valgrind: Conditional jump or move depends on uninitialised value(s) #29635

fanquake commented at 2:07 PM on March 12, 2024: member

I see this issue with latest master using Clang 17.0.6 on aarch64, and running the functional tests under Valgrind (3.22.0):

 node0 stderr ==75935== Thread 25 b-msghand:
==75935== Conditional jump or move depends on uninitialised value(s)
==75935==    at 0x1955B8: _M_reset (optional:313)
==75935==    by 0x1955B8: ~_Optional_payload (optional:437)
==75935==    by 0x1955B8: ~_Optional_base (optional:508)
==75935==    by 0x1955B8: GetLocalAddress(CNode const&) (???:220)
==75935==    by 0x1956A3: GetLocalAddrForPeer(CNode&) (net.cpp:240)
==75935==    by 0x1D091F: MaybeSendAddr (net_processing.cpp:5259)
==75935==    by 0x1D091F: (anonymous namespace)::PeerManagerImpl::SendMessages(CNode*) (???:5453)
==75935==    by 0x1AA183: CConnman::ThreadMessageHandler() (net.cpp:2886)
==75935==    by 0x750627: operator() (std_function.h:591)
==75935==    by 0x750627: util::TraceThread(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>) (???:21)
==75935==    by 0x1B290F: __invoke_impl<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3231:71)> (invoke.h:61)
==75935==    by 0x1B290F: __invoke<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3231:71)> (invoke.h:96)
==75935==    by 0x1B290F: _M_invoke<0UL, 1UL, 2UL> (std_thread.h:292)
==75935==    by 0x1B290F: operator() (std_thread.h:299)
==75935==    by 0x1B290F: std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), char const*, CConnman::Start(CScheduler&, CConnman::Options const&)::$_5> > >::_M_run() (std_thread.h:244)
==75935==    by 0x4C501BF: execute_native_thread_routine (thread.cc:104)
==75935==    by 0x4F85E37: start_thread (pthread_create.c:447)
==75935==    by 0x4FF0E5B: thread_start (clone.S:79)
==75935== 
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_M_reset
   fun:~_Optional_payload
   fun:~_Optional_base
   fun:_Z15GetLocalAddressRK5CNode
   fun:_Z19GetLocalAddrForPeerR5CNode
   fun:MaybeSendAddr
   fun:_ZN12_GLOBAL__N_115PeerManagerImpl12SendMessagesEP5CNode
   fun:_ZN8CConnman20ThreadMessageHandlerEv
   fun:operator()
   fun:_ZN4util11TraceThreadESt17basic_string_viewIcSt11char_traitsIcEESt8functionIFvvEE
   fun:__invoke_impl<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3231:71)>
   fun:__invoke<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3231:71)>
   fun:_M_invoke<0UL, 1UL, 2UL>
   fun:operator()
   fun:_ZNSt6thread11_State_implINS_8_InvokerISt5tupleIJPFvSt17basic_string_viewIcSt11char_traitsIcEESt8functionIFvvEEEPKcZN8CConnman5StartER10CSchedulerRKNSE_7OptionsEE3$_5EEEEE6_M_runEv
   fun:execute_native_thread_routine
   fun:start_thread
   fun:thread_start
}
==75935== 
==75935== Exit program on first error (--exit-on-first-error=yes)

Bisected to #28078 being the cause.

vasild commented at 2:21 PM on March 12, 2024: contributor

For the records, master is at d14c7286b653ad09a5a196aa351b325f97db546b (in case this vanishes due to some change in master).

I guess it must be 5316ae5dd8 from #28078. That commit can be reversed cleanly on master: git show 5316ae5dd8 |git apply -R. Can you try if the problem disappears if you do that? If it does, I wouldn't still revert it on master without understanding what the problem is actually.

Which test is causing this?

cc @jonatack, @stickies-v.

fanquake commented at 2:28 PM on March 12, 2024: member

Which test is causing this?

It will likely show up with almost any test i.e you can run example_test.py:

./autogen.sh && ./configure CC=clang CXX=clang++ && make -C src bitcoind && test/functional/test_runner.py example_test.py --combinedlogslen=19999 --timeout-factor=12 --valgrind
.....
 test  2024-03-12T14:26:46.321000Z TestFramework.node0 (DEBUG): Stopping node 

 node0 stderr ==205278== Thread 26 b-msghand:
==205278== Conditional jump or move depends on uninitialised value(s)
==205278==    at 0x1934C4: _M_reset (optional:313)
==205278==    by 0x1934C4: ~_Optional_payload (optional:437)
==205278==    by 0x1934C4: ~_Optional_base (optional:508)
==205278==    by 0x1934C4: GetLocalAddress(CNode const&) (???:220)
==205278==    by 0x1935B3: GetLocalAddrForPeer(CNode&) (net.cpp:240)
==205278==    by 0x1D0F87: MaybeSendAddr (net_processing.cpp:5401)
==205278==    by 0x1D0F87: (anonymous namespace)::PeerManagerImpl::SendMessages(CNode*) (???:5585)
==205278==    by 0x1A92C7: CConnman::ThreadMessageHandler() (net.cpp:2918)
==205278==    by 0x79017F: operator() (std_function.h:591)
==205278==    by 0x79017F: util::TraceThread(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>) (???:21)
==205278==    by 0x1B2653: __invoke_impl<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3267:71)> (invoke.h:61)
==205278==    by 0x1B2653: __invoke<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3267:71)> (invoke.h:96)
==205278==    by 0x1B2653: _M_invoke<0UL, 1UL, 2UL> (std_thread.h:292)
==205278==    by 0x1B2653: operator() (std_thread.h:299)
==205278==    by 0x1B2653: std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), char const*, CConnman::Start(CScheduler&, CConnman::Options const&)::$_6> > >::_M_run() (std_thread.h:244)
==205278==    by 0x4C501BF: execute_native_thread_routine (thread.cc:104)
==205278==    by 0x4F85E37: start_thread (pthread_create.c:447)
==205278==    by 0x4FF0E5B: thread_start (clone.S:79)
==205278== 
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_M_reset
   fun:~_Optional_payload
   fun:~_Optional_base
   fun:_Z15GetLocalAddressRK5CNode
   fun:_Z19GetLocalAddrForPeerR5CNode
   fun:MaybeSendAddr
   fun:_ZN12_GLOBAL__N_115PeerManagerImpl12SendMessagesEP5CNode
   fun:_ZN8CConnman20ThreadMessageHandlerEv
   fun:operator()
   fun:_ZN4util11TraceThreadESt17basic_string_viewIcSt11char_traitsIcEESt8functionIFvvEE
   fun:__invoke_impl<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3267:71)>
   fun:__invoke<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3267:71)>
   fun:_M_invoke<0UL, 1UL, 2UL>
   fun:operator()
   fun:_ZNSt6thread11_State_implINS_8_InvokerISt5tupleIJPFvSt17basic_string_viewIcSt11char_traitsIcEESt8functionIFvvEEEPKcZN8CConnman5StartER10CSchedulerRKNSE_7OptionsEE3$_6EEEEE6_M_runEv
   fun:execute_native_thread_routine
   fun:start_thread
   fun:thread_start
}
==205278== 
==205278== Exit program on first error (--exit-on-first-error=yes) 

TEST            | STATUS    | DURATION

example_test.py | ✖ Failed  | 15 s

ALL             | ✖ Failed  | 15 s (accumulated) 
Runtime: 15 s

vasild commented at 4:02 PM on March 12, 2024: contributor

@fanquake, what's in those lines in your optional header?

cat -n /usr/include/c++/13.2.1/optional |grep -B5 -A5 -E '^[[:space:]]*(313|437|508)'

(that 13.2.1 will probably be different in your environment).

vasild commented at 7:07 AM on March 13, 2024: contributor

A blind attempt, would this fix it?

--- i/src/net.cpp
+++ w/src/net.cpp
@@ -214,13 +214,17 @@ static std::vector<CAddress> ConvertSeeds(const std::vector<uint8_t> &vSeedsIn)
 // Determine the "best" local address for a particular peer.
 // If none, return the unroutable 0.0.0.0 but filled in with
 // the normal parameters, since the IP may be changed to a useful
 // one by discovery.
 CService GetLocalAddress(const CNode& peer)
 {
-    return GetLocal(peer).value_or(CService{CNetAddr(), GetListenPort()});
+    auto a = GetLocal(peer);
+    if (a.has_value()) {
+        return a.value();
+    }
+    return CService{CNetAddr(), GetListenPort()};
 }
 
 static int GetnScore(const CService& addr)

maflcko commented at 7:26 AM on March 13, 2024: member

@vasild This is a false positive. I am not sure about changing the source code to accommodate broken (test-only?) tools.

maflcko added the label Upstream on Mar 13, 2024

maflcko added the label Tests on Mar 13, 2024

maflcko commented at 7:27 AM on March 13, 2024: member

The gcc duplicate is #27741

vasild commented at 8:24 AM on March 13, 2024: contributor

I am not saying to commit the above to master, but just to check if it fixes the problem. If it does, then this is a proof that it is a problem outside of our source code. You seem to be convinced already.

maflcko commented at 8:31 AM on March 13, 2024: member

You seem to be convinced already.

Yes, it seems highly unlikely that no one ran into this UB on any platform, except for a single specific compiler, with a specific compiler version, on a specific arch, with a specific version of valgrind. If this isn't a valgrind upstream bug, it would mean that the current Bitcoin Core testing efforts are highly insufficient.

maflcko commented at 11:33 AM on March 13, 2024: member

I couldn't reproduce on a fresh Ubuntu 24.04 Noble:

export DEBIAN_FRONTEND=noninteractive && apt update && apt install curl wget htop git vim ccache -y && git clone https://github.com/bitcoin/bitcoin.git  --depth=1 ./bitcoin-core && cd bitcoin-core && apt install build-essential libtool autotools-dev automake pkg-config bsdmainutils python3     libevent-dev libboost-dev clang valgrind   -y   &&  ./autogen.sh && ./configure   CC=clang CXX=clang++ && make -j $(nproc) && test/functional/test_runner.py example_test.py --valgrind

root@659a40f0d803:/bitcoin-core# clang --version 
Ubuntu clang version 17.0.6 (5build1)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
root@659a40f0d803:/bitcoin-core# valgrind --version 
valgrind-3.22.0

fanquake commented at 11:45 AM on March 13, 2024: member

Still produces for me on Fedora:

./autogen.sh && ./configure CC=clang CXX=clang++ && make -C src bitcoind -j17
test/functional/test_runner.py example_test.py --combinedlogslen=19999 --timeout-factor=12 --valgrind
...
 node0 stderr ==12061== Thread 25 b-msghand:
==12061== Conditional jump or move depends on uninitialised value(s)
==12061==    at 0x193CAC: _M_reset (optional:313)
==12061==    by 0x193CAC: ~_Optional_payload (optional:437)
==12061==    by 0x193CAC: ~_Optional_base (optional:508)
==12061==    by 0x193CAC: GetLocalAddress(CNode const&) (???:220)
==12061==    by 0x193D9B: GetLocalAddrForPeer(CNode&) (net.cpp:240)
==12061==    by 0x1D1963: MaybeSendAddr (net_processing.cpp:5407)
==12061==    by 0x1D1963: (anonymous namespace)::PeerManagerImpl::SendMessages(CNode*) (???:5591)
==12061==    by 0x1A9F43: CConnman::ThreadMessageHandler() (net.cpp:2906)
==12061==    by 0x7925F3: operator() (std_function.h:591)
==12061==    by 0x7925F3: util::TraceThread(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>) (???:21)
==12061==    by 0x1B3383: __invoke_impl<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3255:71)> (invoke.h:61)
==12061==    by 0x1B3383: __invoke<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3255:71)> (invoke.h:96)
==12061==    by 0x1B3383: _M_invoke<0UL, 1UL, 2UL> (std_thread.h:292)
==12061==    by 0x1B3383: operator() (std_thread.h:299)
==12061==    by 0x1B3383: std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), char const*, CConnman::Start(CScheduler&, CConnman::Options const&)::$_6> > >::_M_run() (std_thread.h:244)
==12061==    by 0x4C501BF: execute_native_thread_routine (thread.cc:104)
==12061==    by 0x4F85E37: start_thread (pthread_create.c:447)
==12061==    by 0x4FF0E5B: thread_start (clone.S:79)
==12061== 
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_M_reset
   fun:~_Optional_payload
   fun:~_Optional_base
   fun:_Z15GetLocalAddressRK5CNode
   fun:_Z19GetLocalAddrForPeerR5CNode
   fun:MaybeSendAddr
   fun:_ZN12_GLOBAL__N_115PeerManagerImpl12SendMessagesEP5CNode
   fun:_ZN8CConnman20ThreadMessageHandlerEv
   fun:operator()
   fun:_ZN4util11TraceThreadESt17basic_string_viewIcSt11char_traitsIcEESt8functionIFvvEE
   fun:__invoke_impl<void, void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3255:71)>
   fun:__invoke<void (*)(std::basic_string_view<char, std::char_traits<char> >, std::function<void ()>), const char *, (lambda at net.cpp:3255:71)>
   fun:_M_invoke<0UL, 1UL, 2UL>
   fun:operator()
   fun:_ZNSt6thread11_State_implINS_8_InvokerISt5tupleIJPFvSt17basic_string_viewIcSt11char_traitsIcEESt8functionIFvvEEEPKcZN8CConnman5StartER10CSchedulerRKNSE_7OptionsEE3$_6EEEEE6_M_runEv
   fun:execute_native_thread_routine
   fun:start_thread
   fun:thread_start
}
==12061== 
==12061== Exit program on first error (--exit-on-first-error=yes) 

TEST            | STATUS    | DURATION

example_test.py | ✖ Failed  | 15 s

ALL             | ✖ Failed  | 15 s (accumulated) 
Runtime: 15 s

Note that this is now with Clang 18.1.0:

clang --version
clang version 18.1.0 (Fedora 18.1.0~rc4-2.fc41)
Target: aarch64-redhat-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Configuration file: /etc/clang/clang.cfg

vasild commented at 12:16 PM on March 13, 2024: contributor

The bug could be inside /usr/include/c++/.../optional.

maflcko commented at 12:58 PM on March 13, 2024: member

The bug could be inside /usr/include/c++/.../optional.

That'd be even more unlikely, that the bug is in a std lib header file, and it triggers for no one, except for a single specific line, in a specific project, on a specific arch, on a specific compiler, on a specific compiler version.

maflcko commented at 1:25 PM on March 13, 2024: member

The only alternative I could see is that the bug is in the optimizer (compiler), but assuming that the compiler receives more testing than valgrind, it is still more likely that the bug is in valgrind.

maflcko commented at 3:20 PM on March 13, 2024: member

Note that this is now with Clang 18.1.0:

Ok, so that seems like a typo in the initial report? Same here:

root@659a40f0d803:/bitcoin-core# clang++-18 --version 
Ubuntu clang version 18.1.0 (rc2-4)
Target: aarch64-unknown-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

fanquake commented at 3:21 PM on March 13, 2024: member

Ok, so that seems like a typo in the initial report?

No, it was Clang 17 yesterday.

fanquake commented at 3:25 PM on March 13, 2024: member

It seems like the easiest path forward here is to suppress the two assumed Valgrind false positives, linking to the upstream report.

maflcko commented at 8:03 AM on March 14, 2024: member

I tried again with clang 17 (on fedora), but it still wouldn't fail:

clang version 17.0.6 (Fedora 17.0.6-2.fc39)
Target: aarch64-redhat-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

maflcko commented at 6:39 PM on March 14, 2024: member

Also fails in libc++-18:

export DEBIAN_FRONTEND=noninteractive && apt update && apt install curl wget htop git vim ccache -y && git clone https://github.com/bitcoin/bitcoin.git  --depth=1 ./bitcoin-core && cd bitcoin-core && apt install build-essential libtool autotools-dev automake pkg-config bsdmainutils python3     libevent-dev libboost-dev clang-18 libclang-rt-18-dev libc++abi-18-dev libc++-18-dev valgrind   -y   &&  ./autogen.sh && ./configure   CC=clang-18 CXX='clang++-18 -stdlib=libc++' && make -j $(nproc) src/bitcoind && ./test/functional/p2p_addr_relay.py --valgrind

 node0 stderr ==20019== Thread 14 b-msghand:
==20019== Conditional jump or move depends on uninitialised value(s)
==20019==    at 0x18AF84: ~__optional_destruct_base (optional:298)
==20019==    by 0x18AF84: GetLocalAddress(CNode const&) (???:220)
==20019==    by 0x18B06B: GetLocalAddrForPeer(CNode&) (net.cpp:240)
==20019==    by 0x1C68A3: MaybeSendAddr (net_processing.cpp:5407)
==20019==    by 0x1C68A3: (anonymous namespace)::PeerManagerImpl::SendMessages(CNode*) (???:5591)
==20019==    by 0x19FD93: CConnman::ThreadMessageHandler() (net.cpp:2906)
==20019==    by 0x58FBBF: operator() (function.h:428)
==20019==    by 0x58FBBF: operator() (function.h:981)
==20019==    by 0x58FBBF: util::TraceThread(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::function<void ()>) (???:21)
==20019==    by 0x1A8F27: __invoke<void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::function<void ()>), const char *, (lambda at net.cpp:3255:71)> (invoke.h:344)
==20019==    by 0x1A8F27: __thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::function<void ()>), const char *, (lambda at net.cpp:3255:71), 2UL, 3UL> (thread.h:193)
==20019==    by 0x1A8F27: void* std::__1::__thread_proxy[abi:ne180100]<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::function<void ()>), char const*, CConnman::Start(CScheduler&, CConnman::Options const&)::$_4> >(void*) (thread.h:202)
==20019==    by 0x4C9597B: start_thread (pthread_create.c:447)
==20019==    by 0x4CFB7DB: thread_start (clone.S:79)
==20019== 
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:~__optional_destruct_base
   fun:_Z15GetLocalAddressRK5CNode
   fun:_Z19GetLocalAddrForPeerR5CNode
   fun:MaybeSendAddr
   fun:_ZN12_GLOBAL__N_115PeerManagerImpl12SendMessagesEP5CNode
   fun:_ZN8CConnman20ThreadMessageHandlerEv
   fun:operator()
   fun:operator()
   fun:_ZN4util11TraceThreadENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEENS0_8functionIFvvEEE
   fun:__invoke<void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::function<void ()>), const char *, (lambda at net.cpp:3255:71)>
   fun:__thread_execute<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(std::__1::basic_string_view<char, std::__1::char_traits<char> >, std::__1::function<void ()>), const char *, (lambda at net.cpp:3255:71), 2UL, 3UL>
   fun:_ZNSt3__114__thread_proxyB8ne180100INS_5tupleIJNS_10unique_ptrINS_15__thread_structENS_14default_deleteIS3_EEEEPFvNS_17basic_string_viewIcNS_11char_traitsIcEEEENS_8functionIFvvEEEEPKcZN8CConnman5StartER10CSchedulerRKNSI_7OptionsEE3$_4EEEEEPvSQ_
   fun:start_thread
   fun:thread_start
}
==20019== 
==20019== Exit program on first error (--exit-on-first-error=yes)

maflcko commented at 7:55 PM on March 14, 2024: member

Minimized so far:

# batcat main.cpp dummy.* && clang++-18 -std=c++17  -g -O2   -I.   main.cpp dummy.cpp -o /tmp/exe && valgrind /tmp/exe 
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: main.cpp
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ #include <dummy.h>
   2   │ 
   3   │ #include <optional>
   4   │ #include <set>
   5   │ 
   6   │ static std::set<int> empty_set;
   7   │ 
   8   │ std::optional<dummy> static none()
   9   │ {
  10   │     std::optional<dummy> maybe;
  11   │     {
  12   │         for (const auto& a : empty_set) {
  13   │             if (empty_set.size() > 10) {
  14   │                 maybe.emplace(dummy{});
  15   │             }
  16   │         }
  17   │     }
  18   │     return maybe;
  19   │ }
  20   │ 
  21   │ dummy dummy_or_default()
  22   │ {
  23   │     return none().value_or(dummy{});
  24   │ }
  25   │ 
  26   │ int main()
  27   │ {
  28   │     dummy_or_default();
  29   │ }
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: dummy.cpp
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ #include <dummy.h>
   2   │ 
   3   │ dummy::dummy() = default;
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: dummy.h
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ #include <cstdlib>
   2   │ 
   3   │ struct dummy {
   4   │     char* ptr{};
   5   │ 
   6   │     unsigned zero = 0;
   7   │     bool hp() const { return zero > 0; }
   8   │ 
   9   │     dummy();
  10   │ 
  11   │     ~dummy()
  12   │     {
  13   │         if (hp()) std::free(ptr);
  14   │     }
  15   │ };
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
==73841== Memcheck, a memory error detector
==73841== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==73841== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==73841== Command: /tmp/exe
==73841== 
==73841== Conditional jump or move depends on uninitialised value(s)
==73841==    at 0x108BB8: _M_reset (optional:317)
==73841==    by 0x108BB8: ~_Optional_payload (optional:441)
==73841==    by 0x108BB8: ~_Optional_base (optional:512)
==73841==    by 0x108BB8: dummy_or_default() (???:23)
==73841==    by 0x108C27: main (main.cpp:28)
==73841== 
==73841== 
==73841== HEAP SUMMARY:
==73841==     in use at exit: 0 bytes in 0 blocks
==73841==   total heap usage: 1 allocs, 1 frees, 73,728 bytes allocated
==73841== 
==73841== All heap blocks were freed -- no leaks are possible
==73841== 
==73841== Use --track-origins=yes to see where uninitialised values come from
==73841== For lists of detected and suppressed errors, rerun with: -s
==73841== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

maflcko commented at 1:52 PM on April 9, 2024: member

https://bugs.kde.org/show_bug.cgi?id=485276

maflcko commented at 3:28 PM on April 10, 2024: member

Some options:

Add a valgrind suppression
Avoid clang17+ for now, use up to clang16 in CI
Require clang++ -O1 for now
Something else?

fanquake commented at 5:50 PM on November 12, 2024: member

I think we could move to Ocular (gives us Valgrind 3.23.0, and we remember to switch to 25 before June), Clang 18 (31273) + some suppressions. Was running some tests of #31273 + this diff:

diff --git a/ci/test/00_setup_env_native_fuzz_with_valgrind.sh b/ci/test/00_setup_env_native_fuzz_with_valgrind.sh
index d3c95af99e..f0e8e92889 100755
--- a/ci/test/00_setup_env_native_fuzz_with_valgrind.sh
+++ b/ci/test/00_setup_env_native_fuzz_with_valgrind.sh
@@ -6,7 +6,7 @@
 
 export LC_ALL=C.UTF-8
 
-export CI_IMAGE_NAME_TAG="docker.io/ubuntu:24.04"
+export CI_IMAGE_NAME_TAG="docker.io/ubuntu:24.10"
 export CONTAINER_NAME=ci_native_fuzz_valgrind
 export PACKAGES="clang-18 llvm-18 libclang-rt-18-dev libevent-dev libboost-dev libsqlite3-dev valgrind"
 export NO_DEPENDS=1
diff --git a/ci/test/00_setup_env_native_valgrind.sh b/ci/test/00_setup_env_native_valgrind.sh
index b467a93920..c44528111d 100755
--- a/ci/test/00_setup_env_native_valgrind.sh
+++ b/ci/test/00_setup_env_native_valgrind.sh
@@ -6,7 +6,7 @@
 
 export LC_ALL=C.UTF-8
 
-export CI_IMAGE_NAME_TAG="docker.io/ubuntu:24.04"
+export CI_IMAGE_NAME_TAG="docker.io/ubuntu:24.10"
 export CONTAINER_NAME=ci_native_valgrind
 export PACKAGES="valgrind clang-18 llvm-18 libclang-rt-18-dev python3-zmq libevent-dev libboost-dev libdb5.3++-dev libzmq3-dev libsqlite3-dev"
 export USE_VALGRIND=1
diff --git a/contrib/valgrind.supp b/contrib/valgrind.supp
index 1ec5b8d20d..16088c7f7b 100644
--- a/contrib/valgrind.supp
+++ b/contrib/valgrind.supp
@@ -15,6 +15,24 @@
 # Tested on:
 # * aarch64 (Ubuntu Noble system libs, clang, without gui)
 # * x86_64  (Ubuntu Noble system libs, clang, without gui)
+{
+   <insert_a_suppression_name_here>
+   Memcheck:Cond
+   fun:_M_reset
+   fun:~_Optional_payload
+   fun:~_Optional_base
+   fun:_Z15GetLocalAddressRK5CNode
+   fun:_Z19GetLocalAddrForPeerR5CNode
+}
+{
+   <insert_a_suppression_name_here>
+   Memcheck:Cond
+   fun:_ZN6wallet12MakeDatabaseERKN2fs4pathERKNS_15DatabaseOptionsERNS_14DatabaseStatusER13bilingual_str
+   fun:_ZN6wallet18MakeWalletDatabaseERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKNS_15DatabaseOptionsERNS_14DatabaseStatusER13bilingual_str
+   fun:_ZN6wallet14TestLoadWalletERNS_13WalletContextE
+   fun:_ZN6wallet12wallet_tests12CreateWallet11test_methodEv
+   fun:_ZN6wallet12wallet_testsL20CreateWallet_invokerEv
+}
 {
    Suppress libdb warning - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662917
    Memcheck:Cond

which seems to work ok. I did see a timeout in validation_block_tests, but I can bump the timeout factor.

maflcko commented at 5:57 PM on November 12, 2024: member

I think we could move to Ocular (gives us Valgrind 3.23.0

Isn't valgrind 3.22 enough, so we could just stay with the LTS Ubuntu? Also, the suppression won't work for libc++, likely. Not sure if this is worth it to support.

fanquake commented at 5:58 PM on November 12, 2024: member

Also, the suppression won't work for libc++

We aren't using libc++ though?

maflcko commented at 6:43 AM on November 15, 2024: member

The current CI with clang-16 seems to fail on arm64 anyway?

/ci_container_base/ci/scratch/build-aarch64-unknown-linux-gnu/src/test/test_bitcoin -t wallet_tests

==7187== Conditional jump or move depends on uninitialised value(s)
==7187==    at 0xD363B4: wallet::MakeDatabase(fs::path const&, wallet::DatabaseOptions const&, wallet::DatabaseStatus&, bilingual_str&) (./wallet/walletdb.cpp:1447)
==7187==    by 0xCF6DCB: wallet::MakeWalletDatabase(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, wallet::DatabaseOptions const&, wallet::DatabaseStatus&, bilingual_str&) (./wallet/wallet.cpp:2980)
==7187==    by 0x8C2167: wallet::TestLoadWallet(wallet::WalletContext&) (./wallet/test/util.cpp:69)
==7187==    by 0x875E3B: wallet::wallet_tests::CreateWallet::test_method() (./wallet/test/wallet_tests.cpp:906)
==7187==    by 0x8749D7: wallet::wallet_tests::CreateWallet_invoker() (./wallet/test/wallet_tests.cpp:820)
==7187==    by 0x22943B: operator() (function_template.hpp:771)
==7187==    by 0x22943B: operator() (execution_monitor.ipp:1395)
==7187==    by 0x22943B: boost::detail::function::function_obj_invoker0<boost::detail::forward, int>::invoke(boost::detail::function::function_buffer&) (function_template.hpp:137)
==7187==    by 0x1D8C43: operator() (function_template.hpp:771)
==7187==    by 0x1D8C43: do_invoke<boost::shared_ptr<boost::detail::translator_holder_base>, boost::function<int ()> > (execution_monitor.ipp:308)
==7187==    by 0x1D8C43: boost::execution_monitor::catch_signals(boost::function<int ()> const&) (execution_monitor.ipp:910)
==7187==    by 0x1D8E93: boost::execution_monitor::execute(boost::function<int ()> const&) (execution_monitor.ipp:1308)
==7187==    by 0x1D4CDF: vexecute (execution_monitor.ipp:1404)
==7187==    by 0x1D4CDF: boost::unit_test::unit_test_monitor_t::execute_and_translate(boost::function<void ()> const&, unsigned long) (unit_test_monitor.ipp:49)
==7187==    by 0x1F735F: boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned long, boost::unit_test::framework::state::random_generator_helper const*) (framework.ipp:815)
==7187==    by 0x1F7153: boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned long, boost::unit_test::framework::state::random_generator_helper const*) (framework.ipp:784)
==7187==    by 0x1F7153: boost::unit_test::framework::state::execute_test_tree(unsigned long, unsigned long, boost::unit_test::framework::state::random_generator_helper const*) (framework.ipp:784)
==7187== 
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_ZN6wallet12MakeDatabaseERKN2fs4pathERKNS_15DatabaseOptionsERNS_14DatabaseStatusER13bilingual_str
   fun:_ZN6wallet18MakeWalletDatabaseERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKNS_15DatabaseOptionsERNS_14DatabaseStatusER13bilingual_str
   fun:_ZN6wallet14TestLoadWalletERNS_13WalletContextE
   fun:_ZN6wallet12wallet_tests12CreateWallet11test_methodEv
   fun:_ZN6wallet12wallet_testsL20CreateWallet_invokerEv
   fun:operator()
   fun:operator()
   fun:_ZN5boost6detail8function21function_obj_invoker0INS0_7forwardEiE6invokeERNS1_15function_bufferE
   fun:operator()
   fun:do_invoke<boost::shared_ptr<boost::detail::translator_holder_base>, boost::function<int ()> >
   fun:_ZN5boost17execution_monitor13catch_signalsERKNS_8functionIFivEEE
   fun:_ZN5boost17execution_monitor7executeERKNS_8functionIFivEEE
   fun:vexecute
   fun:_ZN5boost9unit_test19unit_test_monitor_t21execute_and_translateERKNS_8functionIFvvEEEm
   fun:_ZN5boost9unit_test9framework5state17execute_test_treeEmmPKNS2_23random_generator_helperE
   fun:_ZN5boost9unit_test9framework5state17execute_test_treeEmmPKNS2_23random_generator_helperE
   fun:_ZN5boost9unit_test9framework5state17execute_test_treeEmmPKNS2_23random_generator_helperE
}

*** No errors detected

maflcko commented at 2:20 PM on October 30, 2025: member

I think this is hopeless, even with -O1, using the following diff, it fails.

sh-5.2# git log -1 --oneline
72511fd (grafted, HEAD -> master, origin/master, origin/HEAD) Merge bitcoin/bitcoin#33555: build: Bump clang minimum supported version to 17
sh-5.2# git diff
diff --git a/ci/test/00_setup_env_native_valgrind.sh b/ci/test/00_setup_env_native_valgrind.sh
index d6c4575..b64648f 100755
--- a/ci/test/00_setup_env_native_valgrind.sh
+++ b/ci/test/00_setup_env_native_valgrind.sh
@@ -8,7 +8,7 @@ export LC_ALL=C.UTF-8
 
 export CI_IMAGE_NAME_TAG="mirror.gcr.io/ubuntu:24.04"
 export CONTAINER_NAME=ci_native_valgrind
-export PACKAGES="valgrind python3-zmq libevent-dev libboost-dev libzmq3-dev libsqlite3-dev libcapnp-dev capnproto python3-pip"
+export PACKAGES="valgrind clang llvm libclang-rt-dev python3-zmq libevent-dev libboost-dev libzmq3-dev libsqlite3-dev libcapnp-dev capnproto python3-pip"
 export PIP_PACKAGES="--break-system-packages pycapnp"
 export USE_VALGRIND=1
 export NO_DEPENDS=1
@@ -18,4 +18,8 @@ export GOAL="install"
 # TODO enable GUI
 export BITCOIN_CONFIG="\
  -DWITH_ZMQ=ON -DBUILD_GUI=OFF \
+ -DCMAKE_C_COMPILER=clang \
+ -DCMAKE_CXX_COMPILER=clang++ \
+ -DAPPEND_CXXFLAGS='-O1' \
+ -DAPPEND_CFLAGS='-O1' \
 "

 test  2025-10-30T13:13:39.830738Z TestFramework (ERROR): Hint: Call /ci_container_base/test/functional/combine_logs.py '/ci_container_base/ci/scratch/test_runner/test_runner_₿_🏃_20251030_131131/mempool_ephemeral_dust_271' to consolidate all logs
 test  2025-10-30T13:13:39.830799Z TestFramework (ERROR):
 test  2025-10-30T13:13:39.830846Z TestFramework (ERROR): If this failure happened unexpectedly or intermittently, please file a bug and provide a link or upload of the combined log.
 test  2025-10-30T13:13:39.830934Z TestFramework (ERROR): https://github.com/bitcoin/bitcoin/issues
 test  2025-10-30T13:13:39.831001Z TestFramework (ERROR):

 node0 stderr ==8453== Thread 4 b-httpworker.0:
==8453== Conditional jump or move depends on uninitialised value(s)
==8453==    at 0x75A928: std::unique_ptr<miniscript::Node<unsigned int> const, std::default_delete<miniscript::Node<unsigned int> const> > miniscript::internal::Parse<unsigned int, (anonymous namespace)::KeyParser>(std::span<char const, 18446744073709551615ul>, (anonymous namespace)::KeyParser const&) (miniscript.h:1871)
==8453==    by 0x73E197: FromString<(anonymous namespace)::KeyParser> (miniscript.h:2642)
==8453==    by 0x73E197: (anonymous namespace)::ParseScript(unsigned int&, std::span<char const, 18446744073709551615ul>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (???:2457)
==8453==    by 0x73BC1F: Parse(std::span<char const, 18446744073709551615ul>, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) (./script/descriptor.cpp:2737)
==8453==    by 0x36E01B: getScriptFromDescriptor(std::basic_string_view<char, std::char_traits<char> >, CScript&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (./rpc/mining.cpp:187)
==8453==    by 0x36E52B: operator() (./rpc/mining.cpp:337)
==8453==    by 0x36E52B: __invoke_impl<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &> (invoke.h:61)
==8453==    by 0x36E52B: __invoke_r<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &> (invoke.h:114)
==8453==    by 0x36E52B: std::_Function_handler<UniValue (RPCHelpMan const&, JSONRPCRequest const&), generateblock()::$_0>::_M_invoke(std::_Any_data const&, RPCHelpMan const&, JSONRPCRequest const&) (std_function.h:290)
==8453==    by 0x72A883: operator() (std_function.h:591)
==8453==    by 0x72A883: RPCHelpMan::HandleRequest(JSONRPCRequest const&) const (???:663)
==8453==    by 0x31FCC3: CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, RPCHelpMan (*)())::{lambda(JSONRPCRequest const&, UniValue&, bool)#1}::operator()(JSONRPCRequest const&, UniValue&, bool) const (server.h:61)
==8453==    by 0x3F86FB: operator() (std_function.h:591)
==8453==    by 0x3F86FB: ExecuteCommand (???:510)
==8453==    by 0x3F86FB: ExecuteCommands(std::vector<CRPCCommand const*, std::allocator<CRPCCommand const*> > const&, JSONRPCRequest const&, UniValue&) (???:475)
==8453==    by 0x3F8003: CRPCTable::execute(JSONRPCRequest const&) const (./rpc/server.cpp:495)
==8453==    by 0x3F7BA3: JSONRPCExec(JSONRPCRequest const&, bool) (./rpc/server.cpp:351)
==8453==    by 0x4B0437: HTTPReq_JSONRPC (./httprpc.cpp:165)
==8453==    by 0x4B0437: operator() (???:337)
==8453==    by 0x4B0437: __invoke_impl<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &> (invoke.h:61)
==8453==    by 0x4B0437: __invoke_r<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &> (invoke.h:114)
==8453==    by 0x4B0437: std::_Function_handler<bool (HTTPRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&), StartHTTPRPC(std::any const&)::$_0>::_M_invoke(std::_Any_data const&, HTTPRequest*&&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (std_function.h:290)
==8453==    by 0x4B8D6F: operator() (std_function.h:591)
==8453==    by 0x4B8D6F: HTTPWorkItem::operator()() (???:62)
==8453==
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_ZN10miniscript8internal5ParseIjN12_GLOBAL__N_19KeyParserEEESt10unique_ptrIKNS_4NodeIT_EESt14default_deleteIS8_EESt4spanIKcLm18446744073709551615EERKT0_
   fun:FromString<(anonymous namespace)::KeyParser>
   fun:_ZN12_GLOBAL__N_111ParseScriptERjRSt4spanIKcLm18446744073709551615EENS_18ParseScriptContextER19FlatSigningProviderRNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
   fun:_Z5ParseSt4spanIKcLm18446744073709551615EER19FlatSigningProviderRNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb
   fun:_ZL23getScriptFromDescriptorSt17basic_string_viewIcSt11char_traitsIcEER7CScriptRNSt7__cxx1112basic_stringIcS1_SaIcEEE
   fun:operator()
   fun:__invoke_impl<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &>
   fun:__invoke_r<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &>
   fun:_ZNSt17_Function_handlerIF8UniValueRK10RPCHelpManRK14JSONRPCRequestEZL13generateblockvE3$_0E9_M_invokeERKSt9_Any_dataS3_S6_
   fun:operator()
   fun:_ZNK10RPCHelpMan13HandleRequestERK14JSONRPCRequest
   fun:_ZZN11CRPCCommandC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPF10RPCHelpManvEENKUlRK14JSONRPCRequestR8UniValuebE_clESB_SD_b
   fun:operator()
   fun:ExecuteCommand
   fun:_ZL15ExecuteCommandsRKSt6vectorIPK11CRPCCommandSaIS2_EERK14JSONRPCRequestR8UniValue
   fun:_ZNK9CRPCTable7executeERK14JSONRPCRequest
   fun:_Z11JSONRPCExecRK14JSONRPCRequestb
   fun:HTTPReq_JSONRPC
   fun:operator()
   fun:__invoke_impl<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &>
   fun:__invoke_r<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &>
   fun:_ZNSt17_Function_handlerIFbP11HTTPRequestRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEZ12StartHTTPRPCRKSt3anyE3$_0E9_M_invokeERKSt9_Any_dataOS1_S9_
   fun:operator()
   fun:_ZN12HTTPWorkItemclEv
}
==8453== Conditional jump or move depends on uninitialised value(s)
==8453==    at 0x75AD18: std::unique_ptr<miniscript::Node<unsigned int> const, std::default_delete<miniscript::Node<unsigned int> const> > miniscript::internal::Parse<unsigned int, (anonymous namespace)::KeyParser>(std::span<char const, 18446744073709551615ul>, (anonymous namespace)::KeyParser const&) (miniscript.h:0)
==8453==    by 0x73E197: FromString<(anonymous namespace)::KeyParser> (miniscript.h:2642)
==8453==    by 0x73E197: (anonymous namespace)::ParseScript(unsigned int&, std::span<char const, 18446744073709551615ul>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (???:2457)
==8453==    by 0x73BC1F: Parse(std::span<char const, 18446744073709551615ul>, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) (./script/descriptor.cpp:2737)
==8453==    by 0x36E01B: getScriptFromDescriptor(std::basic_string_view<char, std::char_traits<char> >, CScript&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (./rpc/mining.cpp:187)
==8453==    by 0x36E52B: operator() (./rpc/mining.cpp:337)
==8453==    by 0x36E52B: __invoke_impl<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &> (invoke.h:61)
==8453==    by 0x36E52B: __invoke_r<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &> (invoke.h:114)
==8453==    by 0x36E52B: std::_Function_handler<UniValue (RPCHelpMan const&, JSONRPCRequest const&), generateblock()::$_0>::_M_invoke(std::_Any_data const&, RPCHelpMan const&, JSONRPCRequest const&) (std_function.h:290)
==8453==    by 0x72A883: operator() (std_function.h:591)
==8453==    by 0x72A883: RPCHelpMan::HandleRequest(JSONRPCRequest const&) const (???:663)
==8453==    by 0x31FCC3: CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, RPCHelpMan (*)())::{lambda(JSONRPCRequest const&, UniValue&, bool)#1}::operator()(JSONRPCRequest const&, UniValue&, bool) const (server.h:61)
==8453==    by 0x3F86FB: operator() (std_function.h:591)
==8453==    by 0x3F86FB: ExecuteCommand (???:510)
==8453==    by 0x3F86FB: ExecuteCommands(std::vector<CRPCCommand const*, std::allocator<CRPCCommand const*> > const&, JSONRPCRequest const&, UniValue&) (???:475)
==8453==    by 0x3F8003: CRPCTable::execute(JSONRPCRequest const&) const (./rpc/server.cpp:495)
==8453==    by 0x3F7BA3: JSONRPCExec(JSONRPCRequest const&, bool) (./rpc/server.cpp:351)
==8453==    by 0x4B0437: HTTPReq_JSONRPC (./httprpc.cpp:165)
==8453==    by 0x4B0437: operator() (???:337)
==8453==    by 0x4B0437: __invoke_impl<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &> (invoke.h:61)
==8453==    by 0x4B0437: __invoke_r<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &> (invoke.h:114)
==8453==    by 0x4B0437: std::_Function_handler<bool (HTTPRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&), StartHTTPRPC(std::any const&)::$_0>::_M_invoke(std::_Any_data const&, HTTPRequest*&&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (std_function.h:290)
==8453==    by 0x4B8D6F: operator() (std_function.h:591)
==8453==    by 0x4B8D6F: HTTPWorkItem::operator()() (???:62)
==8453==
{
   <insert_a_suppression_name_here>
   Memcheck:Cond
   fun:_ZN10miniscript8internal5ParseIjN12_GLOBAL__N_19KeyParserEEESt10unique_ptrIKNS_4NodeIT_EESt14default_deleteIS8_EESt4spanIKcLm18446744073709551615EERKT0_
   fun:FromString<(anonymous namespace)::KeyParser>
   fun:_ZN12_GLOBAL__N_111ParseScriptERjRSt4spanIKcLm18446744073709551615EENS_18ParseScriptContextER19FlatSigningProviderRNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
   fun:_Z5ParseSt4spanIKcLm18446744073709551615EER19FlatSigningProviderRNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEb
   fun:_ZL23getScriptFromDescriptorSt17basic_string_viewIcSt11char_traitsIcEER7CScriptRNSt7__cxx1112basic_stringIcS1_SaIcEEE
   fun:operator()
   fun:__invoke_impl<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &>
   fun:__invoke_r<UniValue, (lambda at ./rpc/mining.cpp:331:9) &, const RPCHelpMan &, const JSONRPCRequest &>
   fun:_ZNSt17_Function_handlerIF8UniValueRK10RPCHelpManRK14JSONRPCRequestEZL13generateblockvE3$_0E9_M_invokeERKSt9_Any_dataS3_S6_
   fun:operator()
   fun:_ZNK10RPCHelpMan13HandleRequestERK14JSONRPCRequest
   fun:_ZZN11CRPCCommandC1ENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPF10RPCHelpManvEENKUlRK14JSONRPCRequestR8UniValuebE_clESB_SD_b
   fun:operator()
   fun:ExecuteCommand
   fun:_ZL15ExecuteCommandsRKSt6vectorIPK11CRPCCommandSaIS2_EERK14JSONRPCRequestR8UniValue
   fun:_ZNK9CRPCTable7executeERK14JSONRPCRequest
   fun:_Z11JSONRPCExecRK14JSONRPCRequestb
   fun:HTTPReq_JSONRPC
   fun:operator()
   fun:__invoke_impl<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &>
   fun:__invoke_r<bool, (lambda at ./httprpc.cpp:337:23) &, HTTPRequest *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > &>
   fun:_ZNSt17_Function_handlerIFbP11HTTPRequestRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEZ12StartHTTPRPCRKSt3anyE3$_0E9_M_invokeERKSt9_Any_dataOS1_S9_
   fun:operator()
   fun:_ZN12HTTPWorkItemclEv
} Command '['./ci/test/02_run_container.sh']' returned non-zero exit status 137.

maflcko commented at 5:03 PM on February 4, 2026: member

I think this is hopeless, even with -O1, using the following diff, it fails.

Also, the min required clang version is now 17, so using clang-16 requires workarounds itself.

Also, the upstream bug report hasn't had activity in about 2 years.

fanquake commented at 2:08 PM on February 5, 2026: member

Will close this. I guess there's not much we can do, other than support a well defined/working set of tools in CI, as a best-effort (there doesn't seem to be much adhoc valgrind usage outside CI in any case).

fanquake closed this on Feb 5, 2026

maflcko commented at 2:15 PM on February 5, 2026: member

(there doesn't seem to be much adhoc valgrind usage outside CI in any case).

I use it a lot, and I think others are, too. Though, I am not using it on aarch64 day-to-day, which this bug is about.