[BUG] Bash tool returns empty output on RHEL 9 native Linux binary, shell snapshot never written
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Claude Code's Bash tool runs commands but never captures stdout. Every bash invocation returns (No output) in the tool result. Claude then either hallucinates a plausible output or reports "command ran but produced no visible output."
Verified not-a-hallucination via impossible-to-guess probes:
● Bash(echo $$) ⎿ (No output)
● Bash(bash -c 'echo $$') ⎿ (No output)
● Bash(printf "%s\n" "$$") ⎿ (No output)
● Bash(ps -p $$ -o pid=) ⎿ (No output)
● Bash(date +%N) ⎿ (No output)
Smoking gun: strace evidence
Claude's debug log claims it creates the shell snapshot:
[DEBUG] Creating shell snapshot for bash (/bin/bash)
[DEBUG] Creating snapshot at: /home/fusar/.claude/shell-snapshots/snapshot-bash-1776959539381-pdqbh0.sh
[DEBUG] Shell snapshot file not found after creation: /home/fusar/.claude/shell-snapshots/snapshot-bash-1776959539381-pdqbh0.sh
strace during the same operation:
statx(AT_FDCWD, "/home/fusar/.claude/shell-snapshots/snapshot-bash-1776959846377-lvbzw3.sh", AT_STATX_SYNC_AS_STAT, STATX_ALL, ...) = -1 ENOENT
There is no corresponding openat(..., O_WRONLY|O_CREAT, ...) for that snapshot path anywhere in the trace. Claude logs the intent, does statx to verify, finds ENOENT (because nothing was written), and falls through without writing.
Independently verified with inotifywait -m ~/.claude/shell-snapshots/ attached during a repro: zero filesystem events over the entire Claude invocation. The binary never issues a write syscall for the snapshot file.
Since the shell snapshot appears to be a prerequisite for the Bash tool's stdout pipe plumbing, every subsequent bash call returns empty.
Ruled out
| Hypothesis | Test | Result |
|---|---|---|
| Corrupted install | Full wipe + clean native reinstall | Persists |
| Missing sandbox deps | Installed bubblewrap + socat | No change |
| Sandbox blocking stdout | All sandbox-disable flags set; env CLAUDE_CODE_SANDBOX_DISABLED=1, DISABLE_SANDBOX=1; strace shows no execve of bwrap | No change |
| SELinux | getenforce=Enforcing; ausearch -m AVC empty; setenforce 0 permissive — no change | Ruled out |
| Managed policy | No /etc/claude-code/managed-settings.json | Ruled out |
| .bashrc pollution | Replaced with empty file | Persists |
| HOME corruption | env -i HOME=/tmp/newdir fresh dir, empty ~/.claude | Persists |
| Disk/quota | 31 GB free, no user quota, manual touch in snapshots dir works | Ruled out |
| Version regression | 2.1.108 and 2.1.118 | Both fail identically |
| Auth | /status confirms Max OAuth, no ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN in env | Clean |
Settings.json in use (confirmed opened + parsed via strace)
{
"autoUpdates": false,
"sandbox": {
"enabled": false,
"autoAllowBashIfSandboxed": false,
"failIfUnavailable": false
},
"autoAllowBashIfSandboxed": false,
"dangerouslyDisableSandbox": true
}
Possibly relevant (not conclusive)
Our institutional IT tested the same host with a different Anthropic account via API-key auth and reports the Bash tool works correctly. Weak signal (three variables changed at once), but combined with recent Linux OAuth-specific issues (#48079, #44092, #44930, #33811, #33879 — those manifest as 401s, not empty bash output), worth flagging that OAuth-Max-on-Linux may be involved.
Impact
Bash tool completely unusable on this host for all users on our lab's Claude Max subscriptions (5+ affected). Users see confident-sounding hallucinated output instead of real command results — actively harmful in coding/sysadmin workflows.
What Should Happen?
The Bash tool should capture stdout/stderr from executed commands and return it in the tool result, as it does on macOS and other Linux hosts.
Concrete example: running echo $$ via the Bash tool should return the actual PID of the shell subprocess, not (No output).
Error Messages/Logs
From ~/.claude/debug/latest:
[DEBUG] Creating shell snapshot for bash (/bin/bash)
[DEBUG] Looking for shell config file: /home/fusar/.bashrc
[DEBUG] Creating snapshot at: /home/fusar/.claude/shell-snapshots/snapshot-bash-1776959539381-pdqbh0.sh
[DEBUG] Shell snapshot file not found after creation: /home/fusar/.claude/shell-snapshots/snapshot-bash-1776959539381-pdqbh0.sh
strace excerpt (no openat with O_CREAT|O_WRONLY for the snapshot path anywhere in the full trace):
statx(AT_FDCWD, "/home/fusar/.claude/shell-snapshots/snapshot-bash-1776959846377-lvbzw3.sh", AT_STATX_SYNC_AS_STAT, STATX_ALL, ...) = -1 ENOENT (No such file or directory)
No error messages surfaced to the user — the Bash tool result is simply "(No output)".
Steps to Reproduce
- On a RHEL 9 host, install Node 20:
````
sudo dnf module install -y nodejs:20
- Install sandbox dependencies:
````
sudo dnf install -y bubblewrap socat
- Install Claude Code:
````
curl -fsSL https://claude.ai/install.sh | bash -s -- stable
- Authenticate with a Claude Max 20x subscription via OAuth browser flow:
````
claude /login
- Create a minimal settings file disabling every sandbox flag:
``bash``
cat > ~/.claude/settings.json <<'EOF'
{
"sandbox": {"enabled": false, "autoAllowBashIfSandboxed": false, "failIfUnavailable": false},
"dangerouslyDisableSandbox": true
}
EOF
- Run a command that requires the Bash tool and cannot be hallucinated:
````
claude -p "Use the Bash tool to run: echo \$\$"
- Observed: tool result is
(No output). Claude then hallucinates or reports "no visible output."
- Expected: tool result contains the numeric PID printed by the shell.
To verify the strace finding
strace -f -e trace=openat,write,unlink,rename -o /tmp/st.log \
claude -p "Use Bash tool to run: echo hello"
grep -E "snapshot-bash.*\.sh" /tmp/st.log
Returns only statx entries with ENOENT. No openat with O_CREAT|O_WRONLY for the snapshot path is ever issued by Claude's process.
To verify no filesystem events occur at all
inotifywait -m ~/.claude/shell-snapshots/ -e create -e modify -e moved_to -e delete &
claude -p "Use Bash tool to run: echo hello"
inotifywait reports zero events during the entire Claude invocation.
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.118
Platform
Anthropic API
Operating System
Other Linux
Terminal/Shell
VS Code integrated terminal
Additional Information
Environment
| Item | Value |
|---|---|
| OS | RHEL 9 |
| Arch | linux-x64 |
| Host | EPFL research server (shared, multi-user) |
| Filesystem for $HOME | XFS on LVM (/dev/mapper/vg1-root), rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota |
| SELinux | Enforcing — no AVC denials during repro |
| Node | v20.20.2 (dnf module install nodejs:20) |
| bwrap | /usr/bin/bwrap |
| socat | /usr/bin/socat |
| Install method | native installer from https://claude.ai/install.sh |
| Auth | Claude Max 20x OAuth (/status confirms "Login method: Claude Max account"); no ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN in env |
| DISABLE_AUTOUPDATER | 1 — set after 2.1.108 silently upgraded to 2.1.118 within ~20 minutes despite autoUpdates: false in settings |
All installs cleaned and reinstalled today following the wipe-and-reinstall procedure. Bug reproduces on all affected users. IT confirmed it is not an install corruption issue.
Timeline
Bug appeared after our institution's /home partition (where ~/.claude and the binary live) filled to 100% earlier in the week. Space has been freed (31 GB available at time of investigation). Bug persisted identically after:
- disk freed,
- full wipe of all Claude Code state and binaries across all affected users,
- clean native reinstall of both stable (2.1.108) and latest (2.1.118).
Artefacts available on request
- Full strace traces (
openat/write/execve/clonefilters over three repro runs) ~/.claude/debug/latestwith "Shell snapshot file not found" messages- Detailed investigation report covering every hypothesis tested, with commands and outputs
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗