On Sat, Feb 25, 2012 at 01:07:11AM +0000, Jamie Heilman wrote: > Jamie Heilman wrote: > > I've found this is really easy to reproduce if I use the native webm > > player to playback video, but harder to produce (though it still > > happens) if I use Flashplayer. What typically happens is that > > iceweasel stops responding and consumes a core's worth of CPU. An > > strace of the process reveals infinite and repeated calls to madvise > > for the same addr, same length, and always MADV_DONTNEED which is > > returning -1 and setting errno to EINVAL. Looking through the > > /proc/$pid/smaps file shows the address is the middle of a locked > > range. gdb backtrace of the event using the -dbg packages gave me: > > > > #0 0x00007ffff7407407 in madvise () from /lib/x86_64-linux-gnu/libc.so.6 > > #1 0x00007ffff663169e in ?? () from /usr/lib/xulrunner-10.0/libmozjs.so > > #2 0x00007ffff6628886 in ?? () from /usr/lib/xulrunner-10.0/libmozjs.so > > #3 0x00007ffff6628d51 in ?? () from /usr/lib/xulrunner-10.0/libmozjs.so > > #4 0x00007ffff508d697 in nsJSContext::ScriptEvaluated > > (this=0x7fffe52690a0, > > aTerminated=true) > > at /tmp/buildd/iceweasel-10.0.2/dom/base/nsJSEnvironment.cpp:3122 > > #5 0x00007ffff4f02e79 in nsCxPusher::Pop (this=0x7fffffff8d50) > > at /tmp/buildd/iceweasel-10.0.2/content/base/src/nsContentUtils.cpp:2694 > > ... > > > > Digging around, I suspect the DecommitFreePages function in > > js/src/jsgc.cpp ... which appears to be gone from mozilla central > > already, though I haven't gone and figured out what happened to it > > yet. > > OK, there was a small cleanup with > https://bugzilla.mozilla.org/show_bug.cgi?id=702681 but a deeper > refactor came with https://bugzilla.mozilla.org/show_bug.cgi?id=702251 > and that new DecommitArenasFromAvailableList function looks more sane > than DecommitFreePages did, but there's still no attempt to check > errno in DecommitMemory or figure out why madvise fails, which is > somewhat inconsistent with the: > while (madvise(address, bytes, MADV_DONTNEED) == -1 && errno == EAGAIN) { } > pattern used in yarr, but whatever. 702251 appeared to be fixed in > the aurora branch, so I installed 12.0~a2+20120217042010-1 to see if I > could reproduce the issue, and unfortunately I still could. On the > trunk, the jsgcchunk stuff got generalized with > https://bugzilla.mozilla.org/show_bug.cgi?id=720439 and DecommitMemory > was effectively renamed to MarkPagesUnused but is otherwise the same > as it was. So it doesn't appear like this problem is scheduled to go > away anytime soon. I wish I could get gdb to pick up on the debugging > information for libmozjs, but despite having the -dbg package > installed I just can't seem to get it to do so. (I'd welcome any tips > there.)
Try removing the /usr/lib/xulrunner-*/libmozjs.so symlink. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org