syzkaller/README.md

# syzkaller - kernel fuzzer

[![Build Status](https://travis-ci.org/google/syzkaller.svg?branch=master)](https://travis-ci.org/google/syzkaller)

`syzkaller` is an unsupervised coverage-guided kernel fuzzer. `Linux` kernel fuzzing has the most support, `akaros`, `freebsd`, `fuchsia`, `netbsd`, `windows` and `gvisor` are supported to varying degrees.

The project mailing list is [syzkaller@googlegroups.com](https://groups.google.com/forum/#!forum/syzkaller).
You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

[List of found bugs](docs/found_bugs.md).

## Documentation

Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well.
Most of the documentation at this moment is related to the Linux kernel.
For other OS kernels check: [Akaros](docs/akaros/README.md), [FreeBSD](docs/freebsd.md), [Fuchsia](docs/fuchsia.md), [NetBSD](docs/netbsd.md), [Windows](docs/windows.md), [gVisor](docs/gvisor.md).

- [How to install syzkaller](docs/setup.md)
- [How to use syzkaller](docs/usage.md)
- [How syzkaller works](docs/internals.md)
- [How to contribute to syzkaller](docs/contributing.md)
- [How to report Linux kernel bugs](docs/linux/reporting_kernel_bugs.md)

## External Articles

 - From [HardenedLinux](https://github.com/hardenedlinux) project:
   - [Kernel QA with syzkaller and qemu](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syzkaller_general.md) (tutorial on how to setup syzkaller with qemu)
   - [Syzkaller crash DEMO](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syzkaller_crash_demo.md) (tutorial on how to extend syzkaller with new syscalls)
   - [Kernel debug tool with syzkaller](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syz_debug.md) (debugging qemu VM created by syz-manager with gdb)
   - [Explanation of some syzkaller internals](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syz_analysis.md)
   - [A example of fuzzing the ceph filesystem](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/tree/master/docs/harbian_qa/fuzz_testing/syz_for_ceph)
 - [Coverage-guided kernel fuzzing with syzkaller](https://lwn.net/Articles/677764/) (by David Drysdale)
 - [ubsan, kasan, syzkaller und co](http://www.strlen.de/talks/debug-w-syzkaller.pdf) ([video](https://www.youtube.com/watch?v=Acp0A9X1254)) (by Florian Westphal)
 - [Debugging a kernel crash found by syzkaller](http://vegardno.blogspot.de/2016/08/sync-debug.html) (by Quentin Casasnovas)
 - [Linux Plumbers 2016 talk slides](https://docs.google.com/presentation/d/1iAuTvzt_xvDzS2misXwlYko_VDvpvCmDevMOq2rXIcA/edit?usp=sharing)
 - [syzkaller: the next gen kernel fuzzer](https://www.slideshare.net/DmitryVyukov/syzkaller-the-next-gen-kernel-fuzzer) (basics of operations, tutorial on how to run syzkaller and how to extend it to fuzz new drivers)

## Disclaimer

This is not an official Google product.
Update README.md 2017-10-25 07:55:24 +00:00			`# syzkaller - kernel fuzzer`
initial commit 2015-10-12 08:16:57 +00:00
readme: add travis-ci status 2017-07-28 11:39:28 +00:00			`[![Build Status](https://travis-ci.org/google/syzkaller.svg?branch=master)](https://travis-ci.org/google/syzkaller)`

docs: add gvisor page 2018-06-25 09:58:28 +00:00			`syzkaller` is an unsupervised coverage-guided kernel fuzzer. `Linux` kernel fuzzing has the most support, `akaros`, `freebsd`, `fuchsia`, `netbsd`, `windows` and `gvisor` are supported to varying degrees.
initial commit 2015-10-12 08:16:57 +00:00
docs: move parts of README to docs 2017-06-14 12:13:00 +00:00			`The project mailing list is [syzkaller@googlegroups.com](https://groups.google.com/forum/#!forum/syzkaller).`
Update README.md 2017-05-29 17:04:22 +00:00			`You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.`
initial commit 2015-10-12 08:16:57 +00:00
docs: move parts of README to docs 2017-06-14 12:13:00 +00:00			`[List of found bugs](docs/found_bugs.md).`
Update README.md 2015-10-12 09:36:48 +00:00
docs: move parts of README to docs 2017-06-14 12:13:00 +00:00			`## Documentation`
Update README.md 2017-05-10 04:00:50 +00:00
Update README.md (#404) 2017-10-30 13:40:32 +00:00			`Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well.`
docs: add links to new OS support docs 2017-10-26 17:51:54 +00:00			`Most of the documentation at this moment is related to the Linux kernel.`
docs: add gvisor page 2018-06-25 09:58:28 +00:00			`For other OS kernels check: [Akaros](docs/akaros/README.md), [FreeBSD](docs/freebsd.md), [Fuchsia](docs/fuchsia.md), [NetBSD](docs/netbsd.md), [Windows](docs/windows.md), [gVisor](docs/gvisor.md).`
docs: add links to new OS support docs 2017-10-26 17:51:54 +00:00
docs: move parts of README to docs 2017-06-14 12:13:00 +00:00			`- [How to install syzkaller](docs/setup.md)`
			`- [How to use syzkaller](docs/usage.md)`
			`- [How syzkaller works](docs/internals.md)`
			`- [How to contribute to syzkaller](docs/contributing.md)`
docs: move linux kernel specific docs to docs/linux/ dir 2017-10-26 17:28:24 +00:00			`- [How to report Linux kernel bugs](docs/linux/reporting_kernel_bugs.md)`
Fix typo in README.md. 2016-03-06 19:10:29 +00:00
Update README.md 2016-09-04 10:31:49 +00:00			`## External Articles`

Update README.md 2018-04-23 13:36:58 +00:00			`- From [HardenedLinux](https://github.com/hardenedlinux) project:`
			`- [Kernel QA with syzkaller and qemu](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syzkaller_general.md) (tutorial on how to setup syzkaller with qemu)`
			`- [Syzkaller crash DEMO](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syzkaller_crash_demo.md) (tutorial on how to extend syzkaller with new syscalls)`
			`- [Kernel debug tool with syzkaller](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syz_debug.md) (debugging qemu VM created by syz-manager with gdb)`
			`- [Explanation of some syzkaller internals](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syz_analysis.md)`
			`- [A example of fuzzing the ceph filesystem](https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/tree/master/docs/harbian_qa/fuzz_testing/syz_for_ceph)`
Update README.md 2016-09-04 10:32:23 +00:00			`- [Coverage-guided kernel fuzzing with syzkaller](https://lwn.net/Articles/677764/) (by David Drysdale)`
			`- [ubsan, kasan, syzkaller und co](http://www.strlen.de/talks/debug-w-syzkaller.pdf) ([video](https://www.youtube.com/watch?v=Acp0A9X1254)) (by Florian Westphal)`
Update README.md 2016-09-04 10:31:49 +00:00			`- [Debugging a kernel crash found by syzkaller](http://vegardno.blogspot.de/2016/08/sync-debug.html) (by Quentin Casasnovas)`
Update README.md 2016-11-06 19:56:08 +00:00			`- [Linux Plumbers 2016 talk slides](https://docs.google.com/presentation/d/1iAuTvzt_xvDzS2misXwlYko_VDvpvCmDevMOq2rXIcA/edit?usp=sharing)`
Update README.md 2017-05-24 09:13:07 +00:00			`- [syzkaller: the next gen kernel fuzzer](https://www.slideshare.net/DmitryVyukov/syzkaller-the-next-gen-kernel-fuzzer) (basics of operations, tutorial on how to run syzkaller and how to extend it to fuzz new drivers)`
Update README.md 2016-09-04 10:31:49 +00:00
Update README for dropprivs, troubleshooting 2016-02-18 13:26:37 +00:00			`## Disclaimer`

initial commit 2015-10-12 08:16:57 +00:00			`This is not an official Google product.`