validation: CheckBlockIndex crashes during block reconsideration #32173
Description
Functional test to reproduce:
from test_framework.test_framework import BitcoinTestFramework
class CheckBlockIndexBug(BitcoinTestFramework):
def set_test_params(self):
self.setup_clean_chain = True
self.num_nodes = 1
def run_test(self):
self.generatetoaddress(self.nodes[0], 1, "2N9hLwkSqr1cPQAPxbrGVUjxyjD11G2e1he");
hashes = self.generatetoaddress(self.nodes[0], 1, "2N9hLwkSqr1cPQAPxbrGVUjxyjD11G2e1he");
self.generatetoaddress(self.nodes[0], 1, "2N2CmnxjBbPTHrawgG2FkTuBLcJtEzA86sF");
res = self.nodes[0].gettxoutsetinfo()
self.generatetoaddress(self.nodes[0], 3, "2N9hLwkSqr1cPQAPxbrGVUjxyjD11G2e1he");
self.log.info(self.nodes[0].invalidateblock(res["bestblock"]))
self.generatetoaddress(self.nodes[0], 3, "2N9hLwkSqr1cPQAPxbrGVUjxyjD11G2e1he");
self.nodes[0].reconsiderblock(hashes[0])
self.nodes[0].invalidateblock(hashes[0])
self.log.info(self.nodes[0].reconsiderblock(res["bestblock"]))
if __name__ == '__main__':
CheckBlockIndexBug(__file__).main()Stack trace:
bitcoind: validation.cpp:5392: void ChainstateManager::CheckBlockIndex(): Assertion `(pindex->nStatus & BLOCK_FAILED_MASK) == 0' failed.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3423379==ERROR: AddressSanitizer: ABRT on unknown address 0x000000343c93 (pc 0x7fb83abf0eec bp 0x7fb8348f16c0 sp 0x7fb8348efc30 T6)
#0 0x7fb83abf0eec (/lib/x86_64-linux-gnu/libc.so.6+0x8aeec) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
#1 0x7fb83aba1fb1 in raise (/lib/x86_64-linux-gnu/libc.so.6+0x3bfb1) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
#2 0x7fb83ab8c471 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x26471) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
#3 0x7fb83ab8c394 (/lib/x86_64-linux-gnu/libc.so.6+0x26394) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
#4 0x7fb83ab9aec1 in __assert_fail (/lib/x86_64-linux-gnu/libc.so.6+0x34ec1) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
#5 0x5578f6306f64 in ChainstateManager::CheckBlockIndex() /bitcoin/build_fuzz/src/./validation.cpp:5392:13
#6 0x5578f62fe81a in Chainstate::ActivateBestChain(BlockValidationState&, std::shared_ptr<CBlock const>) /bitcoin/build_fuzz/src/./validation.cpp:3627:16
#7 0x5578f5d03436 in ReconsiderBlock(ChainstateManager&, uint256) /bitcoin/build_fuzz/src/./rpc/blockchain.cpp:1669:33
#8 0x5578f5e3fbc7 in reconsiderblock()::$_0::operator()(RPCHelpMan const&, JSONRPCRequest const&) const /bitcoin/build_fuzz/src/./rpc/blockchain.cpp:1694:5
#9 0x5578f5e3fbc7 in UniValue std::__invoke_impl<UniValue, reconsiderblock()::$_0&, RPCHelpMan const&, JSONRPCRequest const&>(std::__invoke_other, reconsiderblock()::$_0&, RPCHelpMan const&, JSONRPCRequest const&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14
#10 0x5578f5e3fbc7 in std::enable_if<is_invocable_r_v<UniValue, reconsiderblock()::$_0&, RPCHelpMan const&, JSONRPCRequest const&>, UniValue>::type std::__invoke_r<UniValue, reconsiderblock()::$_0&, RPCHelpMan const&, JSONRPCRequest const&>(reconsiderblock()::$_0&, RPCHelpMan const&, JSONRPCRequest const&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:114:9
#11 0x5578f5e3fbc7 in std::_Function_handler<UniValue (RPCHelpMan const&, JSONRPCRequest const&), reconsiderblock()::$_0>::_M_invoke(std::_Any_data const&, RPCHelpMan const&, JSONRPCRequest const&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9
#12 0x5578f717fe3a in std::function<UniValue (RPCHelpMan const&, JSONRPCRequest const&)>::operator()(RPCHelpMan const&, JSONRPCRequest const&) const /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
#13 0x5578f717fe3a in RPCHelpMan::HandleRequest(JSONRPCRequest const&) const /bitcoin/build_fuzz/src/./rpc/util.cpp:684:20
#14 0x5578f5dc8455 in CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)::operator()(JSONRPCRequest const&, UniValue&, bool) const /bitcoin/build_fuzz/src/./rpc/server.h:101:91
#15 0x5578f5dc8455 in bool std::__invoke_impl<bool, CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)&, JSONRPCRequest const&, UniValue&, bool>(std::__invoke_other, CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, RPCHelpMan (*)())::'lambda'(JSONR
PCRequest const&, UniValue&, bool)&, JSONRPCRequest const&, UniValue&, bool&&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14
#16 0x5578f5dc8455 in std::enable_if<is_invocable_r_v<bool, CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)&, JSONRPCRequest const&, UniValue&, bool>, bool>::type std::__invoke_r<bool, CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, RPCHelpMan
(*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)&, JSONRPCRequest const&, UniValue&, bool>(CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)&, JSONRPCRequest const&, UniValue&, bool&&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:114:9
#17 0x5578f5dc8455 in std::_Function_handler<bool (JSONRPCRequest const&, UniValue&, bool), CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)>::_M_invoke(std::_Any_data const&, JSONRPCRequest const&, UniValue&, bool&&) /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:
9
#18 0x5578f6177d47 in std::function<bool (JSONRPCRequest const&, UniValue&, bool)>::operator()(JSONRPCRequest const&, UniValue&, bool) const /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
#19 0x5578f6177d47 in ExecuteCommand(CRPCCommand const&, JSONRPCRequest const&, UniValue&, bool) /bitcoin/build_fuzz/src/./rpc/server.cpp:512:20
#20 0x5578f6177d47 in ExecuteCommands(std::vector<CRPCCommand const*, std::allocator<CRPCCommand const*>> const&, JSONRPCRequest const&, UniValue&) /bitcoin/build_fuzz/src/./rpc/server.cpp:477:13
#21 0x5578f6176b16 in CRPCTable::execute(JSONRPCRequest const&) const /bitcoin/build_fuzz/src/./rpc/server.cpp:497:13
#22 0x5578f61759e6 in JSONRPCExec(JSONRPCRequest const&, bool) /bitcoin/build_fuzz/src/./rpc/server.cpp:353:31
#23 0x5578f6512301 in HTTPReq_JSONRPC(std::any const&, HTTPRequest*) /bitcoin/build_fuzz/src/./httprpc.cpp:217:21
#24 0x5578f653449f in std::function<bool (HTTPRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&)>::operator()(HTTPRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) const /usr/lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
#25 0x5578f653449f in HTTPWorkItem::operator()() /bitcoin/build_fuzz/src/./httpserver.cpp:60:9
#26 0x5578f653c305 in WorkQueue<HTTPClosure>::Run() /bitcoin/build_fuzz/src/./httpserver.cpp:115:13
#27 0x5578f6526470 in HTTPWorkQueueRun(WorkQueue<HTTPClosure>*, int) /bitcoin/build_fuzz/src/./httpserver.cpp:417:12
#28 0x7fb83af2c4a2 (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd44a2) (BuildId: 0c47cec75226c7736517d5acb61e373d541a5023)
#29 0x5578f56a1b06 in asan_thread_start(void*) asan_interceptors.cpp.o
#30 0x7fb83abef1f4 (/lib/x86_64-linux-gnu/libc.so.6+0x891f4) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)
#31 0x7fb83ac6f89b (/lib/x86_64-linux-gnu/libc.so.6+0x10989b) (BuildId: 79005c16293efa45b441fed45f4f29b138557e9e)