Segfault using domains and effects together

[talex5]

Describe the issue

Sometimes when I run code in a domain, the GC segfaults. I saw this in Eio, but I now have a test-case that doesn't use it. It only happens if I also link with the threads library.

To reproduce

There is a gist with the code here:

https://gist.github.com/talex5/3852aeebd437436fc516e4ddc77a7e03

Building this Dockerfile produces the problem for me:

FROM ocaml/opam:debian-11-ocaml-4.12-domains
RUN sudo apt-get install wget
RUN wget https://gist.github.com/talex5/3852aeebd437436fc516e4ddc77a7e03/archive/70dca297f7ffce0498c07363be2569d79d971f9b.zip -O demo.zip
RUN unzip -j demo.zip
RUN opam install dune
RUN strings /home/opam/.opam/4.12/bin/ocamlc | grep OCAML_RUNTIME_BUILD_GIT_HASH_IS
RUN opam exec -- dune exec -- ./test.exe

I get this output:

Sending build context to Docker daemon  2.048kB
Step 1/7 : FROM ocaml/opam:debian-11-ocaml-4.12-domains
 ---> dfeb77d7ef7f
Step 2/7 : RUN sudo apt-get install wget
 ---> Using cache
 ---> f3f22235d2c2
Step 3/7 : RUN wget https://gist.github.com/talex5/3852aeebd437436fc516e4ddc77a7e03/archive/70dca297f7ffce0498c07363be2569d79d971f9b.zip -O demo.zip
 ---> Using cache
 ---> 15e20474ce4f
Step 4/7 : RUN unzip -j demo.zip
 ---> Using cache
 ---> 2d90c4738763
Step 5/7 : RUN opam install dune
 ---> Using cache
 ---> 323d01a88f43
Step 6/7 : RUN strings /home/opam/.opam/4.12/bin/ocamlc | grep OCAML_RUNTIME_BUILD_GIT_HASH_IS
 ---> Running in aa80cc86a82a
OCAML_RUNTIME_BUILD_GIT_HASH_IS_6be47af176
Removing intermediate container aa80cc86a82a
 ---> 28d9e3eb3f3e
Step 7/7 : RUN opam exec -- dune exec -- ./test.exe
 ---> Running in eaffd42e4615
Info: Creating file dune-project with this contents:
| (lang dune 2.9)
OK
OK
OK
Segmentation fault (core dumped)
The command '/bin/sh -c opam exec -- dune exec -- ./test.exe' returned a non-zero code: 139

Multicore OCaml build version

OCAML_RUNTIME_BUILD_GIT_HASH_IS_6be47af176

Did you try running it with the debug runtime and heap verification ON?

Yes. It makes it less likely to crash but it still happens sometimes.

Backtrace

Thread 1 received signal SIGSEGV, Segmentation fault.
caml_darken (v=0, ignored=<optimized out>, state=<optimized out>) at major_gc.c:761
761	major_gc.c: No such file or directory.
(rr) t a a bt

Thread 3 (Thread 207106.207127 (mmap_hardlink_3_test.exe)):
#0  __lll_lock_wait (futex=futex@entry=0x55b832e56090 <all_domains+464>, private=0) at lowlevellock.c:52
#1  0x00007fb03ec89843 in __GI___pthread_mutex_lock (mutex=0x55b832e56090 <all_domains+464>) at ../nptl/pthread_mutex_lock.c:80
#2  0x000055b832dee151 in caml_plat_lock (m=0x55b832e56090 <all_domains+464>) at caml/platform.h:125
#3  backup_thread_func (v=0x55b832e55fe8 <all_domains+296>) at domain.c:623
#4  0x00007fb03ec86ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#5  0x00007fb03ea6cdef in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 2 (Thread 207106.207109 (mmap_hardlink_3_test.exe)):
#0  __lll_lock_wait (futex=futex@entry=0x55b832e55f68 <all_domains+168>, private=0) at lowlevellock.c:52
#1  0x00007fb03ec89843 in __GI___pthread_mutex_lock (mutex=0x55b832e55f68 <all_domains+168>) at ../nptl/pthread_mutex_lock.c:80
#2  0x000055b832dee151 in caml_plat_lock (m=0x55b832e55f68 <all_domains+168>) at caml/platform.h:125
#3  backup_thread_func (v=0x55b832e55ec0 <all_domains>) at domain.c:623
#4  0x00007fb03ec86ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#5  0x00007fb03ea6cdef in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 207106.207106 (mmap_hardlink_3_test.exe)):
#0  caml_darken (v=0, ignored=<optimized out>, state=<optimized out>) at major_gc.c:761
#1  0x000055b832de7676 in caml_iterate_global_roots (rootlist=0x55b832e55580 <caml_global_roots_old>, rootlist=0x55b832e55580 <caml_global_roots_old>, fdata=0x0, f=0x55b832dcf570 <caml_darken>) at globroots.c:222
#2  caml_scan_global_roots (f=f@entry=0x55b832dcf570 <caml_darken>, fdata=fdata@entry=0x0) at globroots.c:233
#3  0x000055b832dd0008 in cycle_all_domains_callback (domain=domain@entry=0x7fb03e780000, unused=unused@entry=0x0, participating_count=<optimized out>, participating=participating@entry=0x55b832e5f360 <stw_request+64>) at major_gc.c:1093
#4  0x000055b832def4ee in caml_try_run_on_all_domains_with_spin_work (handler=handler@entry=0x55b832dcff40 <cycle_all_domains_callback>, data=data@entry=0x0, leader_setup=leader_setup@entry=0x0, enter_spin_callback=enter_spin_callback@entry=0x0, enter_spin_data=enter_spin_data@entry=0x0) at domain.c:985
#5  0x000055b832def60a in caml_try_run_on_all_domains (handler=handler@entry=0x55b832dcff40 <cycle_all_domains_callback>, data=data@entry=0x0, leader_setup=leader_setup@entry=0x0) at domain.c:999
#6  0x000055b832dd0d4f in major_collection_slice (howmuch=<optimized out>, participant_count=participant_count@entry=0, barrier_participants=barrier_participants@entry=0x0, mode=mode@entry=Slice_interruptible) at major_gc.c:1377
#7  0x000055b832dd0ec8 in caml_major_collection_slice (howmuch=howmuch@entry=-1) at major_gc.c:1396
#8  0x000055b832dedd91 in caml_poll_gc_work () at domain.c:1038
--Type <RET> for more, q to quit, c to continue without paging--
#9  0x000055b832dee038 in stw_handler (domain=<optimized out>) at domain.c:891
#10 0x000055b832dee0d1 in handle_incoming (s=<optimized out>) at domain.c:219
#11 caml_handle_incoming_interrupts () at domain.c:232
#12 handle_gc_interrupt () at domain.c:1060
#13 0x000055b832def667 in caml_handle_gc_interrupt () at domain.c:1077
#14 0x000055b832dce565 in caml_garbage_collection () at signals_nat.c:92
#15 0x000055b832df0a33 in caml_call_gc ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

[talex5]

Here's a slightly shorter test-case that also segfaults for me:

open EffectHandlers
open EffectHandlers.Deep

type _ eff += Suspend : ((unit, unit) continuation -> unit) -> unit eff

let run_q  = Atomic.make None
let mutex = Mutex.create ()

let rec schedule () =
  Mutex.lock mutex;
  Mutex.unlock mutex;
  match Atomic.exchange run_q None with
  | Some k -> continue k ()
  | None -> schedule ()

let test () =
  let domain = ref None in
  perform (Suspend (fun k ->
      domain := Some (Domain.spawn (fun () ->
          try
            try failwith ""
            with ex ->
              let work_bt = Printexc.get_raw_backtrace () in
              Printexc.raise_with_backtrace ex work_bt
          with _ ->
            Mutex.lock mutex;
            Mutex.unlock mutex;
            Atomic.set run_q (Some k)
        ));
    ));
  Domain.join (Option.get !domain)

let main () =
  for _ = 1 to 100 do
    test ();
    print_endline "OK"
  done

let () =
  match_with main ()
    { retc = schedule;
      exnc = raise;
      effc = fun (type a) (e : a eff) : ((a, _) continuation -> _) option ->  
        match e with 
        | Suspend f -> Some (fun k -> f k; schedule ())
        | _ -> None
    }

[kayceesrk]

@talex5 Is it expected that this program does not terminate? It prints 100 OKs and then blocks forever.

If you have a failing run captured in rr for the shorter test case, can you share it? You can use rr pack to package up the trace.

[talex5]

Oh, yeah - if it doesn't segfault then it just spins! I should probably make it exit instead. Does it not segfault for you when linked with threads?

Here's the rr pack: test.zip

[kayceesrk]

Thanks, I'd missed the fact that this has to be linked with threads.

With #771, the reduced test case no longer segfaults. @talex5 can you confirm that this fixes the bug? I compiled the test case as:

ocamlopt -I +threads -g unix.cmxa threads.cmxa test.ml

[talex5]

Great! I can't get the compiler to install, though. Following the instructions in https://github.com/ocaml-multicore/ocaml-multicore/blob/bt_last_exn_systhreads/ocaml-variants.opam I'm using this Dockerfile:

FROM ocaml/opam:debian-11-ocaml-4.12-domains
RUN git clone https://github.com/ocaml-multicore/ocaml-multicore.git -b bt_last_exn_systhreads
WORKDIR ocaml-multicore
RUN opam switch create . --empty
RUN opam pin add -k path --inplace-build ocaml-variants.4.14.0+domains .
RUN sudo apt-get install wget
RUN wget https://gist.github.com/talex5/3852aeebd437436fc516e4ddc77a7e03/archive/70dca297f7ffce0498c07363be2569d79d971f9b.zip -O demo.zip
RUN unzip -j demo.zip
RUN opam install dune
RUN strings /home/opam/.opam/4.12/bin/ocamlc | grep OCAML_RUNTIME_BUILD_GIT_HASH_IS
RUN opam exec -- dune exec -- ./test.exe

I get:

$ docker build .
Step 1/11 : FROM ocaml/opam:debian-11-ocaml-4.12-domains
 ---> dfeb77d7ef7f
Step 2/11 : RUN git clone https://github.com/ocaml-multicore/ocaml-multicore.git -b bt_last_exn_systhreads
 ---> Running in f452ec5bfc21
Cloning into 'ocaml-multicore'...
Removing intermediate container f452ec5bfc21
 ---> 0f90cff20bda
Step 3/11 : WORKDIR ocaml-multicore
 ---> Running in a0981c99ad32
Removing intermediate container a0981c99ad32
 ---> 894a20a706e3
Step 4/11 : RUN opam switch create . --empty
 ---> Running in c7131a6de39f
Removing intermediate container c7131a6de39f
 ---> 0e3b66c54627
Step 5/11 : RUN opam pin add -k path --inplace-build ocaml-variants.4.14.0+domains .
 ---> Running in 6fa22e26b05c
[ocaml-variants.4.14.0+domains: rsync]
[ocaml-variants.4.14.0+domains] synchronised from file:///home/opam/ocaml-multicore
ocaml-variants is now pinned to file:///home/opam/ocaml-multicore (version 4.14.0+domains)

The following dependencies couldn't be met:
  - ocaml-variants -> base-domains -> ocaml-variants (= 4.12.0+domains+effects & = 4.12.0+domains & = 4.10.0+multicore & = 4.10.0+multicore+no-effect-syntax & = 4.06.1+multicore & = 4.04.2+multicore & = 4.02.2+multicore)
      no matching version

[NOTE] Pinning command successful, but your installed packages may be out of sync.
The command '/bin/sh -c opam pin add -k path --inplace-build ocaml-variants.4.14.0+domains .' returned a non-zero code: 20

[kayceesrk]

@talex5 reg compiler installation failure, can you try opam update first? The base-domains package has been updated to include 4.14.0+domains: https://opam.ocaml.org/packages/base-domains/.

[talex5]

Ah: opam remote remove --all multicore fixed it! https://github.com/ocaml-multicore/multicore-opam/blob/master/packages/base-domains/base-domains.base/opam overrides it with an older version.

This worked for me:

FROM ocaml/opam:debian-11-ocaml-4.12-domains
RUN git clone https://github.com/ocaml-multicore/ocaml-multicore.git -b bt_last_exn_systhreads
WORKDIR ocaml-multicore
RUN cd /home/opam/opam-repository && git pull origin master && opam update
RUN opam remote remove --all multicore
RUN opam switch create . --empty
RUN opam pin add -k path --inplace-build ocaml-variants.4.14.0+domains .
RUN sudo apt-get install wget
RUN wget https://gist.github.com/talex5/3852aeebd437436fc516e4ddc77a7e03/archive/70dca297f7ffce0498c07363be2569d79d971f9b.zip -O demo.zip
RUN mkdir segfault
WORKDIR segfault
RUN unzip -j ../demo.zip
RUN opam install dune
RUN touch dune-workspace
RUN strings /home/opam/ocaml-multicore/_opam/bin/ocamlc | grep OCAML_RUNTIME_BUILD_GIT_HASH_IS
RUN opam exec -- dune exec -- ./test.exe

Step 15/16 : RUN strings /home/opam/ocaml-multicore/_opam/bin/ocamlc | grep OCAML_RUNTIME_BUILD_GIT_HASH_IS
 ---> Running in cb3aba987a35
OCAML_RUNTIME_BUILD_GIT_HASH_IS_a72618cfe
Removing intermediate container cb3aba987a35
 ---> b927d4b40692
Step 16/16 : RUN opam exec -- dune exec -- ./test.exe
 ---> Running in 00b30f402977
Info: Creating file dune-project with this contents:
| (lang dune 2.9)
OK
OK
OK
OK
OK
...
[hangs, as expected]