Public bug reported:
#391/u bounds checks mixing signed and unsigned, variant 14 FAIL
Unexpected error message!
0: (61) r9 = *(u32 *)(r1 +8)
1: (7a) *(u64 *)(r10 -8) = 0
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0x0
6: (85) call bpf_map_lookup_elem#1
7: (15) if r0 == 0x0 goto pc+8
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
8: (7a) *(u64 *)(r10 -16) = -8
9: (79) r1 = *(u64 *)(r10 -16)
10: (b7) r2 = -1
11: (b7) r8 = 2
12: (15) if r9 == 0x2a goto pc+6
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
13: (6d) if r8 s> r1 goto pc+3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
14: (65) if r1 s> 0x1 goto pc+2
17: (b7) r0 = 0
18: (95) exit
from 13 to 17: safe
from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1
R8=inv2 R9=inv42 R10=fp0
19: (2d) if r1 > r2 goto pc-3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
20: (05) goto pc-7
14: (65) if r1 s> 0x1 goto pc+2
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1) R2=inv-1
R8=inv2 R9=inv42 R10=fp0
15: (0f) r0 += r1
R1 has unknown scalar with mixed signed bounds, pointer arithmetic with it
prohibited for !root
#391/p bounds checks mixing signed and unsigned, variant 14 FAIL
Unexpected error message!
0: (61) r9 = *(u32 *)(r1 +8)
1: (7a) *(u64 *)(r10 -8) = 0
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0xffff9391367ba400
6: (85) call bpf_map_lookup_elem#1
7: (15) if r0 == 0x0 goto pc+8
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
8: (7a) *(u64 *)(r10 -16) = -8
9: (79) r1 = *(u64 *)(r10 -16)
10: (b7) r2 = -1
11: (b7) r8 = 2
12: (15) if r9 == 0x2a goto pc+6
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
13: (6d) if r8 s> r1 goto pc+3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
14: (65) if r1 s> 0x1 goto pc+2
17: (b7) r0 = 0
18: (95) exit
from 13 to 17: safe
from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1
R8=inv2 R9=inv42 R10=fp0
19: (2d) if r1 > r2 goto pc-3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
20: (05) goto pc-7
14: (65) if r1 s> 0x1 goto pc+2
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1) R2=inv-1
R8=inv2 R9=inv42 R10=fp0
15: (0f) r0 += r1
math between map_value pointer and register with unbounded min value is not
allowed
Test result with older kernel:
#391/u bounds checks mixing signed and unsigned, variant 15 OK
#391/p bounds checks mixing signed and unsigned, variant 15 OK
The test has passed but the variant number is different.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-60-generic 4.15.0-60.67
ProcVersionSignature: User Name 4.15.0-60.67-generic 4.15.18
Uname: Linux 4.15.0-60-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Aug 28 02:49 seq
crw-rw---- 1 root audio 116, 33 Aug 28 02:49 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:
Date: Wed Aug 28 02:58:14 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcFB: 0 cirrusdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-60-generic
root=UUID=576666e8-9e7f-40ee-934e-f1dce18323e5 ro
RelatedPackageVersions:
linux-restricted-modules-4.15.0-60-generic N/A
linux-backports-modules-4.15.0-60-generic N/A
linux-firmware 1.173.10
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: Ubuntu-1.8.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-xenial
dmi.modalias:
dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-xenial:cvnQEMU:ct1:cvrpc-i440fx-xenial:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-xenial
dmi.sys.vendor: QEMU
** Affects: ubuntu-kernel-tests
Importance: Undecided
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic package-from-proposed uec-images
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Summary changed:
- Test 391/u from ubuntu_bpf failed on B
+ Test 391/u and 391/p from ubuntu_bpf failed on B
** Description changed:
- #391/u bounds checks mixing signed and unsigned, variant 14 FAIL
- Unexpected error message!
- 0: (61) r9 = *(u32 *)(r1 +8)
- 1: (7a) *(u64 *)(r10 -8) = 0
- 2: (bf) r2 = r10
- 3: (07) r2 += -8
- 4: (18) r1 = 0x0
- 6: (85) call bpf_map_lookup_elem#1
- 7: (15) if r0 == 0x0 goto pc+8
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
- 8: (7a) *(u64 *)(r10 -16) = -8
- 9: (79) r1 = *(u64 *)(r10 -16)
- 10: (b7) r2 = -1
- 11: (b7) r8 = 2
- 12: (15) if r9 == 0x2a goto pc+6
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
- 13: (6d) if r8 s> r1 goto pc+3
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
- 14: (65) if r1 s> 0x1 goto pc+2
- 17: (b7) r0 = 0
- 18: (95) exit
-
- from 13 to 17: safe
-
- from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
- 19: (2d) if r1 > r2 goto pc-3
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
- 20: (05) goto pc-7
- 14: (65) if r1 s> 0x1 goto pc+2
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
- 15: (0f) r0 += r1
- R1 has unknown scalar with mixed signed bounds, pointer arithmetic with it
prohibited for !root
- #391/p bounds checks mixing signed and unsigned, variant 14 FAIL
- Unexpected error message!
- 0: (61) r9 = *(u32 *)(r1 +8)
- 1: (7a) *(u64 *)(r10 -8) = 0
- 2: (bf) r2 = r10
- 3: (07) r2 += -8
- 4: (18) r1 = 0xffff9391367ba400
- 6: (85) call bpf_map_lookup_elem#1
- 7: (15) if r0 == 0x0 goto pc+8
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
- 8: (7a) *(u64 *)(r10 -16) = -8
- 9: (79) r1 = *(u64 *)(r10 -16)
- 10: (b7) r2 = -1
- 11: (b7) r8 = 2
- 12: (15) if r9 == 0x2a goto pc+6
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
- 13: (6d) if r8 s> r1 goto pc+3
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
- 14: (65) if r1 s> 0x1 goto pc+2
- 17: (b7) r0 = 0
- 18: (95) exit
-
- from 13 to 17: safe
-
- from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
- 19: (2d) if r1 > r2 goto pc-3
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
- 20: (05) goto pc-7
- 14: (65) if r1 s> 0x1 goto pc+2
- R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
- 15: (0f) r0 += r1
- math between map_value pointer and register with unbounded min value is not
allowed
+ #391/u bounds checks mixing signed and unsigned, variant 14 FAIL
+ Unexpected error message!
+ 0: (61) r9 = *(u32 *)(r1 +8)
+ 1: (7a) *(u64 *)(r10 -8) = 0
+ 2: (bf) r2 = r10
+ 3: (07) r2 += -8
+ 4: (18) r1 = 0x0
+ 6: (85) call bpf_map_lookup_elem#1
+ 7: (15) if r0 == 0x0 goto pc+8
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
+ 8: (7a) *(u64 *)(r10 -16) = -8
+ 9: (79) r1 = *(u64 *)(r10 -16)
+ 10: (b7) r2 = -1
+ 11: (b7) r8 = 2
+ 12: (15) if r9 == 0x2a goto pc+6
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
+ 13: (6d) if r8 s> r1 goto pc+3
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
+ 14: (65) if r1 s> 0x1 goto pc+2
+ 17: (b7) r0 = 0
+ 18: (95) exit
+
+ from 13 to 17: safe
+
+ from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
+ 19: (2d) if r1 > r2 goto pc-3
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
+ 20: (05) goto pc-7
+ 14: (65) if r1 s> 0x1 goto pc+2
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
+ 15: (0f) r0 += r1
+ R1 has unknown scalar with mixed signed bounds, pointer arithmetic with it
prohibited for !root
+ #391/p bounds checks mixing signed and unsigned, variant 14 FAIL
+ Unexpected error message!
+ 0: (61) r9 = *(u32 *)(r1 +8)
+ 1: (7a) *(u64 *)(r10 -8) = 0
+ 2: (bf) r2 = r10
+ 3: (07) r2 += -8
+ 4: (18) r1 = 0xffff9391367ba400
+ 6: (85) call bpf_map_lookup_elem#1
+ 7: (15) if r0 == 0x0 goto pc+8
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
+ 8: (7a) *(u64 *)(r10 -16) = -8
+ 9: (79) r1 = *(u64 *)(r10 -16)
+ 10: (b7) r2 = -1
+ 11: (b7) r8 = 2
+ 12: (15) if r9 == 0x2a goto pc+6
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
+ 13: (6d) if r8 s> r1 goto pc+3
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
+ 14: (65) if r1 s> 0x1 goto pc+2
+ 17: (b7) r0 = 0
+ 18: (95) exit
+
+ from 13 to 17: safe
+
+ from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
+ 19: (2d) if r1 > r2 goto pc-3
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
+ 20: (05) goto pc-7
+ 14: (65) if r1 s> 0x1 goto pc+2
+ R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
+ 15: (0f) r0 += r1
+ math between map_value pointer and register with unbounded min value is not
allowed
+
Test result with older kernel:
- #391/u bounds checks mixing signed and unsigned, variant 15 OK
- #391/p bounds checks mixing signed and unsigned, variant 15 OK
+ #391/u bounds checks mixing signed and unsigned, variant 15 OK
+ #391/p bounds checks mixing signed and unsigned, variant 15 OK
The test has passed but the variant number is different.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-60-generic 4.15.0-60.67
ProcVersionSignature: User Name 4.15.0-60.67-generic 4.15.18
Uname: Linux 4.15.0-60-generic x86_64
AlsaDevices:
- total 0
- crw-rw---- 1 root audio 116, 1 Aug 28 02:49 seq
- crw-rw---- 1 root audio 116, 33 Aug 28 02:49 timer
+ total 0
+ crw-rw---- 1 root audio 116, 1 Aug 28 02:49 seq
+ crw-rw---- 1 root audio 116, 33 Aug 28 02:49 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord':
'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:
-
+
Date: Wed Aug 28 02:58:14 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
-
+
ProcFB: 0 cirrusdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-60-generic
root=UUID=576666e8-9e7f-40ee-934e-f1dce18323e5 ro
RelatedPackageVersions:
- linux-restricted-modules-4.15.0-60-generic N/A
- linux-backports-modules-4.15.0-60-generic N/A
- linux-firmware 1.173.10
+ linux-restricted-modules-4.15.0-60-generic N/A
+ linux-backports-modules-4.15.0-60-generic N/A
+ linux-firmware 1.173.10
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: Ubuntu-1.8.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-xenial
dmi.modalias:
dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-xenial:cvnQEMU:ct1:cvrpc-i440fx-xenial:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-xenial
dmi.sys.vendor: QEMU
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1841704
Title:
Test 391/u and 391/p from ubuntu_bpf failed on B
Status in ubuntu-kernel-tests:
New
Status in linux package in Ubuntu:
New
Status in linux source package in Bionic:
New
Bug description:
#391/u bounds checks mixing signed and unsigned, variant 14 FAIL
Unexpected error message!
0: (61) r9 = *(u32 *)(r1 +8)
1: (7a) *(u64 *)(r10 -8) = 0
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0x0
6: (85) call bpf_map_lookup_elem#1
7: (15) if r0 == 0x0 goto pc+8
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
8: (7a) *(u64 *)(r10 -16) = -8
9: (79) r1 = *(u64 *)(r10 -16)
10: (b7) r2 = -1
11: (b7) r8 = 2
12: (15) if r9 == 0x2a goto pc+6
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
13: (6d) if r8 s> r1 goto pc+3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
14: (65) if r1 s> 0x1 goto pc+2
17: (b7) r0 = 0
18: (95) exit
from 13 to 17: safe
from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
19: (2d) if r1 > r2 goto pc-3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
20: (05) goto pc-7
14: (65) if r1 s> 0x1 goto pc+2
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
15: (0f) r0 += r1
R1 has unknown scalar with mixed signed bounds, pointer arithmetic with it
prohibited for !root
#391/p bounds checks mixing signed and unsigned, variant 14 FAIL
Unexpected error message!
0: (61) r9 = *(u32 *)(r1 +8)
1: (7a) *(u64 *)(r10 -8) = 0
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0xffff9391367ba400
6: (85) call bpf_map_lookup_elem#1
7: (15) if r0 == 0x0 goto pc+8
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
8: (7a) *(u64 *)(r10 -16) = -8
9: (79) r1 = *(u64 *)(r10 -16)
10: (b7) r2 = -1
11: (b7) r8 = 2
12: (15) if r9 == 0x2a goto pc+6
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
13: (6d) if r8 s> r1 goto pc+3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0)
R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0;
0x7fffffffffffffff)) R2=inv-1 R8=inv2
R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
14: (65) if r1 s> 0x1 goto pc+2
17: (b7) r0 = 0
18: (95) exit
from 13 to 17: safe
from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
19: (2d) if r1 > r2 goto pc-3
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2
R9=inv42 R10=fp0
20: (05) goto pc-7
14: (65) if r1 s> 0x1 goto pc+2
R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1)
R2=inv-1 R8=inv2 R9=inv42 R10=fp0
15: (0f) r0 += r1
math between map_value pointer and register with unbounded min value is not
allowed
Test result with older kernel:
#391/u bounds checks mixing signed and unsigned, variant 15 OK
#391/p bounds checks mixing signed and unsigned, variant 15 OK
The test has passed but the variant number is different.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-60-generic 4.15.0-60.67
ProcVersionSignature: User Name 4.15.0-60.67-generic 4.15.18
Uname: Linux 4.15.0-60-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Aug 28 02:49 seq
crw-rw---- 1 root audio 116, 33 Aug 28 02:49 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord':
'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:
Date: Wed Aug 28 02:58:14 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcFB: 0 cirrusdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-60-generic
root=UUID=576666e8-9e7f-40ee-934e-f1dce18323e5 ro
RelatedPackageVersions:
linux-restricted-modules-4.15.0-60-generic N/A
linux-backports-modules-4.15.0-60-generic N/A
linux-firmware 1.173.10
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: Ubuntu-1.8.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-xenial
dmi.modalias:
dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-xenial:cvnQEMU:ct1:cvrpc-i440fx-xenial:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-xenial
dmi.sys.vendor: QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1841704/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
