Skip to content

Crash in ThreadHandle_dealloc after fork in free-threaded build #115035

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
colesbury opened this issue Feb 5, 2024 · 1 comment
Closed

Crash in ThreadHandle_dealloc after fork in free-threaded build #115035

colesbury opened this issue Feb 5, 2024 · 1 comment
Labels
3.13 bugs and security fixes topic-free-threading type-bug An unexpected behavior, bug, or error

Comments

@colesbury
Copy link
Contributor

colesbury commented Feb 5, 2024
edited by bedevere-app bot
Loading

Bug report

I've seen this in the free-threaded build, but I think the problem can theoretically occur in the default build as well.

The problem is that after a fork(), an already dead ThreadHandle may be deallocated before it's marked as not joinable. The ThreadHandle_dealloc() function can crash in PyThread_detach_thread():

cpython/Modules/_threadmodule.c

Lines 66 to 70 in bcccf1f

ThreadHandle_dealloc(ThreadHandleObject *self)
{
PyObject *tp = (PyObject *) Py_TYPE(self);
if (self->joinable) {
int ret = PyThread_detach_thread(self->handle);

The steps leading to the crash are:

  1. A thread T2 starts and finishes, but is not joined. The ThreadHandle is not immediately deallocated, either because it's part of a larger reference cycle or due to biased reference counting (in the free-threaded build)
  2. The main thread calls fork()
  3. In the child process, during PyOS_AfterFork_Child(), the ThreadHandle is deallocated. I've seen this happen in the free-threaded build due to biased reference counting merging the thread states in PyThreadState_Clear(). I believe this can also happen in the default build if, for example, a GC is triggered early on during threading._after_fork() before we get to marking the ThreadHandle as not joinable.

Proposed fix

Early on in PyOS_AfterFork_Child(), we should fix up all ThreadHandle objects from C (without executing Python code) -- we should mark the dead ones as not joinable and update the remaining active thread.

I think it's important to do this without executing Python code. Once we start executing Python code, almost anything can happen, such as GC collections, destructors, etc.

cc @pitrou @gpshead @ericsnowcurrently

Linked PRs
@colesbury colesbury added type-bug An unexpected behavior, bug, or error 3.13 bugs and security fixes topic-free-threading labels Feb 5, 2024
@colesbury colesbury mentioned this issue Feb 5, 2024
Merged
@pitrou
Copy link
Member

pitrou commented Feb 5, 2024

Early on in PyOS_AfterFork_Child(), we should fix up all ThreadHandle objects from C (without executing Python code) -- we should mark the dead ones as not joinable and update the remaining active thread.

This looks reasonable to me.

colesbury added a commit to colesbury/cpython that referenced this issue Feb 5, 2024
@colesbury
pythongh-115035: Mark ThreadHandles as non-joinable earlier
fecb718 
This marks dead ThreadHandles as non-joinable earlier in
`PyOS_AfterFork_Child()` before we execute any Python code. The handles
are stored in a global linked list in `_PyRuntimeState` because `fork()`
affects the entire process.
colesbury added a commit to colesbury/cpython that referenced this issue Feb 5, 2024
@colesbury
pythongh-115035: Mark ThreadHandles as non-joinable earlier
8130173 
This marks dead ThreadHandles as non-joinable earlier in
`PyOS_AfterFork_Child()` before we execute any Python code. The handles
are stored in a global linked list in `_PyRuntimeState` because `fork()`
affects the entire process.
@bedevere-app bedevere-app bot mentioned this issue Feb 5, 2024
Merged
colesbury added a commit that referenced this issue Feb 6, 2024
@colesbury
gh-115035: Mark ThreadHandles as non-joinable earlier after forking (#…
b6228b5 
…115042)

This marks dead ThreadHandles as non-joinable earlier in
`PyOS_AfterFork_Child()` before we execute any Python code. The handles
are stored in a global linked list in `_PyRuntimeState` because `fork()`
affects the entire process.
fsc-eriker pushed a commit to fsc-eriker/cpython that referenced this issue Feb 14, 2024
@colesbury @fsc-eriker
pythongh-115035: Mark ThreadHandles as non-joinable earlier after for…
dffd892 
…king (python#115042)

This marks dead ThreadHandles as non-joinable earlier in
`PyOS_AfterFork_Child()` before we execute any Python code. The handles
are stored in a global linked list in `_PyRuntimeState` because `fork()`
affects the entire process.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.13 bugs and security fixes topic-free-threading type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@colesbury @pitrou