mirror of https://github.com/reactos/syzkaller.git synced 2024-12-03 00:46:35 +00:00

syzkaller is an unsupervised coverage-guided kernel fuzzer

Go to file

Dmitry Vyukov b5f6354179 prog: add test for cross-arch deserialization Few managers recently crashed with: panic: syscall mknod$loop: per proc arg 'proc' has bad value '4294967295' panic: sync: unlock of unlocked mutex goroutine 35438 [running]: sync.(Mutex).Unlock(0xc42166e0c8) sync/mutex.go:184 +0xc1 panic(0xb98980, 0xc448971aa0) runtime/panic.go:491 +0x283 main.(Manager).Connect(0xc42166e000, 0xc42056d060, 0xc42038f000, 0x0, 0x0) syz-manager/manager.go:868 +0x11cc And a similar issue was reported on mailing list. It's unclear where these bogus programs come from. It seems that hub was somehow involved here. 4294967295 is (uint32)-1 which is trucated special value for proc types. The test did not uncover any bugs, bug since I wrote it and it looks like a useful test, let's commit it anyway.		2018-01-09 21:24:29 +01:00
dashboard	dashboard/app: fix reporting filter skipping	2018-01-08 13:39:47 +01:00
docs	sys/linux: add ion and ashmem devices support	2018-01-09 21:24:28 +01:00
executor	sys/linux: add AF_NETLINK/NETLINK_CRYPTO descriptions	2018-01-09 21:24:29 +01:00
Godeps	vendor: update all packages	2017-08-08 10:54:24 +02:00
pkg	pkg/report: ignore kernel/workqueue.c as guilty file	2018-01-08 12:56:44 +01:00
prog	prog: add test for cross-arch deserialization	2018-01-09 21:24:29 +01:00
sys	sys/linux: add AF_NETLINK/NETLINK_CRYPTO descriptions	2018-01-09 21:24:29 +01:00
syz-ci	syz-ci: don't mark build errors as corrupted	2017-12-27 14:28:08 +01:00
syz-fuzzer	syz-fuzzer: separate programs in output by newline	2018-01-08 13:20:44 +01:00
syz-hub	syz-manager: don't save/send to dashboard repros from hub	2017-08-07 16:40:18 +02:00
syz-manager	syz-manager/mgrconfig: add builtin suppression for crashing init	2018-01-06 17:38:44 +01:00
tools	tools/syz-symbolize: assume that kernel is in the current dir	2017-12-27 15:02:46 +01:00
vendor	vendor/golang.org/x/net/context/: fix fmt with Go 1.8	2017-08-10 14:35:07 +02:00
vm	vm/gce: connect to instances by ip	2017-12-27 09:18:26 +01:00
.clang-format	buildbot: add .travis.yml	2017-07-28 13:25:48 +02:00
.gitignore	sys: check in generated files	2017-06-13 15:55:31 +02:00
.travis.yml	makefile: move diff check to makefile from travis script	2017-11-20 18:22:40 +01:00
AUTHORS	Makefile: fix git "modified tree" test	2017-12-21 13:53:39 +01:00
CONTRIBUTORS	Makefile: fix git "modified tree" test	2017-12-21 13:53:39 +01:00
LICENSE	initial commit	2015-10-12 10:16:57 +02:00
Makefile	Makefile: fix git "modified tree" test	2017-12-21 13:53:39 +01:00
README.md	docs: add found_bugs for akaros	2017-11-01 20:41:02 +03:00

README.md

syzkaller - kernel fuzzer

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees.

The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

List of found bugs.

Documentation

Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Most of the documentation at this moment is related to the Linux kernel. For other OS kernels check: Akaros, FreeBSD, Fuchsia, NetBSD, Windows.

External Articles

Kernel QA with syzkaller and qemu (tutorial on how to setup syzkaller with qemu)
Syzkaller crash DEMO (tutorial on how to extend syzkaller with new syscalls)
Coverage-guided kernel fuzzing with syzkaller (by David Drysdale)
ubsan, kasan, syzkaller und co (video) (by Florian Westphal)
Debugging a kernel crash found by syzkaller (by Quentin Casasnovas)
Linux Plumbers 2016 talk slides
syzkaller: the next gen kernel fuzzer (basics of operations, tutorial on how to run syzkaller and how to extend it to fuzz new drivers)

Disclaimer

This is not an official Google product.