Short Recipe

git clone https://android.googlesource.com/kernel/goldfish kernel/goldfish
cd ./kernel/goldfish
git checkout -b android-4.4-dev origin/android-4.4
make defconfig
make -j4
wget https://storage.googleapis.com/syzkaller/wheezy.img
qemu-system-x86_64 -m 1GB -kernel arch/x86/boot/bzImage -hda wheezy.img -append "root=/dev/sda"

Step by Step

1. Get the Android Linux kernel named "Goldfish" adapted to run under emulator (see Building Kernels | Android Open Source Project):

   git clone https://android.googlesource.com/kernel/goldfish kernel/goldfish
   

2. Enter the directory. It is empty.

   cd ./kernel/goldfish
   

3. List the branches and select any of them.

   git branch -a
   * master
     remotes/origin/android-4.14
     remotes/origin/android-4.4   # <- Linux kernel 4.4.
   

4. Checkout.

   git checkout -b android-4.4-dev origin/android-4.4
   

5. Build.

   make defconfig
   make -j4
   

   Result is here: arch/x86/boot/bzImage.
6. Install QEMU.

   sudo apt install qemu
   

   or just

   sudo apt install qemu-system-x86
   

7. Run Android Linux kernel with initrd.
   Create initrd RAM disk.

   mkinitramfs -o initrd
   

   Run QEMU.

   qemu-system-x86_64 -m 1GB -kernel arch/x86/boot/bzImage -initrd initrd
   

   Give to QEMU some additional RAM memory -m 1GB to not get an error message like "Kernel panic - Not syncing: No working init found."
8. Run Android Linux kernel with ext4 image.
   Download 1GB wheezy.img.
   Wheezy image is a R/W image of Debian 7 with 656 MB of a free space. It is suitable for QEMU and also if you're going to run syzkaller further.

   wget https://storage.googleapis.com/syzkaller/wheezy.img
   

   Run QEMU.

   qemu-system-x86_64 -m 1GB -kernel arch/x86/boot/bzImage -hda wheezy.img -append "root=/dev/sda"
   

   Login: root. Password: empty.