Download
syzkaller is Google’s coverage-guided, feedback-driven kernel fuzzer designed to uncover reliability and security bugs in operating system kernels at scale. It automatically generates, mutates, and minimizes system call programs, then drives them through a specialized executor (syz-executor) to exercise deep kernel paths. The system integrates tightly with sanitizers such as KASAN, KMSAN, KCSAN, and UBSAN to surface memory safety, concurrency, and undefined behavior issues with actionable reports. A distributed architecture coordinates many fuzzing VMs, collects crash signatures, deduplicates them, and bisects to the first bad commit when possible. syzkaller maintains per-kernel “syz” descriptions so it understands arguments, flags, and resources of thousands of syscalls and ioctls across Linux and other kernels. It also ships sophisticated reproducers and minimization routines so developers get small, deterministic test cases they can run locally to fix bugs quickly.
Features
- Coverage-guided syscall fuzzing with sanitizer integration
- Distributed fuzzing across fleets of virtual machines
- Automated crash deduplication, triage, and bisection
- Reproducer generation and test case minimization
- Rich syscall/IOCTL descriptions for multiple kernels
- Web dashboards and triage tooling for long-running campaigns
Project Samples
