[31.x] Backports #35331

pull fanquake wants to merge 19 commits into bitcoin:31.x from fanquake:more_31_x_backports changing 28 files +703 −288

fanquake commented at 1:03 PM on May 20, 2026: member
Backports:
- #34953
- #35228
- #35279
- #35313 (only https://github.com/bitcoin-core/leveldb-subtree/pull/61)
- #35316
- #35378
- #35348
- #35408
- #35410
- #35430
- #35447

psbt, test: remove address type restrictions in test

Because the corresponding Taproot fields were added in PSBT in PR 22558, so
these restrictions are no longer necessary.

Github-Pull: #35279
Rebased-From: 81348576cc411a63da295a10a3846302419a18e0

101071722e

DrahtBot added the label Backport on May 20, 2026
fanquake added this to the milestone 31.1 on May 20, 2026
DrahtBot commented at 1:03 PM on May 20, 2026: contributor


The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.



Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35331.



Reviews

See the guideline for information on the review process. A summary of reviews will appear here.



LLM Linter (✨ experimental)

Possible typos and grammar issues:
- overriden -> overridden [misspelling in the release note]
2026-06-04 10:10:20

wallet: use outpoint when estimating input size

`CalculateMaximumSignedInputSize()` is passed the outpoint being sized, but that context was not used when estimating the signed input size.
Pass the outpoint through so externally selected inputs are not underestimated.

Co-authored-by: Antoine Poinsot <darosior@protonmail.com>

Github-Pull: #35228
Rebased-From: cd8d3bd937b5515ea000408eb07d2ae3cd1aa417

671e6c2c33

fanquake force-pushed on May 20, 2026
DrahtBot added the label CI failed on May 20, 2026
DrahtBot removed the label CI failed on May 20, 2026

musig: Reject empty pubkey list in GetMuSig2KeyAggCache

Github-Pull: #35316
Rebased-From: 8ce84321ceaf16c0ee3418d30011c357fdc46deb

d61687a2ac

fanquake force-pushed on May 22, 2026
DrahtBot added the label CI failed on May 22, 2026

ci: switch to GitHub cache for all runners

Cirrus is winding down and github now offers more than 10GB cache.

Switch to GH cache for all runner-types. Simplify docker build arg
construction, and reduce the number of needed action permissions.

Github-Pull: #35348
Rebased-From: c03107acf50aeada1bacdfdbf632ffce2957bff0

3440027b7d

fanquake force-pushed on May 22, 2026
DrahtBot removed the label CI failed on May 22, 2026

Disable seek compaction

Seek compaction is causing a cascade effect in the chainstate DB, causing large parts of the database to be rewritten every ~hour.

Every periodic flush writes around 2 MiB. Since this is roughly the `write_buffer_size`, these writes regularly cause the memtable to rotate into a small L0 file. This file has a small seek budget, and with the random UTXO reads done during validation, it can get scheduled for seek compaction quickly.

That seek compaction pushes the small file down to L1. Since most UTXOs are already lower down in L4/L5, many reads that consult this file do not find the key there and continue downward. The bloom filter makes those misses cheap, but LevelDB still decrements the file's seek budget. The file then gets scheduled for another seek compaction, and the same pattern pushes it down through L2 and L3.

The expensive part happens around L3/L4. L4 has many ~32 MiB files holding the bulk of the UTXO set. When LevelDB compacts into L3, it may split the output into many smaller L3 files to limit how much L4 "grandparent" data any one output overlaps. Each of these small L3 files then gets its own small seek budget. Because chainstate keys are hash-random, each small L3 file can still have a broad key range, so many random reads consult it and quickly drain its budget. Once seek-compacted into L4, each tiny L3 file can overlap many L4 files, so compacting a few hundred KiB from L3 can require rewriting hundreds of MiB from L4. Repeating that across many small L3 files can rewrite most of the chainstate.

This is a poor fit for chainstate because UTXO keys are hash-random, the DB is large enough to have many levels, writes are relatively small and periodic, and reads are frequent. The result is that read misses trigger compactions much earlier than size pressure would, and those compactions have very high write amplification.

Disabling seek compaction may leave more files in upper levels for longer, so reads could theoretically consult more files. But Bitcoin Core enables bloom filters for all its LevelDB instances, so these misses are usually cheap in-memory filter checks rather than disk reads.

For the other DBs, the risk is much smaller. They also use bloom filters, and most are smaller and less read-heavy. With fewer levels and less random read pressure, disabling seek compaction should have little effect there.

Co-authored-by: l0rinc <pap.lorinc@gmail.com>

7c0fa17a68

fanquake force-pushed on May 28, 2026
DrahtBot added the label CI failed on May 28, 2026
DrahtBot commented at 4:05 PM on May 28, 2026: contributor


🚧 At least one of the CI tasks failed. Task lint: https://github.com/bitcoin/bitcoin/actions/runs/26580148981/job/78317916896 LLM reason (✨ experimental): CI failed the lint check “subtree” because a subtree directory was modified without a corresponding subtree merge.

<details><summary>Hints</summary>

Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:
- Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.
- A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.
- An intermittent issue.
Leave a comment here, if you need help tracking down a confusing failure.

</details>

ci: switch runners from cirrus to warpbuild

Github-Pull: #35378
Rebased-From: 4bdd46ace37f02da062a53a2943caeddca4ed8f9

6f1ff568fe

fanquake force-pushed on May 28, 2026

crypto: disable ASan instrumentation of SSE4 SHA256 for GCC

The existing Clang-only no_sanitize("address") guard is extended to
also cover GCC.  When GCC compiles this file with -fsanitize=address
in debug builds, the instrumented inline assembly causes a SEGV during
SHA256AutoDetect()'s self-test on CPUs that use the SSE4 code path
(i.e. those without SHA-NI support), regardless of optimization level.

The original Clang code placed the attribute between the function
declarator and the opening brace.  GCC's Attribute Syntax
documentation notes that this position in a function definition
"may, in future, be permitted," so it is not currently supported.
The attribute is moved to the start of the function definition,
which is valid form for both GCC and Clang.

The preprocessor guards are restructured so each compiler branch is
explicit: __clang__ with __has_feature, and __GNUC__ with
__SANITIZE_ADDRESS__.

Github-Pull: #34953
Rebased-From: fedeff7f201df0206eefb744ad125e44a63a3ea0

8dc6d13362

doc: remove reference to cirrus

Github-Pull: #35408
Rebased-From: 265563bf75c0b8b615e28d47398098020ff0b109

3855e5b0b7

ci: use ubuntu-latest instead of ubuntu-24.04

To match the usage of -latest for the warp runners.

Github-Pull: #35408
Rebased-From: 5700a61b73342b506b0114b342499da7642c1c10

aa12648e1c

fanquake force-pushed on May 29, 2026
fanquake force-pushed on May 29, 2026

ci: Add dynamic cache switching to warp cache

The GHA cache is very slow, taking on the order of minutes to save and
restore from.

Use WarpBuild's cache instead as this is in the same region and much
faster.

WarpBuild cache action does not auto-fallback to GHA if not being run on
Warp. To allow fork runs to fallback to GHA caching, whilst minimising
duplication in the action files, create new "interal" actions which
perform the switching logic, and use these in the (renamed) cache|save
actions.

Without this we would need the `if` logic in our prvious actions, 4
times in each of save and restore.

Plumb the provider through into the action, as a composite action can't
read `env` (`GITHUB_OUTPUT`) from previous steps.

Github-Pull: #35430
Rebased-From: 2ce4ae7d8f006959cb83be93a17b8125e953c30a

c1bf1c0049

fanquake force-pushed on Jun 2, 2026

ci: use Warp cache for Docker layers

Speeds of 1MB/s and 15 minute cached docker image pulls during builds
are not uncommon.

Warp runners provide a local GitHub Actions cache protocol proxy for
Docker layer cache traffic. Point BuildKit's gha cache backend at that
proxy on Warp runners so cached image layers do not have to be fetched
from GitHub's slower cache service.

Add a default for provider so other users (e.g. qa-assets) don't have to
update this unless they use custome runners.

Github-Pull: #35447
Rebased-From: 82901981bfbaeb3f41956597e6d90daa59a0c078

d87cd03049

fanquake force-pushed on Jun 4, 2026

net: use the proxy if overriden when doing v2->v1 reconnections

`OpenNetworkConnection()` supports overriding the proxy to use for
connecting. However when v2 connection is attempted and it fails a v1
connection is tried without that proxy.

Store the override proxy in `CNode` and pass it to
`CConnman::m_reconnections` to be used for v1 retries.

Github-Pull: #35410
Rebased-From: fd230f942d8377cafcc346f1605d5aa00db2cc40

0fee0c2c49

net: ensure no direct private broadcast connections

Private broadcast connections use either Tor or I2P, which require a
proxy intrinsically or IPv4 or IPv6 which must use a proxy in the
context of private broadcast to avoid leaking the originator's IP
address.

Add a safety check to guard against future mistakes.

Co-authored-by: Andrew Toth <andrewstoth@gmail.com>

Github-Pull: #35410
Rebased-From: d01b461f71e255dcb5d7d0ee84a560f26cfe0b6f

7f5b249bae

test: make reusable SOCKS5 server starting

Extract the part of `p2p_private_broadcast.py` that configures and
starts the SOCKS5 server into a reusable function and put it into
`test_framework/socks5.py`.

Use bind port 0 to let the OS pick an available port instead of
hackishly assuming that `p2p_port(N)` is available where N is more
than the number of the nodes the test uses.

Github-Pull: #35410
Rebased-From: 2ffa81fac40fd4d03bdcfd37479a6f3305afb483

cbcdc6ebb0

test: make reusable starting a standalone P2P listener

Extract the part of `p2p_private_broadcast.py` that starts
listening on a `P2PConnection` object (or its children classes)
and put it into `test_framework/p2p.py`.

Github-Pull: #35410
Rebased-From: 2333be9cbc58dd2a533c9bd604b9db593b1d96a7

eef53ad20a

test: make reusable filling of a node's addrman

Extract the part of `p2p_private_broadcast.py` that fills a given node's
addrman and put it into `test_framework/test_framework.py`.

Github-Pull: #35410
Rebased-From: ab35a028eded00008841a3ec8662823090bfc68b

31ccc9165f

test: add a regression test for private broadcast v1 retries

Github-Pull: #35410
Rebased-From: 5a3756d150fc095d0038592c6338225db48fd4b5

0e1f3a7d15

net: un-default the OpenNetworkConnection()'s proxy_override argument

This way callers will not forget to set it.

Github-Pull: #35410
Rebased-From: bf0d257c11bebc42b88b7e96368ed2be48bc0ad1

bf728e6f6b

doc: update release notes for v31.x 67d4028c83
fanquake force-pushed on Jun 4, 2026

Contributors

fanquake

DrahtBot

Labels

Backport CI failed

Milestone
31.1

Linked (view graph)

#34953 crypto: disable ASan instrumentation of SSE4 SHA256 for GCC (matching Clang)#35228 wallet: use `outpoint` when estimating input size #35279 psbt, test: remove address type restrictions in test #35313 Bump leveldb subtree #35316 musig: Reject empty pubkey list in GetMuSig2KeyAggCache #35348 ci: switch to GitHub cache for all runners #35378 ci: switch to warp runners #35408 ci: 35378 followups #35410 net: use the proxy if overriden when doing v2->v1 reconnections #35430 ci: use warp caching on warp runners #35447 ci: use warpbuild cache for docker buildkit cache

[31.x] Backports #35331

Code Coverage & Benchmarks

Reviews

LLM Linter (✨ experimental)