How to set up Janus for fuzzing btrfs on a new system?

Follow the README steps: compile ff-gcc, core, LKL for btrfs, and the image parser, then use seed images and run the fuzzer with AFL arguments. Note it's tested on Ubuntu 16.04 with specific compiler versions, so adjustments may be needed for newer systems.

Janus vs AFL: which is better for file system fuzzing?

Janus is an AFL variant specialized for file systems, adding two-dimensional input exploration and LKL integration. It's more effective for file system bugs but less versatile for general fuzzing compared to standard AFL.

Can Janus be used with newer Linux kernels?

Janus uses LKL version 4.17, as per the README. For newer kernels, you might need to port LKL or modify the code, which is complex and not officially supported, potentially limiting compatibility.

What's the difference between Janus and Hydra?

Hydra is the latest project mentioned in the README, published at SOSP19, and includes an updated version of Janus. For current developments, check Hydra, as Janus might be a legacy or earlier version with fewer features.

How to reproduce crashes found by Janus?

Use tools like afl-parse to extract mutated images and programs from test cases, then run them with the combined executor in LKL. The README details generating tmp.img and tmp.c.raw for reproduction in a controlled environment.

Does Janus support fuzzing network file systems?

No, Janus currently focuses on local file systems like ext4, btrfs, and F2FS. There's no mention of support for network file systems such as NFS or CIFS, so it's not suitable for those targets.

Janus — Linux File System Fuzzer

What is Janus?

Janus is a file system fuzzer for Linux that discovers memory corruptions in in-kernel file systems by exploring both disk images and system call sequences simultaneously. It addresses the challenge of comprehensive file system testing by treating image structure and file operations as a two-dimensional input space. The tool has found approximately 100 unique crashes with 32 CVEs assigned in mainstream file systems.

Target Audience

Security researchers, kernel developers, and file system engineers who need to test the robustness and security of Linux file system implementations. It's particularly valuable for those conducting systematic security assessments of storage systems.

Value Proposition

Janus offers unique two-dimensional input space exploration that traditional fuzzers lack, enabling discovery of complex bugs that require specific combinations of image states and file operations. Its integration with LKL provides a lightweight, reproducible testing environment without requiring full virtual machines.

Janus: a state-of-the-art file system fuzzer on Linux

Use Cases

Best For

Finding memory corruption vulnerabilities in Linux file system implementations
Security researchers conducting systematic file system security assessments
Kernel developers testing new file system features or patches
Quality assurance teams performing deep file system testing
Academic research on file system robustness and fuzzing techniques
Discovering CVEs in mainstream file systems like ext4, btrfs, and F2FS

Not Ideal For

Fuzzing user-space applications or non-file system kernel modules
Projects requiring quick deployment with minimal setup and configuration
Testing file systems in full virtual machine or hardware-based production environments
Teams without deep kernel debugging expertise or resources to analyze in-kernel crashes

Pros & Cons

Pros

Two-Dimensional Fuzzing

Simultaneously explores disk image mutations and system call sequences, enabling discovery of complex bugs that traditional fuzzers miss, as evidenced by finding 100+ unique crashes.

Proven Security Impact

Has led to 32 CVEs assigned in mainstream file systems, demonstrating real-world effectiveness in identifying vulnerabilities.

Efficient LKL Integration

Targets the Linux Kernel Library instead of full VMs, reducing overhead and allowing faster fuzzing cycles, as outlined in the implementation.

Parallel Execution Support

Supports running multiple Janus instances collaboratively for distributed fuzzing, speeding up bug discovery per the run instructions.

Cons

Limited File System Coverage

Only supports ext4, btrfs, and F2FS currently, with no built-in support for other file systems like XFS or NTFS, limiting its scope.

Complex Setup Process

Requires compiling multiple components (ff-gcc, core, lkl, image parsers) with dependencies on Ubuntu 16.04 and older compilers, making deployment non-trivial and error-prone.

Outdated Testing Environment

Documentation and tested environment are based on Ubuntu 16.04 and clang 6.0.0, which may not be compatible with modern systems without significant adjustments.

What is Janus?

Target Audience

Value Proposition

Use Cases

Best For

Finding memory corruption vulnerabilities in Linux file system implementations
Security researchers conducting systematic file system security assessments
Kernel developers testing new file system features or patches
Quality assurance teams performing deep file system testing
Academic research on file system robustness and fuzzing techniques
Discovering CVEs in mainstream file systems like ext4, btrfs, and F2FS

Not Ideal For

Fuzzing user-space applications or non-file system kernel modules
Projects requiring quick deployment with minimal setup and configuration
Testing file systems in full virtual machine or hardware-based production environments
Teams without deep kernel debugging expertise or resources to analyze in-kernel crashes

Pros & Cons

Pros

Two-Dimensional Fuzzing

Simultaneously explores disk image mutations and system call sequences, enabling discovery of complex bugs that traditional fuzzers miss, as evidenced by finding 100+ unique crashes.

Proven Security Impact

Has led to 32 CVEs assigned in mainstream file systems, demonstrating real-world effectiveness in identifying vulnerabilities.

Efficient LKL Integration

Targets the Linux Kernel Library instead of full VMs, reducing overhead and allowing faster fuzzing cycles, as outlined in the implementation.

Parallel Execution Support

Supports running multiple Janus instances collaboratively for distributed fuzzing, speeding up bug discovery per the run instructions.

Cons

Limited File System Coverage

Only supports ext4, btrfs, and F2FS currently, with no built-in support for other file systems like XFS or NTFS, limiting its scope.

Complex Setup Process

Requires compiling multiple components (ff-gcc, core, lkl, image parsers) with dependencies on Ubuntu 16.04 and older compilers, making deployment non-trivial and error-prone.

Outdated Testing Environment

Documentation and tested environment are based on Ubuntu 16.04 and clang 6.0.0, which may not be compatible with modern systems without significant adjustments.

Janus

What is Janus?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Related Projects

Found a gem we're missing?

Janus

What is Janus?

Overview

Use Cases

Best For

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions

Related Projects

Found a gem we're missing?