1398029 – tar segmentation fault

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1398029 - tar segmentation fault

Summary: tar segmentation fault

Keywords:
Status:	CLOSED DUPLICATE of bug 1115890
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	tar
Sub Component:
Version:	7.3
Hardware:	aarch64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Pavel Raiskup
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-23 22:29 UTC by Christopher Covington
Modified:	2016-11-24 06:37 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-24 06:37:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Christopher Covington 2016-11-23 22:29:19 UTC

Description of problem:
When the --dereference or -h option is used and tar encounters a loop/cycle symlink, a segmentation violation results.

Version-Release number of selected component (if applicable):
tar (GNU tar) 1.26

How reproducible:
100%

Steps to Reproduce:
mkdir /tmp/test
ln -s . /tmp/test/link
tar chf /dev/null /tmp/test

Actual Results:

[12343.081585] tar[7711]: unhandled level 3 translation fault (11) at 0x3ffc916ffe0, esr 0x92000047
[12343.090444] pgd = fffffe07dcac0000
[12343.093881] [3ffc916ffe0] *pgd=00000044f3760003, *pud=00000044f3760003, *pmd=00000044f3760003, *pte=0000000000000000
[12343.104544]
[12343.106067] CPU: 9 PID: 7711 Comm: tar Not tainted 4.5.0-15.el7.aarch64 #1
[12343.112979] Hardware name: Qualcomm QDF2432 DP/HAWKER MAIN DDR4-1, BIOS XBL.DF.1.0.R1-00201 Q2432LZB CRM 09/ 9/2016
[12343.124497] task: fffffe07da05c200 ti: fffffe07da084000 task.ti: fffffe07da084000
[12343.132016] PC is at 0x3ffa2fe0ae0
[12343.135447] LR is at 0x3ffa2fe1774
[12343.138876] pc : [<000003ffa2fe0ae0>] lr : [<000003ffa2fe1774>] pstate: 80000000
[12343.146305] sp : 000003ffc91700d0
[12343.149660] x29: 000003ffc91700d0 x28: 0000000000000001
[12343.155037] x27: 000000000957f3f0 x26: 000003ffc917027a
[12343.160412] x25: 0000000000000000 x24: 0000000000000001
[12343.165801] x23: 000003ffc9170200 x22: 000003ffa3135060
[12343.171175] x21: 0000000000000110 x20: 0000000000000024
[12343.176548] x19: ffffffffffffffff x18: 000003ffc996a480
[12343.181922] x17: 000003ffa2f74098 x16: 00000000004603b8
[12343.187295] x15: 0005638d2a6c2090 x14: 0000000000000000
[12343.192682] x13: 00000003e8000000 x12: 0000000000000018
[12343.198055] x11: 000000000001612a x10: 000000005835f562
[12343.203440] x9 : 0000000000000000 x8 : 7b426b089b88c200
[12343.208829] x7 : 0000000000000002 x6 : 000003ffc9170370
[12343.214203] x5 : 0000000000000002 x4 : 0000000000000024
[12343.219583] x3 : 000003ffc9170200 x2 : 0000000000000002
[12343.224963] x1 : 000003ffc917027a x0 : 0000000000000001
[12343.230347]

[rpmbuild@rtp-lab-has1 tar]$ gdb --args BUILD/tar-1.26/src/tar chf /dev/null /tmp/test
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "aarch64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/rpmbuild/source/tar/BUILD/tar-1.26/src/tar...done.
(gdb) run
Starting program: /home/rpmbuild/source/tar/BUILD/tar-1.26/src/tar chf /dev/null /tmp/test
/home/rpmbuild/source/tar/BUILD/tar-1.26/src/tar: Removing leading `/' from member names

Program received signal SIGSEGV, Segmentation fault.
0x000003ffb7e1ac58 in _int_malloc () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-157.el7.aarch64 libacl-2.2.51-12.el7.aarch64 libattr-2.4.46-12.el7.aarch64 libselinux-2.5-6.el7.aarch64 pcre-8.32-15.el7_2.1.aarch64
(gdb) bt
#0  0x000003ffb7e1ac58 in _int_malloc () from /lib64/libc.so.6
#1  0x000003ffb7e1d29c in malloc () from /lib64/libc.so.6
#2  0x0000000000436208 in xmalloc (n=52410) at xmalloc.c:45
#3  0x0000000000436300 in xmemdup (p=<optimized out>, s=<optimized out>) at xmalloc.c:109
#4  0x0000000000436338 in xstrdup (string=<optimized out>) at xmalloc.c:117
#5  0x00000000004194cc in assign_string (string=string@entry=0x3ffff800238,
    value=value@entry=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/".
..) at misc.c:41
#6  0x000000000040cf14 in dump_file0 (st=st@entry=0x3ffff800238, name=0xcc283d0 "link",
    p=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...) at misc.c:41
#6  0x000000000040cf14 in dump_file0 (st=st@entry=0x3ffff800238, name=0xcc283d0 "link",
    p=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...)
    at create.c:1653
#7  0x000000000040cb64 in dump_file (parent=parent@entry=0x3ffff800558, name=name@entry=0xcc283d0 "link",
    fullname=fullname@entry=0x349a3390 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...) at create.c:1959
#8  0x000000000040dd4c in dump_dir0 (directory=0xcc283d0 "link", st=0x3ffff800558) at create.c:1219
#9  dump_dir (st=0x3ffff800558) at create.c:1312
#10 dump_file0 (st=st@entry=0x3ffff800558, name=0xcc28180 "link",
    p=0x3497cd50 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...)             
    at create.c:1756
#11 0x000000000040cb64 in dump_file (parent=parent@entry=0x3ffff800878, name=name@entry=0xcc28180 "link",
    fullname=fullname@entry=0x3497cd50 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...) at create.c:1959
#12 0x000000000040dd4c in dump_dir0 (directory=0xcc28180 "link", st=0x3ffff800878) at create.c:1219
#13 dump_dir (st=0x3ffff800878) at create.c:1312
#14 dump_file0 (st=st@entry=0x3ffff800878, name=0xcc27f30 "link",
    p=0x34956710 "/tmp/test/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/link/"...)
    at create.c:1756

Expected results:

No segfault. Ideally a warning or error about the file system loop, like `find -L` would issue.

Comment 1 Pavel Raiskup 2016-11-24 06:37:11 UTC

Hi Christopher, thanks for the report.  This is still to be fixed upstream,
patches are proposed, as mentioned in original (duplicate) bug.

Note you filed bug against RHEL 7.  If this issue is critical or in any
way time sensitive, please raise a ticket through your regular Red Hat
support channels to make certain  it receives the proper attention and
prioritization to assure a timely resolution.

For information on how to contact the Red Hat production support team,
please visit https://www.redhat.com/support/process/production/#howto

*** This bug has been marked as a duplicate of bug 1115890 ***

Note You need to log in before you can comment on or make changes to this bug.