Fuzzing Linux Kernel with syzkaller

Google’s guide is sufficient to follow

wget https://dl.google.com/go/go1.20.1.linux-amd64.tar.gz
tar -xf go1.20.1.linux-amd64.tar.gz
export GOROOT=`pwd`/go
export PATH=$GOROOT/bin:$PATH

at the end of the setup you need to give config file to the syzkaller.

for the workdir, the $GOPATH is going to be syzkaller path , not the GO’s path

For example:

./bin/syz-manager -config=my.cfg
It started to create a corpus.

After a while, if we are lucky, syzkaller hits some vulnerabilities listed below.

We have C-repro in the report section in order to reiterate the vulnerability.

When we compile and run the code, KASAN shows a report

I decided to add a vulnerable kernel driver to the kernel source code and fuzz it by syzlang description.

Downloaded Linux kernel 6.2-rc8

git clone https://github.com/torvalds/linux.git -b v6.2-rc8

Used reference config file

compiled and tested to fuzz.

It’s fuzzing

Created a folder under the drivers folder in the Linux kernel source code.

Copied the vulnerable driver from the wall-of-perdition workshop.






Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir