"make" works under bmc folder but ./bmc eth0 churns error below:

[kolinfluence]

"make" works under bmc folder but ./bmc eth0 churns error below:

; for (off = 4; off < BMC_MAX_PACKET_LENGTH && payload+off+1 <= data_end && payload[off] == ' '; off++) {} // move offset to the start of the first key
46: (1f) r7 -= r8
47: (b7) r1 = 54
48: (bf) r2 = r7
49: (07) r2 += -50
; for (off = 4; off < BMC_MAX_PACKET_LENGTH && payload+off+1 <= data_end && payload[off] == ' '; off++) {} // move offset to the start of the first key
50: (1d) if r7 == r1 goto pc+23
 R0=map_value(id=0,off=0,ks=4,vs=12,imm=0) R1_w=inv54 R2_w=inv(id=0) R6=ctx(id=0,off=0,imm=0) R7_w=inv(id=3) R8=pkt(id=0,off=0,r=54,imm=0) R10=fp0 fp-8=mmmm????
; for (off = 4; off < BMC_MAX_PACKET_LENGTH && payload+off+1 <= data_end && payload[off] == ' '; off++) {} // move offset to the start of the first key
51: (bf) r3 = r8
52: (0f) r3 += r1
last_idx 52 first_idx 41
regs=2 stack=0 before 51: (bf) r3 = r8
regs=2 stack=0 before 50: (1d) if r7 == r1 goto pc+23
regs=2 stack=0 before 49: (07) r2 += -50
regs=2 stack=0 before 48: (bf) r2 = r7
regs=2 stack=0 before 47: (b7) r1 = 54
53: (71) r3 = *(u8 *)(r3 +0)
invalid access to packet, off=54 size=1, R3(id=0,off=54,r=54)
R3 offset is outside of the packet
processed 52 insns (limit 1000000) max_states_per_insn 0 total_states 4 peak_states 4 mark_read 2

libbpf: -- END LOG --
libbpf: failed to load program 'bmc_rx_filter'
libbpf: failed to load object './bmc_kern.o'
Error: bpf_object__load_xattr failed

[pchaigno]

Could you share the full verifier logs, the Clang version you used, and the kernel version where you tested this?

I suspect that the compiler is computing payload+off and payload[off] separately and thus it's not registering the bound check as a limit for the payload[off] access.