http://bugzilla.opensuse.org/show_bug.cgi?id=1106809 Bug ID: 1106809 Summary: Wicked receives SIGSEGV after system reboot (/usr/sbin/wicked --systemd ifup all). Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: x86-64 OS: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: jacob.long@unisys.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 781600 --> http://bugzilla.opensuse.org/attachment.cgi?id=781600&action=edit This zip contains a full backtrace.txt and structures.txt showing values at time of core dump. Running the following package levels: libwicked-0-6-0.6.40-37.2.x86_64.rpm libwicked-0-6-debuginfo-0.6.40-37.2.x86_64.rpm wicked-0.6.40-37.2.x86_64.rpm wicked-debuginfo-0.6.40-37.2.x86_64.rpm wicked-debugsource-0.6.40-37.2.x86_64.rpm wicked-service-0.6.40-37.2.x86_64.rpm Wicked segfaults and dumps core on system reboot when running ifup command, e.g.: ExecStart=/usr/sbin/wicked/ --systemd ifup all It seems that ni_fsm_process_find_pending_worker() in src/fsm.c allows index 'i' to overrun the value of 'fsm->workers.count' in the 'fsm->workers.data' array. A full backtrace.txt is attached as well as structures.txt showing the value of i and the pointers referenced at time of the SIGSEGV. 5530 static ni_ifworker_t * 5531 ni_fsm_process_rename_find_pending_worker(ni_fsm_t *fsm, const ni_ifworker_ t *w) 5532 { 5533 ni_ifworker_t *c; 5534 unsigned int i; 5535 5536 for (i = 0; fsm->workers.count; ++i) { 5537 c = fsm->workers.data[i]; 5538 if (!c || c == w || c->type != w->type || c->device) 5539 continue; 5540 if (!c->pending || !ni_string_eq(c->name, w->name)) 5541 continue; 5542 return c; 5543 } 5544 return NULL; 5545 } -- You are receiving this mail because: You are on the CC list for the bug.