[issue40294] Use-after-free crash if multiple interpreters import asyncio module

[Jeffrey Quesnelle]

New submission from Jeffrey Quesnelle <jquesnelle at gmail.com>:

Starting with Python 3.8 (GH-16598), the `_asyncio` module's C initialization is guarded behind a static variable. If the module is initialized a second time and this variable is set, the resources from the first initialization are used. However, when the module is freed and the corresponding resources released, the static variable is not cleared. If the module is subsequently initialized again, it will incorrectly believe it has already been initialized and use the previously freed resources, resulting in a crash.

This scenario is actually fairly easy to encounter in the presence of multiple interpreters whose lifetime is shorter than that of the whole program. Essentially, if any interpreter loads `asyncio` and then is freed with `Py_EndInterpreter`, any new interpreter that loads `asyncio` will crash. Since `asyncio` is a built-in module, it is loaded as a consequence of a wide variety of libraries.

I ran into this in my project because I use multiple interpreters to isolate user scripts, and I started to encounter crashes when switching to Python 3.8.

I've attached a simple reproduction program. I've personally tested that this runs without crashing in 3.6 and 3.7 (but I suspect it works down to 3.4 when `asyncio` was introduced).

----------
components: C API
files: main.c
messages: 366531
nosy: jquesnelle
priority: normal
severity: normal
status: open
title: Use-after-free crash if multiple interpreters import asyncio module
type: crash
versions: Python 3.8, Python 3.9
Added file: https://bugs.python.org/file49064/main.c

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40294>
_______________________________________