Description of problem:
running command:
cvf /a.tar --listed-incremental=/tmp/tarlii /boot/grub/menu.lst /var/named

ends with SIGSEGV crash. When run under gdb, it prints:

(gdb) run cvf /a.tar --listed-incremental=/tmp/tarlii /boot/grub/menu.lst /var/named
Starting program: /bin/tar cvf /a.tar --listed-incremental=/tmp/tarlii /boot/grub/menu.lst /var/named
[Thread debugging using libthread_db enabled]
/bin/tar: /var/named: Directory is new
/bin/tar: /var/named/chroot: Directory is new
/bin/tar: /var/named/data: Directory is new
/bin/tar: /var/named/dynamic: Directory is new
/bin/tar: /var/named/slaves: Directory is new
/bin/tar: /var/named/chroot/dev: Directory is new
/bin/tar: /var/named/chroot/etc: Directory is new
/bin/tar: /var/named/chroot/usr: Directory is new
/bin/tar: /var/named/chroot/var: Directory is new
/bin/tar: /var/named/chroot/etc/named: Directory is new
/bin/tar: /var/named/chroot/etc/pki: Directory is new
/bin/tar: /var/named/chroot/etc/pki/dnssec-keys: Directory is new
/bin/tar: /var/named/chroot/usr/lib: Directory is new
/bin/tar: /var/named/chroot/usr/lib/bind: Directory is new
/bin/tar: /var/named/chroot/var/log: Directory is new
/bin/tar: /var/named/chroot/var/named: Directory has been renamed from `/var/named'
/bin/tar: /var/named/chroot/var/run: Directory is new
/bin/tar: /var/named/chroot/var/tmp: Directory is new
/bin/tar: /var/named/chroot/var/named/chroot/etc/named: Directory is new
/bin/tar: /var/named/chroot/var/named/chroot/usr/lib/bind: Directory is new
/bin/tar: /var/named/chroot/var/named/chroot/var/named: Directory is new
/bin/tar: /var/named/chroot/var/named/chroot/var/run: Directory has been renamed from `/var/named/chroot/var/run'
/bin/tar: /var/named/chroot/var/named/chroot/var/tmp: Directory has been renamed from `/var/named/chroot/var/tmp'
/bin/tar: /var/named/chroot/var/named/chroot/var/run/named: Directory is new
/bin/tar: /var/named/chroot/var/run/named: Directory has been renamed from `/var/named/chroot/var/named/chroot/var/run/named'
/bin/tar: Removing leading `/' from member names

Program received signal SIGSEGV, Segmentation fault.
append_incremental_renames (dir=0x0) at incremen.c:897
897	      dumpdir_free (dir->dump);
(gdb) 



Version-Release number of selected component (if applicable):
tar-1.23-4.fc14.i686

Reproducible allways, steps to Reproduce:
1. start named with bind-chroot package installed
2. run above tar command
3. see crash message
  
Additional info:
- verified on three HW different F14 i686 machines

- selinux is disabled

- tar-1.22-17.fc13.i686 from Fedora 13 ends OK

- in above example, commandline must contain "--listed-incremental=" option, and must have both destination ("/boot/grub/menu.lst" and "/var/named") specified. Otherwise tar isn't crashing. It seems tar as well isn't crashing when at position "/boot/grub/menu.lst" is directory specification, for crash there must be some filespec.
 
- for crash, there must be some mounts to /var/named, which bind's rc.d startup script do when bind running chrooted, but tar crashes regardless of "--one-file-system" option presence. actual mounts are:
# mount|grep '/var/named'
/etc/named on /var/named/chroot/etc/named type none (rw,bind)
/var/named on /var/named/chroot/var/named type none (rw,bind)
/etc/named.conf on /var/named/chroot/etc/named.conf type none (rw,bind)
/etc/named.rfc1912.zones on /var/named/chroot/etc/named.rfc1912.zones type none (rw,bind)
/etc/rndc.key on /var/named/chroot/etc/rndc.key type none (rw,bind)
/usr/lib/bind on /var/named/chroot/usr/lib/bind type none (rw,bind)
/etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)
/etc/named.root.key on /var/named/chroot/etc/named.root.key type none (rw,bind)