perf_fuzzer perf_event syscall fuzzer


The perf_fuzzer tool automatically tests the perf_event_open() system call and attempts to find mostly-valid inputs that potentially crash (or worse) the Linux kernel.

Hacker Note

Please send me an e-mail if you use perf_fuzzer and find bugs!

It's a struggle trying to get publications/funding for this work, which is one of the reasons why development has slowed. If you've used perf_fuzzer to get a CVE or bug bounty, please let me know so I can use the info in my reports to show how important fuzzing can be.

Bugs Found

The code has already found numerous denial of service bugs and various local root exploits. See here for a list of current/fixed mainline Linux kernel bugs found.


An article on the perf_fuzzer appeared on Fuzzing perf_events (5 August 2015)

A Tech Report describing the design of the fuzzer can be found here: 2015_perf_fuzzer_tr.pdf (12 May 2015).


The perf_fuzzer is available as part of the perf_event_test test suite.

Currently development is done via git at ; you can check out a version of the development tree via:
git clone git://
Read the README
Back to unofficial perf_events page