Fix stack-use-after-return on jit_module_noslotsdef (ASAN root cause python#1)

SonicField · SonicField · commit f8564ccc2b94 · 2026-03-30T12:44:23.000-07:00
PyModule_Create stores a pointer to the PyModuleDef in the module
object's md_def field. jit_module_noslotsdef was a stack-local in
jit::initialize(), so md_def dangled after the function returned.
GC's module_traverse then read from dead stack memory, causing heap
corruption under sustained GC pressure (the 7/17 single-process crash).

Fix: make jit_module_noslotsdef static so it survives the function call.
diff --git a/Python/jit/pyjit.cpp b/Python/jit/pyjit.cpp
@@ -3679,8 +3679,10 @@ int initialize() {
     return -1;
   }
 
-  // Use a copy with slots cleared for PyModule_Create compatibility
-  PyModuleDef jit_module_noslotsdef = jit_module;
+  // Use a copy with slots cleared for PyModule_Create compatibility.
+  // Must be static: PyModule_Create stores a pointer to the PyModuleDef in
+  // the module object (md_def). A stack-local would be use-after-return.
+  static PyModuleDef jit_module_noslotsdef = jit_module;
   jit_module_noslotsdef.m_slots = nullptr;
   PyObject* mod = PyModule_Create(&jit_module_noslotsdef);
   if (mod == nullptr) {
