tx_package_eval: Timeout in tx_package_eval #35207

issue fanquake opened this issue on May 4, 2026
  1. fanquake commented at 9:09 PM on May 4, 2026: member

    https://issues.oss-fuzz.com/issues/509204928. This has popped up recently in multiple infra (and apparently prior):

    +----------------------------------------Release Build Stacktrace----------------------------------------+
	Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bitcoin-core_83aef6625aaeafa301867de74608b320f3c923fe/revisions/tx_package_eval -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-05fc4de99d3e6fa42135e43f42e3535f66481ddf
	Time ran: 62.591912269592285
	
	INFO: Running with entropic power schedule (0xFF, 100).
	INFO: Seed: 3422426699
	INFO: Loaded 1 modules   (615874 inline 8-bit counters): 615874 [0x5882ce47c408, 0x5882ce5129ca),
	INFO: Loaded 1 PC tables (615874 PCs): 615874 [0x5882ce5129d0,0x5882cee785f0),
	/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bitcoin-core_83aef6625aaeafa301867de74608b320f3c923fe/revisions/tx_package_eval: Running 1 inputs 100 time(s) each.
	Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-05fc4de99d3e6fa42135e43f42e3535f66481ddf
	ALARM: working on the last Unit for 61 seconds
	       and the timeout value is 60 (use -timeout=N to change)
	==295== ERROR: libFuzzer: timeout after 61 seconds
	    [#0](/bitcoin-bitcoin/0/) 0x5882cbe3d551 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
	    [#1](/bitcoin-bitcoin/1/) 0x5882cbd2eff8 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
	    [#2](/bitcoin-bitcoin/2/) 0x5882cbd11acd in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5
	    [#3](/bitcoin-bitcoin/3/) 0x7f174c59e41f in libpthread.so.0
	    [#4](/bitcoin-bitcoin/4/) 0x5882cc0474af in tx_package_eval
	    [#5](/bitcoin-bitcoin/5/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    [#6](/bitcoin-bitcoin/6/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    [#7](/bitcoin-bitcoin/7/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    [#8](/bitcoin-bitcoin/8/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    [#9](/bitcoin-bitcoin/9/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    [#10](/bitcoin-bitcoin/10/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    [#11](/bitcoin-bitcoin/11/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    [#12](/bitcoin-bitcoin/12/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    [#13](/bitcoin-bitcoin/13/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    [#14](/bitcoin-bitcoin/14/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    [#15](/bitcoin-bitcoin/15/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    [#16](/bitcoin-bitcoin/16/) 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    [#17](/bitcoin-bitcoin/17/) 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    [#18](/bitcoin-bitcoin/18/) 0x5882cc0454e0 in __tree_invariant<std::__1::__tree_node_base<void *> *> /usr/local/include/c++/v1/__tree:162:10
	    [#19](/bitcoin-bitcoin/19/) 0x5882cc0454e0 in void std::__1::__tree_remove[abi:de220000]<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*, std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:345:3
	    [#20](/bitcoin-bitcoin/20/) 0x5882cc369d67 in __remove_node_pointer /usr/local/include/c++/v1/__tree:1900:3
	    [#21](/bitcoin-bitcoin/21/) 0x5882cc369d67 in erase /usr/local/include/c++/v1/__tree:2026:28
	    [#22](/bitcoin-bitcoin/22/) 0x5882cc369d67 in erase /usr/local/include/c++/v1/set:774:77
	    [#23](/bitcoin-bitcoin/23/) 0x5882cc369d67 in operator() [bitcoin-core/src/test/fuzz/package_eval.cpp:406](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/package_eval.cpp#L406):31
	    [#24](/bitcoin-bitcoin/24/) 0x5882cc369d67 in (anonymous namespace)::tx_package_eval_fuzz_target(std::__1::span<unsigned char const, 18446744073709551615ul>) [bitcoin-core/src/test/fuzz/package_eval.cpp:384](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/package_eval.cpp#L384):30
	    [#25](/bitcoin-bitcoin/25/) 0x5882cc69cfc4 in operator() /usr/local/include/c++/v1/__functional/function.h:274:12
	    [#26](/bitcoin-bitcoin/26/) 0x5882cc69cfc4 in operator() /usr/local/include/c++/v1/__functional/function.h:772:10
	    [#27](/bitcoin-bitcoin/27/) 0x5882cc69cfc4 in test_one_input [bitcoin-core/src/test/fuzz/fuzz.cpp:86](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/fuzz.cpp#L86):5
	    [#28](/bitcoin-bitcoin/28/) 0x5882cc69cfc4 in LLVMFuzzerTestOneInput [bitcoin-core/src/test/fuzz/fuzz.cpp:214](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/fuzz.cpp#L214):5
	    [#29](/bitcoin-bitcoin/29/) 0x5882cbd1322d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
	    [#30](/bitcoin-bitcoin/30/) 0x5882cbcfcf42 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
	    [#31](/bitcoin-bitcoin/31/) 0x5882cbd02e10 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
	    [#32](/bitcoin-bitcoin/32/) 0x5882cbd2f9a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
	    [#33](/bitcoin-bitcoin/33/) 0x7f174c373082 in __libc_start_main /build/glibc-B3wQXB/glibc-2.31/csu/libc-start.c:308:16
	    [#34](/bitcoin-bitcoin/34/) 0x5882cbcf602d in _start
	
	SUMMARY: libFuzzer: timeout
  2. instagibbs commented at 8:09 AM on May 5, 2026: member

    Ran the seed locally, worked fine in 609ms. Let me know if you want me to look deeper in case it's not a simple infra issue.

  3. maflcko commented at 10:31 AM on May 5, 2026: member

    It is probably a combination of OSS-Fuzz running asan + some random google cloud CPU being slow.

    Last time I looked, it seemed intentional for the package eval target to create a package (or packages?) with multiple transactions. So I think the question would be: Is the input search space accurate to cover all real-world scenarios. If not, it should be adjusted. If yes, this can be closed and we'll have to deal with long times.

  4. maflcko commented at 10:43 AM on May 5, 2026: member

    For reference, the oss-fuzz regression range would be https://github.com/bitcoin/bitcoin/compare/6356041e58d1ba86695e2e7c219c68ee5abe583f...4c784b25c4782c21764a9c6626fd89c4ed4cd345. Not sure if that is spurious or actual. I think I can't produce flame graphs right now on my machine, so in the meantime this is up for grabs 😅

  5. instagibbs commented at 12:30 PM on May 5, 2026: member

    it seemed intentional for the package eval target to create a package (or packages?) with multiple transactions.

    yes

  6. maflcko commented at 4:19 PM on May 6, 2026: member

    I guess I can bisect. The bad commit takes 609ms, the good one takes 200ms or so.

    $ git bisect bad fc18ef1f3f333dd28d8cc7e3571d76a985d90240 is the first bad commit

    Which looks intentional.

Contributors
fanquakeinstagibbsmaflcko
Linked (view graph)
#1 JSON-RPC support for mobile devices ("ultra-lightweight" clients)#2 Long-term, safe, store-of-value#3 Encrypt wallet#4 Export/Import wallet in a human readable, future-proof format#5 Make the version number the protocol version and not the client version#6 Treat wallet as a generic keystore#7 Block-header-only, faster startup client#8 RPC command to sign text with wallet private key#9 Fix for GUI on Macs and latest wxWidgets#10 Add address to listtransactions output#11 Nolisten patch#12 Monitor transactions and/or blocks#13 Messages with or about transactions#14 bitcoin: URI and/or bitcoin-request MIME type for click-to-pay#15 Option to specify external IP address#16 Mac UI issues#17 listaccounts method#18 Error when trying to send very precise amount#19 bitcoin(d) --help should output version number#20 JSON-RPC callback#21 Add time to category:move transactions#22 Update the list of hard-coded node IP addresses#23 CORS support#24 Gettransaction#25 sum(getaccounts) != getbalance#26 Confirmations not appearing for sent coins after recovering wallet from archive#27 listaccounts with minconf param was broken!#28 corrupted double-linked list?#29 setaccount / getaccountaddress not working properly#30 Fix bug in setaccount/getaccountaddress#31 -keypool option not advertised when using --help switch#32 Help output#33 Fix statusbar color#34 -rpcsslcertificatechainfile command line option spelled incorrectly in --help text
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-06 21:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me