Opened 9 years ago

Closed 9 years ago

Last modified 6 years ago

#5564 closed Bug report (fixed)

Crash when transferring file from sftp site

Reported by: Vincent Fortier Owned by:
Priority: blocker Component: FileZilla Client
Keywords: crash sftp transfer Cc:
Component version: Operating system type: Linux
Operating system version: Fedora 13

Description

See also: https://bugzilla.redhat.com/show_bug.cgi?id=626012

Core was generated by `filezilla'.
Program terminated with signal 11, Segmentation fault.
#0 0x00000030e1be6160 in gtk_dnd_window_configure_callback
(source=0x7fff89656b00) at src/gtk/dnd.cpp:736
736 source->GiveFeedback( ConvertFromGTK(source->m_dragContext->action)
);
Missing separate debuginfos, use: debuginfo-install
PackageKit-gtk-module-0.6.6-1.fc13.x86_64 SDL-1.2.14-8.fc13.x86_64
dbus-glib-0.86-4.fc13.x86_64 expat-2.0.1-10.fc13.x86_64
gtk2-engines-2.20.1-1.fc13.x86_64 gvfs-1.6.2-1.fc13.x86_64
ibus-gtk-1.3.6-1.fc13.x86_64 ibus-libs-1.3.6-1.fc13.x86_64
libICE-1.0.6-2.fc13.x86_64 libSM-1.1.0-7.fc12.x86_64 libX11-1.3.1-3.fc13.x86_64
libXau-1.0.5-1.fc12.x86_64 libXcomposite-0.4.1-2.fc13.x86_64
libXcursor-1.1.10-4.fc13.x86_64 libXdamage-1.1.2-2.fc13.x86_64
libXext-1.1.2-2.fc13.x86_64 libXfixes-4.0.4-2.fc13.x86_64
libXi-1.3.2-1.fc13.x86_64 libXinerama-1.1-2.fc13.x86_64
libXrandr-1.3.0-5.fc13.x86_64 libXrender-0.9.5-1.fc13.x86_64
libXxf86vm-1.1.0-1.fc13.x86_64 libcanberra-0.24-1.fc13.x86_64
libcanberra-gtk2-0.24-1.fc13.x86_64 libgcrypt-1.4.5-4.fc13.x86_64
libgpg-error-1.7-1.fc13.x86_64 libjpeg-6b-46.fc12.x86_64
libogg-1.2.0-1.fc13.x86_64 libpng-1.2.44-1.fc13.x86_64
libselinux-2.0.90-5.fc13.x86_64 libtasn1-2.4-2.fc13.x86_64
libtdb-1.2.1-2.fc13.x86_64 libtiff-3.9.4-1.fc13.x86_64
libtool-ltdl-2.2.6-20.fc13.x86_64 libudev-153-3.fc13.x86_64
libuuid-2.17.2-8.fc13.x86_64 libvorbis-1.3.1-1.fc13.x86_64
libxcb-1.5-1.fc13.x86_64 nss-mdns-0.10-8.fc12.x86_64
pixman-0.18.0-1.fc13.x86_64 zlib-1.2.3-23.fc12.x86_64
(gdb) bt
#0 0x00000030e1be6160 in gtk_dnd_window_configure_callback
(source=0x7fff89656b00) at src/gtk/dnd.cpp:736
#1 0x00000030dfd51003 in _gtk_marshal_BOOLEANBOXED (closure=0x2668220,
return_value=0x7fff89657280, n_param_values=<value optimized out>,

param_values=0x24bcd50, invocation_hint=<value optimized out>,

marshal_data=<value optimized out>) at gtkmarshalers.c:84
#2 0x0000003e9460b98e in IAg_closure_invoke (closure=0x2668220,
return_value=0x7fff89657280, n_param_values=2, param_values=0x24bcd50,

invocation_hint=0x7fff89657240) at gclosure.c:767

#3 0x0000003e9461f947 in signal_emit_unlocked_R (node=<value optimized out>,
detail=0, instance=0x25161f0, emission_return=0x7fff896573d0,

instance_and_params=0x24bcd50) at gsignal.c:3248

#4 0x0000003e94620c29 in IAg_signal_emit_valist (instance=<value optimized
out>, signal_id=<value optimized out>, detail=<value optimized out>,

var_args=0x7fff89657430) at gsignal.c:2991

#5 0x0000003e946213a3 in IAg_signal_emit (instance=<value optimized out>,
signal_id=<value optimized out>, detail=<value optimized out>)

at gsignal.c:3038

#6 0x00000030dfe8190f in gtk_widget_event_internal (widget=0x25161f0,
event=0x24a8d50) at gtkwidget.c:4958
#7 0x00000030dfd4916d in IAgtk_main_do_event (event=0x24a8d50) at
gtkmain.c:1601
#8 0x00000030df86039c in gdk_event_dispatch (source=<value optimized out>,
callback=<value optimized out>, user_data=<value optimized out>)

at gdkevents-x11.c:2372

#9 0x0000003e92a3bd02 in g_main_dispatch (context=0x1d74920) at gmain.c:1960
#10 IAg_main_context_dispatch (context=0x1d74920) at gmain.c:2513
#11 0x0000003e92a3fae8 in g_main_context_iterate (context=0x1d74920, block=1,
dispatch=1, self=<value optimized out>) at gmain.c:2591
#12 0x0000003e92a3fff5 in IA
g_main_loop_run (loop=0x23d0960) at gmain.c:2799
#13 0x00000030dfd493c7 in IAgtk_main () at gtkmain.c:1219
#14 0x00000030e1be7838 in wxEventLoop::Run (this=<value optimized out>) at
src/gtk/evtloop.cpp:76
#15 0x00000030e1c61deb in wxAppBase::MainLoop (this=0x1d76140) at
src/common/appcmn.cpp:312
#16 0x000000300ea963a5 in wxEntry (argc=<value optimized out>, argv=<value
optimized out>) at src/common/init.cpp:448
#17 0x00000000004812e4 in main (argc=1, argv=0x7fff89657928) at
locale_initializer.cpp:83

Change History (10)

comment:1 Changed 9 years ago by Tim Kosse

Status: newmoreinfo

Which version of wxWidgets are you using?

comment:2 Changed 9 years ago by Vincent Fortier

Status: moreinfonew

I'd presume wxWidget is part of one of theses:
[th0ma7@gustav ~]$ rpm -qa | grep -i wx
wxGTK-gl-2.8.11-1.fc13.x86_64
wxGTK-2.8.11-1.fc13.x86_64
wxBase-2.8.11-1.fc13.x86_64
wxGTK-debuginfo-2.8.11-1.fc13.x86_64

comment:3 Changed 9 years ago by Tim Kosse

Status: newmoreinfo

Unfortunately I am unable to reproduce this problem.

Can you please describe the exact steps necessary to reproduce this problem? What precisely are you doing, what else is happening in the meantime?

Please run FileZilla in gdb. Once it crashes, please enter the following two commands and post the output here:
p source
p source->m_dragContext

comment:4 Changed 9 years ago by Vincent Fortier

Status: moreinfonew

How to reproduce:
1- Created a site entry in the site manager. The site is using FTPES with explicit TLS/SSL.
2- Connect to site using the site manager.
3- Once connected simply drag and drop a directory from ftp source to local directory (right to left)
4- crash occurs before anything actually happens (no directory change, no local directory creation, nothing)

Important note: If instead I use the right button menu and select "download" it actually works. This mainly looks like a drag&drop widget problem?

Here is the gdb output:
[th0ma7@gustav ~]$ gdb filezilla
GNU gdb (GDB) Fedora (7.1-33.fc13)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/filezilla...Reading symbols from /usr/lib/debug/usr/bin/filezilla.debug...done.
done.
(gdb) run
Starting program: /usr/bin/filezilla
[Thread debugging using libthread_db enabled]
Detaching after fork from child process 2610.
Detaching after fork from child process 2611.
Detaching after fork from child process 2612.
[New Thread 0x7ffff16ab710 (LWP 2613)]
[New Thread 0x7fffebfff710 (LWP 2614)]
[New Thread 0x7fffeb5fe710 (LWP 2616)]
[New Thread 0x7fffeabfd710 (LWP 2617)]
[Thread 0x7fffeabfd710 (LWP 2617) exited]
[New Thread 0x7fffeabfd710 (LWP 2618)]
[Thread 0x7fffeabfd710 (LWP 2618) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00000030e1be6160 in gtk_dnd_window_configure_callback (source=0x7fffffffd2a0) at src/gtk/dnd.cpp:736
736 source->GiveFeedback( ConvertFromGTK(source->m_dragContext->action) );
Missing separate debuginfos, use: debuginfo-install PackageKit-gtk-module-0.6.6-1.fc13.x86_64 SDL-1.2.14-8.fc13.x86_64 dbus-glib-0.86-4.fc13.x86_64 expat-2.0.1-10.fc13.x86_64 gamin-0.1.10-7.fc13.x86_64 gtk2-engines-2.20.1-1.fc13.x86_64 gvfs-1.6.2-1.fc13.x86_64 ibus-gtk-1.3.6-1.fc13.x86_64 ibus-libs-1.3.6-1.fc13.x86_64 libICE-1.0.6-2.fc13.x86_64 libSM-1.1.0-7.fc12.x86_64 libX11-1.3.1-3.fc13.x86_64 libXau-1.0.5-1.fc12.x86_64 libXcomposite-0.4.1-2.fc13.x86_64 libXcursor-1.1.10-4.fc13.x86_64 libXdamage-1.1.2-2.fc13.x86_64 libXext-1.1.2-2.fc13.x86_64 libXfixes-4.0.4-2.fc13.x86_64 libXi-1.3.2-1.fc13.x86_64 libXinerama-1.1-2.fc13.x86_64 libXrandr-1.3.0-5.fc13.x86_64 libXrender-0.9.5-1.fc13.x86_64 libXxf86vm-1.1.0-1.fc13.x86_64 libcanberra-0.24-1.fc13.x86_64 libcanberra-gtk2-0.24-1.fc13.x86_64 libgcrypt-1.4.5-4.fc13.x86_64 libgpg-error-1.7-1.fc13.x86_64 libjpeg-6b-46.fc12.x86_64 libogg-1.2.0-1.fc13.x86_64 libpng-1.2.44-1.fc13.x86_64 libselinux-2.0.90-5.fc13.x86_64 libtasn1-2.4-2.fc13.x86_64 libtdb-1.2.1-2.fc13.x86_64 libtiff-3.9.4-1.fc13.x86_64 libtool-ltdl-2.2.6-20.fc13.x86_64 libudev-153-3.fc13.x86_64 libuuid-2.17.2-8.fc13.x86_64 libvorbis-1.3.1-1.fc13.x86_64 libxcb-1.5-1.fc13.x86_64 nss-mdns-0.10-8.fc12.x86_64 pixman-0.18.0-1.fc13.x86_64 zlib-1.2.3-23.fc12.x86_64
(gdb) p source
$1 = (wxDropSource *) 0x7fffffffd2a0

(gdb) p source->m_dragContext
$2 = (GdkDragContext *) 0x4063800000000000

(gdb) bt
#0 0x00000030e1be6160 in gtk_dnd_window_configure_callback (source=0x7fffffffd2a0) at src/gtk/dnd.cpp:736
#1 0x00000030dfd51003 in _gtk_marshal_BOOLEANBOXED (closure=0x136f960, return_value=0x7fffffffda20, n_param_values=<value optimized out>,

param_values=0x1214490, invocation_hint=<value optimized out>, marshal_data=<value optimized out>) at gtkmarshalers.c:84

#2 0x0000003e9460b98e in IAg_closure_invoke (closure=0x136f960, return_value=0x7fffffffda20, n_param_values=2, param_values=0x1214490,

invocation_hint=0x7fffffffd9e0) at gclosure.c:767

#3 0x0000003e9461f947 in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0x134f8e0, emission_return=0x7fffffffdb70,

instance_and_params=0x1214490) at gsignal.c:3248

#4 0x0000003e94620c29 in IAg_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>,

var_args=0x7fffffffdbd0) at gsignal.c:2991

#5 0x0000003e946213a3 in IAg_signal_emit (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>)

at gsignal.c:3038

#6 0x00000030dfe8190f in gtk_widget_event_internal (widget=0x134f8e0, event=0x123d550) at gtkwidget.c:4958
#7 0x00000030dfd4916d in IAgtk_main_do_event (event=0x123d550) at gtkmain.c:1601
#8 0x00000030df86039c in gdk_event_dispatch (source=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>)

at gdkevents-x11.c:2372

#9 0x0000003e92a3bd02 in g_main_dispatch (context=0xb09920) at gmain.c:1960
#10 IAg_main_context_dispatch (context=0xb09920) at gmain.c:2513
#11 0x0000003e92a3fae8 in g_main_context_iterate (context=0xb09920, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2591
#12 0x0000003e92a3fff5 in IA
g_main_loop_run (loop=0x1164fd0) at gmain.c:2799
#13 0x00000030dfd493c7 in IAgtk_main () at gtkmain.c:1219
#14 0x00000030e1be7838 in wxEventLoop::Run (this=<value optimized out>) at src/gtk/evtloop.cpp:76
#15 0x00000030e1c61deb in wxAppBase::MainLoop (this=0xb0b1a0) at src/common/appcmn.cpp:312
#16 0x000000300ea963a5 in wxEntry (argc=<value optimized out>, argv=<value optimized out>) at src/common/init.cpp:448
#17 0x00000000004812e4 in main (argc=1, argv=0x7fffffffe0c8) at locale_initializer.cpp:83

(gdb) quit
A debugging session is active.

Inferior 1 [process 2607] will be killed.

Quit anyway? (y or n) y

Other clues:
1- If that could be of some help, the filezilla window disapeared only when quitting gdb. I tought the window would have disapeared right when it crashes but prehaps it's a sub-process (fork) that has crashed instead?
2- On my laptop, using same F13 x86_64 it always crashed from the begining. On my desktop it never crashed up to recently where now it always crash.

Don't hesitate if you need more precise gdb output since I can easilly recreate anytime!

comment:5 Changed 9 years ago by Tim Kosse

Status: newmoreinfo

(gdb) p source->m_dragContext
$2 = (GdkDragContext *) 0x 40638000 00000000

That's a non-canonical address. (http://en.wikipedia.org/wiki/X86-64#Virtual_address_space_details), no wonder it segfaults.

I did a fresh installation of Fedora 13, but unfortunately I am still unable to reproduce this problem.

Which desktop environment do you use? Gnome, KDE or something else entirely?

Which GTK theming engine and theme are you using?

Are you using any proprietary device drivers your graphics card or any other hardware component?

comment:6 Changed 9 years ago by Vincent Fortier

Status: moreinfonew

I think we are getting somewhere... I'm using default open source video drivers (nothing from amd/ati or nvidia).

But I've been able to reproduce the problem easilly... by using gnome shell. regular or compiz works without a flaw. With shell it segfault. have'nt tried yet with KDE but i'm pretty sure it will work out. I'll check later.

Hope this helps!

comment:7 Changed 9 years ago by Tim Kosse

Hmpf great. That gnome-shell crap doesn't work with the generic VESA drivers.

Need to find a spare machine to install it on the bare metal outside of a virtual machine.

comment:8 Changed 9 years ago by Tim Kosse

Status: newmoreinfo

I managed to reproduce this problem.

Looking at the "source" argument to the callback in more detail, I see that instead of being an instance of the wxDropSource class, it is an instance of wxCursor, a completely different class.

Which makes me conclude that this is a bug in the Gnome Shell. For some obscure reason, it is calling the configure_event signal with the wrong user-data argument.

Please forward this bug report to the Gnome Shell developers.

comment:9 Changed 9 years ago by Tim Kosse

Status: moreinfonew

Good news, I finally figured it out.

Turned out that after all it is a bug in wxWidgets. It registers a signal with an instance of wxDropSource as user data, but doesn't unregister the signal when done with the drag&drop operation.

Thus, the signal callback could get called with the object having already been destroyed, resulting in the described symptoms.

I will submit a patch upstream momentarily.

comment:10 Changed 9 years ago by Tim Kosse

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.