Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x86_64 jit code crash #609

Open
zhaozhongshu opened this issue Nov 14, 2024 · 0 comments
Open

x86_64 jit code crash #609

zhaozhongshu opened this issue Nov 14, 2024 · 0 comments

Comments

@zhaozhongshu
Copy link

bpf asm:

LBB2_40:
	r1 = r6
	r2 = 1
	r3 = 1203
	call 3
	r0 <<= 32
	r0 >>= 32
	if r0 == 0 goto LBB2_43
# %bb.41:
	r1 = r6
	r2 = 3
	r3 = 1204
	call 3
	r0 <<= 32
	r0 >>= 32
	if r0 == 0 goto LBB2_43

LBB2_43:
	r1 = r6
	r2 = 1
	r3 = 1205
	call 3
	r0 <<= 32
	r0 >>= 32
	if r0 == 0 goto LBB2_46

x86_64 jit asm:

 ;  [0x7fffcc6fef3d,0x7fffcc6fef8c] r3 = 1203 ; call 3  for LBB2_40
   0x7fffcc6fef3d:      mov    $0x4b3,%rdx
   0x7fffcc6fef44:      mov    %r10,%rcx
   0x7fffcc6fef47:      push   %r11
   0x7fffcc6fef49:      push   %r11
   0x7fffcc6fef4b:      mov    0x296f(%rip),%rax        # 0x7fffcc7018c1
   0x7fffcc6fef52:      cmp    $0x0,%rax
   0x7fffcc6fef59:      jne    0x7fffcc6fef7e
   0x7fffcc6fef5f:      mov    $0x3,%eax
   0x7fffcc6fef65:      shl    $0x3,%rax
   0x7fffcc6fef69:      lea    0x2959(%rip),%r10        # 0x7fffcc7018c9
   0x7fffcc6fef70:      add    %r10,%rax
   0x7fffcc6fef73:      mov    (%rax),%rax
   0x7fffcc6fef76:      mov    %r11,%r9
   0x7fffcc6fef79:      jmpq   0x7fffcc6fef85
   0x7fffcc6fef7e:      mov    $0x3,%r9
   0x7fffcc6fef85:      callq  0x7fffcc7018b0
=> 0x7fffcc6fef8a:      pop    %r11
   0x7fffcc6fef8c:      pop    %r11

   0x7fffcc6fef8e:      shl    $0x20,%rax
   0x7fffcc6fef92:      shr    $0x20,%rax
   0x7fffcc6fef96:      cmp    $0x0,%rax
=> 0x7fffcc6fef9d:      je     0x7fffcc7018b0    
   0x7fffcc6fefa3:      mov    %rbx,%rdi
   0x7fffcc6fefa6:      mov    $0x3,%rsi

; [0x7fffcc6fefad,0x7fffcc6feffc] r3 = 1204; call 3 for %bb.41
   0x7fffcc6fefad:      mov    $0x4b4,%rdx
   0x7fffcc6fefb4:      mov    %r10,%rcx
   0x7fffcc6fefb7:      push   %r11
   0x7fffcc6fefb9:      push   %r11
   0x7fffcc6fefbb:      mov    0x28ff(%rip),%rax        # 0x7fffcc7018c1
   0x7fffcc6fefc2:      cmp    $0x0,%rax
   0x7fffcc6fefc9:      jne    0x7fffcc6fefee
   0x7fffcc6fefcf:      mov    $0x3,%eax
   0x7fffcc6fefd5:      shl    $0x3,%rax
   0x7fffcc6fefd9:      lea    0x28e9(%rip),%r10        # 0x7fffcc7018c9
   0x7fffcc6fefe0:      add    %r10,%rax
   0x7fffcc6fefe3:      mov    (%rax),%rax
   0x7fffcc6fefe6:      mov    %r11,%r9
   0x7fffcc6fefe9:      jmpq   0x7fffcc6feff5
   0x7fffcc6fefee:      mov    $0x3,%r9
   0x7fffcc6feff5:      callq  0x7fffcc7018b0  
   0x7fffcc6feffa:      pop    %r11
   0x7fffcc6feffc:      pop    %r11

   0x7fffcc6feffe:      shl    $0x20,%rax
   0x7fffcc6ff002:      shr    $0x20,%rax
   0x7fffcc6ff006:      cmp    $0x0,%rax
   0x7fffcc6ff00d:      je     0x7fffcc7018b0
   0x7fffcc6ff013:      mov    %rbx,%rdi
   0x7fffcc6ff016:      mov    $0x1348dcc,%rsi
   0x7fffcc6ff01d:      mov    $0x186a0,%rdx
   0x7fffcc6ff024:      mov    %r10,%rcx

0x7fffcc7018b0(gdb) x/10i 0x7fffcc7018b0
=> 0x7fffcc7018b0:      callq  0x7fffcc7018bc
   0x7fffcc7018b5:      pause  
   0x7fffcc7018b7:      jmpq   0x7fffcc6fe000
   0x7fffcc7018bc:      mov    %rax,(%rsp)
   0x7fffcc7018c0:      retq

crash trace:

0x7fffcc6fef9d -> 0x7fffcc7018b0 -> 0x7fffcc7018bc -> 0x7fffcc7018c0(crash because rax=0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zhaozhongshu