[ASAN] heap-buffer-overflow in L2_clustering()

[makortel]

In CMSSW_13_0_ASAN_X_2022-11-28-1100 workflow 21034.114 step 2 ASAN reports

=================================================================
==24902==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61c005ddc064 at pc 0x2acae59ae154 bp 0x2acadc372670 sp 0x2acadc372668
READ of size 4 at 0x61c005ddc064 thread T4
    #0 0x2acae59ae153 in L2_clustering(std::vector<std::vector<EtaPhiBin, std::allocator<EtaPhiBin> >, std::allocator<std::vector<EtaPhiBin, std::allocator<EtaPhiBin> > > >&, int, float, float) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/pluginL1TrackTriggerPlugins.so+0x1e8153)
    #1 0x2acae59899e7 in L1TrackJetProducer::produce(edm::Event&, edm::EventSetup const&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/pluginL1TrackTriggerPlugins.so+0x1c39e7)
    #2 0x2aca893ff9c7 in edm::stream::EDProducerAdaptorBase::doEvent(edm::EventTransitionInfo const&, edm::ActivityRegistry*, edm::ModuleCallingContext const*) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x97a9c7)
    #3 0x2aca89385af4 in edm::WorkerT<edm::stream::EDProducerAdaptorBase>::implDo(edm::EventTransitionInfo const&, edm::ModuleCallingContext const*) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x900af4)
    #4 0x2aca89042194 in decltype ({parm#1}()) edm::convertException::wrap<edm::Worker::runModule<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(edm::Worker::runModule<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x5bd194)
    #5 0x2aca89042cf3 in std::__exception_ptr::exception_ptr edm::Worker::runModuleAfterAsyncPrefetch<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(std::__exception_ptr::exception_ptr, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x5bdcf3)
    #6 0x2aca8904e49c in edm::Worker::RunModuleTask<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >::execute() (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x5c949c)
    #7 0x2aca89dfe4db in tbb::detail::d1::function_task<edm::WaitingTaskList::announce()::{lambda()#1}>::execute(tbb::detail::d1::execution_data&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreConcurrency.so+0x114db)
    #8 0x2aca8b48151b in tbb::detail::d1::task* tbb::detail::r1::task_dispatcher::local_wait_for_all<false, tbb::detail::r1::outermost_worker_waiter>(tbb::detail::d1::task*, tbb::detail::r1::outermost_worker_waiter&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/task_dispatcher.h:322
    #9 0x2aca8b48151b in tbb::detail::d1::task* tbb::detail::r1::task_dispatcher::local_wait_for_all<tbb::detail::r1::outermost_worker_waiter>(tbb::detail::d1::task*, tbb::detail::r1::outermost_worker_waiter&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/task_dispatcher.h:463
    #10 0x2aca8b48151b in tbb::detail::r1::arena::process(tbb::detail::r1::thread_data&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/arena.cpp:138
    #11 0x2aca8b48151b in tbb::detail::r1::market::process(rml::job&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/market.cpp:597
    #12 0x2aca8b483653 in tbb::detail::r1::rml::private_worker::run() /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:267
    #13 0x2aca8b483653 in tbb::detail::r1::rml::private_worker::thread_routine(void*) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:221
    #14 0x2aca8c1301ce in start_thread (/lib64/libpthread.so.0+0x81ce)
    #15 0x2aca8c381e72 in clone (/lib64/libc.so.6+0x39e72)

0x61c005ddc064 is located 28 bytes to the left of 1792-byte region [0x61c005ddc080,0x61c005ddc780)
allocated by thread T4 here:
    #0 0x2aca88163f37 in operator new(unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cpp:99
    #1 0x2acae599d838 in void std::vector<EtaPhiBin, std::allocator<EtaPhiBin> >::_M_realloc_insert<EtaPhiBin const&>(__gnu_cxx::__normal_iterator<EtaPhiBin*, std::vector<EtaPhiBin, std::allocator<EtaPhiBin> > >, EtaPhiBin const&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/pluginL1TrackTriggerPlugins.so+0x1d7838)
    #2 0x2acae59aa99b in L2_clustering(std::vector<std::vector<EtaPhiBin, std::allocator<EtaPhiBin> >, std::allocator<std::vector<EtaPhiBin, std::allocator<EtaPhiBin> > > >&, int, float, float) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/pluginL1TrackTriggerPlugins.so+0x1e499b)
    #3 0x2acae59899e7 in L1TrackJetProducer::produce(edm::Event&, edm::EventSetup const&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/pluginL1TrackTriggerPlugins.so+0x1c39e7)
    #4 0x2aca893ff9c7 in edm::stream::EDProducerAdaptorBase::doEvent(edm::EventTransitionInfo const&, edm::ActivityRegistry*, edm::ModuleCallingContext const*) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x97a9c7)
    #5 0x2aca89385af4 in edm::WorkerT<edm::stream::EDProducerAdaptorBase>::implDo(edm::EventTransitionInfo const&, edm::ModuleCallingContext const*) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x900af4)
    #6 0x2aca89042194 in decltype ({parm#1}()) edm::convertException::wrap<edm::Worker::runModule<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}>(edm::Worker::runModule<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*)::{lambda()#1}) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x5bd194)
    #7 0x2aca89042cf3 in std::__exception_ptr::exception_ptr edm::Worker::runModuleAfterAsyncPrefetch<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >(std::__exception_ptr::exception_ptr, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::TransitionInfoType const&, edm::StreamID, edm::ParentContext const&, edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1>::Context const*) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x5bdcf3)
    #8 0x2aca8904e49c in edm::Worker::RunModuleTask<edm::OccurrenceTraits<edm::EventPrincipal, (edm::BranchActionType)1> >::execute() (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreFramework.so+0x5c949c)
    #9 0x2aca89dfe4db in tbb::detail::d1::function_task<edm::WaitingTaskList::announce()::{lambda()#1}>::execute(tbb::detail::d1::execution_data&) (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/libFWCoreConcurrency.so+0x114db)
    #10 0x2aca8b48151b in tbb::detail::d1::task* tbb::detail::r1::task_dispatcher::local_wait_for_all<false, tbb::detail::r1::outermost_worker_waiter>(tbb::detail::d1::task*, tbb::detail::r1::outermost_worker_waiter&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/task_dispatcher.h:322
    #11 0x2aca8b48151b in tbb::detail::d1::task* tbb::detail::r1::task_dispatcher::local_wait_for_all<tbb::detail::r1::outermost_worker_waiter>(tbb::detail::d1::task*, tbb::detail::r1::outermost_worker_waiter&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/task_dispatcher.h:463
    #12 0x2aca8b48151b in tbb::detail::r1::arena::process(tbb::detail::r1::thread_data&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/arena.cpp:138
    #13 0x2aca8b48151b in tbb::detail::r1::market::process(rml::job&) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/market.cpp:597
    #14 0x2aca8b483653 in tbb::detail::r1::rml::private_worker::run() /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:267
    #15 0x2aca8b483653 in tbb::detail::r1::rml::private_worker::thread_routine(void*) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:221

Thread T4 created by T2 here:
    #0 0x2aca8810a716 in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x2aca8b482d5b in tbb::detail::r1::rml::internal::thread_monitor::launch(void* (*)(void*), void*, unsigned long) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/rml_thread_monitor.h:208
    #2 0x2aca8b482d5b in tbb::detail::r1::rml::private_worker::wake_or_launch() /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:299
    #3 0x2aca8b482d5b in tbb::detail::r1::rml::private_server::wake_some(int) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:407

Thread T2 created by T0 here:
    #0 0x2aca8810a716 in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x2aca8b482d5b in tbb::detail::r1::rml::internal::thread_monitor::launch(void* (*)(void*), void*, unsigned long) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/rml_thread_monitor.h:208
    #2 0x2aca8b482d5b in tbb::detail::r1::rml::private_worker::wake_or_launch() /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:299
    #3 0x2aca8b482d5b in tbb::detail::r1::rml::private_server::wake_some(int) /data/cmsbld/jenkins/workspace/auto-builds/CMSSW_12_6_0_pre3-el8_amd64_gcc11/build/CMSSW_12_6_0_pre3-build/BUILD/el8_amd64_gcc11/external/tbb/v2021.5.0-26deaf86b02cf9ce10d1fb9d6400c40a/tbb-v2021.5.0/src/tbb/private_server.cpp:407

SUMMARY: AddressSanitizer: heap-buffer-overflow (/cvmfs/cms-ib.cern.ch/sw/x86_64/week1/el8_amd64_gcc11/cms/cmssw/CMSSW_13_0_ASAN_X_2022-11-28-1100/lib/el8_amd64_gcc11/pluginL1TrackTriggerPlugins.so+0x1e8153) in L2_clustering(std::vector<std::vector<EtaPhiBin, std::allocator<EtaPhiBin> >, std::allocator<std::vector<EtaPhiBin, std::allocator<EtaPhiBin> > > >&, int, float, float)
Shadow bytes around the buggy address:
  0x0c3880bb37b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880bb37c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880bb37d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880bb37e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3880bb37f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3880bb3800: fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa fa fa
  0x0c3880bb3810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3880bb3820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3880bb3830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3880bb3840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3880bb3850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==24902==ABORTING

https://cmssdt.cern.ch/SDT/cgi-bin/logreader/el8_amd64_gcc11/CMSSW_13_0_ASAN_X_2022-11-28-1100/pyRelValMatrixLogs/run/21034.114_TTbar_14TeV+2026D88PU_OTInefficiency10PC+TTbar_14TeV_TuneCP5_GenSimHLBeamSpot14INPUT+DigiTriggerPU+RecoGlobalPU+HARVESTGlobalPU/step2_TTbar_14TeV+2026D88PU_OTInefficiency10PC+TTbar_14TeV_TuneCP5_GenSimHLBeamSpot14INPUT+DigiTriggerPU+RecoGlobalPU+HARVESTGlobalPU.log#/

[cmsbuild]

A new Issue was created by @makortel Matti Kortelainen.

@Dr15Jones, @perrotta, @dpiparo, @rappoccio, @makortel, @smuzaffar can you please review it and eventually sign/assign? Thanks.

cms-bot commands are listed here

[makortel]

assign l1

[cmsbuild]

New categories assigned: l1

@epalencia,@rekovic,@cecilecaillol you have been requested to review this Pull request/Issue and eventually sign? Thanks

[makortel]

I think the culprit is in this loop

cmssw/L1Trigger/L1TTrackMatch/interface/L1Clustering.h

Lines 226 to 249 in 830c070

	// merge close-by clusters
	for (int m = 0; m < nclust - 1; ++m) {
	for (int n = m + 1; n < nclust; ++n) {
	if (clusters[n].eta != clusters[m].eta)
	continue;
	if (std::abs(DPhi(clusters[n].phi, clusters[m].phi)) > 1.5 * phiStep_)
	continue;
	if (clusters[n].pTtot > clusters[m].pTtot)
	clusters[m].phi = clusters[n].phi;
	clusters[m].pTtot += clusters[n].pTtot;
	clusters[m].numtracks += clusters[n].numtracks;
	clusters[m].numtdtrks += clusters[n].numtdtrks;
	for (unsigned int itrk = 0; itrk < clusters[n].trackidx.size(); itrk++)
	clusters[m].trackidx.push_back(clusters[n].trackidx[itrk]);
	for (int m1 = n; m1 < nclust - 1; ++m1)
	clusters[m1] = clusters[m1 + 1];
	clusters.erase(clusters.begin() + nclust);
	nclust--;
	m = -1;
	} // end of n-loop
	} // end of m-loop

If an iteration of the for (int n = m + 1; n < nclust; ++n) { loop runs till the end (i.e. not terminated by the continues), the m is set to -1, and then on the following iteration of that loop the first statement of the loop body

cmssw/L1Trigger/L1TTrackMatch/interface/L1Clustering.h

Line 229 in 830c070

if (clusters[n].eta != clusters[m].eta)

ends up comparing clusters[0].eta != clusters[-1].eta.

Guessing a bit, maybe the compiler might have optimized the (assembly) code enough to not to convert -1 to unsigned integer, and the clusters[-1].eta ends up referencing the address preceding the first element. Given the layout

cmssw/L1Trigger/L1TTrackMatch/interface/L1Clustering.h

Lines 10 to 20 in 830c070

	struct EtaPhiBin {
	float pTtot = 0;
	int numtracks = 0;
	int numttrks = 0;
	int numtdtrks = 0;
	int numttdtrks = 0;
	bool used = false;
	float phi; //average phi value (halfway b/t min and max)
	float eta; //average eta value
	std::vector<unsigned int> trackidx;
	};

that would be consistent with the located 28 bytes to the left of (3*8+4 = 28).

[cecilecaillol]

Fixed in #40387

[cecilecaillol]

+l1

[cmsbuild]

This issue is fully signed and ready to be closed.