Issue 736367 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	----
Closed:	Jun 2017
Cc:	rch@chromium.org pbomm...@chromium.org
Components:	Internals>Network>QUIC
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
TE-NeedsTriageHelp M-61 Via-Wizard-DeveloperTools Needs-Milestone

Abort caused by DCHECK_GE(header.packet_number, least_unacked_delta)

Reported by emanuel....@gmail.com, Jun 23 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

Steps to reproduce the problem:
1. compile proto-quic with DCHECK_ALWAYS_ON or without NDEBUG 
2. run the server
3. send special set of bytes from a modified client (can provide details)

What is the expected behavior?

What went wrong?
The server aborts:

[0623/174102.102426:FATAL:quic_framer.cc(1321)] Check failed: header.packet_number >= least_unacked_delta (1 vs. 101)
#0 0x7fb8f8a85b0b base::debug::StackTrace::StackTrace()
#1 0x7fb8f8a8480c base::debug::StackTrace::StackTrace()
#2 0x7fb8f8af7f23 logging::LogMessage::~LogMessage()
#3 0x7fb8f9a20ea2 net::QuicFramer::ProcessStopWaitingFrame()
#4 0x7fb8f9a1f42c net::QuicFramer::ProcessFrameData()
#5 0x7fb8f9a1d7fb net::QuicFramer::ProcessDataPacket()
#6 0x7fb8f9a1c93b net::QuicFramer::ProcessPacket()
#7 0x000000412166 net::ChloExtractor::Extract()
#8 0x000000421f43 net::QuicDispatcher::MaybeRejectStatelessly()
#9 0x000000421c30 net::QuicDispatcher::OnUnauthenticatedHeader()
#10 0x7fb8f9a1dba1 net::QuicFramer::ProcessUnauthenticatedHeader()
#11 0x7fb8f9a1d3e0 net::QuicFramer::ProcessDataPacket()
#12 0x7fb8f9a1c93b net::QuicFramer::ProcessPacket()
#13 0x000000421111 net::QuicDispatcher::ProcessPacket()
#14 0x00000044c488 net::QuicSimpleServer::OnReadComplete()
#15 0x00000044d92c _ZN4base8internal13FunctorTraitsIMN3net16QuicSimpleServerEFviEvE6InvokeIPS3_JiEEEvS5_OT_DpOT0_
#16 0x00000044d836 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3net16QuicSimpleServerEFviEJPS5_iEEEvOT_DpOT0_
#17 0x00000044d7c7 _ZN4base8internal7InvokerINS0_9BindStateIMN3net16QuicSimpleServerEFviEJNS0_17UnretainedWrapperIS4_EEEEEFviEE7RunImplIRKS6_RKSt5tupleIJS8_EEJLm0EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEEOi
#18 0x00000044d6fc _ZN4base8internal7InvokerINS0_9BindStateIMN3net16QuicSimpleServerEFviEJNS0_17UnretainedWrapperIS4_EEEEEFviEE3RunEPNS0_13BindStateBaseEOi
#19 0x7fb8f93d3de1 _ZNKR4base8CallbackIFviELNS_8internal8CopyModeE1ELNS2_10RepeatModeE1EE3RunEi
#20 0x7fb8f9b4ce51 net::UDPSocketPosix::DoReadCallback()
#21 0x7fb8f9b4cb40 net::UDPSocketPosix::DidCompleteRead()
#22 0x7fb8f9b4c922 net::UDPSocketPosix::ReadWatcher::OnFileCanReadWithoutBlocking()
#23 0x7fb8f8b35591 base::MessagePumpLibevent::FileDescriptorWatcher::OnFileCanReadWithoutBlocking()
#24 0x7fb8f8b36839 base::MessagePumpLibevent::OnLibeventNotification()
#25 0x7fb8f8d9a9bf event_process_active
#26 0x7fb8f8d9a0d7 event_base_loop
#27 0x7fb8f8b36b42 base::MessagePumpLibevent::Run()
#28 0x7fb8f8b21258 base::MessageLoop::Run()
#29 0x7fb8f8bca52d base::RunLoop::Run()
#30 0x000000411310 main
#31 0x7fb8f81ba830 __libc_start_main
#32 0x0000004109e4 <unknown>

Aborted (core dumped)

Did this work before? No 

Chrome version: proto-quic commit 09adf3a4d4fe04b9b722c313956930bc11f9fd44  Channel: n/a
OS Version: Ubuntu 16.04
Flash Version: 

Initially found on commit 17db47fb4265d45430ca5a3b4180ed52dfedf817

Also present on 09adf3a4d4fe04b9b722c313956930bc11f9fd44

Comment 1 by asanka@chromium.org, Jun 28 2017

Components: -Platform>DevTools Internals>Network>QUIC

Comment 2 by ranjitkan@chromium.org, Jun 29 2017

Labels: Needs-Milestone

Comment 3 by mmanchala@chromium.org, Jun 29 2017

Labels: TE-NeedsTriageHelp

Adding TE-NeedsTriageHelp as issue is related to QUIC server

Comment 4 by pbomm...@chromium.org, Jun 29 2017

Cc: pbomm...@chromium.org rch@chromium.org
Labels: M-61

cc'ing Ryan for more insights and triaging of the bug. I am tagging M61 for now.

Comment 5 by rch@chromium.org, Jun 29 2017

Status: Started (was: Unconfirmed)

This should be a connection error instead of a DCHECK. I'll fix the code internally and merge to chromium.

Project Member

Comment 6 by bugdroid1@chromium.org, Jun 29 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/505b8e62281ad25172bfa025bbd546ec8a3c955c

commit 505b8e62281ad25172bfa025bbd546ec8a3c955c
Author: rch <rch@chromium.org>
Date: Thu Jun 29 21:16:04 2017

Replace a DCHECK with a return false, when processing invalid stop waiting data.

Merge internal change: 160571176

BUG= 736367 

Review-Url: https://codereview.chromium.org/2962203002
Cr-Commit-Position: refs/heads/master@{#483487}

[modify] https://crrev.com/505b8e62281ad25172bfa025bbd546ec8a3c955c/net/quic/core/quic_framer.cc
[modify] https://crrev.com/505b8e62281ad25172bfa025bbd546ec8a3c955c/net/quic/core/quic_framer_test.cc

Comment 7 by rch@chromium.org, Jun 29 2017

Status: Fixed (was: Started)

►

Issue 736367 link

Issue metadata

Abort caused by DCHECK_GE(header.packet_number, least_unacked_delta)

Issue description

Comment 1 by asanka@chromium.org, Jun 28 2017

Comment 1 Deleted

Comment 2 by ranjitkan@chromium.org, Jun 29 2017

Comment 2 Deleted

Comment 3 by mmanchala@chromium.org, Jun 29 2017

Comment 3 Deleted

Comment 4 by pbomm...@chromium.org, Jun 29 2017

Comment 4 Deleted

Comment 5 by rch@chromium.org, Jun 29 2017

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Jun 29 2017

Comment 6 Deleted

Comment 7 by rch@chromium.org, Jun 29 2017

Comment 7 Deleted

Sign in to add a comment