Package: bash Version: 4.4-5 Severity: normal Dear maintainers,
I'm experiencing segmentation faults in bash. This only happens when I try to use completion, but not every time. That is, completion works most of the time but in one of the 1000 attempts (maybe more) it crashes. I do not have a reliable way of reproducing, however there are certain conditions that increase the chances of crashing: 1) A session must be running long enough, typically days. Tens if not hundreds of commands are entered. 2) A crash more often happens in deeply nested directories with long names. 3) I have a fairly elaborate .bashrc with lots of helper functions, git-prompt, etc, etc. I'm attaching a backtrace. To me it looks like some kind of corrupted heap. Thoughts? -- System Information: Debian Release: 9.5 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable'), (50, 'testing'), (49, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-0.bpo.2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages bash depends on: ii base-files 9.9+deb9u5 ii dash 0.5.8-2.4 ii debianutils 4.8.1.1 ii libc6 2.24-11+deb9u3 ii libtinfo5 6.0+20161126-1+deb9u2 Versions of packages bash recommends: ii bash-completion 1:2.1-4.3 Versions of packages bash suggests: ii bash-doc 4.4-5 -- no debconf information
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /bin/bash...Reading symbols from /usr/lib/debug/.build-id/4b/e0cc32aba02ec4e0f010047be5ae9dee756960.debug...done. done. [New LWP 32629] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `bash'. Program terminated with signal SIGSEGV, Segmentation fault. #0 internal_free (mem=0x1d3d018, file=0x4cc198 ".././dispose_cmd.c", line=249, flags=<optimized out>) at ../../.././lib/malloc/malloc.c:863 863 ../../.././lib/malloc/malloc.c: No such file or directory. #0 internal_free (mem=0x1d3d018, file=0x4cc198 ".././dispose_cmd.c", line=249, flags=<optimized out>) at ../../.././lib/malloc/malloc.c:863 #1 0x0000000000435bcd in dispose_word (w=0x1cdce68) at .././dispose_cmd.c:249 #2 0x0000000000435d8f in dispose_words (list=0x1c936a8) at .././dispose_cmd.c:273 #3 0x000000000043608d in dispose_command (command=0x1cd32c8) at .././dispose_cmd.c:152 #4 0x00000000004360bd in dispose_command (command=0x1cccbc8) at .././dispose_cmd.c:163 #5 0x00000000004360bd in dispose_command (command=0x1c36ec8) at .././dispose_cmd.c:163 #6 0x00000000004360bd in dispose_command (command=0x1c3ba08) at .././dispose_cmd.c:163 #7 0x00000000004360bd in dispose_command (command=0x1c7c808) at .././dispose_cmd.c:163 #8 0x00000000004360fd in dispose_command (command=0x1cdbc88) at .././dispose_cmd.c:83 #9 0x0000000000465b58 in unwind_frame_run_internal (tag=0x4cc3ac "function_calling", ignore=0x0) at .././unwind_prot.c:333 #10 0x0000000000465f80 in without_interrupts (arg2=0x0, arg1=0x4cc3ac "function_calling", function=<optimized out>) at .././unwind_prot.c:123 #11 run_unwind_frame (tag=tag@entry=0x4cc3ac "function_calling") at .././unwind_prot.c:151 #12 0x000000000043d770 in execute_function (var=var@entry=0x1ae1648, flags=flags@entry=0, fds_to_close=fds_to_close@entry=0x1c95ce8, async=async@entry=0, subshell=subshell@entry=0, words=<optimized out>) at .././execute_cmd.c:4812 #13 0x000000000043ddda in execute_shell_function (var=var@entry=0x1ae1648, words=words@entry=0x1cca6a8) at .././execute_cmd.c:4848 #14 0x000000000047da77 in gen_shell_function_matches (cs=0x1ce1e88, nw=<optimized out>, foundp=<synthetic pointer>, cw=<optimized out>, lwords=0x1cdcea8, ind=21, line=0x1c8f188 "grep -n AV1 src/core/", text=0x1cd8da8 "src/core/", cmd=0x1c931a8 "grep") at .././pcomplete.c:1149 #15 gen_compspec_completions (cs=cs@entry=0x1ce1e88, cmd=cmd@entry=0x1c931a8 "grep", word=word@entry=0x1cd8da8 "src/core/", start=start@entry=0, end=end@entry=21, foundp=foundp@entry=0x7fff332e76e8) at .././pcomplete.c:1416 #16 0x000000000047e407 in gen_progcomp_completions (ocmd=ocmd@entry=0x1c931a8 "grep", cmd=cmd@entry=0x1c931a8 "grep", word=word@entry=0x1cd8da8 "src/core/", start=start@entry=0, end=end@entry=21, foundp=foundp@entry=0x7fff332e76e8, retryp=0x7fff332e76ec, lastcs=0x7fff332e76f0) at .././pcomplete.c:1588 #17 0x000000000047e5c3 in programmable_completions (cmd=cmd@entry=0x1c931a8 "grep", word=word@entry=0x1cd8da8 "src/core/", start=start@entry=0, end=end@entry=21, foundp=foundp@entry=0x7fff332e7764) at .././pcomplete.c:1631 #18 0x00000000004774d2 in attempt_shell_completion (text=0x1cd8da8 "src/core/", start=12, end=21) at .././bashline.c:1577 #19 0x00000000004af458 in gen_completion_matches (text=0x1cd8da8 "src/core/", start=<optimized out>, end=<optimized out>, our_func=0x4ad6c0 <rl_filename_completion_function>, found_quote=<optimized out>, quote_char=<optimized out>) at ../../.././lib/readline/complete.c:1232 #20 0x00000000004af602 in rl_complete_internal (what_to_do=9) at ../../.././lib/readline/complete.c:2058 #21 0x00000000004a6509 in _rl_dispatch_subseq (key=9, map=0x70a980 <emacs_standard_keymap>, got_subseq=0) at ../../.././lib/readline/readline.c:859 #22 0x00000000004a69c7 in _rl_dispatch (map=<optimized out>, key=<optimized out>) at ../../.././lib/readline/readline.c:802 #23 readline_internal_char () at ../../.././lib/readline/readline.c:629 #24 0x00000000004a7145 in readline_internal_charloop () at ../../.././lib/readline/readline.c:656 #25 readline_internal () at ../../.././lib/readline/readline.c:670 #26 readline (prompt=<optimized out>) at ../../.././lib/readline/readline.c:376 #27 0x0000000000423555 in yy_readline_get () at /usr/homes/chet/src/bash/src/parse.y:1456 #28 0x0000000000425b0e in yy_getc () at /usr/homes/chet/src/bash/src/parse.y:1390 #29 shell_getc (remove_quoted_newline=1) at /usr/homes/chet/src/bash/src/parse.y:2299 #30 0x0000000000428dca in read_token (command=0) at /usr/homes/chet/src/bash/src/parse.y:3115 #31 0x000000000042c781 in yylex () at /usr/homes/chet/src/bash/src/parse.y:2675 #32 yyparse () at y.tab.c:1834 #33 0x0000000000422dcf in parse_command () at .././eval.c:261 #34 0x0000000000422ed8 in read_command () at .././eval.c:305 #35 0x00000000004230bb in reader_loop () at .././eval.c:149 #36 0x0000000000421d4e in main (argc=1, argv=0x7fff332e8b58, env=0x7fff332e8b68) at .././shell.c:792
