crashes: Avoid crash handler on detached threads#40883
Merged
Conversation
ddc89d0 to
ba3b675
Compare
Contributor
|
I think this ignores too many panics. Generally we still want panics in detached threads to crash the application, a quick "goto refs" indicates that there are around 450 thread detaches in our codebase, and they're used for all sorts of things. If we think the background thread running extensions specifically should be allowed to panic, I'd recommend to special case it with the thread local (or even use catch_panic for it tbh, given that we compile with unwinding support). |
ba3b675 to
8327345
Compare
Contributor
Author
|
I'll leave the formatting nits in |
Co-authored-by: Nia <nia@zed.dev>
8327345 to
0074194
Compare
Veykril
added a commit
that referenced
this pull request
Nov 18, 2025
) #40883 implemented this incorrectly. It was marking a random background thread as a wasm thread (whatever thread picked up the wasm epoch timer background task), instead of marking the threads that actually run the wasm extension. This has two implications: 1. it didn't prevent extension panics from tearing down as planned 2. Worse, it actually made us hide legit panics in sentry for one of our background workers. Now 2 still technically applies for all tokio threads after this, but we basically only use these for wasm extensions in the main zed binary. Release Notes: - Fixed extension panics crashing Zed on Linux
github-actions bot
pushed a commit
that referenced
this pull request
Nov 18, 2025
) #40883 implemented this incorrectly. It was marking a random background thread as a wasm thread (whatever thread picked up the wasm epoch timer background task), instead of marking the threads that actually run the wasm extension. This has two implications: 1. it didn't prevent extension panics from tearing down as planned 2. Worse, it actually made us hide legit panics in sentry for one of our background workers. Now 2 still technically applies for all tokio threads after this, but we basically only use these for wasm extensions in the main zed binary. Release Notes: - Fixed extension panics crashing Zed on Linux
github-actions bot
pushed a commit
that referenced
this pull request
Nov 18, 2025
) #40883 implemented this incorrectly. It was marking a random background thread as a wasm thread (whatever thread picked up the wasm epoch timer background task), instead of marking the threads that actually run the wasm extension. This has two implications: 1. it didn't prevent extension panics from tearing down as planned 2. Worse, it actually made us hide legit panics in sentry for one of our background workers. Now 2 still technically applies for all tokio threads after this, but we basically only use these for wasm extensions in the main zed binary. Release Notes: - Fixed extension panics crashing Zed on Linux
Veykril
added a commit
that referenced
this pull request
Nov 19, 2025
) (cherry-pick to stable) (#43017) Cherry-pick of #43005 to stable ---- #40883 implemented this incorrectly. It was marking a random background thread as a wasm thread (whatever thread picked up the wasm epoch timer background task), instead of marking the threads that actually run the wasm extension. This has two implications: 1. it didn't prevent extension panics from tearing down as planned 2. Worse, it actually made us hide legit panics in sentry for one of our background workers. Now 2 still technically applies for all tokio threads after this, but we basically only use these for wasm extensions in the main zed binary. Release Notes: - Fixed extension panics crashing Zed on Linux --------- Co-authored-by: Lukas Wirth <lukas@zed.dev>
Veykril
added a commit
that referenced
this pull request
Nov 19, 2025
) (cherry-pick to stable) (#43016) Cherry-pick of #43005 to stable ---- #40883 implemented this incorrectly. It was marking a random background thread as a wasm thread (whatever thread picked up the wasm epoch timer background task), instead of marking the threads that actually run the wasm extension. This has two implications: 1. it didn't prevent extension panics from tearing down as planned 2. Worse, it actually made us hide legit panics in sentry for one of our background workers. Now 2 still technically applies for all tokio threads after this, but we basically only use these for wasm extensions in the main zed binary. Release Notes: - Fixed extension panics crashing Zed on Linux --------- Co-authored-by: Lukas Wirth <lukas@zed.dev>
11happy
pushed a commit
to 11happy/zed
that referenced
this pull request
Dec 1, 2025
…-industries#43005) zed-industries#40883 implemented this incorrectly. It was marking a random background thread as a wasm thread (whatever thread picked up the wasm epoch timer background task), instead of marking the threads that actually run the wasm extension. This has two implications: 1. it didn't prevent extension panics from tearing down as planned 2. Worse, it actually made us hide legit panics in sentry for one of our background workers. Now 2 still technically applies for all tokio threads after this, but we basically only use these for wasm extensions in the main zed binary. Release Notes: - Fixed extension panics crashing Zed on Linux
3 tasks
ConradIrwin
added a commit
that referenced
this pull request
Feb 24, 2026
We see a number of crashes in Sentry that appear to be crashes in wasmtime. This shouldn't happen, as wasmtime is designed to run untrusted code "safely". Looking into this, it seems likely that the problem is that we race with wasmtime when installing signal handlers. If wasmtime's handlers are installed before ours, then any signals that it intends to handle (like out of bounds memory access) will reach our handlers before its; which causes us to assume the app has crashed. This changes fixes our crash handler initialization to ensure we always create our signal handler first, and reverts a previous attempt to fix this from #40883 Closes #ISSUE Before you mark this PR as ready for review, make sure that you have: - [ ] Added a solid test coverage and/or screenshots from doing manual testing - [ ] Done a self-review taking into account security and performance aspects - [ ] Aligned any UI changes with the [UI checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist) Release Notes: - Linux: Fixed crashes that could happen due to our crash handler erroneously catching signals intended for wasmtime.
Anthony-Eid
pushed a commit
to bobbymannino/zed
that referenced
this pull request
Feb 25, 2026
We see a number of crashes in Sentry that appear to be crashes in wasmtime. This shouldn't happen, as wasmtime is designed to run untrusted code "safely". Looking into this, it seems likely that the problem is that we race with wasmtime when installing signal handlers. If wasmtime's handlers are installed before ours, then any signals that it intends to handle (like out of bounds memory access) will reach our handlers before its; which causes us to assume the app has crashed. This changes fixes our crash handler initialization to ensure we always create our signal handler first, and reverts a previous attempt to fix this from zed-industries#40883 Closes #ISSUE Before you mark this PR as ready for review, make sure that you have: - [ ] Added a solid test coverage and/or screenshots from doing manual testing - [ ] Done a self-review taking into account security and performance aspects - [ ] Aligned any UI changes with the [UI checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist) Release Notes: - Linux: Fixed crashes that could happen due to our crash handler erroneously catching signals intended for wasmtime.
tahayvr
pushed a commit
to tahayvr/zed
that referenced
this pull request
Mar 4, 2026
We see a number of crashes in Sentry that appear to be crashes in wasmtime. This shouldn't happen, as wasmtime is designed to run untrusted code "safely". Looking into this, it seems likely that the problem is that we race with wasmtime when installing signal handlers. If wasmtime's handlers are installed before ours, then any signals that it intends to handle (like out of bounds memory access) will reach our handlers before its; which causes us to assume the app has crashed. This changes fixes our crash handler initialization to ensure we always create our signal handler first, and reverts a previous attempt to fix this from zed-industries#40883 Closes #ISSUE Before you mark this PR as ready for review, make sure that you have: - [ ] Added a solid test coverage and/or screenshots from doing manual testing - [ ] Done a self-review taking into account security and performance aspects - [ ] Aligned any UI changes with the [UI checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist) Release Notes: - Linux: Fixed crashes that could happen due to our crash handler erroneously catching signals intended for wasmtime.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Set a TLS bit to skip invoking the crash handler when a detached thread panics.
cc @P1n3appl3 - is this at odds with what we need the crash handler to do?
May close(?) #39289, cannot repro without a nightly build
Release Notes: