I wonder, how does somebody discover such bugs? Is there some strict methodology or tools? I find it non-trivial just following this step-by-step guide, even though I've programmed Linux kernel for few years on daily basis.
A very common methodology is using a technique called fuzzing. There exists many fuzzers which have produced great success finding a plethora of both non-exploitable and exploitable bugs for Linux [1] [2].
[1] https://github.com/kernelslacker/trinity [2] https://github.com/google/syzkaller/