Python 3.14a7: Segfault in sip_api_init_module / _Py_TYPE

Phil Thompson phil at riverbankcomputing.com
Fri Apr 11 20:57:32 BST 2025 

On 11/04/2025 16:15, Florian Bruhin wrote:
> Hey,
> 
> PyQt6 6.9.0 seemed to work fine with Python 3.14 Alpha 6 so far.
> However, after upgrading to Alpha 7, "from PyQt6.QtCore" immediately
> segfaults:
> 
>     Program received signal SIGSEGV, Segmentation fault.
>     0x00007ffff75e765e in _Py_TYPE (ob=0xffffffffffffffff) at
> /usr/include/python3.14/object.h:270
>     270	       return ob->ob_type;
> 
> in:
> 
>     #0  0x00007ffff75e765e in _Py_TYPE (ob=0xffffffffffffffff) at
> /usr/include/python3.14/object.h:270
>     #1  createClassType (client=client at entry=0x7ffff7537a40
> <sipModuleAPI_QtCore>, ctd=0x7ffff7509960
> <sipTypeDef_QtCore_PyQtMutexLocker>,
>         mod_dict=mod_dict at entry=0x7ffff7675670) at
> [...]/pyqt6-sip_[...]/sip_core.c:5721
>     #2  0x00007ffff75ee1d3 in sip_api_init_module
> (client=0x7ffff7537a40 <sipModuleAPI_QtCore>, mod_dict=0x7ffff7675670)
>         at [...]/pyqt6-sip_[...]/sip_core.c:1667
>     #3  0x00007ffff739e960 in PyInit_QtCore () from
> [...]/python3.14/site-packages/PyQt6/QtCore.abi3.so
>     #4  0x00005555558046db in _PyImport_RunModInitFunc
> (p0=p0 at entry=0x7ffff739e820 <PyInit_QtCore>,
> info=info at entry=0x7fffffffc2c0,
>         p_res=p_res at entry=0x7fffffffc230) at ./Python/importdl.c:430
> 
> I bisected this to this change in CPython, "Cache the result of
> tuple_hash", which adds a new ob_hash field to PyTupleObject:
> 
> https://github.com/python/cpython/pull/131529
> https://github.com/python/cpython/commit/8614f86b7163b1c39798b481902dbb511292a537
> 
> I'm not sure what happens there under the hood. Is there anything
> special PyQt/sip is doing there, or is this simply some sort of CPython
> regression in that commit? Happy to report it there, but I don't know
> much about the CPython C API at all.
> 
> Florian

Just by visual inspection of the code, I think the sequence of calls 
is...

static PyTypeObject BaseType {
     ...
};

PyType_Ready(&BaseType);

PyObject *base_tup = PyTuple_Pack(1, (PyObject *)&BaseType);

PyObject *base_ref = PyTuple_GET_ITEM(base_tup, 0);

Py_TYPE(base_ref);  // Crashes here (because base_ref is -1?)

...so I don't think I'm doing anything bad.

Phil

More information about the PyQt mailing list