JDK-8348562 : ZGC: segmentation fault due to missing node type check in barrier elision analysis
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 21,22,23,24,25
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2025-01-24
  • Updated: 2025-02-07
  • Resolved: 2025-01-27
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 21 JDK 24 JDK 25
21.0.7Fixed 24Fixed 25 b08Fixed
Related Reports
Blocks :  
JDK-8346280 - C2: implement late barrier elision for G1
Relates :  
JDK-8307058 - Implementation of Generational ZGC
Relates :  
JDK-8348656 - [PPC64] Check effectiveness of C2 barrier elision
Description
Running jdk/jfr/api/consumer/streaming/TestFilledChunks.java with ZGC on PPC64 leads to a crash due to a missing node type check in the barrier elision analysis:

# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00001000027ee234, pid=103220, tid=103252
#
# JRE version: OpenJDK Runtime Environment (25.0) (fastdebug build 25-internal-2025-01-23-1552158.rocastan.open)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 25-internal-2025-01-23-1552158.rocastan.open, mixed mode, tiered, compressed class ptrs, z gc, linux-ppc64le)
# Problematic frame:
# V  [libjvm.so+0x1bde234]  get_base_and_offset(MachNode const*, long&)+0x354
#

Stack trace (provided by [~mdoerr]):

V  [libjvm.so+0xa1a3f0]  TypePtr::offset() const+0x14  (type.hpp:994)
V  [libjvm.so+0x1d35288]  get_base_and_offset(MachNode const*, long&)+0xb0  (zBarrierSetC2.cpp:557)
V  [libjvm.so+0x1d35818]  is_allocation(Node const*)+0x108  (zBarrierSetC2.cpp:629)
V  [libjvm.so+0x1d36230]  ZBarrierSetC2::analyze_dominating_barriers() const+0x19c  (zBarrierSetC2.cpp:759)
V  [libjvm.so+0x1d33ea0]  ZBarrierSetC2::late_barrier_analysis() const+0x54  (zBarrierSetC2.cpp:307)
V  [libjvm.so+0x167d36c]  PhaseOutput::perform_mach_node_analysis()+0x60  (output.cpp:258)
V  [libjvm.so+0x167dc50]  PhaseOutput::Output()+0x890  (output.cpp:346)
V  [libjvm.so+0xa0a57c]  Compile::Code_Gen()+0x4e4  (compile.cpp:3030)
V  [libjvm.so+0x9fd51c]  Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x179c  (compile.cpp:884)
V  [libjvm.so+0x80a220]  C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x1f0  (c2compiler.cpp:141)

The crash has only been observed on PPC64, but there does not seem to be any fundamental reason (other than different addressing mode matching rules) that could prevent it from happening on other platforms.

Thanks to [~mdoerr] for the original bug report, see more context here: https://github.com/openjdk/jdk/pull/23235.
Comments
[jdk21u-fix-request] Approval Request from Martin The JVM crashes with SIGSEGV without this fix. The fix is very simple and applies cleanly. It only adds a null check and bails out if null. The current implementation crashes in this case.
05-02-2025
Fix request for JDK 24 approved.
03-02-2025
Fix Request (jdk24): Backport reason: see [jdk24u-fix-request]. I prefer fixing it in jdk24. If approved, I will close the jdk24u PR.
03-02-2025
Pull request was created for JDK24 branch but Fix request and approval was done for JDK24u. Do you want to fix it in JDK24 branch or in update repo?
03-02-2025
A pull request was submitted for review. Branch: jdk24 URL: https://git.openjdk.org/jdk/pull/23422 Date: 2025-02-03 17:56:23 +0000
03-02-2025
> Since it is now P2, should I create a PR for jdk24 instead of jdk24u? Yes, I think that would make sense.
31-01-2025
I haven't tried to write a dedicated regression test. Current regression test is to run jdk/jfr tests with Generational ZGC on PPC64le. That reproduces the error. After JDK-8346280, the fix is needed for G1, too. The bug was observed there. Since it is now P2, should I create a PR for jdk24 instead of jdk24u?
30-01-2025
[~mdoerr] I assume it was not easily possible to add a targeted regression test for this? ILW = Crash during C2 compilation, with ZGC on PPC64, no workaround but disable compilation of affected method or use different GC = HMM = P2
29-01-2025
[jdk24u-fix-request] Approval Request from Martin The JVM crashes with SIGSEGV without this fix. The fix is very simple and applies cleanly. It only adds a null check and bails out if null. The current implementation crashes in this case.
28-01-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk21u-dev/pull/1361 Date: 2025-01-27 11:01:00 +0000
27-01-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk24u/pull/35 Date: 2025-01-27 10:23:34 +0000
27-01-2025
Changeset: afcc2b03 Branch: master Author: Martin Doerr <mdoerr@openjdk.org> Date: 2025-01-27 10:11:53 +0000 URL: https://git.openjdk.org/jdk/commit/afcc2b03afc77f730300e1d92471466d56ed75fb
27-01-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/23295 Date: 2025-01-24 10:38:29 +0000
24-01-2025
Hi [~mdoerr], I assigned this issue to you because you have already a patch available and are in a better position to test it (since the crash is only observed on PPC64). Feel free to assign it back to me if you disagree.
24-01-2025