uzbl segfault regarding libpixman

[GSI]

Please paste the output of uzbl-core --bug-info here:

Commit: v0.9.0-21-g4851bae
GTK compile: 3.20.2
GTK run: 3.20.2
WebKit compile: 2.4.10
WebKit run: 2.4.10
WebKit2: 0
libsoup compile: 2.54.0
libsoup run: 2.54.0

This happened upon scrolling down on a one-page website.
(No link, as I run into this issue randomly and cannot reproduce it based on repeating the same steps on the same website)

(gdb) bt                                                                                                               [1/1224]
#0  0x00007f398a9a1470 in ?? () from /usr/lib/libpixman-1.so.0
#1  0x00007f398a9a1619 in ?? () from /usr/lib/libpixman-1.so.0
#2  0x00007f398a91eca1 in pixman_image_composite32 () from /usr/lib/libpixman-1.so.0
#3  0x00007f3993cea0a4 in ?? () from /usr/lib/libcairo.so.2
#4  0x00007f3993d262ca in ?? () from /usr/lib/libcairo.so.2
#5  0x00007f3993d2688e in ?? () from /usr/lib/libcairo.so.2
#6  0x00007f3993d26ba9 in ?? () from /usr/lib/libcairo.so.2
#7  0x00007f3993cde419 in ?? () from /usr/lib/libcairo.so.2
#8  0x00007f3993d29c31 in ?? () from /usr/lib/libcairo.so.2
#9  0x00007f3993d56d6c in ?? () from /usr/lib/libcairo.so.2
#10 0x00007f3993d3c334 in ?? () from /usr/lib/libcairo.so.2
#11 0x00007f3993d3c659 in ?? () from /usr/lib/libcairo.so.2
#12 0x00007f3993d3d08e in ?? () from /usr/lib/libcairo.so.2
#13 0x00007f3993cde730 in ?? () from /usr/lib/libcairo.so.2
#14 0x00007f3993d58298 in ?? () from /usr/lib/libcairo.so.2
#15 0x00007f3993d2a157 in ?? () from /usr/lib/libcairo.so.2
#16 0x00007f3993ce779c in ?? () from /usr/lib/libcairo.so.2
#17 0x00007f3993ce0139 in ?? () from /usr/lib/libcairo.so.2
#18 0x00007f3993cd8f55 in cairo_fill () from /usr/lib/libcairo.so.2
#19 0x00007f399591c938 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#20 0x00007f39959166e2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#21 0x00007f399597d32e in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#22 0x00007f39959774d8 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#23 0x00007f399613835b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#24 0x00007f399611dba8 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#25 0x00007f3996125d60 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#26 0x00007f39961262cd in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#27 0x00007f399612a03e in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#28 0x00007f39960ee830 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#29 0x00007f39960daaa0 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#30 0x00007f39961b2c88 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#31 0x00007f39961bd76c in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#32 0x00007f39961be991 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#33 0x00007f39961c03d2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#34 0x00007f39961bda37 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#35 0x00007f39961be991 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#36 0x00007f39961c03d2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#37 0x00007f39961bda37 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#38 0x00007f39961be991 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#39 0x00007f39961beca4 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#40 0x00007f3996055eaf in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#41 0x00007f39967f0ef2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#42 0x00007f39958c541b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#43 0x00007f39959e1e80 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#44 0x00007f3995a035e2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#45 0x00007f399313b823 in ?? () from /usr/lib/libglib-2.0.so.0
#46 0x00007f399313adba in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#47 0x00007f399313b160 in ?? () from /usr/lib/libglib-2.0.so.0
#48 0x00007f399313b482 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#49 0x00007f39944db525 in gtk_main () from /usr/lib/libgtk-3.so.0
#50 0x000000000040a5e9 in ?? ()
#51 0x00007f3992811710 in __libc_start_main () from /usr/lib/libc.so.6
#52 0x000000000040a749 in ?? ()

[GSI]

Closing, as I am unable to reproduce the issue since switching to nouveau (#221).
Will reopen if necessary;

[GSI]

Commit: v0.9.0-21-g4851bae
GTK compile: 3.20.2
GTK run: 3.20.3
WebKit compile: 2.4.10
WebKit run: 2.4.10
WebKit2: 0
libsoup compile: 2.54.0
libsoup run: 2.54.0

Reopening - The crashes persist.

I am now able to consistently reproduce the crash on https://global.americanexpress.com/myca/logon/emea/action?Face=de_AT when zoom_level is set to 1.3.

I either set it to that value and visit the page afterwards OR I zoom to that level once I'm already there. Both variants cause the crash.

With other zoom levels the page works fine. (I've tried from 1.0 to 2.0, iterating by 0.1)

With zoom_text_only, the crashes are avoided.

I suspect this to be related to my previous bug report #177, although I am unable to reproduce on neither YouTube nor Google Maps.

# coredumpctl gdb 7123
(gdb) bt
#0  0x00007fce8fbd0470 in ?? () from /usr/lib/libpixman-1.so.0
#1  0x00007fce8fb93693 in ?? () from /usr/lib/libpixman-1.so.0
#2  0x00007fce8fb4ddbe in pixman_blt () from /usr/lib/libpixman-1.so.0
#3  0x00007fce98d662bb in ?? () from /usr/lib/libcairo.so.2
#4  0x00007fce98da2800 in ?? () from /usr/lib/libcairo.so.2
#5  0x00007fce98da288e in ?? () from /usr/lib/libcairo.so.2
#6  0x00007fce98da2ba9 in ?? () from /usr/lib/libcairo.so.2
#7  0x00007fce98d5a419 in ?? () from /usr/lib/libcairo.so.2
#8  0x00007fce98da5c31 in ?? () from /usr/lib/libcairo.so.2
#9  0x00007fce98dd2d6c in ?? () from /usr/lib/libcairo.so.2
#10 0x00007fce98db8334 in ?? () from /usr/lib/libcairo.so.2
#11 0x00007fce98db8659 in ?? () from /usr/lib/libcairo.so.2
#12 0x00007fce98db908e in ?? () from /usr/lib/libcairo.so.2
#13 0x00007fce98d5a730 in ?? () from /usr/lib/libcairo.so.2
#14 0x00007fce98dd4298 in ?? () from /usr/lib/libcairo.so.2
#15 0x00007fce98da6157 in ?? () from /usr/lib/libcairo.so.2
#16 0x00007fce98d6379c in ?? () from /usr/lib/libcairo.so.2
#17 0x00007fce98d5c139 in ?? () from /usr/lib/libcairo.so.2
#18 0x00007fce98d54f55 in cairo_fill () from /usr/lib/libcairo.so.2
#19 0x00007fce9a998938 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#20 0x00007fce9a9926e2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#21 0x00007fce9a9f932e in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#22 0x00007fce9a9f34d8 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#23 0x00007fce9b1b435b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#24 0x00007fce9b199ba8 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#25 0x00007fce9b1a1d60 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#26 0x00007fce9b1a22cd in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#27 0x00007fce9b1a603e in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#28 0x00007fce9b16a830 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#29 0x00007fce9b156aa0 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#30 0x00007fce9b159a2b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#31 0x00007fce9b159bf2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#32 0x00007fce9b15979f in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#33 0x00007fce9b16a92b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#34 0x00007fce9b156aa0 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#35 0x00007fce9b159a2b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#36 0x00007fce9b159bf2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#37 0x00007fce9b15979f in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#38 0x00007fce9b16a92b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#39 0x00007fce9b156aa0 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#40 0x00007fce9b159a2b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#41 0x00007fce9b159bf2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#42 0x00007fce9b15979f in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#43 0x00007fce9b16a92b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#44 0x00007fce9b156aa0 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0                                                             [0/3280]
#45 0x00007fce9b159a2b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#46 0x00007fce9b159bf2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#47 0x00007fce9b15979f in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#48 0x00007fce9b16a92b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#49 0x00007fce9b156aa0 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#50 0x00007fce9b226c08 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#51 0x00007fce9b22f1c8 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#52 0x00007fce9b239d2e in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#53 0x00007fce9b23a991 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#54 0x00007fce9b23c3d2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#55 0x00007fce9b239a37 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#56 0x00007fce9b23a991 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#57 0x00007fce9b23aca4 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#58 0x00007fce9b0d1eaf in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#59 0x00007fce9b86cef2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#60 0x00007fce9a94141b in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#61 0x00007fce9aa5de80 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#62 0x00007fce9aa7f5e2 in ?? () from /usr/lib/libwebkitgtk-3.0.so.0
#63 0x00007fce981b7823 in ?? () from /usr/lib/libglib-2.0.so.0
#64 0x00007fce981b6dba in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#65 0x00007fce981b7160 in ?? () from /usr/lib/libglib-2.0.so.0
#66 0x00007fce981b7482 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#67 0x00007fce99557575 in gtk_main () from /usr/lib/libgtk-3.so.0
#68 0x000000000040a5e9 in ?? ()
#69 0x00007fce9788d710 in __libc_start_main () from /usr/lib/libc.so.6
#70 0x000000000040a749 in ?? ()

(gdb) info registers
rax            0x7fce059ab000   140522834014208
rbx            0xfac    4012
rcx            0xf6c    3948
rdx            0x7fce057bdc00   140522831993856
rsi            0x7fce057be840   140522831996992
rdi            0x7fce059ab340   140522834015040
rbp            0xfb0    0xfb0
rsp            0x7ffe9e777138   0x7ffe9e777138
r8             0x7fce057bdc00   140522831993856
r9             0x1      1
r10            0xfac    4012
r11            0x7fce059ab370   140522834015088
r12            0xf80    3968
r13            0x3d     61
r14            0x0      0
r15            0x20     32
rip            0x7fce8fbd0470   0x7fce8fbd0470
eflags         0x10287  [ CF PF SF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

[GSI]

Also iterated by 0.01 from 1.28 up to 1.39. Only the values 1.30 and 1.31 cause the crash.

Iterating by 0.001 from 1.298 to 1.313 only 1.300, 1.310 and 1.311 cause the crash.

[keis]

I'm afraid I'm not going to be of much help debugging this deep in the draw stack, I can't imagine this being uzbl specific though. I would suggest trying to reproduce this with the simplebrowser demo thing from the webkit repo and bringing it to them. I can help you figure out what to patch if anything to set the zoom level if you're up for it.

[GSI]

As it's quite simple to work around, I'm not too stressed out about this issue. Anyway I'm curious if you guys are able to reproduce it too (?) As for diving into the C parts of uzbl, it's been years since I last touched C code. If we ever happen to have a personal introduction, I'd be up for it, though.

[keis]

Nope. I can set it to 1.3 just fine. But maybe my magic number is something else