Hi Tom, I think we can start by improving the coverage information, so we can identify which parts of the code have been fuzzed. Currently, Syzkaller can only report how many lines of code are covered, but not which specific parts.
The coverage functionality is implemented by the make function in pkg/cover/backend/backend.go in Syzkaller. We can port this functionality from Linux to FreeBSD to enable more detailed coverage information. Best Regards, Jian-Lin Li ljianli...@gmail.com > On May 14, 2025, at 2:49 PM, Tom Jones <t...@freebsd.org> wrote: > > > > On Tue, May 13, 2025, at 17:31, Jian-Lin Li 李建霖 wrote: >> Hi All, >> >> PR: https://github.com/google/syzkaller/pull/5992 >> >> This PR aims to improve the support of Syzkaller on FreeBSD. Based on >> the existing WiFi fuzzer designed for Linux, we drafted a new WiFi >> fuzzer for FreeBSD. We used wtap, a virtual wifi driver for testing, to >> support WiFi fuzzing. >> >> The coverage of this fuzzer (~2000 ~LoC) is quite low compared to the >> Linux one (~20000 LoC). There may be some room for improvement. However, >> Syzkaller doesn't fully support all coverage features on FreeBSD for >> now. It can only check how many line of code but not which part of code. >> >> For a more detailed setup, check out my write-up: >> https://hackmd.io/byPgVrEwRWSA5LKc56-30Q >> >> Feel free to reply to this thread or comment on the PR above if you have >> any questions. > > That is great work thank you for sharing it and working on improving wifi. > > Do you have suggestions for how to improve the coverage for the net80211 > system via syzkaller? It always helps to have new stepping off points for > improvements. > > - Tom
