all: add basic USB fuzzing support

This commits implements 4 syzcalls: syz_usb_connect, syz_usb_io_control,
syz_usb_ep_write and syz_usb_disconnect. Those syzcalls are used to emit USB
packets through a custom GadgetFS-like interface (currently exposed at
/sys/kernel/debug/usb-fuzzer), which requires special kernel patches.

USB fuzzing support is quite basic, as it mostly covers only the USB device
enumeration process. Even though the syz_usb_ep_write syzcall does allow to
communicate with USB endpoints after the device has been enumerated, no
coverage is collected from that code yet.
9 files changed
tree: 322e6242062367a881530c527e84da5b4cc265e3
  1. .clang-format
  2. .gitignore
  3. .golangci.yml
  4. .gometalinter.json
  5. .travis.yml
  9. Godeps/
  11. Makefile
  13. dashboard/
  14. docs/
  15. executor/
  16. fuzz.yaml
  17. pkg/
  18. prog/
  19. sys/
  20. syz-ci/
  21. syz-fuzzer/
  22. syz-hub/
  23. syz-manager/
  24. tools/
  25. vendor/
  26. vm/

syzkaller - kernel fuzzer

Build Status Go Report Card Coverage Status GoDoc License

syzkaller is an unsupervised coverage-guided kernel fuzzer.
Supported OSes: Akaros, FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, Windows.

Mailing list: (join on web or by email).

Found bugs: Akaros, Darwin/XNU, FreeBSD, Linux, NetBSD, OpenBSD, Windows.


Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Most of the documentation at this moment is related to the Linux kernel. For other OS kernels check: Akaros, Darwin/XNU, FreeBSD, Fuchsia, NetBSD, OpenBSD, Windows, gVisor.

External Articles


This is not an official Google product.