Bug report
Bug description:
Description:
A segmentation fault occurs when running the test_asyncio test suite on a debug build with JIT, ASAN, and UBSAN enabled.
This issue was observed on the main branch after incorporating the fix from PR 139271, which addressed issue gh-139269 (unaligned memory access in JIT code patching functions). This suggests a potential regression or a new issue introduced by that fix.
Build Configuration:
- CPython Version:
3.15.0a0 (heads/gh-139269-dirty:2c1339b2a5)
- Build Type:
debug JIT ASAN+UBSAN
- System:
Linux-6.14.0-32-generic-x86_64-with-glibc2.41
- Compiler:
Clang 20.1.2
Steps to Reproduce:
- Build CPython from the specified commit on the
main branch with debug, JIT, ASAN, and UBSAN enabled. jit_fixed.sh
- Run the asyncio test suite:
./python -m test test_asyncio
Observed Behavior:
The test runner starts, attempts to run the first test (test.test_asyncio.test_base_events), and immediately crashes with a Fatal Python error: Segmentation fault.
Analysis:
The attached logs provide detailed information, but the key findings are:
-
GDB Analysis: GDB confirms the crash occurs precisely at Python/jit.c:626 inside the _Py_LazyJitTrampoline function, at the line that calls _Py_jit_entry. This indicates the fault happens at the exact moment the interpreter attempts to transfer control to JIT-compiled code.
-
AddressSanitizer (ASAN) Report: The ASAN log reports a SEGV on unknown address 0x0000000580ba caused by a READ memory access. The C stack trace also points to _Py_LazyJitTrampoline as the immediate cause of the fault.
-
Python Stack Trace: The Python-level stack trace shows that the interpreter is deep within the unittest.mock and inspect modules during the setup for test_base_events. The crash is triggered during a call chain that includes inspect._shadowed_dict -> inspect._check_class -> inspect.getattr_static, which is initiated by the Mock object's initialization.
The issue seems to be a corruption of state or a bad pointer being used by the JIT trampoline (_Py_LazyJitTrampoline). Given that this appeared after the fix for unaligned memory access, it is possible that the changes in PR 139271 have inadvertently affected pointer calculation or state setup prior to calling _Py_jit_entry, leading to this segmentation fault under the specific code paths exercised by test_asyncio and unittest.mock.
Logs:
gdb_logs.txt
test_logs.txt
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Bug report
Bug description:
Description:
A segmentation fault occurs when running the
test_asynciotest suite on a debug build with JIT, ASAN, and UBSAN enabled.This issue was observed on the
mainbranch after incorporating the fix from PR 139271, which addressed issuegh-139269(unaligned memory access in JIT code patching functions). This suggests a potential regression or a new issue introduced by that fix.Build Configuration:
3.15.0a0 (heads/gh-139269-dirty:2c1339b2a5)debug JIT ASAN+UBSANLinux-6.14.0-32-generic-x86_64-with-glibc2.41Clang 20.1.2Steps to Reproduce:
mainbranch with debug, JIT, ASAN, and UBSAN enabled. jit_fixed.sh./python -m test test_asyncioObserved Behavior:
The test runner starts, attempts to run the first test (
test.test_asyncio.test_base_events), and immediately crashes with aFatal Python error: Segmentation fault.Analysis:
The attached logs provide detailed information, but the key findings are:
GDB Analysis: GDB confirms the crash occurs precisely at
Python/jit.c:626inside the_Py_LazyJitTrampolinefunction, at the line that calls_Py_jit_entry. This indicates the fault happens at the exact moment the interpreter attempts to transfer control to JIT-compiled code.AddressSanitizer (ASAN) Report: The ASAN log reports a
SEGV on unknown address 0x0000000580bacaused by aREADmemory access. The C stack trace also points to_Py_LazyJitTrampolineas the immediate cause of the fault.Python Stack Trace: The Python-level stack trace shows that the interpreter is deep within the
unittest.mockandinspectmodules during the setup fortest_base_events. The crash is triggered during a call chain that includesinspect._shadowed_dict->inspect._check_class->inspect.getattr_static, which is initiated by theMockobject's initialization.The issue seems to be a corruption of state or a bad pointer being used by the JIT trampoline (
_Py_LazyJitTrampoline). Given that this appeared after the fix for unaligned memory access, it is possible that the changes in PR 139271 have inadvertently affected pointer calculation or state setup prior to calling_Py_jit_entry, leading to this segmentation fault under the specific code paths exercised bytest_asyncioandunittest.mock.Logs:
gdb_logs.txt
test_logs.txt
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux