|
| |
Enable some new configs that are reachable in VMs
and some new debugging configs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update linux upstream configs to the latest mainline/linux-next tags.
- RANDOM_TRUST_CPU was removed (defaults to y)
- RANDOM_TRUST_BOOTLOADER was removed (defaults to y)
- X86_SGX now requires X86_X2APIC
- DRM_VMWGFX_FBCON was removed
- ANDROID was removed
- NFT_OBJREF was removed
- CAN_SLCAN now requires new CAN_NETLINK
- CRYPTO_BLAKE2S was split into CRYPTO_BLAKE2S_X86 and CRYPTO_BLAKE2S_ARM
- DEBUG_VM_VMACACHE was removed
- CONTEXT_TRACKING_FORCE was removed
- DRM_DP_AUX_CHARDEV now requires DRM_I915 (or some other DRM driver)
- CRYPTO_SM4 was split into x86_64 amd arm64 configs
- ARM_CRYPTO was removed
- BINFMT_SHARED_FLAT was removed
Also update all configs that were marked as linux-next.
|
| |
|
|
|
|
|
|
| |
They are actually enabled now but merely because they are inherited from def configs.
Enable them explicitly.
But coredump_filter=0xffff cmd line argument is useful,
it will allow to test more parts of the core dumping functionality.
|
| |
|
|
|
| |
Because this is a non-verbatim config option, CONFIG_ prefix is not
needed (in fact the line had no effect).
|
| |
|
|
|
|
|
|
| |
1. Bump KMSAN version to v5.18-rc4
Also switch to using clang-kmsan provided by syz-env.
2. Bump Linux version to v5.18
3. Bump linux-next version to next-20220601
Also enable DEBUG_NET for linux-next
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Randomly changing MSRs can have unpredictable results.
We tried to protect from writes on descriptions level,
but it does not work well, the fuzzer has figured out:
03:37:28 executing program 3:
syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
pwritev(r0, ...)
Fortunately there is a command line argument that disables all writes.
Use it instead.
Note: older kernels will need:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7e1f67ed29f
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02a16aa13574
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our Clang+KASAN instance is breaking due to CONFIG_WERROR being turned
on in x86_64 defconfig [1], which in turn is used to generate our
baseline configs, and therefore has accidentally been enabled in our
syzbot configs as well.
This issue has been discussed in great detail when CONFIG_WERROR was
first introduced, with the conclusion that it is the wrong default for
runtime-test focused bots [2].
Therefore, disable CONFIG_WERROR for syzbot, to not have the odd
compiler warning interrupt precious fuzzing time.
[1] https://lore.kernel.org/all/000000000000008dae05dbfebd85@google.com/
[2] https://git.kernel.org/torvalds/c/b339ec9c229aaf399296
|
| |
|
|
|
|
| |
Switch arm64 instances to clang.
Enable KCOV for arm64.
Regenerate configs with clang13.
|
| |
|
|
|
| |
update linux to v5.18-rc1
fix dependency update errors
update configs
|
| |
|
|
|
|
|
|
|
| |
Move CONFIG_AID_FOR_SYZBOT to verbatim since it has for some reason
disappeared from the linux-next tree.
Add CONFIG_RCU_EXP_CPU_STALL_TIMEOUT and set it to the maximum value.
Otherwise it overwhelms syzbot with `INFO: rcu_preempt detected
expedited stalls on CPUs/tasks` crashes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update mainline and linux-next revisions to the latest tags
and fix configs that broke.
NF_FLOW_TABLE_IPV4/6 were removed in:
commit c42ba4290b2147aa033d17f22151494515655d77
netfilter: flowtable: remove ipv4/ipv6 modules
CONFIG_DAX_DRIVER was removed in:
commit afd586f0d06ce3d81b7c474499630fec88833828
dax: remove CONFIG_DAX_DRIVER
BLK_DEV_CRYPTOLOOP was removed in:
commit 47e9624616c80c9879feda536c48c6a3a0ed9835
block: remove support for cryptoloop and the xor transfer
NFT_COUNTER was removed in:
commit 023223dfbfb34fcc9b7dd41e21fbf9a5d5237989
netfilter: nf_tables: make counter support built-in
ICST was renamed to CLK_ICST in:
commit 323fd5955f844d1b6acf1a1af488da460f657ff2
clk: versatile: Rename ICST to CLK_ICST
APPARMOR_INTROSPECT_POLICY was added as requirement for other configs
we enabled in:
commit abfb9c0725f274c75ca2a51684c2dd842a8dc254
apparmor: make export of raw binary profile to userspace optional
|
| |
|
|
|
|
|
|
|
|
|
| |
I think it's secretmem.enable rather than secretmem_enable.
I can't find any useful docs. Here:
module_param_named(enable, secretmem_enable, bool, 0400);
What is the param name?
If it's prefixed with module name, what's the module name for non-modules?
What are the values for bool flags? Does no value at all enable it?
|
| |
|
|
|
|
|
| |
secretmem_enable is required to enable memfd_secret syscall:
https://elixir.bootlin.com/linux/v5.15-rc6/source/mm/secretmem.c#L202
(the android 5.10 base config was not generated on HEAD somehow)
|
| |
|
|
|
|
| |
Update to latest upstream, linux-next and kmsan.
KMSAN stopped supporting few configs which depend on crypto
and heap auto-init.
|
| |
|
|
|
| |
Apparently it's broken with clang:
https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a number of one-off "BUG: stack guard page was hit" bugs:
https://syzkaller.appspot.com/bug?extid=b9419ddbdb57ce0e7f36
https://syzkaller.appspot.com/bug?extid=1ea34900b9a6fb8526c4
https://syzkaller.appspot.com/bug?extid=cd2009ad04934b665765
https://syzkaller.appspot.com/bug?extid=4e1ccdc40f48e600d960
Most likely these have the same root cause (recursion via call_netdevice_notifiers),
and we should attribute them to one of top frames as we do for stalls.
But we can't do this because in all these cases the stack is truncated and ends with:
Lost 408 message(s)!
Lost 394 message(s)!
Lost 519 message(s)!
These messages come from kernel/printk/printk_safe.c and happen when
a "safe" buffer overflows. Increasing CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT
should help to get complete parsable stack traces.
The default value is 13 (8K).
The largest number of lost lines I found is 519 and the longest
line in the stack trace is 67 bytes. So that's 67*519+8K = 42965.
Increase the config to 16 (64K).
There are 2 such buffers per CPU (safe and nmi), so this will
increase memory consumption to 128K per CPU. Should be fine.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 5.14 merge window broke the build because CONFIG_DEBUG_INFO_BTF's
BTFIDS stage fails with an error:
FAILED unresolved symbol should_fail_alloc_page
While a fix was sent upstream [1], upstream has decided to NAK the fix
(for valid reasons).
Disable CONFIG_DEBUG_INFO_BTF to not block testing fresher upstream
kernels.
[1] https://lkml.kernel.org/r/20210705103806.2339467-1-elver@google.com
|
| |
|
|
|
| |
Move the sysctl into config, so that kernels can opt out of it if necessary
(not all kernels enable it and interested in testing).
|
| | |
|
| |
|
|
|
| |
PAGE_OWNER allows to get alloc/free stacks for UAFs on freed pages,
which is useful for debugging of such reports.
|
| |
|
|
|
|
|
| |
Add constraints for configs not present in v4.15.
I tentatively marked all of them as v4.16.
If we support something in between v4.15 and v5.4
in future we may need to refine them.
|
| |
|
|
|
|
|
|
| |
netdev_unregister_timeout_secs
Disable CONFIG_PCPU_DEV_REFCNT, it should provide refcount underflow detection.
Set netdev_unregister_timeout_secs to the timeout used for task hung detection,
it should avoid false "unregister_netdevice: waiting for DEV to become free" crashes.
|
| | |
|
| |
|
|
|
|
|
|
| |
Move x86-specific cmdline parameter to x86_64.yml.
Remove redundant cmdline parameters (defined by kernel configs).
Move vivid/nr_devs parameters to arch configs.
Disable bluetooth/wireless/hamradio in non-x86 configs,
non-x86 instances are slow, so the intention is to reduce test space.
|
| |
|
|
| |
These instances ignore WARNINGs, so they don't want panic_on_warn.
|
| |
|
|
| |
This is required for proper testing of BPF_LSM (syz_btf_id_by_name).
|
| |
|
|
|
|
|
|
| |
ARM64 qemu emulation is very slow.
We already disable KCOV with MTE for this reason,
but KASAN is not much different (also super slow).
I think getting more executions is more important
than getting coverage at this point.
|
| |
|
|
| |
Update arm32 config after more testing.
|
| |
|
|
|
| |
Config with KASAN_HW_TAGS.
Can be used with qemu -machine virt,mte=on.
|
| | |
|
| |
|
|
|
|
| |
Qemu emulation makes execution slower so we need to scale all
hang/stall timeouts as well. Scale them by 3 to account for
sys/targets.Timeouts.Scale which is set to 3.
|
| |
|
|
| |
I don't think we need it. We disable RANDOMIZE_BASE.
|
| | |
|
| | |
|
