I get a SIGILL when I run the following jtreg suite with ZGC on AArch64:
make test TEST=open/test/jdk/java/util/concurrent JTREG="JAVA_OPTIONS=-XX:+UseZGC"

# Problematic frame:
# J 5049 c2 Integrate$FQuad.recEval(DDDDD)D (152 bytes) @ 0x0000ffff6da55940 [0x0000ffff6da544c0+0x0000000000001480]

siginfo: si_signo: 4 (SIGILL), si_code: 1 (ILL_ILLOPC), si_addr: 0x0000ffff6da55940

The code stands in our load barrier stub and is trying to restore q registers:
ldp q31, q31, [sp, #224]

It seems odd that it tries to restore the two entries the same register.

The problematic restore seems to come from the zr part:
  regs[count++] = zr->encoding_nocheck();
  count &= ~1; // Only push an even number of regs

where zr->encoding_nocheck() seems to be interpreted as q31, and ending up as one of the registers that we want to restore when we crash.

I'm testing a version that performs a non-pair strq/ldrq instead, and it seems to solve the problem. Will run more tests over-night.