Tested on m-c revision 66e4d53697c2: A fallible allocation (nsTHashTable), possibly in the nsXBLDocumentInfo constructor, causes the following warning and crash later: WARNING: NS_ENSURE_TRUE(mDocumentTable.IsInitialized() || mDocumentTable.Init(16)) failed: file /srv/repos/browser/mozilla-central/content/xbl/src/nsBindingManager.cpp, line 1108 [New Thread 0x2aaac2e31700 (LWP 63400)] Program received signal SIGSEGV, Segmentation fault. DocumentURI (this=0x3209fb0) at /srv/repos/browser/mozilla-central/content/xbl/src/nsXBLDocumentInfo.h:65 65 nsIURI* DocumentURI() { return mDocument->GetDocumentURI(); } #0 DocumentURI (this=0x3209fb0) at /srv/repos/browser/mozilla-central/content/xbl/src/nsXBLDocumentInfo.h:65 #1 nsXBLPrototypeBinding::Init (this=0x3210cc0, aID=..., aInfo=0x3209fb0, aElement=0x320fbc0, aFirstBinding=<optimized out>) at /srv/repos/browser/mozilla-central/content/xbl/src/nsXBLPrototypeBinding.cpp:339 #2 0x00002aaaaca750d2 in nsXBLContentSink::ConstructBinding (this=0x31f97e0, aLineNumber=<optimized out>) at /srv/repos/browser/mozilla-central/content/xbl/src/nsXBLContentSink.cpp:577 #3 0x00002aaaac5e379a in nsExpatDriver::HandleStartElement (this=0x3206d80, aValue=0x3209d90, aAtts=0x3207210) at /srv/repos/browser/mozilla-central/parser/htmlparser/src/nsExpatDriver.cpp:411 #4 0x00002aaaac5fc672 in doContent (parser=0x3206e60, startTagLevel=0, enc=0x2aaaae1de320, s=0x3205a86 "<", end=0x3206596 "", nextPtr=<optimized out>, haveMore=1 '\001') at /srv/repos/browser/mozilla-central/parser/expat/lib/xmlparse.c:2413 #5 0x00002aaaac5fce78 in contentProcessor (parser=0x3206e60, start=<optimized out>, end=<optimized out>, endPtr=<optimized out>) at /srv/repos/browser/mozilla-central/parser/expat/lib/xmlparse.c:2043 #6 0x00002aaaac5fa77f in doProlog (parser=0x3206e60, enc=<optimized out>, s=0x32058fe "<", end=0x3206596 "", tok=29, next=0x32058fe "<", nextPtr=0x7fffffff8f38, haveMore=1 '\001') at /srv/repos/browser/mozilla-central/parser/expat/lib/xmlparse.c:4024 #7 0x00002aaaac5fba9f in prologProcessor (parser=0x3206e60, s=0x32058d0 "<", end=0x3206596 "", nextPtr=0x7fffffff8f38) at /srv/repos/browser/mozilla-central/parser/expat/lib/xmlparse.c:3758 The backtrace of the failing allocation is as follows: #0 /srv/repos/browser/mozilla-central/objdir-ff-gcc64dbg/dist/bin/libmozalloc.so(moz_malloc+0x5f) [0x2aaaaab2415c] (aab2415c) #1 PL_DHashTableInit at objdir-ff-gcc64dbg/xpcom/build/pldhash.cpp:270 #2 nsTHashtable<nsBaseHashtableET<nsURIHashKey, nsRefPtr<nsXBLDocumentInfo> > >::Init(unsigned int) at objdir-ff-gcc64dbg/dist/include/nsTHashtable.h:425 #3 nsXBLContentSink::OnOpenContainer(unsigned short const**, unsigned int, int, nsIAtom*, unsigned int) at content/xbl/src/nsXBLContentSink.cpp:436 #4 nsXMLContentSink::HandleStartElement(unsigned short const*, unsigned short const**, unsigned int, int, unsigned int, bool) at content/xml/document/src/nsXMLContentSink.cpp:1018 #5 nsXMLContentSink::HandleStartElement(unsigned short const*, unsigned short const**, unsigned int, int, unsigned int) at content/xml/document/src/nsXMLContentSink.cpp:984 #6 nsXBLContentSink::HandleStartElement(unsigned short const*, unsigned short const**, unsigned int, int, unsigned int) at content/xbl/src/nsXBLContentSink.cpp:293 #7 nsExpatDriver::HandleStartElement(unsigned short const*, unsigned short const**) at parser/htmlparser/src/nsExpatDriver.cpp:412 #8 doContent at parser/expat/lib/xmlparse.c:2387 #9 contentProcessor at parser/expat/lib/xmlparse.c:2045 #10 doProlog at parser/expat/lib/xmlparse.c:4024 #11 prologProcessor at parser/expat/lib/xmlparse.c:3760 #12 MOZ_XML_Parse at parser/expat/lib/xmlparse.c:1522 #13 nsExpatDriver::ParseBuffer(unsigned short const*, unsigned int, bool, unsigned int*) at parser/htmlparser/src/nsExpatDriver.cpp:1011 #14 nsExpatDriver::ConsumeToken(nsScanner&, bool&) at parser/htmlparser/src/nsExpatDriver.cpp:1107 #15 nsParser::Tokenize(bool) at parser/htmlparser/src/nsParser.cpp:2277 The allocation backtrace misses some frames between #2 and #3 it seems (due to optimization), but I assume it's NS_NewXBLDocumentInfo calling the nsXBLDocumentInfo which involves some hashtables being created. If the optimization is causing problems here, let me know and I'll repeat the whole experiment with a debug-only build (I actually noticed only after the experiment that it's a debug+opt build).

Closing because no crash reported since 12 weeks.

Closing because no crash reported since 12 weeks.