Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 820782 - net-misc/tigervnc-1.9.0-r2 built with gcc-11.2.0 crash, rfb::Congestion::getUncongestedETA(): Assertion `iter != pings.end()' failed.
Summary: net-misc/tigervnc-1.9.0-r2 built with gcc-11.2.0 crash, rfb::Congestion::getU...
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Viorel Munteanu
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: gcc-11
  Show dependency tree
 
Reported: 2021-10-29 23:17 UTC by gen2dev
Modified: 2022-05-16 05:21 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description gen2dev 2021-10-29 23:17:33 UTC 
tigervnc-1.9.0-r2 has been working for me for a long time but recently started aborting occasionally, unpredictably, usually when I'm mouse scrolling a lot. The vnc log shows:
Xvnc: common/rfb/Congestion.cxx:285: int rfb::Congestion::getUncongestedETA(): Assertion `iter != pings.end()' failed.
(EE) 
(EE) Backtrace:
(EE) 0: /usr/bin/Xvnc (xorg_backtrace+0x5b) [0x562f7c257d2b]
(EE) 1: /usr/bin/Xvnc (0x562f7c095000+0x1c6575) [0x562f7c25b575]
(EE) 2: /lib64/libpthread.so.0 (0x7f04f37e4000+0x12120) [0x7f04f37f6120]
(EE) 3: /lib64/libc.so.6 (gsignal+0x13e) [0x7f04f2e0447e]
(EE) 4: /lib64/libc.so.6 (abort+0x112) [0x7f04f2dee536]
(EE) 5: /lib64/libc.so.6 (0x7f04f2dcc000+0x2241f) [0x7f04f2dee41f]
(EE) 6: /lib64/libc.so.6 (0x7f04f2dcc000+0x31102) [0x7f04f2dfd102]
(EE) 7: /usr/bin/Xvnc (0x562f7c095000+0x14b9f7) [0x562f7c1e09f7]
(EE) 8: /usr/bin/Xvnc (_ZN3rfb16VNCSConnectionST11isCongestedEv+0xb8) [0x562f7c1dd7f8]
(EE) 9: /usr/bin/Xvnc (_ZN3rfb16VNCSConnectionST22writeFramebufferUpdateEv+0x71) [0x562f7c1df951]
(EE) 10: /usr/bin/Xvnc (_ZN3rfb16VNCSConnectionST15processMessagesEv+0xce) [0x562f7c1dfa7e]
(EE) 11: /usr/bin/Xvnc (_ZN14XserverDesktop17handleSocketEventEiPN7network12SocketServerEbb+0x8b) [0x562f7c1c1e1b]
(EE) 12: /usr/bin/Xvnc (_ZN14XserverDesktop17handleSocketEventEibb+0x90) [0x562f7c1c1f20]
(EE) 13: /usr/bin/Xvnc (ospoll_wait+0x71) [0x562f7c25beb1]
(EE) 14: /usr/bin/Xvnc (WaitForSomething+0x163) [0x562f7c255c03]
(EE) 15: /usr/bin/Xvnc (Dispatch+0xb1) [0x562f7c208d11]
(EE) 16: /usr/bin/Xvnc (dix_main+0x33a) [0x562f7c20cfda]
(EE) 17: /lib64/libc.so.6 (__libc_start_main+0xcd) [0x7f04f2def87d]
(EE) 18: /usr/bin/Xvnc (_start+0x2a) [0x562f7c0fed5a]
(EE) 
(EE) 
Fatal server error:
(EE) Caught signal 6 (Aborted). Server aborting
(EE) 

I use it lightly for several hours every day and it crashes about once a week, when I'm paging or scrolling in a gui app like evince, soffice,  or firefox.

It appears to be a bug that was already found in tigervnc upstream and fixed some time after 1.9.0 and before 1.9.90 (which is the last and only other 1.9.X release available). It is caused by compiler-dependent C undefined behavior for integer wrap. That makes sense because I recently rolled from gcc-10.3 to gcc-11.2 and rebuilt @world when gcc-11.2 was stabilized. 

Upstream bug report including a link to the pull request where it was fixed, and a small test program that demonstrates integer wrap undefined behavior:
  http://github.com/TigerVNC/tigervnc/issues/652

I have not confirmed that rebuilding tigervnc with gcc-10 makes the problem go away, but I have confirmed that small test program gives different results when built with gcc-11 vs. gcc-10.
$ gcc-10.3.0 -O2 -o t t.c && ./t
1
1
1
$ gcc-11.2.0 -O2 -o t t.c && ./t
0
0
0
$

Simply unmasking tigervnc-1.11.0-r4 isn't an option because it is globally masked due to other issues.

Another possible workaround mentioned in the pull request linked above would be to pass -fwrapv to gcc. That at least makes the test program give the same results with gcc-11 as it does with gcc-10.

This is a candidate to be added to the gcc-11 porting bug 732706.


Reproducible: Sometimes

Steps to Reproduce:
1. Build tigervnc-1.9.0-r2 with gcc-11
2. Start a vnc verver and open it with a viewer
3. Scroll / page gui applicaitions until it crashes, maybe?
Actual Results:  
Occasional, unpredictable, abort with assert failure in the vnc log.

Expected Results:  
No abort.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-29 23:20:37 UTC 
Do the two patches fix the issue for you?

1) https://github.com/TigerVNC/tigervnc/commit/c05fba745ee42661b54bb4454b270e43232c1b

and

2) https://patch-diff.githubusercontent.com/raw/TigerVNC/tigervnc/pull/817.patch

(Not had a chance to look at it properly; we should really get TigerVNC sorted)
Comment 2 gen2dev 2021-10-30 00:16:42 UTC 
The first patch is already in the distribution.

I applied the second one, "817.patch", locally on my system and rebuilt. I'll try to stress it a bit as I work and post an update here immediately if it fails again, or in 2 weeks if it doesn't.
Comment 3 gen2dev 2021-11-05 21:04:48 UTC 
I have had zero crashes with the 817.patch applied. It fixed the problem I was seeing.

I would like to see that patch added to the gentoo ebuild for tigervnc 1.9.0, to keep it working now that gcc-11 is stable. I hope there's a way for that to happen soon, without waiting for the maintainer and 1.11's compatibility issues to be straightened out.

Once the patch is deployed this bug can be resolved as fixed.

Thanks for the help, Sam.
Comment 4 Viorel Munteanu gentoo-dev 2022-05-16 05:21:29 UTC 
1.9.0 is no longer in the tree.  1.12.0 does not have this bug.