commit | c31f1109d0bc65fff86c832a4ad7ee48edc1bf55 | [log] [tgz] |
---|---|---|
author | Space Meyer <spm@google.com> | Tue Apr 11 13:16:53 2023 +0200 |
committer | Space Meyer <spm@google.com> | Mon Apr 17 11:22:17 2023 +0200 |
tree | 8e5ad59e8c3e6892dfbc8cc01042c366de540ec0 | |
parent | c6ec708375e0f0f670f8ae7c11c94f09ce03f673 [diff] |
docs: add GREBE reference Tl;Dr They try to identify the data structure involved in a crash, e.g. by parsing the WARN_ON condition. They modify the compiler instrumentation to overwrite some of the upper bits in the program counters, for program counters that modify the data structure. Then they guide coverage by these magic PCs. They do this to find other failure modes of buggy code found by syzkaller.
syzkaller
([siːzˈkɔːlə]
) is an unsupervised coverage-guided kernel fuzzer.
Supported OSes: Akaros
, FreeBSD
, Fuchsia
, gVisor
, Linux
, NetBSD
, OpenBSD
, Windows
.
Mailing list: syzkaller@googlegroups.com (join on web or by email).
Found bugs: Akaros, Darwin/XNU, FreeBSD, Linux, NetBSD, OpenBSD, Windows.
Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it's being extended to support other OS kernels as well. Most of the documentation at this moment is related to the Linux kernel. For other OS kernels check: Akaros, Darwin/XNU, FreeBSD, Fuchsia, NetBSD, OpenBSD, Starnix, Windows, gVisor.
This is not an official Google product.