[3.11] gh-108987: Fix _thread.start_new_thread() race condition (#109135) #109272

vstinner · 2023-09-11T15:59:51Z

Fix _thread.start_new_thread() race condition. If a thread is created during Python finalization, the newly spawned thread now exits immediately instead of trying to access freed memory and lead to a crash.

thread_run() calls PyEval_AcquireThread() which checks if the thread must exit. The problem was that tstate was dereferenced earlier in _PyThreadState_Bind() which leads to a crash most of the time.

Move _PyThreadState_CheckConsistency() from thread_run() to _PyThreadState_Bind().

(cherry picked from commit 517cd82)

Issue: test_threading fails and crashes when rerun #108987

…n#109135) Fix _thread.start_new_thread() race condition. If a thread is created during Python finalization, the newly spawned thread now exits immediately instead of trying to access freed memory and lead to a crash. thread_run() calls PyEval_AcquireThread() which checks if the thread must exit. The problem was that tstate was dereferenced earlier in _PyThreadState_Bind() which leads to a crash most of the time. Move _PyThreadState_CheckConsistency() from thread_run() to _PyThreadState_Bind(). (cherry picked from commit 517cd82)

vstinner · 2023-09-11T16:05:34Z

I tested manually this fix, it works as I expected.

I used this test: #109135 (comment)

Without this change: CRASH!

(...)
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
exit
-- sleep 1 sec after free_interpreter() --
python: Python/pystate.c:2259: _PyThreadState_CheckConsistency: Assertion `!_PyMem_IsPtrFreed(tstate->interp)' failed.
python: Python/pystate.c:2259: _PyThreadState_CheckConsistency: Assertion `!_PyMem_IsPtrFreed(tstate->interp)' failed.
python: Python/pystate.c:2259: _PyThreadState_CheckConsistency: Assertion `!_PyMem_IsPtrFreed(tstate->interp)' failed.
python: Python/pystate.c:2259: _PyThreadState_CheckConsistency: Assertion `!_PyMem_IsPtrFreed(tstate->interp)' failed.
Abandon (core dumped)

With this change: not crash.

$ ./python bug.py; echo "exitcode=$?"
(...)
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
-- sleep 100 ms before PyEval_AcquireThread() --
exit
-- sleep 1 sec after free_interpreter() --
exitcode=0

bedevere-app bot added the awaiting review label Sep 11, 2023

This was referenced Sep 11, 2023

test_threading fails and crashes when rerun #108987

Closed

gh-108987: Fix _thread.start_new_thread() race condition #109135

Merged

vstinner merged commit 82a1806 into python:3.11 Sep 11, 2023

vstinner deleted the start_new_thread311 branch September 11, 2023 17:33

bedevere-app bot removed the awaiting review label Sep 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[3.11] gh-108987: Fix _thread.start_new_thread() race condition (#109135) #109272

[3.11] gh-108987: Fix _thread.start_new_thread() race condition (#109135) #109272

vstinner commented Sep 11, 2023 •

edited by bedevere-app bot

Loading

vstinner commented Sep 11, 2023

[3.11] gh-108987: Fix _thread.start_new_thread() race condition (#109135) #109272

[3.11] gh-108987: Fix _thread.start_new_thread() race condition (#109135) #109272

Conversation

vstinner commented Sep 11, 2023 • edited by bedevere-app bot Loading

vstinner commented Sep 11, 2023

vstinner commented Sep 11, 2023 •

edited by bedevere-app bot

Loading