diff --git a/src/net_processing.h b/src/net_processing.h
index b6436a712c..d4c5d49df9 100644
--- a/src/net_processing.h
+++ b/src/net_processing.h
@@ -1,121 +1,122 @@
 // Copyright (c) 2009-2010 Satoshi Nakamoto
 // Copyright (c) 2009-2016 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #ifndef BITCOIN_NET_PROCESSING_H
 #define BITCOIN_NET_PROCESSING_H
 
 #include <consensus/params.h>
 #include <net.h>
 #include <validationinterface.h>
 
 class Config;
 
 /**
  * Default for -maxorphantx, maximum number of orphan transactions kept in
  * memory.
  */
 static const unsigned int DEFAULT_MAX_ORPHAN_TRANSACTIONS = 100;
 /** Expiration time for orphan transactions in seconds */
 static const int64_t ORPHAN_TX_EXPIRE_TIME = 20 * 60;
 /** Minimum time between orphan transactions expire time checks in seconds */
 static const int64_t ORPHAN_TX_EXPIRE_INTERVAL = 5 * 60;
 /**
  * Default number of orphan+recently-replaced txn to keep around for block
  * reconstruction.
  */
 static const unsigned int DEFAULT_BLOCK_RECONSTRUCTION_EXTRA_TXN = 100;
 /**
  * Headers download timeout expressed in microseconds.
  * Timeout = base + per_header * (expected number of headers)
  */
 // 15 minutes
 static constexpr int64_t HEADERS_DOWNLOAD_TIMEOUT_BASE = 15 * 60 * 1000000;
 // 1ms/header
 static constexpr int64_t HEADERS_DOWNLOAD_TIMEOUT_PER_HEADER = 1000;
 /**
  * Protect at least this many outbound peers from disconnection due to
  * slow/behind headers chain.
  */
 static constexpr int32_t MAX_OUTBOUND_PEERS_TO_PROTECT_FROM_DISCONNECT = 4;
 /**
  * Timeout for (unprotected) outbound peers to sync to our chainwork, in
  * seconds.
  */
 // 20 minutes
 static constexpr int64_t CHAIN_SYNC_TIMEOUT = 20 * 60;
 /** How frequently to check for stale tips, in seconds */
 // 10 minutes
 static constexpr int64_t STALE_CHECK_INTERVAL = 10 * 60;
 /**
  * How frequently to check for extra outbound peers and disconnect, in seconds.
  */
 static constexpr int64_t EXTRA_PEER_CHECK_INTERVAL = 45;
 /**
  * Minimum time an outbound-peer-eviction candidate must be connected for, in
  * order to evict, in seconds.
  */
 static constexpr int64_t MINIMUM_CONNECT_TIME = 30;
 
 class PeerLogicValidation final : public CValidationInterface,
                                   public NetEventsInterface {
 private:
     CConnman *const connman;
 
 public:
     explicit PeerLogicValidation(CConnman *connman, CScheduler &scheduler);
 
     void
     BlockConnected(const std::shared_ptr<const CBlock> &pblock,
                    const CBlockIndex *pindexConnected,
                    const std::vector<CTransactionRef> &vtxConflicted) override;
     void UpdatedBlockTip(const CBlockIndex *pindexNew,
                          const CBlockIndex *pindexFork,
                          bool fInitialDownload) override;
     void BlockChecked(const CBlock &block,
                       const CValidationState &state) override;
     void NewPoWValidBlock(const CBlockIndex *pindex,
                           const std::shared_ptr<const CBlock> &pblock) override;
 
     void InitializeNode(const Config &config, CNode *pnode) override;
     void FinalizeNode(const Config &config, NodeId nodeid,
                       bool &fUpdateConnectionTime) override;
     /**
      * Process protocol messages received from a given node.
      */
     bool ProcessMessages(const Config &config, CNode *pfrom,
                          std::atomic<bool> &interrupt) override;
     /**
      * Send queued protocol messages to be sent to a give node.
      *
      * @param[in]   pto             The node which we are sending messages to.
      * @param[in]   interrupt       Interrupt condition for processing threads
      * @return                      True if there is more work to be done
      */
     bool SendMessages(const Config &config, CNode *pto,
-                      std::atomic<bool> &interrupt) override;
+                      std::atomic<bool> &interrupt) override
+        EXCLUSIVE_LOCKS_REQUIRED(pto->cs_sendProcessing);
 
     void ConsiderEviction(CNode *pto, int64_t time_in_seconds);
     void
     CheckForStaleTipAndEvictPeers(const Consensus::Params &consensusParams);
     void EvictExtraOutboundPeers(int64_t time_in_seconds);
 
 private:
     //! Next time to check for stale tip
     int64_t m_stale_tip_check_time;
 };
 
 struct CNodeStateStats {
     int nMisbehavior = 0;
     int nSyncHeight = -1;
     int nCommonHeight = -1;
     std::vector<int> vHeightInFlight;
 };
 
 /** Get statistics from node state */
 bool GetNodeStateStats(NodeId nodeid, CNodeStateStats &stats);
 /** Increase a node's misbehavior score. */
 void Misbehaving(NodeId nodeid, int howmuch, const std::string &reason);
 
 #endif // BITCOIN_NET_PROCESSING_H
diff --git a/src/test/denialofservice_tests.cpp b/src/test/denialofservice_tests.cpp
index 15dba1275a..3f3792d16a 100644
--- a/src/test/denialofservice_tests.cpp
+++ b/src/test/denialofservice_tests.cpp
@@ -1,398 +1,427 @@
 // Copyright (c) 2011-2016 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 // Unit tests for denial-of-service detection/prevention code
 
 #include <chain.h>
 #include <chainparams.h>
 #include <config.h>
 #include <keystore.h>
 #include <net.h>
 #include <net_processing.h>
 #include <pow.h>
 #include <script/sign.h>
 #include <serialize.h>
 #include <util.h>
 #include <validation.h>
 
 #include <test/test_bitcoin.h>
 
 #include <boost/test/unit_test.hpp>
 
 #include <cstdint>
 
 // Tests these internal-to-net_processing.cpp methods:
 extern bool AddOrphanTx(const CTransactionRef &tx, NodeId peer);
 extern void EraseOrphansFor(NodeId peer);
 extern unsigned int LimitOrphanTxSize(unsigned int nMaxOrphans);
 struct COrphanTx {
     CTransactionRef tx;
     NodeId fromPeer;
     int64_t nTimeExpire;
 };
 extern std::map<uint256, COrphanTx> mapOrphanTransactions;
 
 static CService ip(uint32_t i) {
     struct in_addr s;
     s.s_addr = i;
     return CService(CNetAddr(s), Params().GetDefaultPort());
 }
 
 static NodeId id = 0;
 
 void UpdateLastBlockAnnounceTime(NodeId node, int64_t time_in_seconds);
 
 BOOST_FIXTURE_TEST_SUITE(denialofservice_tests, TestingSetup)
 
 // Test eviction of an outbound peer whose chain never advances
 // Mock a node connection, and use mocktime to simulate a peer which never sends
 // any headers messages. PeerLogic should decide to evict that outbound peer,
 // after the appropriate timeouts.
 // Note that we protect 4 outbound nodes from being subject to this logic; this
 // test takes advantage of that protection only being applied to nodes which
 // send headers with sufficient work.
 BOOST_AUTO_TEST_CASE(outbound_slow_chain_eviction) {
     const Config &config = GetConfig();
     std::atomic<bool> interruptDummy(false);
 
     // Mock an outbound peer
     CAddress addr1(ip(0xa0b0c001), NODE_NONE);
     CNode dummyNode1(id++, ServiceFlags(NODE_NETWORK), 0, INVALID_SOCKET, addr1,
                      0, 0, CAddress(), "",
                      /*fInboundIn=*/false);
     dummyNode1.SetSendVersion(PROTOCOL_VERSION);
 
     peerLogic->InitializeNode(config, &dummyNode1);
     dummyNode1.nVersion = 1;
     dummyNode1.fSuccessfullyConnected = true;
 
     // This test requires that we have a chain with non-zero work.
-    LOCK(cs_main);
-    BOOST_CHECK(chainActive.Tip() != nullptr);
-    BOOST_CHECK(chainActive.Tip()->nChainWork > 0);
+    {
+        LOCK(cs_main);
+        BOOST_CHECK(chainActive.Tip() != nullptr);
+        BOOST_CHECK(chainActive.Tip()->nChainWork > 0);
+    }
 
     // Test starts here
-    LOCK(dummyNode1.cs_sendProcessing);
-    // should result in getheaders
-    peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
-    LOCK(dummyNode1.cs_vSend);
-    BOOST_CHECK(dummyNode1.vSendMsg.size() > 0);
-    dummyNode1.vSendMsg.clear();
+    {
+        LOCK2(cs_main, dummyNode1.cs_sendProcessing);
+        // should result in getheaders
+        peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    }
+    {
+        LOCK2(cs_main, dummyNode1.cs_vSend);
+        BOOST_CHECK(dummyNode1.vSendMsg.size() > 0);
+        dummyNode1.vSendMsg.clear();
+    }
 
     int64_t nStartTime = GetTime();
     // Wait 21 minutes
     SetMockTime(nStartTime + 21 * 60);
-    // should result in getheaders
-    peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
-    BOOST_CHECK(dummyNode1.vSendMsg.size() > 0);
+    {
+        LOCK2(cs_main, dummyNode1.cs_sendProcessing);
+        // should result in getheaders
+        peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    }
+    {
+        LOCK2(cs_main, dummyNode1.cs_vSend);
+        BOOST_CHECK(dummyNode1.vSendMsg.size() > 0);
+    }
     // Wait 3 more minutes
     SetMockTime(nStartTime + 24 * 60);
-    // should result in disconnect
-    peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    {
+        LOCK2(cs_main, dummyNode1.cs_sendProcessing);
+        // should result in disconnect
+        peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    }
     BOOST_CHECK(dummyNode1.fDisconnect == true);
     SetMockTime(0);
 
     bool dummy;
     peerLogic->FinalizeNode(config, dummyNode1.GetId(), dummy);
 }
 
 static void AddRandomOutboundPeer(const Config &config,
                                   std::vector<std::unique_ptr<CNode>> &vNodes,
                                   PeerLogicValidation &peerLogic) {
     CAddress addr(ip(g_insecure_rand_ctx.randbits(32)), NODE_NONE);
     vNodes.emplace_back(new CNode(id++, ServiceFlags(NODE_NETWORK), 0,
                                   INVALID_SOCKET, addr, 0, 0, CAddress(), "",
                                   /*fInboundIn=*/false));
     CNode &node = *vNodes.back();
     node.SetSendVersion(PROTOCOL_VERSION);
 
     peerLogic.InitializeNode(config, &node);
     node.nVersion = 1;
     node.fSuccessfullyConnected = true;
 
     CConnmanTest::AddNode(node);
 }
 
 BOOST_AUTO_TEST_CASE(stale_tip_peer_management) {
     const Config &config = GetConfig();
     const Consensus::Params &consensusParams =
         config.GetChainParams().GetConsensus();
     constexpr int nMaxOutbound = 8;
     CConnman::Options options;
     options.nMaxConnections = 125;
     options.nMaxOutbound = nMaxOutbound;
     options.nMaxFeeler = 1;
 
     connman->Init(options);
     std::vector<std::unique_ptr<CNode>> vNodes;
 
     // Mock some outbound peers
     for (int i = 0; i < nMaxOutbound; ++i) {
         AddRandomOutboundPeer(config, vNodes, *peerLogic);
     }
 
     peerLogic->CheckForStaleTipAndEvictPeers(consensusParams);
 
     // No nodes should be marked for disconnection while we have no extra peers
     for (auto const &node : vNodes) {
         BOOST_CHECK(node->fDisconnect == false);
     }
 
     SetMockTime(GetTime() + 3 * consensusParams.nPowTargetSpacing + 1);
 
     // Now tip should definitely be stale, and we should look for an extra
     // outbound peer
     peerLogic->CheckForStaleTipAndEvictPeers(consensusParams);
     BOOST_CHECK(connman->GetTryNewOutboundPeer());
 
     // Still no peers should be marked for disconnection
     for (auto const &node : vNodes) {
         BOOST_CHECK(node->fDisconnect == false);
     }
 
     // If we add one more peer, something should get marked for eviction
     // on the next check (since we're mocking the time to be in the future, the
     // required time connected check should be satisfied).
     AddRandomOutboundPeer(config, vNodes, *peerLogic);
 
     peerLogic->CheckForStaleTipAndEvictPeers(consensusParams);
     for (int i = 0; i < nMaxOutbound; ++i) {
         BOOST_CHECK(vNodes[i]->fDisconnect == false);
     }
     // Last added node should get marked for eviction
     BOOST_CHECK(vNodes.back()->fDisconnect == true);
 
     vNodes.back()->fDisconnect = false;
 
     // Update the last announced block time for the last
     // peer, and check that the next newest node gets evicted.
     UpdateLastBlockAnnounceTime(vNodes.back()->GetId(), GetTime());
 
     peerLogic->CheckForStaleTipAndEvictPeers(consensusParams);
     for (int i = 0; i < nMaxOutbound - 1; ++i) {
         BOOST_CHECK(vNodes[i]->fDisconnect == false);
     }
     BOOST_CHECK(vNodes[nMaxOutbound - 1]->fDisconnect == true);
     BOOST_CHECK(vNodes.back()->fDisconnect == false);
 
     bool dummy;
     for (auto const &node : vNodes) {
         peerLogic->FinalizeNode(config, node->GetId(), dummy);
     }
 
     CConnmanTest::ClearNodes();
 }
 
 BOOST_AUTO_TEST_CASE(DoS_banning) {
     const Config &config = GetConfig();
     std::atomic<bool> interruptDummy(false);
 
     connman->ClearBanned();
     CAddress addr1(ip(0xa0b0c001), NODE_NONE);
     CNode dummyNode1(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr1, 0, 0,
                      CAddress(), "", true);
     dummyNode1.SetSendVersion(PROTOCOL_VERSION);
     peerLogic->InitializeNode(config, &dummyNode1);
     dummyNode1.nVersion = 1;
     dummyNode1.fSuccessfullyConnected = true;
     {
         LOCK(cs_main);
         // Should get banned.
         Misbehaving(dummyNode1.GetId(), 100, "");
     }
-    LOCK(dummyNode1.cs_sendProcessing);
-    peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    {
+        LOCK2(cs_main, dummyNode1.cs_sendProcessing);
+        peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    }
     BOOST_CHECK(connman->IsBanned(addr1));
     // Different IP, not banned.
     BOOST_CHECK(!connman->IsBanned(ip(0xa0b0c001 | 0x0000ff00)));
 
     CAddress addr2(ip(0xa0b0c002), NODE_NONE);
     CNode dummyNode2(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr2, 1, 1,
                      CAddress(), "", true);
     dummyNode2.SetSendVersion(PROTOCOL_VERSION);
     peerLogic->InitializeNode(config, &dummyNode2);
     dummyNode2.nVersion = 1;
     dummyNode2.fSuccessfullyConnected = true;
     {
         LOCK(cs_main);
         Misbehaving(dummyNode2.GetId(), 50, "");
     }
-    LOCK(dummyNode2.cs_sendProcessing);
-    peerLogic->SendMessages(config, &dummyNode2, interruptDummy);
+    {
+        LOCK2(cs_main, dummyNode2.cs_sendProcessing);
+        peerLogic->SendMessages(config, &dummyNode2, interruptDummy);
+    }
     // 2 not banned yet...
     BOOST_CHECK(!connman->IsBanned(addr2));
     // ... but 1 still should be.
     BOOST_CHECK(connman->IsBanned(addr1));
     {
         LOCK(cs_main);
         Misbehaving(dummyNode2.GetId(), 50, "");
     }
-    peerLogic->SendMessages(config, &dummyNode2, interruptDummy);
+    {
+        LOCK2(cs_main, dummyNode2.cs_sendProcessing);
+        peerLogic->SendMessages(config, &dummyNode2, interruptDummy);
+    }
     BOOST_CHECK(connman->IsBanned(addr2));
 
     bool dummy;
     peerLogic->FinalizeNode(config, dummyNode1.GetId(), dummy);
     peerLogic->FinalizeNode(config, dummyNode2.GetId(), dummy);
 }
 
 BOOST_AUTO_TEST_CASE(DoS_banscore) {
     const Config &config = GetConfig();
     std::atomic<bool> interruptDummy(false);
 
     connman->ClearBanned();
     // because 11 is my favorite number.
     gArgs.ForceSetArg("-banscore", "111");
     CAddress addr1(ip(0xa0b0c001), NODE_NONE);
     CNode dummyNode1(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr1, 3, 1,
                      CAddress(), "", true);
     dummyNode1.SetSendVersion(PROTOCOL_VERSION);
     peerLogic->InitializeNode(config, &dummyNode1);
     dummyNode1.nVersion = 1;
     dummyNode1.fSuccessfullyConnected = true;
     {
         LOCK(cs_main);
         Misbehaving(dummyNode1.GetId(), 100, "");
     }
-    LOCK(dummyNode1.cs_sendProcessing);
-    peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    {
+        LOCK2(cs_main, dummyNode1.cs_sendProcessing);
+        peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    }
     BOOST_CHECK(!connman->IsBanned(addr1));
     {
         LOCK(cs_main);
         Misbehaving(dummyNode1.GetId(), 10, "");
     }
     peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
     BOOST_CHECK(!connman->IsBanned(addr1));
     {
         LOCK(cs_main);
         Misbehaving(dummyNode1.GetId(), 1, "");
     }
-    peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    {
+        LOCK2(cs_main, dummyNode1.cs_sendProcessing);
+        peerLogic->SendMessages(config, &dummyNode1, interruptDummy);
+    }
     BOOST_CHECK(connman->IsBanned(addr1));
     gArgs.ForceSetArg("-banscore", std::to_string(DEFAULT_BANSCORE_THRESHOLD));
 
     bool dummy;
     peerLogic->FinalizeNode(config, dummyNode1.GetId(), dummy);
 }
 
 BOOST_AUTO_TEST_CASE(DoS_bantime) {
     const Config &config = GetConfig();
     std::atomic<bool> interruptDummy(false);
 
     connman->ClearBanned();
     int64_t nStartTime = GetTime();
     // Overrides future calls to GetTime()
     SetMockTime(nStartTime);
 
     CAddress addr(ip(0xa0b0c001), NODE_NONE);
     CNode dummyNode(id++, NODE_NETWORK, 0, INVALID_SOCKET, addr, 4, 4,
                     CAddress(), "", true);
     dummyNode.SetSendVersion(PROTOCOL_VERSION);
     peerLogic->InitializeNode(config, &dummyNode);
     dummyNode.nVersion = 1;
     dummyNode.fSuccessfullyConnected = true;
 
     {
         LOCK(cs_main);
         Misbehaving(dummyNode.GetId(), 100, "");
     }
-    LOCK(dummyNode.cs_sendProcessing);
-    peerLogic->SendMessages(config, &dummyNode, interruptDummy);
+    {
+        LOCK2(cs_main, dummyNode.cs_sendProcessing);
+        peerLogic->SendMessages(config, &dummyNode, interruptDummy);
+    }
     BOOST_CHECK(connman->IsBanned(addr));
 
     SetMockTime(nStartTime + 60 * 60);
     BOOST_CHECK(connman->IsBanned(addr));
 
     SetMockTime(nStartTime + 60 * 60 * 24 + 1);
     BOOST_CHECK(!connman->IsBanned(addr));
 
     bool dummy;
     peerLogic->FinalizeNode(config, dummyNode.GetId(), dummy);
 }
 
 static CTransactionRef RandomOrphan() {
     std::map<uint256, COrphanTx>::iterator it;
     LOCK(cs_main);
     it = mapOrphanTransactions.lower_bound(InsecureRand256());
     if (it == mapOrphanTransactions.end()) {
         it = mapOrphanTransactions.begin();
     }
     return it->second.tx;
 }
 
 BOOST_AUTO_TEST_CASE(DoS_mapOrphans) {
     CKey key;
     key.MakeNewKey(true);
     CBasicKeyStore keystore;
     keystore.AddKey(key);
 
     // 50 orphan transactions:
     for (int i = 0; i < 50; i++) {
         CMutableTransaction tx;
         tx.vin.resize(1);
         tx.vin[0].prevout = COutPoint(InsecureRand256(), 0);
         tx.vin[0].scriptSig << OP_1;
         tx.vout.resize(1);
         tx.vout[0].nValue = 1 * CENT;
         tx.vout[0].scriptPubKey =
             GetScriptForDestination(key.GetPubKey().GetID());
 
         AddOrphanTx(MakeTransactionRef(tx), i);
     }
 
     // ... and 50 that depend on other orphans:
     for (int i = 0; i < 50; i++) {
         CTransactionRef txPrev = RandomOrphan();
 
         CMutableTransaction tx;
         tx.vin.resize(1);
         tx.vin[0].prevout = COutPoint(txPrev->GetId(), 0);
         tx.vout.resize(1);
         tx.vout[0].nValue = 1 * CENT;
         tx.vout[0].scriptPubKey =
             GetScriptForDestination(key.GetPubKey().GetID());
         SignSignature(keystore, *txPrev, tx, 0, SigHashType());
 
         AddOrphanTx(MakeTransactionRef(tx), i);
     }
 
     // This really-big orphan should be ignored:
     for (int i = 0; i < 10; i++) {
         CTransactionRef txPrev = RandomOrphan();
 
         CMutableTransaction tx;
         tx.vout.resize(1);
         tx.vout[0].nValue = 1 * CENT;
         tx.vout[0].scriptPubKey =
             GetScriptForDestination(key.GetPubKey().GetID());
         tx.vin.resize(2777);
         for (size_t j = 0; j < tx.vin.size(); j++) {
             tx.vin[j].prevout = COutPoint(txPrev->GetId(), j);
         }
         SignSignature(keystore, *txPrev, tx, 0, SigHashType());
         // Re-use same signature for other inputs
         // (they don't have to be valid for this test)
         for (unsigned int j = 1; j < tx.vin.size(); j++)
             tx.vin[j].scriptSig = tx.vin[0].scriptSig;
 
         BOOST_CHECK(!AddOrphanTx(MakeTransactionRef(tx), i));
     }
 
     LOCK(cs_main);
     // Test EraseOrphansFor:
     for (NodeId i = 0; i < 3; i++) {
         size_t sizeBefore = mapOrphanTransactions.size();
         EraseOrphansFor(i);
         BOOST_CHECK(mapOrphanTransactions.size() < sizeBefore);
     }
 
     // Test LimitOrphanTxSize() function:
     LimitOrphanTxSize(40);
     BOOST_CHECK(mapOrphanTransactions.size() <= 40);
     LimitOrphanTxSize(10);
     BOOST_CHECK(mapOrphanTransactions.size() <= 10);
     LimitOrphanTxSize(0);
     BOOST_CHECK(mapOrphanTransactions.empty());
 }
 
 BOOST_AUTO_TEST_SUITE_END()