On Wed, Jan 15, 2025 at 10:34:24AM +0800, cheung wall wrote: > Hello, > > I am writing to report a potential vulnerability identified in the > Linux Kernel version v6.12-rc4. This vulnerability was discovered > while i was testing the kernel. A WARN_ON is not something I generally consider a "security vulnerability". This is especially if (as I suspect) triggering failure requires mounting a maliciously fuzzed file system image, which is something I don't consider an interesting threat mode. And without a reliable reproducer, I'm not likely to waste a lot of time on this. So if you're a researcher trying to mess with Syzkaller in some weird proprietary way without runninga proper syzbot interface, sorry, this is a super-terrible way to try to demonstrate real-world impact. Feel free to do more of your own analysis, and when you have a reliable reproucer, please let me know. > > Linux Kernel Repository Git Commit: > 42f7652d3eb527d03665b09edac47f85fb600924 (tag: v6.12-rc4) > > Bug Location: 0010:ext4_destroy_inode+0x1d0/0x270 fs/ext4/super.c:1465 > > Bug report: https://pastebin.com/YKFyLm5P > > Entire Log: https://pastebin.com/fE1tFAUS For the record, this URL is not accessible; possibly because you failed to make it be public. > Thank you for your time and attention. Sorry, but you've wasted my time. - Ted
