cmssw: ASAN problem in CSCXonStrip_MatchGatti

Workflow 4.37 step 3 fails in CMSSW_11_2_ASAN_X_2020-11-23-2300 with
=================================================================
==22914==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d0003e7470 at pc 0x2addaee30467 bp 0x2add78fd84c0 sp 0x2add78fd84b8
    #0 0x2addaee30466 in CSCXonStrip_MatchGatti::estimated2GattiCorrection(double, float, bool) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0xc4466)
    #1 0x2addaee30495 in CSCXonStrip_MatchGatti::estimated2Gatti(double, float, bool) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0xc4495)
    #2 0x2addaee35ad0 in CSCXonStrip_MatchGatti::findXOnStrip(CSCDetId const&, CSCLayer const*, CSCStripHit const&, int, float&, float&, float const&, float&, float&, int&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0xc9ad0)
    #3 0x2addaedc7839 in CSCMake2DRecHit::hitFromStripAndWire(CSCDetId const&, CSCLayer const*, CSCWireHit const&, CSCStripHit const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0x5b839)
    #4 0x2addaedcd66d in CSCRecHitDBuilder::build(MuonDigiCollection<CSCDetId, CSCStripDigi> const*, MuonDigiCollection<CSCDetId, CSCWireDigi> const*, edm::RangeMap<CSCDetId, edm::OwnVector<CSCRecHit2D, edm::ClonePolicy<CSCRecHit2D> >, edm::ClonePolicy<CSCRecHit2D> >&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0x6166d)
    #5 0x2addaedd8958 in CSCRecHitDProducer::produce(edm::Event&, edm::EventSetup const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0x6c958)
    #6 0x2add34838c4b in edm::stream::EDProducerAdaptorBase::doEvent(edm::EventTransitionInfo const&, edm::ActivityRegistry*, edm::ModuleCallingContext const*) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x8a3c4b)
    #7 0x2add34779171 in edm::WorkerT<edm::stream::EDProducerAdaptorBase>::implDo(edm::EventTransitionInfo const&, edm::ModuleCallingContext const*) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x7e4171)
    #8 0x2add34492f19 in decltype ({parm#1}()) edm::convertException::wrap<edm::Worker::runModule<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(edm::Worker::runModule<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x4fdf19)
    #9 0x2add3449341b in bool edm::Worker::runModule<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x4fe41b)
    #10 0x2add34493dff in std::__exception_ptr::exception_ptr edm::Worker::runModuleAfterAsyncPrefetch<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(std::__exception_ptr::exception_ptr const*, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x4fedff)
    #11 0x2add3449b097 in edm::Worker::RunModuleTask<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >::execute() (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x506097)
    #12 0x2add36868bfc in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::process_bypass_loop(tbb::internal::context_guard_helper<false>&, tbb::task*, long) ../../src/tbb/custom_scheduler.h:474
    #13 0x2add36868ef4 in tbb::internal::custom_scheduler<tbb::internal::IntelSchedulerTraits>::local_wait_for_all(tbb::task&, tbb::task*) ../../src/tbb/custom_scheduler.h:636
    #14 0x2add368629fe in tbb::internal::arena::process(tbb::internal::generic_scheduler&) ../../src/tbb/arena.cpp:196
    #15 0x2add368613d2 in tbb::internal::market::process(rml::job&) ../../src/tbb/market.cpp:667
    #16 0x2add3685d7db in tbb::internal::rml::private_worker::run() ../../src/tbb/private_server.cpp:266
    #17 0x2add3685d9e8 in tbb::internal::rml::private_worker::thread_routine(void*) ../../src/tbb/private_server.cpp:219
    #18 0x2add3761cea4 in start_thread (/lib64/libpthread.so.0+0x7ea4)
    #19 0x2add3792f96c in clone (/lib64/libc.so.6+0xfe96c)

0x62d0003e7470 is located 376 bytes to the right of 36600-byte region [0x62d0003de400,0x62d0003e72f8)
allocated by thread T0 here:
    #0 0x2add332b9db0 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cc:90
    #1 0x2addaedc2957 in CSCMake2DRecHit::CSCMake2DRecHit(edm::ParameterSet const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0x56957)
    #2 0x2addaedcace0 in CSCRecHitDBuilder::CSCRecHitDBuilder(edm::ParameterSet const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0x5ece0)
    #3 0x2addaedd6122 in CSCRecHitDProducer::CSCRecHitDProducer(edm::ParameterSet const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0x6a122)
    #4 0x2addaedf21b1 in edm::stream::ProducingModuleAdaptor<CSCRecHitDProducer, edm::stream::EDProducerBase, edm::stream::EDProducerAdaptorBase>::setupStreamModules() (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0x861b1)
    #5 0x2add3483ed1e in edm::stream::ProducingModuleAdaptorBase<edm::stream::EDProducerBase>::doPreallocate(edm::PreallocationConfiguration const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x8a9d1e)
    #6 0x2add34749e8e in edm::Maker::makeModule(edm::MakeModuleParams const&, edm::signalslot::Signal<void (edm::ModuleDescription const&)>&, edm::signalslot::Signal<void (edm::ModuleDescription const&)>&) const (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x7b4e8e)
    #7 0x2add343e1166 in edm::Factory::makeModule(edm::MakeModuleParams const&, edm::signalslot::Signal<void (edm::ModuleDescription const&)>&, edm::signalslot::Signal<void (edm::ModuleDescription const&)>&) const (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x44c166)
    #8 0x2add3443a354 in edm::ModuleRegistry::getModule(edm::MakeModuleParams const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, edm::signalslot::Signal<void (edm::ModuleDescription const&)>&, edm::signalslot::Signal<void (edm::ModuleDescription const&)>&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x4a5354)
    #9 0x2add34754b08 in edm::WorkerRegistry::getWorker(edm::WorkerParams const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x7bfb08)
    #10 0x2add3474be4c in edm::WorkerManager::getWorker(edm::ParameterSet&, edm::ProductRegistry&, edm::PreallocationConfiguration const*, std::shared_ptr<edm::ProcessConfiguration const>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x7b6e4c)
    #11 0x2add347501e4 in edm::WorkerManager::addToUnscheduledWorkers(edm::ParameterSet&, edm::ProductRegistry&, edm::PreallocationConfiguration const*, std::shared_ptr<edm::ProcessConfiguration>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x7bb1e4)
    #12 0x2add346a4f93 in edm::StreamSchedule::StreamSchedule(std::shared_ptr<edm::TriggerResultInserter>, std::vector<edm::propagate_const<std::shared_ptr<edm::PathStatusInserter> >, std::allocator<edm::propagate_const<std::shared_ptr<edm::PathStatusInserter> > > >&, std::vector<edm::propagate_const<std::shared_ptr<edm::EndPathStatusInserter> >, std::allocator<edm::propagate_const<std::shared_ptr<edm::EndPathStatusInserter> > > >&, std::shared_ptr<edm::ModuleRegistry>, edm::ParameterSet&, edm::service::TriggerNamesService const&, edm::PreallocationConfiguration const&, edm::ProductRegistry&, edm::BranchIDListHelper&, edm::ExceptionToActionTable const&, std::shared_ptr<edm::ActivityRegistry>, std::shared_ptr<edm::ProcessConfiguration>, bool, edm::StreamID, edm::ProcessContext const*) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x70ff93)
    #13 0x2add345ff7f0 in edm::Schedule::Schedule(edm::ParameterSet&, edm::service::TriggerNamesService const&, edm::ProductRegistry&, edm::BranchIDListHelper&, edm::ThinnedAssociationsHelper&, edm::SubProcessParentageHelper const*, edm::ExceptionToActionTable const&, std::shared_ptr<edm::ActivityRegistry>, std::shared_ptr<edm::ProcessConfiguration>, bool, edm::PreallocationConfiguration const&, edm::ProcessContext const*) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x66a7f0)
    #14 0x2add34658dcf in edm::ScheduleItems::initSchedule(edm::ParameterSet&, bool, edm::PreallocationConfiguration const&, edm::ProcessContext const*) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x6c3dcf)
    #15 0x2add34246a56 in edm::EventProcessor::init(std::shared_ptr<edm::ProcessDesc>&, edm::ServiceToken const&, edm::serviceregistry::ServiceLegacy) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x2b1a56)
    #16 0x2add3424f598 in edm::EventProcessor::EventProcessor(std::shared_ptr<edm::ProcessDesc>, edm::ServiceToken const&, edm::serviceregistry::ServiceLegacy) (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/libFWCoreFramework.so+0x2ba598)
    #17 0x411f93 in tbb::interface7::internal::delegated_function<main::{lambda()#1}::operator()() const::{lambda()#1} const, void>::operator()() const (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/bin/slc7_amd64_gcc820/cmsRun+0x411f93)
    #18 0x2add36863bc0 in tbb::interface7::internal::task_arena_base::internal_execute(tbb::interface7::internal::delegate_base&) const ../../src/tbb/arena.cpp:1105
    #19 0x2add3c5cfeff  (<unknown module>)

Thread T2 created by T0 here:
    #0 0x2add3321fdc0 in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cc:202
    #1 0x2add3685d6c9 in rml::internal::thread_monitor::launch(void* (*)(void*), void*, unsigned long) ../../src/tbb/../rml/server/thread_monitor.h:218
    #2 0x2add3685d6c9 in tbb::internal::rml::private_worker::wake_or_launch() ../../src/tbb/private_server.cpp:297
    #3 0x2add3685d6c9 in tbb::internal::rml::private_server::wake_some(int) ../../src/tbb/private_server.cpp:395
    #4 0x60c00042a47f  (<unknown module>)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/cvmfs/cms-ib.cern.ch/nweek-02656/slc7_amd64_gcc820/cms/cmssw/CMSSW_11_2_ASAN_X_2020-11-23-2300/lib/slc7_amd64_gcc820/pluginRecoLocalMuonCSCRecHitD.so+0xc4466) in CSCXonStrip_MatchGatti::estimated2GattiCorrection(double, float, bool)
Shadow bytes around the buggy address:
  0x0c5a80074e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a80074e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5a80074e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c5a80074e60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a80074e70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c5a80074e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa
  0x0c5a80074e90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a80074ea0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a80074eb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a80074ec0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5a80074ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==22914==ABORTING
About this issue

Original URL
State: closed
Created 4 years ago
Comments: 19 (19 by maintainers)
Commits related to this issue

Update CSCMake2DRecHit.cc Fix of issue https://github.com/cms-sw/cmssw/issues/32274 caused by changes in PR #32052 — committed to nvoytish/cmssw by nvoytish 4 years ago
Most upvoted comments

Hi @slava77 ! Unfortunately I was too busy last week. I am on it.
nvoytish on Nov 30, 2020