Bug 1259036

Summary: bash double free or corruption (out)
Product: [Fedora] Fedora Reporter: Dusty Mabe <dustymabe>
Component: bashAssignee: Siteshwar Vashisht <svashisht>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: medium    
Version: 24CC: admiller, deekej, jpesco
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-12 09:58:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ABRT Dump after sending SIGABRT none

Description Dusty Mabe 2015-09-01 19:53:35 UTC 
Description of problem:

I was able to get my terminal to spit out a double free or corruption message. This is the last text from the screen:

<<<<<<<<<<<<
[dustymabe@media f22pandoc]$ ##systemctl start etcd.service kube-apiserver.service kube-controller-manager.service kubelet kube-proxy kube-scheduler 
*** Error in `bash': double free or corruption (out): 0x000055fa1df1f7d0 ***
>>>>>>>>>>>>

I'm not sure how I got this to happen but I do know I had recently hit the "home" key and added a new '#' to the beginning of the line. You can see two '#' characters on the line above.


I was able to attach to the process with gdb and I got this out:

<<<<<<<<<<<<
(gdb) bt
#0  0x00007f3de120ff90 in __read_nocancel () at ../sysdeps/unix/syscall-template.S:81
#1  0x000055788154ca05 in read (__nbytes=1, __buf=0x7fff62c7d2d7, __fd=<optimized out>)
    at /usr/include/bits/unistd.h:44
#2  rl_getc (stream=0x7f3de14d78e0 <_IO_2_1_stdin_>) at input.c:488
#3  0x000055788154d262 in rl_read_key () at input.c:462
#4  0x000055788154d2d5 in rl_read_key () at input.c:469
#5  0x0000557881537808 in readline_internal_char () at readline.c:611
#6  0x0000557881537f25 in readline_internal_charloop () at readline.c:676
#7  readline_internal () at readline.c:690
#8  e (prompt=<optimized out>) at readline.c:416
#9  0x00005578814c38e7 in yy_readline_get () at ./parse.y:1455
#10 0x00005578814c5a39 in yy_getc () at ./parse.y:1389
#11 shell_getc (remove_quoted_newline=1) at ./parse.y:2290
#12 0x00005578814c86f8 in read_token (command=0) at ./parse.y:3042
#13 0x00005578814cbcc9 in yylex () at ./parse.y:2644
#14 yyparse () at y.tab.c:1835
#15 0x00005578814c31cf in parse_command () at eval.c:239
#16 0x00005578814c3298 in read_command () at eval.c:283
#17 0x00005578814c347b in reader_loop () at eval.c:146
#18 0x00005578814c1f62 in main (argc=1, argv=0x7fff62c7e5c8, env=0x7fff62c7e5d8) at shell.c:766
>>>>>>>>>>>>


Version-Release number of selected component (if applicable):
[dustymabe@media ~]$ rpm -q bash && uname -r
bash-4.3.39-6.fc22.x86_64
4.1.5-200.fc22.x86_64
Comment 1 Dusty Mabe 2015-09-01 19:55:30 UTC 
Created attachment 1069126 [details]
ABRT Dump after sending SIGABRT
Comment 3 Fedora End Of Life 2016-07-19 17:45:25 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 4 David Kaspar // Dee'Kej 2016-07-20 10:21:48 UTC 
I'm reopening this BZ, because this is something we should look into at some point. At least see if can actually reproduce this or not.

Reason: Because of ownership transfer of bash that has happened this year, there was no time to look into all BZs properly...
Comment 5 Siteshwar Vashisht 2017-02-12 09:58:48 UTC 
This bug lacks reproducer. Also, I have rebased bash to version 4.4 in rawhide which might have already fixed it. Please reopen if this is still reproducible with bash-4.4.