Bug 1398029 - tar segmentation fault
Summary: tar segmentation fault
Keywords:
Status: CLOSED DUPLICATE of bug 1115890
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: tar
Version: 7.3
Hardware: aarch64
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Pavel Raiskup
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-23 22:29 UTC by Christopher Covington
Modified: 2016-11-24 06:37 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-24 06:37:11 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Christopher Covington 2016-11-23 22:29:19 UTC 
Description of problem:
When the --dereference or -h option is used and tar encounters a loop/cycle symlink, a segmentation violation results.

Version-Release number of selected component (if applicable):
tar (GNU tar) 1.26

How reproducible:
100%

Steps to Reproduce:
mkdir /tmp/test
ln -s . /tmp/test/link
tar chf /dev/null /tmp/test

Actual Results:

[12343.081585] tar[7711]: unhandled level 3 translation fault (11) at 0x3ffc916ffe0, esr 0x92000047
[12343.090444] pgd = fffffe07dcac0000
[12343.093881] [3ffc916ffe0] *pgd=00000044f3760003, *pud=00000044f3760003, *pmd=00000044f3760003, *pte=0000000000000000
[12343.104544]
[12343.106067] CPU: 9 PID: 7711 Comm: tar Not tainted 4.5.0-15.el7.aarch64 #1
[12343.112979] Hardware name: Qualcomm QDF2432 DP/HAWKER MAIN DDR4-1, BIOS XBL.DF.1.0.R1-00201 Q2432LZB CRM 09/ 9/2016
[12343.124497] task: fffffe07da05c200 ti: fffffe07da084000 task.ti: fffffe07da084000
[12343.132016] PC is at 0x3ffa2fe0ae0
[12343.135447] LR is at 0x3ffa2fe1774
[12343.138876] pc : [<000003ffa2fe0ae0>] lr : [<000003ffa2fe1774>] pstate: 80000000
[12343.146305] sp : 000003ffc91700d0
[12343.149660] x29: 000003ffc91700d0 x28: 0000000000000001
[12343.155037] x27: 000000000957f3f0 x26: 000003ffc917027a
[12343.160412] x25: 0000000000000000 x24: 0000000000000001
[12343.165801] x23: 000003ffc9170200 x22: 000003ffa3135060
[12343.171175] x21: 0000000000000110 x20: 0000000000000024
[12343.176548] x19: ffffffffffffffff x18: 000003ffc996a480
[12343.181922] x17: 000003ffa2f74098 x16: 00000000004603b8
[12343.187295] x15: 0005638d2a6c2090 x14: 0000000000000000
[12343.192682] x13: 00000003e8000000 x12: 0000000000000018
[12343.198055] x11: 000000000001612a x10: 000000005835f562
[12343.203440] x9 : 0000000000000000 x8 : 7b426b089b88c200
[12343.208829] x7 : 0000000000000002 x6 : 000003ffc9170370
[12343.214203] x5 : 0000000000000002 x4 : 0000000000000024
[12343.219583] x3 : 000003ffc9170200 x2 : 0000000000000002
[12343.224963] x1 : 000003ffc917027a x0 : 0000000000000001
[12343.230347]

[rpmbuild@rtp-lab-has1 tar]$ gdb --args BUILD/tar-1.26/src/tar chf /dev/null /tmp/test
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "aarch64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/rpmbuild/source/tar/BUILD/tar-1.26/src/tar...done.
(gdb) run
Starting program: /home/rpmbuild/source/tar/BUILD/tar-1.26/src/tar chf /dev/null /tmp/test
/home/rpmbuild/source/tar/BUILD/tar-1.26/src/tar: Removing leading `/' from member names

Program received signal SIGSEGV, Segmentation fault.
0x000003ffb7e1ac58 in _int_malloc () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-157.el7.aarch64 libacl-2.2.51-12.el7.aarch64 libattr-2.4.46-12.el7.aarch64 libselinux-2.5-6.el7.aarch64 pcre-8.32-15.el7_2.1.aarch64
(gdb) bt
#0  0x000003ffb7e1ac58 in _int_malloc () from /lib64/libc.so.6
#1  0x000003ffb7e1d29c in malloc () from /lib64/libc.so.6
#2  0x0000000000436208 in xmalloc (n=52410) at xmalloc.c:45
#3  0x0000000000436300 in xmemdup (p=<optimized out>, s=<optimized out>) at xmalloc.c:109
#4  0x0000000000436338 in xstrdup (string=<optimized out>) at xmalloc.c:117
#5  0x00000000004194cc in assign_string (string=string@entry=0x3ffff800238,
    value=value@entry=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/".
..) at misc.c:41
#6  0x000000000040cf14 in dump_file0 (st=st@entry=0x3ffff800238, name=0xcc283d0 "link",
    p=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...) at misc.c:41
#6  0x000000000040cf14 in dump_file0 (st=st@entry=0x3ffff800238, name=0xcc283d0 "link",
    p=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...)
    at create.c:1653
#7  0x000000000040cb64 in dump_file (parent=parent@entry=0x3ffff800558, name=name@entry=0xcc283d0 "link",
    fullname=fullname@entry=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...) at create.c:1959
#8  0x000000000040dd4c in dump_dir0 (directory=0xcc283d0 "link", st=0x3ffff800558) at create.c:1219
#9  dump_dir (st=0x3ffff800558) at create.c:1312
#10 dump_file0 (st=st@entry=0x3ffff800558, name=0xcc28180 "link",
    p=0x3497cd50 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...)             
    at create.c:1756
#11 0x000000000040cb64 in dump_file (parent=parent@entry=0x3ffff800878, name=name@entry=0xcc28180 "link",
    fullname=fullname@entry=0x3497cd50 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...) at create.c:1959
#12 0x000000000040dd4c in dump_dir0 (directory=0xcc28180 "link", st=0x3ffff800878) at create.c:1219
#13 dump_dir (st=0x3ffff800878) at create.c:1312
#14 dump_file0 (st=st@entry=0x3ffff800878, name=0xcc27f30 "link",
    p=0x34956710 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...)
    at create.c:1756

Expected results:

No segfault. Ideally a warning or error about the file system loop, like `find -L` would issue.
Comment 1 Pavel Raiskup 2016-11-24 06:37:11 UTC 
Hi Christopher, thanks for the report.  This is still to be fixed upstream,
patches are proposed, as mentioned in original (duplicate) bug.

Note you filed bug against RHEL 7.  If this issue is critical or in any
way time sensitive, please raise a ticket through your regular Red Hat
support channels to make certain  it receives the proper attention and
prioritization to assure a timely resolution.

For information on how to contact the Red Hat production support team,
please visit https://www.redhat.com/support/process/production/#howto

*** This bug has been marked as a duplicate of bug 1115890 ***
Note You need to log in before you can comment on or make changes to this bug.