The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.
A summary of reviews will appear here.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #30660 (test: Shut down framework cleanly on RPC connection failure by hodlinator)
• #30487 (ci: skip Github CI on branch pushes for forks by Sjors)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

https://github.com/bitcoin/bitcoin/actions/runs/11014291937/job/30584604403?pr=30956#step:10:930
contains:
bitcoind.vcxproj -> D:\a\bitcoin\bitcoin\build\src\RelWithDebInfo\bitcoind.exe
...notice the "RelWithDebInfo", so it should be generating .PDB files like it does for me locally.

@maflcko continuing discussion after your comment in the related issue:

Seems fine to integrate in a pull request and then keep the pull request unmerged, and only merge the pull request in the GHA CI, as that is the only place where it reproduces. Adding temporary test test-only code for everyone else may be a bit too much.

1. Do you think the current approach of temporarily changing from Release -> RelWithDebInfo for Windows would be acceptable, as a PR that is only run on CI?

2. Do you have any ideas for being able to retrieve generated .DMP and .PDB files from CI? I'm totally unfamiliar with GHA so RTFM-links are welcome too. An alternative approach could be to make this temporary PR upload the relevant files to somewhere, only if the issue occurs.

Feel free to loop in others to answer if you think it's more their area of ownership.

Do you have any ideas for being able to retrieve generated .DMP and .PDB files from CI?

I think you can add something like:

- uses: actions/upload-artifact@v4
  with:
    name: dump
    path: %RUNNER_TEMP%/**/bitcoind.dmp
    if-no-files-found: ignore

after the run: part of each job.

https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow
https://github.com/actions/upload-artifact#examples

1. Do you think the current approach of temporarily changing from Release -> RelWithDebInfo for Windows would be acceptable, as a PR that is only run on CI?

Seems fine to do permanent, if there are no downsides or slow-down. cc @hebasto

https://github.com/bitcoin/bitcoin/actions/runs/11030752196 gives me:

actions/upload-artifact@v4 is not allowed to be used in bitcoin/bitcoin. Actions in this workflow must be: within a repository owned by bitcoin or matching the following: actions/cache@, actions/cache/restore@, actions/cache/save@, actions/checkout@, ilammy/msvc-dev-cmd@*.

Maybe one could (ab)use actions/cache/save but I'll pause here for more input.

Maybe you can leave it in your repo and just trigger the task every 3 hours for two weeks to get the dump eventually?

1. Do you think the current approach of temporarily changing from Release -> RelWithDebInfo for Windows would be acceptable, as a PR that is only run on CI?

Seems fine to do permanent, if there are no downsides or slow-down. cc @hebasto

Here is some historical context:

1. In pre-Cmake times, manually crafted project files had two configurations: "Release" and "Debug".
2. While working on the CMake staging branch, the CI build configuration remained "Release" to allow the use of Ccache. This functionality was later dropped.

At this point, I don't see any drawbacks to switching the CI job's build configuration from "Release" to "RelWithDebInfo".

🚧 At least one of the CI tasks failed.
_{Debug: https://github.com/bitcoin/bitcoin/runs/30753975513}

https://github.com/hodlinator/bitcoin/actions/runs/11069726468/job/30757882453#step:15:114 :
subprocess.TimeoutExpired: Command '['D:\\a\\bitcoin\\bitcoin\\build\\test\\cache\\node0\\Procdump.exe', '-mm', '7904', 'D:\\a\\bitcoin\\bitcoin\\build\\test\\cache\\node0\\bitcoind.dmp']' timed out after 4800 seconds

The Procdump.exe process itself times out when trying to produce the dump. 🤦
Could be that it's popping up a GUI dialogue on first run, will investigate further.

Partial victory! - Latest run https://github.com/hodlinator/bitcoin/actions/runs/11087284207 actually uploaded a .DMP file (but it wasn't a real stall, just forced it to happen).

Still remains to see if it loads nicely in the debugger.

Other remaining issue is that I used a hardcoded absolute path for the upload-artifact step since I'm still struggling to find the correct glob-expression. Can't assume it will be node0 that stalls, and unsure if the path will be the same when removing --nocleanup. (Come to think of it, --nocleanup shouldn't be necessary now that the test fails).

      - name: Upload .DMP file
        uses: actions/upload-artifact@v4
        id: dmp-upload
        if: ${{ failure() && steps.functional-tests.conclusion == 'failure' }}
        with:
          name: bitcoind-windows-dmp-file
          path: D:/a/bitcoin/bitcoin/build/test/cache/node0/bitcoind.dmp

I'm a bit mystified by RUNNER_TEMP passed as --tmpdirprefix to the functional test runner having the value D:/a/_temp/, while the test data seems to end up in D:/a/bitcoin/bitcoin/build/test/cache/, but maybe the cache part is a clue.

Still remains to see if it loads nicely in the debugger.

It debugs!

Requires .DMP, .PDB and .EXE (last one currently luckily added just as an extra test).

We have a winner! https://github.com/hodlinator/bitcoin/actions/runs/11311779692/job/31458399560
Downloaded the artifacts now just to be sure, but I won't be able to look at them until early next week.
Might keep the CI schedule running for one more dump before turning it off unless anyone disagrees.

Another one! https://github.com/hodlinator/bitcoin/actions/runs/11368998912/job/31625398583

Had a few other cases. First 2 are confirmed to be the same issue - seeding randomness entropy from Windows performance data obtained through the Registry API during startup hangs when attempting to release a semaphore deep in Microsoft code. Turned off the once-per-hour CI schedule on my master-branch for now. More work to follow next week.

seeding randomness entropy from Windows performance data obtained through the Registry API during startup hangs when attempting to release a semaphore deep in Microsoft code.

The call to RegQueryValueExA in RandAddSeedPerfmon:

The call to RegQueryValueExA in RandAddSeedPerfmon:

good find !

i couldn't find anything wrong with that code; however i looked into the Microsoft documentation for this: https://learn.microsoft.com/en-us/windows/win32/perfctrs/using-the-registry-functions-to-consume-counter-data

apparently, querying HKEY_PERFORMANCE_DATA can potentially load all kinds of DLLs for performance counter data, depending on drivers installed on the system, as well as collects performance information for every process and thread on the system (could be a lot on busy systems)

it's very possible that one of these has a race condition, or other crash bug, in the configuration used in the CI

if we have enough other random sources in Windows (i haven't checked this) then we could consider disabling this one, it was more of a workaround when there were no official OS entropy sources

does disabling it fix the stalls?

The call to RegQueryValueExA in RandAddSeedPerfmon:

I think you can open a PR to just remove this entirely.

I think you can open a PR to just remove this entirely.

On it. Will explore other possible fixes after publishing that PR.

PR: #31124

Debugged a 3rd dump:
https://github.com/hodlinator/bitcoin/actions/runs/11414623090
Same stacks in threads and local function state in RandAddSeedPerfmon() was similar/same as observed in 2 previous dump files - nSize = 843750 (250000 × (1.5^3)).

Main thread

 	ntdll.dll!NtReleaseSemaphore()	Unknown
 	KERNELBASE.dll!ReleaseSemaphore()	Unknown
 	WmiApRpl.dll!WmiReverseGuard::LeaveRead(long)	Unknown
 	WmiApRpl.dll!WmiReverseMemoryExt<class WmiReverseGuard>::Read(void *,unsigned long,unsigned long *,unsigned long)	Unknown
 	WmiApRpl.dll!WmiAdapterWrapper::GetValidity(unsigned long)	Unknown
 	WmiApRpl.dll!WmiAdapterWrapper::CollectObjects(unsigned short const *,void * *,unsigned long *,unsigned long *)	Unknown
 	WmiApRpl.dll!WmiAdapterWrapper::Collect(unsigned short const *,void * *,unsigned long *,unsigned long *)	Unknown
 	WmiApRpl.dll!WmiCollectPerfData(unsigned short const *,void * *,unsigned long *,unsigned long *)	Unknown
 	advapi32.dll!CallExtObj()	Unknown
 	advapi32.dll!QueryV1Provider()	Unknown
 	advapi32.dll!QueryExtensibleData()	Unknown
 	advapi32.dll!PerfRegQueryValueEx()	Unknown
 	advapi32.dll!PerfRegQueryValue()	Unknown
 	KERNELBASE.dll!BaseRegQueryValueInternal()	Unknown
>	KERNELBASE.dll!RegQueryValueExA()	Unknown
 	bitcoind.exe!`anonymous namespace'::RandAddSeedPerfmon(CSHA512 & hasher) Line 86	C++
 	bitcoind.exe!RandAddDynamicEnv(CSHA512 & hasher) Line 235	C++
 	bitcoind.exe!`anonymous namespace'::SeedStartup(CSHA512 & hasher, `anonymous-namespace'::RNGState & rng) Line 624	C++
 	bitcoind.exe!`anonymous namespace'::ProcRand(unsigned char * out, int num, `anonymous-namespace'::RNGLevel level, bool always_use_real_rng) Line 662	C++
 	[Inline Frame] bitcoind.exe!kernel::Context::{ctor}::__l2::<lambda_1>::operator()() Line 21	C++
 	[Inline Frame] bitcoind.exe!std::invoke(kernel::Context::{ctor}::__l2::<lambda_1> &&) Line 1704	C++
 	bitcoind.exe!std::call_once<`kernel::Context::Context'::`2'::<lambda_1>>(std::once_flag & _Once, kernel::Context::{ctor}::__l2::<lambda_1> && _Fx) Line 103	C++
 	bitcoind.exe!kernel::Context::Context() Line 23	C++
 	[Inline Frame] bitcoind.exe!std::make_unique() Line 3597	C++
 	bitcoind.exe!AppInit(node::NodeContext & node) Line 188	C++
 	bitcoind.exe!main(int argc, char * * argv) Line 277	C++
 	[Inline Frame] bitcoind.exe!invoke_main() Line 78	C++
 	bitcoind.exe!__scrt_common_main_seh() Line 288	C++
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

PerfdiskPnpNotification thread

 	win32u.dll!NtUserGetMessage()	Unknown
 	user32.dll!GetMessageW()	Unknown
>	perfdisk.dll!PerfdiskPnpNotification(void *)	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

This was the only thread not stuck in NtReleaseSemaphore/NtWaitFor*.

Another project also encountered a hang with [_]PerfdiskPnpNotification in another thread.
https://stackoverflow.com/questions/15730185/performance-data-handler-hangs-for-physicaldisk

Googling for _PerfdiskPnpNotification finds it sometimes tries to open a pop up window.

Linked post uses the PDH API, which internally queries the registry (seen in linked posts' callstack). Seems like their case was solved by moving the calling code out of DllMain. Would be weird if us calling Perf Counter functions from inside our main() was unsupported though.

Remote Access Manager thread

 	ntdll.dll!NtWaitForSingleObject()	Unknown
 	KERNELBASE.dll!WaitForSingleObjectEx()	Unknown
>	rasctrs.dll!RasmanServiceMonitor()	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

Possibly a side effect of running ProcDump to capture the .DMP file from the sound of Rem0o/FanControl.Releases#101 (comment).

Other threads

 	ntdll.dll!NtWaitForSingleObject()	Unknown
 	KERNELBASE.dll!WaitForSingleObjectEx()	Unknown
>	aspnet_perf.dll!CPerfCounterClient::GatherPerfData(void)	Unknown
 	aspnet_perf.dll!PerfDataGatherThreadStart(void *)	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

 	ntdll.dll!NtWaitForMultipleObjects()	Unknown
 	sechost.dll!EtwpProcessRealTimeTraces()	Unknown
 	sechost.dll!ProcessTrace()	Unknown
>	perfts.dll!BlockOnProcessTrace(void *)	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

 	ntdll.dll!NtWaitForMultipleObjects()	Unknown
 	KERNELBASE.dll!WaitForMultipleObjectsEx()	Unknown
 	KERNELBASE.dll!WaitForMultipleObjects()	Unknown
>	perfos.dll!StandbyMonitorThreadProc(void *)	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

 	ntdll.dll!NtWaitForWorkViaWorkerFactory()	Unknown
>	ntdll.dll!TppWorkerThread()	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

2 each of

 	ntdll.dll!NtWaitForMultipleObjects()	Unknown
 	KERNELBASE.dll!WaitForMultipleObjectsEx()	Unknown
 	KERNELBASE.dll!WaitForMultipleObjects()	Unknown
>	CorperfmonExt.dll!HandlerAuxThreadProc(void *)	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

 	ntdll.dll!NtWaitForSingleObject()	Unknown
 	KERNELBASE.dll!WaitForSingleObjectEx()	Unknown
>	aspnet_perf.dll!CPerfCounterClient::MonitorPerfPipeNames(void)	Unknown
 	aspnet_perf.dll!RegistryMonitorThreadStart(void *)	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

This might indicate there are lingering threads from a previous loop iteration that were not cleaned up yet. Despite the official example not calling RegCloseKey at all, maybe we should try doing it for every loop iteration to see if that fixes it.

Alternative Performance Counter APIs

https://learn.microsoft.com/en-us/windows/win32/perfctrs/about-performance-counters#performance-api-architecture <- Has a handy diagram of the 3 consumer-facing apis. It states:

Some older performance counter consumers use the registry APIs to collect performance data from the special HKEY_PERFORMANCE_DATA registry key. This is not recommended for new code because processing the data from the registry is complex and error-prone. The registry API implementation directly supports collecting data from V1 providers. It indirectly supports collecting data from V2 providers through a translation layer that uses the V2 consumer APIs.

Some performance counter consumers use the PerfLib V2 Consumer functions to directly access data from V2 providers. This is more complex than consuming data using the PDH APIs, but this approach can be useful if PDH APIs cannot be used due to performance or dependency concerns. The PerfLib V2 implementation directly supports collecting data from V2 providers. It does not support collecting data from V1 providers.

The main callstack above with our hang contains QueryV1Provider. Makes me think maybe we should migrate to the more modern V2 API that does not go through the Registry layer.

Log performance counter data?

https://learn.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regqueryvalueexa:

If the buffer specified by lpData parameter is not large enough to hold the data, the function returns ERROR_MORE_DATA and stores the required buffer size in the variable pointed to by lpcbData. In this case, the contents of the lpData buffer are undefined.

It is unclear whether we get anything useful back in the failure case, but we could add code to see if lpData (PPERF_DATA_BLOCK) has anything usable. Maybe it would provide hints at what is different from successful runs and causing the failures.

🐙 This pull request conflicts with the target branch and needs rebase.

It is not entirely clear whether it should be called after every RegQueryValueExA or if it's fine as-is, after the loop.

FWIW the idea that i got from reading that was that you should close the key when done with the API. Not at any specific point. This will unload the performance collection DLLs. The next time you query the key again they will be loaded again.

i concluded that we do the right thing (never close it) because, we're never done with it, we keep queryiing them time after time after time, so might as well keep the DLLs in memory.

But yes it's ambiguous.

Turned off hourly CI for now, since fix removing the offending function was merged into bitcoin:master.

Intend to experiment with more surgical solutions and document that here in the future.

Turned off hourly CI for now, since fix removing the offending function was merged into bitcoin:master.

Would it make sense to leave it running for a little longer to validate that the fix worked?

Would it make sense to leave it running for a little longer to validate that the fix worked?

My reasoning was that there should be enough CI runs on master and all runs on PRs based on top of the merged fix. If it re-occurs hopefully one of us will reopen #30390. But I don't have a well-developed sense for how much strain is reasonable to put on the CI resources.

My reasoning was that there should be enough CI runs on master and all runs on PRs based on top of the merged fix.

Oh, didn't think of that, makes sense to me.

Can this be closed, or is it waiting on something?

Can this be closed, or is it waiting on something?

I'd like to keep it open as I explore less nuclear solutions. Pushed an initial attempt to here and my personal master: hodlinator/bitcoin@84cd647...f69a238

I'd like to keep it open as I explore less nuclear solutions. Pushed an initial attempt to here and my personal master: hodlinator/bitcoin@84cd647...f69a238

In my opinion your (already merged) change to drop the offending code from the RNG is fine, and isn't really something we need to investigate further / work on reintroducing.

isn't really something we need to investigate further / work on reintroducing.

Agree, it's fine, it's good to get rid of the perfmon query.

Alright, our time is finite and hopefully CryptGenRandom should be enough for now. Closing.