Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ASAN] HLTriggerOffline/Muon/src/HLTMuonPlotter.cc:247 #12056

Closed
davidlt opened this issue Oct 22, 2015 · 3 comments
Closed

[ASAN] HLTriggerOffline/Muon/src/HLTMuonPlotter.cc:247 #12056

davidlt opened this issue Oct 22, 2015 · 3 comments
Labels
pending-assignment

Comments

@davidlt
Copy link
Contributor

davidlt commented Oct 22, 2015

Tested on slc6_amd64_gcc493 and CMSSW_7_6_X_2015-10-22-1100. Noticed while running 25408.0, step1, 1st event.

Assert

...
j = 1; hltStep = 0; candHlt.size() = 5
j = 0; hltStep = 1; candHlt.size() = 5
j = 1; hltStep = 1; candHlt.size() = 5
j = 0; hltStep = 18446744073709551615; candHlt.size() = 4
cmsRun: /mnt/build/davidlt/CMSSW_7_6_X_2015-10-22-1100/src/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc:248: void HLTMuonPlotter::analyze(const edm::Event&, const edm::EventSetup&): Assertion `hltStep < matches[j].candHlt.size()' failed.

Assert patch

diff --git a/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc b/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc
index 4f0d380..d3989bd 100644
--- a/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc
+++ b/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc
@@ -244,6 +244,8 @@ HLTMuonPlotter::analyze(const Event & iEvent, const EventSetup & iSetup)
             hasMatch[j] = false;
         }
         else if (level >= 2) {
+          std::cout << "j = " << j << "; hltStep = " << hltStep << "; candHlt.size() = " << matches[j].candHlt.size() << std::endl;
+          assert(hltStep < matches[j].candHlt.size());
           if (matches[j].candHlt[hltStep] == 0)
             hasMatch[j] = false;
           else if (!hasMatch[j]) {

ASan report

=================================================================
==19291==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603002109428 at pc 0x7f6b1f0a86ca bp 0x7fffcbbfa500 sp 0x7fffcbbfa4e0
READ of size 8 at 0x603002109428 thread T0
   #0 0x7f6b1f0a86c9 in HLTMuonPlotter::analyze(edm::Event const&, edm::EventSetup const&) /mnt/build/davidlt/asan2/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc:247
   #1 0x7f6b1f0b8ced in HLTMuonValidator::analyze(edm::Event const&, edm::EventSetup const&) /mnt/build/davidlt/asan2/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/HLTriggerOffline/Muon/src/HLTMuonValidator.cc:232
   #2 0x7f6b77e45780 in edm::stream::EDAnalyzerAdaptorBase::doEvent(edm::EventPrincipal&, edm::EventSetup const&, edm::ActivityRegistry*, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x3a9780)
   #3 0x7f6b77e266fd in edm::WorkerT<edm::stream::EDAnalyzerAdaptorBase>::implDo(edm::EventPrincipal&, edm::EventSetup const&, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x38a6fd)
   #4 0x7f6b77c23d2b in decltype ({parm#1}()) edm::convertException::wrap<bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x187d2b)
   #5 0x7f6b77c2449b in bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x18849b)
   #6 0x7f6b77c33067 in decltype ({parm#1}()) edm::convertException::wrap<void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x197067)
   #7 0x7f6b77c336d0 in void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1976d0)
   #8 0x7f6b77c3425e in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}::operator()() const (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x19825e)
   #9 0x7f6b77c346f1 in decltype ({parm#1}()) edm::convertException::wrap<void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}>(void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1986f1)
   #10 0x7f6b77c34d34 in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x198d34)
   #11 0x7f6b77c183f7 in edm::EventProcessor::processEvent(unsigned int) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17c3f7)
   #12 0x7f6b77c19970 in edm::EventProcessor::processEventsForStreamAsync(unsigned int, std::atomic<bool>*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17d970)
   #13 0x7f6b77c3f0c6 in edm::StreamProcessingTask::execute() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1a30c6)
   #14 0x7f6b75a83beb in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) ../../src/tbb/custom_scheduler.h:474
   #15 0x7f6b77c19236 in edm::EventProcessor::readAndProcessEvent() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17d236)
   #16 0x7f6b77bb858d in statemachine::HandleEvent::readAndProcessEvent() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x11c58d)
   #17 0x7f6b77bbe71f in statemachine::HandleEvent::HandleEvent(boost::statechart::state<statemachine::HandleEvent, statemachine::HandleLumis, boost::mpl::list<mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, (boost::statechart::history_mode)0>::my_context) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x12271f)
   #18 0x7f6b77bd9c9d in boost::statechart::state<statemachine::HandleEvent, statemachine::HandleLumis, boost::mpl::list<mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, (boost::statechart::history_mode)0>::deep_construct(boost::intrusive_ptr<statemachine::HandleLumis> const&, boost::statechart::state_machine<statemachine::Machine, statemachine::Starting, std::allocator<void>, boost::statechart::null_exception_translator>&) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x13dc9d)
   #19 0x7f6b77bda330 in boost::statechart::simple_state<statemachine::FirstLumi, statemachine::HandleLumis, boost::mpl::list<mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na, mpl_::na>, (boost::statechart::history_mode)0>::react_impl(boost::statechart::event_base const&, void const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x13e330)
   #20 0x7f6b77c039a0 in edm::EventProcessor::runToCompletion() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1679a0)
   #21 0x4a97c7 in main::{lambda()#1}::operator()() const (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x4a97c7)
   #22 0x41f2ca in main (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x41f2ca)
   #23 0x7f6b74876d5c in __libc_start_main (/lib64/libc.so.6+0x1ed5c)
   #24 0x41f7f4 (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x41f7f4)

0x603002109428 is located 8 bytes to the left of 32-byte region [0x603002109430,0x603002109450)
allocated by thread T0 here:
   #0 0x474635 in operator new(unsigned long) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/bin/slc6_amd64_gcc493/cmsRun+0x474635)
   #1 0x7f6b1f0a290d in __gnu_cxx::new_allocator<reco::RecoChargedCandidate const*>::allocate(unsigned long, void const*) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/ext/new_allocator.h:104
   #2 0x7f6b1f0a290d in std::allocator_traits<std::allocator<reco::RecoChargedCandidate const*> >::allocate(std::allocator<reco::RecoChargedCandidate const*>&, unsigned long) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/bits/alloc_traits.h:357
   #3 0x7f6b1f0a290d in std::_Vector_base<reco::RecoChargedCandidate const*, std::allocator<reco::RecoChargedCandidate const*> >::_M_allocate(unsigned long) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/bits/stl_vector.h:170
   #4 0x7f6b1f0a290d in std::_Vector_base<reco::RecoChargedCandidate const*, std::allocator<reco::RecoChargedCandidate const*> >::_M_create_storage(unsigned long) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/bits/stl_vector.h:185
   #5 0x7f6b1f0a290d in _Vector_base /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/bits/stl_vector.h:136
   #6 0x7f6b1f0a290d in vector /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/bits/stl_vector.h:291
   #7 0x7f6b1f0a290d in std::vector<reco::RecoChargedCandidate const*, std::allocator<reco::RecoChargedCandidate const*> >::_M_fill_assign(unsigned long, reco::RecoChargedCandidate const* const&) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/bits/vector.tcc:230
   #8 0x7f6b1f0a290d in std::vector<reco::RecoChargedCandidate const*, std::allocator<reco::RecoChargedCandidate const*> >::assign(unsigned long, reco::RecoChargedCandidate const* const&) /mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/external/gcc/4.9.3/include/c++/4.9.3/bits/stl_vector.h:489
   #9 0x7f6b1f0a290d in HLTMuonPlotter::findMatches(std::vector<HLTMuonPlotter::MatchStruct, std::allocator<HLTMuonPlotter::MatchStruct> >&, std::vector<edm::Ref<std::vector<l1extra::L1MuonParticle, std::allocator<l1extra::L1MuonParticle> >, l1extra::L1MuonParticle, edm::refhelper::FindUsingAdvance<std::vector<l1extra::L1MuonParticle, std::allocator<l1extra::L1MuonParticle> >, l1extra::L1MuonParticle> >, std::allocator<edm::Ref<std::vector<l1extra::L1MuonParticle, std::allocator<l1extra::L1MuonParticle> >, l1extra::L1MuonParticle, edm::refhelper::FindUsingAdvance<std::vector<l1extra::L1MuonParticle, std::allocator<l1extra::L1MuonParticle> >, l1extra::L1MuonParticle> > > > const&, std::vector<std::vector<reco::RecoChargedCandidate const*, std::allocator<reco::RecoChargedCandidate const*> >, std::allocator<std::vector<reco::RecoChargedCandidate const*, std::allocator<reco::RecoChargedCandidate const*> > > > const&) /mnt/build/davidlt/asan2/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc:362
   #10 0x7f6b1f0a5198 in HLTMuonPlotter::analyze(edm::Event const&, edm::EventSetup const&) /mnt/build/davidlt/asan2/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc:220
   #11 0x7f6b1f0b8ced in HLTMuonValidator::analyze(edm::Event const&, edm::EventSetup const&) /mnt/build/davidlt/asan2/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/HLTriggerOffline/Muon/src/HLTMuonValidator.cc:232
   #12 0x7f6b77e45780 in edm::stream::EDAnalyzerAdaptorBase::doEvent(edm::EventPrincipal&, edm::EventSetup const&, edm::ActivityRegistry*, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x3a9780)
   #13 0x7f6b77e266fd in edm::WorkerT<edm::stream::EDAnalyzerAdaptorBase>::implDo(edm::EventPrincipal&, edm::EventSetup const&, edm::ModuleCallingContext const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x38a6fd)
   #14 0x7f6b77c23d2b in decltype ({parm#1}()) edm::convertException::wrap<bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x187d2b)
   #15 0x7f6b77c2449b in bool edm::Worker::doWork<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x18849b)
   #16 0x7f6b77c33067 in decltype ({parm#1}()) edm::convertException::wrap<void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x197067)
   #17 0x7f6b77c336d0 in void edm::Path::processOneOccurrence<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, edm::StreamID const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1976d0)
   #18 0x7f6b77c3425e in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}::operator()() const (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x19825e)
   #19 0x7f6b77c346f1 in decltype ({parm#1}()) edm::convertException::wrap<void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}>(void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool)::{lambda()#1}) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1986f1)
   #20 0x7f6b77c34d34 in void edm::StreamSchedule::processOneEvent<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::MyPrincipal&, edm::EventSetup const&, bool) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x198d34)
   #21 0x7f6b77c183f7 in edm::EventProcessor::processEvent(unsigned int) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17c3f7)
   #22 0x7f6b77c19970 in edm::EventProcessor::processEventsForStreamAsync(unsigned int, std::atomic<bool>*) (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x17d970)
   #23 0x7f6b77c3f0c6 in edm::StreamProcessingTask::execute() (/mnt/build/davidlt/asan2/a/slc6_amd64_gcc493/cms/cmssw/CMSSW_7_6_ASAN_X_2015-10-19-1100/lib/slc6_amd64_gcc493/libFWCoreFramework.so+0x1a30c6)
   #24 0x7f6b75a83beb in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) ../../src/tbb/custom_scheduler.h:474

SUMMARY: AddressSanitizer: heap-buffer-overflow /mnt/build/davidlt/asan2/CMSSW_7_6_ASAN_X_2015-10-19-1100/src/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc:247 HLTMuonPlotter::analyze(edm::Event const&, edm::EventSetup const&)
Shadow bytes around the buggy address:
 0x0c0680419230: fa fa 00 00 00 fa fa fa 00 00 00 fa fa fa fa fa
 0x0c0680419240: fa fa fa fa 00 00 00 04 fa fa fd fd fd fd fa fa
 0x0c0680419250: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
 0x0c0680419260: fa fa fd fd fd fd fa fa 00 00 00 fa fa fa fd fd
 0x0c0680419270: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0680419280: fd fd fd fd fa[fa]00 00 00 00 fa fa fd fd fd fa
 0x0c0680419290: fa fa fd fd fd fd fa fa fa fa fa fa fa fa fd fd
 0x0c06804192a0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
 0x0c06804192b0: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fd
 0x0c06804192c0: fa fa 00 00 00 fa fa fa fd fd fd fa fa fa fd fd
 0x0c06804192d0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
 Addressable:           00
 Partially addressable: 01 02 03 04 05 06 07 
 Heap left redzone:       fa
 Heap right redzone:      fb
 Freed heap region:       fd
 Stack left redzone:      f1
 Stack mid redzone:       f2
 Stack right redzone:     f3
 Stack partial redzone:   f4
 Stack after return:      f5
 Stack use after scope:   f8
 Global redzone:          f9
 Global init order:       f6
 Poisoned by user:        f7
 Contiguous container OOB:fc
 ASan internal:           fe
==19291==ABORTING

https://github.com/cms-sw/cmssw/blob/CMSSW_8_0_X/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc#L247

The problem is probably here: https://github.com/cms-sw/cmssw/blob/CMSSW_8_0_X/HLTriggerOffline/Muon/src/HLTMuonPlotter.cc#L228

18446744073709551615 is max value of size_t, so it overflow, because on 227 line we set it to 0.
@davidlt
Copy link
Contributor Author

davidlt commented Oct 22, 2015

This bug most likely was introduced by 8a3fb3a (PR #9145) @HuguesBrun

@deguio @danduggan @vanbesien

@smuzaffar
Copy link
Contributor

closing it as we do not see this any moe in ASAN IBs.

@cmsbuild
Copy link
Contributor

A new Issue was created by @davidlt .

@davidlange6, @Dr15Jones, @smuzaffar, @fabiocos, @kpedro88 can you please review it and eventually sign/assign? Thanks.

cms-bot commands are listed here

@missirol missirol mentioned this issue Feb 13, 2023
Merged
@missirol missirol mentioned this issue Feb 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending-assignment
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidlt @smuzaffar @cmsbuild