To be more precise, this test suite failed with
#83 unpriv: spill/fill of different pointers ldx FAIL
A more detailed report:
Running test_verifier bpf test..
+ echo 'Running test_verifier bpf test..'
+ bpf/test_verifier
+ tee /tmp/test_verifier_16808.log
#0 add+sub+mul OK
#1 unreachable OK
#2 unreachable2 OK
#3 out of range jump OK
#4 out of range jump2 OK
#5 test1 ld_imm64 OK
#6 test2 ld_imm64 OK
#7 test3 ld_imm64 OK
#8 test4 ld_imm64 OK
#9 test5 ld_imm64 OK
#10 no bpf_exit OK
#11 loop (back-edge) OK
#12 loop2 (back-edge) OK
#13 conditional loop OK
#14 read uninitialized register OK
#15 read invalid register OK
#16 program doesn't init R0 before exit OK
#17 program doesn't init R0 before exit in all branches OK
#18 stack out of bounds OK
#19 invalid call insn1 OK
#20 invalid call insn2 OK
#21 invalid function call OK
#22 uninitialized stack1 OK
#23 uninitialized stack2 OK
#24 invalid argument register OK
#25 non-invalid argument register OK
#26 check valid spill/fill OK
#27 check valid spill/fill, skb mark OK
#28 check corrupted spill/fill OK
#29 invalid src register in STX OK
#30 invalid dst register in STX OK
#31 invalid dst register in ST OK
#32 invalid src register in LDX OK
#33 invalid dst register in LDX OK
#34 junk insn OK
#35 junk insn2 OK
#36 junk insn3 OK
#37 junk insn4 OK
#38 junk insn5 OK
#39 misaligned read from stack OK
#40 invalid map_fd for function call OK
#41 don't check return value before access OK
#42 access memory with incorrect alignment OK
#43 sometimes access memory with incorrect alignment OK
#44 jump test 1 OK
#45 jump test 2 OK
#46 jump test 3 OK
#47 jump test 4 OK
#48 jump test 5 OK
#49 access skb fields ok OK
#50 access skb fields bad1 OK
#51 access skb fields bad2 OK
#52 access skb fields bad3 OK
#53 access skb fields bad4 OK
#54 check skb->mark is not writeable by sockets OK
#55 check skb->tc_index is not writeable by sockets OK
#56 check non-u32 access to cb OK
#57 check out of range skb->cb access OK
#58 write skb fields from socket prog OK
#59 write skb fields from tc_cls_act prog OK
#60 PTR_TO_STACK store/load OK
#61 PTR_TO_STACK store/load - bad alignment on off OK
#62 PTR_TO_STACK store/load - bad alignment on reg OK
#63 PTR_TO_STACK store/load - out of bounds low OK
#64 PTR_TO_STACK store/load - out of bounds high OK
++ grep FAILED /tmp/test_verifier_16808.log
++ awk '{print $4}'
+ failed=1
+ rm -f /tmp/test_verifier_16808.log
+ echo -n 'test_verifier: '
+ '[' 1 -gt 0 '
+ echo FAILED
+ rc=1
+ '[' 0 -ne 0 '
+ TMP=/tmp/test_maps_16808.log
+ echo ''
+ echo 'Running test_maps bpf test..'
+ bpf/test_maps
#65 unpriv: return pointer OK
#66 unpriv: add const to pointer OK
#67 unpriv: add pointer to pointer OK
#68 unpriv: neg pointer OK
#69 unpriv: cmp pointer with const OK
#70 unpriv: cmp pointer with pointer OK
#71 unpriv: check that printk is disallowed OK
#72 unpriv: pass pointer to helper function OK
#73 unpriv: indirectly pass pointer on stack to helper function OK
#74 unpriv: mangle pointer on stack 1 OK
#75 unpriv: mangle pointer on stack 2 OK
#76 unpriv: read pointer from stack in small chunks OK
#77 unpriv: write pointer into ctx OK
#78 unpriv: spill/fill of ctx OK
#79 unpriv: spill/fill of ctx 2 OK
#80 unpriv: spill/fill of ctx 3 OK
#81 unpriv: spill/fill of ctx 4 OK
#82 unpriv: spill/fill of different pointers stx OK
#83 unpriv: spill/fill of different pointers ldx FAIL
Unexpected error message!
0: (bf) r6 = r10
1: (07) r6 += -8
2: (15) if r1 == 0x0 goto pc+3
R1=ctx R6=fp-8 R10=fp
3: (bf) r2 = r10
4: (07) r2 += -76
5: (7b) *(u64 *)(r6 +0) = r2
6: (55) if r1 != 0x0 goto pc+1
R1=ctx,min_value=0,max_value=0 R2=fp-76 R6=fp-8 R10=fp fp-8=fp
7: (7b) *(u64 *)(r6 +0) = r1
8: (79) r1 = *(u64 *)(r6 +0)
9: (79) r1 = *(u64 *)(r1 +68)
misaligned access off 68 size 8
#84 unpriv: write pointer into map elem value OK
#85 unpriv: partial copy of pointer OK
#86 unpriv: pass pointer to tail_call OK
#87 unpriv: cmp map pointer with zero OK
#88 unpriv: write into frame pointer OK
#89 unpriv: spill/fill frame pointer OK
#90 unpriv: cmp of frame pointer OK
#91 unpriv: cmp of stack pointer OK
#92 stack pointer arithmetic OK
#93 raw_stack: no skb_load_bytes OK
#94 raw_stack: skb_load_bytes, negative len OK
#95 raw_stack: skb_load_bytes, negative len 2 OK
#96 raw_stack: skb_load_bytes, zero len OK
#97 raw_stack: skb_load_bytes, no init OK
#98 raw_stack: skb_load_bytes, init OK
#99 raw_stack: skb_load_bytes, spilled regs around bounds OK
#100 raw_stack: skb_load_bytes, spilled regs corruption OK
#101 raw_stack: skb_load_bytes, spilled regs corruption 2 OK
#102 raw_stack: skb_load_bytes, spilled regs + data OK
#103 raw_stack: skb_load_bytes, invalid access 1 OK
#104 raw_stack: skb_load_bytes, invalid access 2 OK
#105 raw_stack: skb_load_bytes, invalid access 3 OK
#106 raw_stack: skb_load_bytes, invalid access 4 OK
#107 raw_stack: skb_load_bytes, invalid access 5 OK
#108 raw_stack: skb_load_bytes, invalid access 6 OK
#109 raw_stack: skb_load_bytes, large access OK
#110 direct packet access: test1 OK
#111 direct packet access: test2 OK
#112 direct packet access: test3 OK
#113 direct packet access: test4 (write) OK
#114 direct packet access: test5 (pkt_end >= reg, good access) OK
#115 direct packet access: test6 (pkt_end >= reg, bad access) OK
#116 direct packet access: test7 (pkt_end >= reg, both accesses) OK
#117 direct packet access: test8 (double test, variant 1) OK
#118 direct packet access: test9 (double test, variant 2) OK
#119 direct packet access: test10 (write invalid) OK
#120 helper access to packet: test1, valid packet_ptr range OK
#121 helper access to packet: test2, unchecked packet_ptr OK
#122 helper access to packet: test3, variable add OK
#123 helper access to packet: test4, packet_ptr with bad range OK
#124 helper access to packet: test5, packet_ptr with too short range OK
#125 helper access to packet: test6, cls valid packet_ptr range OK
#126 helper access to packet: test7, cls unchecked packet_ptr OK
#127 helper access to packet: test8, cls variable add OK
#128 helper access to packet: test9, cls packet_ptr with bad range OK
#129 helper access to packet: test10, cls packet_ptr with too short range OK
#130 helper access to packet: test11, cls unsuitable helper 1 OK
#131 helper access to packet: test12, cls unsuitable helper 2 OK
#132 helper access to packet: test13, cls helper ok OK
#133 helper access to packet: test14, cls helper fail sub OK
#134 helper access to packet: test15, cls helper fail range 1 OK
#135 helper access to packet: test16, cls helper fail range 2 OK
#136 helper access to packet: test17, cls helper fail range 3 OK
#137 helper access to packet: test18, cls helper fail range zero OK
#138 helper access to packet: test19, pkt end as input OK
#139 helper access to packet: test20, wrong reg OK
#140 valid map access into an array with a constant OK
#141 valid map access into an array with a register OK
#142 valid map access into an array with a variable OK
#143 valid map access into an array with a signed variable OK
#144 invalid map access into an array with a constant OK
#145 invalid map access into an array with a register OK
#146 invalid map access into an array with a variable OK
#147 invalid map access into an array with no floor check OK
#148 invalid map access into an array with a invalid max check OK
#149 invalid map access into an array with a invalid max check OK
#150 multiple registers share map_lookup_elem result OK
#151 invalid memory access with multiple map_lookup_elem calls OK
#152 valid indirect map_lookup_elem access with 2nd lookup in branch OK
#153 multiple registers share map_lookup_elem bad reg type OK
#154 invalid map access from else condition OK
#155 constant register |= constant should keep constant type OK
#156 constant register |= constant should not bypass stack boundary checks OK
#157 constant register |= constant register should keep constant type OK
#158 constant register |= constant register should not bypass stack boundary checks OK
#159 invalid direct packet write for LWT_IN OK
#160 invalid direct packet write for LWT_OUT OK
#161 direct packet write for LWT_XMIT OK
#162 direct packet read for LWT_IN OK
#163 direct packet read for LWT_OUT OK
#164 direct packet read for LWT_XMIT OK
#165 overlapping checks for direct packet access OK
#166 invalid access of tc_classid for LWT_IN OK
#167 invalid access of tc_classid for LWT_OUT OK
#168 invalid access of tc_classid for LWT_XMIT OK
Summary: 168 PASSED, 1 FAILED
test_verifier: FAILED
To be more precise, this test suite failed with
#83 unpriv: spill/fill of different pointers ldx FAIL
A more detailed report: verifier_ 16808.log verifier_ 16808.log verifier_ 16808.log test_maps_ 16808.log min_value= 0,max_value= 0 R2=fp-76 R6=fp-8 R10=fp fp-8=fp
Running test_verifier bpf test..
+ echo 'Running test_verifier bpf test..'
+ bpf/test_verifier
+ tee /tmp/test_
#0 add+sub+mul OK
#1 unreachable OK
#2 unreachable2 OK
#3 out of range jump OK
#4 out of range jump2 OK
#5 test1 ld_imm64 OK
#6 test2 ld_imm64 OK
#7 test3 ld_imm64 OK
#8 test4 ld_imm64 OK
#9 test5 ld_imm64 OK
#10 no bpf_exit OK
#11 loop (back-edge) OK
#12 loop2 (back-edge) OK
#13 conditional loop OK
#14 read uninitialized register OK
#15 read invalid register OK
#16 program doesn't init R0 before exit OK
#17 program doesn't init R0 before exit in all branches OK
#18 stack out of bounds OK
#19 invalid call insn1 OK
#20 invalid call insn2 OK
#21 invalid function call OK
#22 uninitialized stack1 OK
#23 uninitialized stack2 OK
#24 invalid argument register OK
#25 non-invalid argument register OK
#26 check valid spill/fill OK
#27 check valid spill/fill, skb mark OK
#28 check corrupted spill/fill OK
#29 invalid src register in STX OK
#30 invalid dst register in STX OK
#31 invalid dst register in ST OK
#32 invalid src register in LDX OK
#33 invalid dst register in LDX OK
#34 junk insn OK
#35 junk insn2 OK
#36 junk insn3 OK
#37 junk insn4 OK
#38 junk insn5 OK
#39 misaligned read from stack OK
#40 invalid map_fd for function call OK
#41 don't check return value before access OK
#42 access memory with incorrect alignment OK
#43 sometimes access memory with incorrect alignment OK
#44 jump test 1 OK
#45 jump test 2 OK
#46 jump test 3 OK
#47 jump test 4 OK
#48 jump test 5 OK
#49 access skb fields ok OK
#50 access skb fields bad1 OK
#51 access skb fields bad2 OK
#52 access skb fields bad3 OK
#53 access skb fields bad4 OK
#54 check skb->mark is not writeable by sockets OK
#55 check skb->tc_index is not writeable by sockets OK
#56 check non-u32 access to cb OK
#57 check out of range skb->cb access OK
#58 write skb fields from socket prog OK
#59 write skb fields from tc_cls_act prog OK
#60 PTR_TO_STACK store/load OK
#61 PTR_TO_STACK store/load - bad alignment on off OK
#62 PTR_TO_STACK store/load - bad alignment on reg OK
#63 PTR_TO_STACK store/load - out of bounds low OK
#64 PTR_TO_STACK store/load - out of bounds high OK
++ grep FAILED /tmp/test_
++ awk '{print $4}'
+ failed=1
+ rm -f /tmp/test_
+ echo -n 'test_verifier: '
+ '[' 1 -gt 0 '
+ echo FAILED
+ rc=1
+ '[' 0 -ne 0 '
+ TMP=/tmp/
+ echo ''
+ echo 'Running test_maps bpf test..'
+ bpf/test_maps
#65 unpriv: return pointer OK
#66 unpriv: add const to pointer OK
#67 unpriv: add pointer to pointer OK
#68 unpriv: neg pointer OK
#69 unpriv: cmp pointer with const OK
#70 unpriv: cmp pointer with pointer OK
#71 unpriv: check that printk is disallowed OK
#72 unpriv: pass pointer to helper function OK
#73 unpriv: indirectly pass pointer on stack to helper function OK
#74 unpriv: mangle pointer on stack 1 OK
#75 unpriv: mangle pointer on stack 2 OK
#76 unpriv: read pointer from stack in small chunks OK
#77 unpriv: write pointer into ctx OK
#78 unpriv: spill/fill of ctx OK
#79 unpriv: spill/fill of ctx 2 OK
#80 unpriv: spill/fill of ctx 3 OK
#81 unpriv: spill/fill of ctx 4 OK
#82 unpriv: spill/fill of different pointers stx OK
#83 unpriv: spill/fill of different pointers ldx FAIL
Unexpected error message!
0: (bf) r6 = r10
1: (07) r6 += -8
2: (15) if r1 == 0x0 goto pc+3
R1=ctx R6=fp-8 R10=fp
3: (bf) r2 = r10
4: (07) r2 += -76
5: (7b) *(u64 *)(r6 +0) = r2
6: (55) if r1 != 0x0 goto pc+1
R1=ctx,
7: (7b) *(u64 *)(r6 +0) = r1
8: (79) r1 = *(u64 *)(r6 +0)
9: (79) r1 = *(u64 *)(r1 +68)
misaligned access off 68 size 8
#84 unpriv: write pointer into map elem value OK
#85 unpriv: partial copy of pointer OK
#86 unpriv: pass pointer to tail_call OK
#87 unpriv: cmp map pointer with zero OK
#88 unpriv: write into frame pointer OK
#89 unpriv: spill/fill frame pointer OK
#90 unpriv: cmp of frame pointer OK
#91 unpriv: cmp of stack pointer OK
#92 stack pointer arithmetic OK
#93 raw_stack: no skb_load_bytes OK
#94 raw_stack: skb_load_bytes, negative len OK
#95 raw_stack: skb_load_bytes, negative len 2 OK
#96 raw_stack: skb_load_bytes, zero len OK
#97 raw_stack: skb_load_bytes, no init OK
#98 raw_stack: skb_load_bytes, init OK
#99 raw_stack: skb_load_bytes, spilled regs around bounds OK
#100 raw_stack: skb_load_bytes, spilled regs corruption OK
#101 raw_stack: skb_load_bytes, spilled regs corruption 2 OK
#102 raw_stack: skb_load_bytes, spilled regs + data OK
#103 raw_stack: skb_load_bytes, invalid access 1 OK
#104 raw_stack: skb_load_bytes, invalid access 2 OK
#105 raw_stack: skb_load_bytes, invalid access 3 OK
#106 raw_stack: skb_load_bytes, invalid access 4 OK
#107 raw_stack: skb_load_bytes, invalid access 5 OK
#108 raw_stack: skb_load_bytes, invalid access 6 OK
#109 raw_stack: skb_load_bytes, large access OK
#110 direct packet access: test1 OK
#111 direct packet access: test2 OK
#112 direct packet access: test3 OK
#113 direct packet access: test4 (write) OK
#114 direct packet access: test5 (pkt_end >= reg, good access) OK
#115 direct packet access: test6 (pkt_end >= reg, bad access) OK
#116 direct packet access: test7 (pkt_end >= reg, both accesses) OK
#117 direct packet access: test8 (double test, variant 1) OK
#118 direct packet access: test9 (double test, variant 2) OK
#119 direct packet access: test10 (write invalid) OK
#120 helper access to packet: test1, valid packet_ptr range OK
#121 helper access to packet: test2, unchecked packet_ptr OK
#122 helper access to packet: test3, variable add OK
#123 helper access to packet: test4, packet_ptr with bad range OK
#124 helper access to packet: test5, packet_ptr with too short range OK
#125 helper access to packet: test6, cls valid packet_ptr range OK
#126 helper access to packet: test7, cls unchecked packet_ptr OK
#127 helper access to packet: test8, cls variable add OK
#128 helper access to packet: test9, cls packet_ptr with bad range OK
#129 helper access to packet: test10, cls packet_ptr with too short range OK
#130 helper access to packet: test11, cls unsuitable helper 1 OK
#131 helper access to packet: test12, cls unsuitable helper 2 OK
#132 helper access to packet: test13, cls helper ok OK
#133 helper access to packet: test14, cls helper fail sub OK
#134 helper access to packet: test15, cls helper fail range 1 OK
#135 helper access to packet: test16, cls helper fail range 2 OK
#136 helper access to packet: test17, cls helper fail range 3 OK
#137 helper access to packet: test18, cls helper fail range zero OK
#138 helper access to packet: test19, pkt end as input OK
#139 helper access to packet: test20, wrong reg OK
#140 valid map access into an array with a constant OK
#141 valid map access into an array with a register OK
#142 valid map access into an array with a variable OK
#143 valid map access into an array with a signed variable OK
#144 invalid map access into an array with a constant OK
#145 invalid map access into an array with a register OK
#146 invalid map access into an array with a variable OK
#147 invalid map access into an array with no floor check OK
#148 invalid map access into an array with a invalid max check OK
#149 invalid map access into an array with a invalid max check OK
#150 multiple registers share map_lookup_elem result OK
#151 invalid memory access with multiple map_lookup_elem calls OK
#152 valid indirect map_lookup_elem access with 2nd lookup in branch OK
#153 multiple registers share map_lookup_elem bad reg type OK
#154 invalid map access from else condition OK
#155 constant register |= constant should keep constant type OK
#156 constant register |= constant should not bypass stack boundary checks OK
#157 constant register |= constant register should keep constant type OK
#158 constant register |= constant register should not bypass stack boundary checks OK
#159 invalid direct packet write for LWT_IN OK
#160 invalid direct packet write for LWT_OUT OK
#161 direct packet write for LWT_XMIT OK
#162 direct packet read for LWT_IN OK
#163 direct packet read for LWT_OUT OK
#164 direct packet read for LWT_XMIT OK
#165 overlapping checks for direct packet access OK
#166 invalid access of tc_classid for LWT_IN OK
#167 invalid access of tc_classid for LWT_OUT OK
#168 invalid access of tc_classid for LWT_XMIT OK
Summary: 168 PASSED, 1 FAILED
test_verifier: FAILED