Any progress about "Syzkaller + Kernel function fail-injection"

[mudongliang]

I found one good article - Syzkaller + Kernel function fail-injection(https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/harbian_qa/fuzz_testing/syz_kfun_finject.md).

As I know, the kernel fault-injection framework provides one option - fail-function which could modify the return value of specific functions.

Why do not we use this option? This could also achieve the goal somehow.

If I misunderstand something, please let me know.

[Bins94]

We want to check if an individual function can handle any arbitrary input.

[mudongliang]

You mean, apart from return value of specific function(implemented in CONFIG_FAIL_FUNCTION), this solution still double-checks the arguments of specific function, right?

[Bins94]

My meaning is this module can generate arbitrary input for a specific function. Even the input can be hardly generated by normal syscalls. We still check it.