mirror of https://github.com/reactos/syzkaller.git synced 2024-11-27 13:20:34 +00:00

syzkaller is an unsupervised coverage-guided kernel fuzzer

Go to file

Michael Pratt c912893981 docs: add instructions for running syz-execprog in gVisor This configuration mounts the syzkaller bin/linux_amd64 folder as the sandbox root, bind mounts a single input log, then runs syz-execprog on the input.		2018-12-15 08:11:02 +01:00
dashboard	dashboard/config: update kernel configs to latest kernel	2018-12-12 13:05:51 +01:00
docs	docs: add instructions for running syz-execprog in gVisor	2018-12-15 08:11:02 +01:00
executor	executor: move setrlimit from setup_control_pipes to bsd os_init	2018-12-14 12:13:14 +01:00
Godeps	vendor: add github.com/ianlancetaylor/demangle	2018-06-28 09:59:11 +02:00
pkg	pkg/report: another gvisor OOM suppression	2018-12-13 16:45:56 +01:00
prog	prog: detect invalid target.Syscalls in BuildChoiceTable	2018-12-11 11:14:20 +01:00
sys	sys/linux: add basic tipc test	2018-12-12 13:14:26 +01:00
syz-ci	syz-ci: default kernel branch to master	2018-11-21 07:17:13 +01:00
syz-fuzzer	pkg/ipc: move sandbox helpers from ipcconfig	2018-12-10 16:37:02 +01:00
syz-hub	syz-manager: make rpc communication finer grained	2018-06-26 13:59:47 +02:00
syz-manager	prog: implement strict parsing mode	2018-12-10 16:37:01 +01:00
tools	tools/syz-runtest: test program parsing before booting VMs	2018-12-10 16:37:02 +01:00
vendor	vendor: add github.com/ianlancetaylor/demangle	2018-06-28 09:59:11 +02:00
vm	vm/gvisor: don't close conn on error	2018-12-13 09:38:49 +01:00
.clang-format	buildbot: add .travis.yml	2017-07-28 13:25:48 +02:00
.gitignore	sys: check in generated files	2017-06-13 15:55:31 +02:00
.gometalinter.json	tools/syz-trace2syz: add tool to convert strace output to programs	2018-12-06 16:25:37 +01:00
.travis.yml	.travis.yml: use clang-format 6.0.1	2018-07-27 13:48:44 +02:00
AUTHORS	vm/qemu: improve debug output	2018-11-30 17:12:03 +00:00
CONTRIBUTORS	vm/qemu: improve debug output	2018-11-30 17:12:03 +00:00
LICENSE	initial commit	2015-10-12 10:16:57 +02:00
Makefile	tools/syz-trace2syz: add tool to convert strace output to programs	2018-12-06 16:25:37 +01:00
README.md	docs/darwin: add some info about darwin	2018-12-08 15:26:30 +01:00

README.md

syzkaller - kernel fuzzer

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd, windows and gvisor are supported to varying degrees.

The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

List of found bugs.

Documentation

Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Most of the documentation at this moment is related to the Linux kernel. For other OS kernels check: Akaros, Darwin/XNU, FreeBSD, Fuchsia, NetBSD, OpenBSD, Windows, gVisor.

External Articles

Research work based on syzkaller
From HardenedLinux project:
- Kernel QA with syzkaller and qemu (tutorial on how to setup syzkaller with qemu)
- Syzkaller crash DEMO (tutorial on how to extend syzkaller with new syscalls)
- Kernel debug tool with syzkaller (debugging qemu VM created by syz-manager with gdb)
- Explanation of some syzkaller internals
- A example of fuzzing the ceph filesystem
Coverage-guided kernel fuzzing with syzkaller (by David Drysdale)
ubsan, kasan, syzkaller und co (video) (by Florian Westphal)
Debugging a kernel crash found by syzkaller (by Quentin Casasnovas)
Linux Plumbers 2016 talk slides
syzkaller: the next gen kernel fuzzer (basics of operations, tutorial on how to run syzkaller and how to extend it to fuzz new drivers)
syzbot and the tale of thousand kernel bugs [video]

Disclaimer

This is not an official Google product.