267768 – Simple OpenMP example crashes with thread sanitizer (-fsanitize=thread)

Bug 267768 - Simple OpenMP example crashes with thread sanitizer (-fsanitize=thread)

Summary: Simple OpenMP example crashes with thread sanitizer (-fsanitize=thread)

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	13.1-STABLE
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-toolchain (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-11-14 19:08 UTC by Yuri Victorovich
Modified:	2022-11-17 14:04 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
openmp.cpp (237 bytes, text/plain) 2022-11-14 19:08 UTC, Yuri Victorovich	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yuri Victorovich freebsd_committer

2022-11-14 19:08:45 UTC

Created attachment 238078 [details]
openmp.cpp

The attached code crashes when compiler like this:
> c++ openmp.cpp -fsanitize=thread -g -fopenmp

The executable SEDVs.
But in debugger it prints this:
(gdb) r
Starting program: /usr/home/yuri/Downloads/a.out 
Warning: please export TSAN_OPTIONS='ignore_noninstrumented_modules=1' to avoid false positive reports from the OpenMP runtime!
[New LWP 464093 of process 56986]
[New LWP 464094 of process 56986]
[New LWP 464095 of process 56986]
[New LWP 464096 of process 56986]
[Detaching after fork from child process 56987]
==================
WARNING: ThreadSanitizer: data race (pid=56986)
  Atomic read of size 1 at 0x7b6800001740 by main thread:
    #0 pthread_mutex_lock /disk-samsung/freebsd-src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:4324:3 (a.out+0x27a256)
    #1 __kmp_lock_suspend_mx /disk-samsung/freebsd-src/contrib/llvm-project/openmp/runtime/src/z_Linux_util.cpp:1381:16 (libomp.so+0xcd206)
    #2 void __kmp_resume_template<kmp_flag_64<false, true> >(int, kmp_flag_64<false, true>*) /disk-samsung/freebsd-src/contrib/llvm-project/openmp/runtime/src/z_Linux_util.cpp:1594:3 (libomp.so+0xcd206)

  Previous write of size 1 at 0x7b6800001740 by thread T2:
    #0 _pthread_mutex_init /disk-samsung/freebsd-src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1316:3 (a.out+0x2655eb)
    #1 __kmp_suspend_initialize_thread /disk-samsung/freebsd-src/contrib/llvm-project/openmp/runtime/src/z_Linux_util.cpp:1348:14 (libomp.so+0xcbc27)

  Location is heap block of size 1504 at 0x7b6800001200 allocated by main thread:
    #0 malloc /disk-samsung/freebsd-src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:667:5 (a.out+0x262e8e)
    #1 ___kmp_allocate_align(unsigned long, unsigned long) /disk-samsung/freebsd-src/contrib/llvm-project/openmp/runtime/src/kmp_alloc.cpp:1882:25 (libomp.so+0x54d3c)
    #2 ___kmp_allocate /disk-samsung/freebsd-src/contrib/llvm-project/openmp/runtime/src/kmp_alloc.cpp:1934:9 (libomp.so+0x54d3c)

  Thread T2 (tid=464095, running) created by main thread at:
    #0 pthread_create /disk-samsung/freebsd-src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1022:3 (a.out+0x264435)
    #1 __kmp_create_worker /disk-samsung/freebsd-src/contrib/llvm-project/openmp/runtime/src/z_Linux_util.cpp:803:7 (libomp.so+0xca8d8)

SUMMARY: ThreadSanitizer: data race /disk-samsung/freebsd-src/contrib/llvm-project/openmp/runtime/src/z_Linux_util.cpp:1381:16 in __kmp_lock_suspend_mx
==================
[LWP 464095 of process 56986 exited]
[LWP 464094 of process 56986 exited]
[LWP 464096 of process 56986 exited]
ThreadSanitizer: reported 1 warnings
[LWP 464093 of process 56986 exited]
[Inferior 1 (process 56986) exited with code 0102]

Comment 1 Dimitry Andric freebsd_committer

2022-11-17 14:04:23 UTC

Yeah, it looks like the combination of openmp and ThreadSaniziter is not well-tested or supported, even. If you do:

export TSAN_OPTIONS='ignore_noninstrumented_modules=1'

as it recommends, the debugging session seems to work with some suppressed warnings:

(gdb) r
Starting program: /home/dim/tmp/foo
warning: Could not load shared library symbols for [vdso].
Do you need "set solib-search-path" or "set sysroot"?
[New LWP 888651 of process 49234]
[New LWP 888652 of process 49234]
[New LWP 888653 of process 49234]
[New LWP 888654 of process 49234]
ThreadSanitizer: thread T2  finished with ignores enabled, created at:
ThreadSanitizer: thread T1  finished with ignores enabled, created at:
ThreadSanitizer: thread T3  finished with ignores enabled, created at:
[Detaching after fork from child process 49235]
    #0 pthread_create /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:1022:3 (foo+0x265a15)
    #1 __kmp_create_worker /usr/src/contrib/llvm-project/openmp/runtime/src/z_Linux_util.cpp:803:7 (libomp.so+0xce0c8)

  One of the following ignores was not ended (in order of probability)
[LWP 888652 of process 49234 exited]
[LWP 886429 of process 49234 exited]
[LWP 888651 of process 49234 exited]
[LWP 888654 of process 49234 exited]
[Inferior 1 (process 49234) exited with code 0102]

And if you let it core dump outside a debugger, you can see that it's becuase of ASLR:

Core was generated by `./foo'.
Program terminated with signal SIGSEGV, Segmentation fault.
Address not mapped to object.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00000000002845ad in __interceptor_strlcpy (dst=0x8206c6570 "", src=0x8206ca578 "/home/dim/tmp/foo", size=1024) at /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors.h:40
#2  0x0000000824a3eadd in _elf_aux_info (aux=<optimized out>, buf=0x8206c6570, buflen=1024) at /usr/src/lib/libc/gen/auxv.c:287
#3  0x000000000024e2a4 in __sanitizer::ReExec () at /usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux_libcdep.cpp:909
#4  0x000000000024d0e2 in __sanitizer::CheckASLR () at /usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_linux.cpp:2198
#5  0x00000000002b43df in __tsan::Initialize (thr=thr@entry=0x8267071c0) at /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.cpp:646
#6  0x0000000000262e00 in __tsan::LazyInitialize (thr=0x8267071c0) at /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_rtl.h:637
#7  __tsan::ScopedInterceptor::ScopedInterceptor (this=this@entry=0x8206c6e38, thr=thr@entry=0x8267071c0, fname=<optimized out>, pc=34975452123) at /usr/src/contrib/llvm-project/compiler-rt/lib/tsan/rtl/tsan_interceptors_posix.cpp:249
#8  0x0000000000284288 in __interceptor_readlink (path=0x8249eeaaa "/etc/malloc.conf", buf=buf@entry=0x8206c8990 "hEl!\b", bufsiz=bufsiz@entry=1024) at /usr/src/contrib/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:7353
#9  0x0000000824b30bdb in obtain_malloc_conf (which_source=2, buf=0x8206c8990 "hEl!\b") at jemalloc_jemalloc.c:984
#10 malloc_conf_init_helper (sc_data=sc_data@entry=0x0, bin_shard_sizes=bin_shard_sizes@entry=0x0, initial_call=false, opts_cache=opts_cache@entry=0x8206c8da0, buf=buf@entry=0x8206c8990 "hEl!\b") at jemalloc_jemalloc.c:1042
#11 0x0000000824b307ed in malloc_conf_init (sc_data=0x8206c6fe0, bin_shard_sizes=0x8206c6f50) at jemalloc_jemalloc.c:1449
#12 malloc_init_hard_a0_locked () at jemalloc_jemalloc.c:1509
#13 0x0000000824b32aef in malloc_init_hard () at jemalloc_jemalloc.c:1754
#14 0x000037671ef0a02d in objlist_call_init (list=list@entry=0x8206c9dc8, lockstate=lockstate@entry=0x8206c9bd8) at /usr/src/libexec/rtld-elf/rtld.c:3140
#15 0x000037671ef0862a in _rtld (sp=<optimized out>, exit_proc=0x8206c9e40, objp=0x8206c9e48) at /usr/src/libexec/rtld-elf/rtld.c:981
#16 0x000037671ef05fd9 in rtld_start () at /usr/src/libexec/rtld-elf/amd64/rtld_start.S:39
#17 0x0000000000000000 in ?? ()

E.g. what happens here is that Ed's magic code that attempts to auto-restart the process without ASLR is causing some sort of issue. It might fare better if ASLR is disabled globally, or just for the program itself.