Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible race condition in signal handling #102397

Closed
kumaraditya303 opened this issue Mar 3, 2023 · 3 comments
Closed

Possible race condition in signal handling #102397

kumaraditya303 opened this issue Mar 3, 2023 · 3 comments
Labels
3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@kumaraditya303
Copy link
Contributor

kumaraditya303 commented Mar 3, 2023
edited by bedevere-bot
Loading

The following code segfaults the interpreter on Linux. Tested on current main.

import gc
import _thread

gc.set_threshold(1, 0, 0)

def cb(*args):
    _thread.interrupt_main()


gc.callbacks.append(cb)

def gen():
    yield 1

g = gen()
g.__next__()
Exception ignored in: <function cb at 0x7f7f4f6fe200>
Traceback (most recent call last):
  File "/workspaces/cpython/main.py", line 7, in cb
    _thread.interrupt_main()
KeyboardInterrupt: 
Exception ignored in: <function cb at 0x7f7f4f6fe200>
Traceback (most recent call last):
  File "/workspaces/cpython/main.py", line 7, in cb
    _thread.interrupt_main()
KeyboardInterrupt: 
Exception ignored in: <function cb at 0x7f7f4f6fe200>
Traceback (most recent call last):
  File "/workspaces/cpython/main.py", line 7, in cb
    _thread.interrupt_main()
KeyboardInterrupt: 
Exception ignored in: <function cb at 0x7f7f4f6fe200>
Traceback (most recent call last):
  File "/workspaces/cpython/main.py", line 7, in cb
    _thread.interrupt_main()
KeyboardInterrupt: 
Segmentation fault (core dumped)

Linked PRs
@kumaraditya303 kumaraditya303 added type-bug An unexpected behavior, bug, or error interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump 3.12 bugs and security fixes labels Mar 3, 2023
@chgnrdv
Copy link
Contributor

chgnrdv commented Mar 3, 2023

Guess I found a minimal reproducer:

import _thread

class Foo():
    def __del__(self):
        _thread.interrupt_main()

x = Foo()

This, as well as original one, crashes on 3.10.8, 3.11.0 and current main under Linux.

@kumaraditya303
Copy link
Contributor Author

Yeah, both of these crashes are basically the same, they both crash in compare_handler in signal handling, I am working on a fix.

@bedevere-bot bedevere-bot mentioned this issue Mar 3, 2023
Merged
@kumaraditya303 kumaraditya303 added 3.11 only security fixes 3.10 only security fixes labels Mar 8, 2023
kumaraditya303 added a commit that referenced this issue Mar 8, 2023
@kumaraditya303 @gpshead
GH-102397: Fix segfault from race condition in signal handling (#102399)
1a84cc0 
Co-authored-by: Gregory P. Smith <greg@krypto.org>
@bedevere-bot bedevere-bot mentioned this issue Mar 8, 2023
Merged
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Mar 8, 2023
@kumaraditya303 @gpshead @miss-islington
pythonGH-102397: Fix segfault from race condition in signal handling (p…
86df1af 
…ythonGH-102399)

(cherry picked from commit 1a84cc0)

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Mar 8, 2023
@kumaraditya303 @gpshead @miss-islington
pythonGH-102397: Fix segfault from race condition in signal handling (p…
415e956 
…ythonGH-102399)

(cherry picked from commit 1a84cc0)

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
@bedevere-bot bedevere-bot mentioned this issue Mar 8, 2023
Merged
kumaraditya303 added a commit that referenced this issue Mar 8, 2023
@miss-islington @kumaraditya303 @gpshead
[3.10] GH-102397: Fix segfault from race condition in signal handling (
c4fb418 
…GH-102399) (#102527)

GH-102397: Fix segfault from race condition in signal handling (GH-102399)
(cherry picked from commit 1a84cc0)

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington added a commit that referenced this issue Mar 8, 2023
@miss-islington @kumaraditya303 @gpshead
GH-102397: Fix segfault from race condition in signal handling (GH-10…
7905ae7 
…2399)

(cherry picked from commit 1a84cc0)

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
@kumaraditya303
Copy link
Contributor Author

Fixed in main and backported, closing.

carljm added a commit to carljm/cpython that referenced this issue Mar 8, 2023
@carljm
Merge branch 'main' into inlinecomp2
06db319 
* main:
  pythongh-102304: Consolidate Direct Usage of _Py_RefTotal (pythongh-102514)
  pythongh-102192: Replace PyErr_Fetch/Restore etc by more efficient alternatives (in Objects/) (python#102218)
  pythongh-102507 Remove invisible pagebreak characters (python#102531)
  pythongh-102515: Remove unused imports in the `Lib/` directory (python#102516)
  Remove or update bitbucket links (pythonGH-101963)
  pythongh-101100: Fix sphinx warnings in `zipapp` and `zipfile` modules (python#102526)
  pythonGH-102397: Fix segfault from race condition in signal handling (python#102399)
  Fix style in argparse.rst (python#101733)
  Post 3.12.0a6
  fix typo in async generator code field name `ag_code` (python#102448)
  Python 3.12.0a6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.10 only security fixes 3.11 only security fixes 3.12 bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chgnrdv @kumaraditya303