Re: Re: [PATCH] ext4: Fix KASAN use-after-free in ext4_find_extent

Next message: Rafael J. Wysocki: "Re: [PATCH v8 12/12] cpuidle/poll_state: Wait for need-resched via tif_need_resched_relaxed_wait()"
Previous message: Edward Adam Davis: "[PATCH] comedi: runflags cannot determine whether to reclaim chanlist"
In reply to: Baokun Li: "Re: [PATCH] ext4: Fix KASAN use-after-free in ext4_find_extent"
Next in thread: Baokun Li: "Re: [PATCH] ext4: Fix KASAN use-after-free in ext4_find_extent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: 余昊铖

Date: Mon Dec 15 2025 - 06:11:46 EST

Hi,

I have disabled CONFIG_BLK_DEV_WRITE_MOUNTED and spent some time trying to trigger the reported KASAN issues. And I found neither of the two bugs has been observed since. Is this issue still worth investigating?

Thanks,
Haocheng Yu

> Hi,
>
> On 2025-12-09 20:27, 余昊铖 wrote:
> > Hello,
> >
> >
> > I would like to report a potential security issue in the Linux kernel ext4 filesystem, which I found using a modified syzkaller-based kernel fuzzing tool that I developed.
> >
> I noticed that your configuration has CONFIG_BLK_DEV_WRITE_MOUNTED enabled.
>
> This setting allows bare writes to an already mounted ext4 filesystem,
> meaning certain ext4 metadata (like extent tree blocks) can be modified
> without the filesystem being aware of the changes.
>
> Could you please try disabling CONFIG_BLK_DEV_WRITE_MOUNTED and see
> if the issue is still reproducible?
>
>
> Cheers,
> Baokun