gh-143650: Fix importlib race condition on import failure #143651
Merged
+117
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gpshead
requested review from
brettcannon,
ericsnowcurrently,
kumaraditya303,
ncoghlan and
warsaw
as code owners
Fix a race condition where a thread could receive a partially-initialized module when another thread's import fails. The race occurs when: 1. Thread 1 starts importing, adds module to sys.modules 2. Thread 2 sees the module in sys.modules via the fast path 3. Thread 1's import fails, removes module from sys.modules 4. Thread 2 returns a stale module reference not in sys.modules The fix adds verification after the "skip lock" optimization in both Python and C code paths to check if the module is still in sys.modules. If the module was removed (due to import failure), we retry the import so the caller receives the actual exception from the import failure rather than a stale module reference. Changes: - Lib/importlib/_bootstrap.py: Add check after fast path in _find_and_load() - Python/import.c: Add checks in PyImport_GetModule() and PyImport_ImportModuleLevelObject() - Add regression test test_import_failure_race_condition() Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
gpshead
force-pushed
the
fix-import-race-condition
branch
from
78fed07 to
6393e97
Compare
picnixz
reviewed
Jan 10, 2026
gpshead
added
needs backport to 3.13
|
🤖 New build scheduled with the buildbot fleet by @gpshead for commit 0a682cd 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F143651%2Fmerge If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again. |
bedevere-bot
removed
the
🔨 test-with-buildbots
Add error checking inside the `if (mod_check != mod)` block to properly handle the case where import_get_module itself fails with an exception. Also refactor PyImport_GetModule to use an error label for cleanup. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
gpshead
force-pushed
the
fix-import-race-condition
branch
from
45c02dc to
842c160
Compare
Member
Author
|
the few buildbot failures in the earlier round all looked like network issues. not rerunning those. |
picnixz
reviewed
Jan 11, 2026
gpshead
added
🔨 test-with-buildbots
|
🤖 New build scheduled with the buildbot fleet by @gpshead for commit 102845b 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F143651%2Fmerge If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again. |
|
🤖 New build scheduled with the buildbot fleet by @gpshead for commit 102845b 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F143651%2Fmerge If you want to schedule another build, you need to add the 🔨 test-with-refleak-buildbots label again. |
bedevere-bot
removed
🔨 test-with-buildbots
encukou
added
the
🔨 test-with-buildbots
|
🤖 New build scheduled with the buildbot fleet by @encukou for commit 179d7bf 🤖 Results will be shown at: https://buildbot.python.org/all/#/grid?branch=refs%2Fpull%2F143651%2Fmerge If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again. |
bedevere-bot
removed
the
🔨 test-with-buildbots
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Feb 10, 2026
…onGH-143651) Fix a race condition where a thread could receive a partially-initialized module when another thread's import fails. The race occurs when: 1. Thread 1 starts importing, adds module to sys.modules 2. Thread 2 sees the module in sys.modules via the fast path 3. Thread 1's import fails, removes module from sys.modules 4. Thread 2 returns a stale module reference not in sys.modules The fix adds verification after the "skip lock" optimization in both Python and C code paths to check if the module is still in sys.modules. If the module was removed (due to import failure), we retry the import so the caller receives the actual exception from the import failure rather than a stale module reference. (cherry picked from commit ac8b5b6) Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
Sorry, @gpshead and @encukou, I could not cleanly backport this to |
|
GH-144662 is a backport of this pull request to the 3.14 branch. |
gpshead
added a commit
that referenced
this pull request
Feb 11, 2026
…143651) (#144662) gh-143650: Fix importlib race condition on import failure (GH-143651) Fix a race condition where a thread could receive a partially-initialized module when another thread's import fails. The race occurs when: 1. Thread 1 starts importing, adds module to sys.modules 2. Thread 2 sees the module in sys.modules via the fast path 3. Thread 1's import fails, removes module from sys.modules 4. Thread 2 returns a stale module reference not in sys.modules The fix adds verification after the "skip lock" optimization in both Python and C code paths to check if the module is still in sys.modules. If the module was removed (due to import failure), we retry the import so the caller receives the actual exception from the import failure rather than a stale module reference. (cherry picked from commit ac8b5b6) Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
gpshead
added a commit
to gpshead/cpython
that referenced
this pull request
Feb 11, 2026
…onGH-143651) Fix a race condition where a thread could receive a partially-initialized module when another thread's import fails. The race occurs when: 1. Thread 1 starts importing, adds module to sys.modules 2. Thread 2 sees the module in sys.modules via the fast path 3. Thread 1's import fails, removes module from sys.modules 4. Thread 2 returns a stale module reference not in sys.modules The fix adds verification after the "skip lock" optimization in both Python and C code paths to check if the module is still in sys.modules. If the module was removed (due to import failure), we retry the import so the caller receives the actual exception from the import failure rather than a stale module reference. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> cherry picked from ac8b5b6
|
GH-144697 is a backport of this pull request to the 3.13 branch. |
gpshead
added a commit
that referenced
this pull request
Feb 11, 2026
…143651) (#144697) gh-143650: Fix importlib race condition on import failure (GH-143651) Fix a race condition where a thread could receive a partially-initialized module when another thread's import fails. The race occurs when: 1. Thread 1 starts importing, adds module to sys.modules 2. Thread 2 sees the module in sys.modules via the fast path 3. Thread 1's import fails, removes module from sys.modules 4. Thread 2 returns a stale module reference not in sys.modules The fix adds verification after the "skip lock" optimization in both Python and C code paths to check if the module is still in sys.modules. If the module was removed (due to import failure), we retry the import so the caller receives the actual exception from the import failure rather than a stale module reference. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> cherry picked from ac8b5b6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix race condition where a thread could receive a stale module reference when another thread's import fails. Adds verification after the "skip lock" fast path in both Python and C code paths to check if the module is still in sys.modules before returning it.