Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

abort: quic_bugcheck in msquic 2.3.5 #4280

Open
1 of 4 tasks
qzhuyan opened this issue May 3, 2024 · 1 comment
Open
1 of 4 tasks

abort: quic_bugcheck in msquic 2.3.5 #4280

qzhuyan opened this issue May 3, 2024 · 1 comment
Labels
Bug: Core A code bug in the Core MsQuic code external Proposed by non-MSFT
Milestone
Future

Comments

@qzhuyan
Copy link
Contributor

qzhuyan commented May 3, 2024

Describe the bug

(gdb) bt full
#0  __pthread_kill_implementation (threadid=281472009564288, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
        tid = 457805
        ret = 0
        pd = 0xffff4f24f080
        old_mask = {__val = {281472878291084, 1102416563, 281472051204736, 281472048519040, 281472046898844, 281470726134240, 68719476736, 281470726133888, 281470726133920, 281470726134256, 281470726134248, 281472009560736, 281472047985312, 281470781056112, 281472051154944, 281472009558608}}
        ret = <optimized out>
#1  0x0000ffff82f0f254 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
No locals.
#2  0x0000ffff82eca67c in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x0000ffff82eb7130 in __GI_abort () at ./stdlib/abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0xffff835a0000 <__asan::AsanBuggyPcPool+120>, sa_sigaction = 0xffff835a0000 <__asan::AsanBuggyPcPool+120>}, sa_mask = {__val = {18446744073709547520, 281472658317312, 281472886308384, 281472884235020, 281472884235096, 281472884234868, 18150945922037014272, 281472051008640, 281472051009184, 1, 281470658482680, 281472046536976,
              18150945922037014272, 281472051008640, 281472009555968, 1}}, sa_flags = -23260680, sa_restorer = 0xffff515aeea8 <CxPlatSocketContextUninitialize+1420>}
        sigs = {__val = {32, 68719476736, 35183843042613, 281470744340904, 281470744340904, 281472051017152, 281472885456896, 281472051009184, 1, 281470658482680, 281472009561200, 281472884210692, 281472885456896, 18150945922037014272, 281472885456896, 281472884234856}}
#4  0x0000ffff51591914 in quic_bugcheck (File=0xffff519d5480 "/home/ubuntu/repo/quic/msquic/src/platform/datapath_epoll.c", Line=1142, Expr=0xffff519d56a0 "CxPlatEventQEnqueue( SocketContext->DatapathPartition->EventQ, &SocketContext->ShutdownSqe.Sqe, &SocketContext->ShutdownSqe)") at /home/ubuntu/repo/quic/msquic/src/platform/platform_posix.c:93
No locals.
#5  0x0000ffff515aeeb8 in CxPlatSocketContextUninitialize (SocketContext=<optimized out>) at /home/ubuntu/repo/quic/msquic/src/platform/datapath_epoll.c:1142
No locals.
#6  0x0000ffff515adc20 in SocketDelete (Socket=0xffff1aebd040) at /home/ubuntu/repo/quic/msquic/src/platform/datapath_epoll.c:1598
        i = 0
        SocketCount = <optimized out>
        __head = <optimized out>
#7  0x0000ffff515970e0 in CxPlatSocketDelete (Socket=<optimized out>) at /home/ubuntu/repo/quic/msquic/src/platform/datapath_linux.c:286
No locals.
#8  0x0000ffff51489024 in QuicBindingUninitialize (Binding=0xffff62614040) at /home/ubuntu/repo/quic/msquic/src/core/binding.c:205
        __head = <optimized out>
        __head = <optimized out>
#9  0x0000ffff51417200 in QuicLibraryReleaseBinding (Binding=0xffff62614040) at /home/ubuntu/repo/quic/msquic/src/core/library.c:2151
        Uninitialize = 1 '\001'
        __head = <optimized out>
#10 0x0000ffff5149c07c in QuicConnFree (Connection=0xfffefe9d0d00) at /home/ubuntu/repo/quic/msquic/src/core/connection.c:365
        Path = 0xfffefe9d0e30
        __head = <optimized out>
#11 0x0000ffff5146f190 in QuicConnRelease (Ref=<optimized out>, Connection=<optimized out>) at /home/ubuntu/repo/quic/msquic/src/core/connection.h:1085
No locals.
#12 QuicWorkerProcessConnection (Worker=0xffff756955f0, Connection=0xfffefe9d0d00, ThreadID=457805, TimeNow=<optimized out>) at /home/ubuntu/repo/quic/msquic/src/core/worker.c:558
        StillHasWorkToDo = <optimized out>
        DoneWithConnection = 1 '\001'
        __head = <optimized out>
        __head = <optimized out>
        __head = <optimized out>
#13 0x0000ffff5146fcfc in QuicWorkerLoop (Context=0xffff756955f0, State=0xffff4f24e740) at /home/ubuntu/repo/quic/msquic/src/core/worker.c:658
        Worker = <optimized out>
        Connection = 0xfffefe9d0d00
        Operation = <optimized out>
#14 0x0000ffff51588e28 in CxPlatRunExecutionContexts (Worker=<optimized out>, State=0xffff4f24e740) at /home/ubuntu/repo/quic/msquic/src/platform/platform_worker.c:395
        Next = 0x0
        Context = 0xffff756955f0
        Ready = <optimized out>
        NextTime = 18446744073709551615
        EC = 0xffff756b35f0
#15 0x0000ffff51589cb0 in CxPlatWorkerThread (Context=0xffff5f712c30) at /home/ubuntu/repo/quic/msquic/src/platform/platform_worker.c:492
        Worker = <optimized out>
        State = {TimeNow = 364643558352, LastWorkTime = 364640543362, WaitTime = 2993, NoWorkCount = 0, ThreadID = 457805}
        Shutdown = <optimized out>
        __head = <optimized out>
        __head = <optimized out>
#16 0x0000ffff82f0d5c8 in start_thread (arg=0x0) at ./nptl/pthread_create.c:442
        ret = <optimized out>
        pd = 0x0
        out = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {281472009564288, 281472629971952, 281472629969358, 8448192, 281472629969359, 0, 281472001114112, 8448192, 281472629993600, 281472001114112, 281472009562016, 16510817446987276462, 0, 16510817447862571794, 4637880783447523328, 0, 0, 0, 0, 0, 0, 0}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
              cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
#17 0x0000ffff82f75edc in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:79
No locals

Affected OS

  • Windows
  • Linux
  • macOS
  • Other (specify below)

Additional OS information

ubuntu22.04 ARM64

MsQuic version

v2.3

Steps taken to reproduce bug

Run property based test + ASAN check, happened 2 times out of ~18000 run.

Test just doing random send data over stream, create/shutdown streams, create/close connection, new stream over a connection at random timing.

Expected behavior

Test should pass without abortion

Actual outcome

Test failed due to quic_bugcheck abortion.

Additional details

No such issue with msquic 2.2.3.
Maybe it is fault at caller like use after close the handle? Will try to collect logs
@nibanks nibanks added the Bug: Core A code bug in the Core MsQuic code label May 3, 2024
@nibanks nibanks added this to the Future milestone May 3, 2024
@qzhuyan
Copy link
Contributor Author

qzhuyan commented May 8, 2024
edited

msquic.log.gz
log attached

correct me if I am wrong, I don't see the application double close the connection, so I think it is indeed a bug in Msquic?

@nibanks nibanks added external Proposed by non-MSFT labels May 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug: Core A code bug in the Core MsQuic code external Proposed by non-MSFT
Projects
None yet
Milestone
Future
Development

No branches or pull requests
2 participants
@qzhuyan @nibanks