Bug ID: JDK-8370502 C2: segfault while adding node to IGVN worklist

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 17

Priority: P3
Status: Open
Resolution: Unresolved

Submitted: 2025-10-23
Updated: 2025-11-07

JDK 27
27Unresolved

Found by Olivier Mattmann <olivier.mattmann@bluewin.ch> during work on this Master thesis where he is working on a fuzzer for C2.

The attached testcase segfaults in Node::fast_outs due to a null node during the compilation of the Test.test method while adding a node to the IGVN worklist during macro expansion of an unlock node:
java-slowdebug Test.java (also reproduces without arguments with fastdebug and release)
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fea6664a730, pid=198863, tid=198872
#
# JRE version: Java(TM) SE Runtime Environment (26.0) (slowdebug build 26-internal-mhassig.open)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (slowdebug 26-internal-mhassig.open, mixed mode, compressed oops, compressed class ptrs, serial gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x64a730]  Node::fast_outs(DUIterator_Fast&) const+0x18

Current CompileTask:
C2:6583   97   !b        Test::test (61 bytes)

Stack: [0x00007fea59b00000,0x00007fea59c00000],  sp=0x00007fea59bfaf20,  free space=1003k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x64a730]  Node::fast_outs(DUIterator_Fast&) const+0x18  (node.hpp:1532)
V  [libjvm.so+0x160d0eb]  PhaseIterGVN::add_users_to_worklist0(Node*, Unique_Node_List&)+0x8b  (phaseX.cpp:2363)
V  [libjvm.so+0x160d3ec]  PhaseIterGVN::add_users_to_worklist(Node*)+0x2a  (phaseX.cpp:2390)
V  [libjvm.so+0x6d720d]  PhaseIterGVN::replace_node(Node*, Node*)+0x27  (phaseX.hpp:536)
V  [libjvm.so+0x13ed120]  PhaseMacroExpand::expand_unlock_node(UnlockNode*)+0x470  (macro.cpp:2302)
V  [libjvm.so+0x13ee677]  PhaseMacroExpand::expand_macro_nodes()+0x2b5  (macro.cpp:2587)
V  [libjvm.so+0xa7ee78]  Compile::Optimize()+0x1754  (compile.cpp:2545)
V  [libjvm.so+0xa75d19]  Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x193f  (compile.cpp:860)
V  [libjvm.so+0x91f57e]  C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x4be  (c2compiler.cpp:147)
V  [libjvm.so+0xa9f443]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0xe01  (compileBroker.cpp:2345)
V  [libjvm.so+0xa9d83c]  CompileBroker::compiler_thread_loop()+0x594  (compileBroker.cpp:1989)
V  [libjvm.so+0xac0b11]  CompilerThread::thread_entry(JavaThread*, JavaThread*)+0x89  (compilerThread.cpp:69)
V  [libjvm.so+0xf9d020]  JavaThread::thread_main_inner()+0x1b2  (javaThread.cpp:771)
V  [libjvm.so+0xf9ce6b]  JavaThread::run()+0x1e3  (javaThread.cpp:756)
V  [libjvm.so+0x1895ff9]  Thread::call_run()+0x1b9  (thread.cpp:243)
V  [libjvm.so+0x1596689]  thread_native_entry(Thread*)+0x1db  (os_linux.cpp:883)

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000020

The failure was introduced by JDK-8264649 (PR #3336) according t build search. The reproducer is based on compiler/vectorization/TestOffsetSorting.java (https://github.com/openjdk/jdk/blob/aaa9fbf6b5a0dda0773a657a986246b407402fa1/test/hotspot/jtreg/compiler/vectorization/TestOffsetSorting.java) introduced by JDK-8334228.

This is an old issue and an edge case. Tentatively deferring to JDK 27 for now, but feel free to re-target to JDK 26 if a fix becomes available in time.

07-11-2025

ILW = Crash during C2 compilation, easy to reproduce but edge case and old issue, no known workaround but disable compilation of affected method = HLM = P3

24-10-2025

Causes :	JDK-8264649 - runtime/InternalApi/ThreadCpuTimesDeadlock.java crash in fastdebug C2 with -XX:-UseTLAB
Relates :	JDK-8370562 - Whitebox Fuzzer for C2