JDK-8370948 : C2: segfault due to OuterStripMinedLoopNode::outer_loop_end returning nullptr
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 16
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2025-10-30
  • Updated: 2025-11-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 27
27Unresolved
Related Reports
Causes :  
JDK-8223051 - support loops with long (64b) trip counts
Relates :  
JDK-8370562 - Whitebox Fuzzer for C2
Description
Found by Olivier Mattmann <olivier.mattmann@bluewin.ch> during work on this Master thesis where he is working on a fuzzer for C2 (JDK-8370562).

The attached testcase segfaults without any arguments in PhaseIdealLoop::verify_strip_mined_scheduling with fast/slowdebug builds and in OuterStripMinedLoopNode::remove_outer_loop_and_safepoint or OuterStripMinedLoopNode::adjust_strip_mined_loop with a release builds from different versions. At least for the debug builds the segfault occurs because OuterStripMinedLoopNode::outer_loop_end returns nullptr and the result is not checked before further use. This is probably also the case for the release crashes, since the affected functions use the offending method.

java-fastdebug -Xbatch -XX:-TieredCompilation -XX:CompileCommand=printcompilation,\*,\* -XX:CompileCommand=compileonly,Test.test Test.java
CompileCommand: PrintCompilation *.* bool PrintCompilation = true
CompileCommand: compileonly Test.test bool compileonly = true
2954  102    b        Test::test (62 bytes)
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fa9d0383ef8, pid=831013, tid=831028
#
# JRE version: Java(TM) SE Runtime Environment (26.0) (fastdebug build 26-internal-mhassig.open)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 26-internal-mhassig.open, mixed mode, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x1583ef8]  PhaseIdealLoop::verify_strip_mined_scheduling(Node*, Node*)+0x278
#
# An error report file with more information is saved as:
#hs_err_fastdebug.log

java-26 Test.java
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f7ac29349c8, pid=831730, tid=831753
#
# JRE version: Java(TM) SE Runtime Environment (26.0+21) (build 26-ea+21-2168)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (26-ea+21-2168, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0xd349c8]  OuterStripMinedLoopNode::adjust_strip_mined_loop(PhaseIterGVN*)+0x228
#
# An error report file with more information is saved as:
# hs_err_26.log

Build search determined that this bug was introduced with JDK-8223051.

The reproducer was derived from compiler/vectorization/TestOffsetSorting.java.
Comments
This is an older issue affecting an edge case. Deferring to JDK 27 for now, but feel free to re-target to JDK 26 if a fix becomes available in time.
07-11-2025
ILW = Assertion failure, single fuzzer case, disable compilation of affected method = HLM = P3
31-10-2025