Found Bugs
Newer bugs come first
Fix udp_output() lock inconsistency.
Fix IPV6_CHECKSUM computation.
When sending a routing message, don't allow the user to set the RTF_RNH_LOCKED flag in rtm_flags.
Fix an SCTP related locking issue.
Reinitialize multicast source filter structures after invalidation.
Fix a small locking bug in tcp_log_id().
Fix a double free of an SCTP association in an error path.
Reject F_SETLK_REMOTE commands when sysid == 0.
Initialize scheduler specific data for the FCFS scheduler.
Improve locking when tearing down an SCTP association.
Fix more signed unsigned issues in SCTP.
Fix a signed/unsigned bug when receiving SCTP messages.
Limit the size of messages sent on 1-to-many style SCTP sockets with the SCTP_SENDALL flag.
Limit the number of bytes which can be queued for SCTP sockets.
Fix a KASSERT() in tcp_output().
Disallow preemptive creation of wired superpage mappings.
vm_fault_copy_entry: accept invalid source pages.
Fix a bug in the SCTP stream schedulers.
Allocate an association id and register the stcb with holding the lock.
Allow SCTP stream reconfiguration operations only in ESTABLISHED state.
Fix handling of the SCTP_STATUS socket option in early states.
Honor the memory limits provided when processing the SCTP_GET_LOCAL_ADDRESSES socket option.
Check the index hasn't changed after writing the cmp entry.
Improve input validation for raw IPv4 socket using the IP_HDRINCL option.
Fix a locking issue in the IPPROTO_SCTP level SCTP_PEER_ADDR_THLDS socket.
Fix a locking bug in the IPPROTO_SCTP level SCTP_EVENT socket option.
Fix locking for IPPROTO_SCTP level SCTP_DEFAULT_PRINFO socket option.
Fix an off-by-one error in the input validation of the SCTP_RESET_STREAMS socketoption.
Limit the user-controllable amount of memory the kernel allocates via IPPROTO_SCTP level socket options.
Fix getsockopt() for IP_OPTIONS/IP_RETOPTS.
Avoid overfow in vtruncbuf().
Limit option_len for the TCP_CCALGOOPT.
Correct vm_fault_copy_entry() handling of backing file truncation after the file mapping was wired.
In vm_fault_copy_entry(), we should not assert that entry is charged if the dst_object is not of swap type.
Handle a guest executing a vm instruction by trapping and raising an undefined instruction exception.
disallow clock_settime too far in the future to avoid panic.
Fix parsing error when processing cmsg in SCTP send calls.