** Changed in: linux (Ubuntu Bionic)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1841704
Title:
Test 391/u and 391/p from ubuntu_bpf failed on B
Status in ubuntu-kernel-tests:
New
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Bionic:
Confirmed
Bug description:
#391/u bounds checks mixing signed and unsigned, variant 14 FAIL
Unexpected error message!
0: (61) r9 = *(u32 *)(r1 +8)
1: (7a) *(u64 *)(r10 -8) = 0
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0x0
6: (85) call bpf_map_lookup_elem#1
7: (15) if r0 == 0x0 goto pc+8
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
8: (7a) *(u64 *)(r10 -16) = -8
9: (79) r1 = *(u64 *)(r10 -16)
10: (b7) r2 = -1
11: (b7) r8 = 2
12: (15) if r9 == 0x2a goto pc+6
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
13: (6d) if r8 s> r1 goto pc+3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
14: (65) if r1 s> 0x1 goto pc+2
17: (b7) r0 = 0
18: (95) exit
from 13 to 17: safe
from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
19: (2d) if r1 > r2 goto pc-3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
20: (05) goto pc-7
14: (65) if r1 s> 0x1 goto pc+2
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
15: (0f) r0 += r1
R1 has unknown scalar with mixed signed bounds, pointer arithmetic with it
prohibited for !root
#391/p bounds checks mixing signed and unsigned, variant 14 FAIL
Unexpected error message!
0: (61) r9 = *(u32 *)(r1 +8)
1: (7a) *(u64 *)(r10 -8) = 0
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0xffff9391367ba400
6: (85) call bpf_map_lookup_elem#1
7: (15) if r0 == 0x0 goto pc+8
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
8: (7a) *(u64 *)(r10 -16) = -8
9: (79) r1 = *(u64 *)(r10 -16)
10: (b7) r2 = -1
11: (b7) r8 = 2
12: (15) if r9 == 0x2a goto pc+6
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
13: (6d) if r8 s> r1 goto pc+3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
14: (65) if r1 s> 0x1 goto pc+2
17: (b7) r0 = 0
18: (95) exit
from 13 to 17: safe
from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
19: (2d) if r1 > r2 goto pc-3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
20: (05) goto pc-7
14: (65) if r1 s> 0x1 goto pc+2
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
15: (0f) r0 += r1
math between map_value pointer and register with unbounded min value is not
allowed
Test result with older kernel:
#391/u bounds checks mixing signed and unsigned, variant 15 OK
#391/p bounds checks mixing signed and unsigned, variant 15 OK
The test has passed but the variant number is different.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-60-generic 4.15.0-60.67
ProcVersionSignature: User Name 4.15.0-60.67-generic 4.15.18
Uname: Linux 4.15.0-60-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Aug 28 02:49 seq
crw-rw---- 1 root audio 116, 33 Aug 28 02:49 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord':
'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:
Date: Wed Aug 28 02:58:14 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcFB: 0 cirrusdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-60-generic
root=UUID=576666e8-9e7f-40ee-934e-f1dce18323e5 ro
RelatedPackageVersions:
linux-restricted-modules-4.15.0-60-generic N/A
linux-backports-modules-4.15.0-60-generic N/A
linux-firmware 1.173.10
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: Ubuntu-1.8.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-xenial
dmi.modalias:
dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-xenial:cvnQEMU:ct1:cvrpc-i440fx-xenial:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-xenial
dmi.sys.vendor: QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1841704/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
