Crashes with > [@ libxul.so@0x1e775c3 | libxul.so@0x1e8ce92 | nsAbsoluteContainingBlock::Reflow ] start with today's build 20170716100258 on Linux and they all have > layout.css.servo.enabled":true in the Metadata tab: https://crash-stats.mozilla.com/signature/?product=Firefox&signature=libxul.so%400x1e775c3%20%7C%20libxul.so%400x1e8ce92%20%7C%20nsAbsoluteContainingBlock%3A%3AReflow&date=%3E%3D2017-06-16T15%3A34%3A25.000Z&date=%3C2017-07-16T15%3A34%3A25.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports -> the most have "APZ" their crash: mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent bug 1371450 landed in this build. I (partially) mentioned this earlier in bug 1379218 comment 3 because I thought this is similar. Personally, I had a tab crash on twitter.com bp-64183507-ce38-4fa4-8d38-aa72f0170716 but this one doesn't mention APZ like the others.

I believe this, bug 1379218, and bug 1380125, maybe more frame constructor crashes, have the same root cause, which is that absolute frame can sometimes be used after free. I haven't had any clue for why this happens, and only happens for stylo...

Getting this on youtube.

The stack has also PresShell::HandleEvent.

There have been 38 nsAbsoluteContainingBlock::Reflow crashes over the last three days from about 11 different users (unique install times). All 38 crashes were on Linux!

I will care this.

All crashes with this signature were only with build 20170716100258 (build 2017-07-16).

I am also guessing this crash fixed by bug 1371450.