Skip to content

tx_package_eval: Timeout in tx_package_eval #35207

Open
Open
tx_package_eval: Timeout in tx_package_eval#35207
@fanquake

Description

@fanquake
fanquake
opened on May 4, 2026

https://issues.oss-fuzz.com/issues/509204928.
This has popped up recently in multiple infra (and apparently prior):

+----------------------------------------Release Build Stacktrace----------------------------------------+
	Command: /mnt/scratch0/clusterfuzz/resources/platform/linux/unshare -c -n /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bitcoin-core_83aef6625aaeafa301867de74608b320f3c923fe/revisions/tx_package_eval -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-05fc4de99d3e6fa42135e43f42e3535f66481ddf
	Time ran: 62.591912269592285
	
	INFO: Running with entropic power schedule (0xFF, 100).
	INFO: Seed: 3422426699
	INFO: Loaded 1 modules   (615874 inline 8-bit counters): 615874 [0x5882ce47c408, 0x5882ce5129ca),
	INFO: Loaded 1 PC tables (615874 PCs): 615874 [0x5882ce5129d0,0x5882cee785f0),
	/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bitcoin-core_83aef6625aaeafa301867de74608b320f3c923fe/revisions/tx_package_eval: Running 1 inputs 100 time(s) each.
	Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/timeout-05fc4de99d3e6fa42135e43f42e3535f66481ddf
	ALARM: working on the last Unit for 61 seconds
	       and the timeout value is 60 (use -timeout=N to change)
	==295== ERROR: libFuzzer: timeout after 61 seconds
	    #0 0x5882cbe3d551 in __sanitizer_print_stack_trace /src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3
	    #1 0x5882cbd2eff8 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5
	    #2 0x5882cbd11acd in fuzzer::Fuzzer::AlarmCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:304:5
	    #3 0x7f174c59e41f in libpthread.so.0
	    #4 0x5882cc0474af in tx_package_eval
	    #5 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    #6 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    #7 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    #8 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    #9 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    #10 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    #11 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    #12 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    #13 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    #14 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    #15 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    #16 0x5882cc0476be in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:141:14
	    #17 0x5882cc047696 in unsigned int std::__1::__tree_sub_invariant<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:138:18
	    #18 0x5882cc0454e0 in __tree_invariant<std::__1::__tree_node_base<void *> *> /usr/local/include/c++/v1/__tree:162:10
	    #19 0x5882cc0454e0 in void std::__1::__tree_remove[abi:de220000]<std::__1::__tree_node_base<void*>*>(std::__1::__tree_node_base<void*>*, std::__1::__tree_node_base<void*>*) /usr/local/include/c++/v1/__tree:345:3
	    #20 0x5882cc369d67 in __remove_node_pointer /usr/local/include/c++/v1/__tree:1900:3
	    #21 0x5882cc369d67 in erase /usr/local/include/c++/v1/__tree:2026:28
	    #22 0x5882cc369d67 in erase /usr/local/include/c++/v1/set:774:77
	    #23 0x5882cc369d67 in operator() [bitcoin-core/src/test/fuzz/package_eval.cpp:406](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/package_eval.cpp#L406):31
	    #24 0x5882cc369d67 in (anonymous namespace)::tx_package_eval_fuzz_target(std::__1::span<unsigned char const, 18446744073709551615ul>) [bitcoin-core/src/test/fuzz/package_eval.cpp:384](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/package_eval.cpp#L384):30
	    #25 0x5882cc69cfc4 in operator() /usr/local/include/c++/v1/__functional/function.h:274:12
	    #26 0x5882cc69cfc4 in operator() /usr/local/include/c++/v1/__functional/function.h:772:10
	    #27 0x5882cc69cfc4 in test_one_input [bitcoin-core/src/test/fuzz/fuzz.cpp:86](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/fuzz.cpp#L86):5
	    #28 0x5882cc69cfc4 in LLVMFuzzerTestOneInput [bitcoin-core/src/test/fuzz/fuzz.cpp:214](https://github.com/bitcoin/bitcoin/blob/8f4a3ba8972dae9412ba975a040cea22c227f983/src/test/fuzz/fuzz.cpp#L214):5
	    #29 0x5882cbd1322d in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:619:13
	    #30 0x5882cbcfcf42 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:329:6
	    #31 0x5882cbd02e10 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:865:9
	    #32 0x5882cbd2f9a2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
	    #33 0x7f174c373082 in __libc_start_main /build/glibc-B3wQXB/glibc-2.31/csu/libc-start.c:308:16
	    #34 0x5882cbcf602d in _start
	
	SUMMARY: libFuzzer: timeout

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions