fuzz: cover deferred writing in chanmon_consistency

[joostjager]

Adds fuzz coverage for #4351

[ldk-reviews-bot]

👋 I see @wpaulino was un-assigned.
If you'd like another reviewer assignment, please click here.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.11%. Comparing base (75ac90a) to head (5eb96ab).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4465      +/-   ##
==========================================
- Coverage   86.12%   86.11%   -0.02%     
==========================================
  Files         157      157              
  Lines      108824   108871      +47     
  Branches   108824   108871      +47     
==========================================
+ Hits        93727    93755      +28     
- Misses      12480    12501      +21     
+ Partials     2617     2615       -2     

Flag	Coverage Δ
tests	86.11% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[joostjager]

Rebased

[joostjager]

Will hold off on this until pre-existing fuzz failures #4496 and #4472 are in

[joostjager]

Prerequisites are in, rebased.

[TheBlueMatt]

This LGTM, why is it draft?

[joostjager]

I first wanted to do a serious local run, but then it turned out there are so many pre-existing fuzz failures that it is hard to see what's new. I've bisected the failures to the various PRs that introduced them.

[joostjager]

Although for this PR I could just see if anything pops up that doesnt repro on main. Will do that.

[joostjager]

Several newly introduced fuzz failures to address:

7084a32219ffa61b1919192119197084a32219ff4400001d228012ffab
10fa0040801170704040198040111911191f1f1170bbff1170ffb3b2b6
10000150804211be707040198011191f1119401f401f0aa97210b6ff25
10000150804211707040198011191f11191f1a4040a91f7210b6ff25

[joostjager]

Zoomed in on one of those sequences, and it seems it is reproducible with another string without deferred mode too.

0270801109191109191f1f10b6ff

[joostjager]

Dependency: #4520

[joostjager]

Interestingly the non-deferred mode reproducer 0270801109191109191f1f10b6ff doesn't fail on main anymore, with #4520 not yet merged. Bisected the fixing PR to #4529 (@tankyleo).

It seems the increased headroom made the bug unobservable to the fuzzer?

I ran the fuzzer on this branch overnight, and no failures were found.

[joostjager]

I'll try to add a new invariant to the fuzzer so it catches the problem in a more robust way.

[joostjager]

Invariant addition: #4601

[joostjager]

Will rebase this after #4571

[ldk-claude-review-bot]

I've completed a thorough re-review of the entire PR diff, including:

1. Tracing the full lifecycle of LatestMonitorState (pending_monitors vs pending_monitor_completions)
2. Verifying the deferred flush mechanism (checkpoint_manager_persistence → flush → Persist callbacks)
3. Checking that assert_eq!(pending_operation_count(), 0) invariants hold at all call sites
4. Verifying the reload path with deferred + InProgress combinations
5. Confirming the settle loop (process_all_events) converges correctly with deferred mode
6. Checking make_channel setup with deferred mode
7. Reviewing all fuzz command handlers (0x00-0xff) for deferred-mode safety

No new issues found beyond what was already noted in the prior review pass.

Prior review status:

• Line 367 (docstring accuracy): Still applies but is a documentation nit, not a bug.
• Line 386 (drain_all for Completed): Still applies as a fragility note. The invariant that update_ret is constant during a node's lifetime ensures correctness.
• Line 421 (mark_persisted bug claim): Confirmed false positive as noted in the prior summary. pending_monitors and pending_monitor_completions are independent lists, and out-of-order completion works correctly.
• Line 1179 (update_ret ordering): Confirmed false positive as noted in the prior summary. The fresh persister is created with Completed at line 1108, the flush at line 1176 runs while update_ret is still Completed, and only line 1181 changes it.

No issues found.

[joostjager]

I reworked this PR and based it on a preparatory commit that makes the fuzzer's persistence model much more understandable, in my opinion. The prep work was taken from the force-close fuzzing PR #4381 that is still WIP, so it should be useful there as well.

[joostjager]

Fuzzed this overnight, no failures other than what is pre-existing in main.