Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: linux (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2046569
Title:
systemd's BPF IP filter causes kernel UBSAN (bpf/lpm_trie.c)
Status in linux package in Ubuntu:
Confirmed
Bug description:
Execute the following command:
$ sudo systemd-run -t -p IPAddressDeny=any -p IPAddressAllow=::1 wget
http://[::1]
You can do this in the LiveCD, or on an installed system, the result
is the same.
Then, look through dmesg:
[ 100.407555] ================================================================================
[ 100.407559] UBSAN: array-index-out-of-bounds in /build/linux-D15vQj/linux-6.5.0/kernel/bpf/lpm_trie.c:194:14
[ 100.407561] index 8 is out of range for type '__u8 [*]'
[ 100.407563] CPU: 0 PID: 3726 Comm: wget Tainted: P O 6.5.0-9-generic #9-Ubuntu
[ 100.407564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20230825-25.fc39 08/25/2023
[ 100.407565] Call Trace:
[ 100.407567] <TASK>
[ 100.407569] dump_stack_lvl+0x48/0x70
[ 100.407581] dump_stack+0x10/0x20
[ 100.407583] __ubsan_handle_out_of_bounds+0xc6/0x110
[ 100.407587] longest_prefix_match.isra.0+0x1bc/0x200
[ 100.407590] trie_lookup_elem+0x74/0xb0
[ 100.407591] bpf_prog_d668f615b93ed8ef_sd_fw_egress+0x64/0x86
[ 100.407595] __bpf_prog_run_save_cb+0x56/0x130
[ 100.407597] __cgroup_bpf_run_filter_skb+0x240/0x2e0
[ 100.407599] ip6_finish_output+0x183/0x360
[ 100.407602] ? nf_hook_slow+0x43/0xd0
[ 100.407604] ip6_output+0x70/0x150
[ 100.407606] ? __pfx_ip6_finish_output+0x10/0x10
[ 100.407607] ip6_xmit+0x2cb/0x6b0
[ 100.407609] ? ip6_dst_check+0xa3/0x110
[ 100.407612] ? __sk_dst_check+0x3d/0xb0
[ 100.407614] ? inet6_csk_route_socket+0x141/0x240
[ 100.407618] inet6_csk_xmit+0xef/0x160
[ 100.407620] __tcp_transmit_skb+0x572/0xa00
[ 100.407623] tcp_connect+0x401/0x4b0
[ 100.407625] tcp_v6_connect+0x54e/0x740
[ 100.407627] ? security_file_alloc+0x2e/0xf0
[ 100.407630] ? begin_current_label_crit_section+0x2b/0xe0
[ 100.407633] __inet_stream_connect+0x103/0x280
[ 100.407636] inet_stream_connect+0x3b/0x70
[ 100.407637] __sys_connect_file+0x6b/0x90
[ 100.407640] __sys_connect+0xb5/0xe0
[ 100.407642] __x64_sys_connect+0x18/0x30
[ 100.407644] do_syscall_64+0x59/0x90
[ 100.407646] ? do_syscall_64+0x68/0x90
[ 100.407647] ? exit_to_user_mode_prepare+0x30/0xb0
[ 100.407651] ? syscall_exit_to_user_mode+0x37/0x60
[ 100.407654] ? do_syscall_64+0x68/0x90
[ 100.407655] ? irqentry_exit+0x43/0x50
[ 100.407656] ? exc_page_fault+0x94/0x1b0
[ 100.407658] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 100.407661] RIP: 0033:0x7fc0ebf19164
[ 100.407679] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d e5 c3 0d 00 00 74 13 b8 2a 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 18 89 54 24 0c 48 89
[ 100.407681] RSP: 002b:00007ffdc793a478 EFLAGS: 00000202 ORIG_RAX: 000000000000002a
[ 100.407682] RAX: ffffffffffffffda RBX: 00007ffdc793a500 RCX: 00007fc0ebf19164
[ 100.407683] RDX: 000000000000001c RSI: 00007ffdc793a520 RDI: 0000000000000003
[ 100.407684] RBP: 00007ffdc793a520 R08: 0000000000000064 R09: 0000000000000000
[ 100.407685] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
[ 100.407685] R13: 0000000000000050 R14: 000055c0f118a9c0 R15: 0000000000000000
[ 100.407688] </TASK>
[ 100.407688] ================================================================================
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: linux-image-6.5.0-9-generic 6.5.0-9.9
ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3
Uname: Linux 6.5.0-9-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: ubuntu 1988 F.... wireplumber
/dev/snd/seq: ubuntu 1984 F.... pipewire
CRDA: N/A
CasperMD5CheckResult: pass
CasperVersion: 1.486
CloudArchitecture: x86_64
CloudID: nocloud
CloudName: unknown
CloudPlatform: nocloud
CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud)
CurrentDesktop: ubuntu:GNOME
Date: Fri Dec 15 17:17:56 2023
IwConfig:
lo no wireless extensions.
enp1s0 no wireless extensions.
LiveMediaBuild: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1)
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Lsusb-t:
/: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/15p, 5000M
/: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/15p, 480M
|__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 480M
MachineType: {report['dmi.sys.vendor']} {report['dmi.product.name']}
ProcEnviron:
LANG=C.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
ProcFB: 0 qxldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/casper/vmlinuz layerfs-path=minimal.standard.live.squashfs --- quiet splash
RelatedPackageVersions:
linux-restricted-modules-6.5.0-9-generic N/A
linux-backports-modules-6.5.0-9-generic N/A
linux-firmware 20230919.git3672ccab-0ubuntu2.1
RfKill:
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/25/2023
dmi.bios.release: 0.0
dmi.bios.vendor: EDK II
dmi.bios.version: edk2-20230825-25.fc39
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-q35-8.1
dmi.modalias: dmi:bvnEDKII:bvredk2-20230825-25.fc39:bd08/25/2023:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-8.1:cvnQEMU:ct1:cvrpc-q35-8.1:sku:
dmi.product.name: Standard PC (Q35 + ICH9, 2009)
dmi.product.version: pc-q35-8.1
dmi.sys.vendor: QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2046569/+subscriptions
Комментариев нет:
Отправить комментарий