JIT: UB: unaligned store in `patch_*` functions

[ashm-dev]

Bug report

Bug description:

Summary

When the CPython main branch is compiled with Clang using the experimental JIT (--enable-experimental-jit) and memory sanitizers (-fsanitize=address,undefined), it reliably crashes during the test suite execution.

The crash is preceded by a clear UndefinedBehaviorSanitizer (UBSan) report indicating a misaligned memory store/load of a uint64_t within Python/jit.c. This undefined behavior immediately leads to a segmentation fault, which is caught by AddressSanitizer (ASan).

The issue has been reproduced with both C11 and C17 language standards, and with different optimization levels (-O1, -O3), confirming that this is a fundamental bug in the JIT's code generation or patching logic, not an artifact of a specific build configuration.

Environment

• CPython Version: main branch, commit dd45179fa0
• Operating System: Linux (Ubuntu 24.04 based, Kernel 6.14.0-32-generic)
• Architecture: x86_64
• Compiler: Clang 20.1.2 (Ubuntu clang version 20.1.2 (0ubuntu1))

Configuration

The bug is reproducible with the following minimal debug configuration (PGO and LTO are not required to trigger the crash):

Environment Variables:

export CC=clang
export CXX=clang++
export CFLAGS="-std=c11 -g -O1 -fno-omit-frame-pointer -fsanitize=address,undefined"
export LDFLAGS="-fsanitize=address,undefined"

Configure Command:

./configure --with-pydebug \
            --enable-experimental-jit \
            --with-address-sanitizer \
            --with-undefined-behavior-sanitizer

Steps to Reproduce

1. Clone the CPython repository and check out the main branch.
2. Create an out-of-tree build directory: mkdir build && cd build
3. Run the configure command from the section above (e.g., ../configure ...).
4. Compile CPython: make -j$(nproc)
5. Run a test known to trigger the issue (e.g., test_array or test_asyncio):

   ./python -m test test_array

Expected Results

The test should run and pass without crashing the interpreter.

Actual Results

The interpreter crashes with a segmentation fault. The sanitizers provide detailed reports just before the crash.

UBSan Report:
The first error reported is from UBSan, indicating the root cause:

../../Python/jit.c:228:5: runtime error: store to misaligned address 0x7be05a2205ab for type 'uint64_t' (aka 'unsigned long'), which requires 8 byte alignment
0x7be05a2205ab: note: pointer points here
 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00
              ^
SUMMARY: UndefinedBehaviorSanitizer: misaligned-pointer-use ../../Python/jit.c:228:5

ASan and Faulthandler Report:
Immediately following the UBSan report, the program aborts, and ASan/faulthandler provide a stack trace of the crash:

Fatal Python error: Aborted

Current thread 0x00007be05a2d7380 [python] (most recent call first):
  File "/home/shamil/oss/cpython/main/Lib/inspect.py", line 1719 in _shadowed_dict
  ... (Python stack trace) ...
  File "/home/shamil/oss/cpython/main/Lib/runpy.py", line 198 in _run_module_as_main

Current thread's C stack trace (most recent call first):
  ...
  #0 0x5ab05b94e8a9 in patch_64 /home/shamil/oss/cpython/main/build/jit_debug_c11/../../Python/jit.c:228:12
  #1 0x5ab05b94e8a9 in emit__COLD_EXIT /home/shamil/oss/cpython/main/build/jit_debug_c11/./jit_stencils-x86_64-unknown-linux-gnu.h:36611:5
  #2 0x5ab05ba01e43 in _PyJIT_Compile /home/shamil/oss/cpython/main/build/jit_debug_c11/../../Python/jit.c:542:9
  ... (C stack trace) ...

Full logs

logs.txt

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Linked PRs

• gh-139269: Fix unaligned memory access in JIT code patching functions #139271

[ashm-dev]

@picnixz I found several such places not only in the patch_64 function, that's why I named it isus.