Skip to content

[BUG]: segfault at exit since upgrading to 3.0.x, probably due to "Make wrapped C++ functions pickleable" (https://github.com/pybind/pybind11/pull/5580) #5991

@HMRWork42

Description

@HMRWork42

Required prerequisites

What version (or hash if on master) of pybind11 are you using?

3.0.2

Problem description

I am one of the co-maintainers of skia-python . We have had segfaults at end of CI pytest since 3.0. c1 if built against pybind11 3.x. I I have finally got round to do a debug build and seems to get python's finalizer involving pybind11 code here in this valgrind trace:

==2980== Invalid free() / delete / delete[] / realloc()
==2980==    at 0x4847E43: free (vg_replace_malloc.c:990)
==2980==    by 0x5A0E488: pybind11::cpp_function::destruct(pybind11::detail::function_record*, bool) (pybind11.h:824)
==2980==    by 0x5A0E375: pybind11::detail::function_record_PyTypeObject_methods::tp_dealloc_impl(_object*) (pybind11.h:1325)
==2980==    by 0x49AD620: _Py_Dealloc (object.c:3072)
==2980==    by 0x49C82BC: Py_DECREF (refcount.h:421)
==2980==    by 0x49C82BC: Py_XDECREF (refcount.h:514)
==2980==    by 0x49C82BC: Py_XDECREF (refcount.h:511)
==2980==    by 0x49C82BC: meth_dealloc.lto_priv.0 (methodobject.c:179)
==2980==    by 0x49AD620: _Py_Dealloc (object.c:3072)
==2980==    by 0x4ACB77A: property_dealloc.lto_priv.0 (descrobject.c:1638)
==2980==    by 0x49C1631: _Py_Dealloc (object.c:3072)
==2980==    by 0x49C1631: Py_DECREF (refcount.h:421)
==2980==    by 0x49C1631: Py_XDECREF (refcount.h:514)
==2980==    by 0x49C1631: dictkeys_decref.part.0.constprop.0 (dictobject.c:463)
==2980==    by 0x4A7A739: PyDict_Clear (dictobject.c:2932)
==2980==    by 0x4A7A739: type_clear.lto_priv.0 (typeobject.c:6620)
==2980==    by 0x4A79F56: delete_garbage (gc.c:1141)
==2980==    by 0x4A79F56: gc_collect_region.lto_priv.0 (gc.c:1761)
==2980==    by 0x4AC84C1: gc_collect_full (gc.c:1681)
==2980==    by 0x4AC84C1: _PyGC_Collect (gc.c:2045)
==2980==    by 0x4AEAD2A: _Py_Finalize.constprop.0 (pylifecycle.c:2144)
==2980==  Address 0x6d55c3e is in a r-- mapped file /home/HMRWork42/.local/lib/python3.14/site-packages/skia.cpython-314-x86_64-linux-gnu.so segment

The code around pybind11.h:1325 in 3.0.2 was introduced in "Make wrapped C++ functions pickleable" (#5580) in 3.0 rc1, which seems to match the time frame.

Would like some suggestions to look further.

downstream issue kyamagu/skia-python#350

Reproducible example code

Unfortunately skia-python is extremely large and interconnected. I seems to have isolated the segfault at anything, exit (a simple one-line "import skia; .... " segfaults) to src/skia/GrContext* (which is still a thousand lines).

Is this a regression? Put the last known working version here if it is.

2.13.6

Metadata

Metadata

Assignees

No one assigned

    Labels

    triageNew bug, unverified

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions