Razzer: Finding kernel race bugs through fuzzing

Environment setup

$ source scripts/envsetup.sh

scripts/envsetup.sh sets up necessary environment variables. One should select the kernel version during environment setup, for example, v4.17.


Initialize kernels_repo submodule

Kernel source codes used in this project are in the other reprository which is included as a submodule. To initialize the submodule one should execute git submodule update command as a follow.

$ git submodule update --init --depth=1 kernels_repo


$ sudo apt install zlib libglib-dev python-setuptools quilt libssl-dev dwarfdump

Install toolchains / tools

$ scripts/install.sh

scripts/install.sh then installs all the rest necessary toolchains and tools.

Static analysis

The Razzer's static analysis is based on the LLVM toolchain and the SVF static analysis tool. See documents in docs/static-analysis.md.


Razzer's two-phases fuzzing is based on Syzkaller. The deterministic scheduler is implemented using QEMU/KVM. See documents in docs/fuzzing.md.


Razzer: Finding Kernel Race Bugs through Fuzzing (IEEE S&P 2019)