The control plane of Software-Defined Networking (SDN) is the key component that oversees and manages networks. However, involving design or logic flaws in its policy enforcement and network control is inevitable, which can cause it to behave incorrectly and induce network anomalies. Unfortunately, existing approaches mainly focus on policy verification or fault troubleshooting with little fault localization capability for repairing these flaws in production environments. In this paper, we present FALCON, the first FAult Localization tool for SDN CONtrol plane. We design a novel causal inference mechanism based on differential checking, which symmetrically compares two system behaviors with similar processes and identifies the causality in related code execution paths with concrete contexts to explain why a fault happened in the SDN network. Our main contributions include 1) a lightweight rule-based dynamic tracing mechanism for recording system behaviors of the SDN control plane, 2) a context-aware modeling mechanism for modeling these behaviors, and 3) a differential checking mechanism for localizing controller faults according to formulated symptoms. Our evaluation shows that FALCON is capable of localizing faults in SDN control plane with low overhead on performance.