src/ipc/libmultiprocess/src/mp/proxy.cpp:416:44: runtime error: member access within null pointer of type ‘mp::Waiter’ #34711

issue maflcko openend this issue on March 2, 2026
  1. maflcko commented at 4:21 pm on March 2, 2026: member

    https://github.com/bitcoin/bitcoin/actions/runs/22486512866/job/65139128983?pr=33920#step:11:3558

     0test  2026-02-27T13:07:39.511298Z TestFramework (DEBUG): Calling deprecated makeMiningOld2 should raise an error 
 1 node0 2026-02-27T13:07:39.511430Z [capnp-loop] [ipc/capnp/protocol.cpp:50] [IpcLogFn] [ipc] {bitcoin-node-27865/b-capnp-loop-27872} IPC server recv request  [#11](/bitcoin-bitcoin/11/) Init.construct$Params 
 2 node0 2026-02-27T13:07:39.511453Z [capnp-loop] [ipc/capnp/protocol.cpp:47] [IpcLogFn] [ipc:trace] {bitcoin-node-27865/b-capnp-loop-27872} request data: () 
 3 node0 2026-02-27T13:07:39.511493Z [capnp-loop] [ipc/capnp/protocol.cpp:50] [IpcLogFn] [ipc] {bitcoin-node-27865/b-capnp-loop-27872} IPC server send response [#11](/bitcoin-bitcoin/11/) Init.construct$Results 
 4 node0 2026-02-27T13:07:39.511528Z [capnp-loop] [ipc/capnp/protocol.cpp:47] [IpcLogFn] [ipc:trace] {bitcoin-node-27865/b-capnp-loop-27872} response data: (threadMap = <external capability>) 
 5 node0 2026-02-27T13:07:39.511722Z [capnp-loop] [ipc/capnp/protocol.cpp:50] [IpcLogFn] [ipc] {bitcoin-node-27865/b-capnp-loop-27872} IPC server recv request  [#12](/bitcoin-bitcoin/12/) Init.makeMiningOld2$Params 
 6 node0 2026-02-27T13:07:39.511765Z [capnp-loop] [ipc/capnp/protocol.cpp:47] [IpcLogFn] [ipc:trace] {bitcoin-node-27865/b-capnp-loop-27872} request data: () 
 7Error:  node0 2026-02-27T13:07:39.511806Z [capnp-loop] [ipc/capnp/protocol.cpp:59] [IpcLogFn] [error] ipc: {bitcoin-node-27865/b-capnp-loop-27872} IPC server unhandled exception: Old mining interface (@2) not supported. Please update your client! 
 8 test  2026-02-27T13:07:39.512059Z TestFramework (DEBUG): Closing down network thread 
 9 test  2026-02-27T13:07:39.562890Z TestFramework (INFO): Stopping nodes 
10 test  2026-02-27T13:07:39.562975Z TestFramework.node0 (DEBUG): Stopping node 
11
12 node0 stderr /home/admin/actions-runner/_work/_temp/src/ipc/libmultiprocess/src/mp/proxy.cpp:416:44: runtime error: member access within null pointer of type 'mp::Waiter'
13    [#0](/bitcoin-bitcoin/0/) 0x5b9b042f9bc7 in mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0::operator()() const /home/admin/actions-runner/_work/_temp/src/ipc/libmultiprocess/src/mp/proxy.cpp:416:44
14    [#1](/bitcoin-bitcoin/1/) 0x5b9b042f9bc7 in void std::__invoke_impl<void, mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0>(std::__invoke_other, mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0&&) /usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/invoke.h:61:14
15    [#2](/bitcoin-bitcoin/2/) 0x5b9b042f9bc7 in std::__invoke_result<mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0>::type std::__invoke<mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0>(mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0&&) /usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/invoke.h:96:14
16    [#3](/bitcoin-bitcoin/3/) 0x5b9b042f9bc7 in void std::thread::_Invoker<std::tuple<mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0>>::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_thread.h:292:13
17    [#4](/bitcoin-bitcoin/4/) 0x5b9b042f9bc7 in std::thread::_Invoker<std::tuple<mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0>>::operator()() /usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_thread.h:299:11
18    [#5](/bitcoin-bitcoin/5/) 0x5b9b042f9bc7 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<mp::ProxyServer<mp::ThreadMap>::makeThread(capnp::CallContext<mp::ThreadMap::MakeThreadParams, mp::ThreadMap::MakeThreadResults>)::$_0>>>::_M_run() /usr/lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_thread.h:244:13
19    [#6](/bitcoin-bitcoin/6/) 0x7e490caa7db3  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xecdb3) (BuildId: 753c6c8608b61d4e67be8f0c890e03e0aa046b8b)
20    [#7](/bitcoin-bitcoin/7/) 0x5b9b02f157da in asan_thread_start(void*) crtstuff.c
21    [#8](/bitcoin-bitcoin/8/) 0x7e490c719aa3  (/lib/x86_64-linux-gnu/libc.so.6+0x9caa3) (BuildId: 8e9fd827446c24067541ac5390e6f527fb5947bb)
22    [#9](/bitcoin-bitcoin/9/) 0x7e490c7a6c6b  (/lib/x86_64-linux-gnu/libc.so.6+0x129c6b) (BuildId: 8e9fd827446c24067541ac5390e6f527fb5947bb)
23
24SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /home/admin/actions-runner/_work/_temp/src/ipc/libmultiprocess/src/mp/proxy.cpp:416:44

    https://github.com/bitcoin/bitcoin/actions/runs/22507213959/job/65208454067?pr=32575#step:9:2602:

     0test  2026-02-27T23:11:14.432126Z TestFramework (DEBUG): Calling deprecated makeMiningOld2 should raise an error 
 1 node0 2026-02-27T23:11:14.433082Z [capnp-loop] [ipc/capnp/protocol.cpp:53] [IpcLogFn] ipc: {bitcoin-node-27102/b-capnp-loop-27137} IPC server destroy N2mp11ProxyServerIN3ipc5capnp8messages6MiningEEE 
 2 node0 2026-02-27T23:11:14.433137Z [capnp-loop] [ipc/capnp/protocol.cpp:50] [IpcLogFn] [ipc] {bitcoin-node-27102/b-capnp-loop-27137} IPC server recv request  [#11](/bitcoin-bitcoin/11/) Init.construct$Params 
 3 node0 2026-02-27T23:11:14.433143Z [capnp-loop] [ipc/capnp/protocol.cpp:47] [IpcLogFn] [ipc:trace] {bitcoin-node-27102/b-capnp-loop-27137} request data: () 
 4 node0 2026-02-27T23:11:14.433151Z [capnp-loop] [ipc/capnp/protocol.cpp:50] [IpcLogFn] [ipc] {bitcoin-node-27102/b-capnp-loop-27137} IPC server send response [#11](/bitcoin-bitcoin/11/) Init.construct$Results 
 5 node0 2026-02-27T23:11:14.433156Z [capnp-loop] [ipc/capnp/protocol.cpp:47] [IpcLogFn] [ipc:trace] {bitcoin-node-27102/b-capnp-loop-27137} response data: (threadMap = <external capability>) 
 6 node0 2026-02-27T23:11:14.433243Z [capnp-loop] [ipc/capnp/protocol.cpp:50] [IpcLogFn] [ipc] {bitcoin-node-27102/b-capnp-loop-27137} IPC server recv request  [#12](/bitcoin-bitcoin/12/) Init.makeMiningOld2$Params 
 7 node0 2026-02-27T23:11:14.433255Z [capnp-loop] [ipc/capnp/protocol.cpp:47] [IpcLogFn] [ipc:trace] {bitcoin-node-27102/b-capnp-loop-27137} request data: () 
 8Error: 2026-02-27T23:11:14.433271Z [capnp-loop] [ipc/capnp/protocol.cpp:59] [IpcLogFn] [error] ipc: {bitcoin-node-27102/b-capnp-loop-27137} IPC server unhandled exception: Old mining interface (@2) not supported. Please update your client! 
 9 node0 2026-02-27T23:11:14.433329Z [capnp-loop] [ipc/capnp/protocol.cpp:53] [IpcLogFn] ipc: {bitcoin-node-27102/b-capnp-loop-27137} IPC server: socket disconnected. 
10 node0 2026-02-27T23:11:14.433334Z [capnp-loop] [ipc/capnp/protocol.cpp:53] [IpcLogFn] ipc: {bitcoin-node-27102/b-capnp-loop-27137} IPC server destroy N2mp11ProxyServerIN3ipc5capnp8messages4InitEEE 
11 test  2026-02-27T23:11:14.433542Z TestFramework (DEBUG): Closing down network thread 
12 test  2026-02-27T23:11:14.485263Z TestFramework (INFO): Stopping nodes 
13 test  2026-02-27T23:11:14.485316Z TestFramework.node0 (DEBUG): Stopping node
  2. ?
    issue_type_added maflcko
  3. maflcko added the label Bug on Mar 2, 2026
  4. maflcko added the label interfaces on Mar 2, 2026
  5. maflcko added the label CI failed on Mar 2, 2026
  6. maflcko added this to the milestone 31.0 on Mar 2, 2026
  7. fanquake commented at 5:13 pm on March 2, 2026: member
    cc @Sjors @ryanofsky
  8. ryanofsky commented at 7:20 pm on March 2, 2026: contributor

    Thanks for the clear report! It seems like this problem was introduced in #34568 with the new run_deprecated_mining_test.

    The stack trace shows the problem is a null g_thread_context.waiter pointer being dereferenced in ProxyServer<ThreadMap>::makeThread which is creating a worker thread. That pointer is only set to null in ProxyServer<Thread>::~ProxyServer when the worker thread is being destroyed. So the issue is just that the worker thread is destroyed too quickly after it is created, resulting in a null pointer use since it gets destroyed before it is fully initialized. A direct fix for this problem would be:

     0--- a/src/ipc/libmultiprocess/src/mp/proxy.cpp
 1+++ b/src/ipc/libmultiprocess/src/mp/proxy.cpp
 2@@ -412,8 +412,8 @@ kj::Promise<void> ProxyServer<ThreadMap>::makeThread(MakeThreadContext context)
 3     std::thread thread([&thread_context, from, this]() {
 4         g_thread_context.thread_name = ThreadName(m_connection.m_loop->m_exe_name) + " (from " + from + ")";
 5         g_thread_context.waiter = std::make_unique<Waiter>();
 6-        thread_context.set_value(&g_thread_context);
 7         Lock lock(g_thread_context.waiter->m_mutex);
 8+        thread_context.set_value(&g_thread_context);
 9         // Wait for shutdown signal from ProxyServer<Thread> destructor (signal
10         // is just waiter getting set to null.)
11         g_thread_context.waiter->wait(lock, [] { return !g_thread_context.waiter; });

    Fixing the thread init/destroy race by acquiring a lock one line earlier so the thread can’t be used or destroyed until it’s locked and ready for requests.

    An indirect fix would be to simply avoid creating and destroying a worker thread that is never used. It seems like run_deprecated_mining_test is the only test we have that is doing this. The problem can be avoided by not creating a ctx variable that is never used.

     0--- a/test/functional/interface_ipc.py
 1+++ b/test/functional/interface_ipc.py
 2@@ -71,7 +71,9 @@ class IPCInterfaceTest(BitcoinTestFramework):
 3     def run_deprecated_mining_test(self):
 4         self.log.info("Running deprecated mining interface test")
 5         async def async_routine():
 6-            ctx, init = await make_capnp_init_ctx(self)
 7+            node = self.nodes[0]
 8+            connection = await capnp.AsyncIoStream.create_unix_connection(node.ipc_socket_path)
 9+            init = capnp.TwoPartyClient(connection).bootstrap().cast_as(self.capnp_modules['init'].Init)
10             self.log.debug("Calling deprecated makeMiningOld2 should raise an error")
11             try:
12                 await init.makeMiningOld2()

    Either of these changes should fix the problem and probably both make sense, so I can open PRs for both.

  9. ryanofsky referenced this in commit 1c1de334e9 on Mar 2, 2026


maflcko fanquake ryanofsky

Labels
Bug interfaces CI failed

Milestone
31.0

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-03-03 03:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me