diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | docs/found_bugs.md | 456 | ||||
| -rw-r--r-- | docs/linux/found_bugs.md | 457 | ||||
| -rw-r--r-- | docs/linux/found_bugs_usb.md (renamed from docs/found_bugs_usb.md) | 0 | ||||
| -rw-r--r-- | docs/linux/kernel_configs.md (renamed from docs/linux_kernel_configs.md) | 0 | ||||
| -rw-r--r-- | docs/linux/reporting_kernel_bugs.md (renamed from docs/linux_kernel_reporting_bugs.md) | 2 | ||||
| -rw-r--r-- | docs/linux/setup.md (renamed from docs/setup_generic.md) | 6 | ||||
| -rw-r--r-- | docs/linux/setup_linux-host_android-device_arm64-kernel.md (renamed from docs/setup_linux-host_android-device_arm64-kernel.md) | 2 | ||||
| -rw-r--r-- | docs/linux/setup_linux-host_isolated.md (renamed from docs/setup_linux-host_isolated.md) | 4 | ||||
| -rw-r--r-- | docs/linux/setup_linux-host_qemu-vm_arm64-kernel.md (renamed from docs/setup_linux-host_qemu-vm_arm64-kernel.md) | 2 | ||||
| -rw-r--r-- | docs/linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md (renamed from docs/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md) | 4 | ||||
| -rw-r--r-- | docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md (renamed from docs/setup_ubuntu-host_qemu-vm_x86-64-kernel.md) | 4 | ||||
| -rw-r--r-- | docs/linux/troubleshooting.md | 32 | ||||
| -rw-r--r-- | docs/setup.md | 12 | ||||
| -rw-r--r-- | docs/troubleshooting.md | 25 | ||||
| -rw-r--r-- | docs/usage.md | 2 |
16 files changed, 512 insertions, 498 deletions
@@ -15,7 +15,7 @@ You can subscribe to it with a google account or by sending an email to syzkalle - [How to use syzkaller](docs/usage.md) - [How syzkaller works](docs/internals.md) - [How to contribute to syzkaller](docs/contributing.md) -- [How to report Linux kernel bugs](docs/linux_kernel_reporting_bugs.md) +- [How to report Linux kernel bugs](docs/linux/reporting_kernel_bugs.md) ## External Articles diff --git a/docs/found_bugs.md b/docs/found_bugs.md index 5281f506c..ba0c93a15 100644 --- a/docs/found_bugs.md +++ b/docs/found_bugs.md @@ -1,457 +1,3 @@ # Found bugs -_newer first_ - -* [fs: possible deadlock in do_iter_write/do_splice](https://groups.google.com/forum/#!topic/syzkaller/f72L3fPD8sY) -* [net/ipv6: warning in __alloc_pages_slowpath/ipip6_tunnel_get_prl](https://groups.google.com/forum/#!topic/syzkaller/VtONA6oTiio) -* [net/ipv6: GPF in rt6_ifdown](https://groups.google.com/forum/#!topic/syzkaller/dQ0r_bHOrJk) -* [net/ipv4: trying to register non-static key in ip_mc_clear_src](https://groups.google.com/forum/#!topic/syzkaller/E60_ya1wNxs) -* [net/can: trying to register non-static key in can_rx_register](https://groups.google.com/forum/#!topic/syzkaller/to2Or4lUrTU) -* [net: general protection fault in deactivate_slab](https://groups.google.com/forum/#!topic/syzkaller/k_Q4h-RPzkQ) -* [net/ipv4: use-after-free in add_grec](https://groups.google.com/forum/#!topic/syzkaller/dlHu8uuZWfg) -* [net/ipv6: use-after-free in ip6_dst_ifdown](https://groups.google.com/forum/#!topic/syzkaller/ZJaqAiFLe3k) -* [tty: possible deadlock in tty_buffer_flush](https://groups.google.com/forum/#!topic/syzkaller/PXe_ekNtIZ8) -* [net/ipv6: general protection fault in skb_release_data](https://groups.google.com/forum/#!topic/syzkaller/e3I2c8X2oWo) CVE-2017-9242 -* [drivers/net/hamradio: divide error in hdlcdrv_ioctl](https://groups.google.com/forum/#!topic/syzkaller/Uwy36npUcBQ) -* [tty: fix port buffer locking](https://lkml.org/lkml/2017/5/11/118) -* [kvm: warning in kvm_load_guest_fpu](https://groups.google.com/forum/#!topic/syzkaller/OSNJfH8rNPE) -* [drivers/scsi: GPF in sg_read](https://groups.google.com/forum/#!topic/syzkaller/FqYh6Jks6h0) -* [net/ipv4: use-after-free in ip_mc_drop_socket](https://groups.google.com/forum/#!topic/syzkaller/y3_fsYmwdio) CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 -* [net/ipv6: GPF in rt6_device_match](https://groups.google.com/forum/#!topic/syzkaller/PbCfeuGSoNI) -* [x86: warning: kernel stack regs has bad 'bp' value](https://groups.google.com/forum/#!topic/syzkaller/HQl-x5dWJ9Q) -* [net/key: slab-out-of-bounds in pfkey_compile_policy](https://groups.google.com/forum/#!topic/syzkaller/MHjh-tJo_wE) -* [net/ipv6: warning in inet6_ifa_finish_destroy](https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw) -* [net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu](https://groups.google.com/forum/#!topic/syzkaller/OhkhEez1z1A) -* [net/ipv6: slab-out-of-bounds in ip6_tnl_xmit](https://groups.google.com/forum/#!topic/syzkaller/Wr3dZWAO8vw) -* [net/rose: null-ptr-deref in rose_route_frame](https://groups.google.com/forum/#!topic/syzkaller/RWKRCxpbS90) -* [time: hang due to timer_create/timer_settime](https://groups.google.com/forum/#!topic/syzkaller/355tWdc8oHY) -* [net/core: BUG in unregister_netdevice_many](https://groups.google.com/forum/#!topic/syzkaller/3zsXPUh-KzU) -* [net/xfrm: stack-out-of-bounds in xfrm_state_find](https://groups.google.com/forum/#!topic/syzkaller/WA6MdAfCYS0) -* [net/bonding: stack-out-of-bounds in bond_enslave](https://groups.google.com/forum/#!topic/syzkaller/IDoQHFmrnRI) -* [net: ipv6: RTF_PCPU should not be settable from userspace](https://www.spinics.net/lists/netdev/msg430947.html) -* [fs/notify/inotify: slab-out-of-bounds write in strcpy](https://groups.google.com/d/msg/syzkaller/ecGeXh44M50/r7OSshSOCAAJ) -* [net/ipv6: slab-out-of-bounds read in seg6_validate_srh](https://groups.google.com/forum/#!topic/syzkaller/U3NMWDD16PM) -* [kernel BUG at mm/hugetlb.c:742!](https://lkml.org/lkml/2017/4/10/1154) -* [net/key: slab-out-of-bounds in parse_ipsecrequests](https://groups.google.com/forum/#!topic/syzkaller/vG7Cyfx-mvU) -* [net/ipv4: use-after-free in ipv4_datagram_support_cmsg](https://groups.google.com/forum/#!topic/syzkaller/F79HOk-4RhA) -* [net/ipv4: use-after-free in ip_queue_xmit](https://groups.google.com/forum/#!topic/syzkaller/X6L7h46rDsw) -* [net: use-after-free in __ns_get_path](https://groups.google.com/forum/#!topic/syzkaller/Vnf3aEG-wqY) -* [net/ipv4: use-after-free in ip_check_mc_rcu](https://groups.google.com/forum/#!topic/syzkaller/6q5nFux7N2E) -* [net/ipv6: use-after-free in ipv6_sock_ac_close](https://groups.google.com/forum/#!topic/syzkaller/z4Y96bFyq7I) -* [net/ipv4: use-after-free in ipv4_mtu](https://groups.google.com/forum/#!topic/syzkaller/UAjEGZoiAF4) -* [net/dccp: BUG in tfrc_rx_hist_sample_rtt](https://groups.google.com/forum/#!topic/syzkaller/inWmASLpo8Q) -* [net/sctp: list double add warning in sctp_endpoint_add_asoc](https://groups.google.com/forum/#!topic/syzkaller/6_LZGvwjzcA) -* [kvm: use-after-free in srcu_reschedule](https://groups.google.com/d/msg/syzkaller/Sl0POwca6-s/QR_z6AsFCQAJ) -* [ata: WARNING in ata_bmdma_qc_issue](https://groups.google.com/d/msg/syzkaller/Hy5yHjgOri8/0fhs94QXCAAJ) -* [net/sched: GPF in qdisc_hash_add](https://groups.google.com/d/msg/syzkaller/--acxHx5yyo/WsS4Yw7PBwAJ) -* [sg: random memory corruptions](https://groups.google.com/d/msg/syzkaller/wWn_oXRfN7Y/kgtLfy_OBwAJ) -* [fs: GPF in deactivate_locked_super](https://groups.google.com/d/msg/syzkaller/xLJUOccIV48/4yXIAfnIBwAJ) -* [loop: WARNING in sysfs_remove_group](https://groups.google.com/d/msg/syzkaller/nq6tjrQLVo4/IL-lxLHIBwAJ) -* [lib, fs, cgroup: WARNING in percpu_ref_kill_and_confirm](https://groups.google.com/d/msg/syzkaller/sT2NZaIfP_E/B15roGnIBwAJ) -* [ata: WARNING in ata_qc_issue](https://groups.google.com/d/msg/syzkaller/r1iGG9w4a9U/l6FkC0HGBwAJ) -* [security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode](https://groups.google.com/d/msg/syzkaller/GLiqkLgHpc8/RzD3JUTFBwAJ) -* [netlink: NULL timer crash](https://groups.google.com/d/msg/syzkaller/drVyP4zu3SM/yPx2taTEBwAJ) -* [kvm: use-after-free function call in kvm_io_bus_destroy](https://groups.google.com/d/msg/syzkaller/1zn_juvw7Fk/BAqe32_DBwAJ) -* [sound: use-after-free in snd_seq_cell_alloc](https://groups.google.com/d/msg/syzkaller/ZXLFJniQJJE/menSWN_CBwAJ) -* [usb: use-after-free write in usb_hcd_link_urb_to_ep](https://groups.google.com/d/msg/syzkaller/v5ra3_AduC4/8-43yozCBwAJ) -* [net/kcm: double free of kcm inode](https://groups.google.com/d/msg/syzkaller/CFYuMediESc/L31CuijCBwAJ) -* [crypto: out-of-bounds write in pre_crypt](https://groups.google.com/d/msg/syzkaller/ivRlyW1WX10/3M9rSuC9BwAJ) -* [security: double-free in superblock_doinit](https://groups.google.com/d/msg/syzkaller/AXrX3E0YOsg/dvcctKm8BwAJ) -* [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/gBu_q0nPy9o/r3QmSIO6BwAJ) -* [tcp: fix potential double free issue for fastopen_req](https://www.spinics.net/lists/netdev/msg422971.html) -* [net/udp: slab-out-of-bounds Read in udp_recvmsg](https://groups.google.com/d/msg/syzkaller/K6CC1usBuWs/6aYxL79BBQAJ) -* [net: deadlock between ip_expire/sch_direct_xmit](https://groups.google.com/d/msg/syzkaller/e-2ANaCu2fk/zvSg0l4DBQAJ) -* [srcu: BUG in __synchronize_srcu](https://groups.google.com/forum/#!topic/syzkaller/2WSsltbI5Z8) -* [net/sctp: recursive locking in sctp_do_peeloff](https://groups.google.com/d/msg/syzkaller/5NY7KjBKgA0/nMm6k7bwEQAJ) -* [kvm: WARNING in vmx_handle_exit](https://groups.google.com/d/msg/syzkaller/D01HuY1tDhc/UIeC8eXfDQAJ) -* [futex: use-after-free in futex_wait_requeue_pi](https://groups.google.com/d/msg/syzkaller/MrJ5ckRkQBI/pXjdOFztEQAJ) -* [kvm/arm64: use-after-free in kvm_vm_ioctl/vmacache_update](https://groups.google.com/forum/#!topic/syzkaller/QUhNm5patag) -* [kvm/arm64: use-after-free in kvm_unmap_hva_handler/unmap_stage2_pmds](https://groups.google.com/forum/#!topic/syzkaller/Hk9R17J-2tA) -* [local privilege escalation flaw in n_hdlc](http://seclists.org/oss-sec/2017/q1/569) CVE-2017-2636 -* [netlink: GPF in netlink_unicast](https://groups.google.com/d/msg/syzkaller/AN-WbVHU0hw/iMmJEUSbEAAJ) -* [perf: use-after-free in perf_release](https://groups.google.com/d/msg/syzkaller/_P-SyZtwVXk/RhO-VB2YEAAJ) -* [net/ipv6: null-ptr-deref in ip6mr_sk_done](https://groups.google.com/forum/#!topic/syzkaller/H8hyTRfCClI) -* [bpf: kernel NULL pointer dereference in map_get_next_key](https://groups.google.com/d/msg/syzkaller/nyr1SaxHfyo/gp21-xhaEAAJ) -* [crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex](https://groups.google.com/d/msg/syzkaller/jtz84qFQ_3s/vzFV8YhaEAAJ) -* [kvm: use-after-free in vmx_check_nested_events/vmcs12_guest_cr0](https://groups.google.com/d/msg/syzkaller/_e1uwkRRVfk/CqEIKj9SEAAJ) -* [sound: another deadlock in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/GAUhiTjyDfI/XcIntncQEAAJ) -* [rcu: WARNING in rcu_seq_end](https://groups.google.com/d/msg/syzkaller/M4UEuqSTMR8/JoEPLtQOEAAJ) -* [fs: use-after-free in path_lookupat](https://groups.google.com/d/msg/syzkaller/_8MZkKL2-QU/PA0q5XULEAAJ) -* [ucount: use-after-free read in inc_ucount & dec_ucount](https://groups.google.com/d/msg/syzkaller/xB_UphO1T7w/me1WddQAEAAJ) -* [net/ipv4: division by 0 in tcp_select_window](https://groups.google.com/d/msg/syzkaller/TFH8rl8yTrU/9PzPjkfHDwAJ) -* [net: heap out-of-bounds in fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone](https://groups.google.com/d/msg/syzkaller/3SS80JbVPKA/2tfIAcW7DwAJ) -* [mm: use-after-free in zap_page_range](https://groups.google.com/d/msg/syzkaller/-e9ZYxL9zts/6ip-8FK5DwAJ) -* [net/kcm: use-after-free in kcm_wq](https://groups.google.com/d/msg/syzkaller/c_jOLx9FEgk/nz2PJROtDwAJ) -* [idr: use-after-free write in ida_get_new_above](https://groups.google.com/d/msg/syzkaller/23J2nN6syEE/gFFk_xSsDwAJ) -* [sg: stack out-of-bounds write in sg_write](https://groups.google.com/d/msg/syzkaller/fvvhyYQHiT8/UOnInaajDwAJ) CVE-2017-7187 -* [cgroup: WARNING in cgroup_kill_sb](https://groups.google.com/d/msg/syzkaller/pWKI4ZQeOoI/SmTmQEF8DwAJ) -* [net/rds: use-after-free in rds_find_bound/memcmp](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/kgQVbjjXDgAJ) -* [net: sleeping function called from invalid context in net_enable_timestamp](https://groups.google.com/d/msg/syzkaller/k5qJRYKqIgQ/EfJBkqwvDwAJ) -* [net: use-after-free in neigh_timer_handler/sock_wfree](https://groups.google.com/d/msg/syzkaller/2REBGTmpSTE/pT95olUuDwAJ) -* [net/sctp: use-after-free in sctp_association_put](https://groups.google.com/d/msg/syzkaller/AA_hWiHcgrs/4lIAQ94tDwAJ) -* [fs: use-after-free in userfaultfd_exit](https://groups.google.com/d/msg/syzkaller/Uu0ZwFPrmu8/WRWYCC8sDwAJ) -* [net/ipv4: inconsistent lock state in tcp_conn_request/inet_ehash_insert](https://groups.google.com/forum/#!topic/syzkaller/OnwnEEhZap8) -* [net/ipv4: suspicious RCU usage in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/FwCYiR7JDwAJ) -* [net/ipv4: deadlock in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/jZyjMMgRDwAJ) -* [net/dccp: dccp_create_openreq_child freed held lock](https://groups.google.com/d/msg/syzkaller/0jXubCbCmeQ/OXoQEjgODwAJ) -* [nested_vmx_merge_msr_bitmap](https://groups.google.com/d/msg/syzkaller/2631gzzWnA4/jm91h6HeDgAJ) -* [ipc: use-after-free in shm_get_unmapped_area](https://groups.google.com/d/msg/syzkaller/Kv2bIHYA8N8/kZqVCqXaDgAJ) -* [sounds: deadlocked processed in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/ZARHLaXAmYQ/eSfeP-HVDgAJ) -* [net/atm: vcc_sendmsg calls kmem_cache_alloc in non-blocking context](https://groups.google.com/d/msg/syzkaller/5gb5kxihtps/oy4pVZ3SDgAJ) -* [ata: WARNING in ata_sff_qc_issue](https://groups.google.com/d/msg/syzkaller/0v1qHkmM-VU/6InmOLvPDgAJ) -* [net/rds: use-after-free in inet_create](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/s46xtB7PDgAJ) -* [mm: fault in __do_fault](https://groups.google.com/d/msg/syzkaller/CRQxZS4nck0/6DD2SyfODgAJ) -* [kvm: WARNING in nested_vmx_vmexit](https://groups.google.com/d/msg/syzkaller/w3EBRlb2h6s/GdIi_y3IDgAJ) -* [net: GPF in rt6_nexthop_info](https://groups.google.com/d/msg/syzkaller/AMyOvIrf--c/RB-mpPjFDgAJ) -* [sound: spinlock lockup in snd_timer_user_tinterrupt](https://groups.google.com/d/msg/syzkaller/3efGwZt0nLI/pPt4WoGVDgAJ) -* [mm: GPF in bdi_put](https://groups.google.com/d/msg/syzkaller/ixaSKtOoO7k/UjxnRr2JDgAJ) -* [net/sctp: use-after-free in sctp_hash_transport](https://groups.google.com/forum/#!topic/syzkaller/Ew5hrZI7Obs) -* [net/bridge: warning in br_fdb_find](https://groups.google.com/forum/#!topic/syzkaller/d9XyhdJXwa0) -* [net/ipv6: null-ptr-deref in ip6_route_del/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/gEoL2QX519c) -* [net: possible deadlock in skb_queue_tail](https://groups.google.com/forum/#!topic/syzkaller/XEp_9K8FmIM) -* [DCCP double-free vulnerability (local root)](http://seclists.org/oss-sec/2017/q1/471) CVE-2017-6074 -* [net: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/QwkU6JMkjBg) -* [net/pptp: use-after-free in dst_release](https://groups.google.com/forum/#!topic/syzkaller/ZR9QP3JNE18) -* [net/udp: slab-out-of-bounds in udp_recvmsg/do_csum](https://groups.google.com/forum/#!topic/syzkaller/vCUAq86bJaA) CVE-2017-6347 -* [WARNING in skb_warn_bad_offload](https://patchwork.ozlabs.org/patch/722135/) -* [tty: panic in tty_ldisc_restore](https://groups.google.com/d/msg/syzkaller/ty5IhaYWVp8/aTN_hZ8qBQAJ) -* [net: BUG in __skb_gso_segment](https://groups.google.com/forum/#!topic/syzkaller/wLAp3HzIXSo) -* [net/dccp: use-after-free in dccp_feat_activate_values](https://groups.google.com/forum/#!topic/syzkaller/hyM_oK9QOXU) -* [net/kcm: GPF in kcm_sendmsg](https://groups.google.com/d/msg/syzkaller/8YB3cFmKRqs/DYu7vJiCCAAJ) -* [net/xfrm: stack out-of-bounds in xfrm_flowi_sport](https://groups.google.com/d/msg/syzkaller/J2qVz4ZJpPg/Fw0QURWBCAAJ) -* [net/llc: BUG in llc_sap_state_process/skb_set_owner_r](https://groups.google.com/forum/#!topic/syzkaller/c1SOlcflXz8) CVE-2017-6345 -* [net/llc: bug in llc_pdu_init_as_xid_cmd/skb_over_panic](https://groups.google.com/forum/#!topic/syzkaller/mVs8KWoW4d8) -* [net/packet: use-after-free in packet_rcv_fanout](https://groups.google.com/d/msg/syzkaller/nOwR6_b4rmw/ocp21bZBBwAJ) -* [net: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in skb_array_produce](https://groups.google.com/d/msg/syzkaller/eHfRFbBg4LE/stDU3KYyBwAJ) -* [net/ipv4: null-ptr-deref in udp_rmem_release/sk_memory_allocated_sub](https://groups.google.com/forum/#!topic/syzkaller/8BMdxIXdH4g) -* [net/sctp: null-ptr-deref in sctp_put_port/sctp_endpoint_destroy](https://groups.google.com/forum/#!topic/syzkaller/S79Ss7ZUje8) -* [net/ipv4: warning in nf_nat_ipv4_fn](https://groups.google.com/forum/#!topic/syzkaller/5VxeBb85Ddg) -* [net/ipv6: double free in ipip6_dev_free](https://groups.google.com/d/msg/syzkaller/ZN9Ihlsum_s/4UuXXmn1BgAJ) -* [sound: use-after-free in snd_seq_queue_alloc](https://groups.google.com/d/msg/syzkaller/dhaTlAjxHVs/TXyPrX_nBgAJ) -* [loop: divide error in transfer_xor](https://groups.google.com/d/msg/syzkaller/1f1ziDbOTiQ/cFC0_wfnBgAJ) -* [net/xfrm: use of uninit spinlock in xfrm_policy_flush](https://groups.google.com/d/msg/syzkaller/vp1neyeoA8A/Is8aPdrpBgAJ) -* [mm: double-free in cgwb_bdi_init](https://groups.google.com/d/msg/syzkaller/tIx42qCVklk/fh0qjUboBgAJ) -* [packet: round up linear to header len](http://patchwork.ozlabs.org/patch/725335/) -* [net/icmp: null-ptr-deref in ping_v4_push_pending_frames](https://groups.google.com/forum/#!topic/syzkaller/DYyq0NyEY4g) -* [net/kcm: WARNING in kcm_write_msgs](https://groups.google.com/d/msg/syzkaller/vsh_MSFHizg/Uf-GzB1UBgAJ) -* [tcp: avoid infinite loop in tcp_splice_read()](https://www.mail-archive.com/netdev@vger.kernel.org/msg151936.html) CVE-2017-6214 -* [tun: read vnet_hdr_sz once](http://patchwork.ozlabs.org/patch/723964/) -* [macvtap: read vnet_hdr_size once](http://patchwork.ozlabs.org/patch/723965/) -* [udp: properly cope with csum errors](https://patchwork.ozlabs.org/patch/724263/) -* [ipv6: tcp: add a missing tcp_v6_restore_cb()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756) -* [ip6_gre: fix ip6gre_err() invalid reads](https://patchwork.ozlabs.org/patch/724187/) CVE-2017-5897 -* [ipv4: keep skb->dst around in presence of IP options](https://patchwork.ozlabs.org/patch/724136/) CVE-2017-5970 -* [net: use a work queue to defer net_disable_timestamp() work](https://patchwork.ozlabs.org/patch/723251/) -* [netlabel: out of bound access in cipso_v4_validate()](https://patchwork.ozlabs.org/patch/723457/) -* [ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()](https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git/+/63117f09c768be05a0bf465911297dc76394f686) -* [net: heap out-of-bounds in ip6_fragment](https://groups.google.com/d/msg/syzkaller/zakUQXz8ums/lNcDLtARBQAJ) CVE-2017-9074 -* [tcp: fix 0 divide in __tcp_select_window()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=06425c308b92eaf60767bc71d359f4cbc7a561f8) -* [keys: GPF in request_key](https://groups.google.com/d/msg/syzkaller/As2A-xeNp0g/eu50sRnKBAAJ) -* [net/tcp: warning in tcp_try_coalesce/skb_try_coalesce](https://groups.google.com/forum/#!topic/syzkaller/oeZW04VAQBM) -* [crypto: NULL deref in sha512_mb_mgr_get_comp_job_avx2](https://groups.google.com/d/msg/syzkaller/4nGqh82OL7g/0lU1zpp-BAAJ) -* [sound: unable to handle kernel paging request snd_seq_prioq_cell_out](https://groups.google.com/d/msg/syzkaller/wn-_0zA8ka4/kLB6BSR0BAAJ) -* [scsi: BUG in scsi_init_io](https://groups.google.com/d/msg/syzkaller/p2MBG9oRNdo/4MxGbWFwBAAJ) -* [mm: sleeping function called from invalid context shmem_undo_range](https://groups.google.com/d/msg/syzkaller/j8Zj72bs2xE/HjPk2dduBAAJ) -* [timerfd: use-after-free in timerfd_remove_cancel](https://groups.google.com/d/msg/syzkaller/bryiI66Pxxg/78NqwMhBBAAJ) -* [scsi: use-after-free in sg_start_req](https://groups.google.com/d/msg/syzkaller/Nft7hrE_CyM/QvEjMuUcBAAJ) -* [mm: deadlock between get_online_cpus/pcpu_alloc](https://groups.google.com/d/msg/syzkaller/G40CCUkkyDE/9Y3u-rXfAwAJ) -* [BUG at net/sctp/socket.c:7425](https://groups.google.com/d/msg/syzkaller/V2WPJ1BiXs0/-NO5Yea3AwAJ) -* [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/UHiABsxXVaI/lQQ36P5eAwAJ) -* [net: suspicious RCU usage in nf_hook](https://groups.google.com/d/msg/syzkaller/9876JHd_awE/xqvU9HFeAwAJ) -* [kvm: fix page struct leak in handle_vmon](https://www.spinics.net/lists/kernel/msg2428945.html) CVE-2017-2596 -* [ipv6: fix ip6_tnl_parse_tlv_enc_lim()](https://patchwork.ozlabs.org/patch/718842/) -* [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/ZXcevV8NAgAJ) -* [perf: use-after-free in perf_event_for_each](https://groups.google.com/d/msg/syzkaller/UjDJeCgt3_M/xsv0cLUKAgAJ) -* [net: use-after-free in tw_timer_handler](https://groups.google.com/d/msg/syzkaller/p1tn-_Kc6l4/smuL_FMAAgAJ) -* [namespace: deadlock in dec_pid_namespaces](https://groups.google.com/d/msg/syzkaller/uhFVBGnXzHQ/-kZya8AdAQAJ) -* [sctp: kernel memory overwrite attempt detected in sctp_getsockopt_assoc_stats](https://groups.google.com/d/msg/syzkaller/Ok2fotcCSsg/10Tak7X0EQAJ) -* [kvm: deadlock in kvm_vgic_map_resources](https://groups.google.com/d/msg/syzkaller/7E0b8H0nJm8/-aoPnGW_EAAJ) -* [net/atm: warning in alloc_tx/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/3WJGPLm6FmQ) -* [net/ipv6: use-after-free in sock_wfree](https://groups.google.com/forum/#!topic/syzkaller/BhyN5OFd7sQ) -* [kvm: kvm: BUG in loaded_vmcs_init](https://groups.google.com/d/msg/syzkaller/VrcANKRU3iQ/KdZDHdIiDwAJ) -* [kvm: NULL deref in vcpu_enter_guest](https://groups.google.com/d/msg/syzkaller/6V-KXaMDYi8/rOvBl-69DAAJ) -* [kvm: use-after-free in complete_emulated_mmio](https://groups.google.com/d/msg/syzkaller/-Pl63SQ63FA/pYO4cRkUDAAJ) CVE-2017-2584 -* [kvm: BUG in kvm_unload_vcpu_mmu](https://groups.google.com/d/msg/syzkaller/VbGoa1nALVw/x7hPnUMXDAAJ) -* [x86: warning in unwind_get_return_address](https://groups.google.com/forum/#!topic/syzkaller/BQBlYH-dNNM) -* [ipc: BUG: sem_unlock unlocks non-locked lock](https://groups.google.com/d/msg/syzkaller/u_ldPlYJSxk/Iu6CmEmlCAAJ) -* [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/HOkydz_bBwAJ) -* [sctp: suspicious rcu_dereference_check() usage in sctp_epaddr_lookup_transport](https://groups.google.com/d/msg/syzkaller/4V6zHuGzYuM/sLQkIJTVBwAJ) -* [kvm: use-after-free in process_srcu](https://groups.google.com/d/msg/syzkaller/i48YZ8mwePY/0PQ8GkQTBwAJ) -* [kvm: assorted bugs after OOMs](https://groups.google.com/d/msg/syzkaller/ytVPh93HLnI/KhZdengZBwAJ) -* [kvm: deadlock between kvm_io_bus_register_dev/kvm_hv_set_msr_common](https://groups.google.com/d/msg/syzkaller/KYU8Ru7P2wo/fHM0gbuUBgAJ) -* [netlink: GPF in netlink_dump](https://groups.google.com/d/msg/syzkaller/wXVYTkQqmeM/KJFTDTE2BgAJ) -* [fs, net: deadlock between bind/splice on af_unix](https://groups.google.com/d/msg/syzkaller/E3_YC5Ac-dY/Wr42pcVBBgAJ) -* [net: use-after-free in worker_thread](https://groups.google.com/forum/#!topic/syzkaller/RCnXAyhFBZs) -* [net: signed overflows in SO_{SND|RCV}BUFFORCE sockopts](https://groups.google.com/forum/#!topic/syzkaller/rXpw5jXjGBM) CVE-2016-9793 CVE-2012-6704 -* [net/can: warning in raw_setsockopt/__alloc_pages_slowpath](https://groups.google.com/forum/#!topic/syzkaller/6ceFXDer0ik) -* [net/ipv6: null-ptr-deref in ip6_rt_cache_alloc](https://groups.google.com/forum/#!topic/syzkaller/ryLwIsiKnmA) -* [net/dccp: use-after-free in dccp_invalid_packet](https://groups.google.com/forum/#!topic/syzkaller/5uW1cV_WjIQ) -* [net/sctp: vmalloc allocation failure in sctp_setsockopt/xt_alloc_table_info](https://groups.google.com/forum/#!topic/syzkaller/TMlGTPkIlFU) -* [net: BUG in unix_notinflight](https://groups.google.com/d/msg/syzkaller/4PFR0zm8JdU/XIGam5-dAgAJ) -* [net: GPF in eth_header](https://groups.google.com/d/msg/syzkaller/GFbGpX7nTEo/96LNG7KbAgAJ) CVE-2016-9755 -* [net: deadlock on genl_mutex](https://groups.google.com/d/msg/syzkaller/-YGhBYeg8Ew/jf9uD0maAgAJ) -* [net: GPF in rt6_get_cookie](https://groups.google.com/d/msg/syzkaller/3uDn6P5bwzA/gdzgPxeYAgAJ) -* [netlink: GPF in sock_sndtimeo](https://groups.google.com/d/msg/syzkaller/R_KZuzEDLeg/SkANc-yVAgAJ) -* [scsi: use-after-free in bio_copy_from_iter](https://groups.google.com/d/msg/syzkaller/Ut8nZJIJoEs/lhPdzXlSAgAJ) CVE-2016-9576 -* [net/udp: bug in skb_pull_rcsum](https://groups.google.com/forum/#!topic/syzkaller/fVj7UJ6nOow) -* [net/icmp: null-ptr-deref in icmp6_send](https://groups.google.com/forum/#!topic/syzkaller/exfKDuH5sLI) CVE-2016-9919 -* [net/can: use-after-free in bcm_rx_thr_flush](https://groups.google.com/forum/#!topic/syzkaller/1kM2GFIzSBU) -* [kvm: slab-out-of-bounds write in __apic_accept_irq](https://groups.google.com/d/msg/syzkaller/YWVsTBlRljk/xMwrqdOgCAAJ) CVE-2016-9777 -* [mm: BUG in pgtable_pmd_page_dtor](https://groups.google.com/d/msg/syzkaller/JGNtVzSymvw/6VbQla2gCAAJ) -* [logfs: GPF in logfs_alloc_inode](https://groups.google.com/d/msg/syzkaller/jj5WiCBNDh4/tYlsqCegCAAJ) -* [mm, floppy: unkillable task faulting on fd0](https://groups.google.com/d/msg/syzkaller/v6X8nr-XMqY/AKvXMjqdCAAJ) -* [kvm: deadlock between kvm_vm_ioctl_get_dirty_log/kvm_hv_set_msr_common/kvm_create_pit](https://groups.google.com/d/msg/syzkaller/AMBA62hsVnQ/vtH4SEeoBwAJ) -* [kvm: WARNING in em_jmp_far](https://groups.google.com/d/msg/syzkaller/vlC9IzBqaEs/S5sZl9ejBwAJ) CVE-2016-9756 -* [kvm: WARNING in rtc_status_pending_eoi_check_valid](https://groups.google.com/d/msg/syzkaller/WuAv_qE8dI8/jJd6E3ClBwAJ) -* [kvm: GPF in kvm_ioapic_set_irq](https://groups.google.com/d/msg/syzkaller/yOvg84HBx6E/6db4LE6jBwAJ) -* [mm: BUG in munlock_vma_pages_range](https://groups.google.com/d/msg/syzkaller/YrHKOMostEc/3Arq3dCiBwAJ) -* [kvm: WARNING in kvm_arch_vcpu_ioctl_run](https://groups.google.com/d/msg/syzkaller/24wCim9x3mI/RoV24W5yBwAJ) -* [kvm: use-after-free/GPF in kvm_irq_delivery_to_apic_fast](https://groups.google.com/d/msg/syzkaller/sue3X3IQanU/ypLWfHTpBgAJ) -* [kvm: out-of-bounds write in __rtc_irq_eoi_tracking_restore_one](https://groups.google.com/d/msg/syzkaller/8IXfmLUSkbA/8bbm6hbqBgAJ) -* [kvm: BUG in pte_list_remove](https://groups.google.com/d/msg/syzkaller/IqkesiRS-t0/aLcJuMXqBgAJ) -* [kvm: recursive lock in kvm_clear_async_pf_completion_queue](https://groups.google.com/d/msg/syzkaller/dGfcd0P7J-E/XD0h8n_rBgAJ) -* [kvm: WARNING in em_ret_far](https://groups.google.com/d/msg/syzkaller/o5ZftARBhrs/r1ivQ-HtBgAJ) -* [kvm: GPF in irqfd_shutdown/eventfd_ctx_remove_wait_queue](https://groups.google.com/d/msg/syzkaller/Zubs2yePdiY/svec5qrtBgAJ) -* [kvm: GPF in gfn_to_rmap](https://groups.google.com/d/msg/syzkaller/sHBCmfktDGg/dAhz7M7vBgAJ) -* [kvm: paging fault in kvm_gfn_to_hva_cache_init](https://groups.google.com/d/msg/syzkaller/ETU_E6Sc-rk/-iWFPpTwBgAJ) -* [kvm: suspicious RCU usage/missed lock in kvm_lapic_set_vapic_addr](https://groups.google.com/d/msg/syzkaller/Zw7Usg-FnDQ/QvHU6P69BgAJ) -* [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/NKlClJzOOww/zX1sXW24BgAJ) -* [kvm: WARNING in kvm_load_guest_fpu](https://groups.google.com/d/msg/syzkaller/PeDBKPqz19o/VckGWlW0BgAJ) -* [kvm: GPF in kvm_pic_set_irq](https://groups.google.com/d/msg/syzkaller/T4ZFHqpmwKM/V_X9W8awBgAJ) -* [kvm: GPF in irq_bypass_unregister_consumer](https://groups.google.com/d/msg/syzkaller/Dz__GySpVr8/UQ5kpdWrBgAJ) -* [kvm: GPF in __get_kvmclock_ns](https://groups.google.com/d/msg/syzkaller/A5cpi35KlkQ/a35IrBmoBgAJ) -* [kvm: WARNING In kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/1qxx4nU4hpE/qJlIQcWtBgAJ) -* [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/F3xBpkDRAiE/jdmpOIKtBgAJ) -* [tcp: take care of truncations done by sk_filter()](https://patchwork.ozlabs.org/patch/693484/) -* [net/l2tp: use-after-free write in l2tp_ip6_close](https://groups.google.com/forum/#!topic/syzkaller/rXbAbqydmsw) -* [net/sctp: null-ptr-deref in sctp_inet_listen](https://groups.google.com/forum/#!topic/syzkaller/rngiXb8aNVk) -* [net/tcp: warning in tcp_recvmsg](https://groups.google.com/forum/#!topic/syzkaller/xpNRe_86Dog) -* [net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/BTjwhbtc9QE) -* [bpf: kernel BUG in htab_elem_free](https://groups.google.com/d/msg/syzkaller/NcK5XXQA-_o/DYskkVn1AwAJ) -* [net/netlink: global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/6k-N84V-Z88) -* [net/ipv6: null-ptr-deref in inet6_bind](https://groups.google.com/forum/#!topic/syzkaller/AdbicmLlFHk) -* [net/dccp: null-ptr-deref in dccp_parse_options](https://groups.google.com/forum/#!topic/syzkaller/_vGUxJLcdKY) -* [net/dccp: null-ptr-deref in dccp_v4_rcv/selinux_socket_sock_rcv_skb](https://groups.google.com/forum/#!topic/syzkaller/nyrJEo2pUJs) -* [net/tcp: null-ptr-deref in __inet_lookup_listener/inet_exact_dif_match](https://groups.google.com/forum/#!topic/syzkaller/zfXVCzJTXzQ) -* [net/dccp: warning in dccp_feat_clone_sp_val/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/GDvJr49XK7g) -* [net/can: warning in bcm_connect/proc_register](https://groups.google.com/forum/#!topic/syzkaller/ltCQQCE44pQ) -* [net/ipv4: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/8tMiUcdWx78) -* [net/sctp: slab-out-of-bounds in sctp_sf_ootb](https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk) CVE-2016-9555 -* [net/dccp: warning in dccp_set_state](https://groups.google.com/forum/#!topic/syzkaller/JdYwfv_22lA) -* [net/netlink: bad unlock balance in netlink_diag_dump](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y) -* [net/netlink: null-ptr-deref in netlink_dump/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y) -* [net/ipx: null-ptr-deref in ipxrtr_route_packet](https://groups.google.com/forum/#!topic/syzkaller/xqRSxMxPVq0) -* [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/forum/#!topic/syzkaller/W0swoIe25Eg) -* [fs: WARNING in locks_unlink_lock_ctx (not holding proper lock)](https://groups.google.com/d/msg/syzkaller/9DFicr6njUw/aaX3dVtNBQAJ) -* [kernel BUG in dio_get_page](https://groups.google.com/d/msg/syzkaller/rCCyOHJHflI/Ik7IhXWzBAAJ) -* [bpf related use-after-free](http://seclists.org/oss-sec/2016/q2/332) CVE-2016-4794 -* [drm: GPF in drm_getcap](https://groups.google.com/d/msg/syzkaller/dxVHCovRzhg/7QPBBqi4BwAJ) -* [fs: GPF in bd_mount](https://groups.google.com/d/msg/syzkaller/Z7OCclqCuq0/--YUa8QrBgAJ) -* [tty, fbcon: use-after-free in fbcon_invert_region](https://groups.google.com/d/msg/syzkaller/1DU69JpJwJg/n-6V4Wr5BQAJ) -* [drm: NULL pointer dereference in drm_mode_object_find()](https://groups.google.com/d/msg/syzkaller/7kyIupsNz-c/dWIIMpJXAQAJ) -* [6pack: stack-out-of-bounds in sixpack_receive_buf](https://groups.google.com/d/msg/syzkaller/A1x5I2hxcew/DjzZX7_mBQAJ) -* [logfs: GPF in logfs_init_inode](https://groups.google.com/d/msg/syzkaller/sU52_tpOsxQ/QTmqrIjlBQAJ) -* [tty: use-after-free in n_tty_receive_buf_fast](https://groups.google.com/d/msg/syzkaller/wz0PXUAcE7g/QN-MnqnjBQAJ) -* [sound: divide by 0 in snd_hrtimer_callback (or hang)](https://groups.google.com/d/msg/syzkaller/YZDD4SOU2Lk/LwRAiknjBQAJ) -* [mm: GPF in __insert_vmap_area](https://groups.google.com/d/msg/syzkaller/dTC7VpMKBu0/Aasz9zHiBQAJ) -* [fs, tty: WARNING in devpts_get_priv](https://groups.google.com/d/msg/syzkaller/qz7_4jCFPvw/nm19yTfbBQAJ) -* [fanotify: unkillable hanged processes](https://groups.google.com/d/msg/syzkaller/kY_ml6TCm9A/wDd5fYFXBQAJ) -* [drm: GPF in drm_context_switch_complete](https://groups.google.com/d/msg/syzkaller/ZB879NphOvw/ZDzsirsgBAAJ) -* [drm: GPF in drm_legacy_lock_free](https://groups.google.com/d/msg/syzkaller/VsfDwjS-Vk8/HOxWf1cgBAAJ) -* [sound: division by 0 in snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/HOTZlap4aZ8/E9EnyqwfBAAJ) -* [perf: WARNING in perf_event_read](https://groups.google.com/d/msg/syzkaller/nQl0TADtoXc/qwp8erUdBAAJ) -* [drm: WARNING in drm_irq_by_busid](https://groups.google.com/d/msg/syzkaller/1ckoC7WPx3c/-JO150EIBAAJ) -* [dri: WARNING in idr_remove](https://groups.google.com/d/msg/syzkaller/wOfaszMuYSQ/2a5fyjkSBAAJ) -* [mm: use-after-free in collapse_huge_page](https://groups.google.com/d/msg/syzkaller/eFgUtJ_WbmM/yBQp-6QFBAAJ) -* [kcm: use-after-free in fput of kcm socket](https://groups.google.com/d/msg/syzkaller/1S98uAzWBLg/c9ANduUDBAAJ) -* [bdev: fix NULL pointer dereference in sync()/close() race](https://groups.google.com/d/msg/syzkaller/Gu28cO5tVSw/uAwLAuKrAwAJ) -* [bdev: fix NULL pointer dereference](https://groups.google.com/forum/#!topic/syzkaller/VF7tNBDWFMI) -* [BUG: sleeping function called from invalid context at mm/mempolicy.c:553](http://pastebin.com/uNQW3afN) -* [use-after-free in ppp_unregister_channel](http://review.cyanogenmod.org/#/c/145489/) -* [net/tipc: NULL-ptr dereference in tipc_nl_publ_dump](http://lists.openwall.net/netdev/2016/05/14/35) -* [HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()](https://patchwork.kernel.org/patch/8583981/) -* [mm: memory corruption on mmput](http://lists.openwall.net/linux-kernel/2016/04/17/72) -* [perf: WARNING in perf_event_read](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214159.html) -* [9p2000.L stat/unlink race (WARNING: fs/inode.c:280 drop_nlink)](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214157.html) -* [mm: page fault in __do_huge_pmd_anonymous_page](https://groups.google.com/d/msg/syzkaller/Ihm6d1NmRk8/WG-qZ6aMCQAJ) -* [usb: memory allocation WARNING in hcd_buffer_alloc](https://groups.google.com/d/msg/syzkaller/svY2Ac1RYCM/wD9pZHeJCQAJ) -* [dccp: potential deadlock in dccp_v4_ctl_send_reset](https://groups.google.com/d/msg/syzkaller/yrxEaY_QQEM/Xtx0LrSICQAJ) -* [mm: GPF in find_get_pages_tag](https://groups.google.com/d/msg/syzkaller/9XYmMfpNxCg/jl1EgpmHCQAJ) -* [mm: BUG in page_move_anon_rmap](https://groups.google.com/d/msg/syzkaller/E21YB1m9Fb4/yrj55fZZCAAJ) -* [block: GPF in get_task_ioprio](https://groups.google.com/d/msg/syzkaller/pCqmZTOvf7g/foAZqH71BwAJ) -* [tty: stall in n_tty_ioctl/inq_canon](https://groups.google.com/d/msg/syzkaller/JEOgcphr_FQ/zt5eiRfUBQAJ) -* [random: negative entropy/overflow: pool input count -40000](https://groups.google.com/d/msg/syzkaller/LvdDTS5Om_g/zJmN7RfOBQAJ) -* [bpf: use after free in array_map_alloc](http://seclists.org/oss-sec/2016/q2/332) CVE-2016-4794 -* [kvm: use-after-free in kvm_irqfd_release](https://groups.google.com/d/msg/syzkaller/mLrF0hWNsA0/qN0CYvVABQAJ) -* [kvm: GPF in kvm_lapic_set_tpr](https://groups.google.com/d/msg/syzkaller/kQW1tyy6vjc/0xbWT-JABQAJ) -* [sound: use-after-free in hrtimer_cancel](https://groups.google.com/d/msg/syzkaller/HMNrvp-Dt2g/kaQMrGQEAwAJ) -* [sound: hang in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/8k7zhhEbAgAJ) -* [sound: deadlock involving snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/O852Mz3HAQAJ) -* [fs: GPF in locked_inode_to_wb_and_lock_list](https://groups.google.com/d/msg/syzkaller/XvxH3cBQ134/F0-0r3MxAAAJ) -* [x86: bad pte in pageattr_test](https://groups.google.com/d/msg/syzkaller/Fu6BruqUHOU/nuJxpW7EAwAJ) -* [tty: memory leak in tty_open](https://groups.google.com/d/msg/syzkaller/wZUev9AXzDY/Nt4ih4B7EgAJ) -* [net: memory leak due to CLONE_NEWNET](https://groups.google.com/d/msg/syzkaller/dLbu8taoWVY/w3myILDuEQAJ) -* [lockdep WARNING in get_online_cpus](https://groups.google.com/d/msg/syzkaller/MHXa-o8foyc/o-mB1L_rEQAJ) -* [mm: BUG in khugepaged_scan_mm_slot](https://groups.google.com/d/msg/syzkaller/GNB2k9vLYc4/9Cu_fy7hEQAJ) -* [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/eIjELqsnpcE/xX-R8APfEQAJ) -* [scsi: machine hang due to write to /dev/sg0](https://groups.google.com/d/msg/syzkaller/oQ3Hg-JUVKA/8zwovr9lDAAJ) -* [AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way](http://seclists.org/oss-sec/2016/q1/450) -* [sound: uninterruptible hang in snd_seq_oss_writeq_sync](https://groups.google.com/d/msg/syzkaller/bUvgnh0owos/Ps7Rep4XCAAJ) -* [fs: uninterruptible hang in handle_userfault](https://groups.google.com/d/msg/syzkaller/dSd90m_8O9w/-SAlwCUUCAAJ) -* [net: memory leak in N_6PACK driver](https://groups.google.com/d/msg/syzkaller/555eacbu6QQ/_3PGUrCbBQAJ) -* [net: memory leak in lapb_register](https://groups.google.com/d/msg/syzkaller/PqiopMXpNwU/8ChRtB6bBQAJ) -* [net: memory leak in mkiss_open](https://groups.google.com/d/msg/syzkaller/ylPCtzQr_jc/z_x_9uKaBQAJ) -* [sound: list corruption in delete_and_unsubscribe_port](https://groups.google.com/d/msg/syzkaller/XcYfdFeeyK8/R49jRCLCAwAJ) -* [kvm: GPF in kvm_pic_clear_all](https://groups.google.com/d/msg/syzkaller/FzqGSkRKwm0/h4Yz2CSBAwAJ) -* [kvm: GPF in kvm_irq_map_gsi](https://groups.google.com/d/msg/syzkaller/Rg4Y2Z6HbHI/w9zXygeAAwAJ) -* [tty: memory leak in tty_register_driver](https://groups.google.com/d/msg/syzkaller/iPxmOCKQLbU/0yLjf9x2AwAJ) -* [sound: memory leak in snd_seq_pool_init](https://groups.google.com/d/msg/syzkaller/hpzw94zvlLI/HBqrHjJzAwAJ) -* [tty: deadlock between tty_buffer_flush/n_tracesink_open](https://groups.google.com/d/msg/syzkaller/HX5NRBC8ubw/w4XgLENBAwAJ) -* [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/8PdCofDMAAAJ) -* [fs: NULL deref in atime_needs_update](https://groups.google.com/d/msg/syzkaller/0SW33jMcrXQ/7qZfeV-HAAAJ) -* [sound: spinlock lockup in snd_seq_oss_write](https://groups.google.com/d/msg/syzkaller/aSwFzmSY7Rc/zIKYuKczAAAJ) -* [net: memory leak in ip_cmsg_send](https://groups.google.com/d/msg/syzkaller/keQktFmhfBM/UDsS4tEACAAJ) -* [net/irda: BUG: looking up invalid subclass: 4294967295](https://groups.google.com/d/msg/syzkaller/RSwLEwkWag8/S2kSuPn-BwAJ) CVE-2017-6348 -* [sound: use-after-free in snd_timer_start1](https://groups.google.com/d/msg/syzkaller/zF-7vhuSc9o/O89UIO3HBwAJ) -* [tty: tty_struct memory leak](https://groups.google.com/d/msg/syzkaller/ZPlLcAxOFSw/NyFyCAjIBwAJ) -* [gigaset: memory leak in gigaset_initcshw](https://groups.google.com/d/msg/syzkaller/wu3NyQ5ZJFE/sat9DwTFBwAJ) -* [sound: out-of-bounds write in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/Au60AgpecfQ/a3eWMIevBwAJ) -* [mm: uninterruptable tasks hanged on mmap_sem](https://groups.google.com/d/msg/syzkaller/6M2Z5r28UDA/nYPsJ1KIBwAJ) -* [sound: another WARNING in rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/FEjR2q-Ri-s/IXSua74aBwAJ) -* [sound: use-after-free in snd_seq_deliver_single_event](https://groups.google.com/d/msg/syzkaller/c8bhbCQP-XA/Abeq8ToXBwAJ) -* [sound: WARNING in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/BI280LemTW8/KgcuDJYWBwAJ) -* [sound: deadlock between snd_pcm_oss_write/snd_pcm_oss_mmap](https://groups.google.com/forum/#!topic/syzkaller/MlIO0DbOtsA) -* [ata: BUG in ata_sff_hsm_move](https://groups.google.com/d/msg/syzkaller/GyV2KfwtfTg/PiTmmqngBQAJ) -* [WARNING in set_restore_sigmask](https://groups.google.com/d/msg/syzkaller/unp9iTQ4IKc/bvJO8A4oBgAJ) -* [BUG: bad unlock balance detected in vma_unlock_anon_vma](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ) -* [bluetooth: use-after-free in vhci_send_frame](https://groups.google.com/d/msg/syzkaller/oWvyWrgd3M4/nAu5XTMmBgAJ) -* [mm: another VM_BUG_ON_PAGE(PageTail(page))](https://groups.google.com/d/msg/syzkaller/boW7sZ0HoYA/j8hH8-vcBQAJ) -* [scsi: NULL deref in sg_start_req](https://groups.google.com/d/msg/syzkaller/8Fg8X9iguFM/u6sUrAvcBQAJ) -* [mm: BUG in expand_downwards](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ) -* [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/YMstW6CMBQAJ) -* [WARNING in do_jobctl_trap](https://groups.google.com/d/msg/syzkaller/67Ipm9Q3dN4/Mn1ZM1pPBQAJ) -* [mm: VM_BUG_ON_PAGE(PageTail(page)) in mbind](https://groups.google.com/d/msg/syzkaller/rUdHl1uq8GU/fd2lDLFHBQAJ) -* [net/bluetooth: workqueue destruction WARNING in hci_unregister_dev](https://groups.google.com/d/msg/syzkaller/uVXU3InAfRY/U7AuPXdEBQAJ) -* [gpu: kmalloc size WARNING in vga_arb_write](https://groups.google.com/d/msg/syzkaller/To4N4VWHTNU/k-5QDrk_BQAJ) -* [net/rfkill: WARNING in rfkill_fop_read](https://groups.google.com/d/msg/syzkaller/hijZUVUav8E/7tjnCAM-BQAJ) -* [sound: use-after-free in _snd_timer_stop](https://groups.google.com/d/msg/syzkaller/DjSwFNnJZn8/flxXWywRBQAJ) -* [net/irda: use-after-free in ircomm_param_request](https://groups.google.com/d/msg/syzkaller/p_WWX0G_UXQ/zGKfw04DBQAJ) -* [net/sctp: out-of-bounds access in sctp_add_bind_addr](https://groups.google.com/d/msg/syzkaller/BhOYz2ZBraw/-k3iDvD8BAAJ) -* [ext4: BUG: scheduling while atomic in ext4_commit_super](https://groups.google.com/d/msg/syzkaller/vIc3Dz_TTRI/dBNrj2G3BAAJ) -* [sound: WARNING in snd_rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/NJZR4sUggm8/ld5OCVu2BAAJ) -* [floppy: GPF in floppy_rb0_cb](https://groups.google.com/d/msg/syzkaller/AWXjFnnBN_s/RyzWTaKrBAAJ) -* [tty: kmalloc size WARNING in vc_do_resize](https://groups.google.com/d/msg/syzkaller/ufjvr5j0URo/6PSRe7mlBAAJ) -* [mm: WARNING in __delete_from_page_cache](https://groups.google.com/d/msg/syzkaller/w41UMMBPWRo/dyQTUcGjBAAJ) -* [sound: WARNING in snd_seq_oss_synth_cleanup](https://groups.google.com/d/msg/syzkaller/vfGuMIyOw1E/9-UwD5SiBAAJ) -* [sound: deadlock between snd_rawmidi_kernel_open/snd_seq_port_connect](https://groups.google.com/d/msg/syzkaller/T33gMP-856o/EyGhSkagBAAJ) -* [net: GPF in netlink_getsockbyportid](https://groups.google.com/d/msg/syzkaller/VlgAydM9Zu4/ts6sdhVuBAAJ) -* [fs: use-after-free in link_path_walk](https://groups.google.com/d/msg/syzkaller/t2QMO6N5F8s/MuY0RQ4tBAAJ) -* [fs: sandboxed process brings host down](https://groups.google.com/d/msg/syzkaller/gCyxNiVGGds/WP27JlAoBAAJ) -* [net: use-after-free in recvmmsg](https://groups.google.com/d/msg/syzkaller/amvYsa-I8yE/YRHrDOAmBAAJ) -* [struct pid memory leak](https://groups.google.com/d/msg/syzkaller/j7ld8eOG1OQ/7IJSStAUBAAJ) -* [net: WARNING in dccp_set_state](https://groups.google.com/d/msg/syzkaller/kWaUYryuwSY/9jbwNyRlAwAJ) -* [mm: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in split_huge_page_to_list](https://groups.google.com/d/msg/syzkaller/zezMs3b7Vsc/Vo-6bujTAgAJ) -* [sound: BUG in snd_ctl_find_numid](https://groups.google.com/d/msg/syzkaller/rc3dZwnu5ZI/uRWvc2XUAgAJ) -* [net: GPF in __netlink_ns_capable](https://groups.google.com/forum/#!topic/syzkaller/daN8eU9ttSg) -* [crypto: slab-out-of-bounds in skcipher_recvmsg](https://groups.google.com/d/msg/syzkaller/VBcr-fy-t0w/KJo9r0r5AQAJ) -* [net: hang in ip_finish_output](https://groups.google.com/d/msg/syzkaller/OM7CXieBCoY/etzvFPX3AQAJ) -* [kvm: access to invalid memory in mmu_zap_unsync_children](https://groups.google.com/d/msg/syzkaller/4wAzRPswgQ8/IWGjISZQFQAJ) -* [kvm: using uninitialized var in tdp_page_fault](https://groups.google.com/d/msg/syzkaller/4u4EokUaq8U/jEkM-ZZQFQAJ) -* [sound: spinlock lockup in sound/core/timer.c](https://groups.google.com/d/msg/syzkaller/bbtG9_h1ONU/CPLblMC6FAAJ) -* [sound: GPF in snd_timer_user_params](https://groups.google.com/d/msg/syzkaller/pGyQMx7Fq84/Kzzp1yytFAAJ) -* [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/_jsbNkayw7w/vbivwMWsFAAJ) -* [sound: use-after-free in snd_timer_user_ioctl](https://groups.google.com/d/msg/syzkaller/9mIp43V-OS8/uCHNBiSsFAAJ) -* [crypto: use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/GdqfroKSD8Q/goTM-tyiFAAJ) -* [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/d/msg/syzkaller/wB2VUZcQRkE/NlNJBvybFAAJ) -* [net: WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/tDe2SCAzirE/ar2v6cZQFAAJ) -* [sound: use-after-free in snd_timer_stop](https://groups.google.com/d/msg/syzkaller/IAjJAaJOHZg/s1Ud2wVPFAAJ) -* [sound: GPF in snd_seq_fifo_clear](https://groups.google.com/d/msg/syzkaller/KbVqGu3WcPs/dYdSgjVOFAAJ) -* [crypto: ablk_decrypt causes BUG in scatterwalk](https://groups.google.com/d/msg/syzkaller/J5BIP1NxPVc/V5RQhCRMFAAJ) -* [kvm: GPF in native_set_debugreg](https://groups.google.com/d/msg/syzkaller/E_simxTrAxM/K70SOr4wEwAJ) -* [kvm: GPF in kvm_lapic_latched_init](https://groups.google.com/d/msg/syzkaller/Sw8voIm9wN4/AV_6rPsvEwAJ) -* [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/qING1Xy24JY/v9sxuVErEwAJ) -* [kvm: vmalloc allocation failure in kvm_vm_ioctl](https://groups.google.com/d/msg/syzkaller/K47NvuAAPz4/PO9mb4c4EwAJ) -* [kvm: vmalloc allocation failure in kvm_vcpu_ioctl_set_cpuid](https://groups.google.com/d/msg/syzkaller/58wqKq6iCXk/qQsxAH8pEwAJ) -* [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/tYgkwrDQjkg/jTllLeYmEwAJ) -* [kvm: WARNING in exception_type](https://groups.google.com/d/msg/syzkaller/NVYxVRSPan4/WCVzMTImEwAJ) -* [mm: possible deadlock in mm_take_all_locks](https://groups.google.com/d/msg/syzkaller/AxduklbKrfc/VQ2r5VQqEwAJ) -* [net/nfc: GPF in llcp_sock_getname](https://groups.google.com/d/msg/syzkaller/uj-hx-eBQ28/KCztJ2z6EAAJ) -* [net/netlink: memory leak in netlink_sendmsg](https://groups.google.com/d/msg/syzkaller/UUAHYw5MtjA/JEEHUuykEAAJ) -* [net/tipc: memory leak in tipc_release](https://groups.google.com/d/msg/syzkaller/5-GmaFy2BUI/Z1RBMsigEAAJ) -* [memory leak in lapb_create_cb](https://groups.google.com/d/msg/syzkaller/A-AnLCJnfIM/TCX4G1N0EAAJ) -* [net/sctp: sctp_datamsg memory leak](https://groups.google.com/d/msg/syzkaller/hLdAYS7j_tM/rwo6p5x1EAAJ) -* [net/sctp: sock memory leak](https://groups.google.com/d/msg/syzkaller/rB_bD-M8ijs/m44UxFNzEAAJ) -* [net/nfc: user-controllable kmalloc size in nfc_llcp_send_ui_frame](https://groups.google.com/d/msg/syzkaller/D9S8Ji0HJtM/9nJc3SdTEAAJ) -* [tty: deadlock between n_tracerouter_receivebuf and flush_to_ldisc](https://groups.google.com/d/msg/syzkaller/YrV0bzdfa-g/n5Eyi6tSEAAJ) -* [crypto: use-after-free in alg_bind](https://groups.google.com/d/msg/syzkaller/exVfK_05eqU/hszZrHwjEAAJ) -* [crypto: deadlock in alg_setsockopt](https://groups.google.com/d/msg/syzkaller/t3fOIUvQRR0/Xf8Jw9sdEAAJ) -* [crypto: use-after-free in rng_recvmsg](https://groups.google.com/d/msg/syzkaller/4Ivvjq4KGhM/EbQX8Ze_DwAJ) -* [use-after-free in skcipher_bind](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/iFcu_0R8DgAJ) -* [9p: sleeping function called from invalid context in v9fs_vfs_atomic_open_dotl](https://groups.google.com/d/msg/syzkaller/1YncbDVfdow/JudLnO49DgAJ) -* [fs: WARNING in locks_free_lock_context](https://groups.google.com/d/msg/syzkaller/AxzCz8bJPko/A6iFq0IsDgAJ) -* [net: user-controllable kmalloc size in __sctp_setsockopt_connectx](https://groups.google.com/d/msg/syzkaller/mv8Iaz0oHAs/b3dwSCD9DQAJ) -* [GPF in gf128mul_64k_bbe](https://groups.google.com/d/msg/syzkaller/BIjLNIO1g7k/6FTkQpFcDAAJ) -* [use-after-free in hash_sock_destruct](https://groups.google.com/d/msg/syzkaller/XSCcDfuj3Cw/cplfjIlcDAAJ) -* [GPF in lrw_crypt](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ) -* [bad page state due to PF_ALG socket](https://groups.google.com/d/msg/syzkaller/OEaEMF5cRpc/AyYAGndcDAAJ) -* [use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/Oi2d1GRRnPY/rbZZ5lZcDAAJ) -* [use-after-free in sixpack_close](https://groups.google.com/d/msg/syzkaller/QRZjzAzG0wg/pvnCAZNWDAAJ) -* [net: heap-out-of-bounds in sock_setsockopt](https://groups.google.com/d/msg/syzkaller/5J4lQcwp0x4/ATAqYNZ0CwAJ) -* [BUG_ON(!PageLocked(page)) in munlock_vma_page](https://groups.google.com/d/msg/syzkaller/8KEw1_E05zs/-HzQwaQlCwAJ) -* [perf: stalls in perf_install_in_context/perf_remove_from_context](https://groups.google.com/d/msg/syzkaller/NyMvU8ClQEM/7PjQ1csQCwAJ) -* [Information leak in sco_sock_bind](https://groups.google.com/d/msg/syzkaller/L2DGhEYtnQo/e0pj2sQpCwAJ) CVE-2015-8575 -* [Information leak in llcp_sock_bind/llcp_raw_sock_bind](https://groups.google.com/d/msg/syzkaller/DHI06NjAnBw/02kKZKYnCwAJ) -* [Information leak in pptp_bind](https://groups.google.com/d/msg/syzkaller/fSqTaDjzcIo/HGa4cGi6CgAJ) -* [use-after-free in pptp_connect](https://groups.google.com/d/msg/syzkaller/w238o__gw7M/RrGhpOJ0CgAJ) -* [GPF in keyctl](https://bugzilla.redhat.com/show_bug.cgi?id=1290370) CVE-2015-7550 -* [another use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/RQu4vcQ-CQAJ) -* [use-after-free in inet6_destroy_sock](https://groups.google.com/d/msg/syzkaller/u1NA-bgkR18/cMqpYl09CQAJ) -* [WARNING in crypto_wait_for_test](https://groups.google.com/d/msg/syzkaller/WZWajo0A2J4/K93w98fkCAAJ) -* [int overflow in io_getevents](https://groups.google.com/d/msg/syzkaller/UldJpka5MbA/riM5IbqTCAAJ) -* [use-after-free in ip6_xmit](https://groups.google.com/d/msg/syzkaller/YpU1_PMV_gU/FmLVGHqTCAAJ) -* [use-after-free in __perf_install_in_context](https://groups.google.com/d/msg/syzkaller/3Tk4BmoHxIk/x-EOZH_HBwAJ) -* [undefined shift in __bpf_prog_run](https://groups.google.com/d/msg/syzkaller/H7o2oz9CcKg/uzaiF7eqBwAJ) -* [signed integer overflow in ktime_add_safe](https://groups.google.com/d/msg/syzkaller/1R5FD_PtR1A/dVv99hGqBwAJ) -* [jump label: negative count!](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/hCg9HfHjDgAJ) -* [memory leak in alloc_huge_page](https://groups.google.com/d/msg/syzkaller/zg4TVSy6Ri8/qs99M-bJDwAJ) -* [memory leak in do_ipv6_setsockopt](https://groups.google.com/d/msg/syzkaller/xWavbbgt0qg/SpY86JLEDwAJ) -* [heap out-of-bounds access in array_map_update_elem](https://groups.google.com/d/msg/syzkaller/5NHTQ3U60-s/Xlnq60JwDwAJ) -* [deadlock in perf_ioctl](https://groups.google.com/d/msg/syzkaller/pOiDJIU5zI4/UXIsO9BrDwAJ) -* [user-controllable kmalloc size in bpf syscall](https://groups.google.com/d/msg/syzkaller/vhm-Av765TY/VzjC4zMqDwAJ) -* [net: use after free in ip6_make_skb](https://groups.google.com/d/msg/syzkaller/Pa8ovVaYL9c/Mw32fULmDgAJ) -* [user-controllable kmalloc size in sctp_getsockopt_local_addrs](https://groups.google.com/d/msg/syzkaller/WWpkIGBC0ts/kpMmnYfZDgAJ) -* [use-after-free in ip6_setup_cork](https://groups.google.com/d/msg/syzkaller/fHZ42YrQM-Y/Z4Xf-BbUDgAJ) -* [gigaset: freeing an active object](https://groups.google.com/d/msg/syzkaller/bOJJJcbKtjM/IGkN5ZyTDgAJ) -* [Freeing active kobject in pps_device_destruct](https://groups.google.com/forum/#!topic/syzkaller/rueDAZYv5v0) -* [GPF in process_one_work (flush_to_ldisc)](https://groups.google.com/d/msg/syzkaller/z3WIRnS2q9g/_TXY3LBBDgAJ) -* [use-after-free in tty_check_change](https://groups.google.com/d/msg/syzkaller/PGnPGgljA8A/5yfiRls1DgAJ) -* [WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/vlk-2b1hAVQ/JpkM7K36DQAJ) -* [use-after-free in irtty_open](https://groups.google.com/d/msg/syzkaller/foW6EoJnc9Y/q0gKZ3f3DQAJ) -* [use-after-free in sock_wake_async](https://groups.google.com/forum/#!topic/syzkaller/IjAetA6uvIc) -* [WARNING in handle_mm_fault](https://groups.google.com/forum/#!topic/syzkaller/o8VqvYNEu_I) -* [WARNING in gsm_cleanup_mux](https://groups.google.com/d/msg/syzkaller/zAvZnQBWGac/IPU35GyYDQAJ) -* [use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/UWs4GxGUDQAJ) -* [yet another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/Jy08esFVw9k) -* [GPF in add_key](https://bugzilla.redhat.com/show_bug.cgi?id=1284059) -* [another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/sjA9DrBQviw) -* [deadlock during fuseblk shutdown](https://groups.google.com/forum/#!topic/syzkaller/w-B4OeANKu8) -* [tty,net: use-after-free in x25_asy_open_tty](https://groups.google.com/d/msg/syzkaller/kYOghurchCg/aVg9hBBpDAAJ) -* [deadlock between tty_write and tty_send_xchar](https://groups.google.com/forum/#!topic/syzkaller/X12P_8jITAM) -* [WARNING in shmem_evict_inode](https://groups.google.com/forum/#!topic/syzkaller/HeT_3b2HIrs) -* [Deadlock between setsockopt/getsockopt](https://groups.google.com/forum/#!topic/syzkaller/46AwIkaOclk) -* [Deadlock between bind and splice](https://groups.google.com/forum/#!topic/syzkaller/HSofF04GVCA) -* [Use-after-free in ipv4_conntrack_defrag](https://groups.google.com/forum/#!topic/syzkaller/k62o6Fiu124) -* [Use-after-free in selinux_ip_postroute_compat](https://groups.google.com/forum/#!topic/syzkaller/eu-3LPXgdok) -* [Use-after-free in unshare](https://patchwork.ozlabs.org/patch/539061/) -* [GPF in tcp_sk_init/icmp_sk_init](https://patchwork.ozlabs.org/patch/539018/) -* [lockdep warning in ip_mc_msfget](https://groups.google.com/forum/#!topic/syzkaller/ScMRWhgAsbM) -* [WARNING in task_participate_group_stop](https://groups.google.com/forum/#!topic/syzkaller/p5ailXs8eEc) -* [Resource leak in unshare](https://groups.google.com/forum/#!topic/syzkaller/cdJvHvazRJk) -* [Paging fault with hard IRQs disabled in getsockopt](https://groups.google.com/forum/#!topic/syzkaller/AegFEboavHM) -* [Unkillable processes due to PTRACE_TRACEME](https://groups.google.com/forum/#!msg/syzkaller/uGzwvhlCXAw/E-cfY2ejAgAJ) -* [Use-after-free in ep_remove_wait_queue](https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8) CVE-2013-7446 -* [GPF in shm_lock](https://groups.google.com/forum/#!topic/syzkaller/4jVzR278N9k) -* [GPF in rt6_uncached_list_flush_dev](https://groups.google.com/forum/#!topic/syzkaller/XmcaDo9DnSg) -* [Infinite loop in ip6_fragment](https://groups.google.com/forum/#!topic/syzkaller/PoD9yGkY1y8) -* [Uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/zfuHHRXL7Zg) -* [GPF in keyring_destroy](https://groups.google.com/forum/#!topic/syzkaller/E2DRBbUDEg8) [CVE-2015-7872](https://bugzilla.redhat.com/show_bug.cgi?id=1272371) +[Linux kernel bugs](linux/found_bugs.md) diff --git a/docs/linux/found_bugs.md b/docs/linux/found_bugs.md new file mode 100644 index 000000000..5281f506c --- /dev/null +++ b/docs/linux/found_bugs.md @@ -0,0 +1,457 @@ +# Found bugs + +_newer first_ + +* [fs: possible deadlock in do_iter_write/do_splice](https://groups.google.com/forum/#!topic/syzkaller/f72L3fPD8sY) +* [net/ipv6: warning in __alloc_pages_slowpath/ipip6_tunnel_get_prl](https://groups.google.com/forum/#!topic/syzkaller/VtONA6oTiio) +* [net/ipv6: GPF in rt6_ifdown](https://groups.google.com/forum/#!topic/syzkaller/dQ0r_bHOrJk) +* [net/ipv4: trying to register non-static key in ip_mc_clear_src](https://groups.google.com/forum/#!topic/syzkaller/E60_ya1wNxs) +* [net/can: trying to register non-static key in can_rx_register](https://groups.google.com/forum/#!topic/syzkaller/to2Or4lUrTU) +* [net: general protection fault in deactivate_slab](https://groups.google.com/forum/#!topic/syzkaller/k_Q4h-RPzkQ) +* [net/ipv4: use-after-free in add_grec](https://groups.google.com/forum/#!topic/syzkaller/dlHu8uuZWfg) +* [net/ipv6: use-after-free in ip6_dst_ifdown](https://groups.google.com/forum/#!topic/syzkaller/ZJaqAiFLe3k) +* [tty: possible deadlock in tty_buffer_flush](https://groups.google.com/forum/#!topic/syzkaller/PXe_ekNtIZ8) +* [net/ipv6: general protection fault in skb_release_data](https://groups.google.com/forum/#!topic/syzkaller/e3I2c8X2oWo) CVE-2017-9242 +* [drivers/net/hamradio: divide error in hdlcdrv_ioctl](https://groups.google.com/forum/#!topic/syzkaller/Uwy36npUcBQ) +* [tty: fix port buffer locking](https://lkml.org/lkml/2017/5/11/118) +* [kvm: warning in kvm_load_guest_fpu](https://groups.google.com/forum/#!topic/syzkaller/OSNJfH8rNPE) +* [drivers/scsi: GPF in sg_read](https://groups.google.com/forum/#!topic/syzkaller/FqYh6Jks6h0) +* [net/ipv4: use-after-free in ip_mc_drop_socket](https://groups.google.com/forum/#!topic/syzkaller/y3_fsYmwdio) CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 +* [net/ipv6: GPF in rt6_device_match](https://groups.google.com/forum/#!topic/syzkaller/PbCfeuGSoNI) +* [x86: warning: kernel stack regs has bad 'bp' value](https://groups.google.com/forum/#!topic/syzkaller/HQl-x5dWJ9Q) +* [net/key: slab-out-of-bounds in pfkey_compile_policy](https://groups.google.com/forum/#!topic/syzkaller/MHjh-tJo_wE) +* [net/ipv6: warning in inet6_ifa_finish_destroy](https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw) +* [net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu](https://groups.google.com/forum/#!topic/syzkaller/OhkhEez1z1A) +* [net/ipv6: slab-out-of-bounds in ip6_tnl_xmit](https://groups.google.com/forum/#!topic/syzkaller/Wr3dZWAO8vw) +* [net/rose: null-ptr-deref in rose_route_frame](https://groups.google.com/forum/#!topic/syzkaller/RWKRCxpbS90) +* [time: hang due to timer_create/timer_settime](https://groups.google.com/forum/#!topic/syzkaller/355tWdc8oHY) +* [net/core: BUG in unregister_netdevice_many](https://groups.google.com/forum/#!topic/syzkaller/3zsXPUh-KzU) +* [net/xfrm: stack-out-of-bounds in xfrm_state_find](https://groups.google.com/forum/#!topic/syzkaller/WA6MdAfCYS0) +* [net/bonding: stack-out-of-bounds in bond_enslave](https://groups.google.com/forum/#!topic/syzkaller/IDoQHFmrnRI) +* [net: ipv6: RTF_PCPU should not be settable from userspace](https://www.spinics.net/lists/netdev/msg430947.html) +* [fs/notify/inotify: slab-out-of-bounds write in strcpy](https://groups.google.com/d/msg/syzkaller/ecGeXh44M50/r7OSshSOCAAJ) +* [net/ipv6: slab-out-of-bounds read in seg6_validate_srh](https://groups.google.com/forum/#!topic/syzkaller/U3NMWDD16PM) +* [kernel BUG at mm/hugetlb.c:742!](https://lkml.org/lkml/2017/4/10/1154) +* [net/key: slab-out-of-bounds in parse_ipsecrequests](https://groups.google.com/forum/#!topic/syzkaller/vG7Cyfx-mvU) +* [net/ipv4: use-after-free in ipv4_datagram_support_cmsg](https://groups.google.com/forum/#!topic/syzkaller/F79HOk-4RhA) +* [net/ipv4: use-after-free in ip_queue_xmit](https://groups.google.com/forum/#!topic/syzkaller/X6L7h46rDsw) +* [net: use-after-free in __ns_get_path](https://groups.google.com/forum/#!topic/syzkaller/Vnf3aEG-wqY) +* [net/ipv4: use-after-free in ip_check_mc_rcu](https://groups.google.com/forum/#!topic/syzkaller/6q5nFux7N2E) +* [net/ipv6: use-after-free in ipv6_sock_ac_close](https://groups.google.com/forum/#!topic/syzkaller/z4Y96bFyq7I) +* [net/ipv4: use-after-free in ipv4_mtu](https://groups.google.com/forum/#!topic/syzkaller/UAjEGZoiAF4) +* [net/dccp: BUG in tfrc_rx_hist_sample_rtt](https://groups.google.com/forum/#!topic/syzkaller/inWmASLpo8Q) +* [net/sctp: list double add warning in sctp_endpoint_add_asoc](https://groups.google.com/forum/#!topic/syzkaller/6_LZGvwjzcA) +* [kvm: use-after-free in srcu_reschedule](https://groups.google.com/d/msg/syzkaller/Sl0POwca6-s/QR_z6AsFCQAJ) +* [ata: WARNING in ata_bmdma_qc_issue](https://groups.google.com/d/msg/syzkaller/Hy5yHjgOri8/0fhs94QXCAAJ) +* [net/sched: GPF in qdisc_hash_add](https://groups.google.com/d/msg/syzkaller/--acxHx5yyo/WsS4Yw7PBwAJ) +* [sg: random memory corruptions](https://groups.google.com/d/msg/syzkaller/wWn_oXRfN7Y/kgtLfy_OBwAJ) +* [fs: GPF in deactivate_locked_super](https://groups.google.com/d/msg/syzkaller/xLJUOccIV48/4yXIAfnIBwAJ) +* [loop: WARNING in sysfs_remove_group](https://groups.google.com/d/msg/syzkaller/nq6tjrQLVo4/IL-lxLHIBwAJ) +* [lib, fs, cgroup: WARNING in percpu_ref_kill_and_confirm](https://groups.google.com/d/msg/syzkaller/sT2NZaIfP_E/B15roGnIBwAJ) +* [ata: WARNING in ata_qc_issue](https://groups.google.com/d/msg/syzkaller/r1iGG9w4a9U/l6FkC0HGBwAJ) +* [security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode](https://groups.google.com/d/msg/syzkaller/GLiqkLgHpc8/RzD3JUTFBwAJ) +* [netlink: NULL timer crash](https://groups.google.com/d/msg/syzkaller/drVyP4zu3SM/yPx2taTEBwAJ) +* [kvm: use-after-free function call in kvm_io_bus_destroy](https://groups.google.com/d/msg/syzkaller/1zn_juvw7Fk/BAqe32_DBwAJ) +* [sound: use-after-free in snd_seq_cell_alloc](https://groups.google.com/d/msg/syzkaller/ZXLFJniQJJE/menSWN_CBwAJ) +* [usb: use-after-free write in usb_hcd_link_urb_to_ep](https://groups.google.com/d/msg/syzkaller/v5ra3_AduC4/8-43yozCBwAJ) +* [net/kcm: double free of kcm inode](https://groups.google.com/d/msg/syzkaller/CFYuMediESc/L31CuijCBwAJ) +* [crypto: out-of-bounds write in pre_crypt](https://groups.google.com/d/msg/syzkaller/ivRlyW1WX10/3M9rSuC9BwAJ) +* [security: double-free in superblock_doinit](https://groups.google.com/d/msg/syzkaller/AXrX3E0YOsg/dvcctKm8BwAJ) +* [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/gBu_q0nPy9o/r3QmSIO6BwAJ) +* [tcp: fix potential double free issue for fastopen_req](https://www.spinics.net/lists/netdev/msg422971.html) +* [net/udp: slab-out-of-bounds Read in udp_recvmsg](https://groups.google.com/d/msg/syzkaller/K6CC1usBuWs/6aYxL79BBQAJ) +* [net: deadlock between ip_expire/sch_direct_xmit](https://groups.google.com/d/msg/syzkaller/e-2ANaCu2fk/zvSg0l4DBQAJ) +* [srcu: BUG in __synchronize_srcu](https://groups.google.com/forum/#!topic/syzkaller/2WSsltbI5Z8) +* [net/sctp: recursive locking in sctp_do_peeloff](https://groups.google.com/d/msg/syzkaller/5NY7KjBKgA0/nMm6k7bwEQAJ) +* [kvm: WARNING in vmx_handle_exit](https://groups.google.com/d/msg/syzkaller/D01HuY1tDhc/UIeC8eXfDQAJ) +* [futex: use-after-free in futex_wait_requeue_pi](https://groups.google.com/d/msg/syzkaller/MrJ5ckRkQBI/pXjdOFztEQAJ) +* [kvm/arm64: use-after-free in kvm_vm_ioctl/vmacache_update](https://groups.google.com/forum/#!topic/syzkaller/QUhNm5patag) +* [kvm/arm64: use-after-free in kvm_unmap_hva_handler/unmap_stage2_pmds](https://groups.google.com/forum/#!topic/syzkaller/Hk9R17J-2tA) +* [local privilege escalation flaw in n_hdlc](http://seclists.org/oss-sec/2017/q1/569) CVE-2017-2636 +* [netlink: GPF in netlink_unicast](https://groups.google.com/d/msg/syzkaller/AN-WbVHU0hw/iMmJEUSbEAAJ) +* [perf: use-after-free in perf_release](https://groups.google.com/d/msg/syzkaller/_P-SyZtwVXk/RhO-VB2YEAAJ) +* [net/ipv6: null-ptr-deref in ip6mr_sk_done](https://groups.google.com/forum/#!topic/syzkaller/H8hyTRfCClI) +* [bpf: kernel NULL pointer dereference in map_get_next_key](https://groups.google.com/d/msg/syzkaller/nyr1SaxHfyo/gp21-xhaEAAJ) +* [crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex](https://groups.google.com/d/msg/syzkaller/jtz84qFQ_3s/vzFV8YhaEAAJ) +* [kvm: use-after-free in vmx_check_nested_events/vmcs12_guest_cr0](https://groups.google.com/d/msg/syzkaller/_e1uwkRRVfk/CqEIKj9SEAAJ) +* [sound: another deadlock in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/GAUhiTjyDfI/XcIntncQEAAJ) +* [rcu: WARNING in rcu_seq_end](https://groups.google.com/d/msg/syzkaller/M4UEuqSTMR8/JoEPLtQOEAAJ) +* [fs: use-after-free in path_lookupat](https://groups.google.com/d/msg/syzkaller/_8MZkKL2-QU/PA0q5XULEAAJ) +* [ucount: use-after-free read in inc_ucount & dec_ucount](https://groups.google.com/d/msg/syzkaller/xB_UphO1T7w/me1WddQAEAAJ) +* [net/ipv4: division by 0 in tcp_select_window](https://groups.google.com/d/msg/syzkaller/TFH8rl8yTrU/9PzPjkfHDwAJ) +* [net: heap out-of-bounds in fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone](https://groups.google.com/d/msg/syzkaller/3SS80JbVPKA/2tfIAcW7DwAJ) +* [mm: use-after-free in zap_page_range](https://groups.google.com/d/msg/syzkaller/-e9ZYxL9zts/6ip-8FK5DwAJ) +* [net/kcm: use-after-free in kcm_wq](https://groups.google.com/d/msg/syzkaller/c_jOLx9FEgk/nz2PJROtDwAJ) +* [idr: use-after-free write in ida_get_new_above](https://groups.google.com/d/msg/syzkaller/23J2nN6syEE/gFFk_xSsDwAJ) +* [sg: stack out-of-bounds write in sg_write](https://groups.google.com/d/msg/syzkaller/fvvhyYQHiT8/UOnInaajDwAJ) CVE-2017-7187 +* [cgroup: WARNING in cgroup_kill_sb](https://groups.google.com/d/msg/syzkaller/pWKI4ZQeOoI/SmTmQEF8DwAJ) +* [net/rds: use-after-free in rds_find_bound/memcmp](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/kgQVbjjXDgAJ) +* [net: sleeping function called from invalid context in net_enable_timestamp](https://groups.google.com/d/msg/syzkaller/k5qJRYKqIgQ/EfJBkqwvDwAJ) +* [net: use-after-free in neigh_timer_handler/sock_wfree](https://groups.google.com/d/msg/syzkaller/2REBGTmpSTE/pT95olUuDwAJ) +* [net/sctp: use-after-free in sctp_association_put](https://groups.google.com/d/msg/syzkaller/AA_hWiHcgrs/4lIAQ94tDwAJ) +* [fs: use-after-free in userfaultfd_exit](https://groups.google.com/d/msg/syzkaller/Uu0ZwFPrmu8/WRWYCC8sDwAJ) +* [net/ipv4: inconsistent lock state in tcp_conn_request/inet_ehash_insert](https://groups.google.com/forum/#!topic/syzkaller/OnwnEEhZap8) +* [net/ipv4: suspicious RCU usage in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/FwCYiR7JDwAJ) +* [net/ipv4: deadlock in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/jZyjMMgRDwAJ) +* [net/dccp: dccp_create_openreq_child freed held lock](https://groups.google.com/d/msg/syzkaller/0jXubCbCmeQ/OXoQEjgODwAJ) +* [nested_vmx_merge_msr_bitmap](https://groups.google.com/d/msg/syzkaller/2631gzzWnA4/jm91h6HeDgAJ) +* [ipc: use-after-free in shm_get_unmapped_area](https://groups.google.com/d/msg/syzkaller/Kv2bIHYA8N8/kZqVCqXaDgAJ) +* [sounds: deadlocked processed in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/ZARHLaXAmYQ/eSfeP-HVDgAJ) +* [net/atm: vcc_sendmsg calls kmem_cache_alloc in non-blocking context](https://groups.google.com/d/msg/syzkaller/5gb5kxihtps/oy4pVZ3SDgAJ) +* [ata: WARNING in ata_sff_qc_issue](https://groups.google.com/d/msg/syzkaller/0v1qHkmM-VU/6InmOLvPDgAJ) +* [net/rds: use-after-free in inet_create](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/s46xtB7PDgAJ) +* [mm: fault in __do_fault](https://groups.google.com/d/msg/syzkaller/CRQxZS4nck0/6DD2SyfODgAJ) +* [kvm: WARNING in nested_vmx_vmexit](https://groups.google.com/d/msg/syzkaller/w3EBRlb2h6s/GdIi_y3IDgAJ) +* [net: GPF in rt6_nexthop_info](https://groups.google.com/d/msg/syzkaller/AMyOvIrf--c/RB-mpPjFDgAJ) +* [sound: spinlock lockup in snd_timer_user_tinterrupt](https://groups.google.com/d/msg/syzkaller/3efGwZt0nLI/pPt4WoGVDgAJ) +* [mm: GPF in bdi_put](https://groups.google.com/d/msg/syzkaller/ixaSKtOoO7k/UjxnRr2JDgAJ) +* [net/sctp: use-after-free in sctp_hash_transport](https://groups.google.com/forum/#!topic/syzkaller/Ew5hrZI7Obs) +* [net/bridge: warning in br_fdb_find](https://groups.google.com/forum/#!topic/syzkaller/d9XyhdJXwa0) +* [net/ipv6: null-ptr-deref in ip6_route_del/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/gEoL2QX519c) +* [net: possible deadlock in skb_queue_tail](https://groups.google.com/forum/#!topic/syzkaller/XEp_9K8FmIM) +* [DCCP double-free vulnerability (local root)](http://seclists.org/oss-sec/2017/q1/471) CVE-2017-6074 +* [net: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/QwkU6JMkjBg) +* [net/pptp: use-after-free in dst_release](https://groups.google.com/forum/#!topic/syzkaller/ZR9QP3JNE18) +* [net/udp: slab-out-of-bounds in udp_recvmsg/do_csum](https://groups.google.com/forum/#!topic/syzkaller/vCUAq86bJaA) CVE-2017-6347 +* [WARNING in skb_warn_bad_offload](https://patchwork.ozlabs.org/patch/722135/) +* [tty: panic in tty_ldisc_restore](https://groups.google.com/d/msg/syzkaller/ty5IhaYWVp8/aTN_hZ8qBQAJ) +* [net: BUG in __skb_gso_segment](https://groups.google.com/forum/#!topic/syzkaller/wLAp3HzIXSo) +* [net/dccp: use-after-free in dccp_feat_activate_values](https://groups.google.com/forum/#!topic/syzkaller/hyM_oK9QOXU) +* [net/kcm: GPF in kcm_sendmsg](https://groups.google.com/d/msg/syzkaller/8YB3cFmKRqs/DYu7vJiCCAAJ) +* [net/xfrm: stack out-of-bounds in xfrm_flowi_sport](https://groups.google.com/d/msg/syzkaller/J2qVz4ZJpPg/Fw0QURWBCAAJ) +* [net/llc: BUG in llc_sap_state_process/skb_set_owner_r](https://groups.google.com/forum/#!topic/syzkaller/c1SOlcflXz8) CVE-2017-6345 +* [net/llc: bug in llc_pdu_init_as_xid_cmd/skb_over_panic](https://groups.google.com/forum/#!topic/syzkaller/mVs8KWoW4d8) +* [net/packet: use-after-free in packet_rcv_fanout](https://groups.google.com/d/msg/syzkaller/nOwR6_b4rmw/ocp21bZBBwAJ) +* [net: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in skb_array_produce](https://groups.google.com/d/msg/syzkaller/eHfRFbBg4LE/stDU3KYyBwAJ) +* [net/ipv4: null-ptr-deref in udp_rmem_release/sk_memory_allocated_sub](https://groups.google.com/forum/#!topic/syzkaller/8BMdxIXdH4g) +* [net/sctp: null-ptr-deref in sctp_put_port/sctp_endpoint_destroy](https://groups.google.com/forum/#!topic/syzkaller/S79Ss7ZUje8) +* [net/ipv4: warning in nf_nat_ipv4_fn](https://groups.google.com/forum/#!topic/syzkaller/5VxeBb85Ddg) +* [net/ipv6: double free in ipip6_dev_free](https://groups.google.com/d/msg/syzkaller/ZN9Ihlsum_s/4UuXXmn1BgAJ) +* [sound: use-after-free in snd_seq_queue_alloc](https://groups.google.com/d/msg/syzkaller/dhaTlAjxHVs/TXyPrX_nBgAJ) +* [loop: divide error in transfer_xor](https://groups.google.com/d/msg/syzkaller/1f1ziDbOTiQ/cFC0_wfnBgAJ) +* [net/xfrm: use of uninit spinlock in xfrm_policy_flush](https://groups.google.com/d/msg/syzkaller/vp1neyeoA8A/Is8aPdrpBgAJ) +* [mm: double-free in cgwb_bdi_init](https://groups.google.com/d/msg/syzkaller/tIx42qCVklk/fh0qjUboBgAJ) +* [packet: round up linear to header len](http://patchwork.ozlabs.org/patch/725335/) +* [net/icmp: null-ptr-deref in ping_v4_push_pending_frames](https://groups.google.com/forum/#!topic/syzkaller/DYyq0NyEY4g) +* [net/kcm: WARNING in kcm_write_msgs](https://groups.google.com/d/msg/syzkaller/vsh_MSFHizg/Uf-GzB1UBgAJ) +* [tcp: avoid infinite loop in tcp_splice_read()](https://www.mail-archive.com/netdev@vger.kernel.org/msg151936.html) CVE-2017-6214 +* [tun: read vnet_hdr_sz once](http://patchwork.ozlabs.org/patch/723964/) +* [macvtap: read vnet_hdr_size once](http://patchwork.ozlabs.org/patch/723965/) +* [udp: properly cope with csum errors](https://patchwork.ozlabs.org/patch/724263/) +* [ipv6: tcp: add a missing tcp_v6_restore_cb()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756) +* [ip6_gre: fix ip6gre_err() invalid reads](https://patchwork.ozlabs.org/patch/724187/) CVE-2017-5897 +* [ipv4: keep skb->dst around in presence of IP options](https://patchwork.ozlabs.org/patch/724136/) CVE-2017-5970 +* [net: use a work queue to defer net_disable_timestamp() work](https://patchwork.ozlabs.org/patch/723251/) +* [netlabel: out of bound access in cipso_v4_validate()](https://patchwork.ozlabs.org/patch/723457/) +* [ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()](https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git/+/63117f09c768be05a0bf465911297dc76394f686) +* [net: heap out-of-bounds in ip6_fragment](https://groups.google.com/d/msg/syzkaller/zakUQXz8ums/lNcDLtARBQAJ) CVE-2017-9074 +* [tcp: fix 0 divide in __tcp_select_window()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=06425c308b92eaf60767bc71d359f4cbc7a561f8) +* [keys: GPF in request_key](https://groups.google.com/d/msg/syzkaller/As2A-xeNp0g/eu50sRnKBAAJ) +* [net/tcp: warning in tcp_try_coalesce/skb_try_coalesce](https://groups.google.com/forum/#!topic/syzkaller/oeZW04VAQBM) +* [crypto: NULL deref in sha512_mb_mgr_get_comp_job_avx2](https://groups.google.com/d/msg/syzkaller/4nGqh82OL7g/0lU1zpp-BAAJ) +* [sound: unable to handle kernel paging request snd_seq_prioq_cell_out](https://groups.google.com/d/msg/syzkaller/wn-_0zA8ka4/kLB6BSR0BAAJ) +* [scsi: BUG in scsi_init_io](https://groups.google.com/d/msg/syzkaller/p2MBG9oRNdo/4MxGbWFwBAAJ) +* [mm: sleeping function called from invalid context shmem_undo_range](https://groups.google.com/d/msg/syzkaller/j8Zj72bs2xE/HjPk2dduBAAJ) +* [timerfd: use-after-free in timerfd_remove_cancel](https://groups.google.com/d/msg/syzkaller/bryiI66Pxxg/78NqwMhBBAAJ) +* [scsi: use-after-free in sg_start_req](https://groups.google.com/d/msg/syzkaller/Nft7hrE_CyM/QvEjMuUcBAAJ) +* [mm: deadlock between get_online_cpus/pcpu_alloc](https://groups.google.com/d/msg/syzkaller/G40CCUkkyDE/9Y3u-rXfAwAJ) +* [BUG at net/sctp/socket.c:7425](https://groups.google.com/d/msg/syzkaller/V2WPJ1BiXs0/-NO5Yea3AwAJ) +* [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/UHiABsxXVaI/lQQ36P5eAwAJ) +* [net: suspicious RCU usage in nf_hook](https://groups.google.com/d/msg/syzkaller/9876JHd_awE/xqvU9HFeAwAJ) +* [kvm: fix page struct leak in handle_vmon](https://www.spinics.net/lists/kernel/msg2428945.html) CVE-2017-2596 +* [ipv6: fix ip6_tnl_parse_tlv_enc_lim()](https://patchwork.ozlabs.org/patch/718842/) +* [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/ZXcevV8NAgAJ) +* [perf: use-after-free in perf_event_for_each](https://groups.google.com/d/msg/syzkaller/UjDJeCgt3_M/xsv0cLUKAgAJ) +* [net: use-after-free in tw_timer_handler](https://groups.google.com/d/msg/syzkaller/p1tn-_Kc6l4/smuL_FMAAgAJ) +* [namespace: deadlock in dec_pid_namespaces](https://groups.google.com/d/msg/syzkaller/uhFVBGnXzHQ/-kZya8AdAQAJ) +* [sctp: kernel memory overwrite attempt detected in sctp_getsockopt_assoc_stats](https://groups.google.com/d/msg/syzkaller/Ok2fotcCSsg/10Tak7X0EQAJ) +* [kvm: deadlock in kvm_vgic_map_resources](https://groups.google.com/d/msg/syzkaller/7E0b8H0nJm8/-aoPnGW_EAAJ) +* [net/atm: warning in alloc_tx/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/3WJGPLm6FmQ) +* [net/ipv6: use-after-free in sock_wfree](https://groups.google.com/forum/#!topic/syzkaller/BhyN5OFd7sQ) +* [kvm: kvm: BUG in loaded_vmcs_init](https://groups.google.com/d/msg/syzkaller/VrcANKRU3iQ/KdZDHdIiDwAJ) +* [kvm: NULL deref in vcpu_enter_guest](https://groups.google.com/d/msg/syzkaller/6V-KXaMDYi8/rOvBl-69DAAJ) +* [kvm: use-after-free in complete_emulated_mmio](https://groups.google.com/d/msg/syzkaller/-Pl63SQ63FA/pYO4cRkUDAAJ) CVE-2017-2584 +* [kvm: BUG in kvm_unload_vcpu_mmu](https://groups.google.com/d/msg/syzkaller/VbGoa1nALVw/x7hPnUMXDAAJ) +* [x86: warning in unwind_get_return_address](https://groups.google.com/forum/#!topic/syzkaller/BQBlYH-dNNM) +* [ipc: BUG: sem_unlock unlocks non-locked lock](https://groups.google.com/d/msg/syzkaller/u_ldPlYJSxk/Iu6CmEmlCAAJ) +* [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/HOkydz_bBwAJ) +* [sctp: suspicious rcu_dereference_check() usage in sctp_epaddr_lookup_transport](https://groups.google.com/d/msg/syzkaller/4V6zHuGzYuM/sLQkIJTVBwAJ) +* [kvm: use-after-free in process_srcu](https://groups.google.com/d/msg/syzkaller/i48YZ8mwePY/0PQ8GkQTBwAJ) +* [kvm: assorted bugs after OOMs](https://groups.google.com/d/msg/syzkaller/ytVPh93HLnI/KhZdengZBwAJ) +* [kvm: deadlock between kvm_io_bus_register_dev/kvm_hv_set_msr_common](https://groups.google.com/d/msg/syzkaller/KYU8Ru7P2wo/fHM0gbuUBgAJ) +* [netlink: GPF in netlink_dump](https://groups.google.com/d/msg/syzkaller/wXVYTkQqmeM/KJFTDTE2BgAJ) +* [fs, net: deadlock between bind/splice on af_unix](https://groups.google.com/d/msg/syzkaller/E3_YC5Ac-dY/Wr42pcVBBgAJ) +* [net: use-after-free in worker_thread](https://groups.google.com/forum/#!topic/syzkaller/RCnXAyhFBZs) +* [net: signed overflows in SO_{SND|RCV}BUFFORCE sockopts](https://groups.google.com/forum/#!topic/syzkaller/rXpw5jXjGBM) CVE-2016-9793 CVE-2012-6704 +* [net/can: warning in raw_setsockopt/__alloc_pages_slowpath](https://groups.google.com/forum/#!topic/syzkaller/6ceFXDer0ik) +* [net/ipv6: null-ptr-deref in ip6_rt_cache_alloc](https://groups.google.com/forum/#!topic/syzkaller/ryLwIsiKnmA) +* [net/dccp: use-after-free in dccp_invalid_packet](https://groups.google.com/forum/#!topic/syzkaller/5uW1cV_WjIQ) +* [net/sctp: vmalloc allocation failure in sctp_setsockopt/xt_alloc_table_info](https://groups.google.com/forum/#!topic/syzkaller/TMlGTPkIlFU) +* [net: BUG in unix_notinflight](https://groups.google.com/d/msg/syzkaller/4PFR0zm8JdU/XIGam5-dAgAJ) +* [net: GPF in eth_header](https://groups.google.com/d/msg/syzkaller/GFbGpX7nTEo/96LNG7KbAgAJ) CVE-2016-9755 +* [net: deadlock on genl_mutex](https://groups.google.com/d/msg/syzkaller/-YGhBYeg8Ew/jf9uD0maAgAJ) +* [net: GPF in rt6_get_cookie](https://groups.google.com/d/msg/syzkaller/3uDn6P5bwzA/gdzgPxeYAgAJ) +* [netlink: GPF in sock_sndtimeo](https://groups.google.com/d/msg/syzkaller/R_KZuzEDLeg/SkANc-yVAgAJ) +* [scsi: use-after-free in bio_copy_from_iter](https://groups.google.com/d/msg/syzkaller/Ut8nZJIJoEs/lhPdzXlSAgAJ) CVE-2016-9576 +* [net/udp: bug in skb_pull_rcsum](https://groups.google.com/forum/#!topic/syzkaller/fVj7UJ6nOow) +* [net/icmp: null-ptr-deref in icmp6_send](https://groups.google.com/forum/#!topic/syzkaller/exfKDuH5sLI) CVE-2016-9919 +* [net/can: use-after-free in bcm_rx_thr_flush](https://groups.google.com/forum/#!topic/syzkaller/1kM2GFIzSBU) +* [kvm: slab-out-of-bounds write in __apic_accept_irq](https://groups.google.com/d/msg/syzkaller/YWVsTBlRljk/xMwrqdOgCAAJ) CVE-2016-9777 +* [mm: BUG in pgtable_pmd_page_dtor](https://groups.google.com/d/msg/syzkaller/JGNtVzSymvw/6VbQla2gCAAJ) +* [logfs: GPF in logfs_alloc_inode](https://groups.google.com/d/msg/syzkaller/jj5WiCBNDh4/tYlsqCegCAAJ) +* [mm, floppy: unkillable task faulting on fd0](https://groups.google.com/d/msg/syzkaller/v6X8nr-XMqY/AKvXMjqdCAAJ) +* [kvm: deadlock between kvm_vm_ioctl_get_dirty_log/kvm_hv_set_msr_common/kvm_create_pit](https://groups.google.com/d/msg/syzkaller/AMBA62hsVnQ/vtH4SEeoBwAJ) +* [kvm: WARNING in em_jmp_far](https://groups.google.com/d/msg/syzkaller/vlC9IzBqaEs/S5sZl9ejBwAJ) CVE-2016-9756 +* [kvm: WARNING in rtc_status_pending_eoi_check_valid](https://groups.google.com/d/msg/syzkaller/WuAv_qE8dI8/jJd6E3ClBwAJ) +* [kvm: GPF in kvm_ioapic_set_irq](https://groups.google.com/d/msg/syzkaller/yOvg84HBx6E/6db4LE6jBwAJ) +* [mm: BUG in munlock_vma_pages_range](https://groups.google.com/d/msg/syzkaller/YrHKOMostEc/3Arq3dCiBwAJ) +* [kvm: WARNING in kvm_arch_vcpu_ioctl_run](https://groups.google.com/d/msg/syzkaller/24wCim9x3mI/RoV24W5yBwAJ) +* [kvm: use-after-free/GPF in kvm_irq_delivery_to_apic_fast](https://groups.google.com/d/msg/syzkaller/sue3X3IQanU/ypLWfHTpBgAJ) +* [kvm: out-of-bounds write in __rtc_irq_eoi_tracking_restore_one](https://groups.google.com/d/msg/syzkaller/8IXfmLUSkbA/8bbm6hbqBgAJ) +* [kvm: BUG in pte_list_remove](https://groups.google.com/d/msg/syzkaller/IqkesiRS-t0/aLcJuMXqBgAJ) +* [kvm: recursive lock in kvm_clear_async_pf_completion_queue](https://groups.google.com/d/msg/syzkaller/dGfcd0P7J-E/XD0h8n_rBgAJ) +* [kvm: WARNING in em_ret_far](https://groups.google.com/d/msg/syzkaller/o5ZftARBhrs/r1ivQ-HtBgAJ) +* [kvm: GPF in irqfd_shutdown/eventfd_ctx_remove_wait_queue](https://groups.google.com/d/msg/syzkaller/Zubs2yePdiY/svec5qrtBgAJ) +* [kvm: GPF in gfn_to_rmap](https://groups.google.com/d/msg/syzkaller/sHBCmfktDGg/dAhz7M7vBgAJ) +* [kvm: paging fault in kvm_gfn_to_hva_cache_init](https://groups.google.com/d/msg/syzkaller/ETU_E6Sc-rk/-iWFPpTwBgAJ) +* [kvm: suspicious RCU usage/missed lock in kvm_lapic_set_vapic_addr](https://groups.google.com/d/msg/syzkaller/Zw7Usg-FnDQ/QvHU6P69BgAJ) +* [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/NKlClJzOOww/zX1sXW24BgAJ) +* [kvm: WARNING in kvm_load_guest_fpu](https://groups.google.com/d/msg/syzkaller/PeDBKPqz19o/VckGWlW0BgAJ) +* [kvm: GPF in kvm_pic_set_irq](https://groups.google.com/d/msg/syzkaller/T4ZFHqpmwKM/V_X9W8awBgAJ) +* [kvm: GPF in irq_bypass_unregister_consumer](https://groups.google.com/d/msg/syzkaller/Dz__GySpVr8/UQ5kpdWrBgAJ) +* [kvm: GPF in __get_kvmclock_ns](https://groups.google.com/d/msg/syzkaller/A5cpi35KlkQ/a35IrBmoBgAJ) +* [kvm: WARNING In kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/1qxx4nU4hpE/qJlIQcWtBgAJ) +* [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/F3xBpkDRAiE/jdmpOIKtBgAJ) +* [tcp: take care of truncations done by sk_filter()](https://patchwork.ozlabs.org/patch/693484/) +* [net/l2tp: use-after-free write in l2tp_ip6_close](https://groups.google.com/forum/#!topic/syzkaller/rXbAbqydmsw) +* [net/sctp: null-ptr-deref in sctp_inet_listen](https://groups.google.com/forum/#!topic/syzkaller/rngiXb8aNVk) +* [net/tcp: warning in tcp_recvmsg](https://groups.google.com/forum/#!topic/syzkaller/xpNRe_86Dog) +* [net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/BTjwhbtc9QE) +* [bpf: kernel BUG in htab_elem_free](https://groups.google.com/d/msg/syzkaller/NcK5XXQA-_o/DYskkVn1AwAJ) +* [net/netlink: global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/6k-N84V-Z88) +* [net/ipv6: null-ptr-deref in inet6_bind](https://groups.google.com/forum/#!topic/syzkaller/AdbicmLlFHk) +* [net/dccp: null-ptr-deref in dccp_parse_options](https://groups.google.com/forum/#!topic/syzkaller/_vGUxJLcdKY) +* [net/dccp: null-ptr-deref in dccp_v4_rcv/selinux_socket_sock_rcv_skb](https://groups.google.com/forum/#!topic/syzkaller/nyrJEo2pUJs) +* [net/tcp: null-ptr-deref in __inet_lookup_listener/inet_exact_dif_match](https://groups.google.com/forum/#!topic/syzkaller/zfXVCzJTXzQ) +* [net/dccp: warning in dccp_feat_clone_sp_val/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/GDvJr49XK7g) +* [net/can: warning in bcm_connect/proc_register](https://groups.google.com/forum/#!topic/syzkaller/ltCQQCE44pQ) +* [net/ipv4: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/8tMiUcdWx78) +* [net/sctp: slab-out-of-bounds in sctp_sf_ootb](https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk) CVE-2016-9555 +* [net/dccp: warning in dccp_set_state](https://groups.google.com/forum/#!topic/syzkaller/JdYwfv_22lA) +* [net/netlink: bad unlock balance in netlink_diag_dump](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y) +* [net/netlink: null-ptr-deref in netlink_dump/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y) +* [net/ipx: null-ptr-deref in ipxrtr_route_packet](https://groups.google.com/forum/#!topic/syzkaller/xqRSxMxPVq0) +* [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/forum/#!topic/syzkaller/W0swoIe25Eg) +* [fs: WARNING in locks_unlink_lock_ctx (not holding proper lock)](https://groups.google.com/d/msg/syzkaller/9DFicr6njUw/aaX3dVtNBQAJ) +* [kernel BUG in dio_get_page](https://groups.google.com/d/msg/syzkaller/rCCyOHJHflI/Ik7IhXWzBAAJ) +* [bpf related use-after-free](http://seclists.org/oss-sec/2016/q2/332) CVE-2016-4794 +* [drm: GPF in drm_getcap](https://groups.google.com/d/msg/syzkaller/dxVHCovRzhg/7QPBBqi4BwAJ) +* [fs: GPF in bd_mount](https://groups.google.com/d/msg/syzkaller/Z7OCclqCuq0/--YUa8QrBgAJ) +* [tty, fbcon: use-after-free in fbcon_invert_region](https://groups.google.com/d/msg/syzkaller/1DU69JpJwJg/n-6V4Wr5BQAJ) +* [drm: NULL pointer dereference in drm_mode_object_find()](https://groups.google.com/d/msg/syzkaller/7kyIupsNz-c/dWIIMpJXAQAJ) +* [6pack: stack-out-of-bounds in sixpack_receive_buf](https://groups.google.com/d/msg/syzkaller/A1x5I2hxcew/DjzZX7_mBQAJ) +* [logfs: GPF in logfs_init_inode](https://groups.google.com/d/msg/syzkaller/sU52_tpOsxQ/QTmqrIjlBQAJ) +* [tty: use-after-free in n_tty_receive_buf_fast](https://groups.google.com/d/msg/syzkaller/wz0PXUAcE7g/QN-MnqnjBQAJ) +* [sound: divide by 0 in snd_hrtimer_callback (or hang)](https://groups.google.com/d/msg/syzkaller/YZDD4SOU2Lk/LwRAiknjBQAJ) +* [mm: GPF in __insert_vmap_area](https://groups.google.com/d/msg/syzkaller/dTC7VpMKBu0/Aasz9zHiBQAJ) +* [fs, tty: WARNING in devpts_get_priv](https://groups.google.com/d/msg/syzkaller/qz7_4jCFPvw/nm19yTfbBQAJ) +* [fanotify: unkillable hanged processes](https://groups.google.com/d/msg/syzkaller/kY_ml6TCm9A/wDd5fYFXBQAJ) +* [drm: GPF in drm_context_switch_complete](https://groups.google.com/d/msg/syzkaller/ZB879NphOvw/ZDzsirsgBAAJ) +* [drm: GPF in drm_legacy_lock_free](https://groups.google.com/d/msg/syzkaller/VsfDwjS-Vk8/HOxWf1cgBAAJ) +* [sound: division by 0 in snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/HOTZlap4aZ8/E9EnyqwfBAAJ) +* [perf: WARNING in perf_event_read](https://groups.google.com/d/msg/syzkaller/nQl0TADtoXc/qwp8erUdBAAJ) +* [drm: WARNING in drm_irq_by_busid](https://groups.google.com/d/msg/syzkaller/1ckoC7WPx3c/-JO150EIBAAJ) +* [dri: WARNING in idr_remove](https://groups.google.com/d/msg/syzkaller/wOfaszMuYSQ/2a5fyjkSBAAJ) +* [mm: use-after-free in collapse_huge_page](https://groups.google.com/d/msg/syzkaller/eFgUtJ_WbmM/yBQp-6QFBAAJ) +* [kcm: use-after-free in fput of kcm socket](https://groups.google.com/d/msg/syzkaller/1S98uAzWBLg/c9ANduUDBAAJ) +* [bdev: fix NULL pointer dereference in sync()/close() race](https://groups.google.com/d/msg/syzkaller/Gu28cO5tVSw/uAwLAuKrAwAJ) +* [bdev: fix NULL pointer dereference](https://groups.google.com/forum/#!topic/syzkaller/VF7tNBDWFMI) +* [BUG: sleeping function called from invalid context at mm/mempolicy.c:553](http://pastebin.com/uNQW3afN) +* [use-after-free in ppp_unregister_channel](http://review.cyanogenmod.org/#/c/145489/) +* [net/tipc: NULL-ptr dereference in tipc_nl_publ_dump](http://lists.openwall.net/netdev/2016/05/14/35) +* [HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()](https://patchwork.kernel.org/patch/8583981/) +* [mm: memory corruption on mmput](http://lists.openwall.net/linux-kernel/2016/04/17/72) +* [perf: WARNING in perf_event_read](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214159.html) +* [9p2000.L stat/unlink race (WARNING: fs/inode.c:280 drop_nlink)](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214157.html) +* [mm: page fault in __do_huge_pmd_anonymous_page](https://groups.google.com/d/msg/syzkaller/Ihm6d1NmRk8/WG-qZ6aMCQAJ) +* [usb: memory allocation WARNING in hcd_buffer_alloc](https://groups.google.com/d/msg/syzkaller/svY2Ac1RYCM/wD9pZHeJCQAJ) +* [dccp: potential deadlock in dccp_v4_ctl_send_reset](https://groups.google.com/d/msg/syzkaller/yrxEaY_QQEM/Xtx0LrSICQAJ) +* [mm: GPF in find_get_pages_tag](https://groups.google.com/d/msg/syzkaller/9XYmMfpNxCg/jl1EgpmHCQAJ) +* [mm: BUG in page_move_anon_rmap](https://groups.google.com/d/msg/syzkaller/E21YB1m9Fb4/yrj55fZZCAAJ) +* [block: GPF in get_task_ioprio](https://groups.google.com/d/msg/syzkaller/pCqmZTOvf7g/foAZqH71BwAJ) +* [tty: stall in n_tty_ioctl/inq_canon](https://groups.google.com/d/msg/syzkaller/JEOgcphr_FQ/zt5eiRfUBQAJ) +* [random: negative entropy/overflow: pool input count -40000](https://groups.google.com/d/msg/syzkaller/LvdDTS5Om_g/zJmN7RfOBQAJ) +* [bpf: use after free in array_map_alloc](http://seclists.org/oss-sec/2016/q2/332) CVE-2016-4794 +* [kvm: use-after-free in kvm_irqfd_release](https://groups.google.com/d/msg/syzkaller/mLrF0hWNsA0/qN0CYvVABQAJ) +* [kvm: GPF in kvm_lapic_set_tpr](https://groups.google.com/d/msg/syzkaller/kQW1tyy6vjc/0xbWT-JABQAJ) +* [sound: use-after-free in hrtimer_cancel](https://groups.google.com/d/msg/syzkaller/HMNrvp-Dt2g/kaQMrGQEAwAJ) +* [sound: hang in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/8k7zhhEbAgAJ) +* [sound: deadlock involving snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/O852Mz3HAQAJ) +* [fs: GPF in locked_inode_to_wb_and_lock_list](https://groups.google.com/d/msg/syzkaller/XvxH3cBQ134/F0-0r3MxAAAJ) +* [x86: bad pte in pageattr_test](https://groups.google.com/d/msg/syzkaller/Fu6BruqUHOU/nuJxpW7EAwAJ) +* [tty: memory leak in tty_open](https://groups.google.com/d/msg/syzkaller/wZUev9AXzDY/Nt4ih4B7EgAJ) +* [net: memory leak due to CLONE_NEWNET](https://groups.google.com/d/msg/syzkaller/dLbu8taoWVY/w3myILDuEQAJ) +* [lockdep WARNING in get_online_cpus](https://groups.google.com/d/msg/syzkaller/MHXa-o8foyc/o-mB1L_rEQAJ) +* [mm: BUG in khugepaged_scan_mm_slot](https://groups.google.com/d/msg/syzkaller/GNB2k9vLYc4/9Cu_fy7hEQAJ) +* [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/eIjELqsnpcE/xX-R8APfEQAJ) +* [scsi: machine hang due to write to /dev/sg0](https://groups.google.com/d/msg/syzkaller/oQ3Hg-JUVKA/8zwovr9lDAAJ) +* [AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way](http://seclists.org/oss-sec/2016/q1/450) +* [sound: uninterruptible hang in snd_seq_oss_writeq_sync](https://groups.google.com/d/msg/syzkaller/bUvgnh0owos/Ps7Rep4XCAAJ) +* [fs: uninterruptible hang in handle_userfault](https://groups.google.com/d/msg/syzkaller/dSd90m_8O9w/-SAlwCUUCAAJ) +* [net: memory leak in N_6PACK driver](https://groups.google.com/d/msg/syzkaller/555eacbu6QQ/_3PGUrCbBQAJ) +* [net: memory leak in lapb_register](https://groups.google.com/d/msg/syzkaller/PqiopMXpNwU/8ChRtB6bBQAJ) +* [net: memory leak in mkiss_open](https://groups.google.com/d/msg/syzkaller/ylPCtzQr_jc/z_x_9uKaBQAJ) +* [sound: list corruption in delete_and_unsubscribe_port](https://groups.google.com/d/msg/syzkaller/XcYfdFeeyK8/R49jRCLCAwAJ) +* [kvm: GPF in kvm_pic_clear_all](https://groups.google.com/d/msg/syzkaller/FzqGSkRKwm0/h4Yz2CSBAwAJ) +* [kvm: GPF in kvm_irq_map_gsi](https://groups.google.com/d/msg/syzkaller/Rg4Y2Z6HbHI/w9zXygeAAwAJ) +* [tty: memory leak in tty_register_driver](https://groups.google.com/d/msg/syzkaller/iPxmOCKQLbU/0yLjf9x2AwAJ) +* [sound: memory leak in snd_seq_pool_init](https://groups.google.com/d/msg/syzkaller/hpzw94zvlLI/HBqrHjJzAwAJ) +* [tty: deadlock between tty_buffer_flush/n_tracesink_open](https://groups.google.com/d/msg/syzkaller/HX5NRBC8ubw/w4XgLENBAwAJ) +* [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/8PdCofDMAAAJ) +* [fs: NULL deref in atime_needs_update](https://groups.google.com/d/msg/syzkaller/0SW33jMcrXQ/7qZfeV-HAAAJ) +* [sound: spinlock lockup in snd_seq_oss_write](https://groups.google.com/d/msg/syzkaller/aSwFzmSY7Rc/zIKYuKczAAAJ) +* [net: memory leak in ip_cmsg_send](https://groups.google.com/d/msg/syzkaller/keQktFmhfBM/UDsS4tEACAAJ) +* [net/irda: BUG: looking up invalid subclass: 4294967295](https://groups.google.com/d/msg/syzkaller/RSwLEwkWag8/S2kSuPn-BwAJ) CVE-2017-6348 +* [sound: use-after-free in snd_timer_start1](https://groups.google.com/d/msg/syzkaller/zF-7vhuSc9o/O89UIO3HBwAJ) +* [tty: tty_struct memory leak](https://groups.google.com/d/msg/syzkaller/ZPlLcAxOFSw/NyFyCAjIBwAJ) +* [gigaset: memory leak in gigaset_initcshw](https://groups.google.com/d/msg/syzkaller/wu3NyQ5ZJFE/sat9DwTFBwAJ) +* [sound: out-of-bounds write in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/Au60AgpecfQ/a3eWMIevBwAJ) +* [mm: uninterruptable tasks hanged on mmap_sem](https://groups.google.com/d/msg/syzkaller/6M2Z5r28UDA/nYPsJ1KIBwAJ) +* [sound: another WARNING in rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/FEjR2q-Ri-s/IXSua74aBwAJ) +* [sound: use-after-free in snd_seq_deliver_single_event](https://groups.google.com/d/msg/syzkaller/c8bhbCQP-XA/Abeq8ToXBwAJ) +* [sound: WARNING in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/BI280LemTW8/KgcuDJYWBwAJ) +* [sound: deadlock between snd_pcm_oss_write/snd_pcm_oss_mmap](https://groups.google.com/forum/#!topic/syzkaller/MlIO0DbOtsA) +* [ata: BUG in ata_sff_hsm_move](https://groups.google.com/d/msg/syzkaller/GyV2KfwtfTg/PiTmmqngBQAJ) +* [WARNING in set_restore_sigmask](https://groups.google.com/d/msg/syzkaller/unp9iTQ4IKc/bvJO8A4oBgAJ) +* [BUG: bad unlock balance detected in vma_unlock_anon_vma](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ) +* [bluetooth: use-after-free in vhci_send_frame](https://groups.google.com/d/msg/syzkaller/oWvyWrgd3M4/nAu5XTMmBgAJ) +* [mm: another VM_BUG_ON_PAGE(PageTail(page))](https://groups.google.com/d/msg/syzkaller/boW7sZ0HoYA/j8hH8-vcBQAJ) +* [scsi: NULL deref in sg_start_req](https://groups.google.com/d/msg/syzkaller/8Fg8X9iguFM/u6sUrAvcBQAJ) +* [mm: BUG in expand_downwards](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ) +* [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/YMstW6CMBQAJ) +* [WARNING in do_jobctl_trap](https://groups.google.com/d/msg/syzkaller/67Ipm9Q3dN4/Mn1ZM1pPBQAJ) +* [mm: VM_BUG_ON_PAGE(PageTail(page)) in mbind](https://groups.google.com/d/msg/syzkaller/rUdHl1uq8GU/fd2lDLFHBQAJ) +* [net/bluetooth: workqueue destruction WARNING in hci_unregister_dev](https://groups.google.com/d/msg/syzkaller/uVXU3InAfRY/U7AuPXdEBQAJ) +* [gpu: kmalloc size WARNING in vga_arb_write](https://groups.google.com/d/msg/syzkaller/To4N4VWHTNU/k-5QDrk_BQAJ) +* [net/rfkill: WARNING in rfkill_fop_read](https://groups.google.com/d/msg/syzkaller/hijZUVUav8E/7tjnCAM-BQAJ) +* [sound: use-after-free in _snd_timer_stop](https://groups.google.com/d/msg/syzkaller/DjSwFNnJZn8/flxXWywRBQAJ) +* [net/irda: use-after-free in ircomm_param_request](https://groups.google.com/d/msg/syzkaller/p_WWX0G_UXQ/zGKfw04DBQAJ) +* [net/sctp: out-of-bounds access in sctp_add_bind_addr](https://groups.google.com/d/msg/syzkaller/BhOYz2ZBraw/-k3iDvD8BAAJ) +* [ext4: BUG: scheduling while atomic in ext4_commit_super](https://groups.google.com/d/msg/syzkaller/vIc3Dz_TTRI/dBNrj2G3BAAJ) +* [sound: WARNING in snd_rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/NJZR4sUggm8/ld5OCVu2BAAJ) +* [floppy: GPF in floppy_rb0_cb](https://groups.google.com/d/msg/syzkaller/AWXjFnnBN_s/RyzWTaKrBAAJ) +* [tty: kmalloc size WARNING in vc_do_resize](https://groups.google.com/d/msg/syzkaller/ufjvr5j0URo/6PSRe7mlBAAJ) +* [mm: WARNING in __delete_from_page_cache](https://groups.google.com/d/msg/syzkaller/w41UMMBPWRo/dyQTUcGjBAAJ) +* [sound: WARNING in snd_seq_oss_synth_cleanup](https://groups.google.com/d/msg/syzkaller/vfGuMIyOw1E/9-UwD5SiBAAJ) +* [sound: deadlock between snd_rawmidi_kernel_open/snd_seq_port_connect](https://groups.google.com/d/msg/syzkaller/T33gMP-856o/EyGhSkagBAAJ) +* [net: GPF in netlink_getsockbyportid](https://groups.google.com/d/msg/syzkaller/VlgAydM9Zu4/ts6sdhVuBAAJ) +* [fs: use-after-free in link_path_walk](https://groups.google.com/d/msg/syzkaller/t2QMO6N5F8s/MuY0RQ4tBAAJ) +* [fs: sandboxed process brings host down](https://groups.google.com/d/msg/syzkaller/gCyxNiVGGds/WP27JlAoBAAJ) +* [net: use-after-free in recvmmsg](https://groups.google.com/d/msg/syzkaller/amvYsa-I8yE/YRHrDOAmBAAJ) +* [struct pid memory leak](https://groups.google.com/d/msg/syzkaller/j7ld8eOG1OQ/7IJSStAUBAAJ) +* [net: WARNING in dccp_set_state](https://groups.google.com/d/msg/syzkaller/kWaUYryuwSY/9jbwNyRlAwAJ) +* [mm: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in split_huge_page_to_list](https://groups.google.com/d/msg/syzkaller/zezMs3b7Vsc/Vo-6bujTAgAJ) +* [sound: BUG in snd_ctl_find_numid](https://groups.google.com/d/msg/syzkaller/rc3dZwnu5ZI/uRWvc2XUAgAJ) +* [net: GPF in __netlink_ns_capable](https://groups.google.com/forum/#!topic/syzkaller/daN8eU9ttSg) +* [crypto: slab-out-of-bounds in skcipher_recvmsg](https://groups.google.com/d/msg/syzkaller/VBcr-fy-t0w/KJo9r0r5AQAJ) +* [net: hang in ip_finish_output](https://groups.google.com/d/msg/syzkaller/OM7CXieBCoY/etzvFPX3AQAJ) +* [kvm: access to invalid memory in mmu_zap_unsync_children](https://groups.google.com/d/msg/syzkaller/4wAzRPswgQ8/IWGjISZQFQAJ) +* [kvm: using uninitialized var in tdp_page_fault](https://groups.google.com/d/msg/syzkaller/4u4EokUaq8U/jEkM-ZZQFQAJ) +* [sound: spinlock lockup in sound/core/timer.c](https://groups.google.com/d/msg/syzkaller/bbtG9_h1ONU/CPLblMC6FAAJ) +* [sound: GPF in snd_timer_user_params](https://groups.google.com/d/msg/syzkaller/pGyQMx7Fq84/Kzzp1yytFAAJ) +* [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/_jsbNkayw7w/vbivwMWsFAAJ) +* [sound: use-after-free in snd_timer_user_ioctl](https://groups.google.com/d/msg/syzkaller/9mIp43V-OS8/uCHNBiSsFAAJ) +* [crypto: use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/GdqfroKSD8Q/goTM-tyiFAAJ) +* [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/d/msg/syzkaller/wB2VUZcQRkE/NlNJBvybFAAJ) +* [net: WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/tDe2SCAzirE/ar2v6cZQFAAJ) +* [sound: use-after-free in snd_timer_stop](https://groups.google.com/d/msg/syzkaller/IAjJAaJOHZg/s1Ud2wVPFAAJ) +* [sound: GPF in snd_seq_fifo_clear](https://groups.google.com/d/msg/syzkaller/KbVqGu3WcPs/dYdSgjVOFAAJ) +* [crypto: ablk_decrypt causes BUG in scatterwalk](https://groups.google.com/d/msg/syzkaller/J5BIP1NxPVc/V5RQhCRMFAAJ) +* [kvm: GPF in native_set_debugreg](https://groups.google.com/d/msg/syzkaller/E_simxTrAxM/K70SOr4wEwAJ) +* [kvm: GPF in kvm_lapic_latched_init](https://groups.google.com/d/msg/syzkaller/Sw8voIm9wN4/AV_6rPsvEwAJ) +* [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/qING1Xy24JY/v9sxuVErEwAJ) +* [kvm: vmalloc allocation failure in kvm_vm_ioctl](https://groups.google.com/d/msg/syzkaller/K47NvuAAPz4/PO9mb4c4EwAJ) +* [kvm: vmalloc allocation failure in kvm_vcpu_ioctl_set_cpuid](https://groups.google.com/d/msg/syzkaller/58wqKq6iCXk/qQsxAH8pEwAJ) +* [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/tYgkwrDQjkg/jTllLeYmEwAJ) +* [kvm: WARNING in exception_type](https://groups.google.com/d/msg/syzkaller/NVYxVRSPan4/WCVzMTImEwAJ) +* [mm: possible deadlock in mm_take_all_locks](https://groups.google.com/d/msg/syzkaller/AxduklbKrfc/VQ2r5VQqEwAJ) +* [net/nfc: GPF in llcp_sock_getname](https://groups.google.com/d/msg/syzkaller/uj-hx-eBQ28/KCztJ2z6EAAJ) +* [net/netlink: memory leak in netlink_sendmsg](https://groups.google.com/d/msg/syzkaller/UUAHYw5MtjA/JEEHUuykEAAJ) +* [net/tipc: memory leak in tipc_release](https://groups.google.com/d/msg/syzkaller/5-GmaFy2BUI/Z1RBMsigEAAJ) +* [memory leak in lapb_create_cb](https://groups.google.com/d/msg/syzkaller/A-AnLCJnfIM/TCX4G1N0EAAJ) +* [net/sctp: sctp_datamsg memory leak](https://groups.google.com/d/msg/syzkaller/hLdAYS7j_tM/rwo6p5x1EAAJ) +* [net/sctp: sock memory leak](https://groups.google.com/d/msg/syzkaller/rB_bD-M8ijs/m44UxFNzEAAJ) +* [net/nfc: user-controllable kmalloc size in nfc_llcp_send_ui_frame](https://groups.google.com/d/msg/syzkaller/D9S8Ji0HJtM/9nJc3SdTEAAJ) +* [tty: deadlock between n_tracerouter_receivebuf and flush_to_ldisc](https://groups.google.com/d/msg/syzkaller/YrV0bzdfa-g/n5Eyi6tSEAAJ) +* [crypto: use-after-free in alg_bind](https://groups.google.com/d/msg/syzkaller/exVfK_05eqU/hszZrHwjEAAJ) +* [crypto: deadlock in alg_setsockopt](https://groups.google.com/d/msg/syzkaller/t3fOIUvQRR0/Xf8Jw9sdEAAJ) +* [crypto: use-after-free in rng_recvmsg](https://groups.google.com/d/msg/syzkaller/4Ivvjq4KGhM/EbQX8Ze_DwAJ) +* [use-after-free in skcipher_bind](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/iFcu_0R8DgAJ) +* [9p: sleeping function called from invalid context in v9fs_vfs_atomic_open_dotl](https://groups.google.com/d/msg/syzkaller/1YncbDVfdow/JudLnO49DgAJ) +* [fs: WARNING in locks_free_lock_context](https://groups.google.com/d/msg/syzkaller/AxzCz8bJPko/A6iFq0IsDgAJ) +* [net: user-controllable kmalloc size in __sctp_setsockopt_connectx](https://groups.google.com/d/msg/syzkaller/mv8Iaz0oHAs/b3dwSCD9DQAJ) +* [GPF in gf128mul_64k_bbe](https://groups.google.com/d/msg/syzkaller/BIjLNIO1g7k/6FTkQpFcDAAJ) +* [use-after-free in hash_sock_destruct](https://groups.google.com/d/msg/syzkaller/XSCcDfuj3Cw/cplfjIlcDAAJ) +* [GPF in lrw_crypt](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ) +* [bad page state due to PF_ALG socket](https://groups.google.com/d/msg/syzkaller/OEaEMF5cRpc/AyYAGndcDAAJ) +* [use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/Oi2d1GRRnPY/rbZZ5lZcDAAJ) +* [use-after-free in sixpack_close](https://groups.google.com/d/msg/syzkaller/QRZjzAzG0wg/pvnCAZNWDAAJ) +* [net: heap-out-of-bounds in sock_setsockopt](https://groups.google.com/d/msg/syzkaller/5J4lQcwp0x4/ATAqYNZ0CwAJ) +* [BUG_ON(!PageLocked(page)) in munlock_vma_page](https://groups.google.com/d/msg/syzkaller/8KEw1_E05zs/-HzQwaQlCwAJ) +* [perf: stalls in perf_install_in_context/perf_remove_from_context](https://groups.google.com/d/msg/syzkaller/NyMvU8ClQEM/7PjQ1csQCwAJ) +* [Information leak in sco_sock_bind](https://groups.google.com/d/msg/syzkaller/L2DGhEYtnQo/e0pj2sQpCwAJ) CVE-2015-8575 +* [Information leak in llcp_sock_bind/llcp_raw_sock_bind](https://groups.google.com/d/msg/syzkaller/DHI06NjAnBw/02kKZKYnCwAJ) +* [Information leak in pptp_bind](https://groups.google.com/d/msg/syzkaller/fSqTaDjzcIo/HGa4cGi6CgAJ) +* [use-after-free in pptp_connect](https://groups.google.com/d/msg/syzkaller/w238o__gw7M/RrGhpOJ0CgAJ) +* [GPF in keyctl](https://bugzilla.redhat.com/show_bug.cgi?id=1290370) CVE-2015-7550 +* [another use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/RQu4vcQ-CQAJ) +* [use-after-free in inet6_destroy_sock](https://groups.google.com/d/msg/syzkaller/u1NA-bgkR18/cMqpYl09CQAJ) +* [WARNING in crypto_wait_for_test](https://groups.google.com/d/msg/syzkaller/WZWajo0A2J4/K93w98fkCAAJ) +* [int overflow in io_getevents](https://groups.google.com/d/msg/syzkaller/UldJpka5MbA/riM5IbqTCAAJ) +* [use-after-free in ip6_xmit](https://groups.google.com/d/msg/syzkaller/YpU1_PMV_gU/FmLVGHqTCAAJ) +* [use-after-free in __perf_install_in_context](https://groups.google.com/d/msg/syzkaller/3Tk4BmoHxIk/x-EOZH_HBwAJ) +* [undefined shift in __bpf_prog_run](https://groups.google.com/d/msg/syzkaller/H7o2oz9CcKg/uzaiF7eqBwAJ) +* [signed integer overflow in ktime_add_safe](https://groups.google.com/d/msg/syzkaller/1R5FD_PtR1A/dVv99hGqBwAJ) +* [jump label: negative count!](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/hCg9HfHjDgAJ) +* [memory leak in alloc_huge_page](https://groups.google.com/d/msg/syzkaller/zg4TVSy6Ri8/qs99M-bJDwAJ) +* [memory leak in do_ipv6_setsockopt](https://groups.google.com/d/msg/syzkaller/xWavbbgt0qg/SpY86JLEDwAJ) +* [heap out-of-bounds access in array_map_update_elem](https://groups.google.com/d/msg/syzkaller/5NHTQ3U60-s/Xlnq60JwDwAJ) +* [deadlock in perf_ioctl](https://groups.google.com/d/msg/syzkaller/pOiDJIU5zI4/UXIsO9BrDwAJ) +* [user-controllable kmalloc size in bpf syscall](https://groups.google.com/d/msg/syzkaller/vhm-Av765TY/VzjC4zMqDwAJ) +* [net: use after free in ip6_make_skb](https://groups.google.com/d/msg/syzkaller/Pa8ovVaYL9c/Mw32fULmDgAJ) +* [user-controllable kmalloc size in sctp_getsockopt_local_addrs](https://groups.google.com/d/msg/syzkaller/WWpkIGBC0ts/kpMmnYfZDgAJ) +* [use-after-free in ip6_setup_cork](https://groups.google.com/d/msg/syzkaller/fHZ42YrQM-Y/Z4Xf-BbUDgAJ) +* [gigaset: freeing an active object](https://groups.google.com/d/msg/syzkaller/bOJJJcbKtjM/IGkN5ZyTDgAJ) +* [Freeing active kobject in pps_device_destruct](https://groups.google.com/forum/#!topic/syzkaller/rueDAZYv5v0) +* [GPF in process_one_work (flush_to_ldisc)](https://groups.google.com/d/msg/syzkaller/z3WIRnS2q9g/_TXY3LBBDgAJ) +* [use-after-free in tty_check_change](https://groups.google.com/d/msg/syzkaller/PGnPGgljA8A/5yfiRls1DgAJ) +* [WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/vlk-2b1hAVQ/JpkM7K36DQAJ) +* [use-after-free in irtty_open](https://groups.google.com/d/msg/syzkaller/foW6EoJnc9Y/q0gKZ3f3DQAJ) +* [use-after-free in sock_wake_async](https://groups.google.com/forum/#!topic/syzkaller/IjAetA6uvIc) +* [WARNING in handle_mm_fault](https://groups.google.com/forum/#!topic/syzkaller/o8VqvYNEu_I) +* [WARNING in gsm_cleanup_mux](https://groups.google.com/d/msg/syzkaller/zAvZnQBWGac/IPU35GyYDQAJ) +* [use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/UWs4GxGUDQAJ) +* [yet another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/Jy08esFVw9k) +* [GPF in add_key](https://bugzilla.redhat.com/show_bug.cgi?id=1284059) +* [another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/sjA9DrBQviw) +* [deadlock during fuseblk shutdown](https://groups.google.com/forum/#!topic/syzkaller/w-B4OeANKu8) +* [tty,net: use-after-free in x25_asy_open_tty](https://groups.google.com/d/msg/syzkaller/kYOghurchCg/aVg9hBBpDAAJ) +* [deadlock between tty_write and tty_send_xchar](https://groups.google.com/forum/#!topic/syzkaller/X12P_8jITAM) +* [WARNING in shmem_evict_inode](https://groups.google.com/forum/#!topic/syzkaller/HeT_3b2HIrs) +* [Deadlock between setsockopt/getsockopt](https://groups.google.com/forum/#!topic/syzkaller/46AwIkaOclk) +* [Deadlock between bind and splice](https://groups.google.com/forum/#!topic/syzkaller/HSofF04GVCA) +* [Use-after-free in ipv4_conntrack_defrag](https://groups.google.com/forum/#!topic/syzkaller/k62o6Fiu124) +* [Use-after-free in selinux_ip_postroute_compat](https://groups.google.com/forum/#!topic/syzkaller/eu-3LPXgdok) +* [Use-after-free in unshare](https://patchwork.ozlabs.org/patch/539061/) +* [GPF in tcp_sk_init/icmp_sk_init](https://patchwork.ozlabs.org/patch/539018/) +* [lockdep warning in ip_mc_msfget](https://groups.google.com/forum/#!topic/syzkaller/ScMRWhgAsbM) +* [WARNING in task_participate_group_stop](https://groups.google.com/forum/#!topic/syzkaller/p5ailXs8eEc) +* [Resource leak in unshare](https://groups.google.com/forum/#!topic/syzkaller/cdJvHvazRJk) +* [Paging fault with hard IRQs disabled in getsockopt](https://groups.google.com/forum/#!topic/syzkaller/AegFEboavHM) +* [Unkillable processes due to PTRACE_TRACEME](https://groups.google.com/forum/#!msg/syzkaller/uGzwvhlCXAw/E-cfY2ejAgAJ) +* [Use-after-free in ep_remove_wait_queue](https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8) CVE-2013-7446 +* [GPF in shm_lock](https://groups.google.com/forum/#!topic/syzkaller/4jVzR278N9k) +* [GPF in rt6_uncached_list_flush_dev](https://groups.google.com/forum/#!topic/syzkaller/XmcaDo9DnSg) +* [Infinite loop in ip6_fragment](https://groups.google.com/forum/#!topic/syzkaller/PoD9yGkY1y8) +* [Uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/zfuHHRXL7Zg) +* [GPF in keyring_destroy](https://groups.google.com/forum/#!topic/syzkaller/E2DRBbUDEg8) [CVE-2015-7872](https://bugzilla.redhat.com/show_bug.cgi?id=1272371) diff --git a/docs/found_bugs_usb.md b/docs/linux/found_bugs_usb.md index c06ea4686..c06ea4686 100644 --- a/docs/found_bugs_usb.md +++ b/docs/linux/found_bugs_usb.md diff --git a/docs/linux_kernel_configs.md b/docs/linux/kernel_configs.md index 8c54ccbf1..8c54ccbf1 100644 --- a/docs/linux_kernel_configs.md +++ b/docs/linux/kernel_configs.md diff --git a/docs/linux_kernel_reporting_bugs.md b/docs/linux/reporting_kernel_bugs.md index fe4004c06..16e24a9ac 100644 --- a/docs/linux_kernel_reporting_bugs.md +++ b/docs/linux/reporting_kernel_bugs.md @@ -9,7 +9,7 @@ Many kernel mailing lists reject HTML formatted messages, so use the plain text Bugs without reproducers are way less likely to be triaged and fixed. If the bug is reproducible, include the reproducer (C source if possible, otherwise a syzkaller program) and the `.config` you used for your kernel. -If the reprocucer is available only in the form of a syzkaller program, please link [the instructions on how to execute them](executing_syzkaller_programs.md) in your report. +If the reprocucer is available only in the form of a syzkaller program, please link [the instructions on how to execute them](/docs/executing_syzkaller_programs.md) in your report. Check that the reproducer works if you run it manually. Syzkaller tries to simplify the reproducer, but the result might not be ideal. You can try to simplify or annotate the reproducer manually, that greatly helps kernel developers to figure out why the bug occurs. diff --git a/docs/setup_generic.md b/docs/linux/setup.md index 0eba3f4da..7c5fffef1 100644 --- a/docs/setup_generic.md +++ b/docs/linux/setup.md @@ -11,7 +11,7 @@ The following components are needed to use syzkaller: Generic steps to set up syzkaller are described below. -If you encounter any troubles, check the [troubleshooting](troubleshooting.md) page. +If you encounter any troubles, check the [troubleshooting](/docs/troubleshooting.md) page. ### C Compiler @@ -25,7 +25,7 @@ KCOV was committed upstream in Linux kernel version 4.6 and can be enabled by co For older kernels you need to backport commit [kernel: add kcov code coverage](https://github.com/torvalds/linux/commit/5c9a8750a6409c63a0f01d51a9024861022f6593). To enable more syzkaller features and improve bug detection abilities, it's recommended to use additional config options. -See [this page](linux_kernel_configs.md) for details. +See [this page](kernel_configs.md) for details. ### VM Setup @@ -67,4 +67,4 @@ Then, run `go get -u -d github.com/google/syzkaller/...` to checkout syzkaller s Then, `cd $GOPATH/src/github.com/google/syzkaller` and build with `make`, which generates compiled binaries in the `bin/` folder. Note: if you want to do cross-OS/arch testing, you need to specify `TARGETOS`, -`TARGETVMARCH` and `TARGETARCH` arguments to `make`. See the [Makefile](../Makefile) for details. +`TARGETVMARCH` and `TARGETARCH` arguments to `make`. See the [Makefile](/Makefile) for details. diff --git a/docs/setup_linux-host_android-device_arm64-kernel.md b/docs/linux/setup_linux-host_android-device_arm64-kernel.md index ed6dd4d91..7d37c2ff0 100644 --- a/docs/setup_linux-host_android-device_arm64-kernel.md +++ b/docs/linux/setup_linux-host_android-device_arm64-kernel.md @@ -31,4 +31,4 @@ $ NDK=/path/to/android/ndk make TARGETOS=android TARGETARCH=arm64 - Start `syz-manager -config adb.cfg` as usual. If you get issues after `syz-manager` starts, consider running it with the `-debug` flag. -Also see [this page](troubleshooting.md) for troubleshooting tips and [Building a Pixel kernel with KASAN+KCOV](https://source.android.com/devices/tech/debug/kasan-kcov) for kernel build/boot instructions. +Also see [this page](/docs/troubleshooting.md) for troubleshooting tips and [Building a Pixel kernel with KASAN+KCOV](https://source.android.com/devices/tech/debug/kasan-kcov) for kernel build/boot instructions. diff --git a/docs/setup_linux-host_isolated.md b/docs/linux/setup_linux-host_isolated.md index 218f5b63e..9a02d893a 100644 --- a/docs/setup_linux-host_isolated.md +++ b/docs/linux/setup_linux-host_isolated.md @@ -38,7 +38,7 @@ Code coverage works better when KASLR Is disabled too: In most scenarios, you should use an ssh key to connect to the target machine. The isolated configuration supports ssh keys as described in the generic -[setup](setup_generic.md). +[setup](setup.md). If you cannot use an ssh key, you should configure your manager machine to reuse existing ssh connections. @@ -110,4 +110,4 @@ Run syzkaller manager: ``` If you get issues after `syz-manager` starts, consider running it with the `-debug` flag. -Also see [this page](troubleshooting.md) for troubleshooting tips. +Also see [this page](/docs/troubleshooting.md) for troubleshooting tips. diff --git a/docs/setup_linux-host_qemu-vm_arm64-kernel.md b/docs/linux/setup_linux-host_qemu-vm_arm64-kernel.md index 8dc0a4e73..e6f54bbfe 100644 --- a/docs/setup_linux-host_qemu-vm_arm64-kernel.md +++ b/docs/linux/setup_linux-host_qemu-vm_arm64-kernel.md @@ -151,4 +151,4 @@ A sample config file that exercises the required options are shown below. Modify At this point, you should be able to visit `localhost:56700` and view the results of the fuzzing. If you get issues after `syz-manager` starts, consider running it with the `-debug` flag. -Also see [this page](troubleshooting.md) for troubleshooting tips. +Also see [this page](/docs/troubleshooting.md) for troubleshooting tips. diff --git a/docs/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md b/docs/linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md index 9ab761475..efb07a771 100644 --- a/docs/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md +++ b/docs/linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md @@ -184,7 +184,7 @@ index 9576775a86f6..8bc4eb36fc1b 100644 ifeq ($(call cc-option, $(CFLAGS_KASAN_MINIMAL) -Werror),) ``` -Configure the kernel (you might wan't to enable more configs as listed [here](linux_kernel_configs.md)): +Configure the kernel (you might wan't to enable more configs as listed [here](kernel_configs.md)): ``` bash make defconfig # Edit .config to enable the following configs: @@ -323,4 +323,4 @@ Now start syzkaller: ``` If you get issues after `syz-manager` starts, consider running it with the `-debug` flag. -Also see [this page](troubleshooting.md) for troubleshooting tips. +Also see [this page](/docs/troubleshooting.md) for troubleshooting tips. diff --git a/docs/setup_ubuntu-host_qemu-vm_x86-64-kernel.md b/docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md index dc5211e1b..067d2776b 100644 --- a/docs/setup_ubuntu-host_qemu-vm_x86-64-kernel.md +++ b/docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md @@ -78,7 +78,7 @@ CONFIG_KASAN=y CONFIG_KASAN_INLINE=y ``` -You might also want to enable some other kernel configs as described [here](linux_kernel_configs.md). +You might also want to enable some other kernel configs as described [here](kernel_configs.md). Since enabling these options results in more sub options being available, we need to regenerate config. Run this and press enter each time when prompted for some config value to leave it as default: ``` bash @@ -239,4 +239,4 @@ Run syzkaller manager: Now syzkaller should be running, you can check manager status with your web browser at `127.0.0.1:56741`. If you get issues after `syz-manager` starts, consider running it with the `-debug` flag. -Also see [this page](troubleshooting.md) for troubleshooting tips. +Also see [this page](/docs/troubleshooting.md) for troubleshooting tips. diff --git a/docs/linux/troubleshooting.md b/docs/linux/troubleshooting.md new file mode 100644 index 000000000..be9b0fc91 --- /dev/null +++ b/docs/linux/troubleshooting.md @@ -0,0 +1,32 @@ +# Troubleshooting + +Here are some things to check if there are problems running syzkaller. + + - Check that QEMU can successfully boot the virtual machine. For example, + if `IMAGE` is set to the VM's disk image (as per the `image` config value) + and `KERNEL` is set to the test kernel (as per the `kernel` config value) + then something like the following command should start the VM successfully: + + ```qemu-system-x86_64 -hda $IMAGE -m 256 -net nic -net user,host=10.0.2.10,hostfwd=tcp::23505-:22 -enable-kvm -kernel $KERNEL -append root=/dev/sda``` + + - Check that inbound SSH to the running virtual machine works. For example, with + a VM running and with `SSHKEY` set to the SSH identity (as per the `sshkey` config value) the + following command should connect: + + ```ssh -i $SSHKEY -p 23505 root@localhost``` + + - Check that the `CONFIG_KCOV` option is available inside the VM: + - `ls /sys/kernel/debug # Check debugfs mounted` + - `ls /sys/kernel/debug/kcov # Check kcov enabled` + - Build the test program from `Documentation/kcov.txt` and run it inside the VM. + + - Check that debug information (from the `CONFIG_DEBUG_INFO` option) is available + - Pass the hex output from the kcov test program to `addr2line -a -i -f -e $VMLINUX` (where + `VMLINUX` is the vmlinux file, as per the `vmlinux` config value), to confirm + that symbols for the kernel are available. + +Also see [this](/docs/troubleshooting.md) for generic troubleshooting advice. + +If none of the above helps, file a bug on [the bug tracker](https://github.com/google/syzkaller/issues) +or ask us directly on the syzkaller@googlegroups.com mailing list. +Please include syzkaller commit id that you use and `syz-manager` output with `-debug` flag enabled if applicable. diff --git a/docs/setup.md b/docs/setup.md index d02209b35..d06887bfa 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -1,13 +1,13 @@ # How to install syzkaller -Generic setup instructions are outlined [here](setup_generic.md). +Generic setup instructions for fuzzing Linux kernel are outlined [here](linux/setup.md). Instructions for a particular VM or kernel arch can be found on these pages: -- [Setup: Ubuntu host, QEMU vm, x86-64 kernel](setup_ubuntu-host_qemu-vm_x86-64-kernel.md) -- [Setup: Ubuntu host, Odroid C2 board, arm64 kernel](setup_ubuntu-host_odroid-c2-board_arm64-kernel.md) -- [Setup: Linux host, QEMU vm, arm64 kernel](setup_linux-host_qemu-vm_arm64-kernel.md) -- [Setup: Linux host, Android device, arm64 kernel](setup_linux-host_android-device_arm64-kernel.md) -- [Setup: Linux isolated host](setup_linux-host_isolated.md) +- [Setup: Ubuntu host, QEMU vm, x86-64 kernel](linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md) +- [Setup: Ubuntu host, Odroid C2 board, arm64 kernel](linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md) +- [Setup: Linux host, QEMU vm, arm64 kernel](linux/setup_linux-host_qemu-vm_arm64-kernel.md) +- [Setup: Linux host, Android device, arm64 kernel](linux/setup_linux-host_android-device_arm64-kernel.md) +- [Setup: Linux isolated host](linux/setup_linux-host_isolated.md) After following these instructions you should be able to run `syz-manager`, see it executing programs and be able to access statistics exposed at `http://127.0.0.1:56741`: diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index ed6e66186..bd705ee38 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -2,29 +2,6 @@ Here are some things to check if there are problems running syzkaller. - - Check that QEMU can successfully boot the virtual machine. For example, - if `IMAGE` is set to the VM's disk image (as per the `image` config value) - and `KERNEL` is set to the test kernel (as per the `kernel` config value) - then something like the following command should start the VM successfully: - - ```qemu-system-x86_64 -hda $IMAGE -m 256 -net nic -net user,host=10.0.2.10,hostfwd=tcp::23505-:22 -enable-kvm -kernel $KERNEL -append root=/dev/sda``` - - - Check that inbound SSH to the running virtual machine works. For example, with - a VM running and with `SSHKEY` set to the SSH identity (as per the `sshkey` config value) the - following command should connect: - - ```ssh -i $SSHKEY -p 23505 root@localhost``` - - - Check that the `CONFIG_KCOV` option is available inside the VM: - - `ls /sys/kernel/debug # Check debugfs mounted` - - `ls /sys/kernel/debug/kcov # Check kcov enabled` - - Build the test program from `Documentation/kcov.txt` and run it inside the VM. - - - Check that debug information (from the `CONFIG_DEBUG_INFO` option) is available - - Pass the hex output from the kcov test program to `addr2line -a -i -f -e $VMLINUX` (where - `VMLINUX` is the vmlinux file, as per the `vmlinux` config value), to confirm - that symbols for the kernel are available. - - Use the `-debug` command line option to make syzkaller print all possible debug output, from both the `syz-manager` top-level program and the `syz-fuzzer` instances. With this option syzkaller will only run one VM instance. @@ -44,6 +21,8 @@ Here are some things to check if there are problems running syzkaller. In this case, running the `syz-execprog` test with the `-sandbox=setuid` option fixes the problem, so the main configuration needs to be updated to set `sandbox` to `setuid`. +Also see [this](linux/troubleshooting.md) for Linux kernel specific troubleshooting advice. + If none of the above helps, file a bug on [the bug tracker](https://github.com/google/syzkaller/issues) or ask us directly on the syzkaller@googlegroups.com mailing list. Please include syzkaller commit id that you use and `syz-manager` output with `-debug` flag enabled if applicable. diff --git a/docs/usage.md b/docs/usage.md index e639258ed..6925c233a 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -29,7 +29,7 @@ In case syzkaller only generated a syzkaller program, there's [a way to execute ## Reporting bugs -Check [here](linux_kernel_reporting_bugs.md) for the instructions on how to report Linux kernel bugs. +Check [here](linux/reporting_kernel_bugs.md) for the instructions on how to report Linux kernel bugs. ## Other |