syzkaller-xnu
Last updated: Mar. 23, 2026 by Sungwoo Kim.
Syzkaller1 has discovered 1,000+ bugs across multiple operating systems, including Apple's XNU kernel. However, the last update to XNU support was five years ago (for macOS 11.5) and no longer works on recent kernels. In addition, it mainly covers legacy system calls, leaving Mach and newly introduced system calls largely uncovered.
I therefore extended Syzkaller to support recent XNU kernels, including Mach system calls. The two primary technical challenges were (1) building XNU with KCOV and sanitizers, and (2) automatically extracting syscall descriptions. Challenge (1) is an engineering task, and this documents the workflow and operational tips. For (2), I developed a transpiler that automatically converts system call definitions into syzlang. This describes the design and limitations.
As a result, I ran Syzkaller on macOS 15.x in emulation and identified five previously unknown bugs. I reported these issues to Apple about six months ago, and three bugs are now fixed. This provides the bug analysis.
Source code is availabe at https://github.com/swkim101/syz-xnu
Index:
Demo
Syzkaller coverage reports: dashboard / graphs / coverage (43MB)
Crash demo:
A non-root user can trigger an unexpected reboot. It is currently fixed.
PoC source: aio.c. Additional bugs and PoCs are documented in Bug discovery.
Limitations
- The demo fuzzer targets macOS 15.x (released about a year ago). Releasing a fuzzer for the latest macOS build may not be appropriate for several practical reasons.
- Only x86_64 kernels are supported. Building the kernel for Apple Silicon currently fails due to unresolved register issues. Some bugs (but not all) were reproduced on both Intel and Apple Silicon.
- Closed-source kernel extensions are not covered.
Related works
- KextFuzz2 cleverly converted pointer authentication codes (PAC) into coverage probes, enabling coverage collection from closed-source kexts.
- CrossFire3 proposed a novel attack surface, Apple Silicon's GPU and NPU memory that are shared with CPUs.
- Pop and Push4 suggested a novel attack and defense model using Mach ports.
- Cai et. al.5 systematically analyzed how PAC works in M1 and found several gadgets that potentially bypass PA.
- https://github.com/google/syzkaller back
- https://www.usenix.org/system/files/usenixsecurity23-yin.pdf back
- https://dl.acm.org/doi/pdf/10.1145/3658644.3690376 back
- https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5B-2_23126_paper.pdf back
- https://www.usenix.org/system/files/usenixsecurity23-cai-zechao.pdf back