github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/linux/found_bugs.md (about) 1 # Found bugs 2 3 Most latest bugs are reported by [syzbot](/docs/syzbot.md) and are listed [here](https://groups.google.com/forum/#!forum/syzkaller-bugs) and on the [dashboard](https://syzkaller.appspot.com/upstream). 4 Additional USB bugs are [here](/docs/linux/found_bugs_usb.md). 5 6 _newer first_ 7 * [KASAN: use-after-free Read in screen_glyph_unicode](https://groups.google.com/g/syzkaller/c/114zHXgUIxc/m/HDakO4aDAQAJ) 8 * [KASAN: use-after-free Read in vc_do_resize](https://groups.google.com/g/syzkaller/c/YxdMWhGfeWw/m/P9bVFhNNBgAJ) 9 * [KASAN: use-after-free in usb_hcd_unlink_urb](https://groups.google.com/g/syzkaller/c/TVhdYRmqdvU/m/dRD7Rat9IQAJ) 10 * [KASAN: slab-out-of-bounds Read in gadget_dev_desc_UDC_store](https://groups.google.com/g/syzkaller/c/p-eayxoLmWA/m/x12xTwhwAgAJ) 11 * [KASAN: use-after-free Write in snd_rawmidi_kernel_write1](https://groups.google.com/g/syzkaller/c/GzOkkJGH6iY/m/2TTi8tdCAAAJ) 12 * [KASAN: use-after-free Write in config_item_get](https://groups.google.com/g/syzkaller/c/TzmTYZVXk_Q/m/TfFqRdJ4AQAJ) 13 * [KASAN: use-after-free Read in f_hidg_poll](https://groups.google.com/g/syzkaller/c/-WXXWIlZBu0/m/uhWv9RmMAgAJ) 14 * [KASAN: use-after-free Read in printer_ioctl](https://groups.google.com/g/syzkaller/c/-e8qjq9mmUk/m/KYZy8SqkAgAJ) 15 * [KASAN: null-ptr-deref Read in tty_wakeup](https://groups.google.com/g/syzkaller/c/BNzyjDzkYms/m/p9WwoUCpAwAJ) 16 * [KASAN: use-after-free in afs_wake_up_async_call](https://groups.google.com/g/syzkaller/c/Km3HYdzI7Ng/m/tpC-0d8EBAAJ) 17 * [KASAN: use-after-free Read in gs_flush_chars](https://groups.google.com/g/syzkaller/c/CtuIx6aFPDE/m/jK9d4529BQAJ) 18 * [kernel BUG at net/core/skbuff.c](https://lkml.org/lkml/2017/10/2/181) 19 * [io_uring: avoid page allocation warnings](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4ef647510b1200fe1c996ff1cbf5ac47eb930cc) 20 * [io_uring: free allocated io_memory once](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=52e04ef4c9d459cba3afd86ec335a411b40b7fd2) 21 * [io_uring: fix SQPOLL cpu validation](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=975554b03eddc1df73bda3a764a09e18cadd5f1c) 22 * [locks: use-after-free in perf_trace_lock_acquire](https://bugzilla.kernel.org/show_bug.cgi?id=205705) [CVE-2019-19769](https://nvd.nist.gov/vuln/detail/CVE-2019-19769) 23 * [cirrusfb: divide errors in cirrusfb_check_var/cirrusfb_check_pixclock/cirrusfb_set_par_foo](https://groups.google.com/forum/#!topic/syzkaller/_utQWPf5qeY) 24 * [floppy: fix out-of-bounds read in copy_buffer](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da99466ac243f15fbba65bd261bfc75ffa1532b6) 25 * [floppy: fix invalid pointer dereference in drive_name](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b04609b784027968348796a18f601aed9db3789) 26 * [floppy: fix out-of-bounds read in next_valid_format](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5635f897ed83fd539df78e98ba69ee91592f9bb8) 27 * [floppy: fix div-by-zero in setup_format_params](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f3554aeb991214cbfafd17d55e2bfddb50282e32) 28 * [bpf: BPF_PROG_TEST_RUN leads to unkillable process](https://groups.google.com/d/msg/syzkaller/EmqpzlOL164/loUGe070FwAJ) 29 * [timer_settime leads to unkillable process](https://groups.google.com/d/msg/syzkaller/Q6t7TCcN630/ep3J4BT1FwAJ) 30 * [UBSAN: Undefined behaviour in drivers/scsi/sr_ioctl.c](https://groups.google.com/d/msg/syzkaller/lfupcWLvlmI/ts9ut9LyEwAJ) 31 * [KASAN: use-after-free Read in ata_scsi_mode_select_xlat](https://groups.google.com/d/msg/syzkaller/PSlmJbCdKF0/tasiCXl4AgAJ) 32 * [UBSAN: Undefined behaviour in fs/f2fs/extent_cache.c](https://groups.google.com/d/msg/syzkaller/oAhUsPAO4RI/rivMjuUOCgAJ) 33 * [UBSAN: Undefined behaviour in drivers/input/misc/uinput.c](https://groups.google.com/d/msg/syzkaller/i64-4xzd-Cs/wJRiNri8CQAJ) 34 * [general protection fault in spk_ttyio_ldisc_close](https://groups.google.com/d/msg/syzkaller/4VJ9u48qxyc/IrT0N35uDAAJ) 35 * [rtnetlink: give a user socket to get_target_net()](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee) [CVE-2018-14646](https://nvd.nist.gov/vuln/detail/CVE-2018-14646) 36 * [tipc: NULL deref in tipc_net_finalize](https://groups.google.com/d/msg/syzkaller/qhg9Gg9cFuY/I-HrdjEICAAJ) 37 * [Kernel crash at i2cdev_ioctl_rdwr in drivers/i2c/i2c-dev.c](https://groups.google.com/d/msg/syzkaller/YuPOpeuGIKU/oXnZkgmqBgAJ) 38 * [UBSAN: Undefined behaviour in drivers/input/mousedev.c](https://groups.google.com/d/msg/syzkaller/8A-G6SaGOHQ/vsR3aWLKAwAJ) 39 * [UBSAN: Undefined behaviour in mm/page_alloc.c](https://groups.google.com/d/msg/syzkaller/STYtgfG49IQ/5g0L0b77BAAJ) 40 * [WARNING in pkt setup dev](https://groups.google.com/d/msg/syzkaller/jQsAxlSpvCU/xFab0v1wBAAJ) 41 * [UBSAN: Undefined behaviour in drivers/net/ppp/ppp_generic.c](https://groups.google.com/d/msg/syzkaller/xwZC0Njopck/FiU9Z-rRAgAJ) 42 * [KASAN: use-after-free Read in raw_cmd_done](https://groups.google.com/d/msg/syzkaller/wylZT5uD_xw/dTiar3qVBgAJ) 43 * [KMSAN: uninit-value in selinux_socket_bind, selinux_socket_connect_helper](https://groups.google.com/d/msg/syzkaller/elP9WpfcVbY/JHhEmU4BBwAJ) 44 * [UBSAN: Undefined behaviour in drivers/block/floppy.c](https://groups.google.com/d/msg/syzkaller/eB8DFhbjLyI/4lSR84IiBQAJ) 45 * [net: BUG still has locks held in unix_stream_splice_read](https://groups.google.com/d/msg/syzkaller/q_BUZHm-Nug/Y0o4RfDJBQAJ) 46 * [general protection fault in sockfs_setattr](https://groups.google.com/d/msg/syzkaller/y4V_gr5sjsE/GRA81a6EAQAJ) [CVE-2018-12232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12232) 47 * [KASAN: slab out of bounds Write in __jfs_setxattr](https://lkml.org/lkml/2018/6/1/829) [CVE-2018-12233](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12233) 48 * [RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPslogin ](https://patchwork.kernel.org/patch/10274675/) 49 * [KASAN: use-after-free Read in set_page_dirty_lock](https://groups.google.com/forum/#!topic/syzkaller/w-u4MXthFoI) 50 * [System freeze and NULL pointer dereference](https://groups.google.com/d/msg/syzkaller-bugs/LxPlUEk62IA/OIfFWHr_AgAJ) 51 * [RDS: WARNING in rds_recv_hs_exthdrs](https://groups.google.com/d/msg/syzkaller/TTR-hlzVO1I/T7ncQ3xjAQAJ) 52 * [RDS: slab-out-of-bounds Read in rds_rdma_extra_size](https://groups.google.com/d/msg/syzkaller/VxPgmfL9H8k/PJxhMJZiAQAJ) 53 * [netfilter: fix out-of-bounds accesses in clusterip_tg_check()](https://groups.google.com/d/msg/syzkaller/uyndMVk770k/TXIlWssrAwAJ) 54 * [net: hang in unregister_netdevice: waiting for lo to become free](https://groups.google.com/d/msg/syzkaller/-06_laheMF0/xqezy58kAwAJ) 55 * [scsi: sg: assorted memory corruptions](https://groups.google.com/d/msg/syzkaller/9RNr9Gu0MyY/Yyry-0XBDgAJ) 56 * [kcm: memory leak in kcm_sendmsg](https://groups.google.com/d/msg/syzkaller/3wdPAXqqABY/i-OgV10gDwAJ) 57 * [AF_KEY: memory leak in key_notify_policy](https://groups.google.com/d/msg/syzkaller/j6H7dPEQv-s/A-ADSd8gDwAJ) 58 * [sctp: memory leak in sctp_endpoint_init](https://groups.google.com/d/msg/syzkaller/rz5CvX4rTFA/PUCYbwEiDwAJ) 59 * [tipc: memory leak in tipc_nl_node_get_link](https://groups.google.com/d/msg/syzkaller/6nCOXX58sKw/J91ioe4iDwAJ) 60 * [tun: memory leak in tun_set_iff](https://groups.google.com/d/msg/syzkaller/ZuubuAQpne0/sSjnZfojDwAJ) 61 * [net/8021q: memory leak in register_vlan_dev](https://groups.google.com/d/msg/syzkaller/bFkAaOcP-SI/9MSok8IlDwAJ) 62 * [net: memory leak in socket](https://groups.google.com/d/msg/syzkaller/DMV3fSoKyR0/biGHOQQlDwAJ) 63 * [scsi: memory leak in sg_start_req](https://groups.google.com/d/msg/syzkaller/GVR3rFTzQzo/kGvdqZgcDwAJ) 64 * [sunrpc: infinite unkillable console spam in xs_tcp_setup_socket](https://groups.google.com/d/msg/syzkaller/DJmtkqwLCZg/mHJPAJHTAQAJ) 65 * [fs: possible deadlock in do_iter_write/do_splice](https://groups.google.com/forum/#!topic/syzkaller/f72L3fPD8sY) 66 * [net/ipv6: warning in __alloc_pages_slowpath/ipip6_tunnel_get_prl](https://groups.google.com/forum/#!topic/syzkaller/VtONA6oTiio) 67 * [net/ipv6: GPF in rt6_ifdown](https://groups.google.com/forum/#!topic/syzkaller/dQ0r_bHOrJk) 68 * [net/ipv4: trying to register non-static key in ip_mc_clear_src](https://groups.google.com/forum/#!topic/syzkaller/E60_ya1wNxs) 69 * [net/can: trying to register non-static key in can_rx_register](https://groups.google.com/forum/#!topic/syzkaller/to2Or4lUrTU) 70 * [net: general protection fault in deactivate_slab](https://groups.google.com/forum/#!topic/syzkaller/k_Q4h-RPzkQ) 71 * [net/ipv4: use-after-free in add_grec](https://groups.google.com/forum/#!topic/syzkaller/dlHu8uuZWfg) 72 * [net/ipv6: use-after-free in ip6_dst_ifdown](https://groups.google.com/forum/#!topic/syzkaller/ZJaqAiFLe3k) 73 * [tty: possible deadlock in tty_buffer_flush](https://groups.google.com/forum/#!topic/syzkaller/PXe_ekNtIZ8) 74 * [net/ipv6: general protection fault in skb_release_data](https://groups.google.com/forum/#!topic/syzkaller/e3I2c8X2oWo) CVE-2017-9242 75 * [drivers/net/hamradio: divide error in hdlcdrv_ioctl](https://groups.google.com/forum/#!topic/syzkaller/Uwy36npUcBQ) 76 * [tty: fix port buffer locking](https://lkml.org/lkml/2017/5/11/118) 77 * [kvm: warning in kvm_load_guest_fpu](https://groups.google.com/forum/#!topic/syzkaller/OSNJfH8rNPE) 78 * [drivers/scsi: GPF in sg_read](https://groups.google.com/forum/#!topic/syzkaller/FqYh6Jks6h0) 79 * [net/ipv4: use-after-free in ip_mc_drop_socket](https://groups.google.com/forum/#!topic/syzkaller/y3_fsYmwdio) CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 80 * [net/ipv6: GPF in rt6_device_match](https://groups.google.com/forum/#!topic/syzkaller/PbCfeuGSoNI) 81 * [x86: warning: kernel stack regs has bad 'bp' value](https://groups.google.com/forum/#!topic/syzkaller/HQl-x5dWJ9Q) 82 * [net/key: slab-out-of-bounds in pfkey_compile_policy](https://groups.google.com/forum/#!topic/syzkaller/MHjh-tJo_wE) 83 * [net/ipv6: warning in inet6_ifa_finish_destroy](https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw) 84 * [net/ipv6: use-after-free in __call_rcu/in6_dev_finish_destroy_rcu](https://groups.google.com/forum/#!topic/syzkaller/OhkhEez1z1A) 85 * [net/ipv6: slab-out-of-bounds in ip6_tnl_xmit](https://groups.google.com/forum/#!topic/syzkaller/Wr3dZWAO8vw) 86 * [net/rose: null-ptr-deref in rose_route_frame](https://groups.google.com/forum/#!topic/syzkaller/RWKRCxpbS90) 87 * [time: hang due to timer_create/timer_settime](https://groups.google.com/forum/#!topic/syzkaller/355tWdc8oHY) 88 * [net/core: BUG in unregister_netdevice_many](https://groups.google.com/forum/#!topic/syzkaller/3zsXPUh-KzU) 89 * [net/xfrm: stack-out-of-bounds in xfrm_state_find](https://groups.google.com/forum/#!topic/syzkaller/WA6MdAfCYS0) 90 * [net/bonding: stack-out-of-bounds in bond_enslave](https://groups.google.com/forum/#!topic/syzkaller/IDoQHFmrnRI) 91 * [net: ipv6: RTF_PCPU should not be settable from userspace](https://www.spinics.net/lists/netdev/msg430947.html) 92 * [fs/notify/inotify: slab-out-of-bounds write in strcpy](https://groups.google.com/d/msg/syzkaller/ecGeXh44M50/r7OSshSOCAAJ) [CVE-2017-7533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533) 93 * [net/ipv6: slab-out-of-bounds read in seg6_validate_srh](https://groups.google.com/forum/#!topic/syzkaller/U3NMWDD16PM) 94 * [kernel BUG at mm/hugetlb.c:742!](https://lkml.org/lkml/2017/4/10/1154) 95 * [net/key: slab-out-of-bounds in parse_ipsecrequests](https://groups.google.com/forum/#!topic/syzkaller/vG7Cyfx-mvU) 96 * [net/ipv4: use-after-free in ipv4_datagram_support_cmsg](https://groups.google.com/forum/#!topic/syzkaller/F79HOk-4RhA) 97 * [net/ipv4: use-after-free in ip_queue_xmit](https://groups.google.com/forum/#!topic/syzkaller/X6L7h46rDsw) 98 * [net: use-after-free in __ns_get_path](https://groups.google.com/forum/#!topic/syzkaller/Vnf3aEG-wqY) 99 * [net/ipv4: use-after-free in ip_check_mc_rcu](https://groups.google.com/forum/#!topic/syzkaller/6q5nFux7N2E) 100 * [net/ipv6: use-after-free in ipv6_sock_ac_close](https://groups.google.com/forum/#!topic/syzkaller/z4Y96bFyq7I) 101 * [net/ipv4: use-after-free in ipv4_mtu](https://groups.google.com/forum/#!topic/syzkaller/UAjEGZoiAF4) 102 * [net/dccp: BUG in tfrc_rx_hist_sample_rtt](https://groups.google.com/forum/#!topic/syzkaller/inWmASLpo8Q) 103 * [net/sctp: list double add warning in sctp_endpoint_add_asoc](https://groups.google.com/forum/#!topic/syzkaller/6_LZGvwjzcA) 104 * [kvm: use-after-free in srcu_reschedule](https://groups.google.com/d/msg/syzkaller/Sl0POwca6-s/QR_z6AsFCQAJ) 105 * [ata: WARNING in ata_bmdma_qc_issue](https://groups.google.com/d/msg/syzkaller/Hy5yHjgOri8/0fhs94QXCAAJ) 106 * [net/sched: GPF in qdisc_hash_add](https://groups.google.com/d/msg/syzkaller/--acxHx5yyo/WsS4Yw7PBwAJ) 107 * [sg: random memory corruptions](https://groups.google.com/d/msg/syzkaller/wWn_oXRfN7Y/kgtLfy_OBwAJ) 108 * [fs: GPF in deactivate_locked_super](https://groups.google.com/d/msg/syzkaller/xLJUOccIV48/4yXIAfnIBwAJ) 109 * [loop: WARNING in sysfs_remove_group](https://groups.google.com/d/msg/syzkaller/nq6tjrQLVo4/IL-lxLHIBwAJ) 110 * [lib, fs, cgroup: WARNING in percpu_ref_kill_and_confirm](https://groups.google.com/d/msg/syzkaller/sT2NZaIfP_E/B15roGnIBwAJ) 111 * [ata: WARNING in ata_qc_issue](https://groups.google.com/d/msg/syzkaller/r1iGG9w4a9U/l6FkC0HGBwAJ) 112 * [security, hugetlbfs: write to user memory in hugetlbfs_destroy_inode](https://groups.google.com/d/msg/syzkaller/GLiqkLgHpc8/RzD3JUTFBwAJ) 113 * [netlink: NULL timer crash](https://groups.google.com/d/msg/syzkaller/drVyP4zu3SM/yPx2taTEBwAJ) 114 * [kvm: use-after-free function call in kvm_io_bus_destroy](https://groups.google.com/d/msg/syzkaller/1zn_juvw7Fk/BAqe32_DBwAJ) 115 * [sound: use-after-free in snd_seq_cell_alloc](https://groups.google.com/d/msg/syzkaller/ZXLFJniQJJE/menSWN_CBwAJ) 116 * [usb: use-after-free write in usb_hcd_link_urb_to_ep](https://groups.google.com/d/msg/syzkaller/v5ra3_AduC4/8-43yozCBwAJ) 117 * [net/kcm: double free of kcm inode](https://groups.google.com/d/msg/syzkaller/CFYuMediESc/L31CuijCBwAJ) 118 * [crypto: out-of-bounds write in pre_crypt](https://groups.google.com/d/msg/syzkaller/ivRlyW1WX10/3M9rSuC9BwAJ) 119 * [security: double-free in superblock_doinit](https://groups.google.com/d/msg/syzkaller/AXrX3E0YOsg/dvcctKm8BwAJ) 120 * [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/gBu_q0nPy9o/r3QmSIO6BwAJ) 121 * [tcp: fix potential double free issue for fastopen_req](https://www.spinics.net/lists/netdev/msg422971.html) 122 * [net/udp: slab-out-of-bounds Read in udp_recvmsg](https://groups.google.com/d/msg/syzkaller/K6CC1usBuWs/6aYxL79BBQAJ) 123 * [net: deadlock between ip_expire/sch_direct_xmit](https://groups.google.com/d/msg/syzkaller/e-2ANaCu2fk/zvSg0l4DBQAJ) 124 * [srcu: BUG in __synchronize_srcu](https://groups.google.com/forum/#!topic/syzkaller/2WSsltbI5Z8) 125 * [net/sctp: recursive locking in sctp_do_peeloff](https://groups.google.com/d/msg/syzkaller/5NY7KjBKgA0/nMm6k7bwEQAJ) 126 * [kvm: WARNING in vmx_handle_exit](https://groups.google.com/d/msg/syzkaller/D01HuY1tDhc/UIeC8eXfDQAJ) 127 * [futex: use-after-free in futex_wait_requeue_pi](https://groups.google.com/d/msg/syzkaller/MrJ5ckRkQBI/pXjdOFztEQAJ) 128 * [kvm/arm64: use-after-free in kvm_vm_ioctl/vmacache_update](https://groups.google.com/forum/#!topic/syzkaller/QUhNm5patag) 129 * [kvm/arm64: use-after-free in kvm_unmap_hva_handler/unmap_stage2_pmds](https://groups.google.com/forum/#!topic/syzkaller/Hk9R17J-2tA) 130 * [local privilege escalation flaw in n_hdlc](http://seclists.org/oss-sec/2017/q1/569) CVE-2017-2636 131 * [netlink: GPF in netlink_unicast](https://groups.google.com/d/msg/syzkaller/AN-WbVHU0hw/iMmJEUSbEAAJ) 132 * [perf: use-after-free in perf_release](https://groups.google.com/d/msg/syzkaller/_P-SyZtwVXk/RhO-VB2YEAAJ) 133 * [net/ipv6: null-ptr-deref in ip6mr_sk_done](https://groups.google.com/forum/#!topic/syzkaller/H8hyTRfCClI) 134 * [bpf: kernel NULL pointer dereference in map_get_next_key](https://groups.google.com/d/msg/syzkaller/nyr1SaxHfyo/gp21-xhaEAAJ) 135 * [crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex](https://groups.google.com/d/msg/syzkaller/jtz84qFQ_3s/vzFV8YhaEAAJ) 136 * [kvm: use-after-free in vmx_check_nested_events/vmcs12_guest_cr0](https://groups.google.com/d/msg/syzkaller/_e1uwkRRVfk/CqEIKj9SEAAJ) 137 * [sound: another deadlock in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/GAUhiTjyDfI/XcIntncQEAAJ) 138 * [rcu: WARNING in rcu_seq_end](https://groups.google.com/d/msg/syzkaller/M4UEuqSTMR8/JoEPLtQOEAAJ) 139 * [fs: use-after-free in path_lookupat](https://groups.google.com/d/msg/syzkaller/_8MZkKL2-QU/PA0q5XULEAAJ) 140 * [ucount: use-after-free read in inc_ucount & dec_ucount](https://groups.google.com/d/msg/syzkaller/xB_UphO1T7w/me1WddQAEAAJ) 141 * [net/ipv4: division by 0 in tcp_select_window](https://groups.google.com/d/msg/syzkaller/TFH8rl8yTrU/9PzPjkfHDwAJ) 142 * [net: heap out-of-bounds in fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone](https://groups.google.com/d/msg/syzkaller/3SS80JbVPKA/2tfIAcW7DwAJ) 143 * [mm: use-after-free in zap_page_range](https://groups.google.com/d/msg/syzkaller/-e9ZYxL9zts/6ip-8FK5DwAJ) 144 * [net/kcm: use-after-free in kcm_wq](https://groups.google.com/d/msg/syzkaller/c_jOLx9FEgk/nz2PJROtDwAJ) 145 * [idr: use-after-free write in ida_get_new_above](https://groups.google.com/d/msg/syzkaller/23J2nN6syEE/gFFk_xSsDwAJ) 146 * [sg: stack out-of-bounds write in sg_write](https://groups.google.com/d/msg/syzkaller/fvvhyYQHiT8/UOnInaajDwAJ) CVE-2017-7187 147 * [cgroup: WARNING in cgroup_kill_sb](https://groups.google.com/d/msg/syzkaller/pWKI4ZQeOoI/SmTmQEF8DwAJ) 148 * [net/rds: use-after-free in rds_find_bound/memcmp](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/kgQVbjjXDgAJ) 149 * [net: sleeping function called from invalid context in net_enable_timestamp](https://groups.google.com/d/msg/syzkaller/k5qJRYKqIgQ/EfJBkqwvDwAJ) 150 * [net: use-after-free in neigh_timer_handler/sock_wfree](https://groups.google.com/d/msg/syzkaller/2REBGTmpSTE/pT95olUuDwAJ) 151 * [net/sctp: use-after-free in sctp_association_put](https://groups.google.com/d/msg/syzkaller/AA_hWiHcgrs/4lIAQ94tDwAJ) 152 * [fs: use-after-free in userfaultfd_exit](https://groups.google.com/d/msg/syzkaller/Uu0ZwFPrmu8/WRWYCC8sDwAJ) 153 * [net/ipv4: inconsistent lock state in tcp_conn_request/inet_ehash_insert](https://groups.google.com/forum/#!topic/syzkaller/OnwnEEhZap8) 154 * [net/ipv4: suspicious RCU usage in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/FwCYiR7JDwAJ) 155 * [net/ipv4: deadlock in ip_ra_control](https://groups.google.com/d/msg/syzkaller/mS6hi72YPkc/jZyjMMgRDwAJ) 156 * [net/dccp: dccp_create_openreq_child freed held lock](https://groups.google.com/d/msg/syzkaller/0jXubCbCmeQ/OXoQEjgODwAJ) 157 * [nested_vmx_merge_msr_bitmap](https://groups.google.com/d/msg/syzkaller/2631gzzWnA4/jm91h6HeDgAJ) 158 * [ipc: use-after-free in shm_get_unmapped_area](https://groups.google.com/d/msg/syzkaller/Kv2bIHYA8N8/kZqVCqXaDgAJ) 159 * [sounds: deadlocked processed in snd_seq_pool_done](https://groups.google.com/d/msg/syzkaller/ZARHLaXAmYQ/eSfeP-HVDgAJ) 160 * [net/atm: vcc_sendmsg calls kmem_cache_alloc in non-blocking context](https://groups.google.com/d/msg/syzkaller/5gb5kxihtps/oy4pVZ3SDgAJ) 161 * [ata: WARNING in ata_sff_qc_issue](https://groups.google.com/d/msg/syzkaller/0v1qHkmM-VU/6InmOLvPDgAJ) 162 * [net/rds: use-after-free in inet_create](https://groups.google.com/d/msg/syzkaller/ZBEXtkNoG9o/s46xtB7PDgAJ) 163 * [mm: fault in __do_fault](https://groups.google.com/d/msg/syzkaller/CRQxZS4nck0/6DD2SyfODgAJ) 164 * [kvm: WARNING in nested_vmx_vmexit](https://groups.google.com/d/msg/syzkaller/w3EBRlb2h6s/GdIi_y3IDgAJ) 165 * [net: GPF in rt6_nexthop_info](https://groups.google.com/d/msg/syzkaller/AMyOvIrf--c/RB-mpPjFDgAJ) 166 * [sound: spinlock lockup in snd_timer_user_tinterrupt](https://groups.google.com/d/msg/syzkaller/3efGwZt0nLI/pPt4WoGVDgAJ) 167 * [mm: GPF in bdi_put](https://groups.google.com/d/msg/syzkaller/ixaSKtOoO7k/UjxnRr2JDgAJ) 168 * [net/sctp: use-after-free in sctp_hash_transport](https://groups.google.com/forum/#!topic/syzkaller/Ew5hrZI7Obs) 169 * [net/bridge: warning in br_fdb_find](https://groups.google.com/forum/#!topic/syzkaller/d9XyhdJXwa0) 170 * [net/ipv6: null-ptr-deref in ip6_route_del/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/gEoL2QX519c) 171 * [net: possible deadlock in skb_queue_tail](https://groups.google.com/forum/#!topic/syzkaller/XEp_9K8FmIM) 172 * [DCCP double-free vulnerability (local root)](http://seclists.org/oss-sec/2017/q1/471) CVE-2017-6074 173 * [net: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/QwkU6JMkjBg) 174 * [net/pptp: use-after-free in dst_release](https://groups.google.com/forum/#!topic/syzkaller/ZR9QP3JNE18) 175 * [net/udp: slab-out-of-bounds in udp_recvmsg/do_csum](https://groups.google.com/forum/#!topic/syzkaller/vCUAq86bJaA) CVE-2017-6347 176 * [WARNING in skb_warn_bad_offload](https://patchwork.ozlabs.org/patch/722135/) 177 * [tty: panic in tty_ldisc_restore](https://groups.google.com/d/msg/syzkaller/ty5IhaYWVp8/aTN_hZ8qBQAJ) 178 * [net: BUG in __skb_gso_segment](https://groups.google.com/forum/#!topic/syzkaller/wLAp3HzIXSo) 179 * [net/dccp: use-after-free in dccp_feat_activate_values](https://groups.google.com/forum/#!topic/syzkaller/hyM_oK9QOXU) 180 * [net/kcm: GPF in kcm_sendmsg](https://groups.google.com/d/msg/syzkaller/8YB3cFmKRqs/DYu7vJiCCAAJ) 181 * [net/xfrm: stack out-of-bounds in xfrm_flowi_sport](https://groups.google.com/d/msg/syzkaller/J2qVz4ZJpPg/Fw0QURWBCAAJ) 182 * [net/llc: BUG in llc_sap_state_process/skb_set_owner_r](https://groups.google.com/forum/#!topic/syzkaller/c1SOlcflXz8) CVE-2017-6345 183 * [net/llc: bug in llc_pdu_init_as_xid_cmd/skb_over_panic](https://groups.google.com/forum/#!topic/syzkaller/mVs8KWoW4d8) 184 * [net/packet: use-after-free in packet_rcv_fanout](https://groups.google.com/d/msg/syzkaller/nOwR6_b4rmw/ocp21bZBBwAJ) 185 * [net: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in skb_array_produce](https://groups.google.com/d/msg/syzkaller/eHfRFbBg4LE/stDU3KYyBwAJ) 186 * [net/ipv4: null-ptr-deref in udp_rmem_release/sk_memory_allocated_sub](https://groups.google.com/forum/#!topic/syzkaller/8BMdxIXdH4g) 187 * [net/sctp: null-ptr-deref in sctp_put_port/sctp_endpoint_destroy](https://groups.google.com/forum/#!topic/syzkaller/S79Ss7ZUje8) 188 * [net/ipv4: warning in nf_nat_ipv4_fn](https://groups.google.com/forum/#!topic/syzkaller/5VxeBb85Ddg) 189 * [net/ipv6: double free in ipip6_dev_free](https://groups.google.com/d/msg/syzkaller/ZN9Ihlsum_s/4UuXXmn1BgAJ) 190 * [sound: use-after-free in snd_seq_queue_alloc](https://groups.google.com/d/msg/syzkaller/dhaTlAjxHVs/TXyPrX_nBgAJ) 191 * [loop: divide error in transfer_xor](https://groups.google.com/d/msg/syzkaller/1f1ziDbOTiQ/cFC0_wfnBgAJ) 192 * [net/xfrm: use of uninit spinlock in xfrm_policy_flush](https://groups.google.com/d/msg/syzkaller/vp1neyeoA8A/Is8aPdrpBgAJ) 193 * [mm: double-free in cgwb_bdi_init](https://groups.google.com/d/msg/syzkaller/tIx42qCVklk/fh0qjUboBgAJ) 194 * [packet: round up linear to header len](http://patchwork.ozlabs.org/patch/725335/) 195 * [net/icmp: null-ptr-deref in ping_v4_push_pending_frames](https://groups.google.com/forum/#!topic/syzkaller/DYyq0NyEY4g) 196 * [net/kcm: WARNING in kcm_write_msgs](https://groups.google.com/d/msg/syzkaller/vsh_MSFHizg/Uf-GzB1UBgAJ) 197 * [tcp: avoid infinite loop in tcp_splice_read()](https://www.mail-archive.com/netdev@vger.kernel.org/msg151936.html) CVE-2017-6214 198 * [tun: read vnet_hdr_sz once](http://patchwork.ozlabs.org/patch/723964/) 199 * [macvtap: read vnet_hdr_size once](http://patchwork.ozlabs.org/patch/723965/) 200 * [udp: properly cope with csum errors](https://patchwork.ozlabs.org/patch/724263/) 201 * [ipv6: tcp: add a missing tcp_v6_restore_cb()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756) 202 * [ip6_gre: fix ip6gre_err() invalid reads](https://patchwork.ozlabs.org/patch/724187/) CVE-2017-5897 203 * [ipv4: keep skb->dst around in presence of IP options](https://patchwork.ozlabs.org/patch/724136/) CVE-2017-5970 204 * [net: use a work queue to defer net_disable_timestamp() work](https://patchwork.ozlabs.org/patch/723251/) 205 * [netlabel: out of bound access in cipso_v4_validate()](https://patchwork.ozlabs.org/patch/723457/) 206 * [ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()](https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git/+/63117f09c768be05a0bf465911297dc76394f686) 207 * [net: heap out-of-bounds in ip6_fragment](https://groups.google.com/d/msg/syzkaller/zakUQXz8ums/lNcDLtARBQAJ) CVE-2017-9074 208 * [tcp: fix 0 divide in __tcp_select_window()](https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=06425c308b92eaf60767bc71d359f4cbc7a561f8) 209 * [keys: GPF in request_key](https://groups.google.com/d/msg/syzkaller/As2A-xeNp0g/eu50sRnKBAAJ) 210 * [net/tcp: warning in tcp_try_coalesce/skb_try_coalesce](https://groups.google.com/forum/#!topic/syzkaller/oeZW04VAQBM) 211 * [crypto: NULL deref in sha512_mb_mgr_get_comp_job_avx2](https://groups.google.com/d/msg/syzkaller/4nGqh82OL7g/0lU1zpp-BAAJ) 212 * [sound: unable to handle kernel paging request snd_seq_prioq_cell_out](https://groups.google.com/d/msg/syzkaller/wn-_0zA8ka4/kLB6BSR0BAAJ) 213 * [scsi: BUG in scsi_init_io](https://groups.google.com/d/msg/syzkaller/p2MBG9oRNdo/4MxGbWFwBAAJ) 214 * [mm: sleeping function called from invalid context shmem_undo_range](https://groups.google.com/d/msg/syzkaller/j8Zj72bs2xE/HjPk2dduBAAJ) 215 * [timerfd: use-after-free in timerfd_remove_cancel](https://groups.google.com/d/msg/syzkaller/bryiI66Pxxg/78NqwMhBBAAJ) 216 * [scsi: use-after-free in sg_start_req](https://groups.google.com/d/msg/syzkaller/Nft7hrE_CyM/QvEjMuUcBAAJ) 217 * [mm: deadlock between get_online_cpus/pcpu_alloc](https://groups.google.com/d/msg/syzkaller/G40CCUkkyDE/9Y3u-rXfAwAJ) 218 * [BUG at net/sctp/socket.c:7425](https://groups.google.com/d/msg/syzkaller/V2WPJ1BiXs0/-NO5Yea3AwAJ) 219 * [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/UHiABsxXVaI/lQQ36P5eAwAJ) 220 * [net: suspicious RCU usage in nf_hook](https://groups.google.com/d/msg/syzkaller/9876JHd_awE/xqvU9HFeAwAJ) 221 * [kvm: fix page struct leak in handle_vmon](https://www.spinics.net/lists/kernel/msg2428945.html) CVE-2017-2596 222 * [ipv6: fix ip6_tnl_parse_tlv_enc_lim()](https://patchwork.ozlabs.org/patch/718842/) 223 * [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/ZXcevV8NAgAJ) 224 * [perf: use-after-free in perf_event_for_each](https://groups.google.com/d/msg/syzkaller/UjDJeCgt3_M/xsv0cLUKAgAJ) 225 * [net: use-after-free in tw_timer_handler](https://groups.google.com/d/msg/syzkaller/p1tn-_Kc6l4/smuL_FMAAgAJ) 226 * [namespace: deadlock in dec_pid_namespaces](https://groups.google.com/d/msg/syzkaller/uhFVBGnXzHQ/-kZya8AdAQAJ) 227 * [sctp: kernel memory overwrite attempt detected in sctp_getsockopt_assoc_stats](https://groups.google.com/d/msg/syzkaller/Ok2fotcCSsg/10Tak7X0EQAJ) 228 * [kvm: deadlock in kvm_vgic_map_resources](https://groups.google.com/d/msg/syzkaller/7E0b8H0nJm8/-aoPnGW_EAAJ) 229 * [net/atm: warning in alloc_tx/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/3WJGPLm6FmQ) 230 * [net/ipv6: use-after-free in sock_wfree](https://groups.google.com/forum/#!topic/syzkaller/BhyN5OFd7sQ) 231 * [kvm: kvm: BUG in loaded_vmcs_init](https://groups.google.com/d/msg/syzkaller/VrcANKRU3iQ/KdZDHdIiDwAJ) 232 * [kvm: NULL deref in vcpu_enter_guest](https://groups.google.com/d/msg/syzkaller/6V-KXaMDYi8/rOvBl-69DAAJ) 233 * [kvm: use-after-free in complete_emulated_mmio](https://groups.google.com/d/msg/syzkaller/-Pl63SQ63FA/pYO4cRkUDAAJ) CVE-2017-2584 234 * [kvm: BUG in kvm_unload_vcpu_mmu](https://groups.google.com/d/msg/syzkaller/VbGoa1nALVw/x7hPnUMXDAAJ) 235 * [x86: warning in unwind_get_return_address](https://groups.google.com/forum/#!topic/syzkaller/BQBlYH-dNNM) 236 * [ipc: BUG: sem_unlock unlocks non-locked lock](https://groups.google.com/d/msg/syzkaller/u_ldPlYJSxk/Iu6CmEmlCAAJ) 237 * [kvm: WARNING in mmu_spte_clear_track_bits](https://groups.google.com/d/msg/syzkaller/Ii09l8gpFO4/HOkydz_bBwAJ) 238 * [sctp: suspicious rcu_dereference_check() usage in sctp_epaddr_lookup_transport](https://groups.google.com/d/msg/syzkaller/4V6zHuGzYuM/sLQkIJTVBwAJ) 239 * [kvm: use-after-free in process_srcu](https://groups.google.com/d/msg/syzkaller/i48YZ8mwePY/0PQ8GkQTBwAJ) 240 * [kvm: assorted bugs after OOMs](https://groups.google.com/d/msg/syzkaller/ytVPh93HLnI/KhZdengZBwAJ) 241 * [kvm: deadlock between kvm_io_bus_register_dev/kvm_hv_set_msr_common](https://groups.google.com/d/msg/syzkaller/KYU8Ru7P2wo/fHM0gbuUBgAJ) 242 * [netlink: GPF in netlink_dump](https://groups.google.com/d/msg/syzkaller/wXVYTkQqmeM/KJFTDTE2BgAJ) 243 * [fs, net: deadlock between bind/splice on af_unix](https://groups.google.com/d/msg/syzkaller/E3_YC5Ac-dY/Wr42pcVBBgAJ) 244 * [net: use-after-free in worker_thread](https://groups.google.com/forum/#!topic/syzkaller/RCnXAyhFBZs) 245 * [net: signed overflows in SO_{SND|RCV}BUFFORCE sockopts](https://groups.google.com/forum/#!topic/syzkaller/rXpw5jXjGBM) CVE-2016-9793 CVE-2012-6704 246 * [net/can: warning in raw_setsockopt/__alloc_pages_slowpath](https://groups.google.com/forum/#!topic/syzkaller/6ceFXDer0ik) 247 * [net/ipv6: null-ptr-deref in ip6_rt_cache_alloc](https://groups.google.com/forum/#!topic/syzkaller/ryLwIsiKnmA) 248 * [net/dccp: use-after-free in dccp_invalid_packet](https://groups.google.com/forum/#!topic/syzkaller/5uW1cV_WjIQ) 249 * [net/sctp: vmalloc allocation failure in sctp_setsockopt/xt_alloc_table_info](https://groups.google.com/forum/#!topic/syzkaller/TMlGTPkIlFU) 250 * [net: BUG in unix_notinflight](https://groups.google.com/d/msg/syzkaller/4PFR0zm8JdU/XIGam5-dAgAJ) 251 * [net: GPF in eth_header](https://groups.google.com/d/msg/syzkaller/GFbGpX7nTEo/96LNG7KbAgAJ) CVE-2016-9755 252 * [net: deadlock on genl_mutex](https://groups.google.com/d/msg/syzkaller/-YGhBYeg8Ew/jf9uD0maAgAJ) 253 * [net: GPF in rt6_get_cookie](https://groups.google.com/d/msg/syzkaller/3uDn6P5bwzA/gdzgPxeYAgAJ) 254 * [netlink: GPF in sock_sndtimeo](https://groups.google.com/d/msg/syzkaller/R_KZuzEDLeg/SkANc-yVAgAJ) 255 * [scsi: use-after-free in bio_copy_from_iter](https://groups.google.com/d/msg/syzkaller/Ut8nZJIJoEs/lhPdzXlSAgAJ) CVE-2016-9576 256 * [net/udp: bug in skb_pull_rcsum](https://groups.google.com/forum/#!topic/syzkaller/fVj7UJ6nOow) 257 * [net/icmp: null-ptr-deref in icmp6_send](https://groups.google.com/forum/#!topic/syzkaller/exfKDuH5sLI) CVE-2016-9919 258 * [net/can: use-after-free in bcm_rx_thr_flush](https://groups.google.com/forum/#!topic/syzkaller/1kM2GFIzSBU) 259 * [kvm: slab-out-of-bounds write in __apic_accept_irq](https://groups.google.com/d/msg/syzkaller/YWVsTBlRljk/xMwrqdOgCAAJ) CVE-2016-9777 260 * [mm: BUG in pgtable_pmd_page_dtor](https://groups.google.com/d/msg/syzkaller/JGNtVzSymvw/6VbQla2gCAAJ) 261 * [logfs: GPF in logfs_alloc_inode](https://groups.google.com/d/msg/syzkaller/jj5WiCBNDh4/tYlsqCegCAAJ) 262 * [mm, floppy: unkillable task faulting on fd0](https://groups.google.com/d/msg/syzkaller/v6X8nr-XMqY/AKvXMjqdCAAJ) 263 * [kvm: deadlock between kvm_vm_ioctl_get_dirty_log/kvm_hv_set_msr_common/kvm_create_pit](https://groups.google.com/d/msg/syzkaller/AMBA62hsVnQ/vtH4SEeoBwAJ) 264 * [kvm: WARNING in em_jmp_far](https://groups.google.com/d/msg/syzkaller/vlC9IzBqaEs/S5sZl9ejBwAJ) CVE-2016-9756 265 * [kvm: WARNING in rtc_status_pending_eoi_check_valid](https://groups.google.com/d/msg/syzkaller/WuAv_qE8dI8/jJd6E3ClBwAJ) 266 * [kvm: GPF in kvm_ioapic_set_irq](https://groups.google.com/d/msg/syzkaller/yOvg84HBx6E/6db4LE6jBwAJ) 267 * [mm: BUG in munlock_vma_pages_range](https://groups.google.com/d/msg/syzkaller/YrHKOMostEc/3Arq3dCiBwAJ) 268 * [kvm: WARNING in kvm_arch_vcpu_ioctl_run](https://groups.google.com/d/msg/syzkaller/24wCim9x3mI/RoV24W5yBwAJ) 269 * [kvm: use-after-free/GPF in kvm_irq_delivery_to_apic_fast](https://groups.google.com/d/msg/syzkaller/sue3X3IQanU/ypLWfHTpBgAJ) 270 * [kvm: out-of-bounds write in __rtc_irq_eoi_tracking_restore_one](https://groups.google.com/d/msg/syzkaller/8IXfmLUSkbA/8bbm6hbqBgAJ) 271 * [kvm: BUG in pte_list_remove](https://groups.google.com/d/msg/syzkaller/IqkesiRS-t0/aLcJuMXqBgAJ) 272 * [kvm: recursive lock in kvm_clear_async_pf_completion_queue](https://groups.google.com/d/msg/syzkaller/dGfcd0P7J-E/XD0h8n_rBgAJ) 273 * [kvm: WARNING in em_ret_far](https://groups.google.com/d/msg/syzkaller/o5ZftARBhrs/r1ivQ-HtBgAJ) 274 * [kvm: GPF in irqfd_shutdown/eventfd_ctx_remove_wait_queue](https://groups.google.com/d/msg/syzkaller/Zubs2yePdiY/svec5qrtBgAJ) 275 * [kvm: GPF in gfn_to_rmap](https://groups.google.com/d/msg/syzkaller/sHBCmfktDGg/dAhz7M7vBgAJ) 276 * [kvm: paging fault in kvm_gfn_to_hva_cache_init](https://groups.google.com/d/msg/syzkaller/ETU_E6Sc-rk/-iWFPpTwBgAJ) 277 * [kvm: suspicious RCU usage/missed lock in kvm_lapic_set_vapic_addr](https://groups.google.com/d/msg/syzkaller/Zw7Usg-FnDQ/QvHU6P69BgAJ) 278 * [kvm: use-after-free in irq_bypass_register_consumer](https://groups.google.com/d/msg/syzkaller/NKlClJzOOww/zX1sXW24BgAJ) 279 * [kvm: WARNING in kvm_load_guest_fpu](https://groups.google.com/d/msg/syzkaller/PeDBKPqz19o/VckGWlW0BgAJ) 280 * [kvm: GPF in kvm_pic_set_irq](https://groups.google.com/d/msg/syzkaller/T4ZFHqpmwKM/V_X9W8awBgAJ) 281 * [kvm: GPF in irq_bypass_unregister_consumer](https://groups.google.com/d/msg/syzkaller/Dz__GySpVr8/UQ5kpdWrBgAJ) 282 * [kvm: GPF in __get_kvmclock_ns](https://groups.google.com/d/msg/syzkaller/A5cpi35KlkQ/a35IrBmoBgAJ) 283 * [kvm: WARNING In kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/1qxx4nU4hpE/qJlIQcWtBgAJ) 284 * [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/F3xBpkDRAiE/jdmpOIKtBgAJ) 285 * [tcp: take care of truncations done by sk_filter()](https://patchwork.ozlabs.org/patch/693484/) 286 * [net/l2tp: use-after-free write in l2tp_ip6_close](https://groups.google.com/forum/#!topic/syzkaller/rXbAbqydmsw) 287 * [net/sctp: null-ptr-deref in sctp_inet_listen](https://groups.google.com/forum/#!topic/syzkaller/rngiXb8aNVk) 288 * [net/tcp: warning in tcp_recvmsg](https://groups.google.com/forum/#!topic/syzkaller/xpNRe_86Dog) 289 * [net/netlink: another global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/BTjwhbtc9QE) 290 * [bpf: kernel BUG in htab_elem_free](https://groups.google.com/d/msg/syzkaller/NcK5XXQA-_o/DYskkVn1AwAJ) 291 * [net/netlink: global-out-of-bounds in genl_family_rcv_msg/validate_nla](https://groups.google.com/forum/#!topic/syzkaller/6k-N84V-Z88) 292 * [net/ipv6: null-ptr-deref in inet6_bind](https://groups.google.com/forum/#!topic/syzkaller/AdbicmLlFHk) 293 * [net/dccp: null-ptr-deref in dccp_parse_options](https://groups.google.com/forum/#!topic/syzkaller/_vGUxJLcdKY) 294 * [net/dccp: null-ptr-deref in dccp_v4_rcv/selinux_socket_sock_rcv_skb](https://groups.google.com/forum/#!topic/syzkaller/nyrJEo2pUJs) 295 * [net/tcp: null-ptr-deref in __inet_lookup_listener/inet_exact_dif_match](https://groups.google.com/forum/#!topic/syzkaller/zfXVCzJTXzQ) 296 * [net/dccp: warning in dccp_feat_clone_sp_val/__might_sleep](https://groups.google.com/forum/#!topic/syzkaller/GDvJr49XK7g) 297 * [net/can: warning in bcm_connect/proc_register](https://groups.google.com/forum/#!topic/syzkaller/ltCQQCE44pQ) 298 * [net/ipv4: warning in inet_sock_destruct](https://groups.google.com/forum/#!topic/syzkaller/8tMiUcdWx78) 299 * [net/sctp: slab-out-of-bounds in sctp_sf_ootb](https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk) CVE-2016-9555 300 * [net/dccp: warning in dccp_set_state](https://groups.google.com/forum/#!topic/syzkaller/JdYwfv_22lA) 301 * [net/netlink: bad unlock balance in netlink_diag_dump](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y) 302 * [net/netlink: null-ptr-deref in netlink_dump/lock_acquire](https://groups.google.com/forum/#!topic/syzkaller/Pk4VwBtZD2Y) 303 * [net/ipx: null-ptr-deref in ipxrtr_route_packet](https://groups.google.com/forum/#!topic/syzkaller/xqRSxMxPVq0) 304 * [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/forum/#!topic/syzkaller/W0swoIe25Eg) 305 * [fs: WARNING in locks_unlink_lock_ctx (not holding proper lock)](https://groups.google.com/d/msg/syzkaller/9DFicr6njUw/aaX3dVtNBQAJ) 306 * [kernel BUG in dio_get_page](https://groups.google.com/d/msg/syzkaller/rCCyOHJHflI/Ik7IhXWzBAAJ) 307 * [drm: GPF in drm_getcap](https://groups.google.com/d/msg/syzkaller/dxVHCovRzhg/7QPBBqi4BwAJ) 308 * [fs: GPF in bd_mount](https://groups.google.com/d/msg/syzkaller/Z7OCclqCuq0/--YUa8QrBgAJ) 309 * [tty, fbcon: use-after-free in fbcon_invert_region](https://groups.google.com/d/msg/syzkaller/1DU69JpJwJg/n-6V4Wr5BQAJ) 310 * [drm: NULL pointer dereference in drm_mode_object_find()](https://groups.google.com/d/msg/syzkaller/7kyIupsNz-c/dWIIMpJXAQAJ) 311 * [6pack: stack-out-of-bounds in sixpack_receive_buf](https://groups.google.com/d/msg/syzkaller/A1x5I2hxcew/DjzZX7_mBQAJ) 312 * [logfs: GPF in logfs_init_inode](https://groups.google.com/d/msg/syzkaller/sU52_tpOsxQ/QTmqrIjlBQAJ) 313 * [tty: use-after-free in n_tty_receive_buf_fast](https://groups.google.com/d/msg/syzkaller/wz0PXUAcE7g/QN-MnqnjBQAJ) 314 * [sound: divide by 0 in snd_hrtimer_callback (or hang)](https://groups.google.com/d/msg/syzkaller/YZDD4SOU2Lk/LwRAiknjBQAJ) 315 * [mm: GPF in __insert_vmap_area](https://groups.google.com/d/msg/syzkaller/dTC7VpMKBu0/Aasz9zHiBQAJ) 316 * [fs, tty: WARNING in devpts_get_priv](https://groups.google.com/d/msg/syzkaller/qz7_4jCFPvw/nm19yTfbBQAJ) 317 * [fanotify: unkillable hanged processes](https://groups.google.com/d/msg/syzkaller/kY_ml6TCm9A/wDd5fYFXBQAJ) 318 * [drm: GPF in drm_context_switch_complete](https://groups.google.com/d/msg/syzkaller/ZB879NphOvw/ZDzsirsgBAAJ) 319 * [drm: GPF in drm_legacy_lock_free](https://groups.google.com/d/msg/syzkaller/VsfDwjS-Vk8/HOxWf1cgBAAJ) 320 * [sound: division by 0 in snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/HOTZlap4aZ8/E9EnyqwfBAAJ) 321 * [perf: WARNING in perf_event_read](https://groups.google.com/d/msg/syzkaller/nQl0TADtoXc/qwp8erUdBAAJ) 322 * [drm: WARNING in drm_irq_by_busid](https://groups.google.com/d/msg/syzkaller/1ckoC7WPx3c/-JO150EIBAAJ) 323 * [dri: WARNING in idr_remove](https://groups.google.com/d/msg/syzkaller/wOfaszMuYSQ/2a5fyjkSBAAJ) 324 * [mm: use-after-free in collapse_huge_page](https://groups.google.com/d/msg/syzkaller/eFgUtJ_WbmM/yBQp-6QFBAAJ) 325 * [kcm: use-after-free in fput of kcm socket](https://groups.google.com/d/msg/syzkaller/1S98uAzWBLg/c9ANduUDBAAJ) 326 * [bdev: fix NULL pointer dereference in sync()/close() race](https://groups.google.com/d/msg/syzkaller/Gu28cO5tVSw/uAwLAuKrAwAJ) 327 * [bdev: fix NULL pointer dereference](https://groups.google.com/forum/#!topic/syzkaller/VF7tNBDWFMI) 328 * [BUG: sleeping function called from invalid context at mm/mempolicy.c:553](http://pastebin.com/uNQW3afN) 329 * [use-after-free in ppp_unregister_channel](http://review.cyanogenmod.org/#/c/145489/) 330 * [net/tipc: NULL-ptr dereference in tipc_nl_publ_dump](http://lists.openwall.net/netdev/2016/05/14/35) 331 * [HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()](https://patchwork.kernel.org/patch/8583981/) 332 * [mm: memory corruption on mmput](http://lists.openwall.net/linux-kernel/2016/04/17/72) 333 * [perf: WARNING in perf_event_read](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214159.html) 334 * [9p2000.L stat/unlink race (WARNING: fs/inode.c:280 drop_nlink)](https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1214157.html) 335 * [mm: page fault in __do_huge_pmd_anonymous_page](https://groups.google.com/d/msg/syzkaller/Ihm6d1NmRk8/WG-qZ6aMCQAJ) 336 * [usb: memory allocation WARNING in hcd_buffer_alloc](https://groups.google.com/d/msg/syzkaller/svY2Ac1RYCM/wD9pZHeJCQAJ) 337 * [dccp: potential deadlock in dccp_v4_ctl_send_reset](https://groups.google.com/d/msg/syzkaller/yrxEaY_QQEM/Xtx0LrSICQAJ) 338 * [mm: GPF in find_get_pages_tag](https://groups.google.com/d/msg/syzkaller/9XYmMfpNxCg/jl1EgpmHCQAJ) 339 * [mm: BUG in page_move_anon_rmap](https://groups.google.com/d/msg/syzkaller/E21YB1m9Fb4/yrj55fZZCAAJ) 340 * [block: GPF in get_task_ioprio](https://groups.google.com/d/msg/syzkaller/pCqmZTOvf7g/foAZqH71BwAJ) 341 * [tty: stall in n_tty_ioctl/inq_canon](https://groups.google.com/d/msg/syzkaller/JEOgcphr_FQ/zt5eiRfUBQAJ) 342 * [random: negative entropy/overflow: pool input count -40000](https://groups.google.com/d/msg/syzkaller/LvdDTS5Om_g/zJmN7RfOBQAJ) 343 * [bpf: use after free in array_map_alloc](http://seclists.org/oss-sec/2016/q2/332) CVE-2016-4794 344 * [kvm: use-after-free in kvm_irqfd_release](https://groups.google.com/d/msg/syzkaller/mLrF0hWNsA0/qN0CYvVABQAJ) 345 * [kvm: GPF in kvm_lapic_set_tpr](https://groups.google.com/d/msg/syzkaller/kQW1tyy6vjc/0xbWT-JABQAJ) 346 * [sound: use-after-free in hrtimer_cancel](https://groups.google.com/d/msg/syzkaller/HMNrvp-Dt2g/kaQMrGQEAwAJ) 347 * [sound: hang in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/8k7zhhEbAgAJ) 348 * [sound: deadlock involving snd_hrtimer_callback](https://groups.google.com/d/msg/syzkaller/s_OkwAWjJ1Q/O852Mz3HAQAJ) 349 * [fs: GPF in locked_inode_to_wb_and_lock_list](https://groups.google.com/d/msg/syzkaller/XvxH3cBQ134/F0-0r3MxAAAJ) 350 * [x86: bad pte in pageattr_test](https://groups.google.com/d/msg/syzkaller/Fu6BruqUHOU/nuJxpW7EAwAJ) 351 * [tty: memory leak in tty_open](https://groups.google.com/d/msg/syzkaller/wZUev9AXzDY/Nt4ih4B7EgAJ) 352 * [net: memory leak due to CLONE_NEWNET](https://groups.google.com/d/msg/syzkaller/dLbu8taoWVY/w3myILDuEQAJ) 353 * [lockdep WARNING in get_online_cpus](https://groups.google.com/d/msg/syzkaller/MHXa-o8foyc/o-mB1L_rEQAJ) 354 * [mm: BUG in khugepaged_scan_mm_slot](https://groups.google.com/d/msg/syzkaller/GNB2k9vLYc4/9Cu_fy7hEQAJ) 355 * [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/eIjELqsnpcE/xX-R8APfEQAJ) 356 * [scsi: machine hang due to write to /dev/sg0](https://groups.google.com/d/msg/syzkaller/oQ3Hg-JUVKA/8zwovr9lDAAJ) 357 * [AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way](http://seclists.org/oss-sec/2016/q1/450) 358 * [sound: uninterruptible hang in snd_seq_oss_writeq_sync](https://groups.google.com/d/msg/syzkaller/bUvgnh0owos/Ps7Rep4XCAAJ) 359 * [fs: uninterruptible hang in handle_userfault](https://groups.google.com/d/msg/syzkaller/dSd90m_8O9w/-SAlwCUUCAAJ) 360 * [net: memory leak in N_6PACK driver](https://groups.google.com/d/msg/syzkaller/555eacbu6QQ/_3PGUrCbBQAJ) 361 * [net: memory leak in lapb_register](https://groups.google.com/d/msg/syzkaller/PqiopMXpNwU/8ChRtB6bBQAJ) 362 * [net: memory leak in mkiss_open](https://groups.google.com/d/msg/syzkaller/ylPCtzQr_jc/z_x_9uKaBQAJ) 363 * [sound: list corruption in delete_and_unsubscribe_port](https://groups.google.com/d/msg/syzkaller/XcYfdFeeyK8/R49jRCLCAwAJ) 364 * [kvm: GPF in kvm_pic_clear_all](https://groups.google.com/d/msg/syzkaller/FzqGSkRKwm0/h4Yz2CSBAwAJ) 365 * [kvm: GPF in kvm_irq_map_gsi](https://groups.google.com/d/msg/syzkaller/Rg4Y2Z6HbHI/w9zXygeAAwAJ) 366 * [tty: memory leak in tty_register_driver](https://groups.google.com/d/msg/syzkaller/iPxmOCKQLbU/0yLjf9x2AwAJ) 367 * [sound: memory leak in snd_seq_pool_init](https://groups.google.com/d/msg/syzkaller/hpzw94zvlLI/HBqrHjJzAwAJ) 368 * [tty: deadlock between tty_buffer_flush/n_tracesink_open](https://groups.google.com/d/msg/syzkaller/HX5NRBC8ubw/w4XgLENBAwAJ) 369 * [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/8PdCofDMAAAJ) 370 * [fs: NULL deref in atime_needs_update](https://groups.google.com/d/msg/syzkaller/0SW33jMcrXQ/7qZfeV-HAAAJ) 371 * [sound: spinlock lockup in snd_seq_oss_write](https://groups.google.com/d/msg/syzkaller/aSwFzmSY7Rc/zIKYuKczAAAJ) 372 * [net: memory leak in ip_cmsg_send](https://groups.google.com/d/msg/syzkaller/keQktFmhfBM/UDsS4tEACAAJ) 373 * [net/irda: BUG: looking up invalid subclass: 4294967295](https://groups.google.com/d/msg/syzkaller/RSwLEwkWag8/S2kSuPn-BwAJ) CVE-2017-6348 374 * [sound: use-after-free in snd_timer_start1](https://groups.google.com/d/msg/syzkaller/zF-7vhuSc9o/O89UIO3HBwAJ) 375 * [tty: tty_struct memory leak](https://groups.google.com/d/msg/syzkaller/ZPlLcAxOFSw/NyFyCAjIBwAJ) 376 * [gigaset: memory leak in gigaset_initcshw](https://groups.google.com/d/msg/syzkaller/wu3NyQ5ZJFE/sat9DwTFBwAJ) 377 * [sound: out-of-bounds write in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/Au60AgpecfQ/a3eWMIevBwAJ) 378 * [mm: uninterruptable tasks hanged on mmap_sem](https://groups.google.com/d/msg/syzkaller/6M2Z5r28UDA/nYPsJ1KIBwAJ) 379 * [sound: another WARNING in rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/FEjR2q-Ri-s/IXSua74aBwAJ) 380 * [sound: use-after-free in snd_seq_deliver_single_event](https://groups.google.com/d/msg/syzkaller/c8bhbCQP-XA/Abeq8ToXBwAJ) 381 * [sound: WARNING in snd_rawmidi_kernel_write1](https://groups.google.com/d/msg/syzkaller/BI280LemTW8/KgcuDJYWBwAJ) 382 * [sound: deadlock between snd_pcm_oss_write/snd_pcm_oss_mmap](https://groups.google.com/forum/#!topic/syzkaller/MlIO0DbOtsA) 383 * [ata: BUG in ata_sff_hsm_move](https://groups.google.com/d/msg/syzkaller/GyV2KfwtfTg/PiTmmqngBQAJ) 384 * [WARNING in set_restore_sigmask](https://groups.google.com/d/msg/syzkaller/unp9iTQ4IKc/bvJO8A4oBgAJ) 385 * [BUG: bad unlock balance detected in vma_unlock_anon_vma](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ) 386 * [bluetooth: use-after-free in vhci_send_frame](https://groups.google.com/d/msg/syzkaller/oWvyWrgd3M4/nAu5XTMmBgAJ) 387 * [mm: another VM_BUG_ON_PAGE(PageTail(page))](https://groups.google.com/d/msg/syzkaller/boW7sZ0HoYA/j8hH8-vcBQAJ) 388 * [scsi: NULL deref in sg_start_req](https://groups.google.com/d/msg/syzkaller/8Fg8X9iguFM/u6sUrAvcBQAJ) 389 * [mm: BUG in expand_downwards](https://groups.google.com/d/msg/syzkaller/SaJgfpbKTlg/kSdMBKWPBQAJ) 390 * [sound: heap out-of-bounds write in dummy_systimer_prepare](https://groups.google.com/d/msg/syzkaller/PBGF26zn2DY/YMstW6CMBQAJ) 391 * [WARNING in do_jobctl_trap](https://groups.google.com/d/msg/syzkaller/67Ipm9Q3dN4/Mn1ZM1pPBQAJ) 392 * [mm: VM_BUG_ON_PAGE(PageTail(page)) in mbind](https://groups.google.com/d/msg/syzkaller/rUdHl1uq8GU/fd2lDLFHBQAJ) 393 * [net/bluetooth: workqueue destruction WARNING in hci_unregister_dev](https://groups.google.com/d/msg/syzkaller/uVXU3InAfRY/U7AuPXdEBQAJ) 394 * [gpu: kmalloc size WARNING in vga_arb_write](https://groups.google.com/d/msg/syzkaller/To4N4VWHTNU/k-5QDrk_BQAJ) 395 * [net/rfkill: WARNING in rfkill_fop_read](https://groups.google.com/d/msg/syzkaller/hijZUVUav8E/7tjnCAM-BQAJ) 396 * [sound: use-after-free in _snd_timer_stop](https://groups.google.com/d/msg/syzkaller/DjSwFNnJZn8/flxXWywRBQAJ) 397 * [net/irda: use-after-free in ircomm_param_request](https://groups.google.com/d/msg/syzkaller/p_WWX0G_UXQ/zGKfw04DBQAJ) 398 * [net/sctp: out-of-bounds access in sctp_add_bind_addr](https://groups.google.com/d/msg/syzkaller/BhOYz2ZBraw/-k3iDvD8BAAJ) 399 * [ext4: BUG: scheduling while atomic in ext4_commit_super](https://groups.google.com/d/msg/syzkaller/vIc3Dz_TTRI/dBNrj2G3BAAJ) 400 * [sound: WARNING in snd_rawmidi_transmit_ack](https://groups.google.com/d/msg/syzkaller/NJZR4sUggm8/ld5OCVu2BAAJ) 401 * [floppy: GPF in floppy_rb0_cb](https://groups.google.com/d/msg/syzkaller/AWXjFnnBN_s/RyzWTaKrBAAJ) 402 * [tty: kmalloc size WARNING in vc_do_resize](https://groups.google.com/d/msg/syzkaller/ufjvr5j0URo/6PSRe7mlBAAJ) 403 * [mm: WARNING in __delete_from_page_cache](https://groups.google.com/d/msg/syzkaller/w41UMMBPWRo/dyQTUcGjBAAJ) 404 * [sound: WARNING in snd_seq_oss_synth_cleanup](https://groups.google.com/d/msg/syzkaller/vfGuMIyOw1E/9-UwD5SiBAAJ) 405 * [sound: deadlock between snd_rawmidi_kernel_open/snd_seq_port_connect](https://groups.google.com/d/msg/syzkaller/T33gMP-856o/EyGhSkagBAAJ) 406 * [net: GPF in netlink_getsockbyportid](https://groups.google.com/d/msg/syzkaller/VlgAydM9Zu4/ts6sdhVuBAAJ) 407 * [fs: use-after-free in link_path_walk](https://groups.google.com/d/msg/syzkaller/t2QMO6N5F8s/MuY0RQ4tBAAJ) 408 * [fs: sandboxed process brings host down](https://groups.google.com/d/msg/syzkaller/gCyxNiVGGds/WP27JlAoBAAJ) 409 * [net: use-after-free in recvmmsg](https://groups.google.com/d/msg/syzkaller/amvYsa-I8yE/YRHrDOAmBAAJ) 410 * [struct pid memory leak](https://groups.google.com/d/msg/syzkaller/j7ld8eOG1OQ/7IJSStAUBAAJ) 411 * [net: WARNING in dccp_set_state](https://groups.google.com/d/msg/syzkaller/kWaUYryuwSY/9jbwNyRlAwAJ) 412 * [mm: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected in split_huge_page_to_list](https://groups.google.com/d/msg/syzkaller/zezMs3b7Vsc/Vo-6bujTAgAJ) 413 * [sound: BUG in snd_ctl_find_numid](https://groups.google.com/d/msg/syzkaller/rc3dZwnu5ZI/uRWvc2XUAgAJ) 414 * [net: GPF in __netlink_ns_capable](https://groups.google.com/forum/#!topic/syzkaller/daN8eU9ttSg) 415 * [crypto: slab-out-of-bounds in skcipher_recvmsg](https://groups.google.com/d/msg/syzkaller/VBcr-fy-t0w/KJo9r0r5AQAJ) 416 * [net: hang in ip_finish_output](https://groups.google.com/d/msg/syzkaller/OM7CXieBCoY/etzvFPX3AQAJ) 417 * [kvm: access to invalid memory in mmu_zap_unsync_children](https://groups.google.com/d/msg/syzkaller/4wAzRPswgQ8/IWGjISZQFQAJ) 418 * [kvm: using uninitialized var in tdp_page_fault](https://groups.google.com/d/msg/syzkaller/4u4EokUaq8U/jEkM-ZZQFQAJ) 419 * [sound: spinlock lockup in sound/core/timer.c](https://groups.google.com/d/msg/syzkaller/bbtG9_h1ONU/CPLblMC6FAAJ) 420 * [sound: GPF in snd_timer_user_params](https://groups.google.com/d/msg/syzkaller/pGyQMx7Fq84/Kzzp1yytFAAJ) 421 * [sound: use-after-free in snd_timer_interrupt](https://groups.google.com/d/msg/syzkaller/_jsbNkayw7w/vbivwMWsFAAJ) 422 * [sound: use-after-free in snd_timer_user_ioctl](https://groups.google.com/d/msg/syzkaller/9mIp43V-OS8/uCHNBiSsFAAJ) 423 * [crypto: use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/GdqfroKSD8Q/goTM-tyiFAAJ) 424 * [net/sctp: use-after-free in __sctp_connect](https://groups.google.com/d/msg/syzkaller/wB2VUZcQRkE/NlNJBvybFAAJ) 425 * [net: WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/tDe2SCAzirE/ar2v6cZQFAAJ) 426 * [sound: use-after-free in snd_timer_stop](https://groups.google.com/d/msg/syzkaller/IAjJAaJOHZg/s1Ud2wVPFAAJ) 427 * [sound: GPF in snd_seq_fifo_clear](https://groups.google.com/d/msg/syzkaller/KbVqGu3WcPs/dYdSgjVOFAAJ) 428 * [crypto: ablk_decrypt causes BUG in scatterwalk](https://groups.google.com/d/msg/syzkaller/J5BIP1NxPVc/V5RQhCRMFAAJ) 429 * [kvm: GPF in native_set_debugreg](https://groups.google.com/d/msg/syzkaller/E_simxTrAxM/K70SOr4wEwAJ) 430 * [kvm: GPF in kvm_lapic_latched_init](https://groups.google.com/d/msg/syzkaller/Sw8voIm9wN4/AV_6rPsvEwAJ) 431 * [kvm: WARNING in kvm_apic_accept_events](https://groups.google.com/d/msg/syzkaller/qING1Xy24JY/v9sxuVErEwAJ) 432 * [kvm: vmalloc allocation failure in kvm_vm_ioctl](https://groups.google.com/d/msg/syzkaller/K47NvuAAPz4/PO9mb4c4EwAJ) 433 * [kvm: vmalloc allocation failure in kvm_vcpu_ioctl_set_cpuid](https://groups.google.com/d/msg/syzkaller/58wqKq6iCXk/qQsxAH8pEwAJ) 434 * [kvm: WARNING in __x86_set_memory_region](https://groups.google.com/d/msg/syzkaller/tYgkwrDQjkg/jTllLeYmEwAJ) 435 * [kvm: WARNING in exception_type](https://groups.google.com/d/msg/syzkaller/NVYxVRSPan4/WCVzMTImEwAJ) 436 * [mm: possible deadlock in mm_take_all_locks](https://groups.google.com/d/msg/syzkaller/AxduklbKrfc/VQ2r5VQqEwAJ) 437 * [net/nfc: GPF in llcp_sock_getname](https://groups.google.com/d/msg/syzkaller/uj-hx-eBQ28/KCztJ2z6EAAJ) 438 * [net/netlink: memory leak in netlink_sendmsg](https://groups.google.com/d/msg/syzkaller/UUAHYw5MtjA/JEEHUuykEAAJ) 439 * [net/tipc: memory leak in tipc_release](https://groups.google.com/d/msg/syzkaller/5-GmaFy2BUI/Z1RBMsigEAAJ) 440 * [memory leak in lapb_create_cb](https://groups.google.com/d/msg/syzkaller/A-AnLCJnfIM/TCX4G1N0EAAJ) 441 * [net/sctp: sctp_datamsg memory leak](https://groups.google.com/d/msg/syzkaller/hLdAYS7j_tM/rwo6p5x1EAAJ) 442 * [net/sctp: sock memory leak](https://groups.google.com/d/msg/syzkaller/rB_bD-M8ijs/m44UxFNzEAAJ) 443 * [net/nfc: user-controllable kmalloc size in nfc_llcp_send_ui_frame](https://groups.google.com/d/msg/syzkaller/D9S8Ji0HJtM/9nJc3SdTEAAJ) 444 * [tty: deadlock between n_tracerouter_receivebuf and flush_to_ldisc](https://groups.google.com/d/msg/syzkaller/YrV0bzdfa-g/n5Eyi6tSEAAJ) 445 * [crypto: use-after-free in alg_bind](https://groups.google.com/d/msg/syzkaller/exVfK_05eqU/hszZrHwjEAAJ) 446 * [crypto: deadlock in alg_setsockopt](https://groups.google.com/d/msg/syzkaller/t3fOIUvQRR0/Xf8Jw9sdEAAJ) 447 * [crypto: use-after-free in rng_recvmsg](https://groups.google.com/d/msg/syzkaller/4Ivvjq4KGhM/EbQX8Ze_DwAJ) 448 * [use-after-free in skcipher_bind](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/iFcu_0R8DgAJ) 449 * [9p: sleeping function called from invalid context in v9fs_vfs_atomic_open_dotl](https://groups.google.com/d/msg/syzkaller/1YncbDVfdow/JudLnO49DgAJ) 450 * [fs: WARNING in locks_free_lock_context](https://groups.google.com/d/msg/syzkaller/AxzCz8bJPko/A6iFq0IsDgAJ) 451 * [net: user-controllable kmalloc size in __sctp_setsockopt_connectx](https://groups.google.com/d/msg/syzkaller/mv8Iaz0oHAs/b3dwSCD9DQAJ) 452 * [GPF in gf128mul_64k_bbe](https://groups.google.com/d/msg/syzkaller/BIjLNIO1g7k/6FTkQpFcDAAJ) 453 * [use-after-free in hash_sock_destruct](https://groups.google.com/d/msg/syzkaller/XSCcDfuj3Cw/cplfjIlcDAAJ) 454 * [GPF in lrw_crypt](https://groups.google.com/d/msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ) 455 * [bad page state due to PF_ALG socket](https://groups.google.com/d/msg/syzkaller/OEaEMF5cRpc/AyYAGndcDAAJ) 456 * [use-after-free in skcipher_sock_destruct](https://groups.google.com/d/msg/syzkaller/Oi2d1GRRnPY/rbZZ5lZcDAAJ) 457 * [use-after-free in sixpack_close](https://groups.google.com/d/msg/syzkaller/QRZjzAzG0wg/pvnCAZNWDAAJ) 458 * [net: heap-out-of-bounds in sock_setsockopt](https://groups.google.com/d/msg/syzkaller/5J4lQcwp0x4/ATAqYNZ0CwAJ) 459 * [BUG_ON(!PageLocked(page)) in munlock_vma_page](https://groups.google.com/d/msg/syzkaller/8KEw1_E05zs/-HzQwaQlCwAJ) 460 * [perf: stalls in perf_install_in_context/perf_remove_from_context](https://groups.google.com/d/msg/syzkaller/NyMvU8ClQEM/7PjQ1csQCwAJ) 461 * [Information leak in sco_sock_bind](https://groups.google.com/d/msg/syzkaller/L2DGhEYtnQo/e0pj2sQpCwAJ) CVE-2015-8575 462 * [Information leak in llcp_sock_bind/llcp_raw_sock_bind](https://groups.google.com/d/msg/syzkaller/DHI06NjAnBw/02kKZKYnCwAJ) 463 * [Information leak in pptp_bind](https://groups.google.com/d/msg/syzkaller/fSqTaDjzcIo/HGa4cGi6CgAJ) 464 * [use-after-free in pptp_connect](https://groups.google.com/d/msg/syzkaller/w238o__gw7M/RrGhpOJ0CgAJ) 465 * [GPF in keyctl](https://bugzilla.redhat.com/show_bug.cgi?id=1290370) CVE-2015-7550 466 * [another use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/RQu4vcQ-CQAJ) 467 * [use-after-free in inet6_destroy_sock](https://groups.google.com/d/msg/syzkaller/u1NA-bgkR18/cMqpYl09CQAJ) 468 * [WARNING in crypto_wait_for_test](https://groups.google.com/d/msg/syzkaller/WZWajo0A2J4/K93w98fkCAAJ) 469 * [int overflow in io_getevents](https://groups.google.com/d/msg/syzkaller/UldJpka5MbA/riM5IbqTCAAJ) 470 * [use-after-free in ip6_xmit](https://groups.google.com/d/msg/syzkaller/YpU1_PMV_gU/FmLVGHqTCAAJ) 471 * [use-after-free in __perf_install_in_context](https://groups.google.com/d/msg/syzkaller/3Tk4BmoHxIk/x-EOZH_HBwAJ) 472 * [undefined shift in __bpf_prog_run](https://groups.google.com/d/msg/syzkaller/H7o2oz9CcKg/uzaiF7eqBwAJ) 473 * [signed integer overflow in ktime_add_safe](https://groups.google.com/d/msg/syzkaller/1R5FD_PtR1A/dVv99hGqBwAJ) 474 * [jump label: negative count!](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/hCg9HfHjDgAJ) 475 * [memory leak in alloc_huge_page](https://groups.google.com/d/msg/syzkaller/zg4TVSy6Ri8/qs99M-bJDwAJ) 476 * [memory leak in do_ipv6_setsockopt](https://groups.google.com/d/msg/syzkaller/xWavbbgt0qg/SpY86JLEDwAJ) 477 * [heap out-of-bounds access in array_map_update_elem](https://groups.google.com/d/msg/syzkaller/5NHTQ3U60-s/Xlnq60JwDwAJ) 478 * [deadlock in perf_ioctl](https://groups.google.com/d/msg/syzkaller/pOiDJIU5zI4/UXIsO9BrDwAJ) 479 * [user-controllable kmalloc size in bpf syscall](https://groups.google.com/d/msg/syzkaller/vhm-Av765TY/VzjC4zMqDwAJ) 480 * [net: use after free in ip6_make_skb](https://groups.google.com/d/msg/syzkaller/Pa8ovVaYL9c/Mw32fULmDgAJ) 481 * [user-controllable kmalloc size in sctp_getsockopt_local_addrs](https://groups.google.com/d/msg/syzkaller/WWpkIGBC0ts/kpMmnYfZDgAJ) 482 * [use-after-free in ip6_setup_cork](https://groups.google.com/d/msg/syzkaller/fHZ42YrQM-Y/Z4Xf-BbUDgAJ) 483 * [gigaset: freeing an active object](https://groups.google.com/d/msg/syzkaller/bOJJJcbKtjM/IGkN5ZyTDgAJ) 484 * [Freeing active kobject in pps_device_destruct](https://groups.google.com/forum/#!topic/syzkaller/rueDAZYv5v0) 485 * [GPF in process_one_work (flush_to_ldisc)](https://groups.google.com/d/msg/syzkaller/z3WIRnS2q9g/_TXY3LBBDgAJ) 486 * [use-after-free in tty_check_change](https://groups.google.com/d/msg/syzkaller/PGnPGgljA8A/5yfiRls1DgAJ) 487 * [WARNING in tcp_recvmsg](https://groups.google.com/d/msg/syzkaller/vlk-2b1hAVQ/JpkM7K36DQAJ) 488 * [use-after-free in irtty_open](https://groups.google.com/d/msg/syzkaller/foW6EoJnc9Y/q0gKZ3f3DQAJ) 489 * [use-after-free in sock_wake_async](https://groups.google.com/forum/#!topic/syzkaller/IjAetA6uvIc) 490 * [WARNING in handle_mm_fault](https://groups.google.com/forum/#!topic/syzkaller/o8VqvYNEu_I) 491 * [WARNING in gsm_cleanup_mux](https://groups.google.com/d/msg/syzkaller/zAvZnQBWGac/IPU35GyYDQAJ) 492 * [use-after-free in sctp_do_sm](https://groups.google.com/d/msg/syzkaller/OUaLglyQNYM/UWs4GxGUDQAJ) 493 * [yet another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/Jy08esFVw9k) 494 * [GPF in add_key](https://bugzilla.redhat.com/show_bug.cgi?id=1284059) 495 * [another uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/sjA9DrBQviw) 496 * [deadlock during fuseblk shutdown](https://groups.google.com/forum/#!topic/syzkaller/w-B4OeANKu8) 497 * [tty,net: use-after-free in x25_asy_open_tty](https://groups.google.com/d/msg/syzkaller/kYOghurchCg/aVg9hBBpDAAJ) 498 * [deadlock between tty_write and tty_send_xchar](https://groups.google.com/forum/#!topic/syzkaller/X12P_8jITAM) 499 * [WARNING in shmem_evict_inode](https://groups.google.com/forum/#!topic/syzkaller/HeT_3b2HIrs) 500 * [Deadlock between setsockopt/getsockopt](https://groups.google.com/forum/#!topic/syzkaller/46AwIkaOclk) 501 * [Deadlock between bind and splice](https://groups.google.com/forum/#!topic/syzkaller/HSofF04GVCA) 502 * [Use-after-free in ipv4_conntrack_defrag](https://groups.google.com/forum/#!topic/syzkaller/k62o6Fiu124) 503 * [Use-after-free in selinux_ip_postroute_compat](https://groups.google.com/forum/#!topic/syzkaller/eu-3LPXgdok) 504 * [Use-after-free in unshare](https://patchwork.ozlabs.org/patch/539061/) 505 * [GPF in tcp_sk_init/icmp_sk_init](https://patchwork.ozlabs.org/patch/539018/) 506 * [lockdep warning in ip_mc_msfget](https://groups.google.com/forum/#!topic/syzkaller/ScMRWhgAsbM) 507 * [WARNING in task_participate_group_stop](https://groups.google.com/forum/#!topic/syzkaller/p5ailXs8eEc) 508 * [Resource leak in unshare](https://groups.google.com/forum/#!topic/syzkaller/cdJvHvazRJk) 509 * [Paging fault with hard IRQs disabled in getsockopt](https://groups.google.com/forum/#!topic/syzkaller/AegFEboavHM) 510 * [Unkillable processes due to PTRACE_TRACEME](https://groups.google.com/forum/#!msg/syzkaller/uGzwvhlCXAw/E-cfY2ejAgAJ) 511 * [Use-after-free in ep_remove_wait_queue](https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8) CVE-2013-7446 512 * [GPF in shm_lock](https://groups.google.com/forum/#!topic/syzkaller/4jVzR278N9k) 513 * [GPF in rt6_uncached_list_flush_dev](https://groups.google.com/forum/#!topic/syzkaller/XmcaDo9DnSg) 514 * [Infinite loop in ip6_fragment](https://groups.google.com/forum/#!topic/syzkaller/PoD9yGkY1y8) 515 * [Uninterruptable hang in sendfile](https://groups.google.com/forum/#!topic/syzkaller/zfuHHRXL7Zg) 516 * [GPF in keyring_destroy](https://groups.google.com/forum/#!topic/syzkaller/E2DRBbUDEg8) [CVE-2015-7872](https://bugzilla.redhat.com/show_bug.cgi?id=1272371)