Trinity: A Linux kernel fuzz tester (and then some)
Started as a braindead fuzz-testing tool for calling system calls with random garbage, trinity has grown into a tool that (at time of writing) seems to be finding bugs in areas all over the kernel, from network protocols to filesystems, from virtual memory to virtualisation, and many more.
While the idea of system call fuzzing has been around for a long time (dating back to days even pre-dating Linux), this tool now uses a number of interesting techniques to find corner-case bugs, and increase overall coverage testing.
On startup, Trinity creates a lot of random metadata (sockets, file handles, memory mappings, etc), and passes them to syscalls as they request them. Results are stored, and passed on to other future syscalls (possibly made by different threads). All sorts of mayhem ensues.
Will include a demo runthrough, and discussion of some of the more interesting bugs that have been found so far.
Dave is employed by Red Hat as the Fedora kernel team lead. In addition to work on beating the kernel into shape for Fedora users, he occasionally finds time to find new ways to break the kernel (hopefully before users do).