-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-10.2
-
None
-
None
-
None
-
rhel-base-utils-core
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
How to reproduce: Run tmux to create a new tmux session. Inside the session, from the shell prompt, run tmux capture-pane -p. Instead of showing any output, tmux crashes and prints [server exited unexpectedly].
GDB produces the following backtrace:
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007fbe0c3c1733 in __pthread_kill_internal (threadid=<optimized out>,
signo=6) at pthread_kill.c:78
#2 0x00007fbe0c36b0d6 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/posix/raise.c:26
#3 0x00007fbe0c3528fa in __GI_abort () at abort.c:79
#4 0x00007fbe0c353b69 in __libc_message_impl (
fmt=fmt@entry=0x7fbe0c4bf7d6 "%s\n") at ../sysdeps/posix/libc_fatal.c:134
#5 0x00007fbe0c3cb5e7 in malloc_printerr (
str=str@entry=0x7fbe0c4c2ad8 "double free or corruption (fasttop)")
at malloc.c:5772
#6 0x00007fbe0c3cd93a in _int_free (av=0x7fbe0c4f9ac0 <main_arena>,
p=<optimized out>, have_lock=have_lock@entry=0) at malloc.c:4607
#7 0x00007fbe0c3d0233 in __GI___libc_free (mem=mem@entry=0x56554b2d06f0)
at malloc.c:3398
#8 0x00005655305cf554 in cmd_capture_pane_exec (self=<optimized out>,
item=0x56554b2ae180)
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/cmd-capture-pane.c:253
#9 0x00005655305e2968 in cmdq_fire_command (item=0x56554b2ae180)
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/cmd-queue.c:649
#10 cmdq_next (c=<optimized out>)
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/cmd-queue.c:765
#11 0x00005655306371fd in server_loop ()
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/server.c:273
#12 0x00005655306392c5 in proc_loop (tp=0x56554b25f4e0,
loopcb=0x565530637180 <server_loop>)
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/proc.c:217
#13 server_start (client=<optimized out>, flags=402718720,
base=<optimized out>, lockfd=5, lockfile=0x56554b25f4b0 "")
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/server.c:252
#14 0x00005655305c72ba in client_connect (base=0x56554b25e310,
path=0x56554b25e0d0 "/tmp/tmux-0/default", flags=402718720)
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/client.c:164
#15 client_main (base=0x56554b25e310, argc=0, argv=<optimized out>,
flags=<optimized out>, feat=0)
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/client.c:290
#16 main (argc=0, argv=<optimized out>)
at /usr/src/debug/tmux-3.3a-13.20230918gitb202a2f.el10.x86_64/tmux.c:519
The crash also happens if selecting a non-current pane with -t, so it's not because of the feedback loop involved in printing the contents of the current pane to the current pane. This shell command sequence seems to reproduce the same crash:
tmux new-session -d -s T; tmux capture-pane -t T -p
Seen with: tmux-3.3a-13.20230918gitb202a2f.el10.x86_64