Skip to content

Remove CXPLAT_FRE_ASSERT around QuicCryptoFrameEncode#6102

Merged
guhetier merged 1 commit into
release/2.5from
guhetier/recvfuzz_remove_crypto_assert_2_5_copilot
Jun 16, 2026
Merged

Remove CXPLAT_FRE_ASSERT around QuicCryptoFrameEncode#6102
guhetier merged 1 commit into
release/2.5from
guhetier/recvfuzz_remove_crypto_assert_2_5_copilot

Conversation

@guhetier

@guhetier guhetier commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Description

QuicCryptoFrameEncode legitimately returns FALSE when the CRYPTO frame would not fit in the remaining QUIC INITIAL packet payload. On release/2.5, recvfuzz's WriteCryptoFrame wraps this call in CXPLAT_FRE_ASSERT, which crashes the process with STATUS_ASSERTION_FAILURE (0xC0000420) before any actual fuzzing happens.

This is currently firing deterministically on the recvfuzz (Debug, windows, WinServerPrerelease, x64, schannel, -Test) stress job: the schannel ClientHello on the WinServerPrerelease image is ~1521 bytes (offers ML-KEM keyshares), which does not fit in the ~1170-byte INITIAL payload recvfuzz budgets for it.

A fuzzer should not assert on the return value of an encode helper anyway. This change just drops the CXPLAT_FRE_ASSERT wrapper, matching the behavior already present on main (commit cc81b151b, PR #5727). The TODO on main about properly fragmenting CRYPTO frames across multiple INITIAL packets still applies and is tracked separately.

Root-cause analysis was done from a process dump captured via diagnostic PR #6101 (now closed).

Testing

Existing CI matrix (Stress workflow recvfuzz job) is the test: it crashes deterministically on release/2.5 today and should stop crashing with this change. Verified locally that the Debug x64 schannel build succeeds.

Documentation

No documentation impact.

@guhetier guhetier mentioned this pull request Jun 15, 2026
Closed
@guhetier guhetier marked this pull request as ready for review June 15, 2026 21:24
@guhetier guhetier requested a review from a team as a code owner June 15, 2026 21:24
@mtfriesen mtfriesen requested a review from Copilot June 16, 2026 13:06
Copilot AI reviewed Jun 16, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the recvfuzz tool on release/2.5 to avoid asserting on QuicCryptoFrameEncode failures that can legitimately occur when the CRYPTO frame won’t fit into the remaining QUIC INITIAL payload. This prevents deterministic startup crashes in the stress/recvfuzz schannel configuration and aligns behavior with main.

Changes:

  • Remove CXPLAT_FRE_ASSERT wrapping QuicCryptoFrameEncode in WriteCryptoFrame.
  • Allow WriteCryptoFrame to proceed without crashing when the CRYPTO frame cannot be encoded due to remaining buffer constraints.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@guhetier
[recvfuzz] Remove CXPLAT_FRE_ASSERT around QuicCryptoFrameEncode
9e7de98 
QuicCryptoFrameEncode legitimately returns FALSE when the encoded CRYPTO frame would not fit in the remaining INITIAL packet payload. This happens on schannel builds whose ClientHello has grown beyond ~1200 bytes (e.g. WinServerPrerelease offering ML-KEM keyshares), causing recvfuzz on release/2.5 to crash with STATUS_ASSERTION_FAILURE before doing any actual fuzzing.

A fuzzer should not assert on the return value of an encode helper anyway; the existing call sites already tolerate a no-op encode. Match the behavior already present on main (commit cc81b15).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@guhetier guhetier force-pushed the guhetier/recvfuzz_remove_crypto_assert_2_5_copilot branch from 6efffa1 to 9e7de98 Compare June 16, 2026 20:18
@guhetier guhetier merged commit 87b5308 into release/2.5 Jun 16, 2026
279 checks passed
@guhetier guhetier deleted the guhetier/recvfuzz_remove_crypto_assert_2_5_copilot branch June 16, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mtfriesen mtfriesen mtfriesen approved these changes

@anrossi anrossi anrossi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@guhetier @mtfriesen @anrossi