搭建

1.Setup: Ubuntu host, QEMU vm, x86-64 kernel

https://github.com/google/syzkaller/blob/master/docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md

2.Kernel QA with syzkaller and qemu

https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syzkaller_general.md

syzkaller 实现介绍

1.Coverage-guided kernel fuzzing with syzkaller

https://lwn.net/Articles/677764/

2.Syzkaller:Future development

https://docs.google.com/presentation/d/1iAuTvzt_xvDzS2misXwlYko_VDvpvCmDevMOq2rXIcA/edit#slide=id.g18a0286605_0_28

3.How syzkaller works

https://github.com/google/syzkaller/blob/master/docs/internals.md

syzkaller 协议栈Fuzz

1.External network fuzzing for Linux kernel

https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_network.md

syzkaller 使用

1.Syzkaller crash DEMO

https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syzkaller_crash_demo.md

2.Exploiting the Linux kernel via packet sockets

https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html

syzkaller 语法规则

1.Syscall descriptions

syzkaller 生成产生崩溃的C程序

1.How to reproduce crashes

https://github.com/google/syzkaller/blob/master/docs/reproducing_crashes.md

https://github.com/google/syzkaller/blob/master/docs/syscall_descriptions.md

2.Syscall descriptions syntax

https://github.com/google/syzkaller/blob/master/docs/syscall_descriptions_syntax.md

syzkaller 配置

https://github.com/google/syzkaller/blob/master/docs/configuration.md