syzkaller

module
v0.0.0-...-b4fbdbd Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 22, 2024 License: Apache-2.0

README

syzkaller - kernel fuzzer

CI Status OSS-Fuzz Go Report Card Coverage Status GoDoc License

syzkaller ([siːzˈkɔːlə]) is an unsupervised coverage-guided kernel fuzzer.
Supported OSes: FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, Windows.

Mailing list: syzkaller@googlegroups.com (join on web or by email).

Found bugs: Darwin/XNU, FreeBSD, Linux, NetBSD, OpenBSD, Windows.

Documentation

Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Most of the documentation at this moment is related to the Linux kernel. For other OS kernels check: Darwin/XNU, FreeBSD, Fuchsia, NetBSD, OpenBSD, Starnix, Windows, gVisor. Akaros,

Disclaimer

This is not an official Google product.

Directories

Path Synopsis
dashboard
api
Package api provides data structures and helper methods to work with the dashboard JSON API.
Package api provides data structures and helper methods to work with the dashboard JSON API.
app
dashapi
Package dashapi defines data structures used in dashboard communication and provides client interface.
Package dashapi defines data structures used in dashboard communication and provides client interface.
pkg
ast
Package ast parses and formats sys files.
Package ast parses and formats sys files.
auth
Package auth contains authentication related code supporting secret passwords and oauth2 tokens on GCE.
Package auth contains authentication related code supporting secret passwords and oauth2 tokens on GCE.
build
Package build contains helper functions for building kernels/images.
Package build contains helper functions for building kernels/images.
compiler
Package compiler generates sys descriptions of syscalls, types and resources from textual descriptions.
Package compiler generates sys descriptions of syscalls, types and resources from textual descriptions.
cover
Package cover provides types for working with coverage information (arrays of covered PCs).
Package cover provides types for working with coverage information (arrays of covered PCs).
csource
Package csource generates [almost] equivalent C programs from syzkaller programs.
Package csource generates [almost] equivalent C programs from syzkaller programs.
db
Package db implements a simple key-value database.
Package db implements a simple key-value database.
gce
Package gce provides wrappers around Google Compute Engine (GCE) APIs.
Package gce provides wrappers around Google Compute Engine (GCE) APIs.
gcs
Package gcs provides wrappers around Google Cloud Storage (GCS) APIs.
Package gcs provides wrappers around Google Cloud Storage (GCS) APIs.
ifaceprobe
Package ifaceprobe implements dynamic component of automatic kernel interface extraction.
Package ifaceprobe implements dynamic component of automatic kernel interface extraction.
ifuzz/arm64
Package arm64 allows to generate and mutate arm64 machine code.
Package arm64 allows to generate and mutate arm64 machine code.
ifuzz/arm64/gen
gen generates instruction tables (ifuzz_types/insns.go) from ARM64 JSON.
gen generates instruction tables (ifuzz_types/insns.go) from ARM64 JSON.
ifuzz/iset
Package iset ("instruction set") provides base and helper types for ifuzz arch implementations.
Package iset ("instruction set") provides base and helper types for ifuzz arch implementations.
ifuzz/x86
Package x86 allows to generate and mutate x86 machine code.
Package x86 allows to generate and mutate x86 machine code.
ifuzz/x86/gen
gen generates instruction tables (ifuzz_types/insns.go) from Intel XED tables.
gen generates instruction tables (ifuzz_types/insns.go) from Intel XED tables.
instance
Package instance provides helper functions for creation of temporal instances used for testing of images, patches and bisection.
Package instance provides helper functions for creation of temporal instances used for testing of images, patches and bisection.
kconfig
Package kconfig implements parsing of the Linux kernel Kconfig and .config files and provides some algorithms to work with these files.
Package kconfig implements parsing of the Linux kernel Kconfig and .config files and provides some algorithms to work with these files.
kd
Minimal KD protocol decoder.
Minimal KD protocol decoder.
log
Package log provides functionality similar to standard log package with some extensions:
Package log provides functionality similar to standard log package with some extensions:
report
Package report contains functions that process kernel output, detect/extract crash messages, symbolize them, etc.
Package report contains functions that process kernel output, detect/extract crash messages, symbolize them, etc.
rpctype
Package rpctype contains types of message passed via net/rpc connections between syz-manager and syz-hub.
Package rpctype contains types of message passed via net/rpc connections between syz-manager and syz-hub.
runtest
Package runtest is a driver for end-to-end testing of syzkaller programs.
Package runtest is a driver for end-to-end testing of syzkaller programs.
signal
Package signal provides types for working with feedback signal.
Package signal provides types for working with feedback signal.
stat/sample
Package sample provides various statistical operations and algorithms.
Package sample provides various statistical operations and algorithms.
tool
Package tool contains various helper utilitites useful for implementation of command line tools.
Package tool contains various helper utilitites useful for implementation of command line tools.
vcs
Package vcs provides helper functions for working with various repositories (e.g.
Package vcs provides helper functions for working with various repositories (e.g.
vminfo
Package vminfo extracts information about the target VM.
Package vminfo extracts information about the target VM.
sys
syz-ci is a continuous fuzzing system for syzkaller.
syz-ci is a continuous fuzzing system for syzkaller.
tools
arm64
Generate KVM ARM64 register IDs for dev_kvm.txt Usage:
Generate KVM ARM64 register IDs for dev_kvm.txt Usage:
syz-benchcmp
syz-benchcmp visualizes syz-manager benchmarking results.
syz-benchcmp visualizes syz-manager benchmarking results.
syz-bisect
syz-bisect runs bisection to find cause/fix commit for a crash.
syz-bisect runs bisection to find cause/fix commit for a crash.
syz-build
syz-build is a wrapper around pkg/build for testing purposes.
syz-build is a wrapper around pkg/build for testing purposes.
syz-check
syz-check does best-effort static correctness checking of the syscall descriptions in sys/os/*.txt.
syz-check does best-effort static correctness checking of the syscall descriptions in sys/os/*.txt.
syz-cover
syz-cover generates coverage HTML report from raw coverage files.
syz-cover generates coverage HTML report from raw coverage files.
syz-crush
syz-crush replays crash log on multiple VMs.
syz-crush replays crash log on multiple VMs.
syz-execprog
execprog executes a single program or a set of programs and optionally prints information about execution.
execprog executes a single program or a set of programs and optionally prints information about execution.
syz-fix-analyzer
syz-fix-analyzer analyzes fixed bugs on the dashboard for automatic fixability and prints statistics.
syz-fix-analyzer analyzes fixed bugs on the dashboard for automatic fixability and prints statistics.
syz-fmt
syz-fmt re-formats sys files into standard form.
syz-fmt re-formats sys files into standard form.
syz-gemini-seed
syz-gemini-seed generates program seeds based on existing programs in the corpus using Gemini API.
syz-gemini-seed generates program seeds based on existing programs in the corpus using Gemini API.
syz-hubtool
syz-hubtool uploads local reproducers to syz-hub.
syz-hubtool uploads local reproducers to syz-hub.
syz-imagegen
syz-imagegen generates sys/linux/test/syz_mount_image_* test files.
syz-imagegen generates sys/linux/test/syz_mount_image_* test files.
syz-kconf
syz-kconf generates Linux kernel configs in dashboard/config/linux.
syz-kconf generates Linux kernel configs in dashboard/config/linux.
syz-linter
This is our linter with custom checks for the project.
This is our linter with custom checks for the project.
syz-make
syz-make provides information required to build native code for the Makefile.
syz-make provides information required to build native code for the Makefile.
syz-minconfig
syz-minconfig is a tool for manual checking of config minimization functionality in pkg/kconfig/minimize.go.
syz-minconfig is a tool for manual checking of config minimization functionality in pkg/kconfig/minimize.go.
syz-mutate
mutates mutates a given program and prints result.
mutates mutates a given program and prints result.
syz-reporter
syz-reporter creates table information from crashes.
syz-reporter creates table information from crashes.
syz-showprio
syz-showprio visualizes the call to call priorities from the prog package.
syz-showprio visualizes the call to call priorities from the prog package.
syz-testbuild
syz-testbuild tests kernel build/boot on releases as it will be done by pkg/bisect.
syz-testbuild tests kernel build/boot on releases as it will be done by pkg/bisect.
syz-trace2syz
syz-trace2syz converts strace traces to syzkaller programs.
syz-trace2syz converts strace traces to syzkaller programs.
syz-tty
syz-tty is utility for testing of usb console reading code.
syz-tty is utility for testing of usb console reading code.
syz-upgrade
upgrade upgrades corpus from an old format to a new format.
upgrade upgrades corpus from an old format to a new format.
vm
Package vm provides an abstract test machine (VM, physical machine, etc) interface for the rest of the system.
Package vm provides an abstract test machine (VM, physical machine, etc) interface for the rest of the system.
adb
cuttlefish
Package cuttlefish allows to use Cuttlefish Android emulators hosted on Google Compute Engine (GCE) virtual machines as VMs.
Package cuttlefish allows to use Cuttlefish Android emulators hosted on Google Compute Engine (GCE) virtual machines as VMs.
gce
Package gce allows to use Google Compute Engine (GCE) virtual machines as VMs.
Package gce allows to use Google Compute Engine (GCE) virtual machines as VMs.
gvisor
Package gvisor provides support for gVisor, user-space kernel, testing.
Package gvisor provides support for gVisor, user-space kernel, testing.
proxyapp
Package proxyapp package implements the experimental plugins support.
Package proxyapp package implements the experimental plugins support.
vmimpl
Package vmimpl provides an abstract test machine (VM, physical machine, etc) interface for the rest of the system.
Package vmimpl provides an abstract test machine (VM, physical machine, etc) interface for the rest of the system.
vmm
Package vmm provides VMs based on OpenBSD vmm virtualization.
Package vmm provides VMs based on OpenBSD vmm virtualization.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL