Re: [syzbot] KASAN: slab-out-of-bounds Read in squashfs_get_id

On Thu, Mar 11, 2021 at 12:23 PM syzbot wrote: > > syzbot suspects this issue was fixed by commit: > > commit e812cbb15adbbbee176baa1e8bda53059bf0 > Author: Phillip Lougher > Date: Tue Feb 9 21:41:50 2021 + > > squashfs: avoid out of bounds writes in decompressors > > bisection

Re: [syzbot] KASAN: slab-out-of-bounds Read in squashfs_get_id

syzbot suspects this issue was fixed by commit: commit e812cbb15adbbbee176baa1e8bda53059bf0 Author: Phillip Lougher Date: Tue Feb 9 21:41:50 2021 + squashfs: avoid out of bounds writes in decompressors bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11bfa48ad0

“KASAN: slab-out-of-bounds Read in squashfs_get_id” should have the same root cause with "KASAN: use-after-free Read in squashfs_get_id"

Dear kernel developers, I found that on the syzbot dashboard, “KASAN: slab-out-of-bounds Read in squashfs_get_id” (https://syzkaller.appspot.com/bug?id=16a7f16e9182bbfdbd2142306a82a41d4debb670) and "KASAN: use-after-free Read in squashfs_get_id" (https://syzkaller.appspot.

Re: KASAN: slab-out-of-bounds Read in squashfs_get_id

Hi, I found this bug was caused by either uid/gid info in superblocks or id_index_table is corrupted. The uid/gid index is larger than the size of msblk->id_table. Should I add a sanity check to squashfs_get_id?? The complete solution is to record the size of msblk->id_table in msblk and

KASAN: slab-out-of-bounds Read in squashfs_get_id

Hello, syzbot found the following issue on: HEAD commit:171d4ff7 Merge tag 'mmc-v5.9-rc4-2' of git://git.kernel.or.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1597ead390 kernel config: https://syzkaller.appspot.com/x/.config?x=af502ec9a451c9fc