Open
Description
Hello,
We are working on the jbpf project and have encountered a segmentation fault while running the jbpf_hash_codelet_test on ARM64.
This test passes successfully on x86-64 (Ubuntu22.04, Ubuntu24.04 and Azure Linux 3) but crashes on ARM64 after a few iterations. We suspect the issue may be related to stack corruption.
Specifically, in the following Case 3 of the test, the segfault occurs.
We would greatly appreciate any insights or help on diagnosing and fixing this issue. Thank you!
Relevant source code: jbpf_helper_example.c
Environment
- Target Architecture: ARM64 (segfault observed) and x86-64 (passes)
- OS: Ubuntu 24.04 on x86 and Ubuntun 22.04 on ARM64
- ubpf commit used: 8e5b612
ubpf Compilation Flags
ARCH := $(shell uname -m)
ifeq ($(ARCH),aarch64)
SYS_INC := -I/usr/include/aarch64-linux-gnu
PLATFORM = -D__aarch64__
else
PLATFORM = -D__x86_64__
endif
CC = clang
INC = -I${JBPF_PATH}/src/common -I${JBPF_PATH}/jbpf_tests/common -I${JBPF_PATH}/src/core $(SYS_INC)
CFLAGS = -O2 -target bpf -Wall -DJBPF_DEBUG_ENABLED $(PLATFORM)
SOURCES = $(wildcard *.c)
OBJECTS = $(SOURCES:.c=.o)1. This is the dump on x86-64 - ubuntu24.04 without jbpf_printf_debug("Hash: %x\n", hash); on LINE 24
llvm-objdump -d jbpf_helper_example.o
jbpf_helper_example.o: file format elf64-bpf
Disassembly of section jbpf_generic:
0000000000000000 <jbpf_main>:
0: b7 00 00 00 01 00 00 00 r0 = 0x1
1: 79 12 08 00 00 00 00 00 r2 = *(u64 *)(r1 + 0x8)
2: 79 16 00 00 00 00 00 00 r6 = *(u64 *)(r1 + 0x0)
3: bf 61 00 00 00 00 00 00 r1 = r6
4: 07 01 00 00 04 00 00 00 r1 += 0x4
5: 2d 21 15 00 00 00 00 00 if r1 > r2 goto +0x15 <LBB0_4>
6: b7 01 00 00 21 00 00 00 r1 = 0x21
7: 6b 1a fc ff 00 00 00 00 *(u16 *)(r10 - 0x4) = r1
8: b7 01 00 00 6f 72 6c 64 r1 = 0x646c726f
9: 63 1a f8 ff 00 00 00 00 *(u32 *)(r10 - 0x8) = r1
10: 18 01 00 00 48 65 6c 6c 00 00 00 00 6f 2c 20 57 r1 = 0x57202c6f6c6c6548 ll
12: 7b 1a f0 ff 00 00 00 00 *(u64 *)(r10 - 0x10) = r1
13: bf a1 00 00 00 00 00 00 r1 = r10
14: 07 01 00 00 f0 ff ff ff r1 += -0x10
15: b7 02 00 00 0e 00 00 00 r2 = 0xe
16: 85 00 00 00 0a 00 00 00 call 0xa
17: bf 01 00 00 00 00 00 00 r1 = r0
18: 67 01 00 00 20 00 00 00 r1 <<= 0x20
19: 77 01 00 00 20 00 00 00 r1 >>= 0x20
20: b7 00 00 00 00 00 00 00 r0 = 0x0
21: b7 02 00 00 01 00 00 00 r2 = 0x1
22: 18 03 00 00 74 ed a4 b3 00 00 00 00 00 00 00 00 r3 = 0xb3a4ed74 ll
24: 1d 31 01 00 00 00 00 00 if r1 == r3 goto +0x1 <LBB0_3>
25: b7 02 00 00 00 00 00 00 r2 = 0x0
00000000000000d0 <LBB0_3>:
26: 63 26 00 00 00 00 00 00 *(u32 *)(r6 + 0x0) = r2
00000000000000d8 <LBB0_4>:
27: 95 00 00 00 00 00 00 00 exit
2. This is the dump on x86-64 - ubuntu24.04 with jbpf_printf_debug("Hash: %x\n", hash); on LINE 24
llvm-objdump -d jbpf_helper_example.o
jbpf_helper_example.o: file format elf64-bpf
Disassembly of section jbpf_generic:
0000000000000000 <jbpf_main>:
0: b7 00 00 00 01 00 00 00 r0 = 0x1
1: 79 12 08 00 00 00 00 00 r2 = *(u64 *)(r1 + 0x8)
2: 79 17 00 00 00 00 00 00 r7 = *(u64 *)(r1 + 0x0)
3: bf 71 00 00 00 00 00 00 r1 = r7
4: 07 01 00 00 04 00 00 00 r1 += 0x4
5: 2d 21 1f 00 00 00 00 00 if r1 > r2 goto +0x1f <LBB0_4>
6: b7 01 00 00 21 00 00 00 r1 = 0x21
7: 6b 1a fc ff 00 00 00 00 *(u16 *)(r10 - 0x4) = r1
8: b7 01 00 00 6f 72 6c 64 r1 = 0x646c726f
9: 63 1a f8 ff 00 00 00 00 *(u32 *)(r10 - 0x8) = r1
10: 18 01 00 00 48 65 6c 6c 00 00 00 00 6f 2c 20 57 r1 = 0x57202c6f6c6c6548 ll
12: 7b 1a f0 ff 00 00 00 00 *(u64 *)(r10 - 0x10) = r1
13: bf a1 00 00 00 00 00 00 r1 = r10
14: 07 01 00 00 f0 ff ff ff r1 += -0x10
15: b7 02 00 00 0e 00 00 00 r2 = 0xe
16: 85 00 00 00 0a 00 00 00 call 0xa
17: bf 06 00 00 00 00 00 00 r6 = r0
18: 18 01 00 00 48 61 73 68 00 00 00 00 3a 20 25 78 r1 = 0x7825203a68736148 ll
20: 7b 1a e0 ff 00 00 00 00 *(u64 *)(r10 - 0x20) = r1
21: b7 01 00 00 0a 00 00 00 r1 = 0xa
22: 6b 1a e8 ff 00 00 00 00 *(u16 *)(r10 - 0x18) = r1
23: bf a1 00 00 00 00 00 00 r1 = r10
24: 07 01 00 00 e0 ff ff ff r1 += -0x20
25: b7 02 00 00 0a 00 00 00 r2 = 0xa
26: bf 63 00 00 00 00 00 00 r3 = r6
27: 85 00 00 00 0b 00 00 00 call 0xb
28: 67 06 00 00 20 00 00 00 r6 <<= 0x20
29: 77 06 00 00 20 00 00 00 r6 >>= 0x20
30: b7 00 00 00 00 00 00 00 r0 = 0x0
31: b7 01 00 00 01 00 00 00 r1 = 0x1
32: 18 02 00 00 74 ed a4 b3 00 00 00 00 00 00 00 00 r2 = 0xb3a4ed74 ll
34: 1d 26 01 00 00 00 00 00 if r6 == r2 goto +0x1 <LBB0_3>
35: b7 01 00 00 00 00 00 00 r1 = 0x0
0000000000000120 <LBB0_3>:
36: 63 17 00 00 00 00 00 00 *(u32 *)(r7 + 0x0) = r1
0000000000000128 <LBB0_4>:
37: 95 00 00 00 00 00 00 00 exit
3. This is the dump on ARM64 - ubuntu22.04 without jbpf_printf_debug("Hash: %x\n", hash); on LINE 24
llvm-objdump -d jbpf_helper_example.o
jbpf_helper_example.o: file format elf64-bpf
Disassembly of section jbpf_generic:
0000000000000000 <jbpf_main>:
0: b7 00 00 00 01 00 00 00 r0 = 1
1: 79 12 08 00 00 00 00 00 r2 = *(u64 *)(r1 + 8)
2: 79 16 00 00 00 00 00 00 r6 = *(u64 *)(r1 + 0)
3: bf 61 00 00 00 00 00 00 r1 = r6
4: 07 01 00 00 60 00 00 00 r1 += 96
5: 2d 21 15 00 00 00 00 00 if r1 > r2 goto +21 <LBB0_4>
6: b7 01 00 00 21 00 00 00 r1 = 33
7: 6b 1a fc ff 00 00 00 00 *(u16 *)(r10 - 4) = r1
8: b7 01 00 00 6f 72 6c 64 r1 = 1684828783
9: 63 1a f8 ff 00 00 00 00 *(u32 *)(r10 - 8) = r1
10: 18 01 00 00 48 65 6c 6c 00 00 00 00 6f 2c 20 57 r1 = 6278066737626506568 ll
12: 7b 1a f0 ff 00 00 00 00 *(u64 *)(r10 - 16) = r1
13: bf a1 00 00 00 00 00 00 r1 = r10
14: 07 01 00 00 f0 ff ff ff r1 += -16
15: b7 02 00 00 0e 00 00 00 r2 = 14
16: 85 00 00 00 0a 00 00 00 call 10
17: bf 01 00 00 00 00 00 00 r1 = r0
18: 67 01 00 00 20 00 00 00 r1 <<= 32
19: 77 01 00 00 20 00 00 00 r1 >>= 32
20: b7 00 00 00 00 00 00 00 r0 = 0
21: b7 02 00 00 01 00 00 00 r2 = 1
22: 18 03 00 00 74 ed a4 b3 00 00 00 00 00 00 00 00 r3 = 3013930356 ll
24: 1d 31 01 00 00 00 00 00 if r1 == r3 goto +1 <LBB0_3>
25: b7 02 00 00 00 00 00 00 r2 = 0
00000000000000d0 <LBB0_3>:
26: 63 26 00 00 00 00 00 00 *(u32 *)(r6 + 0) = r2
00000000000000d8 <LBB0_4>:
27: 95 00 00 00 00 00 00 00 exit
4. This is the dump on ARM64 - ubuntu22.04 with jbpf_printf_debug("Hash: %x\n", hash); on LINE 24
llvm-objdump -d jbpf_helper_example.o
jbpf_helper_example.o: file format elf64-bpf
Disassembly of section jbpf_generic:
0000000000000000 <jbpf_main>:
0: b7 00 00 00 01 00 00 00 r0 = 1
1: 79 12 08 00 00 00 00 00 r2 = *(u64 *)(r1 + 8)
2: 79 17 00 00 00 00 00 00 r7 = *(u64 *)(r1 + 0)
3: bf 71 00 00 00 00 00 00 r1 = r7
4: 07 01 00 00 60 00 00 00 r1 += 96
5: 2d 21 1f 00 00 00 00 00 if r1 > r2 goto +31 <LBB0_4>
6: b7 01 00 00 21 00 00 00 r1 = 33
7: 6b 1a fc ff 00 00 00 00 *(u16 *)(r10 - 4) = r1
8: b7 01 00 00 6f 72 6c 64 r1 = 1684828783
9: 63 1a f8 ff 00 00 00 00 *(u32 *)(r10 - 8) = r1
10: 18 01 00 00 48 65 6c 6c 00 00 00 00 6f 2c 20 57 r1 = 6278066737626506568 ll
12: 7b 1a f0 ff 00 00 00 00 *(u64 *)(r10 - 16) = r1
13: bf a1 00 00 00 00 00 00 r1 = r10
14: 07 01 00 00 f0 ff ff ff r1 += -16
15: b7 02 00 00 0e 00 00 00 r2 = 14
16: 85 00 00 00 0a 00 00 00 call 10
17: bf 06 00 00 00 00 00 00 r6 = r0
18: 18 01 00 00 48 61 73 68 00 00 00 00 3a 20 25 78 r1 = 8657361293922230600 ll
20: 7b 1a e0 ff 00 00 00 00 *(u64 *)(r10 - 32) = r1
21: b7 01 00 00 0a 00 00 00 r1 = 10
22: 6b 1a e8 ff 00 00 00 00 *(u16 *)(r10 - 24) = r1
23: bf a1 00 00 00 00 00 00 r1 = r10
24: 07 01 00 00 e0 ff ff ff r1 += -32
25: b7 02 00 00 0a 00 00 00 r2 = 10
26: bf 63 00 00 00 00 00 00 r3 = r6
27: 85 00 00 00 0b 00 00 00 call 11
28: 67 06 00 00 20 00 00 00 r6 <<= 32
29: 77 06 00 00 20 00 00 00 r6 >>= 32
30: b7 00 00 00 00 00 00 00 r0 = 0
31: b7 01 00 00 01 00 00 00 r1 = 1
32: 18 02 00 00 74 ed a4 b3 00 00 00 00 00 00 00 00 r2 = 3013930356 ll
34: 1d 26 01 00 00 00 00 00 if r6 == r2 goto +1 <LBB0_3>
35: b7 01 00 00 00 00 00 00 r1 = 0
0000000000000120 <LBB0_3>:
36: 63 17 00 00 00 00 00 00 *(u32 *)(r7 + 0) = r1
0000000000000128 <LBB0_4>:
37: 95 00 00 00 00 00 00 00 exit
Issue Summary:
- On x86-64, both versions (with and without jbpf_printf_debug) work correctly.
- On ARM64, the test segfaults after a few iterations (especially when running Case 3).
This suggests a platform-specific problem, likely related to stack alignment, memory layout, or ABI differences.
Metadata
Metadata
Assignees
Labels
No labels