On Wed, May 14, 2025, at 10:27 AM, Jian-Lin Li wrote: > Hi Tom, > > I think we can start by improving the coverage information, so we can > identify which parts of the code have been fuzzed. Currently, Syzkaller > can only report how many lines of code are covered, but not which > specific parts. > > The coverage functionality is implemented by the make function in > pkg/cover/backend/backend.go in Syzkaller. We can port this > functionality from Linux to FreeBSD to enable more detailed coverage > information. > > Best Regards, > > Jian-Lin Li > ljianli...@gmail.com >
To add to this question, is the idea to target specific functions with a frame that we know will "get through" to the net80211 stack via ieee80211_input_*(), and try to fuzz the handling? I would love to see an example an example, if you could point me to the right direction within the code. Also, should this be considered a test within the src tree, rather than a stand-alone package?
