Configuration Information [Automatically generated, do not change]: Machine: x86_64 OS: linux-gnu Compiler: gcc Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-unknown-linux-gnu' -DCONF_VENDOR='unknown' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL -DHAVE_CONFIG_H -I. -I. -I./include -I./lib -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -DDEFAULT_PATH_VALUE='/usr/local/sbin:/usr/local/bin:/usr/bin' -DSTANDARD_UTILS_PATH='/usr/bin' -DSYS_BASHRC='/etc/bash.bashrc' -DSYS_BASH_LOGOUT='/etc/bash.bash_logout' uname output: Linux ranger 3.14.51-1-lts #1 SMP Mon Aug 17 19:21:08 CEST 2015 x86_64 GNU/Linux Machine Type: x86_64-unknown-linux-gnu
Bash Version: 4.3
Patch Level: 39
Release Status: release
Description:
First bash crashed while trying to cancel the autocomplete of
the contents of a directory which included an unavailable nfs
mountpoint (/mnt/nfs):
1. Mount NFS volume on /mnt/nfs while on wifi
2. Plugged ethernet cable
3. NFS volume is not available, must [force] unmount
4. Type "umount /mnt/<TAB>" to autocomplete
5. System tries to read directories again, takes a lot of time
6. Press <Ctrl+C> repeatedly to cancel autocompletion.
7. Bash succeds in showing the subdirectories of /mnt, but then
crashes
# umount -f /mnt/<TAB><Ctrl+C><Ctrl+C><Ctrl+C><Ctrl+C>
iso/ nfs usb/
# umount -f /mnt/^C*** Error in `-bash': double free or
corruption (fasttop): 0x0000000000e6a160 ***
[ see attached trace1 for details ]
Repeat-By:
Does not always happen exactly like this, but this situation
(broken nfs mount) allows to trigger bash to crash:
# umount /mnt/<TAB>
iso/ nfs usb/
# umount /mnt/^C^C [no crash]
# ls /mn<TAB>*** Error in `-bash': corrupted double-linked list:
0x000000000241c440 ***
[ see attached trace2 for details ]
--
Bart Polot
# umount -f /mnt/<TAB>
iso/ nfs usb/
# umount -f /mnt/^C*** Error in `-bash': double free or corruption
(fasttop): 0x0000000000e6a160 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x72055)[0x7f4f0f756055]
/usr/lib/libc.so.6(+0x779a6)[0x7f4f0f75b9a6]
/usr/lib/libc.so.6(+0x7818e)[0x7f4f0f75c18e]
/usr/lib/libreadline.so.6(rl_complete_internal+0x204)[0x7f4f0ff10e94]
/usr/lib/libreadline.so.6(_rl_dispatch_subseq+0x248)[0x7f4f0ff07fa8]
/usr/lib/libreadline.so.6(readline_internal_char+0x9e)[0x7f4f0ff0844e]
/usr/lib/libreadline.so.6(readline+0x55)[0x7f4f0ff08b85]
-bash[0x41ad54]
-bash[0x41ce69]
-bash[0x41fa7a]
-bash(yyparse+0x379)[0x422fd9]
-bash(parse_command+0x5b)[0x41a69b]
-bash(read_command+0x58)[0x41a768]
-bash(reader_loop+0x119)[0x41a949]
-bash(main+0xe66)[0x419446]
/usr/lib/libc.so.6(__libc_start_main+0xf0)[0x7f4f0f704610]
-bash(_start+0x29)[0x419ba9]
======= Memory map: ========
00400000-004bd000 r-xp 00000000 08:05 1253649
/usr/bin/bash
006bc000-006bd000 r--p 000bc000 08:05 1253649
/usr/bin/bash
006bd000-006c1000 rw-p 000bd000 08:05 1253649
/usr/bin/bash
006c1000-006cb000 rw-p 00000000 00:00 0
00e05000-00e89000 rw-p 00000000 00:00 0
[heap]
7f4f08000000-7f4f08021000 rw-p 00000000 00:00 0
7f4f08021000-7f4f0c000000 ---p 00000000 00:00 0
7f4f0ef78000-7f4f0ef8e000 r-xp 00000000 08:05 1179879
/usr/lib/libgcc_s.so.1
7f4f0ef8e000-7f4f0f18d000 ---p 00016000 08:05 1179879
/usr/lib/libgcc_s.so.1
7f4f0f18d000-7f4f0f18e000 rw-p 00015000 08:05 1179879
/usr/lib/libgcc_s.so.1
7f4f0f18e000-7f4f0f4d2000 r--p 00000000 08:05 1283952
/usr/lib/locale/locale-archive
7f4f0f4d2000-7f4f0f4dd000 r-xp 00000000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f4f0f4dd000-7f4f0f6dc000 ---p 0000b000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f4f0f6dc000-7f4f0f6dd000 r--p 0000a000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f4f0f6dd000-7f4f0f6de000 rw-p 0000b000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f4f0f6de000-7f4f0f6e4000 rw-p 00000000 00:00 0
7f4f0f6e4000-7f4f0f87f000 r-xp 00000000 08:05 1182757
/usr/lib/libc-2.22.so
7f4f0f87f000-7f4f0fa7e000 ---p 0019b000 08:05 1182757
/usr/lib/libc-2.22.so
7f4f0fa7e000-7f4f0fa82000 r--p 0019a000 08:05 1182757
/usr/lib/libc-2.22.so
7f4f0fa82000-7f4f0fa84000 rw-p 0019e000 08:05 1182757
/usr/lib/libc-2.22.so
7f4f0fa84000-7f4f0fa88000 rw-p 00000000 00:00 0
7f4f0fa88000-7f4f0fa8b000 r-xp 00000000 08:05 1206496
/usr/lib/libdl-2.22.so
7f4f0fa8b000-7f4f0fc8a000 ---p 00003000 08:05 1206496
/usr/lib/libdl-2.22.so
7f4f0fc8a000-7f4f0fc8b000 r--p 00002000 08:05 1206496
/usr/lib/libdl-2.22.so
7f4f0fc8b000-7f4f0fc8c000 rw-p 00003000 08:05 1206496
/usr/lib/libdl-2.22.so
7f4f0fc8c000-7f4f0fceb000 r-xp 00000000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f4f0fceb000-7f4f0feeb000 ---p 0005f000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f4f0feeb000-7f4f0feef000 r--p 0005f000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f4f0feef000-7f4f0fef1000 rw-p 00063000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f4f0fef1000-7f4f0ff32000 r-xp 00000000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f4f0ff32000-7f4f10132000 ---p 00041000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f4f10132000-7f4f10134000 r--p 00041000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f4f10134000-7f4f1013b000 rw-p 00043000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f4f1013b000-7f4f1013c000 rw-p 00000000 00:00 0
7f4f1013c000-7f4f1015e000 r-xp 00000000 08:05 1182756
/usr/lib/ld-2.22.so
7f4f1031d000-7f4f10322000 rw-p 00000000 00:00 0
7f4f1035b000-7f4f1035d000 rw-p 00000000 00:00 0
7f4f1035d000-7f4f1035e000 r--p 00021000 08:05 1182756
/usr/lib/ld-2.22.so
7f4f1035e000-7f4f1035f000 rw-p 00022000 08:05 1182756
/usr/lib/ld-2.22.so
7f4f1035f000-7f4f10360000 rw-p 00000000 00:00 0
7ffe233b6000-7ffe233d7000 rw-p 00000000 00:00 0
[stack]
7ffe233e6000-7ffe233e8000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Aborted (core dumped)
[login back]
# coredumpctl gdb 4069
PID: 4069 (bash)
UID: 0 (root)
GID: 0 (root)
Signal: 6 (ABRT)
Timestamp: Fri 2015-09-11 15:36:39 CEST (5min ago)
Command Line: -bash
Executable: /usr/bin/bash
Control Group: /user.slice/user-1000.slice/session-c1.scope
Unit: session-c1.scope
Slice: user-1000.slice
Session: c1
Owner UID: 1000 (bart)
Boot ID: 0de80467e044462ca04bb79ac71a0a38
Machine ID: 416e74c91e6c24b83980945700000434
Hostname: ranger
Coredump:
/var/lib/systemd/coredump/core.bash.0.0de80467e044462ca04bb79ac71a0a38.4069.1441978599000000.lz4
Message: Process 4069 (bash) of user 0 dumped core.
GNU gdb (GDB) 7.10
Reading symbols from /usr/bin/bash...(no debugging symbols
found)...done.
[New LWP 4069]
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
Core was generated by `-bash'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f4f0f7175f8 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0 0x00007f4f0f7175f8 in raise () from /usr/lib/libc.so.6
#1 0x00007f4f0f718b67 in abort () from /usr/lib/libc.so.6
#2 0x00007f4f0f75605a in __libc_message () from /usr/lib/libc.so.6
#3 0x00007f4f0f75b9a6 in malloc_printerr () from /usr/lib/libc.so.6
#4 0x00007f4f0f75c18e in _int_free () from /usr/lib/libc.so.6
#5 0x00007f4f0ff10e94 in rl_complete_internal () from
/usr/lib/libreadline.so.6
#6 0x00007f4f0ff07fa8 in _rl_dispatch_subseq () from
/usr/lib/libreadline.so.6
#7 0x00007f4f0ff0844e in readline_internal_char () from
/usr/lib/libreadline.so.6
#8 0x00007f4f0ff08b85 in readline () from /usr/lib/libreadline.so.6
#9 0x000000000041ad54 in ?? ()
#10 0x000000000041ce69 in ?? ()
#11 0x000000000041fa7a in ?? ()
#12 0x0000000000422fd9 in yyparse ()
#13 0x000000000041a69b in parse_command ()
#14 0x000000000041a768 in read_command ()
#15 0x000000000041a949 in reader_loop ()
#16 0x0000000000419446 in main ()
[root@ranger ~]# ls /mn*** Error in `-bash': corrupted double-linked
list: 0x000000000241c440 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x72055)[0x7f8cdf62c055]
/usr/lib/libc.so.6(+0x779a6)[0x7f8cdf6319a6]
/usr/lib/libc.so.6(+0x77c39)[0x7f8cdf631c39]
/usr/lib/libc.so.6(+0x798a0)[0x7f8cdf6338a0]
/usr/lib/libc.so.6(__libc_malloc+0x54)[0x7f8cdf6353d4]
/usr/lib/libc.so.6(+0xb4751)[0x7f8cdf66e751]
/usr/lib/libc.so.6(+0xb4853)[0x7f8cdf66e853]
/usr/lib/libc.so.6(opendir+0x52)[0x7f8cdf66e9a2]
/usr/lib/libreadline.so.6(rl_filename_completion_function+0x177)[0x7f8cdfde5457]
/usr/lib/libreadline.so.6(rl_completion_matches+0x96)[0x7f8cdfde6af6]
/usr/lib/libreadline.so.6(+0x1fc36)[0x7f8cdfde6c36]
/usr/lib/libreadline.so.6(rl_complete_internal+0x132)[0x7f8cdfde6dc2]
/usr/lib/libreadline.so.6(_rl_dispatch_subseq+0x248)[0x7f8cdfdddfa8]
/usr/lib/libreadline.so.6(readline_internal_char+0x9e)[0x7f8cdfdde44e]
/usr/lib/libreadline.so.6(readline+0x55)[0x7f8cdfddeb85]
-bash[0x41ad54]
-bash[0x41ce69]
-bash[0x41fa7a]
-bash(yyparse+0x379)[0x422fd9]
-bash(parse_command+0x5b)[0x41a69b]
-bash(read_command+0x58)[0x41a768]
-bash(reader_loop+0x119)[0x41a949]
-bash(main+0xe66)[0x419446]
/usr/lib/libc.so.6(__libc_start_main+0xf0)[0x7f8cdf5da610]
-bash(_start+0x29)[0x419ba9]
======= Memory map: ========
00400000-004bd000 r-xp 00000000 08:05 1253649
/usr/bin/bash
006bc000-006bd000 r--p 000bc000 08:05 1253649
/usr/bin/bash
006bd000-006c1000 rw-p 000bd000 08:05 1253649
/usr/bin/bash
006c1000-006cb000 rw-p 00000000 00:00 0
023b7000-0243b000 rw-p 00000000 00:00 0
[heap]
7f8cd8000000-7f8cd8021000 rw-p 00000000 00:00 0
7f8cd8021000-7f8cdc000000 ---p 00000000 00:00 0
7f8cdee4e000-7f8cdee64000 r-xp 00000000 08:05 1179879
/usr/lib/libgcc_s.so.1
7f8cdee64000-7f8cdf063000 ---p 00016000 08:05 1179879
/usr/lib/libgcc_s.so.1
7f8cdf063000-7f8cdf064000 rw-p 00015000 08:05 1179879
/usr/lib/libgcc_s.so.1
7f8cdf064000-7f8cdf3a8000 r--p 00000000 08:05 1283952
/usr/lib/locale/locale-archive
7f8cdf3a8000-7f8cdf3b3000 r-xp 00000000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f8cdf3b3000-7f8cdf5b2000 ---p 0000b000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f8cdf5b2000-7f8cdf5b3000 r--p 0000a000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f8cdf5b3000-7f8cdf5b4000 rw-p 0000b000 08:05 1205750
/usr/lib/libnss_files-2.22.so
7f8cdf5b4000-7f8cdf5ba000 rw-p 00000000 00:00 0
7f8cdf5ba000-7f8cdf755000 r-xp 00000000 08:05 1182757
/usr/lib/libc-2.22.so
7f8cdf755000-7f8cdf954000 ---p 0019b000 08:05 1182757
/usr/lib/libc-2.22.so
7f8cdf954000-7f8cdf958000 r--p 0019a000 08:05 1182757
/usr/lib/libc-2.22.so
7f8cdf958000-7f8cdf95a000 rw-p 0019e000 08:05 1182757
/usr/lib/libc-2.22.so
7f8cdf95a000-7f8cdf95e000 rw-p 00000000 00:00 0
7f8cdf95e000-7f8cdf961000 r-xp 00000000 08:05 1206496
/usr/lib/libdl-2.22.so
7f8cdf961000-7f8cdfb60000 ---p 00003000 08:05 1206496
/usr/lib/libdl-2.22.so
7f8cdfb60000-7f8cdfb61000 r--p 00002000 08:05 1206496
/usr/lib/libdl-2.22.so
7f8cdfb61000-7f8cdfb62000 rw-p 00003000 08:05 1206496
/usr/lib/libdl-2.22.so
7f8cdfb62000-7f8cdfbc1000 r-xp 00000000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f8cdfbc1000-7f8cdfdc1000 ---p 0005f000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f8cdfdc1000-7f8cdfdc5000 r--p 0005f000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f8cdfdc5000-7f8cdfdc7000 rw-p 00063000 08:05 1178504
/usr/lib/libncursesw.so.5.9
7f8cdfdc7000-7f8cdfe08000 r-xp 00000000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f8cdfe08000-7f8ce0008000 ---p 00041000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f8ce0008000-7f8ce000a000 r--p 00041000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f8ce000a000-7f8ce0011000 rw-p 00043000 08:05 1184143
/usr/lib/libreadline.so.6.3
7f8ce0011000-7f8ce0012000 rw-p 00000000 00:00 0
7f8ce0012000-7f8ce0034000 r-xp 00000000 08:05 1182756
/usr/lib/ld-2.22.so
7f8ce01f3000-7f8ce01f8000 rw-p 00000000 00:00 0
7f8ce0231000-7f8ce0233000 rw-p 00000000 00:00 0
7f8ce0233000-7f8ce0234000 r--p 00021000 08:05 1182756
/usr/lib/ld-2.22.so
7f8ce0234000-7f8ce0235000 rw-p 00022000 08:05 1182756
/usr/lib/ld-2.22.so
7f8ce0235000-7f8ce0236000 rw-p 00000000 00:00 0
7ffe2a479000-7ffe2a49a000 rw-p 00000000 00:00 0
[stack]
7ffe2a554000-7ffe2a556000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Aborted (core dumped)
[login back]
[root@ranger ~]# coredumpctl gdb 5300
PID: 5300 (bash)
UID: 0 (root)
GID: 0 (root)
Signal: 6 (ABRT)
Timestamp: Fri 2015-09-11 16:15:23 CEST (2min 41s ago)
Command Line: -bash
Executable: /usr/bin/bash
Control Group: /user.slice/user-1000.slice/session-c1.scope
Unit: session-c1.scope
Slice: user-1000.slice
Session: c1
Owner UID: 1000 (bart)
Boot ID: 0de80467e044462ca04bb79ac71a0a38
Machine ID: 416e74c91e6c24b83980945700000434
Hostname: ranger
Coredump:
/var/lib/systemd/coredump/core.bash.0.0de80467e044462ca04bb79ac71a0a38.5300.1441980923000000.lz4
Message: Process 5300 (bash) of user 0 dumped core.
GNU gdb (GDB) 7.10
Reading symbols from /usr/bin/bash...(no debugging symbols
found)...done.
[New LWP 5300]
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
Core was generated by `-bash'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f8cdf5ed5f8 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0 0x00007f8cdf5ed5f8 in raise () from /usr/lib/libc.so.6
#1 0x00007f8cdf5eeb67 in abort () from /usr/lib/libc.so.6
#2 0x00007f8cdf62c05a in __libc_message () from /usr/lib/libc.so.6
#3 0x00007f8cdf6319a6 in malloc_printerr () from /usr/lib/libc.so.6
#4 0x00007f8cdf631c39 in malloc_consolidate () from /usr/lib/libc.so.6
#5 0x00007f8cdf6338a0 in _int_malloc () from /usr/lib/libc.so.6
#6 0x00007f8cdf6353d4 in malloc () from /usr/lib/libc.so.6
#7 0x00007f8cdf66e751 in __alloc_dir () from /usr/lib/libc.so.6
#8 0x00007f8cdf66e853 in opendir_tail () from /usr/lib/libc.so.6
#9 0x00007f8cdf66e9a2 in opendir () from /usr/lib/libc.so.6
#10 0x00007f8cdfde5457 in rl_filename_completion_function () from
/usr/lib/libreadline.so.6
#11 0x00007f8cdfde6af6 in rl_completion_matches () from
/usr/lib/libreadline.so.6
#12 0x00007f8cdfde6c36 in gen_completion_matches () from
/usr/lib/libreadline.so.6
#13 0x00007f8cdfde6dc2 in rl_complete_internal () from
/usr/lib/libreadline.so.6
#14 0x00007f8cdfdddfa8 in _rl_dispatch_subseq () from
/usr/lib/libreadline.so.6
#15 0x00007f8cdfdde44e in readline_internal_char () from
/usr/lib/libreadline.so.6
#16 0x00007f8cdfddeb85 in readline () from /usr/lib/libreadline.so.6
#17 0x000000000041ad54 in ?? ()
#18 0x000000000041ce69 in ?? ()
#19 0x000000000041fa7a in ?? ()
#20 0x0000000000422fd9 in yyparse ()
#21 0x000000000041a69b in parse_command ()
#22 0x000000000041a768 in read_command ()
#23 0x000000000041a949 in reader_loop ()
#24 0x0000000000419446 in main ()
signature.asc
Description: OpenPGP digital signature
