WARNING in depot_fetch_stack

From: Ubisectech Sirius
Date: Sun Jan 21 2024 - 20:59:39 EST

Hello.

We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec. Recently, our team has discovered a issue in Linux kernel 6.7.0-g052d534373b7. Attached to the email were a POC file of the issue.

 

Stack dump:

[  154.711833][ T8003] ------------[ cut here ]------------

[  154.711851][ T8003] pool index 81727 out of bounds (941) for stack id 3f3f3f3f

[ 154.712204][ T8003] WARNING: CPU: 1 PID: 8003 at lib/stackdepot.c:410 depot_fetch_stack (lib/stackdepot.c:410 (discriminator 1))

[  154.712267][ T8003] Modules linked in:

[  154.712284][ T8003] CPU: 1 PID: 8003 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20

[  154.712302][ T8003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014

[ 154.712315][ T8003] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:410 (discriminator 1))

[  154.712491][ T8003] Call Trace:

[  154.712496][ T8003]  <TASK>

[ 154.712766][ T8003] stack_depot_put (lib/stackdepot.c:632 lib/stackdepot.c:620)

[ 154.712788][ T8003] kasan_release_object_meta (mm/kasan/generic.c:511 mm/kasan/generic.c:543)

[ 154.712807][ T8003] qlist_free_all (./arch/x86/include/asm/jump_label.h:27 mm/kasan/../slab.h:646 mm/kasan/quarantine.c:156 mm/kasan/quarantine.c:176)

[ 154.712823][ T8003] kasan_quarantine_reduce (./include/linux/srcu.h:285 mm/kasan/quarantine.c:284)

[ 154.712843][ T8003] __kasan_slab_alloc (mm/kasan/common.c:326)

[ 154.712867][ T8003] kmalloc_trace (mm/slub.c:3814 mm/slub.c:3860 mm/slub.c:4007)

[ 154.712888][ T8003] bdev_open_by_dev (block/bdev.c:822)

[ 154.712908][ T8003] blkdev_open (block/fops.c:617 (discriminator 4))

[ 154.712926][ T8003] do_dentry_open (fs/open.c:954)

[ 154.712969][ T8003] path_openat (fs/namei.c:3642 fs/namei.c:3798)

[ 154.713068][ T8003] do_filp_open (fs/namei.c:3826)

[ 154.713216][ T8003] do_sys_openat2 (fs/open.c:1405)

[ 154.713306][ T8003] __x64_sys_openat (fs/open.c:1430)

[ 154.713351][ T8003] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)

[ 154.713375][ T8003] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)

[  154.713396][ T8003] RIP: 0033:0x7f8bc3aa9127

[  154.713485][ T8003]  </TASK>

 

Thank you for taking the time to read this email and we look forward to working with you further.

 




                                                                             Ubisectech Sirius Team
                                                                          Webwww.ubisectech.com
                                                                       Email: bugreport@xxxxxxxxxxxxxx
                                                                                          

Attachment: poc.c
Description: Binary data