I was experimenting to see if I can make an ROP chain within the kernel. In the kernel debugging mode, I can make the first jump to an arbitrary gadget address without any problem. But the problem occurs after that. If I want to continue the kernel by typing continue, Kernel freeze. OS did not respond, I have to restart my VM to get back to the working state again.
Now my understanding is, as I jump or return to a random address (gadget) in the kernel, my stack contains doesn't change as a normal function call would do. Therefore, when I execute the gadget instructions one by one or continue to run the kernel if the instructions needed some value from the stack which is not present there, as a result, kernel crash.
How can I jump/return to multiple gadgets and after running all the gadgets continue to run the kernel without crashing it?
