Skip to content
A Kernel fuzzer focusing on race bugs
Branch: master
Clone or download
lifeasageek Merge pull request #3 from akshaykrishnan/patch-1
Enable kernels_repo submodule init using HTTPS
Latest commit 946e4d7 Jun 10, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs documents updated Jun 7, 2019
kernels_repo @ 96210d6 v0.1 May 27, 2019
scripts minor fix Jun 4, 2019
toolchains v0.1 May 27, 2019
tools syzkaller: Missing log package Jun 4, 2019
.gitignore syzkaller: Missing log package Jun 4, 2019
.gitmodules Enable kernel_repo submodule init using HTTPS Jun 10, 2019 paper May 27, 2019

Razzer: Finding kernel race bugs through fuzzing

Environment setup

Running scripts/ will set up necessary environment variables. One should select the kernel version during environment setup, for example, v4.17


Initialize kernels_repo submodule

Kernel source codes used in this project are in the other reprository which is included as a submodule. To initialize the submodule one should execute git submodule update command as a follow.

git submodule update --init --depth=1 kernels_repo

Install toolchains / tools

scripts/ will try to install all toolchains and tools.

Static analysis

The Razzer's static analysis is based on the LLVM toolchain and the SVF static analysis tool. See documents in docs/static_analysis/.


Razzer's two-phases fuzzing is based on Syzkaller. The deterministic scheduler is implemented using QEMU/KVM. See documents in docs/fuzzing/.


Razzer: Finding Kernel Race Bugs through Fuzzing (IEEE S&P 2019)



You can’t perform that action at this time.