Skip to content

JIT: Segmentation fault in _Py_LazyJitTrampoline when running test_asyncio after gh-139269 fix #139288

New issue
New issue
Closed as not planned
Closed as not planned
JIT: Segmentation fault in _Py_LazyJitTrampoline when running test_asyncio after gh-139269 fix#139288
Labels
topic-JITtopic-asynciotype-crashA hard crash of the interpreter, possibly with a core dump
@ashm-dev

Description

@ashm-dev
ashm-dev
opened on Sep 24, 2025

Bug report

Bug description:

Description:

A segmentation fault occurs when running the test_asyncio test suite on a debug build with JIT, ASAN, and UBSAN enabled.

This issue was observed on the main branch after incorporating the fix from PR 139271, which addressed issue gh-139269 (unaligned memory access in JIT code patching functions). This suggests a potential regression or a new issue introduced by that fix.

Build Configuration:

  • CPython Version: 3.15.0a0 (heads/gh-139269-dirty:2c1339b2a5)
  • Build Type: debug JIT ASAN+UBSAN
  • System: Linux-6.14.0-32-generic-x86_64-with-glibc2.41
  • Compiler: Clang 20.1.2

Steps to Reproduce:

  1. Build CPython from the specified commit on the main branch with debug, JIT, ASAN, and UBSAN enabled. jit_fixed.sh
  2. Run the asyncio test suite: ./python -m test test_asyncio

Observed Behavior:
The test runner starts, attempts to run the first test (test.test_asyncio.test_base_events), and immediately crashes with a Fatal Python error: Segmentation fault.

Analysis:
The attached logs provide detailed information, but the key findings are:

  1. GDB Analysis: GDB confirms the crash occurs precisely at Python/jit.c:626 inside the _Py_LazyJitTrampoline function, at the line that calls _Py_jit_entry. This indicates the fault happens at the exact moment the interpreter attempts to transfer control to JIT-compiled code.

  2. AddressSanitizer (ASAN) Report: The ASAN log reports a SEGV on unknown address 0x0000000580ba caused by a READ memory access. The C stack trace also points to _Py_LazyJitTrampoline as the immediate cause of the fault.

  3. Python Stack Trace: The Python-level stack trace shows that the interpreter is deep within the unittest.mock and inspect modules during the setup for test_base_events. The crash is triggered during a call chain that includes inspect._shadowed_dict -> inspect._check_class -> inspect.getattr_static, which is initiated by the Mock object's initialization.

The issue seems to be a corruption of state or a bad pointer being used by the JIT trampoline (_Py_LazyJitTrampoline). Given that this appeared after the fix for unaligned memory access, it is possible that the changes in PR 139271 have inadvertently affected pointer calculation or state setup prior to calling _Py_jit_entry, leading to this segmentation fault under the specific code paths exercised by test_asyncio and unittest.mock.

Logs:

gdb_logs.txt
test_logs.txt

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Metadata

Metadata

Assignees

No one assigned

    Labels

    topic-JITtopic-asynciotype-crashA hard crash of the interpreter, possibly with a core dump

    Projects

    asyncio

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions