mirror of https://github.com/reactos/syzkaller.git synced 2024-11-27 13:20:34 +00:00

syzkaller is an unsupervised coverage-guided kernel fuzzer

Go to file

Dmitry Vyukov dcb1eebb7f prog: more precise constructor calculation Currently a call that both accepts and creates a resource self-justifies itself and thus is always enabled. A good example is accept call. Accepts are always self-enable and thus enable all other syscalls that work with the socket. Calculate TransitivelyEnabledCalls in the opposite direction to resolve this. Start with empty set of enable syscalls, then enable syscalls that don't accept any resources, then enable syscalls that accept resources created by the previous batch of syscalls, and so on. This prevents self-enablement of accept.		2018-06-18 19:45:48 +02:00
dashboard	Create README.md	2018-06-11 11:37:34 +02:00
docs	Update found_bugs.md	2018-06-12 19:39:10 +02:00
executor	sys: mark output resources as opt	2018-06-18 19:45:47 +02:00
Godeps	vendor: add github.com/google/go-cmp/cmp	2018-06-18 19:45:37 +02:00
pkg	pkg/host: support trial supported syscall detection	2018-06-18 19:45:45 +02:00
prog	prog: more precise constructor calculation	2018-06-18 19:45:48 +02:00
sys	sys: mark output resources as opt	2018-06-18 19:45:47 +02:00
syz-ci	tools/create-gce-image.sh: support both nbd and loop	2018-05-17 14:50:18 +02:00
syz-fuzzer	all: fix gometalinter warnings	2018-06-12 20:10:58 +02:00
syz-hub	gometalinter: check dot imports	2018-05-03 14:41:34 +02:00
syz-manager	syz-manager: don't save repros sent to dashboard	2018-06-12 18:31:28 +02:00
tools	pkg/host: rework host feature detection/setup	2018-06-12 14:53:22 +02:00
vendor	vendor: add github.com/google/go-cmp/cmp	2018-06-18 19:45:37 +02:00
vm	vm/adb: don't fail if port 35099 is busy	2018-06-11 16:47:12 +02:00
.clang-format	buildbot: add .travis.yml	2017-07-28 13:25:48 +02:00
.gitignore	sys: check in generated files	2017-06-13 15:55:31 +02:00
.gometalinter.json	gometalinter: increase timeout	2018-05-07 18:59:22 +02:00
.travis.yml	travis: switch to Go 1.9+1.10 (#539 )	2018-03-20 14:34:44 +01:00
AUTHORS	AUTHORS: sync with CONTRIBUTORS	2018-06-06 10:02:03 +02:00
CONTRIBUTORS	bpf: enable full unwind and kallsym export support for jited images	2018-06-07 12:39:12 +03:00
LICENSE	initial commit	2015-10-12 10:16:57 +02:00
Makefile	docs: update fuchsia instructions	2018-06-06 20:55:40 +02:00
README.md	Update README.md	2018-04-23 15:36:58 +02:00

README.md

syzkaller - kernel fuzzer

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees.

The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

List of found bugs.

Documentation

Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Most of the documentation at this moment is related to the Linux kernel. For other OS kernels check: Akaros, FreeBSD, Fuchsia, NetBSD, Windows.

External Articles

From HardenedLinux project:
- Kernel QA with syzkaller and qemu (tutorial on how to setup syzkaller with qemu)
- Syzkaller crash DEMO (tutorial on how to extend syzkaller with new syscalls)
- Kernel debug tool with syzkaller (debugging qemu VM created by syz-manager with gdb)
- Explanation of some syzkaller internals
- A example of fuzzing the ceph filesystem
Coverage-guided kernel fuzzing with syzkaller (by David Drysdale)
ubsan, kasan, syzkaller und co (video) (by Florian Westphal)
Debugging a kernel crash found by syzkaller (by Quentin Casasnovas)
Linux Plumbers 2016 talk slides
syzkaller: the next gen kernel fuzzer (basics of operations, tutorial on how to run syzkaller and how to extend it to fuzz new drivers)

Disclaimer

This is not an official Google product.