Public bug reported: Execute the following command:
$ sudo systemd-run -t -p IPAddressDeny=any -p IPAddressAllow=::1 wget http://[::1] You can do this in the LiveCD, or on an installed system, the result is the same. Then, look through dmesg: [ 100.407555] ================================================================================ [ 100.407559] UBSAN: array-index-out-of-bounds in /build/linux-D15vQj/linux-6.5.0/kernel/bpf/lpm_trie.c:194:14 [ 100.407561] index 8 is out of range for type '__u8 [*]' [ 100.407563] CPU: 0 PID: 3726 Comm: wget Tainted: P O 6.5.0-9-generic #9-Ubuntu [ 100.407564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230825-25.fc39 08/25/2023 [ 100.407565] Call Trace: [ 100.407567] <TASK> [ 100.407569] dump_stack_lvl+0x48/0x70 [ 100.407581] dump_stack+0x10/0x20 [ 100.407583] __ubsan_handle_out_of_bounds+0xc6/0x110 [ 100.407587] longest_prefix_match.isra.0+0x1bc/0x200 [ 100.407590] trie_lookup_elem+0x74/0xb0 [ 100.407591] bpf_prog_d668f615b93ed8ef_sd_fw_egress+0x64/0x86 [ 100.407595] __bpf_prog_run_save_cb+0x56/0x130 [ 100.407597] __cgroup_bpf_run_filter_skb+0x240/0x2e0 [ 100.407599] ip6_finish_output+0x183/0x360 [ 100.407602] ? nf_hook_slow+0x43/0xd0 [ 100.407604] ip6_output+0x70/0x150 [ 100.407606] ? __pfx_ip6_finish_output+0x10/0x10 [ 100.407607] ip6_xmit+0x2cb/0x6b0 [ 100.407609] ? ip6_dst_check+0xa3/0x110 [ 100.407612] ? __sk_dst_check+0x3d/0xb0 [ 100.407614] ? inet6_csk_route_socket+0x141/0x240 [ 100.407618] inet6_csk_xmit+0xef/0x160 [ 100.407620] __tcp_transmit_skb+0x572/0xa00 [ 100.407623] tcp_connect+0x401/0x4b0 [ 100.407625] tcp_v6_connect+0x54e/0x740 [ 100.407627] ? security_file_alloc+0x2e/0xf0 [ 100.407630] ? begin_current_label_crit_section+0x2b/0xe0 [ 100.407633] __inet_stream_connect+0x103/0x280 [ 100.407636] inet_stream_connect+0x3b/0x70 [ 100.407637] __sys_connect_file+0x6b/0x90 [ 100.407640] __sys_connect+0xb5/0xe0 [ 100.407642] __x64_sys_connect+0x18/0x30 [ 100.407644] do_syscall_64+0x59/0x90 [ 100.407646] ? do_syscall_64+0x68/0x90 [ 100.407647] ? exit_to_user_mode_prepare+0x30/0xb0 [ 100.407651] ? syscall_exit_to_user_mode+0x37/0x60 [ 100.407654] ? do_syscall_64+0x68/0x90 [ 100.407655] ? irqentry_exit+0x43/0x50 [ 100.407656] ? exc_page_fault+0x94/0x1b0 [ 100.407658] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 100.407661] RIP: 0033:0x7fc0ebf19164 [ 100.407679] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d e5 c3 0d 00 00 74 13 b8 2a 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 18 89 54 24 0c 48 89 [ 100.407681] RSP: 002b:00007ffdc793a478 EFLAGS: 00000202 ORIG_RAX: 000000000000002a [ 100.407682] RAX: ffffffffffffffda RBX: 00007ffdc793a500 RCX: 00007fc0ebf19164 [ 100.407683] RDX: 000000000000001c RSI: 00007ffdc793a520 RDI: 0000000000000003 [ 100.407684] RBP: 00007ffdc793a520 R08: 0000000000000064 R09: 0000000000000000 [ 100.407685] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 100.407685] R13: 0000000000000050 R14: 000055c0f118a9c0 R15: 0000000000000000 [ 100.407688] </TASK> [ 100.407688] ================================================================================ ProblemType: Bug DistroRelease: Ubuntu 23.10 Package: linux-image-6.5.0-9-generic 6.5.0-9.9 ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3 Uname: Linux 6.5.0-9-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.27.0-0ubuntu5 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: ubuntu 1988 F.... wireplumber /dev/snd/seq: ubuntu 1984 F.... pipewire CRDA: N/A CasperMD5CheckResult: pass CasperVersion: 1.486 CloudArchitecture: x86_64 CloudID: nocloud CloudName: unknown CloudPlatform: nocloud CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud) CurrentDesktop: ubuntu:GNOME Date: Fri Dec 15 17:17:56 2023 IwConfig: lo no wireless extensions. enp1s0 no wireless extensions. LiveMediaBuild: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1) Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Lsusb-t: /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/15p, 5000M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/15p, 480M |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 480M MachineType: {report['dmi.sys.vendor']} {report['dmi.product.name']} ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcFB: 0 qxldrmfb ProcKernelCmdLine: BOOT_IMAGE=/casper/vmlinuz layerfs-path=minimal.standard.live.squashfs --- quiet splash RelatedPackageVersions: linux-restricted-modules-6.5.0-9-generic N/A linux-backports-modules-6.5.0-9-generic N/A linux-firmware 20230919.git3672ccab-0ubuntu2.1 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/25/2023 dmi.bios.release: 0.0 dmi.bios.vendor: EDK II dmi.bios.version: edk2-20230825-25.fc39 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-q35-8.1 dmi.modalias: dmi:bvnEDKII:bvredk2-20230825-25.fc39:bd08/25/2023:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.1:cvnQEMU:ct1:cvrpc-q35-8.1:sku: dmi.product.name: Standard PC (Q35 + ICH9, 2009) dmi.product.version: pc-q35-8.1 dmi.sys.vendor: QEMU ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug mantic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2046569 Title: systemd's BPF IP filter causes kernel UBSAN (bpf/lpm_trie.c) Status in linux package in Ubuntu: New Bug description: Execute the following command: $ sudo systemd-run -t -p IPAddressDeny=any -p IPAddressAllow=::1 wget http://[::1] You can do this in the LiveCD, or on an installed system, the result is the same. Then, look through dmesg: [ 100.407555] ================================================================================ [ 100.407559] UBSAN: array-index-out-of-bounds in /build/linux-D15vQj/linux-6.5.0/kernel/bpf/lpm_trie.c:194:14 [ 100.407561] index 8 is out of range for type '__u8 [*]' [ 100.407563] CPU: 0 PID: 3726 Comm: wget Tainted: P O 6.5.0-9-generic #9-Ubuntu [ 100.407564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230825-25.fc39 08/25/2023 [ 100.407565] Call Trace: [ 100.407567] <TASK> [ 100.407569] dump_stack_lvl+0x48/0x70 [ 100.407581] dump_stack+0x10/0x20 [ 100.407583] __ubsan_handle_out_of_bounds+0xc6/0x110 [ 100.407587] longest_prefix_match.isra.0+0x1bc/0x200 [ 100.407590] trie_lookup_elem+0x74/0xb0 [ 100.407591] bpf_prog_d668f615b93ed8ef_sd_fw_egress+0x64/0x86 [ 100.407595] __bpf_prog_run_save_cb+0x56/0x130 [ 100.407597] __cgroup_bpf_run_filter_skb+0x240/0x2e0 [ 100.407599] ip6_finish_output+0x183/0x360 [ 100.407602] ? nf_hook_slow+0x43/0xd0 [ 100.407604] ip6_output+0x70/0x150 [ 100.407606] ? __pfx_ip6_finish_output+0x10/0x10 [ 100.407607] ip6_xmit+0x2cb/0x6b0 [ 100.407609] ? ip6_dst_check+0xa3/0x110 [ 100.407612] ? __sk_dst_check+0x3d/0xb0 [ 100.407614] ? inet6_csk_route_socket+0x141/0x240 [ 100.407618] inet6_csk_xmit+0xef/0x160 [ 100.407620] __tcp_transmit_skb+0x572/0xa00 [ 100.407623] tcp_connect+0x401/0x4b0 [ 100.407625] tcp_v6_connect+0x54e/0x740 [ 100.407627] ? security_file_alloc+0x2e/0xf0 [ 100.407630] ? begin_current_label_crit_section+0x2b/0xe0 [ 100.407633] __inet_stream_connect+0x103/0x280 [ 100.407636] inet_stream_connect+0x3b/0x70 [ 100.407637] __sys_connect_file+0x6b/0x90 [ 100.407640] __sys_connect+0xb5/0xe0 [ 100.407642] __x64_sys_connect+0x18/0x30 [ 100.407644] do_syscall_64+0x59/0x90 [ 100.407646] ? do_syscall_64+0x68/0x90 [ 100.407647] ? exit_to_user_mode_prepare+0x30/0xb0 [ 100.407651] ? syscall_exit_to_user_mode+0x37/0x60 [ 100.407654] ? do_syscall_64+0x68/0x90 [ 100.407655] ? irqentry_exit+0x43/0x50 [ 100.407656] ? exc_page_fault+0x94/0x1b0 [ 100.407658] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 100.407661] RIP: 0033:0x7fc0ebf19164 [ 100.407679] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d e5 c3 0d 00 00 74 13 b8 2a 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 18 89 54 24 0c 48 89 [ 100.407681] RSP: 002b:00007ffdc793a478 EFLAGS: 00000202 ORIG_RAX: 000000000000002a [ 100.407682] RAX: ffffffffffffffda RBX: 00007ffdc793a500 RCX: 00007fc0ebf19164 [ 100.407683] RDX: 000000000000001c RSI: 00007ffdc793a520 RDI: 0000000000000003 [ 100.407684] RBP: 00007ffdc793a520 R08: 0000000000000064 R09: 0000000000000000 [ 100.407685] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 100.407685] R13: 0000000000000050 R14: 000055c0f118a9c0 R15: 0000000000000000 [ 100.407688] </TASK> [ 100.407688] ================================================================================ ProblemType: Bug DistroRelease: Ubuntu 23.10 Package: linux-image-6.5.0-9-generic 6.5.0-9.9 ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3 Uname: Linux 6.5.0-9-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.27.0-0ubuntu5 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: ubuntu 1988 F.... wireplumber /dev/snd/seq: ubuntu 1984 F.... pipewire CRDA: N/A CasperMD5CheckResult: pass CasperVersion: 1.486 CloudArchitecture: x86_64 CloudID: nocloud CloudName: unknown CloudPlatform: nocloud CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud) CurrentDesktop: ubuntu:GNOME Date: Fri Dec 15 17:17:56 2023 IwConfig: lo no wireless extensions. enp1s0 no wireless extensions. LiveMediaBuild: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1) Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Lsusb-t: /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/15p, 5000M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/15p, 480M |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 480M MachineType: {report['dmi.sys.vendor']} {report['dmi.product.name']} ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcFB: 0 qxldrmfb ProcKernelCmdLine: BOOT_IMAGE=/casper/vmlinuz layerfs-path=minimal.standard.live.squashfs --- quiet splash RelatedPackageVersions: linux-restricted-modules-6.5.0-9-generic N/A linux-backports-modules-6.5.0-9-generic N/A linux-firmware 20230919.git3672ccab-0ubuntu2.1 RfKill: SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/25/2023 dmi.bios.release: 0.0 dmi.bios.vendor: EDK II dmi.bios.version: edk2-20230825-25.fc39 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-q35-8.1 dmi.modalias: dmi:bvnEDKII:bvredk2-20230825-25.fc39:bd08/25/2023:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.1:cvnQEMU:ct1:cvrpc-q35-8.1:sku: dmi.product.name: Standard PC (Q35 + ICH9, 2009) dmi.product.version: pc-q35-8.1 dmi.sys.vendor: QEMU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2046569/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
