A gentle introduction to Linux Kernel fuzzing

This blog post discusses coverage-guided fuzzing, a powerful testing technique where an automated program feeds semi-random inputs to a tested program. The intention is to find such inputs that trigger bugs. Fuzzing is especially useful in finding memory corruption bugs in C or C++ programs. The author decided to use the AFL fuzzer and target the Linux Kernel netlink machinery, which is an obscure part of the kernel but relatively easy to automatically craft valid messages. The post provides a tutorial on how to set up and run the custom kernel within KVM virtualization. It also mentions prior work in this area, including syzkaller and Trinity fuzzer.