path: root/docs/linux/found_bugs.md

# Found bugs

Most latest bugs are reported by [syzbot](/docs/syzbot.md) and are listed [here](https://groups.google.com/forum/#!forum/syzkaller-bugs) and on the [dashboard](https://syzkaller.appspot.com/upstream).
Additional USB bugs are [here](/docs/linux/found_bugs_usb.md).

_newer first_
* [KASAN: use-after-free Read in screen_glyph_unicode](https://groups.google.com/g/syzkaller/c/114zHXgUIxc/m/HDakO4aDAQAJ)
* [KASAN: use-after-free Read in vc_do_resize](https://groups.google.com/g/syzkaller/c/YxdMWhGfeWw/m/P9bVFhNNBgAJ)
* [KASAN: use-after-free in usb_hcd_unlink_urb](https://groups.google.com/g/syzkaller/c/TVhdYRmqdvU/m/dRD7Rat9IQAJ)
* [KASAN: slab-out-of-bounds Read in gadget_dev_desc_UDC_store](https://groups.google.com/g/syzkaller/c/p-eayxoLmWA/m/x12xTwhwAgAJ)
* [KASAN: use-after-free Write in snd_rawmidi_kernel_write1](https://groups.google.com/g/syzkaller/c/GzOkkJGH6iY/m/2TTi8tdCAAAJ)
* [KASAN: use-after-free Write in config_item_get](https://groups.google.com/g/syzkaller/c/TzmTYZVXk_Q/m/TfFqRdJ4AQAJ)
* [KASAN: use-after-free Read in f_hidg_poll](https://groups.google.com/g/syzkaller/c/-WXXWIlZBu0/m/uhWv9RmMAgAJ)
* [KASAN: use-after-free Read in printer_ioctl](https://groups.google.com/g/syzkaller/c/-e8qjq9mmUk/m/KYZy8SqkAgAJ)
* [KASAN: null-ptr-deref Read in tty_wakeup](https://groups.google.com/g/syzkaller/c/BNzyjDzkYms/m/p9WwoUCpAwAJ)
* [KASAN: use-after-free in afs_wake_up_async_call](https://groups.google.com/g/syzkaller/c/Km3HYdzI7Ng/m/tpC-0d8EBAAJ)
* [KASAN: use-after-free Read in gs_flush_chars](https://groups.google.com/g/syzkaller/c/CtuIx6aFPDE/m/jK9d4529BQAJ)
* [kernel BUG at net/core/skbuff.c](https://lkml.org/lkml/2017/10/2/181)
* [io_uring: avoid page allocation warnings](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4ef647510b1200fe1c996ff1cbf5ac47eb930cc)
* [io_uring: free allocated io_memory once](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52e04ef4c9d459cba3afd86ec335a411b40b7fd2)
* [io_uring: fix SQPOLL cpu validation](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=975554b03eddc1df73bda3a764a09e18cadd5f1c)
* [locks: use-after-free in perf_trace_lock_acquire](https://bugzilla.kernel.org/show_bug.cgi?id=205705) [CVE-2019-19769](https://nvd.nist.gov/vuln/detail/CVE-2019-19769)
* [cirrusfb: divide errors in cirrusfb_check_var/cirrusfb_check_pixclock/cirrusfb_set_par_foo](https://groups.google.com/forum/#!topic/syzkaller/_utQWPf5qeY)
* [floppy: fix out-of-bounds read in copy_buffer](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da99466ac243f15fbba65bd261bfc75ffa1532b6)
* [floppy: fix invalid pointer dereference in drive_name](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b04609b784027968348796a18f601aed9db3789)
* [floppy: fix out-of-bounds read in next_valid_format](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5635f897ed83fd539df78e98ba69ee91592f9bb8)
* [floppy: fix div-by-zero in setup_format_params](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f3554aeb991214cbfafd17d55e2bfddb50282e32)
* [bpf: BPF_PROG_TEST_RUN leads to unkillable process](https://groups.google.com/d/msg/syzkaller/EmqpzlOL164/loUGe070FwAJ)
* [timer_settime leads to unkillable process](https://groups.google.com/d/msg/syzkaller/Q6t7TCcN630/ep3J4BT1FwAJ)
* [UBSAN: Undefined behaviour in drivers/scsi/sr_ioctl.c](https://groups.google.com/d/msg/syzkaller/lfupcWLvlmI/ts9ut9LyEwAJ)
* [KASAN: use-after-free Read in ata_scsi_mode_select_xlat](https://groups.google.com/d/msg/syzkaller/PSlmJbCdKF0/tasiCXl4AgAJ)
* [UBSAN: Undefined behaviour in fs/f2fs/extent_cache.c](https://groups.google.com/d/msg/syzkaller/oAhUsPAO4RI/rivMjuUOCgAJ)
* [UBSAN: Undefined behaviour in drivers/input/misc/uinput.c](https://groups.google.com/d/msg/syzkaller/i64-4xzd-Cs/wJRiNri8CQAJ)
* [general protection fault in spk_ttyio_ldisc_close](https://groups.google.com/d/msg/syzkaller/4VJ9u48qxyc/IrT0N35uDAAJ)
* [rtnetlink: give a user socket to get_target_net()](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee) [CVE-2018-14646](https://nvd.nist.gov/vuln/detail/CVE-2018-14646)
* [tipc: NULL deref in tipc_net_finalize](https://groups.google.com/d/msg/syzkaller/qhg9Gg9cFuY/I-HrdjEICAAJ)
* [Kernel crash at i2cdev_ioctl_rdwr in drivers/i2c/i2c-dev.c](https://groups.google.com/d/msg/syzkaller/YuPOpeuGIKU/oXnZkgmqBgAJ)
* [UBSAN: Undefined behaviour in drivers/input/mousedev.c](https://groups.google.com/d/msg/syzkaller/8A-G6SaGOHQ/vsR3aWLKAwAJ)
* [UBSAN: Undefined behaviour in mm/page_alloc.c](https://groups.google.com/d/msg/syzkaller/STYtgfG49IQ/5g0L0b77BAAJ)
* [WARNING in pkt setup dev](https://groups.google.com/d/msg/syzkaller/jQsAxlSpvCU/xFab0v1wBAAJ)
* [UBSAN: Undefined behaviour in drivers/net/ppp/ppp_generic.c](https://groups.google.com/d/msg/syzkaller/xwZC0Njopck/FiU9Z-rRAgAJ)
* [KASAN: use-after-free Read in raw_cmd_done](https://groups.google.com/d/msg/syzkaller/wylZT5uD_xw/dTiar3qVBgAJ)
* [KMSAN: uninit-value in selinux_socket_bind, selinux_socket_connect_helper](https://groups.google.com/d/msg/syzkaller/elP9WpfcVbY/JHhEmU4BBwAJ)
* [UBSAN: Undefined behaviour in drivers/block/floppy.c](https://groups.google.com/d/msg/syzkaller/eB8DFhbjLyI/4lSR84IiBQAJ)
* [net: BUG still has locks held in unix_stream_splice_read](https://groups.google.com/d/msg/syzkaller/q_BUZHm-Nug/Y0o4RfDJBQAJ)
* [general protection fault in sockfs_setattr](https://groups.google.com/d/msg/syzkaller/y4V_gr5sjsE/GRA81a6EAQAJ) [CVE-2018-12232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12232)
* [KASAN: slab out of bounds Write in __jfs_setxattr](https://lkml.org/lkml/2018/6/1/829) [CVE-2018-12233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12233)
* [RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPslogin ](https://patchwork.kernel.org/patch/10274675/)
* [KASAN: use-after-free Read in set_page_dirty_lock](https://groups.google.com/forum/#!topic/syzkaller/w-u4MXthFoI)
* [System freeze and NULL pointer dereference](https://groups.google.com/d/msg/syzkaller-bugs/LxPlUEk62IA/OIfFWHr_AgAJ)
* [RDS: WARNING in rds_recv_hs_exthdrs](https://groups.google.com/d/msg/syzkaller/TTR-hlzVO1I/T7ncQ3xjAQAJ)
* [RDS: slab-out-of-bounds Read in rds_rdma_extra_size](https://groups.google.com/d/msg/syzkaller/VxPgmfL9H8k/PJxhMJZiAQAJ)
* [netfilter: fix out-of-bounds accesses in clusterip_tg_check()](https://groups.google.com/d/msg/syzkaller/uyndMVk770k/TXIlWssrAwAJ)
* [net: hang in unregister_netdevice: waiting for lo to become free](https://groups.google.com/d/msg/syzkaller/-06_laheMF0/xqezy58kAwAJ)
* [scsi: sg: assorted memory corruptions](https://groups.google.com/d/msg/syzkaller/9RNr9Gu0MyY/Yyry-0XBDgAJ)
* [kcm: memory leak in kcm_sendmsg](https://groups.google.com/d/msg/syzkaller/3wdPAXqqABY/i-OgV10gDwAJ)
* [AF_KEY: memory leak in key_notify_policy](https://groups.google.com/d/msg/syzkaller/j6H7dPEQv-s/A-ADSd8gDwAJ)
* [sctp: memory leak in sctp_endpoint_init](https://groups.google.com/d/msg/syzkaller/rz5CvX4rTFA/PUCYbwEiDwAJ)
* [tipc: memory leak in tipc_nl_node_get_link](https://groups.google.com/d/msg/syzkaller/6nCOXX58sKw/J91ioe4iDwAJ)
* [tun: memory leak in tun_set_iff](https://groups.google.com/d/msg/syzkaller/ZuubuAQpne0/sSjnZfojDwAJ)
* [net/8021q: memory leak in register_vlan_dev](https://groups.google.com/d/msg/syzkaller/bFkAaOcP-SI/9MSok8IlDwAJ)
* [net: memory leak in socket](https://groups.google.com/d/msg/syzkaller/DMV3fSoKyR0/biGHOQQlDwAJ)
* [scsi: memory leak in sg_start_req](https://groups.google.com/d/msg/syzkaller/GVR3rFTzQzo/kGvdqZgcDwAJ)
* [sunrpc: infinite unkillable console spam in xs_tcp_setup_socket](https://groups.google.com/d/msg/syzkaller/DJmtkqwLCZg/mHJPAJHTAQAJ)
* [fs: possible deadlock in do_iter_write/do_splice](https://groups.google.com/forum/#!topic/syzkaller/f72L3fPD8sY)
* [net/ipv6: warning in __alloc_pages_slowpath/ipip6_tunnel_get_prl](https://groups.google.com/forum/#!topic/syzkaller/VtONA6oTiio)
* [net/ipv6: GPF in rt6_ifdown](https://groups.google.com/forum/#!topic/syzkaller/dQ0r_bHOrJk)
* [net/ipv4: trying to register non-static key in ip_mc_clear_src](https://groups.google.com/forum/#!topic/syzkaller/E60_ya1wNxs)
* [net/can: trying to register non-static key in can_rx_register](https://groups.google.com/forum/#!topic/syzkaller/to2Or4lUrTU)
* [net: general protection fault in deactivate_slab](https://groups.google.com/forum/#!topic/syzkaller/k_Q4h-RPzkQ)
* [net/ipv4: use-after-free in add_grec](https://groups.google.com/forum/#!topic/syzkaller/dlHu8uuZWfg)
* [net/ipv6: use-after-free in ip6_dst_ifdown](https://groups.google.com/forum/#!topic/syzkaller/ZJaqAiFLe3k)
* [tty: possible deadlock in tty_buffer_flush](https://groups.google.com/forum/#!topic/syzkaller/PXe_ekNtIZ8)
* [net/ipv6: general protection fault in skb_release_data](https://groups.google.com/forum/#!topic/syzkaller/e3I2c8X2oWo) CVE-2017-9242
* [drivers/net/hamradio: divide error in hdlcdrv_ioctl](https://groups.google.com/forum/#!topic/syzkaller/Uwy36npUcBQ)
* [tty: fix port buffer locking](https://lkml.org/lkml/2017/5/11/118)
* [kvm: warning in kvm_load_guest_fpu](https://groups.google.com/forum/#!topic/syzkaller/OSNJfH8rNPE)
* [drivers/scsi: GPF in sg_read](https://groups.google.com/forum/#!topic/syzkaller/FqYh6Jks6h0)
* [net/ipv4: use-after-free in ip_mc_drop_socket](https://groups.google.com/forum/#!topic/syzkaller/y3_fsYmwdio) CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077
* [net/ipv6: GPF in rt6_device_match](https://groups.google.com/forum/#!topic/syzkaller/PbCfeuGSoNI)
* [x86: warning: kernel stack regs has bad 'bp' value](https://groups.google.com/forum/#!topic/syzkaller/HQl-x5dWJ9Q)
* [net/key: slab-out-of-bounds in pfkey_compile_policy](https://groups.google.com/forum/#!topic/syzkaller/MHjh-tJo_wE)
* [net/ipv6: warning in inet6_ifa_finish_destroy](https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw)
* [net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu](https://groups.google.com/forum/#!topic/syzkaller/OhkhEez1z1A)
* [net/ipv6: slab-out-of-bounds in ip6_tnl_xmit](https://groups.google.com/forum/#!topic/syzkaller/Wr3dZWAO8vw)
* [net/rose: null-ptr-deref in rose_route_frame](https://groups.google.com/forum/#!topic/syzkaller/RWKRCxpbS90)
* [time: hang due to timer_create/timer_settime](https://groups.google.com/forum/#!topic/syzkaller/355tWdc8oHY)
* [net/core: BUG in unregister_netdevice_many](https://groups.google.com/forum/#!topic/syzkaller/3zsXPUh-KzU)
* [net/xfrm: stack-out-of-bounds in xfrm_state_find](https://groups.google.com/forum/#!topic/syzkaller/WA6MdAfCYS0)
* [net/bonding: stack-out-of-bounds in bond_enslave](https://groups.google.com/forum/#!topic/syzkaller/IDoQHFmrnRI)
* [net: ipv6: RTF_PCPU should not be settable from userspace](https://www.spinics.net/lists/netdev/msg430947.html)
* [fs/notify/inotify: slab-out-of-bounds write in strcpy](https://groups.google.com/d/msg/syzkaller/ecGeXh44M50/r7OSshSOCAAJ) [CVE-2017-7533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533)
* [net/ipv6: slab-out-of-bounds read in seg6_validate_srh](https://groups.google.com/forum/#!topic/syzkaller/U3NMWDD16PM)
* [kernel BUG at mm/hugetlb.c:742!](https://lkml.org/lkml/2017/4/10/1154)
* [net/key: slab-out-of-bounds in parse_ipsecrequests](https://groups.google.com/forum/#!topic/syzkaller/vG7Cyfx-mvU)
* [net/ipv4: use-after-free in ipv4_datagram_support_cmsg](https://groups.google.com/forum/#!topic/syzkaller/F79HOk-4RhA)
* [net/ipv4: use-after-free in ip_queue_xmit](https://groups.google.com/forum/#!topic/syzkaller/X6L7h46rDsw)
* [net: use-after-free in __ns_get_path](https://groups.google.com/forum/#!topic/syzkaller/Vnf3aEG-wqY)
* [net/ipv4: use-after-free in ip_check_mc_rcu](https://groups.google.com/forum/#!topic/syzkaller/6q5nFux7N2E)
* [net/ipv6: use-after-free in ipv6_sock_ac_close](https://groups.google.com/forum/#!topic/syzkaller/z4Y96bFyq7I)
* [net/ipv4: use-after-free in ipv4_mtu](https://groups.google.com/forum/#!topic/syzkaller/UAjEGZoiAF4)
* [net/dccp: BUG in tfrc_rx_hist_sample_rtt](https://groups.google.com/forum/#!topic/syzkaller/inWmASLpo8Q)
* [net/sctp: list double add warning in sctp_endpoint_add_asoc](https://groups.google.com/forum/#!topic/syzkaller/6_LZGvwjzcA)
* [kvm: use-after-free in srcu_reschedule](https://groups.google.com/d/msg/syzkaller/Sl0POwca6-s/QR_z6AsFCQAJ)
* [ata: WARNING in ata_bmdma_qc_issue](https://groups.google.com/d/msg/syzkaller/Hy5yHjgOri8/0fhs94QXCAAJ)
* [net/sched: GPF in qdisc_hash_add](https://groups.google.com/d/msg/syzkaller/--acxHx5yyo/WsS4Yw7PBwAJ)
* [sg: random memory corruptions](https://groups.google.com/d/msg/syzkaller/wWn_oXRfN7Y/kgtLfy_OBwAJ)
* [fs: GPF in deactivate_locked_super](https://groups.google.com/d/msg/syzkaller/xLJUOccIV48/4yXIAfnIBwAJ)
* [loop: WARNING in sysfs_remove_group](https://groups.google.com/d/msg/syzkaller/nq6tjrQLVo4/IL-lxLHIBwAJ)
* [lib, fs, cgroup: WARNING in percpu_ref_kill_and_confirm](https://groups.google.com/d/msg/syzkaller/sT2NZaIfP_E/B15roGnIBwAJ)
* [ata: WARNING in ata_qc_issue](https://groups.google.com/d/msg/syzkaller/r1iGG9w4a9U/l6FkC0HGBwAJ)
* [security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode](https://groups.google.com/d/msg/syzkaller/GLiqkLgHpc8/RzD3JUTFBwAJ)
* [netlink: NULL timer crash](https://groups.google.com/d/msg/syzkaller/drVyP4zu3SM/yPx2taTEBwAJ)
* [kvm: use-after-free function call in kvm_io_bus_destroy](https://groups.google.com/d/msg/syzkaller/1zn_juvw7Fk/BAqe32_DBwAJ)
* [sound: use-after-free in snd_seq_cell_alloc](https://groups.google.com/d/msg/syzkaller/ZXLFJniQJJE/menSWN_CBwAJ)
* [usb: use-after-free write in usb_hcd_link_urb_to_ep](https://groups.google.com/d/msg/syzkaller/v5ra3_AduC4/8-43yozCBwAJ)
* [net/kcm: double free of kcm inode](https://groups.google.com/d/msg/syzkaller/CFYuMediESc/L31CuijCBwAJ)
* [crypto: out-of-bounds write in pre_crypt](https://groups.google.com/d/msg/syzkaller/ivRlyW1WX10/3M9rSuC9BwAJ)
* [security: double-free in superblock_doinit](https://groups.google.com/d/msg/syzkaller/AXrX3E0YOsg/dvcctKm8BwAJ)
* [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/gBu_q0nPy9o/r3QmSIO6BwAJ)
* [tcp: fix potential double free issue for fastopen_req](https://www.spinics.net/lists/netdev/msg422971.html)
* [net/udp: slab-out-of-bounds Read in udp_recvmsg](https://groups.google.com/d/msg/syzkaller/K6CC1usBuWs/6aYxL79BBQAJ)
* [net: deadlock between ip_expire/sch_direct_xmit](https://groups.google.com/d/msg/syzkaller/e-2ANaCu2fk/zvSg0l4DBQAJ)
* [srcu: BUG in __synchronize_srcu](https://groups.google.com/forum/#!topic/syzkaller/2WSsltbI5Z8)
* [net/sctp: recursive locking in sctp_do_peeloff](https://groups.google.com/d/msg/syzkaller/5NY7KjBKgA0/nMm6k7bwEQAJ)
* [kvm: WARNING in vmx_handle_exit](https://groups.google.com/d/msg/syzkaller/D01HuY1tDhc/UIeC8eXfDQAJ)
* [futex: use-after-free in futex_wait_requeue_pi](https://groups.google.com/d/msg/syzkaller/MrJ5ckRkQBI/pXjdOFztEQAJ)
* [kvm/arm64: use-after-free in kvm_vm_ioctl/vmacache_update](https://groups.google.com/forum/#!topic/syzkaller/QUhNm5patag)
* [kvm/arm64: use-after-free in kvm_unmap_hva_handler/unmap_stage2_pmds](https://groups.google.com/forum/#!topic/syzkaller/Hk9R17J-2tA)
* [local privilege escalation flaw in n_hdlc](http://seclists.org/oss-sec/2017/q1/569) CVE-2017-2636
* [netlink: GPF in netlink_unicast](https://groups.google.com/d/msg/syzkaller/AN-WbVHU0hw/iMmJEUSbEAAJ)
* [perf: use-after-free in perf_release](https://groups.google.com/d/msg/syzkaller/_P-SyZtwVXk/RhO-VB2YEAAJ)
* [net/ipv6: null-ptr-deref in ip6mr_sk_done](https://groups.google.com/forum/#!topic/syzkaller/H8hyTRfCClI)
* [bpf: kernel NULL pointer dereference in map_get_next_key](https://groups.google.com/d/msg/syzkaller/nyr1SaxHfyo/gp21-xhaEAAJ)
* [crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex](https://groups.google.com/d/msg/syzkaller/jtz84qFQ_3s/vzFV8YhaEAAJ)
* [kvm: use-after-free in vmx_check_nested_events/vmcs12_guest_cr0](https://groups.google.com/d/msg/syzkaller/_e1uwkRRVfk/CqEIKj9SEAAJ)
* [sound: another deadlock in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/GAUhiTjyDfI/XcIntncQEAAJ)
* [rcu: WARNING in rcu_seq_end](https://groups.google.com/d/msg/syzkaller/M4UEuqSTMR8/JoEPLtQOEAAJ)
* [fs: use-after-free in path_lookupat](https://groups.google.com/d/msg/syzkaller/_8MZkKL2-QU/PA0q5XULEAAJ)
* [ucount: use-after-free read in inc_ucount & dec_ucount](https://groups.google.com/d/msg/syzkaller/xB_UphO1T7w/me1WddQAEAAJ)
* [net/ipv4: division by 0 in tcp_select_window](https://groups.google.com/d/msg/syzkaller/TFH8rl8yTrU/9PzPjkfHDwAJ)
* [net: heap out-of-bounds in fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone](https://groups.google.com/d/msg/syzkaller/3SS80JbVPKA/2tfIAcW7DwAJ)
* [mm: use-after-free in zap_page_range](https://groups.google.com/d/msg/syzkaller/-e9ZYxL9zts/6ip-8FK5DwAJ)
* [net/kcm: use-after-free in kcm_wq](https://groups.google.com/d/msg/syzkaller/c_jOLx9FEgk/nz2PJROtDwAJ)
* [idr: use-after-free write in ida_get_new_above](https://groups.google.com/d/msg/syzkaller/23J2nN6syEE/gFFk_xSsDwAJ)
* [sg: stack out-of-bounds write in sg_write](https://groups.google.com/d/msg/syzkaller/fvvhyYQHiT8/UOnInaajDwAJ) CVE-2017-7187
* [cgroup: WARNING in cgroup_kill_sb](https://groups.google.com/d/msg/syzkaller/pWKI4ZQeOoI/SmTmQEF8DwAJ)
* [net/rds: use-after-free in rds_find_bound/memcmp](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/kgQVbjjXDgAJ)
* [net: sleeping function called from invalid context in net_enable_timestamp](https://groups.google.com/d/msg/syzkaller/k5qJRYKqIgQ/EfJBkqwvDwAJ)
* [net: use-after-free in neigh_timer_handler/sock_wfree](https://groups.google.com/d/msg/syzkaller/2REBGTmpSTE/pT95olUuDwAJ)
* [net/sctp: use-after-free in sctp_association_put](https://groups.google.com/d/msg/syzkaller/AA_hWiHcgrs/4lIAQ94tDwAJ)
* [fs: use-after-free in userfaultfd_exit](https://groups.google.com/d/msg/syzkaller/Uu0ZwFPrmu8/WRWYCC8sDwAJ)
* [net/ipv4: inconsistent lock state in tcp_conn_request/inet_ehash_insert](https://groups.google.com/forum/#!topic/syzkaller/OnwnEEhZap8)
* [net/ipv4: suspicious RCU usage in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/FwCYiR7JDwAJ)
* [net/ipv4: deadlock in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/jZyjMMgRDwAJ)
* [net/dccp: dccp_create_openreq_child freed held lock](https://groups.google.com/d/msg/syzkaller/0jXubCbCmeQ/OXoQEjgODwAJ)
* [nested_vmx_merge_msr_bitmap](https://groups.google.com/d/msg/syzkaller/2631gzzWnA4/jm91h6HeDgAJ)
* [ipc: use-after-free in shm_get_unmapped_area](https://groups.google.com/d/msg/syzkaller/Kv2bIHYA8N8/kZqVCqXaDgAJ)
* [sounds: deadlocked processed in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/ZARHLaXAmYQ/eSfeP-HVDgAJ)
* [net/atm: vcc_sendmsg calls kmem_cache_alloc in non-blocking context](https://groups.google.com/d/msg/syzkaller/5gb5kxihtps/oy4pVZ3SDgAJ)
* [ata: WARNING in ata_sff_qc_issue](https://groups.google.com/d/msg/syzkaller/0v1qHkmM-VU/6InmOLvPDgAJ)
* [net/rds: use-after-free in inet_create](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/s46xtB7PDgAJ)
* [mm: fault in __do_fault](https://groups.google.com/d/msg/syzkaller/CRQxZS4nck0/6DD2SyfODgAJ)
* [kvm: WARNING in nested_vmx_vmexit](https://groups.google.com/d/msg/syzkaller/w3EBRlb2h6s/GdIi_y3IDgAJ)
* [net: GPF in rt6_nexthop_info](https://groups.google.com/d/msg/syzkaller/AMyOvIrf--c/RB-mpPjFDgAJ)
* [sound: spinlock lockup in snd_timer_user_tinterrupt](https://groups.google.com/d/msg/syzkaller/3efGwZt0nLI/pPt4WoGVDgAJ)
* [mm: GPF in bdi_put](https://groups.google.com/d/msg/syzkaller/ixaSKtOoO7k/UjxnRr2JDgAJ)
* [net/sctp: use-after-free in sctp_hash_transport](https://groups.google.com/forum/#!topic/syzkaller/Ew5hrZI7Obs)
* [net/bridge: warning in br_fdb_find](https://groups.google.com/forum/#!topic/syzkaller/d9XyhdJXwa0)
* [net/ipv6: null-ptr-deref in ip6_route_del/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/gEoL2QX519c)
* [net: possible deadlock in skb_queue_tail](https://groups.google.com/forum/#!topic/syzkaller/XEp_9K8FmIM)
* [DCCP double-free vulnerability (local root)](http://seclists.org/oss-sec/2017/q1/471) CVE-2017-6074
* [net: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/QwkU6JMkjBg)
* [net/pptp: use-after-free in dst_release](https://groups.google.com/forum/#!topic/syzkaller/ZR9QP3JNE18)
* [net/udp: slab-out-of-bounds in udp_recvmsg/do_csum](https://groups.google.com/forum/#!topic/syzkaller/vCUAq86bJaA) CVE-2017-6347
* [WARNING in skb_warn_bad_offload](https://patchwork.ozlabs.org/patch/722135/)
* [tty: panic in tty_ldisc_restore](https://groups.google.com/d/msg/syzkaller/ty5IhaYWVp8/aTN_hZ8qBQAJ)
* [net: BUG in __skb_gso_segment](https://groups.google.com/forum/#!topic/syzkaller/wLAp3HzIXSo)
* [net/dccp: use-after-free in dccp_feat_activate_values](https://groups.google.com/forum/#!topic/syzkaller/hyM_oK9QOXU)
* [net/kcm: GPF in kcm_sendmsg](https://groups.google.com/d/msg/syzkaller/8YB3cFmKRqs/DYu7vJiCCAAJ)
* [net/xfrm: stack out-of-bounds in xfrm_flowi_sport](https://groups.google.com/d/msg/syzkaller/J2qVz4ZJpPg/Fw0QURWBCAAJ)
* [net/llc: BUG in llc_sap_state_process/skb_set_owner_r](https://groups.google.com/forum/#!topic/syzkaller/c1SOlcflXz8) CVE-2017-6345
* [net/llc: bug in llc_pdu_init_as_xid_cmd/skb_over_panic](https://groups.google.com/forum/#!topic/syzkaller/mVs8KWoW4d8)
* [net/packet: use-after-free in packet_rcv_fanout](https://groups.google.com/d/msg/syzkaller/nOwR6_b4rmw/ocp21bZBBwAJ)
* [net: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in skb_array_produce](https://groups.google.com/d/msg/syzkaller/eHfRFbBg4LE/stDU3KYyBwAJ)
* [net/ipv4: null-ptr-deref in udp_rmem_release/sk_memory_allocated_sub](https://groups.google.com/forum/#!topic/syzkaller/8BMdxIXdH4g)
* [net/sctp: null-ptr-deref in sctp_put_port/sctp_endpoint_destroy](https://groups.google.com/forum/#!topic/syzkaller/S79Ss7ZUje8)
* [net/ipv4: warning in nf_nat_ipv4_fn](https://groups.google.com/forum/#!topic/syzkaller/5VxeBb85Ddg)
* [net/ipv6: double free in ipip6_dev_free](https://groups.google.com/d/msg/syzkaller/ZN9Ihlsum_s/4UuXXmn1BgAJ)
* [sound: use-after-free in snd_seq_queue_alloc](https://groups.google.com/d/msg/syzkaller/dhaTlAjxHVs/TXyPrX_nBgAJ)
* [loop: divide error in transfer_xor](https://groups.google.com/d/msg/syzkaller/1f1ziDbOTiQ/cFC0_wfnBgAJ)
* [net/xfrm: use of uninit spinlock in xfrm_policy_flush](https://groups.google.com/d/msg/syzkaller/vp1neyeoA8A/Is8aPdrpBgAJ)
* [mm: double-free in cgwb_bdi_init](https://groups.google.com/d/msg/syzkaller/tIx42qCVklk/fh0qjUboBgAJ)
* [packet: round up linear to header len](http://patchwork.ozlabs.org/patch/725335/)
* [net/icmp: null-ptr-deref in ping_v4_push_pending_frames](https://groups.google.com/forum/#!topic/syzkaller/DYyq0NyEY4g)
* [net/kcm: WARNING in kcm_write_msgs](https://groups.google.com/d/msg/syzkaller/vsh_MSFHizg/Uf-GzB1UBgAJ)
* [tcp: avoid infinite loop in tcp_splice_read()](https://www.mail-archive.com/netdev@vger.kernel.org/msg151936.html) CVE-2017-6214
* [tun: read vnet_hdr_sz once](http://patchwork.ozlabs.org/patch/723964/)
* [macvtap: read vnet_hdr_size once](http://patchwork.ozlabs.org/patch/723965/)
* [udp: properly cope with csum errors](https://patchwork.ozlabs.org/patch/724263/)
* [ipv6: tcp: add a missing tcp_v6_restore_cb()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756)
* [ip6_gre: fix ip6gre_err() invalid reads](https://patchwork.ozlabs.org/patch/724187/) CVE-2017-5897
* [ipv4: keep skb->dst around in presence of IP options](https://patchwork.ozlabs.org/patch/724136/) CVE-2017-5970
* [net: use a work queue to defer net_disable_timestamp() work](https://patchwork.ozlabs.org/patch/723251/)
* [netlabel: out of bound access in cipso_v4_validate()](https://patchwork.ozlabs.org/patch/723457/)
* [ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()](https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git/+/63117f09c768be05a0bf465911297dc76394f686)
* [net: heap out-of-bounds in ip6_fragment](https://groups.google.com/d/msg/syzkaller/zakUQXz8ums/lNcDLtARBQAJ) CVE-2017-9074
* [tcp: fix 0 divide in __tcp_select_window()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=06425c308b92eaf60767bc71d359f4cbc7a561f8)
* [keys: GPF in request_key](https://groups.google.com/d/msg/syzkaller/As2A-xeNp0g/eu50sRnKBAAJ)
* [net/tcp: warning in tcp_try_coalesce/skb_try_coalesce](https://groups.google.com/forum/#!topic/syzkaller/oeZW04VAQBM)
* [crypto: NULL deref in sha512_mb_mgr_get_comp_job_avx2](https://groups.google.com/d/msg/syzkaller/4nGqh82OL7g/0lU1zpp-BAAJ)
* [sound: unable to handle kernel paging request snd_seq_prioq_cell_out](https://groups.google.com/d/msg/syzkaller/wn-_0zA8ka4/kLB6BSR0BAAJ)
* [scsi: BUG in scsi_init_io](https://groups.google.com/d/msg/syzkaller/p2MBG9oRNdo/4MxGbWFwBAAJ)
* [mm: sleeping function called from invalid context shmem_undo_range](https://groups.google.com/d/msg/syzkaller/j8Zj72bs2xE/HjPk2dduBAAJ)
* [timerfd: use-after-free in timerfd_remove_cancel](https://groups.google.com/d/msg/syzkaller/bryiI66Pxxg/78NqwMhBBAAJ)
* [scsi: use-after-free in sg_start_req](https://groups.google.com/d/msg/syzkaller/Nft7hrE_CyM/QvEjMuUcBAAJ)
* [mm: deadlock between get_online_cpus/pcpu_alloc](https://groups.google.com/d/msg/syzkaller/G40CCUkkyDE/9Y3u-rXfAwAJ)
* [BUG at net/sctp/socket.c:7425](https://groups.google.com/d/msg/syzkaller/V2WPJ1BiXs0/-NO5Yea3AwAJ)
* [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/UHiABsxXVaI/lQQ36P5eAwAJ)
* [net: suspicious RCU usage in nf_hook](https://groups.google.com/d/msg/syzkaller/9876JHd_awE/xqvU9HFeAwAJ)
* [kvm: fix page struct leak in handle_vmon](https://www.spinics.net/lists/kernel/msg2428945.html) CVE-2017-2596
* [ipv6: fix ip6_tnl_parse_tlv_enc_lim()](https://patchwork.ozlabs.org/patch/718842/)
* [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/ZXcevV8NAgAJ)
* [perf: use-after-free in perf_event_for_each](https://groups.google.com/d/msg/syzkaller/UjDJeCgt3_M/xsv0cLUKAgAJ)
* [net: use-after-free in tw_timer_handler](https://groups.google.com/d/msg/syzkaller/p1tn-_Kc6l4/smuL_FMAAgAJ)
* [namespace: deadlock in dec_pid_namespaces](https://groups.google.com/d/msg/syzkaller/uhFVBGnXzHQ/-kZya8AdAQAJ)
* [sctp: kernel memory overwrite attempt detected in sctp_getsockopt_assoc_stats](https://groups.google.com/d/msg/syzkaller/Ok2fotcCSsg/10Tak7X0EQAJ)
* [kvm: deadlock in kvm_vgic_map_resources](https://groups.google.com/d/msg/syzkaller/7E0b8H0nJm8/-aoPnGW_EAAJ)
* [net/atm: warning in alloc_tx/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/3WJGPLm6FmQ)
* [net/ipv6: use-after-free in sock_wfree](https://groups.google.com/forum/#!topic/syzkaller/BhyN5OFd7sQ)
* [kvm: kvm: BUG in loaded_vmcs_init](https://groups.google.com/d/msg/syzkaller/VrcANKRU3iQ/KdZDHdIiDwAJ)
* [kvm: NULL deref in vcpu_enter_guest](https://groups.google.com/d/msg/syzkaller/6V-KXaMDYi8/rOvBl-69DAAJ)
* [kvm: use-after-free in complete_emulated_mmio](https://groups.google.com/d/msg/syzkaller/-Pl63SQ63FA/pYO4cRkUDAAJ) CVE-2017-2584
* [kvm: BUG in kvm_unload_vcpu_mmu](https://groups.google.com/d/msg/syzkaller/VbGoa1nALVw/x7hPnUMXDAAJ)
* [x86: warning in unwind_get_return_address](https://groups.google.com/forum/#!topic/syzkaller/BQBlYH-dNNM)
* [ipc: BUG: sem_unlock unlocks non-locked lock](https://groups.google.com/d/msg/syzkaller/u_ldPlYJSxk/Iu6CmEmlCAAJ)
* [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/HOkydz_bBwAJ)
* [sctp: suspicious rcu_dereference_check() usage in sctp_epaddr_lookup_transport](https://groups.google.com/d/msg/syzkaller/4V6zHuGzYuM/sLQkIJTVBwAJ)
* [kvm: use-after-free in process_srcu](https://groups.google.com/d/msg/syzkaller/i48YZ8mwePY/0PQ8GkQTBwAJ)
* [kvm: assorted bugs after OOMs](https://groups.google.com/d/msg/syzkaller/ytVPh93HLnI/KhZdengZBwAJ)
* [kvm: deadlock between kvm_io_bus_register_dev/kvm_hv_set_msr_common](https://groups.google.com/d/msg/syzkaller/KYU8Ru7P2wo/fHM0gbuUBgAJ)
* [netlink: GPF in netlink_dump](https://groups.google.com/d/msg/syzkaller/wXVYTkQqmeM/KJFTDTE2BgAJ)
* [fs, net: deadlock between bind/splice on af_unix](https://groups.google.com/d/msg/syzkaller/E3_YC5Ac-dY/Wr42pcVBBgAJ)
* [net: use-after-free in worker_thread](https://groups.google.com/forum/#!topic/syzkaller/RCnXAyhFBZs)
* [net: signed overflows in SO_{SND|RCV}BUFFORCE sockopts](https://groups.google.com/forum/#!topic/syzkaller/rXpw5jXjGBM) CVE-2016-9793 CVE-2012-6704
* [net/can: warning in raw_setsockopt/__alloc_pages_slowpath](https://groups.google.com/forum/#!topic/syzkaller/6ceFXDer0ik)
* [net/ipv6: null-ptr-deref in ip6_rt_cache_alloc](https://groups.google.com/forum/#!topic/syzkaller/ryLwIsiKnmA)
* [net/dccp: use-after-free in dccp_invalid_packet](https://groups.google.com/forum/#!topic/syzkaller/5uW1cV_WjIQ)
* [net/sctp: vmalloc allocation failure in sctp_setsockopt/xt_alloc_table_info](https://groups.google.com/forum/#!topic/syzkaller/TMlGTPkIlFU)
* [net: BUG in unix_notinflight](https://groups.google.com/d/msg/syzkaller/4PFR0zm8JdU/XIGam5-dAgAJ)
* [net: GPF in eth_header](https://groups.google.com/d/msg/syzkaller/GFbGpX7nTEo/96LNG7KbAgAJ) CVE-2016-9755
* [net: deadlock on genl_mutex](https://groups.google.com/d/msg/syzkaller/-YGhBYeg8Ew/jf9uD0maAgAJ)
* [net: GPF in rt6_get_cookie](https://groups.google.com/d/msg/syzkaller/3uDn6P5bwzA/gdzgPxeYAgAJ)
* [netlink: GPF in sock_sndtimeo](https://groups.google.com/d/msg/syzkaller/R_KZuzEDLeg/SkANc-yVAgAJ)
* [scsi: use-after-free in bio_copy_from_iter](https://groups.google.com/d/msg/syzkaller/Ut8nZJIJoEs/lhPdzXlSAgAJ) CVE-2016-9576
* [net/udp: bug in skb_pull_rcsum](https://groups.google.com/forum/#!topic/syzkaller/fVj7UJ6nOow)
* [net/icmp: null-ptr-deref in icmp6_send](https://groups.google.com/forum/#!topic/syzkaller/exfKDuH5sLI) CVE-2016-9919
* [net/can: use-after-free in bcm_rx_thr_flush](https://groups.google.com/forum/#!topic/syzkaller/1kM2GFIzSBU)
* [kvm: slab-out-of-bounds write in __apic_accept_irq](https://groups.google.com/d/msg/syzkaller/YWVsTBlRljk/xMwrqdOgCAAJ) CVE-2016-9777
* [mm: BUG in pgtable_pmd_page_dtor](https://groups.google.com/d/msg/syzkaller/JGNtVzSymvw/6VbQla2gCAAJ)
* [logfs: GPF in logfs_alloc_inode](https://groups.google.com/d/msg/syzkaller/jj5WiCBNDh4/tYlsqCegCAAJ)
* [mm, floppy: unkillable task faulting on fd0](https://groups.google.com/d/msg/syzkaller/v6X8nr-XMqY/AKvXMjqdCAAJ)
* [kvm: deadlock between kvm_vm_ioctl_get_dirty_log/kvm_hv_set_msr_common/kvm_create_pit](https://groups.google.com/d/msg/syzkaller/AMBA62hsVnQ/vtH4SEeoBwAJ)
* [kvm: WARNING in em_jmp_far](https://groups.google.com/d/msg/syzkaller/vlC9IzBqaEs/S5sZl9ejBwAJ) CVE-2016-9756
* [kvm: WARNING in rtc_status_pending_eoi_check_valid](https://groups.google.com/d/msg/syzkaller/WuAv_qE8dI8/jJd6E3ClBwAJ)
* [kvm: GPF in kvm_ioapic_set_irq](https://groups.google.com/d/msg/syzkaller/yOvg84HBx6E/6db4LE6jBwAJ)
* [mm: BUG in munlock_vma_pages_range](https://groups.google.com/d/msg/syzkaller/YrHKOMostEc/3Arq3dCiBwAJ)
* [kvm: WARNING in kvm_arch_vcpu_ioctl_run](https://groups.google.com/d/msg/syzkaller/24wCim9x3mI/RoV24W5yBwAJ)
* [kvm: use-after-free/GPF in kvm_irq_delivery_to_apic_fast](https://groups.google.com/d/msg/syzkaller/sue3X3IQanU/ypLWfHTpBgAJ)
* [kvm: out-of-bounds write in __rtc_irq_eoi_tracking_restore_one](https://groups.google.com/d/msg/syzkaller/8IXfmLUSkbA/8bbm6hbqBgAJ)
* [kvm: BUG in pte_list_remove](https://groups.google.com/d/msg/syzkaller/IqkesiRS-t0/aLcJuMXqBgAJ)
* [kvm: recursive lock in kvm_clear_async_pf_completion_queue](https://groups.google.com/d/msg/syzkaller/dGfcd0P7J-E/XD0h8n_rBgAJ)
* [kvm: WARNING in em_ret_far](https://groups.google.com/d/msg/syzkaller/o5ZftARBhrs/r1ivQ-HtBgAJ)
* [kvm: GPF in irqfd_shutdown/eventfd_ctx_remove_wait_queue](https://groups.google.com/d/msg/syzkaller/Zubs2yePdiY/svec5qrtBgAJ)
* [kvm: GPF in gfn_to_rmap](https://groups.google.com/d/msg/syzkaller/sHBCmfktDGg/dAhz7M7vBgAJ)
* [kvm: paging fault in kvm_gfn_to_hva_cache_init](https://groups.google.com/d/msg/syzkaller/ETU_E6Sc-rk/-iWFPpTwBgAJ)
* [kvm: suspicious RCU usage/missed lock in kvm_lapic_set_vapic_addr](https://groups.google.com/d/msg/syzkaller/Zw7Usg-FnDQ/QvHU6P69BgAJ)
* [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/NKlClJzOOww/zX1sXW24BgAJ)
* [kvm: WARNING in kvm_load_guest_fpu](https://groups.google.com/d/msg/syzkaller/PeDBKPqz19o/VckGWlW0BgAJ)
* [kvm: GPF in kvm_pic_set_irq](https://groups.google.com/d/msg/syzkaller/T4ZFHqpmwKM/V_X9W8awBgAJ)
* [kvm: GPF in irq_bypass_unregister_consumer](https://groups.google.com/d/msg/syzkaller/Dz__GySpVr8/UQ5kpdWrBgAJ)
* [kvm: GPF in __get_kvmclock_ns](https://groups.google.com/d/msg/syzkaller/A5cpi35KlkQ/a35IrBmoBgAJ)
* [kvm: WARNING In kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/1qxx4nU4hpE/qJlIQcWtBgAJ)
* [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/F3xBpkDRAiE/jdmpOIKtBgAJ)
* [tcp: take care of truncations done by sk_filter()](https://patchwork.ozlabs.org/patch/693484/)
* [net/l2tp: use-after-free write in l2tp_ip6_close](https://groups.google.com/forum/#!topic/syzkaller/rXbAbqydmsw)
* [net/sctp: null-ptr-deref in sctp_inet_listen](https://groups.google.com/forum/#!topic/syzkaller/rngiXb8aNVk)
* [net/tcp: warning in tcp_recvmsg](https://groups.google.com/forum/#!topic/syzkaller/xpNRe_86Dog)
* [net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/BTjwhbtc9QE)
* [bpf: kernel BUG in htab_elem_free](https://groups.google.com/d/msg/syzkaller/NcK5XXQA-_o/DYskkVn1AwAJ)
* [net/netlink: global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/6k-N84V-Z88)
* [net/ipv6: null-ptr-deref in inet6_bind](https://groups.google.com/forum/#!topic/syzkaller/AdbicmLlFHk)
* [net/dccp: null-ptr-deref in dccp_parse_options](https://groups.google.com/forum/#!topic/syzkaller/_vGUxJLcdKY)
* [net/dccp: null-ptr-deref in dccp_v4_rcv/selinux_socket_sock_rcv_skb](https://groups.google.com/forum/#!topic/syzkaller/nyrJEo2pUJs)
* [net/tcp: null-ptr-deref in __inet_lookup_listener/inet_exact_dif_match](https://groups.google.com/forum/#!topic/syzkaller/zfXVCzJTXzQ)
* [net/dccp: warning in dccp_feat_clone_sp_val/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/GDvJr49XK7g)
* [net/can: warning in bcm_connect/proc_register](https://groups.google.com/forum/#!topic/syzkaller/ltCQQCE44pQ)
* [net/ipv4: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/8tMiUcdWx78)
* [net/sctp: slab-out-of-bounds in sctp_sf_ootb](https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk) CVE-2016-9555
* [net/dccp: warning in dccp_set_state](https://groups.google.com/forum/#!topic/syzkaller/JdYwfv_22lA)
* [net/netlink: bad unlock balance in netlink_diag_dump](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y)
* [net/netlink: null-ptr-deref in netlink_dump/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y)
* [net/ipx: null-ptr-deref in ipxrtr_route_packet](https://groups.google.com/forum/#!topic/syzkaller/xqRSxMxPVq0)
* [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/forum/#!topic/syzkaller/W0swoIe25Eg)
* [fs: WARNING in locks_unlink_lock_ctx (not holding proper lock)](https://groups.google.com/d/msg/syzkaller/9DFicr6njUw/aaX3dVtNBQAJ)
* [kernel BUG in dio_get_page](https://groups.google.com/d/msg/syzkaller/rCCyOHJHflI/Ik7IhXWzBAAJ)
* [drm: GPF in drm_getcap](https://groups.google.com/d/msg/syzkaller/dxVHCovRzhg/7QPBBqi4BwAJ)
* [fs: GPF in bd_mount](https://groups.google.com/d/msg/syzkaller/Z7OCclqCuq0/--YUa8QrBgAJ)
* [tty, fbcon: use-after-free in fbcon_invert_region](https://groups.google.com/d/msg/syzkaller/1DU69JpJwJg/n-6V4Wr5BQAJ)
* [drm: NULL pointer dereference in drm_mode_object_find()](https://groups.google.com/d/msg/syzkaller/7kyIupsNz-c/dWIIMpJXAQAJ)
* [6pack: stack-out-of-bounds in sixpack_receive_buf](https://groups.google.com/d/msg/syzkaller/A1x5I2hxcew/DjzZX7_mBQAJ)
* [logfs: GPF in logfs_init_inode](https://groups.google.com/d/msg/syzkaller/sU52_tpOsxQ/QTmqrIjlBQAJ)
* [tty: use-after-free in n_tty_receive_buf_fast](https://groups.google.com/d/msg/syzkaller/wz0PXUAcE7g/QN-MnqnjBQAJ)
* [sound: divide by 0 in snd_hrtimer_callback (or hang)](https://groups.google.com/d/msg/syzkaller/YZDD4SOU2Lk/LwRAiknjBQAJ)
* [mm: GPF in __insert_vmap_area](https://groups.google.com/d/msg/syzkaller/dTC7VpMKBu0/Aasz9zHiBQAJ)
* [fs, tty: WARNING in devpts_get_priv](https://groups.google.com/d/msg/syzkaller/qz7_4jCFPvw/nm19yTfbBQAJ)
* [fanotify: unkillable hanged processes](https://groups.google.com/d/msg/syzkaller/kY_ml6TCm9A/wDd5fYFXBQAJ)
* [drm: GPF in drm_context_switch_complete](https://groups.google.com/d/msg/syzkaller/ZB879NphOvw/ZDzsirsgBAAJ)
* [drm: GPF in drm_legacy_lock_free](https://groups.google.com/d/msg/syzkaller/VsfDwjS-Vk8/HOxWf1cgBAAJ)
* [sound: division by 0 in snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/HOTZlap4aZ8/E9EnyqwfBAAJ)
* [perf: WARNING in perf_event_read](https://groups.google.com/d/msg/syzkaller/nQl0TADtoXc/qwp8erUdBAAJ)
* [drm: WARNING in drm_irq_by_busid](https://groups.google.com/d/msg/syzkaller/1ckoC7WPx3c/-JO150EIBAAJ)
* [dri: WARNING in idr_remove](https://groups.google.com/d/msg/syzkaller/wOfaszMuYSQ/2a5fyjkSBAAJ)
* [mm: use-after-free in collapse_huge_page](https://groups.google.com/d/msg/syzkaller/eFgUtJ_WbmM/yBQp-6QFBAAJ)
* [kcm: use-after-free in fput of kcm socket](https://groups.google.com/d/msg/syzkaller/1S98uAzWBLg/c9ANduUDBAAJ)
* [bdev: fix NULL pointer dereference in sync()/close() race](https://groups.google.com/d/msg/syzkaller/Gu28cO5tVSw/uAwLAuKrAwAJ)
* [bdev: fix NULL pointer dereference](https://groups.google.com/forum/#!topic/syzkaller/VF7tNBDWFMI)
* [BUG: sleeping function called from invalid context at mm/mempolicy.c:553](http://pastebin.com/uNQW3afN)
* [use-after-free in ppp_unregister_channel](http://review.cyanogenmod.org/#/c/145489/)
* [net/tipc: NULL-ptr dereference in tipc_nl_publ_dump](http://lists.openwall.net/netdev/2016/05/14/35)
* [HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()](https://patchwork.kernel.org/patch/8583981/)
* [mm: memory corruption on mmput](http://lists.openwall.net/linux-kernel/2016/04/17/72)
* [perf: WARNING in perf_event_read](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214159.html)
* [9p2000.L stat/unlink race (WARNING: fs/inode.c:280 drop_nlink)](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214157.html)
* [mm: page fault in __do_huge_pmd_anonymous_page](https://groups.google.com/d/msg/syzkaller/Ihm6d1NmRk8/WG-qZ6aMCQAJ)
* [usb: memory allocation WARNING in hcd_buffer_alloc](https://groups.google.com/d/msg/syzkaller/svY2Ac1RYCM/wD9pZHeJCQAJ)
* [dccp: potential deadlock in dccp_v4_ctl_send_reset](https://groups.google.com/d/msg/syzkaller/yrxEaY_QQEM/Xtx0LrSICQAJ)
* [mm: GPF in find_get_pages_tag](https://groups.google.com/d/msg/syzkaller/9XYmMfpNxCg/jl1EgpmHCQAJ)
* [mm: BUG in page_move_anon_rmap](https://groups.google.com/d/msg/syzkaller/E21YB1m9Fb4/yrj55fZZCAAJ)
* [block: GPF in get_task_ioprio](https://groups.google.com/d/msg/syzkaller/pCqmZTOvf7g/foAZqH71BwAJ)
* [tty: stall in n_tty_ioctl/inq_canon](https://groups.google.com/d/msg/syzkaller/JEOgcphr_FQ/zt5eiRfUBQAJ)
* [random: negative entropy/overflow: pool input count -40000](https://groups.google.com/d/msg/syzkaller/LvdDTS5Om_g/zJmN7RfOBQAJ)
* [bpf: use after free in array_map_alloc](http://seclists.org/oss-sec/2016/q2/332) CVE-2016-4794
* [kvm: use-after-free in kvm_irqfd_release](https://groups.google.com/d/msg/syzkaller/mLrF0hWNsA0/qN0CYvVABQAJ)
* [kvm: GPF in kvm_lapic_set_tpr](https://groups.google.com/d/msg/syzkaller/kQW1tyy6vjc/0xbWT-JABQAJ)
* [sound: use-after-free in hrtimer_cancel](https://groups.google.com/d/msg/syzkaller/HMNrvp-Dt2g/kaQMrGQEAwAJ)
* [sound: hang in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/8k7zhhEbAgAJ)
* [sound: deadlock involving snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/O852Mz3HAQAJ)
* [fs: GPF in locked_inode_to_wb_and_lock_list](https://groups.google.com/d/msg/syzkaller/XvxH3cBQ134/F0-0r3MxAAAJ)
* [x86: bad pte in pageattr_test](https://groups.google.com/d/msg/syzkaller/Fu6BruqUHOU/nuJxpW7EAwAJ)
* [tty: memory leak in tty_open](https://groups.google.com/d/msg/syzkaller/wZUev9AXzDY/Nt4ih4B7EgAJ)
* [net: memory leak due to CLONE_NEWNET](https://groups.google.com/d/msg/syzkaller/dLbu8taoWVY/w3myILDuEQAJ)
* [lockdep WARNING in get_online_cpus](https://groups.google.com/d/msg/syzkaller/MHXa-o8foyc/o-mB1L_rEQAJ)
* [mm: BUG in khugepaged_scan_mm_slot](https://groups.google.com/d/msg/syzkaller/GNB2k9vLYc4/9Cu_fy7hEQAJ)
* [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/eIjELqsnpcE/xX-R8APfEQAJ)
* [scsi: machine hang due to write to /dev/sg0](https://groups.google.com/d/msg/syzkaller/oQ3Hg-JUVKA/8zwovr9lDAAJ)
* [AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way](http://seclists.org/oss-sec/2016/q1/450)
* [sound: uninterruptible hang in snd_seq_oss_writeq_sync](https://groups.google.com/d/msg/syzkaller/bUvgnh0owos/Ps7Rep4XCAAJ)
* [fs: uninterruptible hang in handle_userfault](https://groups.google.com/d/msg/syzkaller/dSd90m_8O9w/-SAlwCUUCAAJ)
* [net: memory leak in N_6PACK driver](https://groups.google.com/d/msg/syzkaller/555eacbu6QQ/_3PGUrCbBQAJ)
* [net: memory leak in lapb_register](https://groups.google.com/d/msg/syzkaller/PqiopMXpNwU/8ChRtB6bBQAJ)
* [net: memory leak in mkiss_open](https://groups.google.com/d/msg/syzkaller/ylPCtzQr_jc/z_x_9uKaBQAJ)
* [sound: list corruption in delete_and_unsubscribe_port](https://groups.google.com/d/msg/syzkaller/XcYfdFeeyK8/R49jRCLCAwAJ)
* [kvm: GPF in kvm_pic_clear_all](https://groups.google.com/d/msg/syzkaller/FzqGSkRKwm0/h4Yz2CSBAwAJ)
* [kvm: GPF in kvm_irq_map_gsi](https://groups.google.com/d/msg/syzkaller/Rg4Y2Z6HbHI/w9zXygeAAwAJ)
* [tty: memory leak in tty_register_driver](https://groups.google.com/d/msg/syzkaller/iPxmOCKQLbU/0yLjf9x2AwAJ)
* [sound: memory leak in snd_seq_pool_init](https://groups.google.com/d/msg/syzkaller/hpzw94zvlLI/HBqrHjJzAwAJ)
* [tty: deadlock between tty_buffer_flush/n_tracesink_open](https://groups.google.com/d/msg/syzkaller/HX5NRBC8ubw/w4XgLENBAwAJ)
* [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/8PdCofDMAAAJ)
* [fs: NULL deref in atime_needs_update](https://groups.google.com/d/msg/syzkaller/0SW33jMcrXQ/7qZfeV-HAAAJ)
* [sound: spinlock lockup in snd_seq_oss_write](https://groups.google.com/d/msg/syzkaller/aSwFzmSY7Rc/zIKYuKczAAAJ)
* [net: memory leak in ip_cmsg_send](https://groups.google.com/d/msg/syzkaller/keQktFmhfBM/UDsS4tEACAAJ)
* [net/irda: BUG: looking up invalid subclass: 4294967295](https://groups.google.com/d/msg/syzkaller/RSwLEwkWag8/S2kSuPn-BwAJ) CVE-2017-6348
* [sound: use-after-free in snd_timer_start1](https://groups.google.com/d/msg/syzkaller/zF-7vhuSc9o/O89UIO3HBwAJ)
* [tty: tty_struct memory leak](https://groups.google.com/d/msg/syzkaller/ZPlLcAxOFSw/NyFyCAjIBwAJ)
* [gigaset: memory leak in gigaset_initcshw](https://groups.google.com/d/msg/syzkaller/wu3NyQ5ZJFE/sat9DwTFBwAJ)
* [sound: out-of-bounds write in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/Au60AgpecfQ/a3eWMIevBwAJ)
* [mm: uninterruptable tasks hanged on mmap_sem](https://groups.google.com/d/msg/syzkaller/6M2Z5r28UDA/nYPsJ1KIBwAJ)
* [sound: another WARNING in rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/FEjR2q-Ri-s/IXSua74aBwAJ)
* [sound: use-after-free in snd_seq_deliver_single_event](https://groups.google.com/d/msg/syzkaller/c8bhbCQP-XA/Abeq8ToXBwAJ)
* [sound: WARNING in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/BI280LemTW8/KgcuDJYWBwAJ)
* [sound: deadlock between snd_pcm_oss_write/snd_pcm_oss_mmap](https://groups.google.com/forum/#!topic/syzkaller/MlIO0DbOtsA)
* [ata: BUG in ata_sff_hsm_move](https://groups.google.com/d/msg/syzkaller/GyV2KfwtfTg/PiTmmqngBQAJ)
* [WARNING in set_restore_sigmask](https://groups.google.com/d/msg/syzkaller/unp9iTQ4IKc/bvJO8A4oBgAJ)
* [BUG: bad unlock balance detected in vma_unlock_anon_vma](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ)
* [bluetooth: use-after-free in vhci_send_frame](https://groups.google.com/d/msg/syzkaller/oWvyWrgd3M4/nAu5XTMmBgAJ)
* [mm: another VM_BUG_ON_PAGE(PageTail(page))](https://groups.google.com/d/msg/syzkaller/boW7sZ0HoYA/j8hH8-vcBQAJ)
* [scsi: NULL deref in sg_start_req](https://groups.google.com/d/msg/syzkaller/8Fg8X9iguFM/u6sUrAvcBQAJ)
* [mm: BUG in expand_downwards](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ)
* [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/YMstW6CMBQAJ)
* [WARNING in do_jobctl_trap](https://groups.google.com/d/msg/syzkaller/67Ipm9Q3dN4/Mn1ZM1pPBQAJ)
* [mm: VM_BUG_ON_PAGE(PageTail(page)) in mbind](https://groups.google.com/d/msg/syzkaller/rUdHl1uq8GU/fd2lDLFHBQAJ)
* [net/bluetooth: workqueue destruction WARNING in hci_unregister_dev](https://groups.google.com/d/msg/syzkaller/uVXU3InAfRY/U7AuPXdEBQAJ)
* [gpu: kmalloc size WARNING in vga_arb_write](https://groups.google.com/d/msg/syzkaller/To4N4VWHTNU/k-5QDrk_BQAJ)
* [net/rfkill: WARNING in rfkill_fop_read](https://groups.google.com/d/msg/syzkaller/hijZUVUav8E/7tjnCAM-BQAJ)
* [sound: use-after-free in _snd_timer_stop](https://groups.google.com/d/msg/syzkaller/DjSwFNnJZn8/flxXWywRBQAJ)
* [net/irda: use-after-free in ircomm_param_request](https://groups.google.com/d/msg/syzkaller/p_WWX0G_UXQ/zGKfw04DBQAJ)
* [net/sctp: out-of-bounds access in sctp_add_bind_addr](https://groups.google.com/d/msg/syzkaller/BhOYz2ZBraw/-k3iDvD8BAAJ)
* [ext4: BUG: scheduling while atomic in ext4_commit_super](https://groups.google.com/d/msg/syzkaller/vIc3Dz_TTRI/dBNrj2G3BAAJ)
* [sound: WARNING in snd_rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/NJZR4sUggm8/ld5OCVu2BAAJ)
* [floppy: GPF in floppy_rb0_cb](https://groups.google.com/d/msg/syzkaller/AWXjFnnBN_s/RyzWTaKrBAAJ)
* [tty: kmalloc size WARNING in vc_do_resize](https://groups.google.com/d/msg/syzkaller/ufjvr5j0URo/6PSRe7mlBAAJ)
* [mm: WARNING in __delete_from_page_cache](https://groups.google.com/d/msg/syzkaller/w41UMMBPWRo/dyQTUcGjBAAJ)
* [sound: WARNING in snd_seq_oss_synth_cleanup](https://groups.google.com/d/msg/syzkaller/vfGuMIyOw1E/9-UwD5SiBAAJ)
* [sound: deadlock between snd_rawmidi_kernel_open/snd_seq_port_connect](https://groups.google.com/d/msg/syzkaller/T33gMP-856o/EyGhSkagBAAJ)
* [net: GPF in netlink_getsockbyportid](https://groups.google.com/d/msg/syzkaller/VlgAydM9Zu4/ts6sdhVuBAAJ)
* [fs: use-after-free in link_path_walk](https://groups.google.com/d/msg/syzkaller/t2QMO6N5F8s/MuY0RQ4tBAAJ)
* [fs: sandboxed process brings host down](https://groups.google.com/d/msg/syzkaller/gCyxNiVGGds/WP27JlAoBAAJ)
* [net: use-after-free in recvmmsg](https://groups.google.com/d/msg/syzkaller/amvYsa-I8yE/YRHrDOAmBAAJ)
* [struct pid memory leak](https://groups.google.com/d/msg/syzkaller/j7ld8eOG1OQ/7IJSStAUBAAJ)
* [net: WARNING in dccp_set_state](https://groups.google.com/d/msg/syzkaller/kWaUYryuwSY/9jbwNyRlAwAJ)
* [mm: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in split_huge_page_to_list](https://groups.google.com/d/msg/syzkaller/zezMs3b7Vsc/Vo-6bujTAgAJ)
* [sound: BUG in snd_ctl_find_numid](https://groups.google.com/d/msg/syzkaller/rc3dZwnu5ZI/uRWvc2XUAgAJ)
* [net: GPF in __netlink_ns_capable](https://groups.google.com/forum/#!topic/syzkaller/daN8eU9ttSg)
* [crypto: slab-out-of-bounds in skcipher_recvmsg](https://groups.google.com/d/msg/syzkaller/VBcr-fy-t0w/KJo9r0r5AQAJ)
* [net: hang in ip_finish_output](https://groups.google.com/d/msg/syzkaller/OM7CXieBCoY/etzvFPX3AQAJ)
* [kvm: access to invalid memory in mmu_zap_unsync_children](https://groups.google.com/d/msg/syzkaller/4wAzRPswgQ8/IWGjISZQFQAJ)
* [kvm: using uninitialized var in tdp_page_fault](https://groups.google.com/d/msg/syzkaller/4u4EokUaq8U/jEkM-ZZQFQAJ)
* [sound: spinlock lockup in sound/core/timer.c](https://groups.google.com/d/msg/syzkaller/bbtG9_h1ONU/CPLblMC6FAAJ)
* [sound: GPF in snd_timer_user_params](https://groups.google.com/d/msg/syzkaller/pGyQMx7Fq84/Kzzp1yytFAAJ)
* [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/_jsbNkayw7w/vbivwMWsFAAJ)
* [sound: use-after-free in snd_timer_user_ioctl](https://groups.google.com/d/msg/syzkaller/9mIp43V-OS8/uCHNBiSsFAAJ)
* [crypto: use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/GdqfroKSD8Q/goTM-tyiFAAJ)
* [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/d/msg/syzkaller/wB2VUZcQRkE/NlNJBvybFAAJ)
* [net: WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/tDe2SCAzirE/ar2v6cZQFAAJ)
* [sound: use-after-free in snd_timer_stop](https://groups.google.com/d/msg/syzkaller/IAjJAaJOHZg/s1Ud2wVPFAAJ)
* [sound: GPF in snd_seq_fifo_clear](https://groups.google.com/d/msg/syzkaller/KbVqGu3WcPs/dYdSgjVOFAAJ)
* [crypto: ablk_decrypt causes BUG in scatterwalk](https://groups.google.com/d/msg/syzkaller/J5BIP1NxPVc/V5RQhCRMFAAJ)
* [kvm: GPF in native_set_debugreg](https://groups.google.com/d/msg/syzkaller/E_simxTrAxM/K70SOr4wEwAJ)
* [kvm: GPF in kvm_lapic_latched_init](https://groups.google.com/d/msg/syzkaller/Sw8voIm9wN4/AV_6rPsvEwAJ)
* [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/qING1Xy24JY/v9sxuVErEwAJ)
* [kvm: vmalloc allocation failure in kvm_vm_ioctl](https://groups.google.com/d/msg/syzkaller/K47NvuAAPz4/PO9mb4c4EwAJ)
* [kvm: vmalloc allocation failure in kvm_vcpu_ioctl_set_cpuid](https://groups.google.com/d/msg/syzkaller/58wqKq6iCXk/qQsxAH8pEwAJ)
* [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/tYgkwrDQjkg/jTllLeYmEwAJ)
* [kvm: WARNING in exception_type](https://groups.google.com/d/msg/syzkaller/NVYxVRSPan4/WCVzMTImEwAJ)
* [mm: possible deadlock in mm_take_all_locks](https://groups.google.com/d/msg/syzkaller/AxduklbKrfc/VQ2r5VQqEwAJ)
* [net/nfc: GPF in llcp_sock_getname](https://groups.google.com/d/msg/syzkaller/uj-hx-eBQ28/KCztJ2z6EAAJ)
* [net/netlink: memory leak in netlink_sendmsg](https://groups.google.com/d/msg/syzkaller/UUAHYw5MtjA/JEEHUuykEAAJ)
* [net/tipc: memory leak in tipc_release](https://groups.google.com/d/msg/syzkaller/5-GmaFy2BUI/Z1RBMsigEAAJ)
* [memory leak in lapb_create_cb](https://groups.google.com/d/msg/syzkaller/A-AnLCJnfIM/TCX4G1N0EAAJ)
* [net/sctp: sctp_datamsg memory leak](https://groups.google.com/d/msg/syzkaller/hLdAYS7j_tM/rwo6p5x1EAAJ)
* [net/sctp: sock memory leak](https://groups.google.com/d/msg/syzkaller/rB_bD-M8ijs/m44UxFNzEAAJ)
* [net/nfc: user-controllable kmalloc size in nfc_llcp_send_ui_frame](https://groups.google.com/d/msg/syzkaller/D9S8Ji0HJtM/9nJc3SdTEAAJ)
* [tty: deadlock between n_tracerouter_receivebuf and flush_to_ldisc](https://groups.google.com/d/msg/syzkaller/YrV0bzdfa-g/n5Eyi6tSEAAJ)
* [crypto: use-after-free in alg_bind](https://groups.google.com/d/msg/syzkaller/exVfK_05eqU/hszZrHwjEAAJ)
* [crypto: deadlock in alg_setsockopt](https://groups.google.com/d/msg/syzkaller/t3fOIUvQRR0/Xf8Jw9sdEAAJ)
* [crypto: use-after-free in rng_recvmsg](https://groups.google.com/d/msg/syzkaller/4Ivvjq4KGhM/EbQX8Ze_DwAJ)
* [use-after-free in skcipher_bind](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/iFcu_0R8DgAJ)
* [9p: sleeping function called from invalid context in v9fs_vfs_atomic_open_dotl](https://groups.google.com/d/msg/syzkaller/1YncbDVfdow/JudLnO49DgAJ)
* [fs: WARNING in locks_free_lock_context](https://groups.google.com/d/msg/syzkaller/AxzCz8bJPko/A6iFq0IsDgAJ)
* [net: user-controllable kmalloc size in __sctp_setsockopt_connectx](https://groups.google.com/d/msg/syzkaller/mv8Iaz0oHAs/b3dwSCD9DQAJ)
* [GPF in gf128mul_64k_bbe](https://groups.google.com/d/msg/syzkaller/BIjLNIO1g7k/6FTkQpFcDAAJ)
* [use-after-free in hash_sock_destruct](https://groups.google.com/d/msg/syzkaller/XSCcDfuj3Cw/cplfjIlcDAAJ)
* [GPF in lrw_crypt](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ)
* [bad page state due to PF_ALG socket](https://groups.google.com/d/msg/syzkaller/OEaEMF5cRpc/AyYAGndcDAAJ)
* [use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/Oi2d1GRRnPY/rbZZ5lZcDAAJ)
* [use-after-free in sixpack_close](https://groups.google.com/d/msg/syzkaller/QRZjzAzG0wg/pvnCAZNWDAAJ)
* [net: heap-out-of-bounds in sock_setsockopt](https://groups.google.com/d/msg/syzkaller/5J4lQcwp0x4/ATAqYNZ0CwAJ)
* [BUG_ON(!PageLocked(page)) in munlock_vma_page](https://groups.google.com/d/msg/syzkaller/8KEw1_E05zs/-HzQwaQlCwAJ)
* [perf: stalls in perf_install_in_context/perf_remove_from_context](https://groups.google.com/d/msg/syzkaller/NyMvU8ClQEM/7PjQ1csQCwAJ)
* [Information leak in sco_sock_bind](https://groups.google.com/d/msg/syzkaller/L2DGhEYtnQo/e0pj2sQpCwAJ) CVE-2015-8575
* [Information leak in llcp_sock_bind/llcp_raw_sock_bind](https://groups.google.com/d/msg/syzkaller/DHI06NjAnBw/02kKZKYnCwAJ)
* [Information leak in pptp_bind](https://groups.google.com/d/msg/syzkaller/fSqTaDjzcIo/HGa4cGi6CgAJ)
* [use-after-free in pptp_connect](https://groups.google.com/d/msg/syzkaller/w238o__gw7M/RrGhpOJ0CgAJ)
* [GPF in keyctl](https://bugzilla.redhat.com/show_bug.cgi?id=1290370) CVE-2015-7550
* [another use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/RQu4vcQ-CQAJ)
* [use-after-free in inet6_destroy_sock](https://groups.google.com/d/msg/syzkaller/u1NA-bgkR18/cMqpYl09CQAJ)
* [WARNING in crypto_wait_for_test](https://groups.google.com/d/msg/syzkaller/WZWajo0A2J4/K93w98fkCAAJ)
* [int overflow in io_getevents](https://groups.google.com/d/msg/syzkaller/UldJpka5MbA/riM5IbqTCAAJ)
* [use-after-free in ip6_xmit](https://groups.google.com/d/msg/syzkaller/YpU1_PMV_gU/FmLVGHqTCAAJ)
* [use-after-free in __perf_install_in_context](https://groups.google.com/d/msg/syzkaller/3Tk4BmoHxIk/x-EOZH_HBwAJ)
* [undefined shift in __bpf_prog_run](https://groups.google.com/d/msg/syzkaller/H7o2oz9CcKg/uzaiF7eqBwAJ)
* [signed integer overflow in ktime_add_safe](https://groups.google.com/d/msg/syzkaller/1R5FD_PtR1A/dVv99hGqBwAJ)
* [jump label: negative count!](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/hCg9HfHjDgAJ)
* [memory leak in alloc_huge_page](https://groups.google.com/d/msg/syzkaller/zg4TVSy6Ri8/qs99M-bJDwAJ)
* [memory leak in do_ipv6_setsockopt](https://groups.google.com/d/msg/syzkaller/xWavbbgt0qg/SpY86JLEDwAJ)
* [heap out-of-bounds access in array_map_update_elem](https://groups.google.com/d/msg/syzkaller/5NHTQ3U60-s/Xlnq60JwDwAJ)
* [deadlock in perf_ioctl](https://groups.google.com/d/msg/syzkaller/pOiDJIU5zI4/UXIsO9BrDwAJ)
* [user-controllable kmalloc size in bpf syscall](https://groups.google.com/d/msg/syzkaller/vhm-Av765TY/VzjC4zMqDwAJ)
* [net: use after free in ip6_make_skb](https://groups.google.com/d/msg/syzkaller/Pa8ovVaYL9c/Mw32fULmDgAJ)
* [user-controllable kmalloc size in sctp_getsockopt_local_addrs](https://groups.google.com/d/msg/syzkaller/WWpkIGBC0ts/kpMmnYfZDgAJ)
* [use-after-free in ip6_setup_cork](https://groups.google.com/d/msg/syzkaller/fHZ42YrQM-Y/Z4Xf-BbUDgAJ)
* [gigaset: freeing an active object](https://groups.google.com/d/msg/syzkaller/bOJJJcbKtjM/IGkN5ZyTDgAJ)
* [Freeing active kobject in pps_device_destruct](https://groups.google.com/forum/#!topic/syzkaller/rueDAZYv5v0)
* [GPF in process_one_work (flush_to_ldisc)](https://groups.google.com/d/msg/syzkaller/z3WIRnS2q9g/_TXY3LBBDgAJ)
* [use-after-free in tty_check_change](https://groups.google.com/d/msg/syzkaller/PGnPGgljA8A/5yfiRls1DgAJ)
* [WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/vlk-2b1hAVQ/JpkM7K36DQAJ)
* [use-after-free in irtty_open](https://groups.google.com/d/msg/syzkaller/foW6EoJnc9Y/q0gKZ3f3DQAJ)
* [use-after-free in sock_wake_async](https://groups.google.com/forum/#!topic/syzkaller/IjAetA6uvIc)
* [WARNING in handle_mm_fault](https://groups.google.com/forum/#!topic/syzkaller/o8VqvYNEu_I)
* [WARNING in gsm_cleanup_mux](https://groups.google.com/d/msg/syzkaller/zAvZnQBWGac/IPU35GyYDQAJ)
* [use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/UWs4GxGUDQAJ)
* [yet another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/Jy08esFVw9k)
* [GPF in add_key](https://bugzilla.redhat.com/show_bug.cgi?id=1284059)
* [another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/sjA9DrBQviw)
* [deadlock during fuseblk shutdown](https://groups.google.com/forum/#!topic/syzkaller/w-B4OeANKu8)
* [tty,net: use-after-free in x25_asy_open_tty](https://groups.google.com/d/msg/syzkaller/kYOghurchCg/aVg9hBBpDAAJ)
* [deadlock between tty_write and tty_send_xchar](https://groups.google.com/forum/#!topic/syzkaller/X12P_8jITAM)
* [WARNING in shmem_evict_inode](https://groups.google.com/forum/#!topic/syzkaller/HeT_3b2HIrs)
* [Deadlock between setsockopt/getsockopt](https://groups.google.com/forum/#!topic/syzkaller/46AwIkaOclk)
* [Deadlock between bind and splice](https://groups.google.com/forum/#!topic/syzkaller/HSofF04GVCA)
* [Use-after-free in ipv4_conntrack_defrag](https://groups.google.com/forum/#!topic/syzkaller/k62o6Fiu124)
* [Use-after-free in selinux_ip_postroute_compat](https://groups.google.com/forum/#!topic/syzkaller/eu-3LPXgdok)
* [Use-after-free in unshare](https://patchwork.ozlabs.org/patch/539061/)
* [GPF in tcp_sk_init/icmp_sk_init](https://patchwork.ozlabs.org/patch/539018/)
* [lockdep warning in ip_mc_msfget](https://groups.google.com/forum/#!topic/syzkaller/ScMRWhgAsbM)
* [WARNING in task_participate_group_stop](https://groups.google.com/forum/#!topic/syzkaller/p5ailXs8eEc)
* [Resource leak in unshare](https://groups.google.com/forum/#!topic/syzkaller/cdJvHvazRJk)
* [Paging fault with hard IRQs disabled in getsockopt](https://groups.google.com/forum/#!topic/syzkaller/AegFEboavHM)
* [Unkillable processes due to PTRACE_TRACEME](https://groups.google.com/forum/#!msg/syzkaller/uGzwvhlCXAw/E-cfY2ejAgAJ)
* [Use-after-free in ep_remove_wait_queue](https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8) CVE-2013-7446
* [GPF in shm_lock](https://groups.google.com/forum/#!topic/syzkaller/4jVzR278N9k)
* [GPF in rt6_uncached_list_flush_dev](https://groups.google.com/forum/#!topic/syzkaller/XmcaDo9DnSg)
* [Infinite loop in ip6_fragment](https://groups.google.com/forum/#!topic/syzkaller/PoD9yGkY1y8)
* [Uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/zfuHHRXL7Zg)
* [GPF in keyring_destroy](https://groups.google.com/forum/#!topic/syzkaller/E2DRBbUDEg8) [CVE-2015-7872](https://bugzilla.redhat.com/show_bug.cgi?id=1272371)