On Sun, Oct 5, 2025 at 7:04 AM anonymous <[email protected]> wrote:
> I get a repeatable crash in bash on arch linux.
>
> These keypresses trigger the crash:
> C-r
> C-s
> Enter
> C-c
I can reproduce this on bash 5.3.0 but not 5.1.16 on Ubuntu 22.04. It
is indeed a double-free:
#0 _rl_scxt_dispose (cxt=cxt@entry=0x62265177b910,
flags=flags@entry=0) at isearch.c:122
#1 0x000062264a9b075e in _rl_isearch_cleanup (cxt=0x62265177b910,
r=r@entry=0) at isearch.c:894
#2 0x000062264a9b6e59 in _rl_state_sigcleanup () at signals.c:599
#3 0x000062264a9b6eb2 in rl_free_line_state () at signals.c:616
#4 0x000062264a9b70e2 in _rl_handle_signal (sig=2) at signals.c:221
#5 0x000062264a9b71d6 in _rl_signal_handler (sig=<optimized out>) at
signals.c:152
#6 0x000062264a9b7277 in _rl_release_sigint () at signals.c:680
#7 0x000062264a9b64a6 in rl_redisplay () at display.c:1712
#8 0x000062264a9b27b9 in rl_clear_message () at display.c:3194
#9 0x000062264a9af5ef in _rl_isearch_fini (cxt=0x62265177b910) at isearch.c:311
#10 0x000062264a9b0788 in _rl_isearch_cleanup
(cxt=cxt@entry=0x62265177b910, r=0) at isearch.c:893
#11 0x000062264a9b07d9 in rl_search_history (direction=<optimized
out>, invoking_key=<optimized out>)
at isearch.c:936
#12 0x000062264a9b07f1 in rl_reverse_search_history (sign=<optimized
out>, key=<optimized out>)
at isearch.c:135
#13 0x000062264a9a0f27 in _rl_dispatch_subseq (key=key@entry=18,
map=0x62264aa17540 <emacs_standard_keymap>,
got_subseq=got_subseq@entry=0) at readline.c:941
#14 0x000062264a9a154e in _rl_dispatch (key=key@entry=18,
map=<optimized out>) at readline.c:876
#15 0x000062264a9a17ca in readline_internal_char () at readline.c:690
#16 0x000062264a9a1a78 in readline_internal_charloop () at readline.c:737
#17 0x000062264a9a1a95 in readline_internal () at readline.c:749
#18 0x000062264a9a1e0b in readline (prompt=<optimized out>) at readline.c:387
#19 0x000062264a90a3ba in yy_readline_get () at ./parse.y:1679
#20 0x000062264a90a4c6 in yy_readline_get () at ./parse.y:1709
#21 0x000062264a909059 in yy_getc () at ./parse.y:1609
#22 0x000062264a90ca12 in shell_getc
(remove_quoted_newline=remove_quoted_newline@entry=1) at
./parse.y:2556
#23 0x000062264a911629 in read_token (command=command@entry=0) at ./parse.y:3618
#24 0x000062264a911f0b in yylex () at ./parse.y:3084
#25 0x000062264a912075 in yyparse () at y.tab.c:1912
#26 0x000062264a908a1c in parse_command () at eval.c:369
#27 0x000062264a908aed in read_command () at eval.c:414
#28 0x000062264a908e06 in reader_loop () at eval.c:147
#29 0x000062264a908801 in main (argc=1, argv=0x7ffcf91aab28,
env=0x7ffcf91aab38) at shell.c:834
_rl_isearch_cleanup (cxt=0x62265177b910, r=r@entry=0) at isearch.c:895
$24 = {type = -808464433, sflags = -808464433,
search_string = 0xcfcfcfcfcfcfcfcf <error: Cannot access memory at
address 0xcfcfcfcfcfcfcfcf>,
search_string_index = -808464433, search_string_size = -808464433,
lines = 0xcfcfcfcfcfcfcfcf,
allocated_line = 0xcfcfcfcfcfcfcfcf <error: Cannot access memory at
address 0xcfcfcfcfcfcfcfcf>,
hlen = -808464433, hindex = -808464433, save_point = -808464433,
save_mark = -808464433,
save_line = -808464433, last_found_line = -808464433,
prev_line_found = 0xcfcfcfcfcfcfcfcf <error: Cannot access memory at
address 0xcfcfcfcfcfcfcfcf>,
save_undo_list = 0xcfcfcfcfcfcfcfcf, keymap = 0xcfcfcfcfcfcfcfcf,
okeymap = 0xcfcfcfcfcfcfcfcf,
history_pos = -808464433, direction = -808464433, prevc =
-808464433, lastc = -808464433,
mb = '\317' <repeats 15 times>, <incomplete sequence \317>,
pmb = '\317' <repeats 15 times>, <incomplete sequence \317>,
sline = 0xcfcfcfcfcfcfcfcf <error: Cannot access memory at address
0xcfcfcfcfcfcfcfcf>,
sline_len = -808464433, sline_index = -808464433,
search_terminators = 0xcfcfcfcfcfcfcfcf <error: Cannot access memory
at address 0xcfcfcfcfcfcfcfcf>}
#0 _rl_scxt_dispose (cxt=cxt@entry=0x62265177b910,
flags=flags@entry=0) at isearch.c:122
#1 0x000062264a9b075e in _rl_isearch_cleanup
(cxt=cxt@entry=0x62265177b910, r=0) at isearch.c:894
#2 0x000062264a9b07d9 in rl_search_history (direction=<optimized
out>, invoking_key=<optimized out>)
at isearch.c:936
#3 0x000062264a9b07f1 in rl_reverse_search_history (sign=<optimized
out>, key=<optimized out>)
at isearch.c:135
#4 0x000062264a9a0f27 in _rl_dispatch_subseq (key=key@entry=18,
map=0x62264aa17540 <emacs_standard_keymap>,
got_subseq=got_subseq@entry=0) at readline.c:941
#5 0x000062264a9a154e in _rl_dispatch (key=key@entry=18,
map=<optimized out>) at readline.c:876
#6 0x000062264a9a17ca in readline_internal_char () at readline.c:690
#7 0x000062264a9a1a78 in readline_internal_charloop () at readline.c:737
#8 0x000062264a9a1a95 in readline_internal () at readline.c:749
#9 0x000062264a9a1e0b in readline (prompt=<optimized out>) at readline.c:387
#10 0x000062264a90a3ba in yy_readline_get () at ./parse.y:1679
#11 0x000062264a90a4c6 in yy_readline_get () at ./parse.y:1709
#12 0x000062264a909059 in yy_getc () at ./parse.y:1609
#13 0x000062264a90ca12 in shell_getc
(remove_quoted_newline=remove_quoted_newline@entry=1) at
./parse.y:2556
#14 0x000062264a911629 in read_token (command=command@entry=0) at ./parse.y:3618
#15 0x000062264a911f0b in yylex () at ./parse.y:3084
#16 0x000062264a912075 in yyparse () at y.tab.c:1912
#17 0x000062264a908a1c in parse_command () at eval.c:369
#18 0x000062264a908aed in read_command () at eval.c:414
#19 0x000062264a908e06 in reader_loop () at eval.c:147
#20 0x000062264a908801 in main (argc=1, argv=0x7ffcf91aab28,
env=0x7ffcf91aab38) at shell.c:834
Program received signal SIGSEGV, Segmentation fault.
internal_free (mem=0xcfcfcfcfcfcfcfcf, file=file@entry=0x0,
line=line@entry=0, flags=flags@entry=0) at malloc.c:946
termsig_sighandler (sig=11) at sig.c:507
