Bug 2239333

Summary: [abrt] tmux: tty_puts(): tmux killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Ankur Sinha (FranciscoD) <sanjay.ankur>
Component: tmuxAssignee: Sven Lankes <sven>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 39CC: dcantrell, rosset.filipe, sanjay.ankur, sven
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/06a7ea4e6ad27f933a5f285e16448c6d4626ad8
Whiteboard: abrt_hash:518dc574af43caf6f60a474bc24a9d2497ba4064;VARIANT_ID=compneuro;
Fixed In Version: tmux-3.3a-5.20230918gitb202a2f.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-02-12 10:54:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: proc_pid_status
none
File: os_info
none
File: maps
none
File: environ
none
File: backtrace
none
File: mountinfo
none
File: cpuinfo
none
File: dso_list
none
File: limits
none
File: core_backtrace
none
File: open_fds
none
File: exploitable none

Description Ankur Sinha (FranciscoD) 2023-09-17 15:09:17 UTC 
Description of problem:
Not sure, randomly crashed.

Version-Release number of selected component:
tmux-3.3a-4.fc39

Additional info:
reporter:       libreport-2.17.11
crash_function: tty_puts
kernel:         6.5.3-300.fc39.x86_64
rootdir:        /
cmdline:        tmux -u -2 -f /usr/share/byobu/profiles/tmuxrc new -s default
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/app-org.gnome.Terminal.slice/vte-spawn-95ceeade-9e18-4d48-8226-275e52c12f81.scope
uid:            1000
reason:         tmux killed by SIGSEGV
package:        tmux-3.3a-4.fc39
comment:        Not sure, randomly crashed.
executable:     /usr/bin/tmux
type:           CCpp
runlevel:       N 5
backtrace_rating: 4
journald_cursor: s=1e4af0df85674ff5bc933d51736d04ea;i=2084e2;b=2e9d512df23942f2a1609e1999301148;m=2c8beacc9;t=6058f5c2624fc;x=d631ddb3932123cd

Truncated backtrace:
Thread no. 1 (19 frames)
 #0 tty_puts at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:570
 #1 tty_putcode_ptr2.part.0.constprop.0 at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:544
 #2 tty_putcode_ptr2 at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:2107
 #3 tty_set_selection at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:2104
 #5 tty_write at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:1630
 #6 screen_write_setselection at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/screen-write.c:2096
 #7 window_copy_copy_buffer.isra.0 at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/window-copy.c:4573
 #8 window_copy_copy_selection at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/window-copy.c:4628
 #9 window_copy_cmd_copy_selection_no_clear at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/window-copy.c:1176
 #10 window_copy_cmd_copy_selection_and_cancel at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/window-copy.c:1197
 #11 window_copy_command at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/window-copy.c:2916
 #12 cmd_send_keys_exec at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/cmd-send-keys.c:176
 #13 cmdq_fire_command at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/cmd-queue.c:647
 #14 cmdq_next at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/cmd-queue.c:763
 #15 server_loop at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/server.c:270
 #16 proc_loop at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/proc.c:222
 #17 server_start at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/server.c:251
 #18 client_connect at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/client.c:164
 #19 client_main at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/client.c:287
Comment 1 Ankur Sinha (FranciscoD) 2023-09-17 15:09:21 UTC 
Created attachment 1989223 [details]
File: proc_pid_status
Comment 2 Ankur Sinha (FranciscoD) 2023-09-17 15:09:23 UTC 
Created attachment 1989224 [details]
File: os_info
Comment 3 Ankur Sinha (FranciscoD) 2023-09-17 15:09:24 UTC 
Created attachment 1989225 [details]
File: maps
Comment 4 Ankur Sinha (FranciscoD) 2023-09-17 15:09:26 UTC 
Created attachment 1989226 [details]
File: environ
Comment 5 Ankur Sinha (FranciscoD) 2023-09-17 15:09:28 UTC 
Created attachment 1989227 [details]
File: backtrace
Comment 6 Ankur Sinha (FranciscoD) 2023-09-17 15:09:30 UTC 
Created attachment 1989228 [details]
File: mountinfo
Comment 7 Ankur Sinha (FranciscoD) 2023-09-17 15:09:31 UTC 
Created attachment 1989229 [details]
File: cpuinfo
Comment 8 Ankur Sinha (FranciscoD) 2023-09-17 15:09:33 UTC 
Created attachment 1989230 [details]
File: dso_list
Comment 9 Ankur Sinha (FranciscoD) 2023-09-17 15:09:35 UTC 
Created attachment 1989231 [details]
File: limits
Comment 10 Ankur Sinha (FranciscoD) 2023-09-17 15:09:36 UTC 
Created attachment 1989232 [details]
File: core_backtrace
Comment 11 Ankur Sinha (FranciscoD) 2023-09-17 15:09:38 UTC 
Created attachment 1989233 [details]
File: open_fds
Comment 12 Ankur Sinha (FranciscoD) 2023-09-17 15:09:39 UTC 
Created attachment 1989234 [details]
File: exploitable
Comment 13 Ankur Sinha (FranciscoD) 2023-09-18 09:26:24 UTC 
Trying to copy some text in copy-mode reliably crashes tmux.


reporter:       libreport-2.17.11
crash_function: tty_puts
kernel:         6.5.3-300.fc39.x86_64
rootdir:        /
cmdline:        tmux -u -2 -f /usr/share/byobu/profiles/tmuxrc new -s default
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/app-org.gnome.Terminal.slice/vte-spawn-844d5801-7089-4afc-a085-692b4a6b13b5.scope
uid:            1000
reason:         tmux killed by SIGSEGV
package:        tmux-3.3a-4.fc39
comment:        Trying to copy some text in copy-mode reliably crashes tmux.
executable:     /usr/bin/tmux
type:           CCpp
runlevel:       N 5
backtrace_rating: 4
journald_cursor: s=894c4971cb134061b8a2a29f3d9be7da;i=20ae71;b=73a9649ec587428d85a9bb1a0249116e;m=ec7e875d4;t=6059e982c972a;x=af6e6078bd171ab3
Comment 14 Ankur Sinha (FranciscoD) 2023-09-18 09:27:10 UTC 
Steps to reproduce:

- start new tmux session
- hit ctrl b, [ to enter copy mode
- hit spacebar to select text
- hit enter to copy text
- see tmux crash
Comment 15 Ankur Sinha (FranciscoD) 2023-09-18 09:47:27 UTC 
$ rpm -qa \*tmux\* \*ncurses\*
ncurses-base-6.4-7.20230520.fc39.noarch
ncurses-libs-6.4-7.20230520.fc39.x86_64
ncurses-6.4-7.20230520.fc39.x86_64
ncurses-c++-libs-6.4-7.20230520.fc39.x86_64
ncurses-devel-6.4-7.20230520.fc39.x86_64
tmux-3.3a-4.fc39.x86_64
Comment 16 Ankur Sinha (FranciscoD) 2023-09-18 10:41:27 UTC 
Upstream said: "Your ncurses is too new or your tmux is too old, you need to downgrade ncurses or upgrade tmux."


I've opened a PR here to update to current master, and can confirm that it fixes this issue:

https://src.fedoraproject.org/rpms/tmux/pull-request/7