Dialog about overrun of a stack-based buffer on Windows Server 2022 (caused by `asyncio` / `socket`)

[radoering]

Crash report

What happened?

On Windows Server 2022, when exiting a Python process, we sporadically get a dialog with the title "python.exe - System Error", which reads "The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application."

We do not get this error with Windows Server 2019.

The issue is very sporadically. Even with the following reproducers, we only experience the issue every 1,000 to 100,000 runs on our systems.

Our initial reproducer was:

import asyncio  
async def f():  
    pass
asyncio.run(f())

We could narrow it down further to:

import socket
socket.socketpair()

(The issue does also occur if I close the sockets returned from socketpair.)

The issue can also be reproduced with the following snippet extracted from socket.socketpair():

import socket

l = socket.socket()
l.bind(("127.0.0.1",0))
l.listen()

c = socket.socket()
c.setblocking(False)
try:
    c.connect(l.getsockname())
except BlockingIOError:
    pass

Setting the socket to unblocking seems to be essential. I could not reproduce the issue without setting it to unblocking.

Further, calling os._exit() prevents the issue. I digged a little further and found that not calling WSACleanup() in os_cleanup() in socketmodule.c prevents the issue.

CPython versions tested on:

3.11, 3.12, 3.13, 3.14

Operating systems tested on:

Windows

Output from running 'python -VV' on the command line:

No response