Found by Olivier Mattmann <olivier.mattmann@bluewin.ch> during work on this Master thesis where he is working on a fuzzer for C2.
The attached testcase segfaults in Node::fast_outs due to a null node during the compilation of the Test.test method while adding a node to the IGVN worklist during macro expansion of an unlock node:
java-slowdebug Test.java (also reproduces without arguments with fastdebug and release)
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fea6664a730, pid=198863, tid=198872
#
# JRE version: Java(TM) SE Runtime Environment (26.0) (slowdebug build 26-internal-mhassig.open)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (slowdebug 26-internal-mhassig.open, mixed mode, compressed oops, compressed class ptrs, serial gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x64a730] Node::fast_outs(DUIterator_Fast&) const+0x18
Current CompileTask:
C2:6583 97 !b Test::test (61 bytes)
Stack: [0x00007fea59b00000,0x00007fea59c00000], sp=0x00007fea59bfaf20, free space=1003k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x64a730] Node::fast_outs(DUIterator_Fast&) const+0x18 (node.hpp:1532)
V [libjvm.so+0x160d0eb] PhaseIterGVN::add_users_to_worklist0(Node*, Unique_Node_List&)+0x8b (phaseX.cpp:2363)
V [libjvm.so+0x160d3ec] PhaseIterGVN::add_users_to_worklist(Node*)+0x2a (phaseX.cpp:2390)
V [libjvm.so+0x6d720d] PhaseIterGVN::replace_node(Node*, Node*)+0x27 (phaseX.hpp:536)
V [libjvm.so+0x13ed120] PhaseMacroExpand::expand_unlock_node(UnlockNode*)+0x470 (macro.cpp:2302)
V [libjvm.so+0x13ee677] PhaseMacroExpand::expand_macro_nodes()+0x2b5 (macro.cpp:2587)
V [libjvm.so+0xa7ee78] Compile::Optimize()+0x1754 (compile.cpp:2545)
V [libjvm.so+0xa75d19] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x193f (compile.cpp:860)
V [libjvm.so+0x91f57e] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x4be (c2compiler.cpp:147)
V [libjvm.so+0xa9f443] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xe01 (compileBroker.cpp:2345)
V [libjvm.so+0xa9d83c] CompileBroker::compiler_thread_loop()+0x594 (compileBroker.cpp:1989)
V [libjvm.so+0xac0b11] CompilerThread::thread_entry(JavaThread*, JavaThread*)+0x89 (compilerThread.cpp:69)
V [libjvm.so+0xf9d020] JavaThread::thread_main_inner()+0x1b2 (javaThread.cpp:771)
V [libjvm.so+0xf9ce6b] JavaThread::run()+0x1e3 (javaThread.cpp:756)
V [libjvm.so+0x1895ff9] Thread::call_run()+0x1b9 (thread.cpp:243)
V [libjvm.so+0x1596689] thread_native_entry(Thread*)+0x1db (os_linux.cpp:883)
siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000020
The failure was introduced byJDK-8264649 (PR #3336) according t build search. The reproducer is based on compiler/vectorization/TestOffsetSorting.java (https://github.com/openjdk/jdk/blob/aaa9fbf6b5a0dda0773a657a986246b407402fa1/test/hotspot/jtreg/compiler/vectorization/TestOffsetSorting.java) introduced by JDK-8334228.
The attached testcase segfaults in Node::fast_outs due to a null node during the compilation of the Test.test method while adding a node to the IGVN worklist during macro expansion of an unlock node:
java-slowdebug Test.java (also reproduces without arguments with fastdebug and release)
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fea6664a730, pid=198863, tid=198872
#
# JRE version: Java(TM) SE Runtime Environment (26.0) (slowdebug build 26-internal-mhassig.open)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (slowdebug 26-internal-mhassig.open, mixed mode, compressed oops, compressed class ptrs, serial gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x64a730] Node::fast_outs(DUIterator_Fast&) const+0x18
Current CompileTask:
C2:6583 97 !b Test::test (61 bytes)
Stack: [0x00007fea59b00000,0x00007fea59c00000], sp=0x00007fea59bfaf20, free space=1003k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x64a730] Node::fast_outs(DUIterator_Fast&) const+0x18 (node.hpp:1532)
V [libjvm.so+0x160d0eb] PhaseIterGVN::add_users_to_worklist0(Node*, Unique_Node_List&)+0x8b (phaseX.cpp:2363)
V [libjvm.so+0x160d3ec] PhaseIterGVN::add_users_to_worklist(Node*)+0x2a (phaseX.cpp:2390)
V [libjvm.so+0x6d720d] PhaseIterGVN::replace_node(Node*, Node*)+0x27 (phaseX.hpp:536)
V [libjvm.so+0x13ed120] PhaseMacroExpand::expand_unlock_node(UnlockNode*)+0x470 (macro.cpp:2302)
V [libjvm.so+0x13ee677] PhaseMacroExpand::expand_macro_nodes()+0x2b5 (macro.cpp:2587)
V [libjvm.so+0xa7ee78] Compile::Optimize()+0x1754 (compile.cpp:2545)
V [libjvm.so+0xa75d19] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x193f (compile.cpp:860)
V [libjvm.so+0x91f57e] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x4be (c2compiler.cpp:147)
V [libjvm.so+0xa9f443] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xe01 (compileBroker.cpp:2345)
V [libjvm.so+0xa9d83c] CompileBroker::compiler_thread_loop()+0x594 (compileBroker.cpp:1989)
V [libjvm.so+0xac0b11] CompilerThread::thread_entry(JavaThread*, JavaThread*)+0x89 (compilerThread.cpp:69)
V [libjvm.so+0xf9d020] JavaThread::thread_main_inner()+0x1b2 (javaThread.cpp:771)
V [libjvm.so+0xf9ce6b] JavaThread::run()+0x1e3 (javaThread.cpp:756)
V [libjvm.so+0x1895ff9] Thread::call_run()+0x1b9 (thread.cpp:243)
V [libjvm.so+0x1596689] thread_native_entry(Thread*)+0x1db (os_linux.cpp:883)
siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000020
The failure was introduced by
- caused by
-
JDK-8264649 runtime/InternalApi/ThreadCpuTimesDeadlock.java crash in fastdebug C2 with -XX:-UseTLAB
-
- Resolved
-
- relates to
-
JDK-8370562 Whitebox Fuzzer for C2
-
- Open
-