P4
When running jck26 test
vm/concepts/execution/execution002/execution00212m9/execution00212m9
with asan - enabled binaries, the following issue is reported on Linux x86_64 :
==17340==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000054fb4 at pc 0x7fcf4bcaf03a bp 0x7fcefb781b80 sp 0x7fcefb781b78
READ of size 1 at 0x506000054fb4 thread T129
#0 0x7fcf4bcaf039 in ClassFileParser::skip_over_field_signature(char const*, bool, unsigned int, JavaThread*) const src/hotspot/share/classfile/classFileParser.cpp:4685
#1 0x7fcf4bcb824b in ClassFileParser::verify_legal_method_signature(Symbol const*, Symbol const*, JavaThread*) const src/hotspot/share/classfile/classFileParser.cpp:4916
#2 0x7fcf4bcc827c in ClassFileParser::parse_method(ClassFileStream const*, bool, ConstantPool const*, bool*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:2189
#3 0x7fcf4bccb738 in ClassFileParser::parse_methods(ClassFileStream const*, bool, bool*, bool*, bool*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:2741
#4 0x7fcf4bccb738 in ClassFileParser::parse_methods(ClassFileStream const*, bool, bool*, bool*, bool*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:2717
#5 0x7fcf4bcd40d0 in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5708
#6 0x7fcf4bcd7e45 in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5436
#7 0x7fcf4bcd7e45 in ClassFileParser::ClassFileParser(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const*, ClassFileParser::Publicity, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5433
#8 0x7fcf4d2cace5 in KlassFactory::create_from_stream(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/klassFactory.cpp:202
#9 0x7fcf4e3f2312 in SystemDictionary::resolve_class_from_stream(ClassFileStream*, Symbol*, Handle, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/systemDictionary.cpp:869
#10 0x7fcf4cdb1c27 in jvm_define_class_common src/hotspot/share/prims/jvm.cpp:893
#11 0x7fcf4cdb2b07 in JVM_DefineClassWithSource src/hotspot/share/prims/jvm.cpp:1060
#12 0x7fcf51a3d914 in Java_java_lang_ClassLoader_defineClass1 src/java.base/share/native/libjava/ClassLoader.c:139
#13 0x7fcf391d03eb ()
0x506000054fb4 is located 0 bytes after 52-byte region [0x506000054f80,0x506000054fb4)
allocated by thread T129 here:
#0 0x7fcf526f7237 in malloc (/usr/lib64/libasan.so.8+0xf7237) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf4d971537 in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x7fcf4d971537 in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:660
#3 0x7fcf4b331eeb in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:39
#4 0x7fcf4b331eeb in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:49
#5 0x7fcf4e3c08c0 in SymbolTableConfig::allocate_node_impl(unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:195
#6 0x7fcf4e3c08c0 in SymbolTableConfig::allocate_node(void*, unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:137
#7 0x7fcf4e3c08c0 in ConcurrentHashTable::Node::create_node(void*, Symbol const&, ConcurrentHashTable::Node*) src/hotspot/share/utilities/concurrentHashTable.hpp:93
#8 0x7fcf4e3c08c0 in bool ConcurrentHashTable::internal_insert_get::insert(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP>(Thread*, SymbolTableLookup&, Symbol const&, ConcurrentHashTable::insert(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.inline.hpp:896
#9 0x7fcf4e3c08c0 in bool ConcurrentHashTable::insert(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.hpp:471
#10 0x7fcf4e3c08c0 in SymbolTable::do_add_if_needed(char const*, int, unsigned long, bool) src/hotspot/share/classfile/symbolTable.cpp:520
#11 0x7fcf4e3c48aa in SymbolTable::new_symbols(ClassLoaderData*, constantPoolHandle const&, int, char const**, int*, int*, unsigned int*) src/hotspot/share/classfile/symbolTable.cpp:498
#12 0x7fcf4bccf800 in ClassFileParser::parse_constant_pool_entries(ClassFileStream const*, ConstantPool*, int, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:390
#13 0x7fcf4bcd2acf in ClassFileParser::parse_constant_pool(ClassFileStream const*, ConstantPool*, int, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:425
#14 0x7fcf4bcd2acf in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5571
#15 0x7fcf4bcd7e45 in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5436
#16 0x7fcf4bcd7e45 in ClassFileParser::ClassFileParser(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const*, ClassFileParser::Publicity, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5433
#17 0x7fcf4d2cace5 in KlassFactory::create_from_stream(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/klassFactory.cpp:202
#18 0x7fcf4e3f2312 in SystemDictionary::resolve_class_from_stream(ClassFileStream*, Symbol*, Handle, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/systemDictionary.cpp:869
#19 0x7fcf4cdb1c27 in jvm_define_class_common src/hotspot/share/prims/jvm.cpp:893
#20 0x7fcf4cdb2b07 in JVM_DefineClassWithSource src/hotspot/share/prims/jvm.cpp:1060
#21 0x7fcf51a3d914 in Java_java_lang_ClassLoader_defineClass1 src/java.base/share/native/libjava/ClassLoader.c:139
#22 0x7fcf391d03eb ()
#23 0x7fcf3176f36b ()
#24 0x7fcf38a679e1 ()
#25 0x7fcf38a679e1 ()
#26 0x7fcf38a67847 ()
#27 0x7fcf38a67d55 ()
#28 0x7fcf38a67847 ()
#29 0x7fcf38a606a6 ()
#30 0x7fcf4c9cffe7 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#31 0x7fcf4c9d8891 in JavaCalls::call(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:323
#32 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:179
#33 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:185
#34 0x7fcf4cd75168 in thread_entry src/hotspot/share/prims/jvm.cpp:2742
#35 0x7fcf4ca264f2 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:775
#36 0x7fcf4ca3b247 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:755
#37 0x7fcf4ca3b247 in JavaThread::run() src/hotspot/share/runtime/javaThread.cpp:760
#38 0x7fcf4e4f063f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#39 0x7fcf4d98c3a2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:889
#40 0x7fcf5265eef5 (/usr/lib64/libasan.so.8+0x5eef5) (BuildId: 976da020d733554aded39770c1e088dce0154259)
Thread T129 created by T29 here:
#0 0x7fcf526ef0c1 in pthread_create (/usr/lib64/libasan.so.8+0xef0c1) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf4d98f5e0 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1082
#2 0x7fcf4cdb5b2c in JVM_StartThread src/hotspot/share/prims/jvm.cpp:2805
#3 0x7fcf38a6c16f ()
#4 0x7fcf38a67847 ()
#5 0x7fcf38a67847 ()
#6 0x7fcf38a679e1 ()
#7 0x7fcf38a679e1 ()
#8 0x7fcf38a679e1 ()
#9 0x7fcf38a67847 ()
#10 0x7fcf38a67847 ()
#11 0x7fcf38a67847 ()
#12 0x7fcf38a67d55 ()
#13 0x7fcf38a67847 ()
#14 0x7fcf38a606a6 ()
#15 0x7fcf4c9cffe7 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#16 0x7fcf4c9d8891 in JavaCalls::call(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:323
#17 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:179
#18 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:185
#19 0x7fcf4cd75168 in thread_entry src/hotspot/share/prims/jvm.cpp:2742
#20 0x7fcf4ca264f2 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:775
#21 0x7fcf4ca3b247 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:755
#22 0x7fcf4ca3b247 in JavaThread::run() src/hotspot/share/runtime/javaThread.cpp:760
#23 0x7fcf4e4f063f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#24 0x7fcf4d98c3a2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:889
#25 0x7fcf5265eef5 (/usr/lib64/libasan.so.8+0x5eef5) (BuildId: 976da020d733554aded39770c1e088dce0154259)
Thread T29 created by T1 here:
#0 0x7fcf526ef0c1 in pthread_create (/usr/lib64/libasan.so.8+0xef0c1) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf4d98f5e0 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1082
#2 0x7fcf4cdb5b2c in JVM_StartThread src/hotspot/share/prims/jvm.cpp:2805
#3 0x7fcf38a6c16f ()
#4 0x7fcf38a67847 ()
#5 0x7fcf38a67847 ()
#6 0x7fcf38a67847 ()
#7 0x7fcf38a67847 ()
#8 0x7fcf38a67847 ()
#9 0x7fcf38a606a6 ()
#10 0x7fcf4c9cffe7 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#11 0x7fcf4cce1263 in jni_invoke_static src/hotspot/share/prims/jni.cpp:881
#12 0x7fcf4ccead29 in jni_CallStaticVoidMethod src/hotspot/share/prims/jni.cpp:1710
#13 0x7fcf52e2105b in invokeStaticMainWithArgs src/java.base/share/native/libjli/java.c:392
#14 0x7fcf52e24cef in JavaMain src/java.base/share/native/libjli/java.c:640
#15 0x7fcf52e29fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#16 0x7fcf5265eef5 (/usr/lib64/libasan.so.8+0x5eef5) (BuildId: 976da020d733554aded39770c1e088dce0154259)
Thread T1 created by T0 here:
#0 0x7fcf526ef0c1 in pthread_create (/usr/lib64/libasan.so.8+0xef0c1) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf52e2b928 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x7fcf52e27580 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x7fcf52e28edd in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x56087583b0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x7fcf52240e6b in __libc_start_call_main (/lib64/libc.so.6+0x40e6b) (BuildId: 16dc6ffdd6165c6cb0346d683a041c90daa99730)
SUMMARY: AddressSanitizer: heap-buffer-overflow src/hotspot/share/classfile/classFileParser.cpp:4685 in ClassFileParser::skip_over_field_signature(char const*, bool, unsigned int, JavaThread*) const
Shadow bytes around the buggy address:
0x506000054d00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fa
0x506000054d80: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x506000054e00: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x506000054e80: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 00
0x506000054f00: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
=>0x506000054f80: 00 00 00 00 00 00[04]fa fa fa fa fa fa fa fa fa
0x506000055000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
vm/concepts/execution/execution002/execution00212m9/execution00212m9
with asan - enabled binaries, the following issue is reported on Linux x86_64 :
==17340==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x506000054fb4 at pc 0x7fcf4bcaf03a bp 0x7fcefb781b80 sp 0x7fcefb781b78
READ of size 1 at 0x506000054fb4 thread T129
#0 0x7fcf4bcaf039 in ClassFileParser::skip_over_field_signature(char const*, bool, unsigned int, JavaThread*) const src/hotspot/share/classfile/classFileParser.cpp:4685
#1 0x7fcf4bcb824b in ClassFileParser::verify_legal_method_signature(Symbol const*, Symbol const*, JavaThread*) const src/hotspot/share/classfile/classFileParser.cpp:4916
#2 0x7fcf4bcc827c in ClassFileParser::parse_method(ClassFileStream const*, bool, ConstantPool const*, bool*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:2189
#3 0x7fcf4bccb738 in ClassFileParser::parse_methods(ClassFileStream const*, bool, bool*, bool*, bool*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:2741
#4 0x7fcf4bccb738 in ClassFileParser::parse_methods(ClassFileStream const*, bool, bool*, bool*, bool*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:2717
#5 0x7fcf4bcd40d0 in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5708
#6 0x7fcf4bcd7e45 in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5436
#7 0x7fcf4bcd7e45 in ClassFileParser::ClassFileParser(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const*, ClassFileParser::Publicity, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5433
#8 0x7fcf4d2cace5 in KlassFactory::create_from_stream(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/klassFactory.cpp:202
#9 0x7fcf4e3f2312 in SystemDictionary::resolve_class_from_stream(ClassFileStream*, Symbol*, Handle, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/systemDictionary.cpp:869
#10 0x7fcf4cdb1c27 in jvm_define_class_common src/hotspot/share/prims/jvm.cpp:893
#11 0x7fcf4cdb2b07 in JVM_DefineClassWithSource src/hotspot/share/prims/jvm.cpp:1060
#12 0x7fcf51a3d914 in Java_java_lang_ClassLoader_defineClass1 src/java.base/share/native/libjava/ClassLoader.c:139
#13 0x7fcf391d03eb ()
0x506000054fb4 is located 0 bytes after 52-byte region [0x506000054f80,0x506000054fb4)
allocated by thread T129 here:
#0 0x7fcf526f7237 in malloc (/usr/lib64/libasan.so.8+0xf7237) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf4d971537 in permit_forbidden_function::malloc(unsigned long) src/hotspot/share/utilities/permitForbiddenFunctions.hpp:63
#2 0x7fcf4d971537 in os::malloc(unsigned long, MemTag, NativeCallStack const&) src/hotspot/share/runtime/os.cpp:660
#3 0x7fcf4b331eeb in AllocateHeap(unsigned long, MemTag, NativeCallStack const&, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:39
#4 0x7fcf4b331eeb in AllocateHeap(unsigned long, MemTag, AllocFailStrategy::AllocFailEnum) src/hotspot/share/memory/allocation.cpp:49
#5 0x7fcf4e3c08c0 in SymbolTableConfig::allocate_node_impl(unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:195
#6 0x7fcf4e3c08c0 in SymbolTableConfig::allocate_node(void*, unsigned long, Symbol const&) src/hotspot/share/classfile/symbolTable.cpp:137
#7 0x7fcf4e3c08c0 in ConcurrentHashTable::Node::create_node(void*, Symbol const&, ConcurrentHashTable::Node*) src/hotspot/share/utilities/concurrentHashTable.hpp:93
#8 0x7fcf4e3c08c0 in bool ConcurrentHashTable::internal_insert_get::insert(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP>(Thread*, SymbolTableLookup&, Symbol const&, ConcurrentHashTable::insert(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*)::NOP&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.inline.hpp:896
#9 0x7fcf4e3c08c0 in bool ConcurrentHashTable::insert(Thread*, SymbolTableLookup&, Symbol const&, bool*, bool*) src/hotspot/share/utilities/concurrentHashTable.hpp:471
#10 0x7fcf4e3c08c0 in SymbolTable::do_add_if_needed(char const*, int, unsigned long, bool) src/hotspot/share/classfile/symbolTable.cpp:520
#11 0x7fcf4e3c48aa in SymbolTable::new_symbols(ClassLoaderData*, constantPoolHandle const&, int, char const**, int*, int*, unsigned int*) src/hotspot/share/classfile/symbolTable.cpp:498
#12 0x7fcf4bccf800 in ClassFileParser::parse_constant_pool_entries(ClassFileStream const*, ConstantPool*, int, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:390
#13 0x7fcf4bcd2acf in ClassFileParser::parse_constant_pool(ClassFileStream const*, ConstantPool*, int, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:425
#14 0x7fcf4bcd2acf in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5571
#15 0x7fcf4bcd7e45 in ClassFileParser::parse_stream(ClassFileStream const*, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5436
#16 0x7fcf4bcd7e45 in ClassFileParser::ClassFileParser(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const*, ClassFileParser::Publicity, JavaThread*) src/hotspot/share/classfile/classFileParser.cpp:5433
#17 0x7fcf4d2cace5 in KlassFactory::create_from_stream(ClassFileStream*, Symbol*, ClassLoaderData*, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/klassFactory.cpp:202
#18 0x7fcf4e3f2312 in SystemDictionary::resolve_class_from_stream(ClassFileStream*, Symbol*, Handle, ClassLoadInfo const&, JavaThread*) src/hotspot/share/classfile/systemDictionary.cpp:869
#19 0x7fcf4cdb1c27 in jvm_define_class_common src/hotspot/share/prims/jvm.cpp:893
#20 0x7fcf4cdb2b07 in JVM_DefineClassWithSource src/hotspot/share/prims/jvm.cpp:1060
#21 0x7fcf51a3d914 in Java_java_lang_ClassLoader_defineClass1 src/java.base/share/native/libjava/ClassLoader.c:139
#22 0x7fcf391d03eb ()
#23 0x7fcf3176f36b ()
#24 0x7fcf38a679e1 ()
#25 0x7fcf38a679e1 ()
#26 0x7fcf38a67847 ()
#27 0x7fcf38a67d55 ()
#28 0x7fcf38a67847 ()
#29 0x7fcf38a606a6 ()
#30 0x7fcf4c9cffe7 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#31 0x7fcf4c9d8891 in JavaCalls::call(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:323
#32 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:179
#33 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:185
#34 0x7fcf4cd75168 in thread_entry src/hotspot/share/prims/jvm.cpp:2742
#35 0x7fcf4ca264f2 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:775
#36 0x7fcf4ca3b247 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:755
#37 0x7fcf4ca3b247 in JavaThread::run() src/hotspot/share/runtime/javaThread.cpp:760
#38 0x7fcf4e4f063f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#39 0x7fcf4d98c3a2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:889
#40 0x7fcf5265eef5 (/usr/lib64/libasan.so.8+0x5eef5) (BuildId: 976da020d733554aded39770c1e088dce0154259)
Thread T129 created by T29 here:
#0 0x7fcf526ef0c1 in pthread_create (/usr/lib64/libasan.so.8+0xef0c1) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf4d98f5e0 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1082
#2 0x7fcf4cdb5b2c in JVM_StartThread src/hotspot/share/prims/jvm.cpp:2805
#3 0x7fcf38a6c16f ()
#4 0x7fcf38a67847 ()
#5 0x7fcf38a67847 ()
#6 0x7fcf38a679e1 ()
#7 0x7fcf38a679e1 ()
#8 0x7fcf38a679e1 ()
#9 0x7fcf38a67847 ()
#10 0x7fcf38a67847 ()
#11 0x7fcf38a67847 ()
#12 0x7fcf38a67d55 ()
#13 0x7fcf38a67847 ()
#14 0x7fcf38a606a6 ()
#15 0x7fcf4c9cffe7 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#16 0x7fcf4c9d8891 in JavaCalls::call(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:323
#17 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:179
#18 0x7fcf4c9d8891 in JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:185
#19 0x7fcf4cd75168 in thread_entry src/hotspot/share/prims/jvm.cpp:2742
#20 0x7fcf4ca264f2 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:775
#21 0x7fcf4ca3b247 in JavaThread::thread_main_inner() src/hotspot/share/runtime/javaThread.cpp:755
#22 0x7fcf4ca3b247 in JavaThread::run() src/hotspot/share/runtime/javaThread.cpp:760
#23 0x7fcf4e4f063f in Thread::call_run() src/hotspot/share/runtime/thread.cpp:243
#24 0x7fcf4d98c3a2 in thread_native_entry src/hotspot/os/linux/os_linux.cpp:889
#25 0x7fcf5265eef5 (/usr/lib64/libasan.so.8+0x5eef5) (BuildId: 976da020d733554aded39770c1e088dce0154259)
Thread T29 created by T1 here:
#0 0x7fcf526ef0c1 in pthread_create (/usr/lib64/libasan.so.8+0xef0c1) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf4d98f5e0 in os::create_thread(Thread*, os::ThreadType, unsigned long) src/hotspot/os/linux/os_linux.cpp:1082
#2 0x7fcf4cdb5b2c in JVM_StartThread src/hotspot/share/prims/jvm.cpp:2805
#3 0x7fcf38a6c16f ()
#4 0x7fcf38a67847 ()
#5 0x7fcf38a67847 ()
#6 0x7fcf38a67847 ()
#7 0x7fcf38a67847 ()
#8 0x7fcf38a67847 ()
#9 0x7fcf38a606a6 ()
#10 0x7fcf4c9cffe7 in JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) src/hotspot/share/runtime/javaCalls.cpp:415
#11 0x7fcf4cce1263 in jni_invoke_static src/hotspot/share/prims/jni.cpp:881
#12 0x7fcf4ccead29 in jni_CallStaticVoidMethod src/hotspot/share/prims/jni.cpp:1710
#13 0x7fcf52e2105b in invokeStaticMainWithArgs src/java.base/share/native/libjli/java.c:392
#14 0x7fcf52e24cef in JavaMain src/java.base/share/native/libjli/java.c:640
#15 0x7fcf52e29fd8 in ThreadJavaMain src/java.base/unix/native/libjli/java_md.c:646
#16 0x7fcf5265eef5 (/usr/lib64/libasan.so.8+0x5eef5) (BuildId: 976da020d733554aded39770c1e088dce0154259)
Thread T1 created by T0 here:
#0 0x7fcf526ef0c1 in pthread_create (/usr/lib64/libasan.so.8+0xef0c1) (BuildId: 976da020d733554aded39770c1e088dce0154259)
#1 0x7fcf52e2b928 in CallJavaMainInNewThread src/java.base/unix/native/libjli/java_md.c:687
#2 0x7fcf52e27580 in ContinueInNewThread src/java.base/share/native/libjli/java.c:2340
#3 0x7fcf52e28edd in JLI_Launch src/java.base/share/native/libjli/java.c:330
#4 0x56087583b0fc in main src/java.base/share/native/launcher/main.c:150
#5 0x7fcf52240e6b in __libc_start_call_main (/lib64/libc.so.6+0x40e6b) (BuildId: 16dc6ffdd6165c6cb0346d683a041c90daa99730)
SUMMARY: AddressSanitizer: heap-buffer-overflow src/hotspot/share/classfile/classFileParser.cpp:4685 in ClassFileParser::skip_over_field_signature(char const*, bool, unsigned int, JavaThread*) const
Shadow bytes around the buggy address:
0x506000054d00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fa
0x506000054d80: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x506000054e00: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x506000054e80: fd fd fd fa fa fa fa fa 00 00 00 00 00 00 00 00
0x506000054f00: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
=>0x506000054f80: 00 00 00 00 00 00[04]fa fa fa fa fa fa fa fa fa
0x506000055000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x506000055200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb