Hello. We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec. Recently, our team has discovered a issue in Linux kernel 6.7.0-g052d534373b7. Attached to the email were a POC file of the issue. Stack dump: [ 154.711833][ T8003] ------------[ cut here ]------------ [ 154.711851][ T8003] pool index 81727 out of bounds (941) for stack id 3f3f3f3f [ 154.712204][ T8003] WARNING: CPU: 1 PID: 8003 at lib/stackdepot.c:410 depot_fetch_stack (lib/stackdepot.c:410 (discriminator 1)) [ 154.712267][ T8003] Modules linked in: [ 154.712284][ T8003] CPU: 1 PID: 8003 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20 [ 154.712302][ T8003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 154.712315][ T8003] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:410 (discriminator 1)) [ 154.712491][ T8003] Call Trace: [ 154.712496][ T8003] <TASK> [ 154.712766][ T8003] stack_depot_put (lib/stackdepot.c:632 lib/stackdepot.c:620) [ 154.712788][ T8003] kasan_release_object_meta (mm/kasan/generic.c:511 mm/kasan/generic.c:543) [ 154.712807][ T8003] qlist_free_all (./arch/x86/include/asm/jump_label.h:27 mm/kasan/../slab.h:646 mm/kasan/quarantine.c:156 mm/kasan/quarantine.c:176) [ 154.712823][ T8003] kasan_quarantine_reduce (./include/linux/srcu.h:285 mm/kasan/quarantine.c:284) [ 154.712843][ T8003] __kasan_slab_alloc (mm/kasan/common.c:326) [ 154.712867][ T8003] kmalloc_trace (mm/slub.c:3814 mm/slub.c:3860 mm/slub.c:4007) [ 154.712888][ T8003] bdev_open_by_dev (block/bdev.c:822) [ 154.712908][ T8003] blkdev_open (block/fops.c:617 (discriminator 4)) [ 154.712926][ T8003] do_dentry_open (fs/open.c:954) [ 154.712969][ T8003] path_openat (fs/namei.c:3642 fs/namei.c:3798) [ 154.713068][ T8003] do_filp_open (fs/namei.c:3826) [ 154.713216][ T8003] do_sys_openat2 (fs/open.c:1405) [ 154.713306][ T8003] __x64_sys_openat (fs/open.c:1430) [ 154.713351][ T8003] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 154.713375][ T8003] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) [ 154.713396][ T8003] RIP: 0033:0x7f8bc3aa9127 [ 154.713485][ T8003] </TASK> Thank you for taking the time to read this email and we look forward to working with you further. Ubisectech Sirius Team Web: www.ubisectech.com Email: bugrep...@ubisectech.com
横板竖版组合LOGO_画板 1.png
Description: Binary data
poc.c
Description: Binary data