[llvm-bugs] [Bug 177353] [BUG] Clang/llvm incorrectly optimized out a structure variable, causing OpenJDK crash

LLVM Bugs via llvm-bugs Thu, 22 Jan 2026 04:50:20 -0800

Issue	177353
Summary	[BUG] Clang/llvm incorrectly optimized out a structure variable, causing OpenJDK crash
Labels	clang
Assignees
Reporter	sendaoYan

    Clang/llvm incorrectly eliminated structure variable `cdata` in function `handleMessage`, causing OpenJDK to crash. This seems like clang/llvm bug, so I create this issue.


Crash log:

```
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f3748088ace, pid=1476416, tid=1476448
#
# JRE version: OpenJDK Runtime Environment (27.0) (build 27-internal-adhoc.yansendao.jdk-ysd)
# Java VM: OpenJDK 64-Bit Server VM (27-internal-adhoc.yansendao.jdk-ysd, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# C  [libsctp.so+0x3ace] handleMessage+0x4e
#
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /data/yansendao/git/jdk-ysd/build/manual-run/jt-work/scratch/hs_err_pid1476416.log
```

The function `handleMessage` of a file from OpenJDK, localted at https://github.com/openjdk/jdk/blob/master/src/jdk.sctp/unix/native/libsctp/SctpChannelImpl.c#L388


Function `handleMessage` implementation:

getControlData will write all the files of cdata. But cdata has been optimized out by clang/llvm. So JVM crash at function handleMessage.

```c
void handleMessage
  (JNIEnv* env, jobject resultContainerObj, struct msghdr* msg,int read,
   jboolean isEOR, struct sockaddr* sap) {
    jobject isa, resultObj;
    struct controlData cdata[1];

    if (read == 0) {
        /* we reached EOF */
        read = -1;
    }

    isa = SockAddrToInetSocketAddress(env, sap);
 CHECK_NULL(isa);
    getControlData(msg, cdata);

    /* create MessageInfoImpl */
    resultObj = (*env)->NewObject(env, smi_class, smi_ctrID, cdata->assocId,
                                  isa, read, cdata->streamNumber,
                                  isEOR ? JNI_TRUE : JNI_FALSE,
                                  cdata->unordered, cdata->ppid);
    CHECK_NULL(resultObj);
    (*env)->SetObjectField(env, resultContainerObj, src_valueID, resultObj);
    (*env)->SetIntField(env, resultContainerObj, src_typeID,
 sun_nio_ch_sctp_ResultContainer_MESSAGE);
}
```

gdb shows that the struct variable cdate has been optimized out.

```gdb
Thread 32 "MainThread" hit Breakpoint 1, handleMessage (env=0x7ffff08cd578, resultContainerObj=0x7fff74c8ad98, msg=0x7fff74c8abf0, read=<optimized out>, isEOR=128 '\200', sap=0x7fff74c8abcc) at src/jdk.sctp/unix/native/libsctp/SctpChannelImpl.c:399
399         isa = SockAddrToInetSocketAddress(env, sap);
(gdb) n
400 CHECK_NULL(isa);
(gdb) 
401         getControlData(msg, cdata);
(gdb) s
0x00007ffff40a5aae in getControlData (msg=0x7fff74c8abf0, cdata=<optimized out>) at src/jdk.sctp/unix/native/libsctp/SctpChannelImpl.c:137
137 for (cmsg = CMSG_FIRSTHDR(msg); cmsg != NULL; cmsg = CMSG_NXTHDR(msg, cmsg)) {
```


SctpChannelImpl.c build command shows below:
```bash
/data/yansendao/JDK/binary/llvm/llvm-binary-23/bin/clang -MMD -MF /data/yansendao/git/jdk-ysd/build/clang/support/native/jdk.sctp/libsctp/SctpChannelImpl.d.tmp -pipe -fvisibility=hidden -fstack-protector -finput-charset=utf-8 -DLIBC=gnu -D_GNU_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLINUX -DNDEBUG -Wall -Wextra -Wformat=2 -Wpointer-arith -Wsign-compare -Wreorder -Wunused-function -Wundef -Wunused-value -Woverloaded-virtual -fmacro-prefix-map=/data/yansendao/git/jdk-ysd/= -std=c11 -fno-strict-aliasing -m64 -g -D_LITTLE_ENDIAN '-DARCH="amd64"' -Damd64 -D_LP64=1 -fno-omit-frame-pointer -fPIC -I/data/yansendao/git/jdk-ysd/src/jdk.sctp/unix/native/libsctp -I/data/yansendao/git/jdk-ysd/build/clang/support/headers/jdk.sctp -I/data/yansendao/git/jdk-ysd/build/clang/support/headers/java.base -I/data/yansendao/git/jdk-ysd/src/hotspot/share/include -I/data/yansendao/git/jdk-ysd/src/hotspot/os/posix/include -I/data/yansendao/git/jdk-ysd/src/java.base/linux/native/libnio -I/data/yansendao/git/jdk-ysd/src/java.base/unix/native/libnio -I/data/yansendao/git/jdk-ysd/src/java.base/share/native/libnio -I/data/yansendao/git/jdk-ysd/src/java.base/linux/native/libnio/ch -I/data/yansendao/git/jdk-ysd/src/java.base/unix/native/libnio/ch -I/data/yansendao/git/jdk-ysd/src/java.base/share/native/libnio/ch -I/data/yansendao/git/jdk-ysd/src/java.base/linux/native/libjava -I/data/yansendao/git/jdk-ysd/src/java.base/unix/native/libjava -I/data/yansendao/git/jdk-ysd/src/java.base/share/native/libjava -I/data/yansendao/git/jdk-ysd/src/java.base/unix/native/libnet -I/data/yansendao/git/jdk-ysd/src/java.base/share/native/libnet -I/data/yansendao/git/jdk-ysd/build/clang/support/modules_include/java.base -I/data/yansendao/git/jdk-ysd/src/java.base/unix/native/include -I/data/yansendao/git/jdk-ysd/src/java.base/share/native/include -gdwarf-4 -gdwarf-aranges -g -fdebug-prefix-map=/data/yansendao/git/jdk-ysd/= -Wno-unknown-warning-option -Wno-unused-parameter -Werror -O2 -c -o /data/yansendao/git/jdk-ysd/build/clang/support/native/jdk.sctp/libsctp/SctpChannelImpl.o /data/yansendao/git/jdk-ysd/src/jdk.sctp/unix/native/libsctp/SctpChannelImpl.c -frandom-seed=SctpChannelImpl.c
```

The files generated by --save-temps:

[SctpChannelImpl.zip](https://github.com/user-attachments/files/24794860/SctpChannelImpl.zip)

_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

[llvm-bugs] [Bug 177353] [BUG] Clang/llvm incorrectly optimized out a structure variable, causing OpenJDK crash

Reply via email to