Implement OP_TEMPLATEHASH#3
Open
instagibbs wants to merge 6 commits intomasterfrom
Open
Conversation
The deployment is never active on mainnet or testnet. Activation parameters are intentionally left to be defined eventually and out of scope for this patchset. The deployment is always active on regtest, allowing us to extensively test expected behaviour of the proposed operation using the functional test suite. Co-Authored-By: Greg Sanders <gsanders87@gmail.com>
Script validation of OP_TEMPLATE is enabled past its activation height, which means it is currently never enabled on mainnet/testnet and always is on regtest. Tapscript spends making use of OP_TEMPLATE do not get relayed nor included in blocks until the soft fork is active. Note how the standardness script verify flags are set such as even post activation, an OP_TEMPLATEHASH related error would not be reported as a consensus error (and lead to peer disconnection). This can be changed in a future release, once the soft fork activation isn't recent anymore. Co-Authored-by: Greg Sanders <gsanders87@gmail.com>
instagibbs
pushed a commit
that referenced
this pull request
Aug 14, 2025
…xec in RunCommandJSON" faa1c3e Revert "Merge bitcoin#32343: common: Close non-std fds before exec in RunCommandJSON" (MarcoFalke) Pull request description: After a fork() in a multithreaded program, the child can safely call only async-signal-safe functions (see [signal-safety(7)](https://www.man7.org/linux/man-pages/man7/signal-safety.7.html)) until such time as it calls execv. The standard library (`std` namespace) is not async-signal-safe. Also, `throw`, isn't. There was an alternative implementation using `readdir` (bitcoin#32529), but that isn't async-signal-safe either, and that implementation was still using `throw`. So temporarily revert this feature. A follow-up in the future can add it back, using only async-signal-safe functions, or by using a different approach. Fixes bitcoin#32524 Fixes bitcoin#33015 Fixes bitcoin#32855 For reference, a failure can manifest in the GCC debug mode: * While `fork`ing, a debug mode mutex is held (by any other thread). * The `fork`ed child tries to use the stdard libary before `execv` and deadlocks. This may look like the following: ``` (gdb) thread apply all bt Thread 1 (Thread 0xf58f4b40 (LWP 774911) "b-httpworker.2"): #0 0xf7f4f589 in __kernel_vsyscall () #1 0xf79e467e in ?? () from /lib32/libc.so.6 #2 0xf79eb582 in pthread_mutex_lock () from /lib32/libc.so.6 #3 0xf7d93bf2 in ?? () from /lib32/libstdc++.so.6 bitcoin#4 0xf7d93f36 in __gnu_debug::_Safe_iterator_base::_M_attach(__gnu_debug::_Safe_sequence_base*, bool) () from /lib32/libstdc++.so.6 bitcoin#5 0x5668810a in __gnu_debug::_Safe_iterator_base::_Safe_iterator_base (this=0xf58f13ac, __seq=0xf58f13f8, __constant=false) at /bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/debug/safe_base.h:91 bitcoin#6 0x56ddfb50 in __gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<int*, std::__cxx1998::vector<int, std::allocator<int> > >, std::__debug::vector<int, std::allocator<int> >, std::forward_iterator_tag>::_Safe_iterator (this=0xf58f13a8, __i=3, __seq=0xf58f13f8) at /bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/debug/safe_iterator.h:162 bitcoin#7 0x56ddfacb in __gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<int*, std::__cxx1998::vector<int, std::allocator<int> > >, std::__debug::vector<int, std::allocator<int> >, std::bidirectional_iterator_tag>::_Safe_iterator (this=0xf58f13a8, __i=3, __seq=0xf58f13f8) at /bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/debug/safe_iterator.h:539 bitcoin#8 0x56ddfa5b in __gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<int*, std::__cxx1998::vector<int, std::allocator<int> > >, std::__debug::vector<int, std::allocator<int> >, std::random_access_iterator_tag>::_Safe_iterator (this=0xf58f13a8, __i=3, __seq=0xf58f13f8) at /bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/debug/safe_iterator.h:687 bitcoin#9 0x56ddd3f6 in std::__debug::vector<int, std::allocator<int> >::begin (this=0xf58f13f8) at /bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/debug/vector:300 bitcoin#10 0x57d83701 in subprocess::detail::Child::execute_child (this=0xf58f156c) at ./util/subprocess.h:1372 bitcoin#11 0x57d80a7c in subprocess::Popen::execute_process (this=0xf58f1cd8) at ./util/subprocess.h:1231 bitcoin#12 0x57d6d2b4 in subprocess::Popen::Popen<subprocess::input, subprocess::output, subprocess::error, subprocess::close_fds> (this=0xf58f1cd8, cmd_args="fake.py enumerate", args=..., args=..., args=..., args=...) at ./util/subprocess.h:964 bitcoin#13 0x57d6b597 in RunCommandParseJSON (str_command="fake.py enumerate", str_std_in="") at ./common/run_command.cpp:27 bitcoin#14 0x57a90547 in ExternalSigner::Enumerate (command="fake.py", signers=std::__debug::vector of length 0, capacity 0, chain="regtest") at ./external_signer.cpp:28 bitcoin#15 0x56defdab in enumeratesigners()::$_0::operator()(RPCHelpMan const&, JSONRPCRequest const&) const (this=0xf58f2ba0, self=..., request=...) at ./rpc/external_signer.cpp:51 ... (truncated, only one thread exists) ``` ACKs for top commit: fanquake: ACK faa1c3e darosior: ACK faa1c3e Tree-SHA512: 602da5f2eba08d7fe01ba19baf411e287ae27fe2d4b82f41734e05b7b1d938ce94cc0041e86ba677284fa92838e96ebee687023ff28047e2b036fd9a53567e0a
instagibbs
commented
Aug 27, 2025
| standard = hashtype in VALID_SIGHASHES_ECDSA and (p2sh or witv0) | ||
| add_spender(spenders, "compat/nocsa", hashtype=hashtype, p2sh=p2sh, witv0=witv0, standard=standard, script=CScript([OP_IF, OP_11, pubkey1, OP_CHECKSIGADD, OP_12, OP_EQUAL, OP_ELSE, pubkey1, OP_CHECKSIG, OP_ENDIF]), key=eckey1, sigops_weight=4-3*witv0, inputs=[getter("sign"), b''], failure={"inputs": [getter("sign"), b'\x01']}, **ERR_BAD_OPCODE) | ||
|
|
||
| # Should still fail if not in executed branch |
Owner
Author
There was a problem hiding this comment.
comment seems wrong; spender succeeds unless branch is taken
instagibbs
commented
Sep 3, 2025
| add_spender(spenders, "compat/nocsa", hashtype=hashtype, p2sh=p2sh, witv0=witv0, standard=standard, script=CScript([OP_IF, OP_11, pubkey1, OP_CHECKSIGADD, OP_12, OP_EQUAL, OP_ELSE, pubkey1, OP_CHECKSIG, OP_ENDIF]), key=eckey1, sigops_weight=4-3*witv0, inputs=[getter("sign"), b''], failure={"inputs": [getter("sign"), b'\x01']}, **ERR_BAD_OPCODE) | ||
|
|
||
| # Should still fail if not in executed branch | ||
| add_spender(spenders, "compat/noth", p2sh=p2sh, witv0=witv0, standard=p2sh or witv0, script=CScript([OP_IF, OP_TEMPLATEHASH, OP_ENDIF, OP_1]), inputs=[b''], failure={"inputs": [b'\x01']}, **ERR_BAD_OPCODE) |
Owner
Author
There was a problem hiding this comment.
for non-witv0, the failure path it will be non-standard, in addition to invalid, because of the inputs vector being interpreted as a serialized CScript.
Seems ok enough
instagibbs
force-pushed
the
2025-07-op_templatehash
branch
from
51cb164 to
a851295
Compare
instagibbs
pushed a commit
that referenced
this pull request
Feb 18, 2026
… corruption check in fees.dat fa1d17d refactor: Use uint64_t over size_t for serialize corruption check in fees.dat (MarcoFalke) Pull request description: Serialization should not behave differently on different architectures. See also the related commit 3789215. However, on fees.dat file corruption, 32-bit builds may run into an unsigned integer overflow and report the wrong corruption reason, or may even silently continue after the corruption. This is a bit hard to reproduce, because 32-bit platforms are rare and most of them don't support running the unsigned integer overflow sanitizer. So the possible options to reproduce are: * Run on armhf and manually annotate the code to detect the overflow * Run on i386 with the integer sanitizer (possibly via `podman run -it --rm --platform linux/i386 'debian:trixie'`) * Run the integer sanitizer on any 64-bit platform and manually replace type in the affected line by `uint32_t` Afterwards, the steps to reproduce are: ``` export DEBIAN_FRONTEND=noninteractive && apt update && apt install curl wget htop git vim ccache -y && git clone https://github.com/bitcoin/bitcoin.git --depth=1 ./b-c && cd b-c && apt install build-essential cmake pkg-config python3-zmq libzmq3-dev libevent-dev libboost-dev libsqlite3-dev systemtap-sdt-dev libcapnp-dev capnproto libqrencode-dev qt6-tools-dev qt6-l10n-tools qt6-base-dev clang llvm libc++-dev libc++abi-dev -y cmake -B ./bld-cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_COMPILER='clang' -DCMAKE_CXX_COMPILER='clang++' -DSANITIZERS=undefined,integer,float-divide-by-zero --preset=dev-mode cmake --build ./bld-cmake --parallel $(nproc) curl -fLO 'https://github.com/bitcoin-core/qa-assets/raw/b5ad78e070e4cf36beb415d7b490d948d70ba73f/fuzz_corpora/policy_estimator_io/607473137013139e3676e30ec4b29639e673fa9b' UBSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1" FUZZ=policy_estimator_io ./bld-cmake/bin/fuzz ./607473137013139e3676e30ec4b29639e673fa9b ``` The output will be something like: ``` /b-c/src/policy/fees/block_policy_estimator.cpp:448:25: runtime error: unsigned integer overflow: 346685954 * 219 cannot be represented in type 'unsigned int' #0 0x5b0b1bbe in TxConfirmStats::Read(AutoFile&, unsigned int) /b-c/bld-cmake/src/./policy/fees/block_policy_estimator.cpp:448:25 #1 0x5b0b7d3f in CBlockPolicyEstimator::Read(AutoFile&) /b-c/bld-cmake/src/./policy/fees/block_policy_estimator.cpp:1037:29 #2 0x592a9783 in policy_estimator_io_fuzz_target(std::span<unsigned char const, 4294967295u>) /b-c/bld-cmake/src/test/fuzz/./test/fuzz/policy_estimator_io.cpp:32:32 #3 0x5896ba8e in void std::__invoke_impl<void, void (*&)(std::span<unsigned char const, 4294967295u>), std::span<unsigned char const, 4294967295u>>(std::__invoke_other, void (*&)(std::span<unsigned char const, 4294967295u>), std::span<unsigned char const, 4294967295u>&&) /usr/lib/gcc/i686-linux-gnu/14/../../../../include/c++/14/bits/invoke.h:61:14 bitcoin#4 0x5896b8eb in std::enable_if<is_invocable_r_v<void, void (*&)(std::span<unsigned char const, 4294967295u>), std::span<unsigned char const, 4294967295u>>, void>::type std::__invoke_r<void, void (*&)(std::span<unsigned char const, 4294967295u>), std::span<unsigned char const, 4294967295u>>(void (*&)(std::span<unsigned char const, 4294967295u>), std::span<unsigned char const, 4294967295u>&&) /usr/lib/gcc/i686-linux-gnu/14/../../../../include/c++/14/bits/invoke.h:111:2 bitcoin#5 0x5896b44b in std::_Function_handler<void (std::span<unsigned char const, 4294967295u>), void (*)(std::span<unsigned char const, 4294967295u>)>::_M_invoke(std::_Any_data const&, std::span<unsigned char const, 4294967295u>&&) /usr/lib/gcc/i686-linux-gnu/14/../../../../include/c++/14/bits/std_function.h:290:9 bitcoin#6 0x59845c95 in std::function<void (std::span<unsigned char const, 4294967295u>)>::operator()(std::span<unsigned char const, 4294967295u>) const /usr/lib/gcc/i686-linux-gnu/14/../../../../include/c++/14/bits/std_function.h:591:9 bitcoin#7 0x5983a0da in test_one_input(std::span<unsigned char const, 4294967295u>) /b-c/bld-cmake/src/test/fuzz/util/./test/fuzz/fuzz.cpp:88:5 bitcoin#8 0x5983cb80 in main /b-c/bld-cmake/src/test/fuzz/util/./test/fuzz/fuzz.cpp:271:13 bitcoin#9 0xf75aecc2 (/lib/i386-linux-gnu/libc.so.6+0x24cc2) (BuildId: 2dc5f2945fad35c1b07d1a5a32520b3c41afaa75) bitcoin#10 0xf75aed87 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x24d87) (BuildId: 2dc5f2945fad35c1b07d1a5a32520b3c41afaa75) bitcoin#11 0x58932db6 in _start (/b-c/bld-cmake/bin/fuzz+0x235ddb6) (BuildId: 7d8d83a77923f14e99c0de64acbc5f5bfc2cce9b) SUMMARY: UndefinedBehaviorSanitizer: unsigned-integer-overflow /b-c/src/policy/fees/block_policy_estimator.cpp:448:25 ``` Note: This is marked a "refactor", because the code change does not affect 64-bit builds, and on the still remaining rare 32-bit builds today it is extremely unlikely to happen in production. ACKs for top commit: bensig: ACK fa1d17d ismaelsadeeq: utACK fa1d17d luke-jr: Also, utACK fa1d17d as an improvement. Tree-SHA512: 696bf8e0dbe4777c84cb90e313c7f8f9ee90d4b3e64de1222f8472b2d9d0f3a0f6f027fda743dd6ca8c6aab94f404db7a65bb562a76000d9c33a8a39de28d8d4
Ari4ka
approved these changes
Feb 18, 2026
This introduces a new Script operation exclusively available in Tapscript context: OP_TEMPLATEHASH. This operation pushes the hash of the spending transaction on the stack. See BIP xx for details. This operation is introduced as replacing OP_SUCCESS187 (0xbb). Co-Authored-By: Greg Sanders <gsanders87@gmail.com>
Sanity check the template hash by using it to commit to the transaction that must spend an output. Malleating committed fields must lead to a consensus failure, and changing non-committed fields is fine. We also add the option to generate test vectors from this unit test.
We introduce one specialized target focused on exercising the new `GetTemplateHash()` logic introduced for OP_TEMPLATEHASH, and one broader fuzz target which exercises using OP_TEMPLATEHASH on a variety of transactions while asserting invariants.
This leverages the extensive feature_taproot.py test framework to generate coverage for the numerous scenarii and mutations exercised there. Additionally, a separate feature_templatehash.py functional test is introduced for end-to-end testing of the commit-to-next-transaction use case, which does not fit nicely into the feature_taproot.py framework (assumes input independence).
instagibbs
force-pushed
the
2025-07-op_templatehash
branch
from
a851295 to
412adad
Compare
Ari4ka
approved these changes
Mar 19, 2026
instagibbs
pushed a commit
that referenced
this pull request
Mar 27, 2026
…ntracts 3281824 fuzz: prevent invalid `FRESH` entries and surface `BatchWrite` errors (Lőrinc) 780f460 fuzz: avoid invalid `AddCoin` overwrites (Lőrinc) d7e0d51 fuzz: make `AddCoins` query view for overwrites (Lőrinc) b8fa6f0 util: introduce `TrySub` to prevent unsigned underflow (Lőrinc) Pull request description: ### Problem This is an alternative approach to bitcoin#34647, fixes bitcoin#34645. ### Fix First, add `CheckedSub` and use it for decrements of `m_dirty_count` and `cachedCoinsUsage`, so unsigned underflows turn into immediate failures instead of silently wrapping and only failing later. <details><summary>Assertion `j <= i' failed.</summary> ```bash util/overflow.h:44 T CheckedSub(const T, const U) [T = unsigned long, U = bool]: Assertion `j <= i' failed. ==72817== ERROR: libFuzzer: deadly signal #0 0x556e9225eab5 in __sanitizer_print_stack_trace (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x191dab5) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) #1 0x556e921acafc in fuzzer::PrintStackTrace() (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x186bafc) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) #2 0x556e92191bb7 in fuzzer::Fuzzer::CrashCallback() (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x1850bb7) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) #3 0x7164cfc458cf (/lib/x86_64-linux-gnu/libc.so.6+0x458cf) (BuildId: ae7440bbdce614e0e79280c3b2e45b1df44e639c) bitcoin#4 0x7164cfca49bb in __pthread_kill_implementation nptl/pthread_kill.c:43:17 bitcoin#5 0x7164cfca49bb in __pthread_kill_internal nptl/pthread_kill.c:89:10 bitcoin#6 0x7164cfca49bb in pthread_kill nptl/pthread_kill.c:100:10 bitcoin#7 0x7164cfc4579d in raise signal/../sysdeps/posix/raise.c:26:13 bitcoin#8 0x7164cfc288cc in abort stdlib/abort.c:73:3 bitcoin#9 0x556e92f9d591 in assertion_fail(std::source_location const&, std::basic_string_view<char, std::char_traits<char>>) /mnt/my_storage/bitcoin/src/util/check.cpp:41:5 bitcoin#10 0x556e9250daf0 in bool&& inline_assertion_check<false, bool>(bool&&, std::source_location const&, std::basic_string_view<char, std::char_traits<char>>) /mnt/my_storage/bitcoin/src/util/check.h:90:13 bitcoin#11 0x556e9250daf0 in unsigned long CheckedSub<unsigned long, bool>(unsigned long, bool) /mnt/my_storage/bitcoin/src/util/overflow.h:44:5 bitcoin#12 0x556e9250daf0 in CoinsViewCacheCursor::NextAndMaybeErase(std::pair<COutPoint const, CCoinsCacheEntry>&) /mnt/my_storage/bitcoin/src/coins.h:282:25 bitcoin#13 0x556e92507eb2 in (anonymous namespace)::MutationGuardCoinsViewCache::BatchWrite(CoinsViewCacheCursor&, uint256 const&) /mnt/my_storage/bitcoin/src/test/fuzz/coins_view.cpp:90:75 bitcoin#14 0x556e92c17a2b in CCoinsViewCache::Flush(bool) /mnt/my_storage/bitcoin/src/coins.cpp:282:11 bitcoin#15 0x556e924fb732 in TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_1::operator()() const /mnt/my_storage/bitcoin/src/test/fuzz/coins_view.cpp:135:34 bitcoin#16 0x556e924fb732 in unsigned long CallOneOf<TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_0, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_1, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_2, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_3, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_4, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_5, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_6, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_7, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_8, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_9, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_10, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_11>(FuzzedDataProvider&, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_0, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_1, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_2, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_3, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_4, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_5, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_6, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_7, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_8, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_9, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_10, TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool)::$_11) /mnt/my_storage/bitcoin/src/test/fuzz/util.h:42:27 bitcoin#17 0x556e924fb732 in TestCoinsView(FuzzedDataProvider&, CCoinsViewCache&, CCoinsView&, bool) /mnt/my_storage/bitcoin/src/test/fuzz/coins_view.cpp:114:9 bitcoin#18 0x556e92503b0c in coins_view_overlay_fuzz_target(std::span<unsigned char const, 18446744073709551615ul>) /mnt/my_storage/bitcoin/src/test/fuzz/coins_view.cpp:404:5 bitcoin#19 0x556e92bcb7a5 in std::function<void (std::span<unsigned char const, 18446744073709551615ul>)>::operator()(std::span<unsigned char const, 18446744073709551615ul>) const /usr/lib/gcc/x86_64-linux-gnu/15/../../../../include/c++/15/bits/std_function.h:593:9 bitcoin#20 0x556e92bcb7a5 in test_one_input(std::span<unsigned char const, 18446744073709551615ul>) /mnt/my_storage/bitcoin/src/test/fuzz/fuzz.cpp:88:5 bitcoin#21 0x556e92bcb7a5 in LLVMFuzzerTestOneInput /mnt/my_storage/bitcoin/src/test/fuzz/fuzz.cpp:216:5 bitcoin#22 0x556e9219318f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x185218f) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) bitcoin#23 0x556e92192799 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x1851799) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) bitcoin#24 0x556e92194139 in fuzzer::Fuzzer::MutateAndTestOne() (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x1853139) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) bitcoin#25 0x556e92194c95 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile>>&) (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x1853c95) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) bitcoin#26 0x556e92181255 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x1840255) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) bitcoin#27 0x556e921ad696 in main (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x186c696) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) bitcoin#28 0x7164cfc2a577 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 bitcoin#29 0x7164cfc2a63a in __libc_start_main csu/../csu/libc-start.c:360:3 bitcoin#30 0x556e921757e4 in _start (/mnt/my_storage/bitcoin/build_fuzz/bin/fuzz+0x18347e4) (BuildId: d77c4d5f9dfd38ea06fab463f49341735205e109) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 2 PersAutoDict-CopyPart- DE: "\005\000"-; base unit: ecb626aff8724f0fdde38a0a6965718f2096d474 artifact_prefix='/tmp/fuzz_artifacts/'; Test unit written to /tmp/fuzz_artifacts/crash-1d19026c1a23f08bfe693fd684a56ce51187c6e5 ./build_fuzz/bin/fuzz /tmp/fuzz_corpus/coins_view_overlay -max_total_time=3600 -rss_limit_mb=2560 -artifact_prefix=/tmp/fuzz_artifacts/ >fuzz-16.log 2>&1 ``` </details> The coins view fuzz targets can call `AddCoin`/`AddCoins` and construct `BatchWrite` cursors in ways that violate `CCoinsViewCache` caller contracts. These invalid states can trigger `BatchWrite` `std::logic_error` and can desync dirty-entry accounting (caught by `Assume(m_dirty_count == 0)` currently). Make the fuzzer avoid generating invalid states instead of catching and resetting: * Derive `AddCoin`’s `possible_overwrite` from `PeekCoin`, so `possible_overwrite=false` is only used when the outpoint is absent - similarly to https://github.com/bitcoin/bitcoin/blob/67c0d1798e6147f48d4bafc2c9e5ff30f2a62340/src/test/fuzz/coinscache_sim.cpp#L312-L317 - Only use `AddCoins(check=false)` when we have confirmed the txid has no unspent outputs; otherwise fall back to `check=true` so `AddCoins` determines overwrites via the view. - When constructing a `CoinsViewCacheCursor`, avoid setting `FRESH` when the parent already has an unspent coin, and ensure `FRESH` implies `DIRTY`. ### Fuzzing The original error could be reproduced in ~10 minutes using `coins_view_overlay`. I ran the `coins_view`, `coins_view_db`, `coins_view_overlay`, and `coinscache_sim` fuzzers for this PR overnight and they didn't fail anymore. ACKs for top commit: achow101: ACK 3281824 sipa: ACK 3281824. Ran the 4 relevant fuzz tests for ~1 CPU day each. Will run more overnight. andrewtoth: ACK 3281824 Tree-SHA512: b8155e8d21740eb7800e373c27a8a1457eb84468c24af879bac5a1ed251ade2aec99c34a350a31f2ebb74e41bb7380bf20214d38d14fe23310a43282d2434fb7
instagibbs
pushed a commit
that referenced
this pull request
Mar 27, 2026
…Sync bench fa79098 test: Fix shutdown vptr race in BlockFilterIndexSync bench (MarcoFalke) Pull request description: Currently, the `BlockFilterIndexSync` may fail tsan. Diff to reproduce: ```diff diff --git a/src/validationinterface.cpp b/src/validationinterface.cpp index c7be6ab..4cb8435 100644 --- a/src/validationinterface.cpp +++ b/src/validationinterface.cpp @@ -14,2 +14,3 @@ #include <primitives/transaction.h> +#include <random.h> #include <util/check.h> @@ -156,2 +157,4 @@ void ValidationSignals::SyncWithValidationInterfaceQueue() +static FastRandomContext g_rnd{}; + // Use a macro instead of a function for conditional logging to prevent @@ -166,2 +169,3 @@ void ValidationSignals::SyncWithValidationInterfaceQueue() LOG_EVENT(fmt, local_name, __VA_ARGS__); \ + UninterruptibleSleep(1ms * g_rnd.randrange(95)); \ event(); \ ``` and then running the tsan CI pod: `MAKEJOBS="-j$(nproc)" FILE_ENV="./ci/test/00_setup_env_native_tsan.sh" ./ci/test_run_all.sh` After about 3 runs, it will fail. It is also possible to run in a loop inside the pod: `while TSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/tsan:halt_on_error=1:second_deadlock_stack=1" /ci_container_base/ci/scratch/build-x86_64-pc-linux-gnu/bin/bench_bitcoin -filter=BlockFilterIndexSync -sanity-check ; do true ; done` The output will be: ``` Running with -sanity-check option, output is being suppressed as benchmark results will be useless. Running with -sanity-check option, output is being suppressed as benchmark results will be useless. ================== WARNING: ThreadSanitizer: data race on vptr (ctor/dtor vs virtual call) (pid=100168) Write of size 8 at 0x7fffbe828aa8 by main thread: #0 BaseIndex::~BaseIndex() /ci_container_base/src/index/base.cpp:99:1 (bench_bitcoin+0x33c201) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) #1 BlockFilterIndex::~BlockFilterIndex() /ci_container_base/src/index/blockfilterindex.h:40:7 (bench_bitcoin+0x266000) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) #2 BlockFilterIndexSync(ankerl::nanobench::Bench&)::$_0::operator()() const /ci_container_base/src/bench/index_blockfilter.cpp:56:5 (bench_bitcoin+0x2659a1) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) #3 ankerl::nanobench::Bench& ankerl::nanobench::Bench::run<BlockFilterIndexSync(ankerl::nanobench::Bench&)::$_0>(BlockFilterIndexSync(ankerl::nanobench::Bench&)::$_0&&) /ci_container_base/src/bench/nanobench.h:1221:13 (bench_bitcoin+0x2659a1) bitcoin#4 BlockFilterIndexSync(ankerl::nanobench::Bench&) /ci_container_base/src/bench/index_blockfilter.cpp:46:33 (bench_bitcoin+0x26565a) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#5 std::__1::__invoke_result_impl<void, void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>::type std::__1::__invoke[abi:dee230000]<void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>(void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__type_traits/invoke.h:90:27 (bench_bitcoin+0x21b394) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#6 void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:dee230000]<void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>(void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__type_traits/invoke.h:350:5 (bench_bitcoin+0x21b394) bitcoin#7 void std::__1::__invoke_r[abi:dee230000]<void, void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>(void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__type_traits/invoke.h:356:10 (bench_bitcoin+0x21b394) bitcoin#8 std::__1::__function::__func<void (*)(ankerl::nanobench::Bench&), void (ankerl::nanobench::Bench&)>::operator()(ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__functional/function.h:172:12 (bench_bitcoin+0x21b394) bitcoin#9 std::__1::__function::__value_func<void (ankerl::nanobench::Bench&)>::operator()[abi:dee230000](ankerl::nanobench::Bench&) const /cxx_build/include/c++/v1/__functional/function.h:273:12 (bench_bitcoin+0x1cc77d) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#10 std::__1::function<void (ankerl::nanobench::Bench&)>::operator()(ankerl::nanobench::Bench&) const /cxx_build/include/c++/v1/__functional/function.h:754:10 (bench_bitcoin+0x1cc77d) bitcoin#11 benchmark::BenchRunner::RunAll(benchmark::Args const&) /ci_container_base/src/bench/bench.cpp:121:13 (bench_bitcoin+0x1cc77d) bitcoin#12 main /ci_container_base/src/bench/bench_bitcoin.cpp:135:9 (bench_bitcoin+0x1c5a76) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) Previous read of size 8 at 0x7fffbe828aa8 by thread T1: #0 ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_1::operator()() const::'lambda'(CValidationInterface&)::operator()(CValidationInterface&) const /ci_container_base/src/validationinterface.cpp:231:79 (bench_bitcoin+0x885feb) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) #1 void ValidationSignalsImpl::Iterate<ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_1::operator()() const::'lambda'(CValidationInterface&)>(ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_1::operator()() const::'lambda'(CValidationInterface&)&&) /ci_container_base/src/validationinterface.cpp:91:17 (bench_bitcoin+0x885feb) #2 ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_1::operator()() const /ci_container_base/src/validationinterface.cpp:231:22 (bench_bitcoin+0x885feb) #3 ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0::operator()() const /ci_container_base/src/validationinterface.cpp:233:27 (bench_bitcoin+0x885feb) bitcoin#4 std::__1::__invoke_result_impl<void, ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0&>::type std::__1::__invoke[abi:dee230000]<ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0&>(ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0&) /cxx_build/include/c++/v1/__type_traits/invoke.h:90:27 (bench_bitcoin+0x885feb) bitcoin#5 void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:dee230000]<ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0&>(ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0&) /cxx_build/include/c++/v1/__type_traits/invoke.h:350:5 (bench_bitcoin+0x885feb) bitcoin#6 void std::__1::__invoke_r[abi:dee230000]<void, ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0&>(ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0&) /cxx_build/include/c++/v1/__type_traits/invoke.h:356:10 (bench_bitcoin+0x885feb) bitcoin#7 std::__1::__function::__func<ValidationSignals::MempoolTransactionsRemovedForBlock(std::__1::vector<RemovedMempoolTransactionInfo, std::__1::allocator<RemovedMempoolTransactionInfo>> const&, unsigned int)::$_0, void ()>::operator()() /cxx_build/include/c++/v1/__functional/function.h:172:12 (bench_bitcoin+0x885feb) bitcoin#8 std::__1::__function::__value_func<void ()>::operator()[abi:dee230000]() const /cxx_build/include/c++/v1/__functional/function.h:273:12 (bench_bitcoin+0xddec83) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#9 std::__1::function<void ()>::operator()() const /cxx_build/include/c++/v1/__functional/function.h:754:10 (bench_bitcoin+0xddec83) bitcoin#10 SerialTaskRunner::ProcessQueue() /ci_container_base/src/scheduler.cpp:173:5 (bench_bitcoin+0xddec83) bitcoin#11 SerialTaskRunner::MaybeScheduleProcessQueue()::$_0::operator()() const /ci_container_base/src/scheduler.cpp:142:41 (bench_bitcoin+0xde08e5) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#12 std::__1::__invoke_result_impl<void, SerialTaskRunner::MaybeScheduleProcessQueue()::$_0&>::type std::__1::__invoke[abi:dee230000]<SerialTaskRunner::MaybeScheduleProcessQueue()::$_0&>(SerialTaskRunner::MaybeScheduleProcessQueue()::$_0&) /cxx_build/include/c++/v1/__type_traits/invoke.h:90:27 (bench_bitcoin+0xde08e5) bitcoin#13 void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:dee230000]<SerialTaskRunner::MaybeScheduleProcessQueue()::$_0&>(SerialTaskRunner::MaybeScheduleProcessQueue()::$_0&) /cxx_build/include/c++/v1/__type_traits/invoke.h:350:5 (bench_bitcoin+0xde08e5) bitcoin#14 void std::__1::__invoke_r[abi:dee230000]<void, SerialTaskRunner::MaybeScheduleProcessQueue()::$_0&>(SerialTaskRunner::MaybeScheduleProcessQueue()::$_0&) /cxx_build/include/c++/v1/__type_traits/invoke.h:356:10 (bench_bitcoin+0xde08e5) bitcoin#15 std::__1::__function::__func<SerialTaskRunner::MaybeScheduleProcessQueue()::$_0, void ()>::operator()() /cxx_build/include/c++/v1/__functional/function.h:172:12 (bench_bitcoin+0xde08e5) bitcoin#16 std::__1::__function::__value_func<void ()>::operator()[abi:dee230000]() const /cxx_build/include/c++/v1/__functional/function.h:273:12 (bench_bitcoin+0xddda36) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#17 std::__1::function<void ()>::operator()() const /cxx_build/include/c++/v1/__functional/function.h:754:10 (bench_bitcoin+0xddda36) bitcoin#18 CScheduler::serviceQueue() /ci_container_base/src/scheduler.cpp:60:17 (bench_bitcoin+0xddda36) bitcoin#19 ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2::operator()() const /ci_container_base/src/test/util/setup_common.cpp:250:114 (bench_bitcoin+0x2dcaa8) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#20 std::__1::__invoke_result_impl<void, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&>::type std::__1::__invoke[abi:dee230000]<ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&>(ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&) /cxx_build/include/c++/v1/__type_traits/invoke.h:90:27 (bench_bitcoin+0x2dcaa8) bitcoin#21 void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:dee230000]<ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&>(ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&) /cxx_build/include/c++/v1/__type_traits/invoke.h:350:5 (bench_bitcoin+0x2dcaa8) bitcoin#22 void std::__1::__invoke_r[abi:dee230000]<void, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&>(ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&) /cxx_build/include/c++/v1/__type_traits/invoke.h:356:10 (bench_bitcoin+0x2dcaa8) bitcoin#23 std::__1::__function::__func<ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2, void ()>::operator()() /cxx_build/include/c++/v1/__functional/function.h:172:12 (bench_bitcoin+0x2dcaa8) bitcoin#24 std::__1::__function::__value_func<void ()>::operator()[abi:dee230000]() const /cxx_build/include/c++/v1/__functional/function.h:273:12 (bench_bitcoin+0xef2b0b) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#25 std::__1::function<void ()>::operator()() const /cxx_build/include/c++/v1/__functional/function.h:754:10 (bench_bitcoin+0xef2b0b) bitcoin#26 util::TraceThread(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>) /ci_container_base/src/util/thread.cpp:21:9 (bench_bitcoin+0xef2b0b) bitcoin#27 std::__1::__invoke_result_impl<void, void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const*, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2>::type std::__1::__invoke[abi:dee230000]<void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const*, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2>(void (*&&)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const*&&, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&&) /cxx_build/include/c++/v1/__type_traits/invoke.h:90:27 (bench_bitcoin+0x2dc652) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#28 void std::__1::__thread_execute[abi:dee230000]<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const*, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2, 0ul, 1ul, 2ul>(std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const*, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2>&, std::__1::__integer_sequence<unsigned long, 0ul, 1ul, 2ul>) /cxx_build/include/c++/v1/__thread/thread.h:161:3 (bench_bitcoin+0x2dc652) bitcoin#29 void* std::__1::__thread_proxy[abi:dee230000]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct>>, void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const*, ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2>>(void*) /cxx_build/include/c++/v1/__thread/thread.h:169:3 (bench_bitcoin+0x2dc652) Location is stack of main thread. Thread T1 'b-scheduler' (tid=100170, running) created by main thread at: #0 pthread_create <null> (bench_bitcoin+0x13dc4e) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) #1 std::__1::__libcpp_thread_create[abi:dee230000](unsigned long*, void* (*)(void*), void*) /cxx_build/include/c++/v1/__thread/support/pthread.h:182:10 (bench_bitcoin+0x2d3531) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) #2 std::__1::thread::thread[abi:dee230000]<void (&)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const (&) [10], ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2, 0>(void (&)(std::__1::basic_string_view<char, std::__1::char_traits<char>>, std::__1::function<void ()>), char const (&) [10], ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts)::$_2&&) /cxx_build/include/c++/v1/__thread/thread.h:218:16 (bench_bitcoin+0x2d3531) #3 ChainTestingSetup::ChainTestingSetup(ChainType, TestOpts) /ci_container_base/src/test/util/setup_common.cpp:250:46 (bench_bitcoin+0x2d3531) bitcoin#4 TestingSetup::TestingSetup(ChainType, TestOpts) /ci_container_base/src/test/util/setup_common.cpp:344:7 (bench_bitcoin+0x2d4c1f) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#5 TestChain100Setup::TestChain100Setup(ChainType, TestOpts) /ci_container_base/src/test/util/setup_common.cpp:380:7 (bench_bitcoin+0x2d560a) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#6 std::__1::unique_ptr<TestChain100Setup, std::__1::default_delete<TestChain100Setup>> std::__1::make_unique[abi:dee230000]<TestChain100Setup, ChainType const&, TestOpts&, 0>(ChainType const&, TestOpts&) /cxx_build/include/c++/v1/__memory/unique_ptr.h:756:30 (bench_bitcoin+0x224eed) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#7 std::__1::unique_ptr<TestChain100Setup, std::__1::default_delete<TestChain100Setup>> MakeNoLogFileContext<TestChain100Setup>(ChainType, TestOpts) /ci_container_base/src/test/util/setup_common.h:259:12 (bench_bitcoin+0x224ce2) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#8 BlockFilterIndexSync(ankerl::nanobench::Bench&) /ci_container_base/src/bench/index_blockfilter.cpp:33:29 (bench_bitcoin+0x26530f) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#9 std::__1::__invoke_result_impl<void, void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>::type std::__1::__invoke[abi:dee230000]<void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>(void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__type_traits/invoke.h:90:27 (bench_bitcoin+0x21b394) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#10 void std::__1::__invoke_void_return_wrapper<void, true>::__call[abi:dee230000]<void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>(void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__type_traits/invoke.h:350:5 (bench_bitcoin+0x21b394) bitcoin#11 void std::__1::__invoke_r[abi:dee230000]<void, void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&>(void (*&)(ankerl::nanobench::Bench&), ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__type_traits/invoke.h:356:10 (bench_bitcoin+0x21b394) bitcoin#12 std::__1::__function::__func<void (*)(ankerl::nanobench::Bench&), void (ankerl::nanobench::Bench&)>::operator()(ankerl::nanobench::Bench&) /cxx_build/include/c++/v1/__functional/function.h:172:12 (bench_bitcoin+0x21b394) bitcoin#13 std::__1::__function::__value_func<void (ankerl::nanobench::Bench&)>::operator()[abi:dee230000](ankerl::nanobench::Bench&) const /cxx_build/include/c++/v1/__functional/function.h:273:12 (bench_bitcoin+0x1cc77d) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) bitcoin#14 std::__1::function<void (ankerl::nanobench::Bench&)>::operator()(ankerl::nanobench::Bench&) const /cxx_build/include/c++/v1/__functional/function.h:754:10 (bench_bitcoin+0x1cc77d) bitcoin#15 benchmark::BenchRunner::RunAll(benchmark::Args const&) /ci_container_base/src/bench/bench.cpp:121:13 (bench_bitcoin+0x1cc77d) bitcoin#16 main /ci_container_base/src/bench/bench_bitcoin.cpp:135:9 (bench_bitcoin+0x1c5a76) (BuildId: d6021b6fabe0b72ef5741922cc8e7f71ce6eac0c) SUMMARY: ThreadSanitizer: data race on vptr (ctor/dtor vs virtual call) /ci_container_base/src/index/base.cpp:99:1 in BaseIndex::~BaseIndex() ================== ``` Fix this by following the shutdown sequence of first stopping the index and then desctructing it, instead of doing both at the same time (stopping inside the desctructor). Also, apply the comment `// Shutdown sequence (c.f. Shutdown() in init.cpp)` consistently, while touching this topic of the codebase. Also, remove the unused `SyncWithValidationInterfaceQueue`, which is redundant to the prior `BlockUntilSyncedToCurrentChain`. See also the last comment in the pull request that introduced this: bitcoin#26188 (comment) > I think anything is fine here. Either keep both or delete both. Given that devs did not apply the redundant sync in two new cases, it seems fine to remove it. ACKs for top commit: achow101: ACK fa79098 sedited: ACK fa79098 Tree-SHA512: 3f46df283fa5f639e942b74459760104b79f11930b4249f73405f052131f69d01e91a8a4df496ca4f380fd2e0cb8d8c34f70f3e2b84730f3b8f445a98e468d1d
instagibbs
pushed a commit
that referenced
this pull request
Mar 27, 2026
After using `Threadpool` for HTTP server in PR 33689, the previously documented HTTP worker thread names are outdated. This commit makes the corresponding changes to document new names for the HTTP worker threads. Below is the output from the `thead list` command after attaching `lldb` to `bitcoind`. ```zsh thread #3: tid = 0xfe551, 0x00007ff80e3536f6 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'b-http_pool_0' thread bitcoin#4: tid = 0xfe552, 0x00007ff80e3536f6 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'b-http_pool_1' ```
instagibbs
pushed a commit
that referenced
this pull request
Mar 27, 2026
46189fd doc: update http worker thread names (rkrux) Pull request description: After using `Threadpool` for HTTP server in PR 33689, the previously documented HTTP worker thread names are outdated. This commit makes the corresponding changes to document new names for the HTTP worker threads. Below is the output from the `thead list` command after attaching `lldb` to `bitcoind`. ```zsh thread #3: tid = 0xfe551, 0x00007ff80e3536f6 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'b-http_pool_0' thread bitcoin#4: tid = 0xfe552, 0x00007ff80e3536f6 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'b-http_pool_1' ``` <!-- *** Please remove the following help text before submitting: *** Pull requests without a rationale and clear improvement may be closed immediately. GUI-related pull requests should be opened against https://github.com/bitcoin-core/gui first. See CONTRIBUTING.md --> <!-- Please provide clear motivation for your patch and explain how it improves Bitcoin Core user experience or Bitcoin Core developer experience significantly: * Any test improvements or new tests that improve coverage are always welcome. * All other changes should have accompanying unit tests (see `src/test/`) or functional tests (see `test/`). Contributors should note which tests cover modified code. If no tests exist for a region of modified code, new tests should accompany the change. * Bug fixes are most welcome when they come with steps to reproduce or an explanation of the potential issue as well as reasoning for the way the bug was fixed. * Features are welcome, but might be rejected due to design or scope issues. If a feature is based on a lot of dependencies, contributors should first consider building the system outside of Bitcoin Core, if possible. * Refactoring changes are only accepted if they are required for a feature or bug fix or otherwise improve developer experience significantly. For example, most "code style" refactoring changes require a thorough explanation why they are useful, what downsides they have and why they *significantly* improve developer experience or avoid serious programming bugs. Note that code style is often a subjective matter. Unless they are explicitly mentioned to be preferred in the [developer notes](/doc/developer-notes.md), stylistic code changes are usually rejected. --> <!-- Bitcoin Core has a thorough review process and even the most trivial change needs to pass a lot of eyes and requires non-zero or even substantial time effort to review. There is a huge lack of active reviewers on the project, so patches often sit for a long time. --> ACKs for top commit: l0rinc: ACK 46189fd hebasto: ACK 46189fd. theStack: ACK 46189fd furszy: ACK 46189fd sedited: ACK 46189fd Tree-SHA512: dc17dcd942a562da0e5ec9b6185db12d7e8ab8539fd6a78e944e95a723040c03c069f6806b8fc2f070839cb7012709d434b9e3e3bce08744dd818abbfe72e3ff
instagibbs
pushed a commit
that referenced
this pull request
Apr 17, 2026
…t of decodepsbt_inputs d517fa0 rpc: fix initialization-order-fiasco by lazy-init of decodepsbt_inputs (Eugene Siegel) Pull request description: Prior to this commit, `decodepsbt_inputs` would call `TxDoc` during initialization which lives in another TLU. `TxDoc` relies on `CURRENCY_UNIT` to be initialized when it may not have been (note this is different from the TLU containing `decodepsbt_inputs` which also has a `CURRENCY_UNIT`). Fix this by lazy initializing `decodepsbt_inputs`. Also prevent the issue in the future by doing the same for `decodepsbt_outputs` and `getblock_vin`. Curious why the CI missed this, it broke fuzzamoto. It was introduced in fadf901. I was able to trigger this with clang-21 and `ASAN_OPTIONS="detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1"`: ``` ================================================================= ==926804==ERROR: AddressSanitizer: initialization-order-fiasco on address 0x5631e5784288 at pc 0x5631e3309f9c bp 0x7ffdb6abc7b0 sp 0x7ffdb6abc7a8 READ of size 8 at 0x5631e5784288 thread T0 #0 0x5631e3309f9b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>::size() const /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.h:1064:16 #1 0x5631e3309f9b in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> std::operator+<char, std::char_traits<char>, std::allocator<char>>(char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/basic_string.tcc:618:35 #2 0x5631e4238948 in TxDoc(TxDocOptions const&) /root/bitcoin/src/rpc/rawtransaction_util.cpp:382:76 #3 0x5631e316945e in __cxx_global_var_init.9 /root/bitcoin/src/rpc/rawtransaction.cpp:784:17 bitcoin#4 0x5631e3186355 in _GLOBAL__sub_I_rawtransaction.cpp /root/bitcoin/src/rpc/rawtransaction.cpp bitcoin#5 0x7fa6ca046375 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x27375) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e) bitcoin#6 0x5631e31cf160 in _start (/root/bitcoin/build/bin/bitcoind+0x25b160) 0x5631e5784288 is located 56 bytes before global variable 'CURRENCY_ATOM[abi:cxx11]' defined in '/root/bitcoin/src/policy/feerate.h:20' (0x5631e57842c0) of size 32 registered at: #0 0x5631e31e5738 in __asan_register_globals /root/llvm-project/compiler-rt/lib/asan/asan_globals.cpp:431:3 #1 0x5631e31e68a9 in __asan_register_elf_globals /root/llvm-project/compiler-rt/lib/asan/asan_globals.cpp:414:3 0x5631e5784288 is located 8 bytes inside of global variable 'CURRENCY_UNIT[abi:cxx11]' defined in '/root/bitcoin/src/policy/feerate.h:19' (0x5631e5784280) of size 32 registered at: #0 0x5631e31e5738 in __asan_register_globals /root/llvm-project/compiler-rt/lib/asan/asan_globals.cpp:431:3 #1 0x5631e31e68a9 in __asan_register_elf_globals /root/llvm-project/compiler-rt/lib/asan/asan_globals.cpp:414:3 SUMMARY: AddressSanitizer: initialization-order-fiasco /root/bitcoin/src/rpc/rawtransaction_util.cpp:382:76 in TxDoc(TxDocOptions const&) Shadow bytes around the buggy address: 0x5631e5784000: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784080: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784100: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784180: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784200: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 =>0x5631e5784280: f6[f6]f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784300: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784380: f6 f6 f6 f6 01 f9 f9 f9 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784400: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784480: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 0x5631e5784500: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==926804==ABORTING ``` Can be reviewed with `git diff HEAD~1 -w` since it's mostly indentation. ACKs for top commit: davidgumberg: crACK bitcoin@d517fa0 nervana21: tACK d517fa0 dergoegge: tACK d517fa0 Tree-SHA512: cfcaf4baccbb5748ab10ba5537cfacf38d7137b7ff051ccb9aba0f673718be1532487586b4f4e6d2f4526ca1786733009bd73a870d79a966b9c1fb38f7aaf5cc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implementation of instagibbs/bips#1