commit	37dc03de04826cc0d5d1e3699832b0a3113d40af	[log] [tgz]
author	Dmitry Vyukov <dvyukov@google.com>	Fri Oct 18 08:12:06 2019 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	Tue Oct 22 09:52:16 2019 +0200
tree	488d071d79b6c58254741a8de91190071698b649
parent	c59a7cd871bf29d123481b2e5b0bd739b064f15f [diff]

tree: 488d071d79b6c58254741a8de91190071698b649

README.md

syzkaller - kernel fuzzer

syzkaller is an unsupervised coverage-guided kernel fuzzer.
Supported OSes: Akaros, FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, Windows.

Mailing list: syzkaller@googlegroups.com (join on web or by email).

Found bugs: Akaros, Darwin/XNU, FreeBSD, Linux, NetBSD, OpenBSD, Windows.

Documentation

Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Most of the documentation at this moment is related to the Linux kernel. For other OS kernels check: Akaros, Darwin/XNU, FreeBSD, Fuchsia, NetBSD, OpenBSD, Windows, gVisor.

External Articles

Research work based on syzkaller
From HardenedLinux project:
- Kernel QA with syzkaller and qemu (tutorial on how to setup syzkaller with qemu)
- Syzkaller crash DEMO (tutorial on how to extend syzkaller with new syscalls)
- Kernel debug tool with syzkaller (debugging qemu VM created by syz-manager with gdb)
- Explanation of some syzkaller internals
- A example of fuzzing the ceph filesystem
Coverage-guided kernel fuzzing with syzkaller (by David Drysdale)
ubsan, kasan, syzkaller und co (video) (by Florian Westphal)
Debugging a kernel crash found by syzkaller (by Quentin Casasnovas)
Linux Plumbers 2016 talk slides
syzkaller: the next gen kernel fuzzer (basics of operations, tutorial on how to run syzkaller and how to extend it to fuzz new drivers)
syzbot and the tale of thousand kernel bugs [video]

Disclaimer

This is not an official Google product.