SyzGPT is an LLM-assisted kernel fuzzing framework for automatically generating effective seeds for low frequency syscalls (LFS). Linux kernel provides over 360 system calls and Syzkaller defines more than 4400 specialized calls encapsulated for specific purposes of system calls. However, many of these syscalls (called LFS) are hard to be consistently covered due to the complex dependencies and mutation uncertainty, leaving the testing space. SyzGPT can automatically extract and augment syscall dependencies for these LFS and generate effective seeds with dependency-based RAG (DRAG). Our evaluation shows that SyzGPT can improve overall code coverage and syscall coverage, and find LFS-induced vulnerabilities. We also release a toy model 🤗CodeLlama-syz-toy specialized for Syz-program.

We present the Syz-program generation processes of SyzGPT, including dependency-based reference programs (R-programs) retrieval and target seed generation.

We provide the augmented syscall dependencies and corpus base for the following seed generation by default. In practical scenarios, you can replace them with better ones.

We are committed to transparent and ethical research. All code, datasets, and models for SyzGPT are open-source. And all vulnerabilities discovered during this research were responsibly disclosed to the Linux kernel upstream community or upstream vendors, reflecting our goal of positively contributing to kernel security and robustness.