Kangzheng Gu, Yifan Zhang, Yuan Zhang, and Min Yang, Fudan University
Continuous fuzzing infrastructure has found a large number of bugs. In this case, automatic root cause analysis (RCA) has been proposed to reduce the expensive manual effort to understand the root cause of a bug. However, existing root-cause representations are designed as isolated forms. Analysts still need to manually infer the integrated bug-triggering procedure including calling context and data dependency, which is very difficult for OS kernels due to their complexity.
In this paper, we propose contextual causality chain (CC-chain), a novel root-cause representation to intuitively reflect the integrated bug-triggering procedure of memory corruptions in the Linux kernel. CC-chain shows the bug-contributing instructions to explain corresponding unexpected behaviors that lead to a bug, as well as calling contexts and data dependencies among these instructions to help analysts rapidly understand how a bug happens. To automatically construct the CC-chain, we design a root cause analysis system KernelRCA including selective tracing, contextual information recovery, and chain-style root cause analysis. KernelRCA successfully diagnoses 54 various kinds of real-world memory corruptions in the Linux kernel and performs better than existing crash reports and KASAN reports. A user study shows that KernelRCA's reports significantly facilitate bug understanding and fixing for human analysts.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
