vuze crash

Status changed to 'Confirmed' because the bug affects multiple users.

Also with the Sun JVM - Probably not an OpenJDK bug.

#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGILL (0x4) at pc=0xaa4250e2, pid=4981, tid=3019463488
#
# JRE version: 6.0_30-b12
# Java VM: Java HotSpot(TM) Client VM (20.5-b03 mixed mode, sharing linux-x86 )
# Problematic frame:
# C 0xaa4250e2
#
# An error report file with more information is saved as:
# /home/dom/hs_err_pid4981.log
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

For some reason, the PC where the SIGILL occurs seems to change every time I re-run Vuze.

Attached is a gdb stack trace that seems to point to some JITed javascript code as the culprit (gdb says "No function contains program counter for selected frame" for the innermost stack frame; and the second to innermost is in libjavascriptcoregtk-1.0-0).

In this run, the eip at SIGILL is 0xabda3f42:

(gdb) x/10i 0xabda3f42
=> 0xabda3f42: movsd %xmm0,(%eax)
   0xabda3f46: mov $0xad967190,%eax
   0xabda3f4b: movsd %xmm1,(%eax)
   0xabda3f4f: mov $0xad967198,%eax
   0xabda3f54: movsd %xmm2,(%eax)
   0xabda3f58: mov $0xad9671a0,%eax
   0xabda3f5d: movsd %xmm3,(%eax)
   0xabda3f61: mov $0xad9671a8,%eax
   0xabda3f66: movsd %xmm4,(%eax)
   0xabda3f6a: mov $0xad9671b0,%eax

I'm unfortunately no SSE expert and I don't know what, if anything, this instruction is supposed to do on my CPU (AMD Athlon(tm) XP 3200+ ; it does have sse in the flags, see my /proc/cpuinfo in the Java crash report attached above).

This could be the cause: https://bugs.webkit.org/show_bug.cgi?id=82496 (found via https://bugs.launchpad.net/ubuntu/+source/webkit/+bug/952216)