KEMBAR78
gh-139269: Fix unaligned memory access in JIT code patching functions by ashm-dev · Pull Request #139271 · python/cpython · GitHub
Skip to content

gh-139269: Fix unaligned memory access in JIT code patching functions #139271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Oct 18, 2025
Merged

gh-139269: Fix unaligned memory access in JIT code patching functions #139271

merged 22 commits into from
Oct 18, 2025
+20 −11

Conversation

@ashm-dev
Copy link
Contributor

@ashm-dev ashm-dev commented Sep 23, 2025
edited by bedevere-app bot
Loading

This PR fixes a series of misaligned memory access errors in the JIT engine that were causing segmentation faults when running tests with AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan) enabled.

The unsafe direct pointer casts in patch_32, patch_32r, patch_64, and patch_x86_64_32rx have been replaced with memcpy to ensure safe, alignment-agnostic memory operations.

@bedevere-app bedevere-app bot mentioned this pull request Sep 23, 2025
Closed
sergey-miryanov
sergey-miryanov reviewed Sep 23, 2025
View reviewed changes
@ashm-dev
Copy link
Contributor Author

Lol, when I tried to restart the tests with these changes, I now got a Segmentation Fault, now I'm starting a new bug.

sergey-miryanov
sergey-miryanov approved these changes Sep 23, 2025
View reviewed changes
Copy link
Contributor

@sergey-miryanov sergey-miryanov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@ashm-dev ashm-dev requested a review from sobolevn September 24, 2025 08:46
@ashm-dev
Copy link
Contributor Author

#139288
This problem occurs after fixes

ashm-dev
ashm-dev commented Sep 24, 2025
View reviewed changes
Copy link
Contributor Author

@ashm-dev ashm-dev left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@ashm-dev @picnixz
Update Misc/NEWS.d/next/Core_and_Builtins/2025-09-23-21-01-12.gh-issu…
b5a8686 
…e-139269.1rIaxy.rst

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
@picnixz
Copy link
Member

picnixz commented Sep 24, 2025

I'll repeat my question as it's now hidden (I should have made a standalone comment in the first place):

Don't we also have other unaligned stores for AArch64?

@ashm-dev
Copy link
Contributor Author

I'll repeat my question as it's now hidden (I should have made a standalone comment in the first place):

Don't we also have other unaligned stores for AArch64?

The sanitizers aren't flagging any more alignment issues after my recent fixes, which suggests the code paths covered by the tests are now clean. Is there a specific spot in the AArch64 code you think I should look at?

@picnixz
Copy link
Member

picnixz commented Sep 24, 2025
edited
Loading

The sanitizers aren't flagging any more alignment issues after my recent fixes, which suggests the code paths covered by the tests are now clean.

FTR, AArch64 patches are only used for AArch64 so be sure to test this on the corresponding architecture as well (in the reported issue, I see that the architecture is x86_64, but I don't know if you have access to an Apple Darwin with ARM64). Note that patch_32 is unused on an x86_64 architecture and is (I think) only used for Windows 32bit.

Is there a specific spot in the AArch64 code you think I should look at

Not really, just that all aarch64-based functions use set_bits and this one isn't used on x86_64 so we should also have someone check it (I don't have such machines).

@diegorusso
Copy link
Contributor

FTR, AArch64 patches are only used for AArch64 so be sure to test this on the corresponding architecture as well (in the reported issue, I see that the architecture is x86_64, but I don't know if you have access to an Apple Darwin with ARM64). Note that patch_32 is unused on an x86_64 architecture and is (I think) only used for Windows 32bit.

The Arm runners should cover Linux, Windows and macOS on Arm. They seem all to pass but also we are not running

            --with-address-sanitizer \
            --with-undefined-behavior-sanitizer

with the JIT. Maybe we should have some coverage for that?

Besides I'm pondering the cost of introducing memcpy for all build as they will be frequently executed.

@bedevere-app
Copy link

bedevere-app bot commented Sep 29, 2025

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@ashm-dev
Copy link
Contributor Author

ashm-dev commented Oct 8, 2025

@picnixz
You were right — the segfault is not related to my changes. Here’s how you can reproduce it in the main branch:

  1. Build with the following script:

    #!/bin/bash
set -e

BUILD_DIR="build/debug"

echo "--- Configuring and building in $BUILD_DIR ---"
mkdir -p "$BUILD_DIR"
cd "$BUILD_DIR"

CC=clang CXX=clang++ ../../configure --with-pydebug \
    --with-address-sanitizer \
    --with-undefined-behavior-sanitizer \
    --enable-experimental-jit

make -j$(nproc)

echo "--- Build complete in $BUILD_DIR. Executable: $PWD/python ---"
cd ../..

  2. Run the tests with python -m test. They’ll likely fail with the same error I described in this issue.

  3. Start the REPL with python.

  4. Type import ins and then press Tab for autocompletion.

  5. Voilà — you’ll get a very unexpected segfault. It doesn’t only happen here, but this is the simplest case to reproduce. It seems to be related to inspect.

So maybe you could consider merging my current changes and reopening my issue related to this bug, since it appears to be the same underlying problem.

@ashm-dev ashm-dev requested a review from picnixz October 8, 2025 23:12
@ashm-dev
Copy link
Contributor Author

ashm-dev commented Oct 9, 2025

I have made the requested changes; please review again

@bedevere-app
Copy link

bedevere-app bot commented Oct 9, 2025

Thanks for making the requested changes!

@picnixz: please review the changes made to this pull request.

picnixz
picnixz reviewed Oct 9, 2025
View reviewed changes
Copy link
Member

@picnixz picnixz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe you could consider merging my current changes and reopening my #139288 related to this bug,

Since this issue first considered the problem as a consequence of this PR, I would prefer a fresh one with the new independent reproducer and the complete traceback. Are the tracebacks actually the same whether you include this PR or not? (and check with this new reproducer)

@ashm-dev
Copy link
Contributor Author

ashm-dev commented Oct 9, 2025
edited
Loading

@picnixz Understood—I’ll open a new issue with an updated description, an independent reproducer, and the full traceback; you’re right that this is the better approach. Also, the segmentation faults are identical with and without that PR. Logs/tracebacks below:

fix-version 

➜  main git:(gh-139269) ./build/debug_main/python
Python 3.15.0a0 (heads/main-dirty:d2deb8fdef, Oct  9 2025, 12:40:31) [Clang 20.1.2 (0ubuntu1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ins../../Python/jit.c:228:5: runtime error: store to misaligned address 0x7b33f8e275ab for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
                                  0x7b33f8e275ab: note: pointer points here
                                                                            00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00
                                                   ^
                                                     SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../Python/jit.c:228:5
                                                                                                                                      ../../Python/jit.c:396:24: runtime error: load of misaligned address 0x7b33f8e275ab for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
                0x7b33f8e275ab: note: pointer points here
                                                          00  00 00 00 48 b0 75 7d bd  55 00 00 58 11 0a 7d bd  55 00 00 d0 bd c3 f8 33  7b 00 00 00 00 00 00
                                 ^
                                   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../Python/jit.c:396:24
                                                                                                                     ../../Python/jit.c:220:5: runtime error: store to misaligned address 0x7b33f8e270ca for type 'uint32_t' (aka 'unsigned int'), which requires 4 byte alignment
                                                                                                                                        0x7b33f8e270ca: note: pointer points here
                                        89 de  ff 15 00 00 00 00 4d 8b  6c 24 40 4d 85 ed 0f 84  a1 01 00 00 49 c7 44 24  40 00 00 00 00 85
               ^
                 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../Python/jit.c:220:5
                                                                                                  AddressSanitizer:DEADLYSIGNAL
                                                                                                                               =================================================================
                                                      ==212839==ERROR: AddressSanitizer: SEGV on unknown address 0x7b33f8e21ff8 (pc 0x55bd7d737ab7 bp 0x7ffcb5aacf70 sp 0x7ffcb5aaa980 T0)
                                                ==212839==The signal is caused by a READ memory access.
                                                                                                           #0 0x55bd7d737ab7 in _Py_LazyJitTrampoline /home/shamil/oss/cpython/main/build/debug_main/../../Python/jit.c:624:12
                                                       #1 0x55bd7d40e524 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:7671:25
                     #2 0x55bd7cf8f963 in _PyEval_EvalFrame /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_ceval.h:121:16
                                                                                                                                                           #3 0x55bd7cf8f963 in gen_send_ex2 /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:259:24
                                                                                                     #4 0x55bd7cf87de0 in gen_iternext /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:634:9
                                              #5 0x55bd7d495670 in _PyForIter_VirtualIteratorNext /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:3587:24
      #6 0x55bd7d40ba64 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:5649:36
                                                                                                                                               #7 0x55bd7cf8f963 in _PyEval_EvalFrame /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_ceval.h:121:16
                                                                                                          #8 0x55bd7cf8f963 in gen_send_ex2 /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:259:24
                                                    #9 0x55bd7cf87de0 in gen_iternext /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:634:9
                                                                                                                                                                        #10 0x55bd7cfe844a in list_extend_iter_lock_held /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:1263:26
                                                                                                                                   #11 0x55bd7cfde7f5 in _list_extend /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:1452:15
                                                                                #12 0x55bd7cff4b1d in list___init___impl /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:3496:13
                                   #13 0x55bd7cfe4cf9 in list_vectorcall /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:3520:13
                                                                                                                                                              #14 0x55bd7cf04e8e in _PyObject_VectorcallTstate /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_call.h:169:11
                                                                                                                                  #15 0x55bd7d41e0c7 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:1620:35
                                                                                                 #16 0x55bd7d3c99a1 in _PyEval_Vector /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:2001:12
                                          #17 0x55bd7cf08361 in _PyObject_VectorcallTstate /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_call.h:169:11
              #18 0x55bd7cf08361 in PyObject_CallOneArg /home/shamil/oss/cpython/main/build/debug_main/../../Objects/call.c:395:12
                                                                                                                                      #19 0x55bd7cf4b585 in property_descr_get /home/shamil/oss/cpython/main/build/debug_main/../../Objects/descrobject.c:1696:12
                                                                                          #20 0x55bd7d0aafb0 in _PyObject_GenericGetAttrWithDict /home/shamil/oss/cpython/main/build/debug_main/../../Objects/object.c:1837:19
                                                       #21 0x55bd7d0a8e86 in PyObject_GetAttr /home/shamil/oss/cpython/main/build/debug_main/../../Objects/object.c:1313:18
                                                                                                                                                                               #22 0x55bd7d41277c in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:7865:40
                                                                                                                                              #23 0x55bd7d3c99a1 in _PyEval_Vector /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:2001:12
                                                                                       #24 0x55bd7cf15183 in _PyObject_VectorcallTstate /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_call.h:169:11
                                                           #25 0x55bd7cf114fd in method_vectorcall /home/shamil/oss/cpython/main/build/debug_main/../../Objects/classobject.c:95:18
            #26 0x55bd7cf07a4b in _PyVectorcall_Call /home/shamil/oss/cpython/main/build/debug_main/../../Objects/call.c:273:16
                                                                                                                                   #27 0x55bd7d3fb088 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:2616:32
                                                                                                  #28 0x55bd7d3c99a1 in _PyEval_Vector /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:2001:12
                                           #29 0x55bd7cf078fb in _PyVectorcall_Call /home/shamil/oss/cpython/main/build/debug_main/../../Objects/call.c:285:24
                                                                                                                                                                  #30 0x55bd7d8d85ac in pymain_start_pyrepl /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:310:26
                                                                                                               #31 0x55bd7d8d771b in pymain_run_stdin /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:570:12
                                                         #32 0x55bd7d8d53a1 in pymain_run_python /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:694:21
                                                                                                                                                                               #33 0x55bd7d8d53a1 in Py_RunMain /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:772:5
                                                                                                                  #34 0x55bd7d8d62c1 in pymain_main /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:802:12
                                                       #35 0x55bd7d8d652b in Py_BytesMain /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:826:12
                                                                                                                                                                        #36 0x7b33f8c2a577 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
                                                                                              #37 0x7b33f8c2a63a in __libc_start_main csu/../csu/libc-start.c:360:3
                                                                                                                                                                       #38 0x55bd7ca937d4 in _start (/home/shamil/oss/cpython/main/build/debug_main/python+0x96b7d4) (BuildId: e4e153f9517a81a1b32dbd4f646b3bf2a95714f3)

                                                                                                                                             ==212839==Register values:
                                                                                                                                                                       rax = 0x00007b33f8e22000  rbx = 0x000079c3f7fe5be8  rcx = 0x0000000000000000  rdx = 0x0000000000000005
                                                                                                    rdi = 0x00007b33f8e22000  rsi = 0x0000000000001000  rbp = 0x00007ffcb5aacf70  rsp = 0x00007ffcb5aaa980
                                  r8 = 0x00000f667f1c4400   r9 = 0x00007b33f8e2201e  r10 = 0x00000f667f1c4403  r11 = 0x0000000000000202
                                                                                                                                         r12 = 0x000055bd7e72e1a0  r13 = 0x000079c3f7fe5c80  r14 = 0x00000ab7afc6975c  r15 = 0x000055bd7e34bae0
                                                                      AddressSanitizer can not provide additional info.
                                                                                                                       SUMMARY: AddressSanitizer: SEGV /home/shamil/oss/cpython/main/build/debug_main/../../Python/jit.c:624:12 in _Py_LazyJitTrampoline
                                                                             ==212839==ABORTING
                                                                                               %                                         ➜  main git:(gh-139269)

main-version 

➜  main git:(gh-139269) ./build/debug_main/python
Python 3.15.0a0 (heads/main-dirty:d2deb8fdef, Oct  9 2025, 12:40:31) [Clang 20.1.2 (0ubuntu1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ins../../Python/jit.c:228:5: runtime error: store to misaligned address 0x7b33f8e275ab for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
                                  0x7b33f8e275ab: note: pointer points here
                                                                            00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00
                                                   ^
                                                     SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../Python/jit.c:228:5
                                                                                                                                      ../../Python/jit.c:396:24: runtime error: load of misaligned address 0x7b33f8e275ab for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
                0x7b33f8e275ab: note: pointer points here
                                                          00  00 00 00 48 b0 75 7d bd  55 00 00 58 11 0a 7d bd  55 00 00 d0 bd c3 f8 33  7b 00 00 00 00 00 00
                                 ^
                                   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../Python/jit.c:396:24
                                                                                                                     ../../Python/jit.c:220:5: runtime error: store to misaligned address 0x7b33f8e270ca for type 'uint32_t' (aka 'unsigned int'), which requires 4 byte alignment
                                                                                                                                        0x7b33f8e270ca: note: pointer points here
                                        89 de  ff 15 00 00 00 00 4d 8b  6c 24 40 4d 85 ed 0f 84  a1 01 00 00 49 c7 44 24  40 00 00 00 00 85
               ^
                 SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../Python/jit.c:220:5
                                                                                                  AddressSanitizer:DEADLYSIGNAL
                                                                                                                               =================================================================
                                                      ==212839==ERROR: AddressSanitizer: SEGV on unknown address 0x7b33f8e21ff8 (pc 0x55bd7d737ab7 bp 0x7ffcb5aacf70 sp 0x7ffcb5aaa980 T0)
                                                ==212839==The signal is caused by a READ memory access.
                                                                                                           #0 0x55bd7d737ab7 in _Py_LazyJitTrampoline /home/shamil/oss/cpython/main/build/debug_main/../../Python/jit.c:624:12
                                                       #1 0x55bd7d40e524 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:7671:25
                     #2 0x55bd7cf8f963 in _PyEval_EvalFrame /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_ceval.h:121:16
                                                                                                                                                           #3 0x55bd7cf8f963 in gen_send_ex2 /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:259:24
                                                                                                     #4 0x55bd7cf87de0 in gen_iternext /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:634:9
                                              #5 0x55bd7d495670 in _PyForIter_VirtualIteratorNext /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:3587:24
      #6 0x55bd7d40ba64 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:5649:36
                                                                                                                                               #7 0x55bd7cf8f963 in _PyEval_EvalFrame /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_ceval.h:121:16
                                                                                                          #8 0x55bd7cf8f963 in gen_send_ex2 /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:259:24
                                                    #9 0x55bd7cf87de0 in gen_iternext /home/shamil/oss/cpython/main/build/debug_main/../../Objects/genobject.c:634:9
                                                                                                                                                                        #10 0x55bd7cfe844a in list_extend_iter_lock_held /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:1263:26
                                                                                                                                   #11 0x55bd7cfde7f5 in _list_extend /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:1452:15
                                                                                #12 0x55bd7cff4b1d in list___init___impl /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:3496:13
                                   #13 0x55bd7cfe4cf9 in list_vectorcall /home/shamil/oss/cpython/main/build/debug_main/../../Objects/listobject.c:3520:13
                                                                                                                                                              #14 0x55bd7cf04e8e in _PyObject_VectorcallTstate /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_call.h:169:11
                                                                                                                                  #15 0x55bd7d41e0c7 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:1620:35
                                                                                                 #16 0x55bd7d3c99a1 in _PyEval_Vector /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:2001:12
                                          #17 0x55bd7cf08361 in _PyObject_VectorcallTstate /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_call.h:169:11
              #18 0x55bd7cf08361 in PyObject_CallOneArg /home/shamil/oss/cpython/main/build/debug_main/../../Objects/call.c:395:12
                                                                                                                                      #19 0x55bd7cf4b585 in property_descr_get /home/shamil/oss/cpython/main/build/debug_main/../../Objects/descrobject.c:1696:12
                                                                                          #20 0x55bd7d0aafb0 in _PyObject_GenericGetAttrWithDict /home/shamil/oss/cpython/main/build/debug_main/../../Objects/object.c:1837:19
                                                       #21 0x55bd7d0a8e86 in PyObject_GetAttr /home/shamil/oss/cpython/main/build/debug_main/../../Objects/object.c:1313:18
                                                                                                                                                                               #22 0x55bd7d41277c in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:7865:40
                                                                                                                                              #23 0x55bd7d3c99a1 in _PyEval_Vector /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:2001:12
                                                                                       #24 0x55bd7cf15183 in _PyObject_VectorcallTstate /home/shamil/oss/cpython/main/build/debug_main/../../Include/internal/pycore_call.h:169:11
                                                           #25 0x55bd7cf114fd in method_vectorcall /home/shamil/oss/cpython/main/build/debug_main/../../Objects/classobject.c:95:18
            #26 0x55bd7cf07a4b in _PyVectorcall_Call /home/shamil/oss/cpython/main/build/debug_main/../../Objects/call.c:273:16
                                                                                                                                   #27 0x55bd7d3fb088 in _PyEval_EvalFrameDefault /home/shamil/oss/cpython/main/build/debug_main/../../Python/generated_cases.c.h:2616:32
                                                                                                  #28 0x55bd7d3c99a1 in _PyEval_Vector /home/shamil/oss/cpython/main/build/debug_main/../../Python/ceval.c:2001:12
                                           #29 0x55bd7cf078fb in _PyVectorcall_Call /home/shamil/oss/cpython/main/build/debug_main/../../Objects/call.c:285:24
                                                                                                                                                                  #30 0x55bd7d8d85ac in pymain_start_pyrepl /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:310:26
                                                                                                               #31 0x55bd7d8d771b in pymain_run_stdin /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:570:12
                                                         #32 0x55bd7d8d53a1 in pymain_run_python /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:694:21
                                                                                                                                                                               #33 0x55bd7d8d53a1 in Py_RunMain /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:772:5
                                                                                                                  #34 0x55bd7d8d62c1 in pymain_main /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:802:12
                                                       #35 0x55bd7d8d652b in Py_BytesMain /home/shamil/oss/cpython/main/build/debug_main/../../Modules/main.c:826:12
                                                                                                                                                                        #36 0x7b33f8c2a577 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
                                                                                              #37 0x7b33f8c2a63a in __libc_start_main csu/../csu/libc-start.c:360:3
                                                                                                                                                                       #38 0x55bd7ca937d4 in _start (/home/shamil/oss/cpython/main/build/debug_main/python+0x96b7d4) (BuildId: e4e153f9517a81a1b32dbd4f646b3bf2a95714f3)

                                                                                                                                             ==212839==Register values:
                                                                                                                                                                       rax = 0x00007b33f8e22000  rbx = 0x000079c3f7fe5be8  rcx = 0x0000000000000000  rdx = 0x0000000000000005
                                                                                                    rdi = 0x00007b33f8e22000  rsi = 0x0000000000001000  rbp = 0x00007ffcb5aacf70  rsp = 0x00007ffcb5aaa980
                                  r8 = 0x00000f667f1c4400   r9 = 0x00007b33f8e2201e  r10 = 0x00000f667f1c4403  r11 = 0x0000000000000202
                                                                                                                                         r12 = 0x000055bd7e72e1a0  r13 = 0x000079c3f7fe5c80  r14 = 0x00000ab7afc6975c  r15 = 0x000055bd7e34bae0
                                                                      AddressSanitizer can not provide additional info.
                                                                                                                       SUMMARY: AddressSanitizer: SEGV /home/shamil/oss/cpython/main/build/debug_main/../../Python/jit.c:624:12 in _Py_LazyJitTrampoline
                                                                             ==212839==ABORTING
                                                                                               %                                         ➜  main git:(gh-139269)

@picnixz
Copy link
Member

picnixz commented Oct 9, 2025

Logs/tracebacks below:

In the future, prefer pasting the content of these into the issue without having external files. It's easier for readers. You can hide the long text by using a <details>...</details> block.

@picnixz picnixz mentioned this pull request Oct 9, 2025
Open
@picnixz picnixz dismissed their stale review October 10, 2025 19:14

changes were made

@picnixz
Copy link
Member

picnixz commented Oct 10, 2025

Please avoid merging main into the branch if there is nothing to do. I'm ok with this PR but I still want another core dev to approve this one.

@Fidget-Spinner
Copy link
Member

I'm not sure if I bumped into this in #140310. But some UB is causing random fields in the frame to get overridden/read garbage values read out. Only when JIT is on. I'm inclined to merge to get rid of random UB in the JIT.

@Fidget-Spinner Fidget-Spinner merged commit bedaea0 into python:main Oct 18, 2025
73 of 74 checks passed
@ashm-dev ashm-dev deleted the gh-139269 branch October 19, 2025 04:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@picnixz picnixz picnixz left review comments

@sergey-miryanov sergey-miryanov sergey-miryanov approved these changes

@Fidget-Spinner Fidget-Spinner Fidget-Spinner approved these changes

@brandtbucher brandtbucher Awaiting requested review from brandtbucher brandtbucher is a code owner

@savannahostrowski savannahostrowski Awaiting requested review from savannahostrowski savannahostrowski is a code owner

@diegorusso diegorusso Awaiting requested review from diegorusso diegorusso is a code owner

@sobolevn sobolevn Awaiting requested review from sobolevn

@markshannon markshannon Awaiting requested review from markshannon

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@ashm-dev @picnixz @diegorusso @sergey-miryanov @chris-eibl @Fidget-Spinner @sobolevn @markshannon