C1 segmentation fault due to inline Unsafe::getAndSetObject

crash with following small case, root cause is on aarch64 when C1 inline Unsafe::getAndSetObject(obj) in compressed reference mode, it covert "obj" register to compressed point before store, but "obj" register might be used later and wrong.

import java.util.concurrent.atomic.AtomicReference;
import sun.misc.Unsafe;
public class TestUnsafe extends AtomicReference<Node>{
  public static void main(String[] args) {
    for (int i = 0; i < 10000; i++) {
        Node n1 = new Node(i);
        Node n2 = new Node(i+1);
        TestUnsafe t = new TestUnsafe(n1);
        Node old = t.foo(n2);
 
        if(old.next.v > 20000) {
           System.out.println("not enter here" + old.next.v);
        }
    }
  }
  TestUnsafe(Node n) {super(n);}
 
  public Node foo(Node n) {
    Node old;
    old = this.getAndSet(n); // inline sun.misc.Unsafe::getAndSetObject here
    old.next = n;
    return old;
  }
}
class Node
{
   int v;
   Node next;
   Node(int i) {v = i; next = null;}
}

java -XX:TieredStopAtLevel=3 -XX:+TieredCompilation -Xms4G -Xmx4G TestUnsafe

#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x0000007fa409c094, pid=20559, tid=548430631424
#
# JRE version: OpenJDK Runtime Environment (8.0) (build 1.8.0-internal-shihui_2016_01_20_13_25-b00)
# Java VM: OpenJDK 64-Bit Server VM (25.60-b23 mixed mode linux-aarch64 compressed oops)
# Problematic frame:
# j TestUnsafe.main([Ljava/lang/String;)V+42
#