• LK v4.16.x - getsockopt - task hung

    getsockopt - task hung in lock_sock_nested posted & found by zer0day tl;dr Posting in a long time :) because of other stuffs… I have a few LK bugs too, but skip it :).. I just found a bug, task hung in lock_sock_nested on the latest LK (v4.16.0-rc1). Of course, from...


  • LK v4.15.x - sidtab_search_core - null dereference

    selinux/sidtab_search_core - null dereference by GPF posted & found by zer0day tl;dr Actually, i got this bug with ‘syzkaller’ about a month ago (on v4.15.0-rc4) and have forgotten it, but now on v4.15.0-rc8, same bug is triggered by my poc code, so i wrote about it :). First of all,...


  • LK - prlimit64 - kernel panic

    prlimit64 (leading to kernel panic) posted & found by zer0day tl;dr W4F, not serious :). I just found a crash on LK v4.15.x (maybe the most of LKs). Actually, it’s obvious that it has to be happened. Because, resizing limitation of MSGQUEUE to 0 and calling socket$xxx repeatedly, in result,...


  • LK v4.15.x - unwind_orc - stack out-of-bounds

    unwind_orc - read 8 bytes stack oob in unwind_next_frame posted & found by zer0day tl;dr I just found the bug(?) stack oob (8 bytes read) in unwind_orc. So i just tested it on the latest LK (v4.15.0-rc4 currently), and it worked. But i found the commit about this bug(?). He(Commiter)...


  • LK v4.15.x - spinlock recursion, deadlock

    spin-lock recursion bug (leading to deadlock) posted & found by tl;dr There’s no any recursion check on spin-lock where i found (not exact). So when executed recursively, deadlock is triggered. It needs to check current and calling thread id so that avoiding deadlock at recursive cases. Below is p-sudo code...