Bug 706925

Summary:	/usr/lib64/nspluginwrapper/npviewer.bin: Program terminated with signal 8, Arithmetic exception.
Product:	[Fedora] Fedora	Reporter:	Tom London <selinux>
Component:	nspluginwrapper	Assignee:	Martin Stransky <stransky>
Status:	CLOSED INSUFFICIENT_DATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	rawhide	CC:	caillon, mcepl, stransky
Target Milestone:	---	Keywords:	Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-12-06 14:49:10 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Tom London 2011-05-23 13:45:55 UTC

Description of problem:
I'm seeing this core dump regularly on my Rawhide system:

[root@tlondon ~]# grep npviewer.bin /var/log/messages
May 22 09:51:45 tlondon kernel: [ 3094.896392] npviewer.bin[2295] trap divide error ip:3fc2631efb sp:7fff8d905400 error:0 in libglib-2.0.so.0.2904.0[3fc2600000+117000]
May 22 09:51:46 tlondon abrt[5042]: saved core dump of pid 2295 (/usr/lib64/nspluginwrapper/npviewer.bin) to /var/spool/abrt/ccpp-2011-05-22-09:51:46-2295.new/coredump (2166784 bytes)
May 22 12:00:53 tlondon kernel: [ 6274.229085] npviewer.bin[2301] trap divide error ip:3fc2631efb sp:7fffaf306230 error:0 in libglib-2.0.so.0.2904.0[3fc2600000+117000]
[root@tlondon ~]# 

What more info can I provide?

Loaded symbols for /lib64/libfreebl3.so
Core was generated by `/usr/lib64/nspluginwrapper/npviewer.bin --plugin /usr/lib64/mozilla/plugins/lib'.
Program terminated with signal 8, Arithmetic exception.
#0  0x0000003fc2631efb in g_hash_table_lookup_node (hash_return=read_sleb128: Corrupted DWARF expression.
)
    at ghash.c:363
363	  node_index = hash_value % hash_table->mod;
Missing separate debuginfos, use: debuginfo-install google-talkplugin-2.0.6.0-1.x86_64
(gdb) set pagination off
(gdb) bt full
#0  0x0000003fc2631efb in g_hash_table_lookup_node (hash_return=read_sleb128: Corrupted DWARF expression.
) at ghash.c:363
        hash_value = 23226864
        have_tombstone = 0
        step = 0
        node_index = <optimized out>
        first_tombstone = 0
#1  g_hash_table_remove_internal (hash_table=Traceback (most recent call last):
  File "/usr/share/glib-2.0/gdb/glib.py", line 123, in children
    return self._iterator(self.val, self.keys_are_strings)
  File "/usr/share/glib-2.0/gdb/glib.py", line 79, in __init__
    self.array = ht["nodes"]
gdb.error: There is no member named nodes.
0x1621800, key=0x16269f0, notify=1) at ghash.c:1089
        node_hash = 23226864
#2  0x00000000004061b9 in g_NPN_ReleaseObject (npobj=0x16269f0) at ../src/npw-viewer.c:2011
        plugin = <optimized out>
        refcount = 0
#3  0x0000000000414d5f in npobject_destroy_stub_obj (stub=0x16355a0) at ../src/npruntime.c:108
No locals.
#4  0x0000000000414df0 in npclass_handle_Deallocate (connection=0x1622590) at ../src/npruntime.c:269
        id = <optimized out>
        error = <optimized out>
        stub = <optimized out>
#5  0x000000000041211f in _rpc_dispatch_1 (connection=0x1622590, message=0x7fffaf306490) at ../src/rpc.c:1591
        method = 78
        error = <optimized out>
        msg_tag = -3002
        callback = <optimized out>
#6  0x000000000041232a in _rpc_dispatch (message=0x7fffaf306490, connection=0x1622590) at ../src/rpc.c:1622
        ret = <optimized out>
#7  _rpc_dispatch_until (connection=0x1622590, message=0x7fffaf306490, expected_msg_tag=-3008) at ../src/rpc.c:1645
        msg_tag = -3000
        error = <optimized out>
        __PRETTY_FUNCTION__ = "_rpc_dispatch_until"
#8  0x0000000000413998 in rpc_sync (connection=0x1622590) at ../src/rpc.c:1788
        message = {types = 0x16253c0, socket = 12, offset = 0, buffer = "\377\377\364B\000\000\000\000\064\066A", '\000' <repeats 13 times>, "\032e0\257H\364\377\377\300Sb\001\000\000\000\000\f\000\000\000\000\000\000\000\000x\\\001\000\000\000\000\270\024[\001", '\000' <repeats 12 times>, "_[$\304?\000\000\000@M^\001\000\000\000\000\000x\\\001\000\000\000\000\"\000`\003\000\000\000\000!\000`\003\000\000\000\000\000x\\\001\000\000\000\000Om$\304?\000\000\000\000x\\\001\000\000\000\000\324N`\306?\000\000\000\001\001\001\257\377\177\000\000\000\000\000\000\000\000\000\000\260K^\001\000\000\000\000@^c\001\000\000\000\000P\\c\001\000\000\000\000@^c\001\000\000\000\000\002\000\000\000\000\000\000\000\000x\\\001\000\000\000\000\003\000\000\000\000\000\000\000\"\000`\003\000\000\000\000"...}
        __PRETTY_FUNCTION__ = "rpc_sync"
        error = <optimized out>
        timer = 0x1625e80
#9  0x0000000000404256 in do_main (connection_path=0x7fffaf30a536 "/org/wrapper/NSPlugins/libnpgoogletalk64.so/2287-1/419039764", argv=0x7fffaf3086a8, argc=1) at ../src/npw-viewer.c:4973
        max_priority = 0
        timeout = 0
        needed_fds = 2
        ready = <optimized out>
        ret = <optimized out>
        fds = 0x1625d20
        context = 0x15de2b0
        vtable = {{id = 2, callback = 0x406450 <handle_NP_GetMIMEDescription>}, {id = 1, callback = 0x407220 <handle_NP_GetValue>}, {id = 3, callback = 0x4079f0 <handle_NP_Initialize>}, {id = 4, callback = 0x406060 <handle_NP_Shutdown>}, {id = 30, callback = 0x405850 <handle_NPP_New>}, {id = 31, callback = 0x40c680 <handle_NPP_Destroy>}, {id = 34, callback = 0x406fb0 <handle_NPP_GetValue>}, {id = 32, callback = 0x40be10 <handle_NPP_SetWindow>}, {id = 36, callback = 0x4050c0 <handle_NPP_URLNotify>}, {id = 37, callback = 0x4053a0 <handle_NPP_NewStream>}, {id = 38, callback = 0x405210 <handle_NPP_DestroyStream>}, {id = 39, callback = 0x4049f0 <handle_NPP_WriteReady>}, {id = 40, callback = 0x404850 <handle_NPP_Write>}, {id = 41, callback = 0x404730 <handle_NPP_StreamAsFile>}, {id = 42, callback = 0x4065b0 <handle_NPP_Print>}, {id = 33, callback = 0x404cd0 <handle_NPP_HandleEvent>}, {id = 46, callback = 0x404b80 <handle_NPP_ClearSiteData>}, {id = 47, callback = 0x404600 <handle_NPP_GetSitesWithData>}}
        nfds = 3
#10 main (argc=<optimized out>, argv=<optimized out>) at ../src/npw-viewer.c:5155
        plugin_path = <optimized out>
        connection_path = 0x7fffaf30a536 "/org/wrapper/NSPlugins/libnpgoogletalk64.so/2287-1/419039764"
        cmd = <optimized out>
        handles = {0x1595120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}
        n_handles = 1
        ret = 1
(gdb) 


Version-Release number of selected component (if applicable):
nspluginwrapper-1.4.0-1.fc16.x86_64
nspluginwrapper-1.4.0-1.fc16.i686
firefox-4.0.1-2.fc16.x86_64
glibc-2.13.90-13.x86_64
glibc-2.13.90-13.i686
glib2-2.29.4-1.fc16.x86_64
glib2-2.29.4-1.fc16.i686

How reproducible:
Just about every boot; not sure when it happens....

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tom London 2011-05-25 13:36:27 UTC

More on this:

Noticed on all the stack traces that 'libnpgoogletalk64.so' was present.

I disabled the 2 google-talk plugins, and no longer get crash on shutdown.

Comment 2 Matěj Cepl 2011-06-23 14:52:29 UTC

Just wonder whether it is not a bug in Google Talk plugin.

Comment 3 Martin Stransky 2011-10-21 14:16:31 UTC

Can you provide any reproduction steps?