Max Inden

> and the stride value is 1280. Just to avoid any confusion, the stride value is `1280` AND the datagram length value is `1280`. This is with the unit test...

@saschanaz when you have time, could you (1) apply the following git diff to your local mozilla-central checkout, (2) build in debug mode, and (3) try whether you can reproduce...

> Sent! It still showed a lot of dropped packets with decryption failure though. Thank you @saschanaz for the thorough work! For others, with the above [diff](https://github.com/quinn-rs/quinn/issues/2041#issuecomment-2476683112) the issue still...

> * > This code work fine on our side on Windows 10 and 11. > > > And you see coalesced packets on a regular basis? For what it...

@nibanks summary: - reproducible on Windows on ARM (Surface Pro 11 (Qualcomm Snapdragon X)) - also reported on Windows x86_64 - on a UDP socket [with `UDP_RECV_MAX_COALESCED_SIZE` set](https://github.com/quinn-rs/quinn/blob/d23e4e494f7446e21184bf58acd17a861ae73bba/quinn-udp/src/windows.rs#L113C22-L118) - [`WSARECVMSG`...

Investigation thus far. Panic occurs here: https://github.com/mozilla/neqo/blob/d513712bc9d06e297af5cf317a9f6dd70e69a88b/neqo-common/src/codec.rs#L309 Within `Encoder::encode_uint`: https://github.com/mozilla/neqo/blob/d513712bc9d06e297af5cf317a9f6dd70e69a88b/neqo-common/src/codec.rs#L302-L314 Called from `PacketBuilder::pn`: https://github.com/mozilla/neqo/blob/d513712bc9d06e297af5cf317a9f6dd70e69a88b/neqo-transport/src/packet/mod.rs#L321-L354 Called by `Connection::add_packet_number`: https://github.com/mozilla/neqo/blob/d513712bc9d06e297af5cf317a9f6dd70e69a88b/neqo-transport/src/connection/mod.rs#L1991-L2007 `n` can not be `>8` due to the line below where `MAX_PACKET_NUMBER_LEN`...

Provoking the panic itself at the level of `Connection::add_packet_number()` by providing an equal `largest_acknowledged` and `next_pn` is easy: ``` rust #[test] fn add_packet_number() { test_fixture::fixture_init(); let mut builder = PacketBuilder::short(neqo_common::Encoder::new(),...

The panic stack-trace is happening across various versions, all the way back to [Firefox 115.14](https://www.mozilla.org/en-US/firefox/115.14.0/releasenotes/).  https://crash-stats.mozilla.org/signature/?product=Firefox&signature=neqo_common%3A%3Acodec%3A%3AEncoder%3A%3Aencode_uint%3CT%3E&date=%3E%3D2024-09-17T11%3A46%3A00.000Z&date=%3C2024-09-24T11%3A46%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_columns=startup_crash&_sort=-date&page=1#summary This indicates (doesn't proof) that it is a bug introduced before https://github.com/mozilla/neqo/commit/16e90850e2a038f3c14f67ee53556739b0d8f603.

With my limited familiarity with crash-stats.mozilla.org in mind, that is my understanding too. That said, I have not been able to come up with a hypothesis why this would happen...

Impressive find. Thank you @yjugl. I reached out to gstoll. Will report here in case there is progress.