Note: There are a few cases of duplicates in user autocompletion which are being worked on.

stylo: tab crash in [@ libxul.so@0x1e775c3 | libxul.so@0x1e8ce92 | nsAbsoluteContainingBlock::Reflow ]

ASSIGNED
Assigned to

Status

()

Core
CSS Parsing and Computation
P1
normal
ASSIGNED
5 days ago
a day ago

People

(Reporter: Darkspirit, Assigned: hiro)

Tracking

(Blocks: 1 bug, {crash, nightly-community})

Trunk
x86_64
Linux
crash, nightly-community
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

(Reporter)

Description

5 days ago
Crashes with
> [@ libxul.so@0x1e775c3 | libxul.so@0x1e8ce92 | nsAbsoluteContainingBlock::Reflow ]
start with today's build 20170716100258 on Linux
and they all have
> layout.css.servo.enabled":true
in the Metadata tab:

https://crash-stats.mozilla.com/signature/?product=Firefox&signature=libxul.so%400x1e775c3%20%7C%20libxul.so%400x1e8ce92%20%7C%20nsAbsoluteContainingBlock%3A%3AReflow&date=%3E%3D2017-06-16T15%3A34%3A25.000Z&date=%3C2017-07-16T15%3A34%3A25.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports

-> the most have "APZ" their crash: mozilla::layers::APZCCallbackHelper::DispatchWidgetEvent
bug 1371450 landed in this build.

I (partially) mentioned this earlier in bug 1379218 comment 3 because I thought this is similar.

Personally, I had a tab crash on twitter.com bp-64183507-ce38-4fa4-8d38-aa72f0170716 but this one doesn't mention APZ like the others.
I believe this, bug 1379218, and bug 1380125, maybe more frame constructor crashes, have the same root cause, which is that absolute frame can sometimes be used after free. I haven't had any clue for why this happens, and only happens for stylo...
Priority: -- → P2
Priority: P2 → P1
Getting this on youtube.
(Assignee)

Comment 3

4 days ago
The stack has also PresShell::HandleEvent.
See Also: → bug 1378064, bug 1381431
There have been 38 nsAbsoluteContainingBlock::Reflow crashes over the last three days from about 11 different users (unique install times). All 38 crashes were on Linux!
(Assignee)

Comment 5

3 days ago
I will care this.
Assignee: nobody → hikezoe
Status: NEW → ASSIGNED
(Reporter)

Comment 6

a day ago
All crashes with this signature were only with build 20170716100258 (build 2017-07-16).
You need to log in before you can comment on or make changes to this bug.