id,summary,reporter,owner,description,type,status,milestone,component,version,severity,resolution,keywords,cc 10756,AddressSanitizer container overflow in deadline_timer,harjotgill@…,chris_kohlhoff,"I am scheduling 3 ASIO deadline timers back-to-back, wrapping them in a single strand. There is a single thread that services io_service->run(). I see the following ""container-overflow"" violation: {{{ ================================================================= ==16399==ERROR: AddressSanitizer: container-overflow on address 0x60c000017550 at pc 0x0001088e1b3a bp 0x00010ea96510 sp 0x00010ea95cd0 READ of size 8 at 0x60c000017550 thread T2 #0 0x1088e1b39 in __asan_memcpy (/opt/local/libexec/llvm-3.6/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x24b39) #1 0x1084a286a in boost::date_time::counted_time_rep::time_count() const (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x10056186a) #2 0x1084a264e in boost::date_time::counted_time_system >::is_less(boost::date_time::counted_time_rep const&, boost::date_time::counted_time_rep const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x10056164e) #3 0x10808ccec in boost::date_time::base_time > >::operator<(boost::posix_time::ptime const&) const (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x10014bcec) #4 0x10823e079 in boost::asio::time_traits::less_than(boost::posix_time::ptime const&, boost::posix_time::ptime const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002fd079) #5 0x108297b9a in boost::asio::detail::timer_queue::down_heap(unsigned long) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100356b9a) #6 0x108296b02 in boost::asio::detail::timer_queue::remove_timer(boost::asio::detail::timer_queue::per_timer_data&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100355b02) #7 0x1083bc9ef in boost::asio::detail::timer_queue::get_ready_timers(boost::asio::detail::op_queue&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x10047b9ef) #8 0x1083ba430 in boost::asio::detail::timer_queue >::get_ready_timers(boost::asio::detail::op_queue&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100479430) #9 0x10960c74c in boost::asio::detail::timer_queue_set::get_ready_timers(boost::asio::detail::op_queue&) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x4374c) #10 0x10960c0cd in boost::asio::detail::kqueue_reactor::run(bool, boost::asio::detail::op_queue&) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x430cd) #11 0x10960b846 in boost::asio::detail::task_io_service::do_run_one(boost::asio::detail::scoped_lock&, boost::asio::detail::task_io_service_thread_info&, boost::system::error_code const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x42846) #12 0x10960b3aa in boost::asio::detail::task_io_service::run(boost::system::error_code&) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x423aa) #13 0x1095e2940 in boost::asio::io_service::run() (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x19940) #14 0x1095d01f7 in eximius::Platform::ProcessorRun(unsigned int) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x71f7) #15 0x1095e81fe in void boost::_bi::list1 >::operator()(boost::_bi::type, void (*&)(unsigned int), boost::_bi::list0&, int) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x1f1fe) #16 0x1095e817b in boost::_bi::bind_t > >::operator()() (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x1f17b) #17 0x1095f5d7b in boost::detail::thread_data > > >::run() (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x2cd7b) #18 0x10a477d04 in boost::(anonymous namespace)::thread_proxy(void*) (/opt/local/lib/libboost_thread-mt.dylib+0x2d04) #19 0x7fff93dbc2fb in _pthread_body (/usr/lib/system/libsystem_pthread.dylib+0x32fb) #20 0x7fff93dbc278 in _pthread_start (/usr/lib/system/libsystem_pthread.dylib+0x3278) #21 0x7fff93dba4b0 in thread_start (/usr/lib/system/libsystem_pthread.dylib+0x14b0) 0x60c000017550 is located 80 bytes inside of 128-byte region [0x60c000017500,0x60c000017580) allocated by thread T0 here: #0 0x1088ea2ab in wrap__Znwm (/opt/local/libexec/llvm-3.6/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x2d2ab) #1 0x108248c8a in std::__1::__split_buffer::heap_entry, std::__1::allocator::heap_entry>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator::heap_entry>&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100307c8a) #2 0x108241d93 in std::__1::__split_buffer::heap_entry, std::__1::allocator::heap_entry>&>::__split_buffer(unsigned long, unsigned long, std::__1::allocator::heap_entry>&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100300d93) #3 0x108241498 in void std::__1::vector::heap_entry, std::__1::allocator::heap_entry> >::__push_back_slow_path::heap_entry const>(boost::asio::detail::timer_queue::heap_entry const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100300498) #4 0x10823c621 in boost::asio::detail::timer_queue::enqueue_timer(boost::posix_time::ptime const&, boost::asio::detail::timer_queue::per_timer_data&, boost::asio::detail::wait_op*) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002fb621) #5 0x10823b51a in boost::asio::detail::timer_queue >::enqueue_timer(boost::posix_time::ptime const&, boost::asio::detail::timer_queue::per_timer_data&, boost::asio::detail::wait_op*) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002fa51a) #6 0x108238e17 in void boost::asio::detail::kqueue_reactor::schedule_timer >(boost::asio::detail::timer_queue >&, boost::asio::time_traits::time_type const&, boost::asio::detail::timer_queue >::per_timer_data&, boost::asio::detail::wait_op*) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002f7e17) #7 0x1082375bc in void boost::asio::detail::deadline_timer_service >::async_wait >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running> >(boost::asio::detail::deadline_timer_service >::implementation_type&, boost::asio::detail::wrapped_handler >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running>&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002f65bc) #8 0x108236536 in boost::asio::async_result >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running>, void (boost::system::error_code)>::type>::type boost::asio::deadline_timer_service >::async_wait >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running> >(boost::asio::detail::deadline_timer_service >::implementation_type&, boost::asio::detail::wrapped_handler >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running> const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002f5536) #9 0x108205259 in boost::asio::async_result >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running>, void (boost::system::error_code)>::type>::type boost::asio::basic_deadline_timer, boost::asio::deadline_timer_service > >::async_wait >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running> >(boost::asio::detail::wrapped_handler >, boost::system::error_code const&>, boost::_bi::list2 >*>, boost::arg<1> (*)()> >, boost::asio::detail::is_continuation_if_running> const&) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002c4259) #10 0x1081f95d6 in eximius::EximiusTimerHandler >::StartTimer() (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1002b85d6) #11 0x108081a7c in int eximius::Platform::ScheduleTimer >(boost::posix_time::time_duration const&, boost::function const&, bool, char const*, unsigned int, unsigned int) (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100140a7c) #12 0x107fe3143 in eximius::ProcessControl::StartTimers() (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x1000a2143) #13 0x107f75593 in eximius::ProcessControl::StartApplication() (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100034593) #14 0x1096bc66e in eximius::EximiusApplication::StartEximiusApplication() (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0xf366e) #15 0x108585856 in main (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x100644856) #16 0x7fff9077f5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) #17 0x0 () Thread T2 created by T0 here: #0 0x1088e106f in wrap_pthread_create (/opt/local/libexec/llvm-3.6/lib/clang/3.6.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x2406f) #1 0x10a477c1b in boost::thread::start_thread_noexcept() (/opt/local/lib/libboost_thread-mt.dylib+0x2c1b) #2 0x1095f4d04 in boost::thread::start_thread() (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x2bd04) #3 0x1095f4c65 in boost::thread::thread > > >(boost::_bi::bind_t > >, boost::disable_if_c > >&, boost::detail::thread_move_t > > > >::value, boost::thread::dummy*>::type) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x2bc65) #4 0x1095e307a in boost::thread::thread > > >(boost::_bi::bind_t > >, boost::disable_if_c > >&, boost::detail::thread_move_t > > > >::value, boost::thread::dummy*>::type) (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x1a07a) #5 0x1095da31f in eximius::Platform::Initialize() (/Users/hgill/Work/dpi/sp4/build_debug/install/lib/libgencore-platform.dylib+0x1131f) #6 0x1085803a8 in main (/Users/hgill/Work/dpi/sp4/build_debug/install/./bin/process-manager+0x10063f3a8) #7 0x7fff9077f5c8 in start (/usr/lib/system/libdyld.dylib+0x35c8) #8 0x0 () SUMMARY: AddressSanitizer: container-overflow ??:0 __asan_memcpy Shadow bytes around the buggy address: 0x1c1800002e50: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x1c1800002e60: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x1c1800002e70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c1800002e80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x1c1800002e90: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa =>0x1c1800002ea0: 00 00 00 00 00 00 00 00 00 00[fc]fc fc fc fc fc 0x1c1800002eb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x1c1800002ec0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa 0x1c1800002ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c1800002ee0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x1c1800002ef0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac ASan internal: fe ==16399==ABORTING }}} Somehow, the problem goes away when I schedule < 3 timers. ",Bugs,new,To Be Determined,asio,Boost 1.56.0,Problem,,AddressSanitizer,