Post Syndicated from original https://lwn.net/Articles/909245/

Andrey Konovalov began his 2022 Linux
Security Summit Europe (LSS EU) talk with a bold statement: “fuzzing is
useless”. As might be guessed, he qualified that assertion quickly by
adding “without dynamic bug detectors”. These bug detectors include
“sanitizers” of various sorts, such as the Kernel Address
Sanitizer (KASAN), but there are others. Konovalov looked in detail at KASAN
and gave an overview of the
sanitizer landscape along with some ideas of ways to push these bug
detectors further—to find even more kernel bugs.