Skip to content

SIGBUS (Invalid Write) in memory_ass_sub via multiprocessing.shared_memory during buffer assignment #144281

New issue
New issue
Open
Open
SIGBUS (Invalid Write) in memory_ass_sub via multiprocessing.shared_memory during buffer assignment#144281
Labels
extension-modulesC modules in the Modules dirpendingThe issue will be closed if no feedback is providedtopic-multiprocessingtype-crashA hard crash of the interpreter, possibly with a core dump
@YuanchengJiang

Description

@YuanchengJiang
YuanchengJiang
opened on Jan 27, 2026

Crash report

What happened?

from multiprocessing import shared_memory

# Create shared memory
shm = shared_memory.SharedMemory(create=True, size=10)

# Potential trigger: Accessing the buffer while the underlying 
# resource is being manipulated or in a specific state.
try:
    shm.buf[:5] = b'hello'
finally:
    shm.close()
    shm.unlink()
=================================================================
==3246293==ERROR: AddressSanitizer: BUS on unknown address (pc 0x7aa47a30b9d6 bp 0x7ffcc9209510 sp 0x7ffcc9208cc8 T0)
==3246293==The signal is caused by a WRITE memory access.
==3246293==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 0x7aa47a30b9d6  string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:385
    #1 0x620f374b53ab in __asan_memcpy (/home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/python+0x29f3ab) (BuildId: f791960dfefd969819f59576836bc8a336f89709)
    #2 0x620f376e8215 in copy_base /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Objects/memoryobject.c:353:13
    #3 0x620f376e8215 in copy_single /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Objects/memoryobject.c:423:5
    #4 0x620f376e5843 in memory_ass_sub /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Objects/memoryobject.c:2720:15
    #5 0x620f3797a3ac in _PyEval_EvalFrameDefault /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/generated_cases.c.h:11363:27
    #6 0x620f37962afd in _PyEval_EvalFrame /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Include/internal/pycore_ceval.h:118:16
    #7 0x620f37962afd in _PyEval_Vector /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/ceval.c:2094:12
    #8 0x620f37962afd in PyEval_EvalCode /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/ceval.c:673:21
    #9 0x620f37b94efc in run_eval_code_obj /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/pythonrun.c:1366:12
    #10 0x620f37b94efc in run_mod /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/pythonrun.c:1469:19
    #11 0x620f37b8ec17 in pyrun_file /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/pythonrun.c:1294:15
    #12 0x620f37b8ec17 in _PyRun_SimpleFileObject /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/pythonrun.c:518:13
    #13 0x620f37b8e035 in _PyRun_AnyFileObject /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Python/pythonrun.c:81:15
    #14 0x620f37bfc18d in pymain_run_file_obj /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Modules/main.c:410:15
    #15 0x620f37bfc18d in pymain_run_file /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Modules/main.c:429:15
    #16 0x620f37bfaa71 in pymain_run_python /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Modules/main.c:691:21
    #17 0x620f37bfaa71 in Py_RunMain /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Modules/main.c:772:5
    #18 0x620f37bfb583 in pymain_main /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Modules/main.c:802:12
    #19 0x620f37bfb6e2 in Py_BytesMain /home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/../Modules/main.c:826:12
    #20 0x7aa47a270d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #21 0x7aa47a270e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #22 0x620f37412e94 in _start (/home/fuzz/WorkSpace/FusionFuzzLoop/projects/cpython/cpython/build/python+0x1fce94) (BuildId: f791960dfefd969819f59576836bc8a336f89709)

==3246293==Register values:
rax = 0x00007aa47a58b000  rbx = 0x0000000000000000  rcx = 0x000000006f6c6c65  rdx = 0x0000000000000005  
rdi = 0x00007aa47a58b000  rsi = 0x000000006c6c6568  rbp = 0x00007ffcc9209510  rsp = 0x00007ffcc9208cc8  
 r8 = 0x00000f548f4b1600   r9 = 0x00007aa47a58b004  r10 = 0x00000f548f4b1600  r11 = 0x00000f550f4a9600  
r12 = 0x00000f550f4a9600  r13 = 0xffffffffffffffc4  r14 = 0x000076a4780a5220  r15 = 0x000076e479270db0  
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: BUS string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:385 
==3246293==ABORTING

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Output from running 'python -VV' on the command line:

No response

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    extension-modulesC modules in the Modules dirpendingThe issue will be closed if no feedback is providedtopic-multiprocessingtype-crashA hard crash of the interpreter, possibly with a core dump

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions