[PyQt] Segfault on exit with Python 3.5

Dmitry Shachnev mitya57 at ubuntu.com
Sun Dec 20 17:03:29 GMT 2015

Hi all,

In my application I get a strange segfault on exit only when using Python
3.5.1 (does not happen with Python 3.4.4rc1).

Segfault happens in this code:

808   int QMetaObjectPrivate::signalOffset(const QMetaObject *m)
809   {
810       Q_ASSERT(m != 0);
811       int offset = 0;
812       for (m = m->d.superdata; m; m = m->d.superdata)
813 >>        offset += priv(m->d.data)->signalCount;
814       return offset;
815   }

The full traceback is attached. Valgrind says that this code is trying to
access address 0x30, which is (obviously) not mapped.

I quickly figured out that reverting an innocently-looking commit [1] fixes
this. While trying to provide a minimal example I also figured out that almost
any minor change to the code makes the segfault disappear (thus I was not able
to provide a minimal example).

Has anybody else seen this? What component should I blame?

[1]: https://github.com/retext-project/retext/commit/64fdbcb62d0c3155

Dmitry Shachnev
-------------- next part --------------
#0  0x00007ffff60ac727 in QMetaObjectPrivate::signalOffset(QMetaObject const*) (m=<optimized out>, m at entry=0x7fffe15020d0)
    at kernel/qmetaobject.cpp:813
#1  0x00007ffff60ac7c4 in QMetaObjectPrivate::signal(QMetaObject const*, int) (m=0x7fffe15020d0, signal_index=signal_index at entry=0)
    at kernel/qmetaobject.cpp:868
#2  0x00007ffff60d9442 in QObject::~QObject() (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:987
#3  0x00007ffff1ff8d48 in (anonymous namespace)::Q_QGS_qAccessibleCache::Holder::~Holder() (this=0x7ffff2467b40 <(anonymous namespace)::Q_QGS_qAccessibleCache::innerFunction()::holder>, __in_chrg=<optimized out>) at accessible/qaccessiblecache_p.h:60
#4  0x00007ffff1ff8d48 in (anonymous namespace)::Q_QGS_qAccessibleCache::Holder::~Holder() (this=0x7ffff2467b40 <(anonymous namespace)::Q_QGS_qAccessibleCache::innerFunction()::holder>, __in_chrg=<optimized out>) at accessible/qaccessiblecache.cpp:46
#5  0x00007ffff6cfff52 in __run_exit_handlers (status=0, listp=0x7ffff7068698 <__exit_funcs>, run_list_atexit=run_list_atexit at entry=true)
    at exit.c:82
#6  0x00007ffff6cfffa5 in __GI_exit (status=<optimized out>) at exit.c:104
#7  0x0000000000602dff in Py_Exit (sts=sts at entry=0) at ../Python/pylifecycle.c:1452
#8  0x0000000000602ee0 in handle_system_exit () at ../Python/pythonrun.c:602
#9  0x0000000000602f3d in PyErr_PrintEx (set_sys_last_vars=1) at ../Python/pythonrun.c:612
#10 0x00000000006044e9 in PyRun_SimpleFileExFlags () at ../Python/pythonrun.c:508
#11 0x00000000006044e9 in PyRun_SimpleFileExFlags (fp=<optimized out>, filename=<optimized out>, closeit=<optimized out>, flags=0x7fffffffdfe0)
    at ../Python/pythonrun.c:401
#12 0x000000000062d26b in Py_Main (p_cf=0x7fffffffdfe0, filename=0xa64290 L"/usr/bin/retext", fp=0xac0980) at ../Modules/main.c:318
#13 0x000000000062d26b in Py_Main (argc=2, argv=0xa63010) at ../Modules/main.c:768
#14 0x00000000004c8d0f in main (argc=2, argv=<optimized out>) at ../Programs/python.c:69
#15 0x00007ffff6cea870 in __libc_start_main (main=
    0x4c8c30 <main>, argc=2, argv=0x7fffffffe1f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe1e8)
    at libc-start.c:291
#16 0x00000000005c4ac9 in _start ()
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://www.riverbankcomputing.com/pipermail/pyqt/attachments/20151220/b584a9a2/attachment.sig>

More information about the PyQt mailing list