DIFFuzzer: Detecting File System Errors with Differential Grey-box Fuzzing
https://doi.org/10.15514/ISPRAS-2025-37(4)-17
Abstract
File systems are a crucial component of any modern operating system, whether it is a general-purpose computing system or a specialized data storage system. The cost of a file system error is very high; consequently, there is a need for effective tools for analyzing quality and detecting errors in file systems. This paper presents the DIFFuzzer tool, which is based on fuzzing techniques using grey-box and black-box principles, and implements a differential dynamic analysis approach, where the behavior of the target file system is compared to that of another, known to be of higher quality file system, which serves as a generator of reference behavior. In comparing behaviors, both the response codes of system calls and the aggregated state of the file systems are analyzed. The toolkit also includes a reducer that minimizes the erroneous trace and generates a short fragment where the error still appears. The developed tool has been tested on several POSIX-compliant file systems and has discovered several errors even during a relatively short experiment.
About the Authors
Vyacheslav Maksimovich KOVALEVSKY
ITMO University
Russian Federation
Russian Federation
Engineer of the Institute of Applied Computer Science of the ITMO University. Research interests: dynamic and static software analysis, fuzzing.
Valeriy Vladimirovich KECHIN
ITMO University
Russian Federation
Russian Federation
Engineer of the Institute of Applied Computer Science of the ITMO University. Research interests: dynamic and static software analysis, fuzzing.
Vladimir Mikhailovich ITSYKSON
ITMO University
Russian Federation
Russian Federation
Cand. Sci. (Tech.), associate professor of the Institute of Applied Computer Science of the ITMO University. Research interests: static and dynamic software analysis, software verification, methods for detecting defects in source code, methods for automating software testing.
References
1. (2015) Syzkaller: coverage-guided kernel fuzzer. Google. Accessed: 2025-03-29. [Online]. Available: https://github.com/google/syzkaller.
2. S. Kim, M. Xu, S. Kashyap, J. Yoon, W. Xu, and T. Kim, “Finding semantic bugs in file systems with an extensible fuzzing framework,” in Proceedings of the 27th ACM Symposium on Operating Systems Principles, ser. SOSP ’19. New York, NY, USA: Association for Computing Machinery, 2019, p. 147–161. [Online]. Available: https://doi.org/10.1145/3341301.3359662.
3. KCov: code coverage for fuzzing. The Linux Foundation. Accessed: 2025-03-29. [Online]. Available: https://www.kernel.org/doc/html/latest/dev-tools/kcov.html.
4. FUSE. The Linux Foundation. Accessed: 2025-03-29. [Online]. Available: https://www.kernel.org/doc/html/latest/filesystems/fuse.html.
5. S. Schumilo, C. Aschermann, R. Gawlik, S. Schinzel, and T. Holz, “kAFL: Hardware-Assisted feedback fuzzing for OS kernels,” in 26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC: USENIX Association, Aug. 2017, pp. 167–182. [Online]. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schumilo.
6. Afl. Google. Accessed: 2025-03-29. [Online]. Available: https://github.com/google/AFL.
7. (2013) Intel processor trace. Intel Corporation. Accessed: 2025-03-29. [Online]. Available: https://software.intel.com/en-us/blogs/2013/09/18/processor-tracing.
8. Y. Liu, M. Adkar, G. Holzmann, G. Kuenning, P. Liu, S. A. Smolka, W. Su, and E. Zadok, “Metis: File system model checking via versatile input and state exploration,” in 22nd USENIX Conference on File and Storage Technologies (FAST 24). Santa Clara, CA: USENIX Association, Feb. 2024, pp. 123–140. [Online]. Available: https://www.usenix.org/conference/fast24/presentation/liu-yifei.
9. Spin. Accessed: 2025-03-29. [Online]. Available: https://spinroot.com/spin/whatispin.html.
10. J. Mohan, A. Martinez, S. Ponnapalli, P. Raju, and V. Chidambaram, “CrashMonkey and ACE: Systematically testing file-system crash consistency,” ACM Trans. Storage, vol. 15, no. 2, Apr. 2019. [Online]. Available: https://doi.org/10.1145/3320275.
11. D. Chen, Y. Jiang, C. Xu, X. Ma, and J. Lu, “Testing file system implementations on layered models,” in Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ser. ICSE ’20. New York, NY, USA: Association for Computing Machinery, 2020, p. 1483–1495. [Online]. Available: https://doi.org/10.1145/3377811. 3380350.
12. W. Liu and A.-I. A. Wang, “LFuzz: Exploiting locality-enabled techniques for file-system fuzzing,” in Computer Security – ESORICS 2023, G. Tsudik, M. Conti, K. Liang, and G. Smaragdakis, Eds. Cham: Springer Nature Switzerland, 2024, pp. 507–525.
13. M. Xu, S. Kashyap, H. Zhao, and T. Kim, “KRace: Data race fuzzing for kernel file systems,” in 2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 1643–1660.
14. “IEEE/Open Group standard for information technology–portable operating system interface (POSIX™) base specifications, issue 8,” IEEE/Open Group Std 1003.1-2024 (Revision of IEEE Std 1003.1-2017), pp. 1–4107, 2024.
15. Using the RAM disk block device with linux. The Linux Foundation. Accessed: 2025-03-29. [Online]. Available: https://www.kernel.org/doc/html/latest/admin-guide/blockdev/ramdisk.html.
16. T. Ridge, D. Sheets, T. Tuerk, A. Giugliano, A. Madhavapeddy, and P. Sewell, “SibylFS: formal specification and oracle-based testing for POSIX and real-world file systems,” in Proceedings of the 25th Symposium on Operating Systems Principles, ser. SOSP ’15. New York, NY, USA: Association for Computing Machinery, 2015, p. 38–53. [Online]. Available: https://doi.org/10.1145/2815400.2815411
17. QEMU: a generic and open source machine emulator and virtualizer. Accessed: 2025-03-29. [Online]. Available: https://www.qemu.org.
18. Kernel virtual machine. Accessed: 2025-03-29. [Online]. Available: https://linux-kvm.org/page/MainPage.
19. (2016) TriforceAFL. NCC Group. Accessed: 2025-03-29. [Online]. Available: https://github.com/nccgroup/TriforceAFL.
20. LCov. Accessed: 2025-03-29. [Online]. Available: https://github.com/linux-test-project/lcov.
21. A. Fioraldi, D. C. Maier, D. Zhang, and D. Balzarotti, “Libafl: A framework to build modular and reusable fuzzers,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’22. New York, NY, USA: Association for Computing Machinery, 2022, p. 1051–1065. [Online]. Available: https://doi.org/10.1145/3548606.3560602.
22. QEMU machine protocol. Accessed: 2025-03-29. [Online]. Available: https://wiki.qemu.org/Documentation/QMP.
23. OpenSSH. OpenBSD Foundation. Accessed: 2025-03-29. [Online]. Available: https://www.openssh.com.
24. M. Bohme, V.-T. Pham, and A. Roychoudhury, “Coverage-based greybox fuzzing as markov chain,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16. New York, NY, USA: Association for Computing Machinery, 2016, p. 1032–1043. [Online]. Available: https://doi.org/10.1145/2976749.2978428.
25. (2017) LittleFS-FUSE. Accessed: 2025-03-29. [Online]. Available: https://github.com/littlefs-project/littlefs-fuse.
26. LittleFS-FUSE issue tracker. Renaming open file causes written data to be lost. Accessed: 2025-04-11. [Online]. Available: https://github.com/littlefs-project/littlefs-fuse/issues/78.
27. LittleFS-FUSE issue tracker. Removing directory with unlinked open file fails. Accessed: 2025-04-11. [Online]. Available: https://github.com/littlefs-project/littlefs-fuse/issues/79.
28. LittleFS-FUSE issue tracker. Descriptor file length is not updated after truncation. Accessed: 2025-05-02. [Online]. Available: https://github.com/littlefs-project/littlefs-fuse/issues/81.
Review
For citations:
KOVALEVSKY V.M., KECHIN V.V., ITSYKSON V.M. DIFFuzzer: Detecting File System Errors with Differential Grey-box Fuzzing. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2025;37(4):31-46. https://doi.org/10.15514/ISPRAS-2025-37(4)-17
Email this article 