tmux crashed with SIGSEGV

Bug #1847484 reported by Henning Kulander on 2019-10-09
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fix Released
tmux (Ubuntu)

Bug Description

Tmux fails to start after upgrading to Ubuntu 19.10 (beta).

ProblemType: Crash
DistroRelease: Ubuntu 19.10
Package: tmux 2.9a-3build1
ProcVersionSignature: Ubuntu 5.0.0-31.33-generic 5.0.21
Uname: Linux 5.0.0-31-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu7
Architecture: amd64
CrashCounter: 1
CurrentDesktop: ubuntu:GNOME
Date: Wed Oct 9 13:57:51 2019
ExecutablePath: /usr/bin/tmux
InstallationDate: Installed on 2019-09-02 (37 days ago)
InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
ProcCmdline: tmux new-session -d -s aid -n servers
 Segfault happened at: 0x55cab852c029: testb $0x8,0x751(%r12)
 PC (0x55cab852c029) ok
 source "$0x8" ok
 destination "0x751(%r12)" (0x00000751) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: tmux
 ?? ()
 ?? ()
 ?? ()
 ?? ()
 ?? ()
Title: tmux crashed with SIGSEGV
UpgradeStatus: Upgraded to eoan on 2019-10-09 (0 days ago)
UserGroups: adm cdrom dip docker lpadmin plugdev sambashare sudo

Henning Kulander (hennikul) wrote :

 key_bindings_dispatch (bd=0x55caba2389a0, item=item@entry=0x55caba234920, c=c@entry=0x0, m=m@entry=0x0, fs=fs@entry=0x55caba2349a0) at key-bindings.c:461
 cmd_send_keys_inject (c=0x0, item=0x55caba234920, key=<optimized out>) at cmd-send-keys.c:80
 cmd_send_keys_exec (self=0x55caba23a470, item=0x55caba234920) at cmd-send-keys.c:168
 cmdq_fire_command (item=0x55caba234920) at cmd-queue.c:235
 cmdq_next (c=c@entry=0x55caba279e10) at cmd-queue.c:354

Changed in tmux (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Paride Legovini (paride) wrote :

Hello Henning, thanks for your report. I can't reproduce the issue using Eoan, the same version of tmux and the same architecture. Is this something that happened one-off, or does it happen often/always on your system?

Since there isn't enough information in your report to differentiate between a problem specific to your system and a bug in Ubuntu, I'm marking this bug as Incomplete for the moment. If you believe that this is really a bug, we'd be grateful if you would then provide a more complete description of the problem and its context, and then change the bug status back to New.

As the stacktrace doesn't contain any private information I'm removing the "private security" status from this report.

Thank you!

Changed in tmux (Ubuntu):
status: New → Incomplete
information type: Private → Public
Amir (amiryal) wrote :

Hello. The crash that I experienced was very similar if not identical to this report. In my case, I was able to isolate the problem thus:

1. Start a tmux server in the background and issue a `tmux send-keys -t` at it – the server crashes.
2. Start a tmux server in the background, attach to the session, hit [q] in the frame that shows all of the errors in the old configuration, which was not updated since the upgrade to Eoan, and issue the same `tmux send-keys -t` again – now the server does not crash.

So, the crash seems to happen when sending keystrokes to a frame that is still showing error messages from parsing the configuration.

Andreas Hasenack (ahasenack) wrote :

Thanks Amir, reproduced the problem. Basically:

- add an invalid config to ~/.tmux.conf
- run tmux
- quickly detach
- run "tmux send-keys -t 0 q" (where "q" is just a keystroke to send)
you will get an error saying "lost server" and a crash dump in /var/crash.

Changed in tmux (Ubuntu):
status: Incomplete → Confirmed

Thanks for your checks Amir and Andreas.
Since this involves a "bad config" I'd say the prio isn't high.

But if one of you could report the crash upstream that would probably help the most to eventually get rid of it.

There currently is 3.0-rc5 in Debian/experiemental.
No final 3.0 yet at
Maybe by reporting this there it will make it into 3.0 final?

Amir (amiryal) wrote :

I was able to reproduce on a fresh 3.0-rc5 build and report it upstream:

Paride Legovini (paride) wrote :

Thanks Amir for the reproducer and for filing the bug upstream. The bug has been already fixed upstream by this commit:

I'm linking this report to the upstream bug report.

Changed in tmux (Ubuntu):
status: Confirmed → Triaged
importance: Medium → Low

WHen tmux 3.0 is really released we should check if the fix is in and if not maybe backport for the scope of Ubuntu 20.04.
But for now give upstream some time to release things...

Changed in tmux:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.