• LK v4.17.x - bad rss-counter state - bug

    bad rss-counter state - bug posted & found by zer0day tl;dr Found in LK v4.17.0+. Interesting one… :) Call Trace (Dump) Got from syzkaller ... [ 1251.494022] BUG: Bad rss-counter state mm:00000000bb7fc423 idx:0 val:8192 [ 1251.494998] BUG: Bad rss-counter state mm:00000000bb7fc423 idx:1 val:2 [ 1251.495890] BUG: non-zero pgtables_bytes on freeing...


  • LK v4.17.x - bad page map - bug

    bad page map - bug posted & found by zer0day tl;dr Found in LK v4.17.0+. Interesting one… :) Call Trace (Dump) Got from syzkaller [ 697.425122] kernel BUG at include/linux/mm.h:499! [ 697.425136] invalid opcode: 0000 [#1] SMP KASAN PTI [ 697.425147] CPU: 1 PID: 19619 Comm: syz-executor11 Tainted: G B...


  • LK v4.17.x - __handle_mm_fault - general page fault

    __handle_mm_fault - general page fault posted & found by zer0day tl;dr Found on LK v4.17.0+. leaded to null-dereference. Not analyzed yet… Call Trace (Dump) Here’s a report. [ 387.942047] kasan: CONFIG_KASAN_INLINE enabled [ 387.943245] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 387.944498] general protection...


  • LK v4.17.x - rb_insert_color - general page fault

    rb_insert_color - general page fault posted & found by zer0day tl;dr Found on LK v4.17.0+. leaded to null-dereference. Not analyzed yet… Call Trace (Dump) Here’s a report. kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN PTI...


  • LK v4.17.x - _decode_session6 - soft lockup

    _decode_session6 - soft lockup posted & found by zer0day tl;dr Got from syzkaller & Found in LK v4.17.0-rc7. Call Trace (Dump) Here’s a syzkaller’s report. watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor3:10493] Modules linked in: irq event stamp: 50309 hardirqs last enabled at (50308): [<ffffffff9fc00a60>] restore_regs_and_return_to_kernel+0x0/0x30 hardirqs...