Dear Maintainer,
I tried to reproduce this issue and received a backtrace like in [1].
This looks like being fixed upstream in commit [2].
A package built with this patch does not crash any more.
The reason seems to be because this macro defines a variable
in a block local scope while it should be more visible.
Due to upstream moved the macro to a different file before that patch,
it has to applied to src/libvirt-php.h instead of src/util.h like in
attached file.
Kind regards,
Bernhard
[2]
https://github.com/libvirt/libvirt-php/commit/587235c523b88de431f348902792c1a77e049f06
[1]
Program received signal SIGSEGV, Segmentation fault.
0x00007f1d823a6d0e in zend_hash_real_init_mixed_ex (ht=ht@entry=0x7f1d7dba2a94
<__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:131
131 ht->nTableMask = HT_SIZE_TO_MASK(nSize);
1: x/i $pc
=> 0x7f1d823a6d0e <zend_hash_real_init_mixed+14>: mov
%ecx,0xc(%rdi)
(rr) bt
#0 0x00007f1d823a6d0e in zend_hash_real_init_mixed_ex
(ht=ht@entry=0x7f1d7dba2a94 <__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:131
#1 zend_hash_real_init_mixed (ht=ht@entry=0x7f1d7dba2a94
<__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:260
#2 0x00007f1d823a8168 in _zend_hash_str_add_or_update_i (flag=1, pData=0x7ffe46f16380,
h=9223378990555402118, len=6, str=0x55c4dcbd6ac0 "kernel", ht=0x7f1d7dba2a94
<__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:740
#3 zend_hash_str_update (ht=ht@entry=0x7f1d7dba2a94 <__FUNCTION__.28782+4>,
str=str@entry=0x55c4dcbd6ac0 "kernel", len=len@entry=6,
pData=pData@entry=0x7ffe46f16380) at ./Zend/zend_hash.c:848
#4 0x00007f1d8239d038 in zend_symtable_str_update (pData=0x7ffe46f16380, len=6,
str=0x55c4dcbd6ac0 "kernel", ht=0x7f1d7dba2a94 <__FUNCTION__.28782+4>) at
./Zend/zend_hash.h:501
#5 add_assoc_long_ex (arg=arg@entry=0x7ffe46f16400, key=key@entry=0x55c4dcbd6ac0
"kernel", key_len=6, n=<optimized out>) at ./Zend/zend_API.c:1359
#6 0x00007f1d7db837f5 in zif_libvirt_node_get_cpu_stats
(execute_data=<optimized out>, return_value=0x7f1d8101c0a0) at
../../src/libvirt-php.c:2356
#7 0x00007f1d8241cdf7 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at
./Zend/zend_vm_execute.h:694
#8 execute_ex (ex=0x7f1d7dba2a94 <__FUNCTION__.28782+4>) at
./Zend/zend_vm_execute.h:55503
#9 0x00007f1d824229b7 in zend_execute
(op_array=op_array@entry=0x7f1d747fd760, return_value=0x0,
return_value@entry=0x7f1d8101c030) at ./Zend/zend_vm_execute.h:60935
#10 0x00007f1d8239b603 in zend_execute_scripts (type=type@entry=8,
retval=0x7f1d8101c030, retval@entry=0x0, file_count=file_count@entry=3) at
./Zend/zend.c:1568
#11 0x00007f1d8233bb58 in php_execute_script
(primary_file=primary_file@entry=0x7ffe46f18a60) at ./main/main.c:2637
#12 0x00007f1d82424be2 in php_handler (r=<optimized out>) at
./sapi/apache2handler/sapi_apache2.c:699
#13 0x000055c4dbefda40 in ap_run_handler (r=r@entry=0x7f1d7db6b0a0) at
config.c:170
#14 0x000055c4dbefdfd6 in ap_invoke_handler (r=r@entry=0x7f1d7db6b0a0) at
config.c:444
#15 0x000055c4dbf16463 in ap_process_async_request (r=0x7f1d7db6b0a0) at
http_request.c:453
#16 0x000055c4dbf165ce in ap_process_request (r=r@entry=0x7f1d7db6b0a0) at
http_request.c:488
#17 0x000055c4dbf1283d in ap_process_http_sync_connection
(c=0x7f1d7db6f290) at http_core.c:210
#18 ap_process_http_connection (c=0x7f1d7db6f290) at http_core.c:251
#19 0x000055c4dbf078b0 in ap_run_process_connection
(c=c@entry=0x7f1d7db6f290) at connection.c:42
#20 0x000055c4dbf07e10 in ap_process_connection (c=c@entry=0x7f1d7db6f290,
csd=<optimized out>) at connection.c:219
#21 0x00007f1d825a33df in child_main (child_num_arg=child_num_arg@entry=0,
child_bucket=child_bucket@entry=0) at prefork.c:615
#22 0x00007f1d825a366b in make_child (s=0x7f1d8284e4a0, slot=slot@entry=0)
at prefork.c:653
#23 0x00007f1d825a4840 in prefork_run (_pconf=<optimized out>,
plog=0x7f1d82849028, s=0x7f1d8284e4a0) at prefork.c:866
#24 0x000055c4dbee067e in ap_run_mpm (pconf=0x7f1d82cca028,
plog=0x7f1d82849028, s=0x7f1d8284e4a0) at mpm_common.c:94
#25 0x000055c4dbed8f57 in main (argc=<optimized out>, argv=<optimized out>)
at main.c:819
# Buster/stable amd64 qemu VM 2021-03-01
apt update
apt dist-upgrade
apt install systemd-coredump mc rr gdb quilt libvirt-daemon-system apache2
virtinst libapache2-mod-php php-libvirt-php libapache2-mod-php7.3-dbgsym
php-libvirt-php-dbgsym apache2-bin-dbgsym
apt build-dep php-libvirt-php
mkdir /home/benutzer/source/libapache2-mod-php7.3/orig -p
cd /home/benutzer/source/libapache2-mod-php7.3/orig
apt source libapache2-mod-php7.3
cd
mkdir /home/benutzer/source/php-libvirt-php/orig -p
cd /home/benutzer/source/php-libvirt-php/orig
apt source php-libvirt-php
cd
adduser www-data libvirt
virsh net-start default
virt-install -n empty-test --ram=512 --vcpus=2 --graphics none --disk none --pxe
virsh --connect qemu:///system list --all
a2enmod php7.3
tail -n0 -f /var/log/apache2/*
journalctl -f
cat <<EOF > /var/www/html/test-libvirt.php
<?php
\$conn = libvirt_connect("qemu:///system", false);
if(\$conn) {
print("\ngot a connection\n");
\$tmp = libvirt_node_get_cpu_stats(\$conn); //If I comment this line I don't
have any segmentation fault.
print_r(\$tmp);
} else {
print("\ngot no connection\n");
}
?>
EOF
echo 1 > /proc/sys/kernel/perf_event_paranoid
systemctl stop apache2
source /etc/apache2/envvars
rr record /usr/sbin/apache2 -X -e debug
rr: Saving execution to trace directory `/tmp/rr/apache2-2'.
...
Segmentation fault
wget http://localhost/test-libvirt.php -O test.txt
# cat test.txt
rr replay /tmp/rr/apache2-2
set width 0
set pagination off
directory /home/benutzer/source/libapache2-mod-php7.3/orig/php7.3-7.3.27/Zend
directory
/home/benutzer/source/php-libvirt-php/orig/libvirt-php-0.5.4/debian/source
display/i $pc
cont
bt
when
Program received signal SIGSEGV, Segmentation fault.
0x00007f1d823a6d0e in zend_hash_real_init_mixed () from
/usr/lib/apache2/modules/libphp7.3.so
(rr) bt
#0 0x00007f1d823a6d0e in zend_hash_real_init_mixed () from
/usr/lib/apache2/modules/libphp7.3.so
#1 0x00007f1d823a8168 in zend_hash_str_update () from
/usr/lib/apache2/modules/libphp7.3.so
#2 0x00007f1d8239d038 in add_assoc_long_ex () from
/usr/lib/apache2/modules/libphp7.3.so
#3 0x00007f1d7db837f5 in ?? () from /usr/lib/php/20180731/libvirt-php.so
#4 0x00007f1d8241cdf7 in execute_ex () from
/usr/lib/apache2/modules/libphp7.3.so
#5 0x00007f1d824229b7 in zend_execute () from
/usr/lib/apache2/modules/libphp7.3.so
#6 0x00007f1d8239b603 in zend_execute_scripts () from
/usr/lib/apache2/modules/libphp7.3.so
#7 0x00007f1d8233bb58 in php_execute_script () from
/usr/lib/apache2/modules/libphp7.3.so
#8 0x00007f1d82424be2 in ?? () from /usr/lib/apache2/modules/libphp7.3.so
#9 0x000055c4dbefda40 in ap_run_handler ()
#10 0x000055c4dbefdfd6 in ap_invoke_handler ()
#11 0x000055c4dbf16463 in ap_process_async_request ()
#12 0x000055c4dbf165ce in ap_process_request ()
#13 0x000055c4dbf1283d in ?? ()
#14 0x000055c4dbf078b0 in ap_run_process_connection ()
#15 0x00007f1d825a33df in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#16 0x00007f1d825a366b in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#17 0x00007f1d825a4840 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so
#18 0x000055c4dbee067e in ap_run_mpm ()
#19 0x000055c4dbed8f57 in main ()
Program received signal SIGSEGV, Segmentation fault.
0x00007f1d823a6d0e in zend_hash_real_init_mixed_ex (ht=ht@entry=0x7f1d7dba2a94
<__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:131
131 ht->nTableMask = HT_SIZE_TO_MASK(nSize);
1: x/i $pc
=> 0x7f1d823a6d0e <zend_hash_real_init_mixed+14>: mov %ecx,0xc(%rdi)
(rr) bt
#0 0x00007f1d823a6d0e in zend_hash_real_init_mixed_ex
(ht=ht@entry=0x7f1d7dba2a94 <__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:131
#1 zend_hash_real_init_mixed (ht=ht@entry=0x7f1d7dba2a94
<__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:260
#2 0x00007f1d823a8168 in _zend_hash_str_add_or_update_i (flag=1,
pData=0x7ffe46f16380, h=9223378990555402118, len=6, str=0x55c4dcbd6ac0
"kernel", ht=0x7f1d7dba2a94 <__FUNCTION__.28782+4>) at ./Zend/zend_hash.c:740
#3 zend_hash_str_update (ht=ht@entry=0x7f1d7dba2a94 <__FUNCTION__.28782+4>,
str=str@entry=0x55c4dcbd6ac0 "kernel", len=len@entry=6,
pData=pData@entry=0x7ffe46f16380) at ./Zend/zend_hash.c:848
#4 0x00007f1d8239d038 in zend_symtable_str_update (pData=0x7ffe46f16380,
len=6, str=0x55c4dcbd6ac0 "kernel", ht=0x7f1d7dba2a94 <__FUNCTION__.28782+4>)
at ./Zend/zend_hash.h:501
#5 add_assoc_long_ex (arg=arg@entry=0x7ffe46f16400,
key=key@entry=0x55c4dcbd6ac0 "kernel", key_len=6, n=<optimized out>) at
./Zend/zend_API.c:1359
#6 0x00007f1d7db837f5 in zif_libvirt_node_get_cpu_stats
(execute_data=<optimized out>, return_value=0x7f1d8101c0a0) at
../../src/libvirt-php.c:2356
#7 0x00007f1d8241cdf7 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at
./Zend/zend_vm_execute.h:694
#8 execute_ex (ex=0x7f1d7dba2a94 <__FUNCTION__.28782+4>) at
./Zend/zend_vm_execute.h:55503
#9 0x00007f1d824229b7 in zend_execute (op_array=op_array@entry=0x7f1d747fd760,
return_value=0x0, return_value@entry=0x7f1d8101c030) at
./Zend/zend_vm_execute.h:60935
#10 0x00007f1d8239b603 in zend_execute_scripts (type=type@entry=8,
retval=0x7f1d8101c030, retval@entry=0x0, file_count=file_count@entry=3) at
./Zend/zend.c:1568
#11 0x00007f1d8233bb58 in php_execute_script
(primary_file=primary_file@entry=0x7ffe46f18a60) at ./main/main.c:2637
#12 0x00007f1d82424be2 in php_handler (r=<optimized out>) at
./sapi/apache2handler/sapi_apache2.c:699
#13 0x000055c4dbefda40 in ap_run_handler (r=r@entry=0x7f1d7db6b0a0) at
config.c:170
#14 0x000055c4dbefdfd6 in ap_invoke_handler (r=r@entry=0x7f1d7db6b0a0) at
config.c:444
#15 0x000055c4dbf16463 in ap_process_async_request (r=0x7f1d7db6b0a0) at
http_request.c:453
#16 0x000055c4dbf165ce in ap_process_request (r=r@entry=0x7f1d7db6b0a0) at
http_request.c:488
#17 0x000055c4dbf1283d in ap_process_http_sync_connection (c=0x7f1d7db6f290) at
http_core.c:210
#18 ap_process_http_connection (c=0x7f1d7db6f290) at http_core.c:251
#19 0x000055c4dbf078b0 in ap_run_process_connection (c=c@entry=0x7f1d7db6f290)
at connection.c:42
#20 0x000055c4dbf07e10 in ap_process_connection (c=c@entry=0x7f1d7db6f290,
csd=<optimized out>) at connection.c:219
#21 0x00007f1d825a33df in child_main (child_num_arg=child_num_arg@entry=0,
child_bucket=child_bucket@entry=0) at prefork.c:615
#22 0x00007f1d825a366b in make_child (s=0x7f1d8284e4a0, slot=slot@entry=0) at
prefork.c:653
#23 0x00007f1d825a4840 in prefork_run (_pconf=<optimized out>,
plog=0x7f1d82849028, s=0x7f1d8284e4a0) at prefork.c:866
#24 0x000055c4dbee067e in ap_run_mpm (pconf=0x7f1d82cca028,
plog=0x7f1d82849028, s=0x7f1d8284e4a0) at mpm_common.c:94
#25 0x000055c4dbed8f57 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:819
(rr) print/x $rdi
$1 = 0x7f1d7dba2a94
(rr) print/x $rdi + 0xc
$2 = 0x7f1d7dba2aa0
(rr) print &ht->nTableMask
$3 = (uint32_t *) 0x7f1d7dba2aa0 <__FUNCTION__.28782+16>
(rr) x/1xg $rdi
0x7f1d7dba2a94 <__FUNCTION__.28782+4>: 0x5f7472697662696c
(rr) x/1xg $rdi + 0xc
0x7f1d7dba2aa0 <__FUNCTION__.28782+16>: 0x0000000000746365
(rr) info target
...
0x00007f1d7db99000 - 0x00007f1d7dba2c68 is .rodata in
/usr/lib/php/20180731/libvirt-php.so
...
# cat /proc/18872/maps
...
7f1d7db99000-7f1d7dba8000 r--p 00028000 08:01 539994
/tmp/rr/apache2-2/mmap_hardlink_653_libvirt-php.so
...
--> read only mapping ???
https://sources.debian.org/src/libvirt-php/0.5.4-3/src/libvirt-php.c/#L2356
(rr) print arg.value.arr
$19 = (zend_array *) 0x7f1d7dba2a94 <__FUNCTION__.28782+4>
(rr) x/1xg &arg.value.arr
0x7ffe46f16400: 0x00007f1d7dba2a94
(rr) watch *0x7ffe46f16400
Hardware watchpoint 5: *0x7ffe46f16400
(rr) reverse-cont
Continuing.
Hardware watchpoint 5: *0x7ffe46f16400
Old value = 2109352596
New value = 2108261980
0x00007f1d7db7d3c3 in debugPrint (source=source@entry=0x7f1d7db99d34 "core",
fmt=fmt@entry=0x7f1d7db9ee20 "%s: Connection to %s established, returning
%p\n") at ../../src/util.c:50
50 {
1: x/i $pc
=> 0x7f1d7db7d3c3 <debugPrint+19>: mov %rdx,0x40(%rsp)
(rr) bt
#0 0x00007f1d7db7d3c3 in debugPrint (source=source@entry=0x7f1d7db99d34
"core", fmt=fmt@entry=0x7f1d7db9ee20 "%s: Connection to %s established,
returning %p\n") at ../../src/util.c:50
#1 0x00007f1d7db913a8 in zif_libvirt_connect (execute_data=<optimized out>,
return_value=<optimized out>) at ../../src/libvirt-php.c:2247
#2 0x00007f1d8241cdf7 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER () at
./Zend/zend_vm_execute.h:694
#3 execute_ex (ex=0x7f1d7db99d34) at ./Zend/zend_vm_execute.h:55503
#4 0x00007f1d824229b7 in zend_execute (op_array=op_array@entry=0x7f1d747fd6a0,
return_value=0x0, return_value@entry=0x7f1d8101c030) at
./Zend/zend_vm_execute.h:60935
#5 0x00007f1d8239b603 in zend_execute_scripts (type=type@entry=8,
retval=0x7f1d8101c030, retval@entry=0x0, file_count=file_count@entry=3) at
./Zend/zend.c:1568
#6 0x00007f1d8233bb58 in php_execute_script
(primary_file=primary_file@entry=0x7ffe46f18a60) at ./main/main.c:2637
#7 0x00007f1d82424be2 in php_handler (r=<optimized out>) at
./sapi/apache2handler/sapi_apache2.c:699
#8 0x000055c4dbefda40 in ap_run_handler (r=r@entry=0x7f1d7db6b0a0) at
config.c:170
#9 0x000055c4dbefdfd6 in ap_invoke_handler (r=r@entry=0x7f1d7db6b0a0) at
config.c:444
#10 0x000055c4dbf16463 in ap_process_async_request (r=0x7f1d7db6b0a0) at
http_request.c:453
#11 0x000055c4dbf165ce in ap_process_request (r=r@entry=0x7f1d7db6b0a0) at
http_request.c:488
#12 0x000055c4dbf1283d in ap_process_http_sync_connection (c=0x7f1d7db6f290) at
http_core.c:210
#13 ap_process_http_connection (c=0x7f1d7db6f290) at http_core.c:251
#14 0x000055c4dbf078b0 in ap_run_process_connection (c=c@entry=0x7f1d7db6f290)
at connection.c:42
#15 0x000055c4dbf07e10 in ap_process_connection (c=c@entry=0x7f1d7db6f290,
csd=<optimized out>) at connection.c:219
#16 0x00007f1d825a33df in child_main (child_num_arg=child_num_arg@entry=0,
child_bucket=child_bucket@entry=0) at prefork.c:615
#17 0x00007f1d825a366b in make_child (s=0x7f1d8284e4a0, slot=slot@entry=0) at
prefork.c:653
#18 0x00007f1d825a4840 in prefork_run (_pconf=<optimized out>,
plog=0x7f1d82849028, s=0x7f1d8284e4a0) at prefork.c:866
#19 0x000055c4dbee067e in ap_run_mpm (pconf=0x7f1d82cca028,
plog=0x7f1d82849028, s=0x7f1d8284e4a0) at mpm_common.c:94
#20 0x000055c4dbed8f57 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:819
(rr) x/1xg 0x7ffe46f16400
0x7ffe46f16400: 0x00007f1d7da9865c
(rr) up
#1 0x00007f1d7db913a8 in zif_libvirt_connect (execute_data=<optimized out>,
return_value=<optimized out>) at ../../src/libvirt-php.c:2247
2247 DPRINTF("%s: Connection to %s established, returning %p\n",
PHPFUNC, url, conn->conn);
https://github.com/libvirt/libvirt-php/commit/587235c523b88de431f348902792c1a77e049f06
cd /home/benutzer/source/php-libvirt-php
cp orig try1 -a
cd try1/libvirt-php-0.5.4
wget
https://github.com/libvirt/libvirt-php/commit/587235c523b88de431f348902792c1a77e049f06.patch
mv 587235c523b88de431f348902792c1a77e049f06.patch debian/patches/
echo 587235c523b88de431f348902792c1a77e049f06.patch >> debian/patches/series
From 587235c523b88de431f348902792c1a77e049f06 Mon Sep 17 00:00:00 2001
From: Dawid Zamirski <dzamir...@datto.com>
Date: Mon, 8 Jul 2019 17:32:11 -0400
Subject: [PATCH] Fix PHP7 VIRT_ARRAY_INIT macro implementation.
This is a PHP 7 compatibilty macro which was segfaulting due to the
temporary variable being defined in the do..while scoped block (to
swallow semicolon for macros), e.g:
zval *arr;
VIRT_ARRAY_INIT(arr);
VIRT_ADD_ASSOC_STRING(arr, "foo", "bar"); // <= segfault here
The VIRT_ARRAY_INIT above was expanding to:
do {
zval z_arr; // <= local scope definition
arr = &z_arr;
array_init(arr);
} while (0)
After this patch, the macro expands to:
zval z_arr; // now defined in the scope of the macro caller
do {
arr = &z_arr;
array_init(arr);
} while (0)
which solved the issue.
Signed-off-by: Dawid Zamirski <dzamir...@datto.com>
Reviewed-by: Michal Privoznik <mpriv...@redhat.com>
---
src/util.h | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
Index: libvirt-php-0.5.4/src/libvirt-php.h
===================================================================
--- libvirt-php-0.5.4.orig/src/libvirt-php.h
+++ libvirt-php-0.5.4/src/libvirt-php.h
@@ -178,10 +178,11 @@ typedef virt_resource *virt_resource_han
_info.length = ZSTR_LEN(tmp_key_info); \
} while(0)
-#define VIRT_ARRAY_INIT(_name) do { \
+#define VIRT_ARRAY_INIT(_name) \
zval z##_name; \
- _name = &z##_name; \
- array_init(_name); \
+ do { \
+ _name = &z##_name; \
+ array_init(_name); \
} while(0)
#else /* PHP_MAJOR_VERSION < 7 */
