A4 Article in conference proceedings

Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development

List of Authors: Jukka Ruohonen, Kalle Rindell

Conference name: International Symposium on Software Reliability Engineering Workshops

Publication year: 2020

Book title *: 2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

ISBN: 978-1-7281-5139-7

eISBN: 978-1-7281-5138-0

DOI: http://dx.doi.org/10.1109/ISSREW.2019.00084


Fuzzing has been studied and applied ever since the 1990s. Automated and continuous fuzzing has recently been applied also to open source software projects, including the Linux and BSD kernels. This paper concentrates on the practical aspects of continuous kernel fuzzing in four open source kernels. According to the results, there are over 800 unresolved crashes reported for the four kernels by the syzkaller/syzbot framework. Many of these have been reported relatively long ago. Interestingly, fuzzing-induced bugs have been resolved in the BSD kernels more rapidly. Furthermore, assertions and debug checks, use-after-frees, and general protection faults account for the majority of bug types in the Linux kernel. About 23% of the fixed bugs in the Linux kernel have either went through code review or additional testing. Finally, only code churn provides a weak statistical signal for explaining the associated bug fixing times in the Linux kernel.

Last updated on 2021-24-06 at 10:28