Ah this is an existing problem that we didn't see before because guards
aren't usually printed. I think it'll only occur with cfg_cmd_q, because
it can go to NULL if it empties. source-file will enter cmdq_continue
recursively in cmd_source_fine_done then if cfg_cmd_q empties out there
it will become NULL and die when it gets back up to the previous
cmdq_continue on the stack.
I think safest thing to do is just to take a reference so nothing can
free the cmdq before we're done:
Index: cmd-queue.c
===================================================================
RCS file: /cvs/src/usr.bin/tmux/cmd-queue.c,v
retrieving revision 1.21
diff -u -p -r1.21 cmd-queue.c
--- cmd-queue.c 5 Feb 2015 10:26:29 -0000 1.21
+++ cmd-queue.c 11 Feb 2015 18:08:58 -0000
@@ -163,6 +163,7 @@ cmdq_continue(struct cmd_q *cmdq)
int empty, flags;
char s[1024];
+ cmdq->references++;
notify_disable();
empty = TAILQ_EMPTY(&cmdq->queue);
@@ -220,11 +221,13 @@ empty:
if (cmdq->client_exit > 0)
cmdq->client->flags |= CLIENT_EXIT;
if (cmdq->emptyfn != NULL)
- cmdq->emptyfn(cmdq); /* may free cmdq */
+ cmdq->emptyfn(cmdq);
empty = 1;
out:
notify_enable();
+ cmdq_free(cmdq);
+
return (empty);
}
On Wed, Feb 11, 2015 at 10:29:33AM +0100, Theo Buehler wrote:
> Starting with the amd64 snapshot of February 9th, there is a regression
> in tmux which can lead to a bus error on startup or when sourcing a file
> that sources another file.
>
> The easiest way I found to reproduce the crash is as follows:
>
> $ pwd
> /home/user
> $ ls
> $ cat .tmux.conf
> source-file .mytmuxconf
> $ cat .mytmuxconf
> set-option -g repeat-time 200
> $ tmux
> $ echo $?
> 1
> $ ls
> tmux.core
> $
>
> It seems that revision 1.21 of cmd-queue.c is responsible for this crash.
> Reverting cmd-queue.c to revision 1.20 and adjusting the prototype of
> cmdq_guard() in tmux.h accordingly seems to fix this problem.
>
>
> Here's a backtrace of `tmux -vvv' (without debugging symbols, sorry):
>
> GNU gdb 6.3
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "amd64-unknown-openbsd5.7"...(no debugging symbols
> found)
>
> Core was generated by `tmux'.
> Program terminated with signal 10, Bus error.
> (no debugging symbols found)
> Loaded symbols for /usr/bin/tmux
> Reading symbols from /usr/lib/libutil.so.12.1...done.
> Loaded symbols for /usr/lib/libutil.so.12.1
> Reading symbols from /usr/lib/libcurses.so.14.0...done.
> Loaded symbols for /usr/lib/libcurses.so.14.0
> Reading symbols from /usr/lib/libevent.so.4.1...done.
> Loaded symbols for /usr/lib/libevent.so.4.1
> Reading symbols from /usr/lib/libc.so.78.1...done.
> Loaded symbols for /usr/lib/libc.so.78.1
> Reading symbols from /usr/libexec/ld.so...done.
> Loaded symbols for /usr/libexec/ld.so
> #0 0x000016b84f7225f1 in cfg_default_done () from /usr/bin/tmux
> (gdb) bt
> #0 0x000016b84f7225f1 in cfg_default_done () from /usr/bin/tmux
> #1 0x000016b84f722715 in cfg_default_done () from /usr/bin/tmux
> #2 0x000016b84f73b046 in server_client_callback () from /usr/bin/tmux
> #3 0x000016b84f7129b2 in cfg_default_done () from /usr/bin/tmux
> #4 0x000016b84f712aa8 in cfg_default_done () from /usr/bin/tmux
> #5 0x000016b84f7420c0 in server_client_callback () from /usr/bin/tmux
> #6 0x000016b84f70fe91 in ?? () from /usr/bin/tmux
> #7 0x0000000000000000 in ?? ()
> (gdb) q
>
> And the corresponding log files:
>
> $ cat tmux-client-22833.log
> socket is /tmp/tmux-1005/default
> trying connect
> connect failed: Connection refused
> lock file is /tmp/tmux-1005/default.lock
> flock succeeded
> got lock
> trying connect
> connect failed: Connection refused
> starting server
> $ cat tmux-server-25507.log
> server started, pid 25507
> cmdq 0x16bac52dca80: bind-key C-b send-prefix (client -1)
> cmdq 0x16bac52dca80: bind-key C-o rotate-window (client -1)
> cmdq 0x16bac52dca80: bind-key C-z suspend-client (client -1)
> cmdq 0x16bac52dca80: bind-key Space next-layout (client -1)
> cmdq 0x16bac52dca80: bind-key ! break-pane (client -1)
> cmdq 0x16bac52dca80: bind-key " split-window (client -1)
> cmdq 0x16bac52dca80: bind-key # list-buffers (client -1)
> cmdq 0x16bac52dca80: bind-key $ command-prompt -I#S "rename-session '%%'"
> (client -1)
> cmdq 0x16bac52dca80: bind-key % split-window -h (client -1)
> cmdq 0x16bac52dca80: bind-key & confirm-before "-pkill-window #W? (y/n)"
> kill-window (client -1)
> cmdq 0x16bac52dca80: bind-key ' command-prompt -pindex "select-window -t
> ':%%'" (client -1)
> cmdq 0x16bac52dca80: bind-key ( switch-client -p (client -1)
> cmdq 0x16bac52dca80: bind-key ) switch-client -n (client -1)
> cmdq 0x16bac52dca80: bind-key , command-prompt -I#W "rename-window '%%'"
> (client -1)
> cmdq 0x16bac52dca80: bind-key - delete-buffer (client -1)
> cmdq 0x16bac52dca80: bind-key . command-prompt "move-window -t '%%'" (client
> -1)
> cmdq 0x16bac52dca80: bind-key 0 select-window -t:0 (client -1)
> cmdq 0x16bac52dca80: bind-key 1 select-window -t:1 (client -1)
> cmdq 0x16bac52dca80: bind-key 2 select-window -t:2 (client -1)
> cmdq 0x16bac52dca80: bind-key 3 select-window -t:3 (client -1)
> cmdq 0x16bac52dca80: bind-key 4 select-window -t:4 (client -1)
> cmdq 0x16bac52dca80: bind-key 5 select-window -t:5 (client -1)
> cmdq 0x16bac52dca80: bind-key 6 select-window -t:6 (client -1)
> cmdq 0x16bac52dca80: bind-key 7 select-window -t:7 (client -1)
> cmdq 0x16bac52dca80: bind-key 8 select-window -t:8 (client -1)
> cmdq 0x16bac52dca80: bind-key 9 select-window -t:9 (client -1)
> cmdq 0x16bac52dca80: bind-key : command-prompt (client -1)
> cmdq 0x16bac52dca80: bind-key ; last-pane (client -1)
> cmdq 0x16bac52dca80: bind-key = choose-buffer (client -1)
> cmdq 0x16bac52dca80: bind-key ? list-keys (client -1)
> cmdq 0x16bac52dca80: bind-key D choose-client (client -1)
> cmdq 0x16bac52dca80: bind-key L switch-client -l (client -1)
> cmdq 0x16bac52dca80: bind-key [ copy-mode (client -1)
> cmdq 0x16bac52dca80: bind-key ] paste-buffer (client -1)
> cmdq 0x16bac52dca80: bind-key c new-window (client -1)
> cmdq 0x16bac52dca80: bind-key d detach-client (client -1)
> cmdq 0x16bac52dca80: bind-key f command-prompt "find-window '%%'" (client -1)
> cmdq 0x16bac52dca80: bind-key i display-message (client -1)
> cmdq 0x16bac52dca80: bind-key l last-window (client -1)
> cmdq 0x16bac52dca80: bind-key n next-window (client -1)
> cmdq 0x16bac52dca80: bind-key o select-pane -t:.+ (client -1)
> cmdq 0x16bac52dca80: bind-key p previous-window (client -1)
> cmdq 0x16bac52dca80: bind-key q display-panes (client -1)
> cmdq 0x16bac52dca80: bind-key r refresh-client (client -1)
> cmdq 0x16bac52dca80: bind-key s choose-tree (client -1)
> cmdq 0x16bac52dca80: bind-key t clock-mode (client -1)
> cmdq 0x16bac52dca80: bind-key w choose-window (client -1)
> cmdq 0x16bac52dca80: bind-key x confirm-before "-pkill-pane #P? (y/n)"
> kill-pane (client -1)
> cmdq 0x16bac52dca80: bind-key z resize-pane -Z (client -1)
> cmdq 0x16bac52dca80: bind-key { swap-pane -U (client -1)
> cmdq 0x16bac52dca80: bind-key } swap-pane -D (client -1)
> cmdq 0x16bac52dca80: bind-key ~ show-messages (client -1)
> cmdq 0x16bac52dca80: bind-key PPage copy-mode -u (client -1)
> cmdq 0x16bac52dca80: bind-key -r Up select-pane -U (client -1)
> cmdq 0x16bac52dca80: bind-key -r Down select-pane -D (client -1)
> cmdq 0x16bac52dca80: bind-key -r Left select-pane -L (client -1)
> cmdq 0x16bac52dca80: bind-key -r Right select-pane -R (client -1)
> cmdq 0x16bac52dca80: bind-key M-1 select-layout even-horizontal (client -1)
> cmdq 0x16bac52dca80: bind-key M-2 select-layout even-vertical (client -1)
> cmdq 0x16bac52dca80: bind-key M-3 select-layout main-horizontal (client -1)
> cmdq 0x16bac52dca80: bind-key M-4 select-layout main-vertical (client -1)
> cmdq 0x16bac52dca80: bind-key M-5 select-layout tiled (client -1)
> cmdq 0x16bac52dca80: bind-key M-n next-window -a (client -1)
> cmdq 0x16bac52dca80: bind-key M-o rotate-window -D (client -1)
> cmdq 0x16bac52dca80: bind-key M-p previous-window -a (client -1)
> cmdq 0x16bac52dca80: bind-key -r M-Up resize-pane -U 5 (client -1)
> cmdq 0x16bac52dca80: bind-key -r M-Down resize-pane -D 5 (client -1)
> cmdq 0x16bac52dca80: bind-key -r M-Left resize-pane -L 5 (client -1)
> cmdq 0x16bac52dca80: bind-key -r M-Right resize-pane -R 5 (client -1)
> cmdq 0x16bac52dca80: bind-key -r C-Up resize-pane -U (client -1)
> cmdq 0x16bac52dca80: bind-key -r C-Down resize-pane -D (client -1)
> cmdq 0x16bac52dca80: bind-key -r C-Left resize-pane -L (client -1)
> cmdq 0x16bac52dca80: bind-key -r C-Right resize-pane -R (client -1)
> socket path /tmp/tmux-1005/default
> new client 7
> loading /home/user/.tmux.conf
> /home/user/.tmux.conf: source-file .mytmuxconf
> cmdq 0x16ba6c017e80: source-file .mytmuxconf (client -1)
> loading .mytmuxconf
> .mytmuxconf: set-option -g repeat-time 200
> cmdq 0x16ba6c017580: set-option -g repeat-time 200 (client -1)
