Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/7f8dd1e122d3c6568768b42adc405cea866fdb11 (Optimize UDPSocketPosix::InternalRecvFrom()).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Same as  Issue 806205 , the crash is not related to the above mentions changelist directly. The same crash takes place if the CL is rolled back and an additional dummy data_provider.ConsumeBool() is added in quic_stream_factory_fuzzer.cc after assigning value to |enable_token_binding|:

  bool enable_token_binding = data_provider.ConsumeBool();
+ data_provider.ConsumeBool(); // Extra read from the data provider.

Here is the full stack:
[0129/111436.199039:FATAL:quic_session.cc(832)] Check failed: !QuicContainsKey(static_stream_map_, stream_id). Attempt to call GetOrCreateDynamicStream for a static stream

    #7 0x7f053ff377cf in net::QuicSession::GetOrCreateDynamicStream(unsigned int) net/quic/core/quic_session.cc:832:3
    #8 0x7f053ffa3a97 in net::QuicSpdySession::GetSpdyDataStream(unsigned int) net/quic/core/quic_spdy_session.cc:504:39
    #9 0x7f053ffa3d0e in net::QuicSpdySession::OnStreamHeaderList(unsigned int, bool, unsigned long, net::QuicHeaderList const&) net/quic/core/quic_spdy_session.cc:360:28
    #10 0x7f053ffa941d in net::QuicSpdySession::OnHeaderList(net::QuicHeaderList const&) net/quic/core/quic_spdy_session.cc:586:5
    #11 0x7f053ffb077a in net::QuicSpdySession::SpdyFramerVisitor::OnHeaderFrameEnd(unsigned int) net/quic/core/quic_spdy_session.cc:74:17
    #12 0x7f05400d88a7 in net::QuicHttpDecoderAdapter::CommonHpackFragmentEnd() net/quic/http/decoder/quic_http_frame_decoder_adapter.cc:968:18
    #13 0x7f05400d7be9 in net::QuicHttpDecoderAdapter::OnHeadersEnd() net/quic/http/decoder/quic_http_frame_decoder_adapter.cc:370:3
    #14 0x7f0540094217 in net::QuicHttpHeadersQuicHttpPayloadDecoder::StartDecodingPayload(net::QuicHttpFrameDecoderState*, net::QuicHttpDecodeBuffer*) net/quic/http/decoder/payload_decoders/quic_http_headers_payload_decoder.cc:92:26
    #15 0x7f05400c769b in net::QuicHttpFrameDecoder::StartDecodingHeadersPayload(net::QuicHttpDecodeBuffer*) net/quic/http/decoder/quic_http_frame_decoder.cc:320:35
    #16 0x7f05400c5f1e in net::QuicHttpFrameDecoder::StartDecodingPayload(net::QuicHttpDecodeBuffer*) net/quic/http/decoder/quic_http_frame_decoder.cc:121:16
    #17 0x7f05400c51ba in net::QuicHttpFrameDecoder::DecodeFrame(net::QuicHttpDecodeBuffer*) net/quic/http/decoder/quic_http_frame_decoder.cc:56:16
    #18 0x7f05400cf3b4 in net::QuicHttpDecoderAdapter::ProcessInputFrame(char const*, unsigned long) net/quic/http/decoder/quic_http_frame_decoder_adapter.cc:667:49
    #19 0x7f05400cea21 in net::QuicHttpDecoderAdapter::ProcessInput(char const*, unsigned long) net/quic/http/decoder/quic_http_frame_decoder_adapter.cc:176:30
    #20 0x7f053ffa4d94 in net::QuicSpdySession::ProcessHeaderData(iovec const&, net::QuicTime) net/quic/core/quic_spdy_session.cc:392:42
    #21 0x7f053fec1c8b in net::QuicHeadersStream::OnDataAvailable() net/quic/core/quic_headers_stream.cc:47:24
    #22 0x7f053ffeff7e in net::QuicStreamSequencer::OnStreamFrame(net::QuicStreamFrame const&) net/quic/core/quic_stream_sequencer.cc:86:16
    #23 0x7f053ffcf964 in net::QuicStream::OnStreamFrame(net::QuicStreamFrame const&) net/quic/core/quic_stream.cc:147:14
    #24 0x7f053ff36629 in net::QuicSession::OnStreamFrame(net::QuicStreamFrame const&) net/quic/core/quic_session.cc:126:11
    #25 0x7f053fa58be2 in net::QuicChromiumClientSession::OnStreamFrame(net::QuicStreamFrame const&) net/quic/chromium/quic_chromium_client_session.cc:926:27
    #26 0x7f053fdc4ea8 in net::QuicConnection::OnStreamFrame(net::QuicStreamFrame const&) net/quic/core/quic_connection.cc:729:13
    #27 0x7f053fe975cf in net::QuicFramer::ProcessFrameData(net::QuicDataReader*, net::QuicPacketHeader const&) net/quic/core/quic_framer.cc:1065:24
    #28 0x7f053fe938d7 in net::QuicFramer::ProcessDataPacket(net::QuicDataReader*, net::QuicPacketHeader*, net::QuicEncryptedPacket const&, char*, unsigned long) net/quic/core/quic_framer.cc:692:8
    #29 0x7f053fe8fd5b in net::QuicFramer::ProcessPacket(net::QuicEncryptedPacket const&) net/quic/core/quic_framer.cc:617:10
    #30 0x7f053fdd838a in net::QuicConnection::ProcessUdpPacket(net::QuicSocketAddress const&, net::QuicSocketAddress const&, net::QuicReceivedPacket const&) net/quic/core/quic_connection.cc:1357:16
    #31 0x7f053ff3cc8e in net::QuicSession::ProcessUdpPacket(net::QuicSocketAddress const&, net::QuicSocketAddress const&, net::QuicReceivedPacket const&) net/quic/core/quic_session.cc:370:16
    #32 0x7f053fa8240c in net::QuicChromiumClientSession::OnPacket(net::QuicReceivedPacket const&, net::QuicSocketAddress const&, net::QuicSocketAddress const&) net/quic/chromium/quic_chromium_client_session.cc:2388:3
    #33 0x7f053fabf14d in net::QuicChromiumPacketReader::ProcessReadResult(int) net/quic/chromium/quic_chromium_packet_reader.cc:93:20
    #34 0x7f053fabe8fb in net::QuicChromiumPacketReader::OnReadComplete(int) net/quic/chromium/quic_chromium_packet_reader.cc:99:7

Looks like it is not the first time this crash occurred. See  Issue 786812 ,  Issue 791244 ,	 Issue 801810 .

Assigning it to rch@ since he has fixed the previous occurrences recently.

ClusterFuzz has detected this issue as fixed in range 535537:535552.

Detailed report: https://clusterfuzz.com/testcase?key=4844507020132352

Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !QuicContainsKey(static_stream_map_, stream_id). Attempt to call GetOrCreateDyna
  net::QuicSession::GetOrCreateDynamicStream
  net::QuicSpdySession::GetSpdyDataStream
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=531452:531461
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=535537:535552

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4844507020132352

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4844507020132352 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.