tx_package_eval: Timeout in tx_package_eval #35207

issue fanquake opened this issue on May 4, 2026
  1. fanquake commented at 9:09 PM on May 4, 2026: member

    https://issues.oss-fuzz.com/issues/509204928. This has popped up recently in multiple infra (and apparently prior):

    +----------------------------------------Release Build Stacktrace----------------------------------------+
    	Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bitcoin-core_83aef6625aaeafa301867de74608b320f3c923fe/revisions/tx_package_eval -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-05fc4de99d3e6fa42135e43f42e3535f66481ddf
    	Time ran: 62.591912269592285
    	
    	INFO: Running with entropic power schedule (0xFF, 100).
    	INFO: Seed: 3422426699
    	INFO: Loaded 1 modules   (615874 inline 8-bit counters): 615874 [0x5882ce47c408, 0x5882ce5129ca),
    	INFO: Loaded 1 PC tables (615874 PCs): 615874 [0x5882ce5129d0,0x5882cee785f0),
    	/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bitcoin-core_83aef6625aaeafa301867de74608b320f3c923fe/revisions/tx_package_eval: Running 1 inputs 100 time(s) each.
    	Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-05fc4de99d3e6fa42135e43f42e3535f66481ddf
    	ALARM: working on the last Unit for 61 seconds
    	       and the timeout value is 60 (use -timeout=N to change)
    	==295== ERROR: libFuzzer: timeout after 61 seconds
    	    [#0](/bitcoin-bitcoin/0/) 0x5882cbe3d551 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
    	    [#1](/bitcoin-bitcoin/1/) 0x5882cbd2eff8 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
    	    [#2](/bitcoin-bitcoin/2/) 0x5882cbd11acd in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5
    	    [#3](/bitcoin-bitcoin/3/) 0x7f174c59e41f in libpthread.so.0
    	    [#4](/bitcoin-bitcoin/4/) 0x5882cc0474af in tx_package_eval
    	    [#5](/bitcoin-bitcoin/5/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
    	    [#6](/bitcoin-bitcoin/6/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
    	    [#7](/bitcoin-bitcoin/7/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
    	    [#8](/bitcoin-bitcoin/8/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
    	    [#9](/bitcoin-bitcoin/9/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
    	    [#10](/bitcoin-bitcoin/10/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
    	    [#11](/bitcoin-bitcoin/11/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
    	    [#12](/bitcoin-bitcoin/12/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
    	    [#13](/bitcoin-bitcoin/13/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
    	    [#14](/bitcoin-bitcoin/14/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
    	    [#15](/bitcoin-bitcoin/15/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
    	    [#16](/bitcoin-bitcoin/16/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
    	    [#17](/bitcoin-bitcoin/17/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
    	    [#18](/bitcoin-bitcoin/18/) 0x5882cc0454e0 in __tree_invariant<std::__1::__tree_node_base<void *> *> /usr/local/include/c++/v1/__tree:162:10
    	    [#19](/bitcoin-bitcoin/19/) 0x5882cc0454e0 in void std::__1::__tree_remove[abi:de220000]<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*, std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:345:3
    	    [#20](/bitcoin-bitcoin/20/) 0x5882cc369d67 in __remove_node_pointer /usr/local/include/c++/v1/__tree:1900:3
    	    [#21](/bitcoin-bitcoin/21/) 0x5882cc369d67 in erase /usr/local/include/c++/v1/__tree:2026:28
    	    [#22](/bitcoin-bitcoin/22/) 0x5882cc369d67 in erase /usr/local/include/c++/v1/set:774:77
    	    [#23](/bitcoin-bitcoin/23/) 0x5882cc369d67 in operator() [bitcoin-core/src/test/fuzz/package_eval.cpp:406](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/package_eval.cpp#L406):31
    	    [#24](/bitcoin-bitcoin/24/) 0x5882cc369d67 in (anonymous namespace)::tx_package_eval_fuzz_target(std::__1::span<unsigned char const, 18446744073709551615ul>) [bitcoin-core/src/test/fuzz/package_eval.cpp:384](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/package_eval.cpp#L384):30
    	    [#25](/bitcoin-bitcoin/25/) 0x5882cc69cfc4 in operator() /usr/local/include/c++/v1/__functional/function.h:274:12
    	    [#26](/bitcoin-bitcoin/26/) 0x5882cc69cfc4 in operator() /usr/local/include/c++/v1/__functional/function.h:772:10
    	    [#27](/bitcoin-bitcoin/27/) 0x5882cc69cfc4 in test_one_input [bitcoin-core/src/test/fuzz/fuzz.cpp:86](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/fuzz.cpp#L86):5
    	    [#28](/bitcoin-bitcoin/28/) 0x5882cc69cfc4 in LLVMFuzzerTestOneInput [bitcoin-core/src/test/fuzz/fuzz.cpp:214](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/fuzz.cpp#L214):5
    	    [#29](/bitcoin-bitcoin/29/) 0x5882cbd1322d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
    	    [#30](/bitcoin-bitcoin/30/) 0x5882cbcfcf42 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
    	    [#31](/bitcoin-bitcoin/31/) 0x5882cbd02e10 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
    	    [#32](/bitcoin-bitcoin/32/) 0x5882cbd2f9a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    	    [#33](/bitcoin-bitcoin/33/) 0x7f174c373082 in __libc_start_main /build/glibc-B3wQXB/glibc-2.31/csu/libc-start.c:308:16
    	    [#34](/bitcoin-bitcoin/34/) 0x5882cbcf602d in _start
    	
    	SUMMARY: libFuzzer: timeout
    
  2. instagibbs commented at 8:09 AM on May 5, 2026: member

    Ran the seed locally, worked fine in 609ms. Let me know if you want me to look deeper in case it's not a simple infra issue.

  3. maflcko commented at 10:31 AM on May 5, 2026: member

    It is probably a combination of OSS-Fuzz running asan + some random google cloud CPU being slow.

    Last time I looked, it seemed intentional for the package eval target to create a package (or packages?) with multiple transactions. So I think the question would be: Is the input search space accurate to cover all real-world scenarios. If not, it should be adjusted. If yes, this can be closed and we'll have to deal with long times.

  4. maflcko commented at 10:43 AM on May 5, 2026: member

    For reference, the oss-fuzz regression range would be https://github.com/bitcoin/bitcoin/compare/6356041e58d1ba86695e2e7c219c68ee5abe583f...4c784b25c4782c21764a9c6626fd89c4ed4cd345. Not sure if that is spurious or actual. I think I can't produce flame graphs right now on my machine, so in the meantime this is up for grabs 😅

  5. instagibbs commented at 12:30 PM on May 5, 2026: member

    it seemed intentional for the package eval target to create a package (or packages?) with multiple transactions.

    yes

  6. maflcko commented at 4:19 PM on May 6, 2026: member

    I guess I can bisect. The bad commit takes 609ms, the good one takes 200ms or so.

    $ git bisect bad fc18ef1f3f333dd28d8cc7e3571d76a985d90240 is the first bad commit

    Which looks intentional.

  7. AgusR7 commented at 2:07 AM on May 19, 2026: none

    Opened #35318 with a small harness-only change that bounds per-transaction fanout while preserving the existing multi-transaction package coverage.

  8. AgusR7 referenced this in commit 0acdbe4931 on May 22, 2026
  9. AgusR7 referenced this in commit 93ffdd9e60 on May 22, 2026
  10. AgusR7 referenced this in commit 6cd3e37243 on May 27, 2026
  11. AgusR7 referenced this in commit cff939e14d on May 27, 2026
  12. AgusR7 referenced this in commit 2dd64a7a6a on May 27, 2026
  13. AgusR7 referenced this in commit 837a1a3e60 on May 27, 2026
  14. willcl-ark added the label Mempool on Jun 29, 2026
  15. willcl-ark added the label CI failed on Jun 29, 2026

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-07-07 05:51 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me