Bug#1014177: qemu-user-static: QEMU aarch64 user mode emulation always segfaults

[Jörn Heusipp]

Package: qemu-user-static
Version: 1:7.0+dfsg-7
Severity: important
X-Debbugs-Cc: osm...@problemloesungsmaschine.de

Dear Maintainer,

I am using QEMU user mode emulation to test my software on non-amd64 architectures. I have qemu-user-static and binfmt-support installed so that I can run foreign binaries seamlessly.

On Debian Testing with QEMU 7, aarch64 user mode emulation always segfaults:
```
manx@appendix:~/tmp$ cat nothing.c
int main() {
return 0;
}
manx@appendix:~/tmp$ aarch64-linux-gnu-gcc -std=c18 -O3 -Wall -Wextra -Wpedantic nothing.c
manx@appendix:~/tmp$ ./a.out
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
manx@appendix:~/tmp$
```

Other architectures like s390x work fine:
```
manx@appendix:~/tmp$ s390x-linux-gnu-gcc -std=c18 -O3 -Wall -Wextra -Wpedantic nothing.c
manx@appendix:~/tmp$ ./a.out
manx@appendix:~/tmp$
```

Static linking does not help:
```
manx@appendix:~/tmp$ aarch64-linux-gnu-gcc -std=c18 -O3 -Wall -Wextra -Wpedantic -static nothing.c
manx@appendix:~/tmp$ ./a.out
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
manx@appendix:~/tmp$
```

relevant versions:
```
manx@appendix:~/tmp$ aarch64-linux-gnu-gcc --version
aarch64-linux-gnu-gcc (Debian 11.3.0-3) 11.3.0
Copyright (C) 2021 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
manx@appendix:~/tmp$ qemu-aarch64-static --version
qemu-aarch64 version 7.0.0 (Debian 1:7.0+dfsg-7)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers
manx@appendix:~/tmp$
```

QEMU aarch64 user mode emulation works fine on Debian 11 Bullseye with QEMU 5.2.

Thanks,
Jörn

-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, s390x, armhf, arm64, ppc64el

Kernel: Linux 5.18.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

qemu-user-static depends on no packages.

Versions of packages qemu-user-static recommends:
ii binfmt-support 2.2.2-1
ii systemd 251.2-7

qemu-user-static suggests no packages.

-- no debconf information

[Tony Garnock-Jones]

Hi,

I think I'm seeing the same thing. Reproduction from a fresh install of
bookworm on an x86_64 host:

# dpkg --add-architecture arm64
# apt update
# apt install hello:arm64
# apt install qemu-user-static binfmt-support
# hello

qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault

This is the probable cause of a problem I was trying to resolve with
docker, namely that running an aarch64 container hangs. To reproduce
*that*, follow the above steps, then:

# apt install docker.io
# docker run -it --rm --platform=linux/arm64 alpine:edge uname -m
(it hangs and never prints anything)
(which is different from the behaviour for e.g. 32 bit arm)

Could this be related to

- Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999421
- Upstream qemu issue https://gitlab.com/qemu-project/qemu/-/issues/555

?

Tony

[Michael Tokarev]

On Fri, 01 Jul 2022 17:06:31 +0200 Jörn_Heusipp <osm...@problemloesungsmaschine.de> wrote:
> Package: qemu-user-static
> Version: 1:7.0+dfsg-7
> Severity: important
> X-Debbugs-Cc: osm...@problemloesungsmaschine.de
>
> Dear Maintainer,
>
> I am using QEMU user mode emulation to test my software on non-amd64 architectures. I have qemu-user-static and binfmt-support installed so that I can run foreign binaries seamlessly.
>
> On Debian Testing with QEMU 7, aarch64 user mode emulation always segfaults:
> ```
> manx@appendix:~/tmp$ cat nothing.c
> int main() {
> return 0;
> }
> manx@appendix:~/tmp$ aarch64-linux-gnu-gcc -std=c18 -O3 -Wall -Wextra -Wpedantic nothing.c
> manx@appendix:~/tmp$ ./a.out
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
> Segmentation fault

This works fine on bullseye system with qemu-user-static 7.0 from backports.
This and the static build, which failed for you too.

I wonder if the difference is within gcc (which compiled your nothing.c)
or with glibc (which provides the dynamic linker and the startup code).

I uploaded new upstream release of qemu a few days ago, 7.1, can you verify
if that one makes any difference?

Thanks!

/mjt

[Tony Garnock-Jones]

On Tue, 13 Sep 2022 23:42:19 +0300 Michael Tokarev <m...@tls.msk.ru> wrote:
> I uploaded new upstream release of qemu a few days ago, 7.1, can you verify
> if that one makes any difference?

It looks hopeful at least for my use cases!

# dpkg --add-architecture arm64
# apt update
# apt install hello:arm64
# apt install qemu-user-static binfmt-support
# hello

Hello, world!

# apt install docker.io
# docker run -it --rm --platform=linux/arm64 alpine:edge uname -m

aarch64

# dpkg -l qemu-user-static binfmt-support hello
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-================-============-============-==================================================
ii binfmt-support 2.2.2-1 amd64 Support for extra binary
formats
ii hello:arm64 2.10-2 arm64 example package based on
GNU hello
ii qemu-user-static 1:7.1+dfsg-2 amd64 QEMU user mode emulation
binaries (static version)


Thank you!

Regards,
Tony