Dongliang Mu (Huazhong University of Science and Technology), Yuhang Wu (Pennsylvania State University), Yueqi Chen (Pennsylvania State University), Zhenpeng Lin (Pennsylvania State University), Chensheng Yu (George Washington University), Xinyu Xing (Pennsylvania State University), Gang Wang (University of Illinois at Urbana-Champaign)

In the past three years, the continuous fuzzing projects Syzkaller and Syzbot have achieved great success in detecting kernel vulnerabilities, finding more kernel bugs than those found in the past 20 years. However, a side effect of continuous fuzzing is that it generates an excessive number of
crash reports, many of which are “duplicated” reports caused by the same bug. While Syzbot uses a simple heuristic to group (deduplicate) reports, we find that it is often inaccurate. In this
paper, we empirically analyze the duplicated kernel bug reports to understand: (1) the prevalence of duplication; (2) the potential costs introduced by duplication; and (3) the key causes behind the duplication problem. We collected all of the fixed kernel bugs from September 2017 to November 2020, including 3.24 million crash reports grouped by Syzbot under 2,526 bug reports (identified by unique bug titles). We found the bug reports indeed had duplication: 47.1% of the 2,526 bug reports are duplicated with one or more other reports. By analyzing the metadata of these reports, we found undetected duplication introduced extra costs in terms of time and developer efforts. Then we organized Linux kernel experts to analyze a sample of duplicated bugs (375 bug reports, unique 120 bugs) and identified 6 key contributing factors to the duplication. Based on these empirical findings, we proposed and prototyped actionable strategies for bug deduplication. After confirming their effectiveness using a ground-truth dataset, we further applied our methods and identified previously unknown duplication cases among open bugs.

View More Papers

Interpretable Federated Transformer Log Learning for Cloud Threat Forensics

Gonzalo De La Torre Parra (University of the Incarnate Word, TX, USA), Luis Selvera (Secure AI and Autonomy Lab, The University of Texas at San Antonio, TX, USA), Joseph Khoury (The Cyber Center For Security and Analytics, University of Texas at San Antonio, TX, USA), Hector Irizarry (Raytheon, USA), Elias Bou-Harb (The Cyber Center For…

Read More

D-Box: DMA-enabled Compartmentalization for Embedded Applications

Alejandro Mera (Northeastern University), Yi Hui Chen (Northeastern University), Ruimin Sun (Northeastern University), Engin Kirda (Northeastern University), Long Lu (Northeastern University)

Read More

FakeGuard: Exploring Haptic Response to Mitigate the Vulnerability in...

Aditya Singh Rathore (University at Buffalo, SUNY), Yijie Shen (Zhejiang University), Chenhan Xu (University at Buffalo, SUNY), Jacob Snyderman (University at Buffalo, SUNY), Jinsong Han (Zhejiang University), Fan Zhang (Zhejiang University), Zhengxiong Li (University of Colorado Denver), Feng Lin (Zhejiang University), Wenyao Xu (University at Buffalo, SUNY), Kui Ren (Zhejiang University)

Read More

Demo #7: A Simulator for Cooperative and Automated Driving...

Mohammed Lamine Bouchouia (Telecom Paris - Institut Polytechnique de Paris), Jean-Philippe Monteuuis (Qualcomm Technologies Inc), Houda Labiod (Telecom Paris - Institut Polytechnique de Paris), Ons Jelassi (Telecom Paris - Institut Polytechnique de Paris), Wafa Ben Jaballah (Thales) and Jonathan Petit (Qualcomm Technologies Inc)

Read More