1 research outputs found
Empirical Notes on the Interaction Between Continuous Kernel Fuzzing and Development
Fuzzing has been studied and applied ever since the 1990s. Automated and
continuous fuzzing has recently been applied also to open source software
projects, including the Linux and BSD kernels. This paper concentrates on the
practical aspects of continuous kernel fuzzing in four open source kernels.
According to the results, there are over 800 unresolved crashes reported for
the four kernels by the syzkaller/syzbot framework. Many of these have been
reported relatively long ago. Interestingly, fuzzing-induced bugs have been
resolved in the BSD kernels more rapidly. Furthermore, assertions and debug
checks, use-after-frees, and general protection faults account for the majority
of bug types in the Linux kernel. About 23% of the fixed bugs in the Linux
kernel have either went through code review or additional testing. Finally,
only code churn provides a weak statistical signal for explaining the
associated bug fixing times in the Linux kernel.Comment: The 4th IEEE International Workshop on Reliability and Security Data
Analysis (RSDA), 2019 IEEE International Symposium on Software Reliability
Engineering Workshops (ISSREW), Berlin, IEE