Java 8 Update 51 (sun-jdk-8u51) Runtime Fatal Error after null MethodHandle invokeExact call with 448 System::gc Runnable arguments

Question

Summary

I was able to compile an interface with a main method that calls a null MethodHandle's invokeExact method with 448 instances of a Runnable method reference (System::gc).

When I ran the interface, a fatal error was then detected by the Java Runtime Environment:

SIGSEGV (0xb) at pc=0xb71b9bde, pid=12918, tid=3030936432
JRE version: Java(TM) SE Runtime Environment (8.0_51-b16) (build 1.8.0_51-b16)
Java VM: Java HotSpot(TM) Client VM (25.51-b03 mixed mode linux-x86 )
Problematic frame:
- V [libjvm.so+0x507bde] SignatureIterator::parse_type()+0x1ce

Source code and runtime result link: http://ideone.com/3oh7Uk

Source

interface $ {
  static void main(String[] $) throws Throwable {
    ((java.lang.invoke.MethodHandle) null).invokeExact(
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc,
      (Runnable) System::gc
    );
  }
}

Result

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0xb71b9bde, pid=12918, tid=3030936432
#
# JRE version: Java(TM) SE Runtime Environment (8.0_51-b16) (build 1.8.0_51-b16)
# Java VM: Java HotSpot(TM) Client VM (25.51-b03 mixed mode linux-x86 )
# Problematic frame:
# V  [libjvm.so+0x507bde]  SignatureIterator::parse_type()+0x1ce
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# Can not save log file, dump to screen..
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0xb71b9bde, pid=12918, tid=3030936432
#
# JRE version: Java(TM) SE Runtime Environment (8.0_51-b16) (build 1.8.0_51-b16)
# Java VM: Java HotSpot(TM) Client VM (25.51-b03 mixed mode linux-x86 )
# Problematic frame:
# V  [libjvm.so+0x507bde]  SignatureIterator::parse_type()+0x1ce
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
#   http://b...content-available-to-author-only...a.com/bugreport/crash.jsp
#

I haven't yet, since I am not quite sure if this should be considered as a bug in the first place. The JVM imposes on all methods and constructors of any kind an /absolute/ limit of 255 stacked arguments. Once I was able to circumvent that, well, I effectively broke the warranty. — srborlongan, Jan 18 '16 at 15:25
Anything that can crash the JVM can be considered a bug. We can exclude the case that you inject your own native code into the JVM’s process but since this is not the case, the rule applies. It would be ok if the verifier rejects the code, then we still have a compiler bug allowing to produce invalid code, however crashing is not a valid behavior. Java doesn’t have this kind of “undefined behavior” like `C`. Keep in mind that someone could deliver such code via an Applet… — Holger, Jan 18 '16 at 16:00
Maybe a Linux issue? I got: `Exception in thread "main" java.lang.IllegalArgumentException: bad parameter count 448 at java.lang.invoke.MethodHandleStatics.newIllegalArgumentException(MethodHandleStatics.java:139)` — Holger, Jan 18 '16 at 16:05
@Holger same as you with Java 1.8.0_66-b17 x64 on Ubuntu 15.10. — Didier L, Jan 18 '16 at 16:32
@Holger The other reason why I was wary of submitting a bug report is because I have only seen this bug happen in Ideone, since I do not actually have any other way to test Java 8. According to the crash log's vm_info and uname, Ideone uses Red Hat 4.3.0-8 with kernel version 2.6.34. — srborlongan, Jan 18 '16 at 23:30
@srborlongan On CentOS 7 with kernel 3.10, Java 1.8.0_65 there is only an `java.lang.IllegalArgumentException` on execution. — SubOptimal, Jan 19 '16 at 07:13

Java 8 Update 51 (sun-jdk-8u51) Runtime Fatal Error after null MethodHandle invokeExact call with 448 System::gc Runnable arguments

0 Answers0