github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/dashboard/config/linux/bits/base.yml (about) 1 # Copyright 2020 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 # Common config fragments required by syzbot for all kernels 5 6 # CONFIG_DEBUG_MEMORY was once added to mm tree and cause disabling of KASAN, 7 # which in turn caused storm of assorted crashes after silent memory corruptions. 8 # The config was reverted, but we keep it here for the case it is reintroduced to kernel again. 9 # CONFIG_TWIST_KERNEL_BEHAVIOR can be used to prevent fuzzers from trying stupid things. 10 # See https://github.com/google/syzkaller/issues/1622 for details. 11 # DEBUG_AID_FOR_SYZBOT can be used to enable any additional temporal debugging features in linux-next tree. 12 # It is kept in verbatim because it has for some reason disappeared from next-20220222. 13 verbatim: | 14 CONFIG_DEBUG_MEMORY=y 15 CONFIG_TWIST_KERNEL_BEHAVIOR=y 16 CONFIG_TWIST_FOR_SYZKALLER_TESTING=y 17 CONFIG_DEBUG_AID_FOR_SYZBOT=y 18 19 config: 20 # Required to enable some other configs we set. 21 - EXPERT 22 - DEBUG_KERNEL 23 24 # Continuous fuzzing is more important than breaking on warnings. 25 - WERROR: n 26 27 # panic=86400: prevents kernel from rebooting so that we don't get reboot output in all crash reports. 28 # Huge page overcommit is disabled by default, allowing some overcommit 29 # with vm.nr_overcommit_hugepages is intended to give more coverage. 30 # secretmem_enable enables memfd_secret syscall. 31 - CMDLINE: "earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff" 32 33 # We don't need lots, but some configs set it to 2 which is too low. 34 - NR_CPUS: 8 35 36 # We slowdown execution significantly and there is no point in low latency under test. 37 - HZ_100 38 39 - RCU_TRACE: n 40 41 # KPROBES pollute coverage and needlessly slow down execution. 42 - KPROBES: n 43 # Slows down execution and sometimes fuzzer actually enables it. 44 - STACK_TRACER: n 45 - FUNCTION_TRACER: n 46 # Slows down execution. 47 - RETPOLINE: n 48 - PAGE_TABLE_ISOLATION: n 49 - LATENCYTOP: n 50 - SCHED_DEBUG: n 51 52 # Speeds up randomness initialization. 53 - HW_RANDOM 54 # Included as a module in Cuttlefish. 55 - HW_RANDOM_VIRTIO: [-cuttlefish] 56 - HW_RANDOM_INTEL: n 57 - HW_RANDOM_AMD: n 58 - HW_RANDOM_VIA: n 59 - RANDOM_TRUST_CPU: [-arm, -riscv, -v6.1] 60 - RANDOM_TRUST_BOOTLOADER: [v4.16, -v6.1] 61 62 # For detection of supported syscalls 63 - KALLSYMS 64 - KALLSYMS_ALL 65 - KALLSYMS_BASE_RELATIVE: [-v6.11] 66 67 # For namespace sandbox. 68 - NAMESPACES 69 - USER_NS 70 - UTS_NS 71 # Depends on CONFIG_SYSVIPC. 72 - IPC_NS: [optional] 73 - PID_NS 74 - NET_NS 75 76 # Control groups are needed for better sandboxing of test processes. 77 - CGROUP_PIDS 78 - MEMCG 79 - MEMCG_V1: [v6.11] 80 81 # Debugging features (from kernel_configs.md, do not alpha sort). 82 - DEBUG_BUGVERBOSE 83 - PANIC_ON_OOPS 84 - PANIC_TIMEOUT: 86400 85 - SCHED_STACK_END_CHECK 86 - FORTIFY_SOURCE: [-riscv, v5.18] 87 - HARDENED_USERCOPY 88 - HARDENED_USERCOPY_FALLBACK: [-v5.15] 89 - BUG_ON_DATA_CORRUPTION 90 # TODO: remove when https://github.com/google/syzkaller/issues/4504 is fixed. 91 - DEBUG_LIST: [-kmsan] 92 - DEBUG_STACKOVERFLOW: [-v5.0] 93 94 # CONFIG_DEBUG_PI_LIST was renamed to CONFIG_DEBUG_PLIST in 8e18faeac3e4. 95 - DEBUG_PLIST: [v5.2] 96 - DEBUG_PI_LIST: [-v5.2] 97 98 # CONFIG_REFCOUNT_FULL was removed in fb041bb7c0a9. 99 - REFCOUNT_FULL: [v4.16, -v5.5, -android-5.4] 100 # Added in 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT") and should appear in v5.13. 101 - PCPU_DEV_REFCNT: [n, v5.13] 102 103 - NET_DEV_REFCNT_TRACKER: [v5.17] 104 - NET_NS_REFCNT_TRACKER: [v5.17] 105 106 - DEBUG_NET: [v5.19] 107 108 # This config does not add any debug checks (only debug output). 109 - DEBUG_KOBJECT: n 110 111 - DEBUG_INFO 112 # Our containers currently include toolchains that don't support DWARF5, 113 # but some default kernel configs and compilers (namely, clang) try to 114 # use DWARF5 by default. So we enable DWARF4 explicitly and don't 115 # enable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT. 116 - DEBUG_INFO_DWARF4 117 # CONFIG_DEBUG_INFO_BTF breaks the build since 5.14 merge window: 118 # https://lkml.kernel.org/r/YOLzFecogWmdZ5Hc@infradead.org 119 - DEBUG_INFO_BTF: [-v5.13] 120 - DEBUG_INFO_REDUCED: n 121 122 # This should make behavior more deterministic. 123 - INIT_ON_ALLOC_DEFAULT_ON: [v4.16, -kmsan] 124 125 # KCOV slows down execution too much with KASAN_HW_TAGS and in qemu emulation in general. 126 # KCOV crashes on Arm: 127 # https://lore.kernel.org/linux-arm-kernel/20210119130010.GA2338@C02TD0UTHF1T.local/T/#m78fdfcc41ae831f91c93ad5dabe63f7ccfb482f0 128 # KCOV is not supported on s390 with our toolchain now, config depends on: 129 # (!ARCH_WANTS_NO_INSTR [=y] || STACK_VALIDATION [=n] || GCC_VERSION [=110200]>=120000 || CLANG_VERSION [=0]>=130000) 130 - KCOV: [-arm, -s390, -nokcov] 131 - KCOV_INSTRUMENT_ALL: [-arm, -s390, -nokcov] 132 # Doesn't boot with KCOV_ENABLE_COMPARISONS on Cuttlefish. 133 - KCOV_ENABLE_COMPARISONS: [-arm, -s390, -nokcov, -cuttlefish] 134 # As of Sep 2024, the test does not pass (at least) on gcc-built kernels. 135 # https://lore.kernel.org/all/66eb52dc.050a0220.92ef1.0006.GAE@google.com/T/ 136 # TODO: re-enable the option once the problem is addressed. 137 - KCOV_SELFTEST: n 138 - DEBUG_FS 139 140 # Required for KCOV but also eliminates unnecessary non-determinism. 141 # For s390, it's always enabled after the `s390: always build relocatable kernel` commit. 142 - RELOCATABLE: [n, -s390] 143 - RANDOMIZE_BASE: n 144 145 # Print thread and CPU ids. 146 - PRINTK_CALLER 147 - PRINTK_TIME 148 # Some kernel oops'es are large. Largest observed for a stack overflow is ~42KB. 149 # There are 2 such buffers per CPU (safe and nmi), so this adds 128KB per CPU. 150 # The config was removed in "Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT". 151 - PRINTK_SAFE_LOG_BUF_SHIFT: [16, -v6.3] 152 153 # Fault injection. 154 - FAULT_INJECTION 155 - FAILSLAB 156 - FAIL_PAGE_ALLOC 157 - FAIL_MAKE_REQUEST 158 - FAIL_IO_TIMEOUT 159 - FAIL_FUTEX 160 - FAULT_INJECTION_DEBUG_FS 161 - FAULT_INJECTION_CONFIGFS: [v6.3] 162 - FAULT_INJECTION_USERCOPY: [v5.10] 163 164 # Options enabled to boot Debian Wheezy. 165 - DEVTMPFS 166 - DEVTMPFS_MOUNT 167 - INOTIFY_USER 168 - UEVENT_HELPER 169 - UEVENT_HELPER_PATH: "/sbin/hotplug" 170 171 # QEMU disk is usually on the generic PCI bus. 172 - PCI_HOST_GENERIC: [v4.16] 173 - OF: [v4.16] 174 175 # Options enabled to boot Debian Stretch. 176 - CONFIGFS_FS 177 - SECURITYFS 178 179 # Multi-gen LRU is the new better LRU implementation 180 # that is supposed to be the default in future, 181 # so we want to enable it in most tested kernels. 182 # It has no relation to smack, but we use the smack tag 183 # just to get some kernels tested w/o multi-gen LRU as well. 184 - LRU_GEN: [v6.1, -nodefconfig, -smack] 185 - LRU_GEN_ENABLED: [v6.1, -nodefconfig, -smack] 186 187 # More debugging info is always good. 188 - NMI_CHECK_CPU: [x86_64, v6.3] 189 190 # We use GVNIC on Google Cloud. 191 - GVE: [-arm, -riscv, -s390, -timeouts_emu] 192 193 # If syzkaller gets to /dev/{mem,kmem,ioport}, it will destroy the machine. 194 # It managed to do so with some mount's, chdir's and bogus file names. 195 # These are not needed for fuzzing, so completely disabling them is 196 # the simplest and the most reliable option. 197 - DEVMEM: n 198 - DEVKMEM: n 199 - DEVPORT: n 200 201 # Disable magic SysRq completely, as it can be reached over USB and through tty. 202 - MAGIC_SYSRQ: n 203 # We don't need it and it enables MAGIC_SYSRQ and KPROBES. 204 - KGDB: n 205 206 # Don't test/need this (may be enabled via HID_HYPERV_MOUSE in USB/HID configs). 207 - HYPERV: n 208 209 # Don't test/need this. 210 - XEN: n 211 212 # These are legacy gadget drivers that we don't reach/test and some of these break boot: 213 # https://github.com/google/syzkaller/pull/1975#issuecomment-712807462 214 - USB_G_NCM: n 215 - USB_G_SERIAL: n 216 - USB_G_PRINTER: n 217 - USB_G_NOKIA: n 218 - USB_G_ACM_MS: n 219 - USB_G_MULTI: n 220 - USB_G_HID: n 221 - USB_G_DBGP: n 222 - USB_G_WEBCAM: n 223 - USB_ZERO: n 224 - USB_AUDIO: n 225 - USB_ETH: n 226 - USB_FUNCTIONFS: n 227 - USB_MASS_STORAGE: n 228 - USB_GADGET_TARGET: n 229 - USB_MIDI_GADGET: n 230 - USB_CDC_COMPOSITE: n 231 232 # Don't need samples 233 - SAMPLES: n 234 235 # Disable Rust by default 236 - RUST: n 237 238 # Ext4 is necessary for normal boot. 239 - EXT4_FS 240 - EXT4_FS_POSIX_ACL 241 - EXT4_FS_SECURITY