Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via <i>Reverse Fuzzing</i>

doi:10.1109/TIFS.2025.3562704

	Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing
	Li, Xingwei 1; Kang, Yan 2,3; Wu, Chenggang 2,3; Liu, Danjun 4; Wang, Jiming 2,3; Sun, Yue 2,3; Wu, Zehui 1; Wang, Yunchao 1; Ma, Rongkuan 1; Wei, Qiang 1
	2025
发表期刊	IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
ISSN	1556-6013
卷号	20 页码:5224-5239
摘要	The Linux kernel remains vulnerable to numerous bugs, with approximately 65% detected by Syzkaller lacking Proof-of-Concept (PoC), hampering risk mitigation efforts. These bugs, termed irreproducible kernel bugs, highlight the challenge of statefulness issue-related irreproducibility in kernel fuzzing, which is an open research without definitive solutions. Our investigation reveals that suboptimal seed quality distribution in fuzzing is the root obstacle preventing effective tracking of the states leading to crashes. Inspired by this insight, we introduce Reverse Fuzzing ( RF ), an innovative approach that infers hard-to-reach states by continuously reverse-oriented deriving from subsequently encountered bridge states to increase reproduction probability. RF differentiates between the "trigger" seed, which directly causes crashes, and "activator" seeds, which establish the necessary preconditions, prioritizing exploration around trigger while simultaneously regenerating and maintaining activators during fuzzing, which effectively facilitate restructuring such elusive states from "yesterday". We implement YOME , a prototype leveraging RF to strike a balance between fuzzing efficiency and effectiveness through customized scheduling and mutation strategies, armed with a refinement mechanism to improve seed quality distribution. Our evaluations validate that YOME reproduces 110% more bugs than previous kernel fuzzers and demonstrate its practicality in real-world scenarios. YOME generated 125 PoCs (30.1% of the total) and uncovered 23 unique bugs, with 40 confirmed and 5 assigned CVEs.
关键词	Computer bugs Fuzzing Kernel Radio frequency Sockets Linux Cloning Virtual machines Bridges Training Linux kernel bug reproduction kernel fuzzing kernel bugs vulnerability Syzkaller
DOI	10.1109/TIFS.2025.3562704
收录类别	SCI
语种	英语
资助项目	National Natural Science Foundation of China (NSFC)[62272442] ; National Natural Science Foundation of China (NSFC)[61902374] ; National Natural Science Foundation of China (NSFC)[U1736208] ; Innovation Funding of the Institute of Computing Technology (ICT), Chinese Academy of Sciences (CAS)[E161040]
WOS研究方向	Computer Science ; Engineering
WOS类目	Computer Science, Theory & Methods ; Engineering, Electrical & Electronic
WOS记录号	WOS:001525472200001
出版者	IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
引用统计
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/42031
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Wu, Chenggang
作者单位	1.Informat Engn Univ, Zhengzhou 450001, Peoples R China 2.Chinese Acad Sci, Inst Comp Technol, SKLP, Beijing 056001, Peoples R China 3.Univ Chinese Acad Sci, Beijing 056001, Peoples R China 4.Natl Univ Def Technol, Changsha 410073, Peoples R China
推荐引用方式 GB/T 7714	Li, Xingwei,Kang, Yan,Wu, Chenggang,et al. Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY,2025,20:5224-5239.
APA	Li, Xingwei.,Kang, Yan.,Wu, Chenggang.,Liu, Danjun.,Wang, Jiming.,...&Wei, Qiang.(2025).Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing.IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY,20,5224-5239.
MLA	Li, Xingwei,et al."Yesterday Once MorE: Facilitating Linux Kernel Bug Reproduction via Reverse Fuzzing".IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 20(2025):5224-5239.