[Qt] Do you want to rebuild the block database now? No -> crash #3136

issue Diapolo openend this issue on October 23, 2013
  1. Diapolo commented at 1:30 pm on October 23, 2013: none

    I’m using -txindex in my normal environment, when using payment requests without the client running, the client is started without any parameters and detects the missing -txindex and asks me Do you want to rebuild the block database now? answering no here crashes the client.

    https://github.com/bitcoin/bitcoin/blob/master/src/init.cpp#L834 @sipa Can you check that part of the code, as most of it was done by you :).

    Edit: Error is on Win7 x64 and it’s a BEX (Buffer Overflow Exception).

  2. laanwj commented at 7:07 am on October 28, 2013: member
    I can’t reproduce this (on linux). I’ve had a problem with my testnet wallet so needed to rebuild a few times yesterday. When I clicked “abort” there was no crash. I’m not using -txindex though.
  3. Diapolo commented at 7:15 am on October 28, 2013: none
    Perhaps you can give it a try with -txindex then?
  4. Diapolo commented at 8:21 pm on November 14, 2013: none

    I tried to debug this, but failed badly… I get a segfault related to path.hpp, which is from Boost filesystem. This happens after 2013-11-14 20:09:45 Shutdown : done. I just see that the object contains the correct path to my testnet3 datadir and is unrelated to our datadir caching (as I disabled it for testing purposes).

    Perhaps there is some global that get’s destructed after everything is already shutdown, dunno yet… @laanwj Any idea how I can nail this down further?

    Edit: I’m going to try Boost 1.55.0 tomorrow and see if that helps ;).

  5. laanwj commented at 11:33 am on November 15, 2013: member

    Yes that’s probably an destruction order problem, do you get a traceback?

    Otherwise I don’t know a good way to debug it except for selectively commenting out code.

  6. laanwj commented at 12:23 pm on January 17, 2014: member
    I wonder if this also happens with gitian builds.
  7. laanwj added the label Bug on May 2, 2014
  8. laanwj commented at 7:46 am on May 2, 2014: member
    Does this still happen with current master?
  9. laanwj added the label Windows on May 2, 2014
  10. Diapolo commented at 7:53 am on May 2, 2014: none

    Tested a minute ago, yes still happens with 0.9.1.

  11. Diapolo commented at 10:26 am on September 10, 2014: none

    I found out that this code in path.hpp causes the segfault:

    This line causes it: DbEnv(0).remove(path.string().c_str(), 0); https://github.com/bitcoin/bitcoin/blob/master/src/db.cpp#L49

    I was able to prevent the crash by not using a boost::path there, but add a std::string to the class, init that with path.string() at the beginning and use that in the above call. @laanwj Any idea for this? A use-after-free or something like that?

  12. laanwj commented at 11:58 am on September 10, 2014: member

    This is yet another shutdown order issue.

    CDbEnv ideally shouldn’t be a global object that has the lifetime of the program. I remember this also came up for testing by @SergioDemianLerner #4688.

  13. dexX7 commented at 8:52 pm on March 10, 2015: contributor

    I tested this on Windows 8.1 x64 and Windows 10 TP with the 0.9, 0.10 releases, as well as the master branch (build via Gitian route).

    To reproduce:

    1. Start bitcoin-qt.exe, pointing to a new datadir (-datadir=xxx, -choosedatadir)
    2. Shutdown the client
    3. Start bitcoin-qt.exe -txindex=1
    4. Decline to rebuild index
    5. Crash

    A similar event can be triggered and observed, when executing bitcoind.exe without rpcuser and rpcpassword defined, which also results in an application crash.

    FWIW, I uploaded the crash report, including error dump files: http://bitwatch.co/uploads/AppCrash_bitcoin-qt_w10x64.zip (1.414 KB)

    Running Process Monitor hints a buffer overflow during the shutdown:

    bufferoverflow

    This error does not occure, when using -disablewallet or a wallet-less build.

  14. dexX7 commented at 11:42 am on March 21, 2015: contributor

    As follow up: it’s a memory access violation and I sort-of debugged it on an assembler level, where I saw that the crash occured when jumping to 0xFEEEFEEE + x, which indicates previously freed memory on Windows.

    The hint about const std::string string() const { return string(codecvt()); } was golden, as this indeed pointed to root cause. Boost path uses a static initialized pointer internally, which appears to be deinitialized during shutdown, but if this is not done by the main thread, the pointer appears to be already deinitialized, even though there is still an attempted access later. An appearingly working solution was to force the initialization by the main thread.

  15. jonasschnelli commented at 2:51 pm on March 21, 2015: contributor
    Tested with #5877 on top of current master (https://builds.jonasschnelli.ch/pulls/5877/) on Windows 7. Crash no longer happens. Testes also current master on same Window 7 instance and could reproduce the reindex->abort crash.
  16. laanwj commented at 7:32 am on March 24, 2015: member
    Thanks a lot for testing @jonaschnelli! Closing this.
  17. laanwj closed this on Mar 24, 2015
  18. Diapolo commented at 5:45 am on June 15, 2015: none
    @laanwj This needs to be reopened, as the bug was reintroduced or is at least still present! I’m going for a much simpler fix and will open a pull in a few minutes.
  19. Diapolo commented at 5:50 am on June 15, 2015: none
    See #6282
  20. laanwj referenced this in commit daf956b7b1 on Jun 23, 2015
  21. dexX7 referenced this in commit f146bfc29c on Jul 7, 2015
  22. Bushstar referenced this in commit e0c56246f5 on Apr 8, 2020
  23. DrahtBot locked this on Sep 8, 2021


Diapolo laanwj dexX7 jonasschnelli

Labels
Bug Windows

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-04 19:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me