gh-140746: Fix Thread.start() can hang forever

When a new thread is started (`Thread.start()`), the current thread
waits for the new thread's `_started` signal (`self._started.wait()`).
If the new thread doesn't have enough memory, it might crash before
signaling its start to the parent thread, causing the parent thread
to wait indefinitely (still in `Thread.start()`).

To fix the issue, remove the _started python attribute from the
Thread class and moved the logic on the _os_thread_handle.
WIP

We also change `Thread._delete()` to use `pop` to remove the thread from
`_active`, as there is no guarantee that the thread exists in
`_active[get_ident()]`, thus avoiding a potential `KeyError`.
This can happen if `_bootstrap_inner` crashes before
`_active[self._ident] = self` executes. We use `self._ident` because we
know `set_ident()` has already been called.

Moreover, remove the old comment in `_delete` because
`_active_limbo_lock` became reentrant in commit 243fd01.

Author: ryv-odoo

Lib/test/test_threading.py

@@ -215,11 +215,6 @@ def test_various_ops(self):
             self.assertRegex(repr(t), r'^<TestThread\(.*, initial\)>$')
             t.start()
 
-        if hasattr(threading, 'get_native_id'):
-            native_ids = set(t.native_id for t in threads) | {threading.get_native_id()}
-            self.assertNotIn(None, native_ids)
-            self.assertEqual(len(native_ids), NUMTASKS + 1)
-
         if verbose:
             print('waiting for all tasks to complete')
         for t in threads:
@@ -228,6 +223,12 @@ def test_various_ops(self):
             self.assertNotEqual(t.ident, 0)
             self.assertIsNotNone(t.ident)
             self.assertRegex(repr(t), r'^<TestThread\(.*, stopped -?\d+\)>$')
+
+        if hasattr(threading, 'get_native_id'):
+            native_ids = set(t.native_id for t in threads) | {threading.get_native_id()}
+            self.assertNotIn(None, native_ids)
+            self.assertEqual(len(native_ids), NUMTASKS + 1)
+
         if verbose:
             print('all tasks done')
         self.assertEqual(numrunning.get(), 0)
@@ -307,7 +308,7 @@ def f(mutex):
         # Issue gh-106236:
         with self.assertRaises(RuntimeError):
             dummy_thread.join()
-        dummy_thread._started.clear()
+        dummy_thread._os_thread_handle._set_done()
         with self.assertRaises(RuntimeError):
             dummy_thread.is_alive()
         # Busy wait for the following condition: after the thread dies, the
@@ -1457,6 +1458,32 @@ def run_in_bg():
         self.assertEqual(err, b"")
         self.assertEqual(out.strip(), b"Exiting...")
 
+    def test_memory_error_bootstrap(self):
+        # gh-140746: Test that Thread.start() doesn't hang indefinitely if
+        # the new thread fails (MemoryError) during its initialization
+
+        def serving_thread():
+
+            def nothing():
+                pass
+
+            def _set_ident_memory_error():
+                raise MemoryError()
+
+            thread = threading.Thread(target=nothing)
+            with (
+                support.catch_unraisable_exception(),
+                mock.patch.object(thread, '_set_ident', _set_ident_memory_error)
+            ):
+                thread.start()
+                self.assertFalse(thread.is_alive())
+
+        serving_thread = threading.Thread(target=serving_thread)
+        serving_thread.start()
+        serving_thread.join(0.1)
+        self.assertFalse(serving_thread.is_alive())
+
+
 class ThreadJoinOnShutdown(BaseTestCase):
 
     def _run_and_join(self, script):

Lib/threading.py

@@ -930,7 +930,6 @@ class is implemented.
         if _HAVE_THREAD_NATIVE_ID:
             self._native_id = None
         self._os_thread_handle = _ThreadHandle()
-        self._started = Event()
         self._initialized = True
         # Copy of sys.stderr used by self._invoke_excepthook()
         self._stderr = _sys.stderr
@@ -940,7 +939,6 @@ class is implemented.
 
     def _after_fork(self, new_ident=None):
         # Private!  Called by threading._after_fork().
-        self._started._at_fork_reinit()
         if new_ident is not None:
             # This thread is alive.
             self._ident = new_ident
@@ -955,7 +953,7 @@ def _after_fork(self, new_ident=None):
     def __repr__(self):
         assert self._initialized, "Thread.__init__() was not called"
         status = "initial"
-        if self._started.is_set():
+        if self._os_thread_handle.is_running():
             status = "started"
         if self._os_thread_handle.is_done():
             status = "stopped"
@@ -978,7 +976,7 @@ def start(self):
         if not self._initialized:
             raise RuntimeError("thread.__init__() not called")
 
-        if self._started.is_set():
+        if self._os_thread_handle.is_running():
             raise RuntimeError("threads can only be started once")
 
         with _active_limbo_lock:
@@ -1001,7 +999,13 @@ def start(self):
             with _active_limbo_lock:
                 del _limbo[self]
             raise
-        self._started.wait()  # Will set ident and native_id
+        self._os_thread_handle.wait_bootstrap_done()
+
+        # It's possible that the _started event never occurs from the new Thread;
+        # e.g., it didn't have enough memory to call the initialization part of _bootstrap_inner.
+        if self._os_thread_handle.is_done():
+            with _active_limbo_lock:
+                _limbo.pop(self, None)
 
     def run(self):
         """Method representing the thread's activity.
@@ -1061,7 +1065,7 @@ def _bootstrap_inner(self):
             if _HAVE_THREAD_NATIVE_ID:
                 self._set_native_id()
             self._set_os_name()
-            self._started.set()
+            self._os_thread_handle.set_bootstrap_done()
             with _active_limbo_lock:
                 _active[self._ident] = self
                 del _limbo[self]
@@ -1081,11 +1085,7 @@ def _bootstrap_inner(self):
     def _delete(self):
         "Remove current thread from the dict of currently running threads."
         with _active_limbo_lock:
-            del _active[get_ident()]
-            # There must not be any python code between the previous line
-            # and after the lock is released.  Otherwise a tracing function
-            # could try to acquire the lock again in the same thread, (in
-            # current_thread()), and would block.
+            _active.pop(self._ident, None)
 
     def join(self, timeout=None):
         """Wait until the thread terminates.
@@ -1113,7 +1113,7 @@ def join(self, timeout=None):
         """
         if not self._initialized:
             raise RuntimeError("Thread.__init__() not called")
-        if not self._started.is_set():
+        if not self._os_thread_handle.is_done() and not self._os_thread_handle.is_running():
             raise RuntimeError("cannot join thread before it is started")
         if self is current_thread():
             raise RuntimeError("cannot join current thread")
@@ -1176,7 +1176,7 @@ def is_alive(self):
 
         """
         assert self._initialized, "Thread.__init__() not called"
-        return self._started.is_set() and not self._os_thread_handle.is_done()
+        return self._os_thread_handle.is_running() and not self._os_thread_handle.is_done()
 
     @property
     def daemon(self):
@@ -1199,7 +1199,7 @@ def daemon(self, daemonic):
             raise RuntimeError("Thread.__init__() not called")
         if daemonic and not _daemon_threads_allowed():
             raise RuntimeError('daemon threads are disabled in this interpreter')
-        if self._started.is_set():
+        if self._os_thread_handle.is_running() or self._os_thread_handle.is_done():
             raise RuntimeError("cannot set daemon status of active thread")
         self._daemonic = daemonic
 
@@ -1385,7 +1385,6 @@ class _MainThread(Thread):
 
     def __init__(self):
         Thread.__init__(self, name="MainThread", daemon=False)
-        self._started.set()
         self._ident = _get_main_thread_ident()
         self._os_thread_handle = _make_thread_handle(self._ident)
         if _HAVE_THREAD_NATIVE_ID:
@@ -1433,7 +1432,6 @@ class _DummyThread(Thread):
     def __init__(self):
         Thread.__init__(self, name=_newname("Dummy-%d"),
                         daemon=_daemon_threads_allowed())
-        self._started.set()
         self._set_ident()
         self._os_thread_handle = _make_thread_handle(self._ident)
         if _HAVE_THREAD_NATIVE_ID:
@@ -1443,7 +1441,7 @@ def __init__(self):
         _DeleteDummyThreadOnDel(self)
 
     def is_alive(self):
-        if not self._os_thread_handle.is_done() and self._started.is_set():
+        if self._os_thread_handle.is_running() and not self._os_thread_handle.is_done():
             return True
         raise RuntimeError("thread is not alive")
 

Misc/NEWS.d/next/Core_and_Builtins/2025-11-12-08-45-55.gh-issue-140746.S8T1ga.rst

@@ -0,0 +1 @@
+Fix :func:`threading.Thread.start` that can hang indefinitely in case of heap memory exhaustion during initialization of the new thread.

Modules/_threadmodule.c

@@ -103,7 +103,8 @@ typedef enum {
     THREAD_HANDLE_NOT_STARTED = 1,
     THREAD_HANDLE_STARTING = 2,
     THREAD_HANDLE_RUNNING = 3,
-    THREAD_HANDLE_DONE = 4,
+    THREAD_HANDLE_BOOTSTRAPED = 4,
+    THREAD_HANDLE_DONE = 5,
 } ThreadHandleState;
 
 // A handle to wait for thread completion.
@@ -139,6 +140,7 @@ typedef struct {
 
     PyMutex mutex;
 
+    PyEvent thread_is_bootstraped;
     // Set immediately before `thread_run` returns to indicate that the OS
     // thread is about to exit. This is used to avoid false positives when
     // detecting self-join attempts. See the comment in `ThreadHandle_join()`
@@ -231,6 +233,7 @@ ThreadHandle_new(void)
     self->os_handle = 0;
     self->has_os_handle = 0;
     self->thread_is_exiting = (PyEvent){0};
+    self->thread_is_bootstraped = (PyEvent){0};
     self->mutex = (PyMutex){_Py_UNLOCKED};
     self->once = (_PyOnceFlag){0};
     self->state = THREAD_HANDLE_NOT_STARTED;
@@ -322,6 +325,7 @@ _PyThread_AfterFork(struct _pythread_runtime_state *state)
         handle->once = (_PyOnceFlag){_Py_ONCE_INITIALIZED};
         handle->mutex = (PyMutex){_Py_UNLOCKED};
         _PyEvent_Notify(&handle->thread_is_exiting);
+        _PyEvent_Notify(&handle->thread_is_bootstraped);
         llist_remove(node);
         remove_from_shutdown_handles(handle);
     }
@@ -393,6 +397,8 @@ thread_run(void *boot_raw)
             PyErr_FormatUnraisable(
                 "Exception ignored in thread started by %R", boot->func);
         }
+        set_thread_handle_state(handle, THREAD_HANDLE_DONE);
+        _PyEvent_Notify(&handle->thread_is_bootstraped);
     }
     else {
         Py_DECREF(res);
@@ -424,6 +430,7 @@ force_done(void *arg)
     assert(get_thread_handle_state(handle) == THREAD_HANDLE_STARTING);
     _PyEvent_Notify(&handle->thread_is_exiting);
     set_thread_handle_state(handle, THREAD_HANDLE_DONE);
+    _PyEvent_Notify(&handle->thread_is_bootstraped);
     return 0;
 }
 
@@ -488,7 +495,7 @@ ThreadHandle_start(ThreadHandle *self, PyObject *func, PyObject *args,
     self->state = THREAD_HANDLE_RUNNING;
     PyMutex_Unlock(&self->mutex);
 
-    // Unblock the thread
+    // Unblock the thread and wait the running signal
     _PyEvent_Notify(&boot->handle_ready);
 
     return 0;
@@ -502,7 +509,7 @@ static int
 join_thread(void *arg)
 {
     ThreadHandle *handle = (ThreadHandle*)arg;
-    assert(get_thread_handle_state(handle) == THREAD_HANDLE_RUNNING);
+    assert(get_thread_handle_state(handle) >= THREAD_HANDLE_RUNNING);
     PyThread_handle_t os_handle;
     if (ThreadHandle_get_os_handle(handle, &os_handle)) {
         int err = 0;
@@ -596,7 +603,9 @@ static int
 set_done(void *arg)
 {
     ThreadHandle *handle = (ThreadHandle*)arg;
-    assert(get_thread_handle_state(handle) == THREAD_HANDLE_RUNNING);
+    assert(
+        get_thread_handle_state(handle) == THREAD_HANDLE_RUNNING ||
+        get_thread_handle_state(handle) == THREAD_HANDLE_BOOTSTRAPED);
     if (detach_thread(handle) < 0) {
         PyErr_SetString(ThreadError, "failed detaching handle");
         return -1;
@@ -621,6 +630,13 @@ ThreadHandle_set_done(ThreadHandle *self)
     return 0;
 }
 
+static void
+ThreadHandle_set_bootstrap_done(ThreadHandle *self)
+{
+    set_thread_handle_state(self, THREAD_HANDLE_BOOTSTRAPED);
+    _PyEvent_Notify(&self->thread_is_bootstraped);
+}
+
 // A wrapper around a ThreadHandle.
 typedef struct {
     PyObject_HEAD
@@ -707,6 +723,35 @@ PyThreadHandleObject_join(PyObject *op, PyObject *args)
     Py_RETURN_NONE;
 }
 
+static PyObject *
+PyThreadHandleObject_is_running(PyObject *op, PyObject *Py_UNUSED(dummy))
+{
+    PyThreadHandleObject *self = PyThreadHandleObject_CAST(op);
+    ThreadHandleState state = get_thread_handle_state(self->handle);
+    if (state == THREAD_HANDLE_RUNNING || state == THREAD_HANDLE_BOOTSTRAPED) {
+        Py_RETURN_TRUE;
+    }
+    else {
+        Py_RETURN_FALSE;
+    }
+}
+
+static PyObject *
+PyThreadHandleObject_wait_bootstrap_done(PyObject *op, PyObject *Py_UNUSED(dummy))
+{
+    PyThreadHandleObject *self = PyThreadHandleObject_CAST(op);
+    PyEvent_Wait(&self->handle->thread_is_bootstraped);
+    Py_RETURN_NONE;
+}
+
+static PyObject *
+PyThreadHandleObject_set_bootstrap_done(PyObject *op, PyObject *Py_UNUSED(dummy))
+{
+    PyThreadHandleObject *self = PyThreadHandleObject_CAST(op);
+    ThreadHandle_set_bootstrap_done(self->handle);
+    Py_RETURN_NONE;
+}
+
 static PyObject *
 PyThreadHandleObject_is_done(PyObject *op, PyObject *Py_UNUSED(dummy))
 {
@@ -740,6 +785,9 @@ static PyGetSetDef ThreadHandle_getsetlist[] = {
 static PyMethodDef ThreadHandle_methods[] = {
     {"join", PyThreadHandleObject_join, METH_VARARGS, NULL},
     {"_set_done", PyThreadHandleObject_set_done, METH_NOARGS, NULL},
+    {"wait_bootstrap_done", PyThreadHandleObject_wait_bootstrap_done, METH_NOARGS, NULL},
+    {"set_bootstrap_done", PyThreadHandleObject_set_bootstrap_done, METH_NOARGS, NULL},
+    {"is_running", PyThreadHandleObject_is_running, METH_NOARGS, NULL},
     {"is_done", PyThreadHandleObject_is_done, METH_NOARGS, NULL},
     {0, 0}
 };