Package: qemu-user-static
Version: 1:7.2+dfsg-7+deb12u2
Followup-For: Bug #1053101
Initially I noticed the ELF types shown for ls (0 a.k.a. SYSV) and
aarch64-linux-gnu-g++-13 (3 a.k.a. GNU/Linux) are different.
This is octet offset 7 of the ELF header, e_ident[EI_OSABI]. When it is 3 the
following field (offset 8) e_ident[EI_ABIVERSION] contains
the ABI version of the dynamic linker.
Since the issue seems related to some interaction with static vs dynamic this
may be a clue!
Doing some debugging on amd64 host with an aarch64 sid chroot build we get a
clearer idea of what is going wrong. It looks like in
accel/tcg/translate-all.c::page_find_alloc()
`void **lp` is the problem but has been optimised out by the compiler so I'll
need to build
qemu without optimisations and retry.
$ gdb --directory /srv/NAS/Sunny/SourceCode/qemu/qemu-7.2+dfsg/tcg/aarch64
--args /usr/libexec/qemu-binfmt/aarch64-binfmt-P
sid-aarch64/lib/aarch64-linux-gnu/ld-linux-aarch64.so.1 --verify
sid-aarch64/usr/bin/aarch64-linux-gnu-g++-13
Reading symbols from /usr/libexec/qemu-binfmt/aarch64-binfmt-P...
Reading symbols from
/usr/lib/debug/.build-id/7b/ef74adf0c2ded7f731079d47cc8ca9dcc579e1.debug...
(gdb) start
Temporary breakpoint 1 at 0x401b90: file ../../linux-user/main.c, line 664.
Starting program: /usr/libexec/qemu-binfmt/aarch64-binfmt-P
sid-aarch64/lib/aarch64-linux-gnu/ld-linux-aarch64.so.1 --verify
sid-aarch64/usr/bin/aarch64-linux-gnu-g++-13
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff7ff86c0 (LWP 250079)]
Thread 1 "aarch64-binfmt-" hit Temporary breakpoint 1, main (argc=4,
argv=0x7fffffffdb68, envp=0x7fffffffdb90) at ../../linux-user/main.c:664
664 {
(gdb) break page_find_alloc
(gdb) break do_syscall1 if num == 222
(gdb) c
Thread 1 "aarch64-binfmt-" hit Breakpoint 6, page_find_alloc
(index=index@entry=89128960, alloc=alloc@entry=true) at
../../accel/tcg/translate-all.c:431
431 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
(gdb) info break
Num Type Disp Enb Address What
6 breakpoint keep y 0x000000000061ab70 in page_find_alloc at
../../accel/tcg/translate-all.c:431
breakpoint already hit 1 time
8 breakpoint keep y 0x000000000063a660 in do_syscall1 at
../../linux-user/syscall.c:8615
stop only if num == 222
(gdb) disable 6
(gdb) c
Continuing.
Thread 1 "aarch64-binfmt-" hit Breakpoint 8, do_syscall1
(cpu_env=cpu_env@entry=0xe44220, num=num@entry=222, arg1=arg1@entry=4194304,
arg2=arg2@entry=937984,
arg3=arg3@entry=5, arg4=arg4@entry=2066, arg5=3, arg6=0, arg8=<optimized out>,
arg7=<optimized out>) at ../../linux-user/syscall.c:8615
8615 static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long
arg1,
(gdb) enable 6
(gdb) c
Continuing.
Thread 1 "aarch64-binfmt-" hit Breakpoint 6, page_find_alloc
(index=index@entry=1024, alloc=alloc@entry=true) at
../../accel/tcg/translate-all.c:431
431 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
(gdb) p lp
$1 = <optimized out>
(gdb) p l1_map
$5 = {0xe9e3f0, 0x0 <repeats 8191 times>}
(gdb) p v_l1_shift
$6 = 40
(gdb) p v_l1_size
$7 = 4096
(gdb) p index
$8 = 1024
(gdb) p ((index >> v_l1_shift))
$9 = 0
(gdb) p ((index >> v_l1_shift) & (v_l1_size -1))
$10 = 0
(gdb) p l1_map + ((index >> v_l1_shift) & (v_l1_size -1))
$11 = (void **) 0xe04580 <l1_map>
(gdb) n
Thread 1 "aarch64-binfmt-" received signal SIGSEGV, Segmentation fault.
page_find_alloc (index=index@entry=1024, alloc=alloc@entry=true) at
../../accel/tcg/translate-all.c:431
431 lp = l1_map + ((index >> v_l1_shift) & (v_l1_size - 1));
(gdb) p lp
$12 = <optimized out>
(gdb) n
host_signal_handler (host_sig=11, info=0x7fffffffb8f0, puc=0x7fffffffb7c0) at
../../linux-user/signal.c:783
783 {
(gdb) n
793 void *sigmask = host_signal_mask(uc);
(gdb) n
784 CPUArchState *env = thread_cpu->env_ptr;
(gdb)
