Hello Diederik, I am not involved in packaging, just trying to collect some information.
Architecture: amd64 (x86_64)
The subject on the email mentions "on arm64". From the Architecture line I assume this should read "on amd64"?
[44932.698657] python3.9[313800]: segfault at 2524310 ip 00000000005637c0 sp 00007ffdeefd1098 error 4 in qemu-aarch64-static[401000+3e3000] [44932.698664] Code: 00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b
The breaking instruction seems to be here: 0x5637c0: file ../../linux-user/mmap.c, line 43. 0x00000000005637c0 <have_mmap_lock+0>: 64 8b 04 25 50 ff ff ff mov %fs:0xffffffffffffff50,%eax https://sources.debian.org/src/qemu/1:5.2+dfsg-10/linux-user/mmap.c/#L43 25 static __thread int mmap_lock_count; ... 41 bool have_mmap_lock(void) 42 { 43 return mmap_lock_count > 0 ? true : false; 44 } I have hoped it might be more clear, but this might probably be related to the thread local storage of mmap_lock_count. Maybe systemd-coredump would collect a core of such a crash? Kind regards, Bernhard
From Diederik's second mail: [44932.698657] python3.9[313800]: segfault at 2524310 ip 00000000005637c0 sp 00007ffdeefd1098 error 4 in qemu-aarch64-static[401000+3e3000] [44932.698664] Code: 00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash error 4 == 0b00000100: bit 0 == 0: no page found bit 1 == 0: read access bit 2 == 1: user-mode access echo -n "find /b ..., ..., 0x" && \ echo "00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b" \ | sed 's/[<>]//g' | sed 's/ /, 0x/g' find /b ..., ..., 0x00, 0xe9, 0x94, 0x78, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x83, 0x2c, 0x25, 0x50, 0xff, 0xff, 0xff, 0x01, 0x74, 0x05, 0xc3, 0x0f, 0x1f, 0x40, 0x00, 0x48, 0x8d, 0x3d, 0xe9, 0xd0, 0x7f, 0x00, 0xe9, 0xe4, 0x85, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x8b, 0x04, 0x25, 0x50, 0xff, 0xff, 0xff, 0x85, 0xc0, 0x0f, 0x9f, 0xc0, 0xc3, 0x66, 0x90, 0x48, 0x83, 0xec, 0x08, 0x64, 0x8b ################## # Bullseye/testing amd64 qemu VM 2021-05-21 dpkg --add-architecture arm64 apt update apt dist-upgrade apt install gdb qemu-user-static-dbgsym echo "set enable-bracketed-paste off" >> /etc/inputrc; bash gdb -q set width 0 set pagination off file /usr/bin/qemu-aarch64-static tb main run (gdb) info target Symbols from "/usr/bin/qemu-aarch64-static". Native process: Using the running image of child Thread 0xd873c0 (LWP 975). While running this, GDB does not access memory from... Local exec file: `/usr/bin/qemu-aarch64-static', file type elf64-x86-64. Entry point: 0x403670 ... 0x0000000000401140 - 0x00000000007e2872 is .text ... (gdb) find /b 0x0000000000401140, 0x00000000007e2872, 0x00, 0xe9, 0x94, 0x78, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x83, 0x2c, 0x25, 0x50, 0xff, 0xff, 0xff, 0x01, 0x74, 0x05, 0xc3, 0x0f, 0x1f, 0x40, 0x00, 0x48, 0x8d, 0x3d, 0xe9, 0xd0, 0x7f, 0x00, 0xe9, 0xe4, 0x85, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x8b, 0x04, 0x25, 0x50, 0xff, 0xff, 0xff, 0x85, 0xc0, 0x0f, 0x9f, 0xc0, 0xc3, 0x66, 0x90, 0x48, 0x83, 0xec, 0x08, 0x64, 0x8b 0x563796 <mmap_lock+38> 1 pattern found. (gdb) b * (0x563796 + 42) Breakpoint 2 at 0x5637c0: file ../../linux-user/mmap.c, line 43. (gdb) info b Num Type Disp Enb Address What 2 breakpoint keep y 0x00000000005637c0 in have_mmap_lock at ../../linux-user/mmap.c:43 (gdb) disassemble /r 0x563796, 0x563796 + 62 Dump of assembler code from 0x563796 to 0x5637d4: 0x0000000000563796 <mmap_lock+38>: 00 e9 add %ch,%cl 0x0000000000563798 <mmap_lock+40>: 94 xchg %eax,%esp 0x0000000000563799 <mmap_lock+41>: 78 1c js 0x5637b7 <mmap_unlock+23> 0x000000000056379b <mmap_lock+43>: 00 0f add %cl,(%rdi) 0x000000000056379d: 1f (bad) 0x000000000056379e: 40 00 64 83 2c add %spl,0x2c(%rbx,%rax,4) 0x00000000005637a3 <mmap_unlock+3>: 25 50 ff ff ff and $0xffffff50,%eax 0x00000000005637a8 <mmap_unlock+8>: 01 74 05 c3 add %esi,-0x3d(%rbp,%rax,1) 0x00000000005637ac <mmap_unlock+12>: 0f 1f 40 00 nopl 0x0(%rax) 0x00000000005637b0 <mmap_unlock+16>: 48 8d 3d e9 d0 7f 00 lea 0x7fd0e9(%rip),%rdi # 0xd608a0 <mmap_mutex> 0x00000000005637b7 <mmap_unlock+23>: e9 e4 85 1c 00 jmp 0x72bda0 <__pthread_mutex_unlock> 0x00000000005637bc: 0f 1f 40 00 nopl 0x0(%rax) >> 0x00000000005637c0 <have_mmap_lock+0>: 64 8b 04 25 50 ff ff ff mov >> %fs:0xffffffffffffff50,%eax 0x00000000005637c8 <have_mmap_lock+8>: 85 c0 test %eax,%eax 0x00000000005637ca <have_mmap_lock+10>: 0f 9f c0 setg %al 0x00000000005637cd <have_mmap_lock+13>: c3 ret 0x00000000005637ce: 66 90 xchg %ax,%ax 0x00000000005637d0 <mmap_fork_start+0>: 48 83 ec 08 sub $0x8,%rsp End of assembler dump. (gdb) info thread Id Target Id Frame * 1 Thread 0xd873c0 (LWP 975) "qemu-aarch64-st" main (argc=1, argv=0x7fffffffe608, envp=0x7fffffffe618) at ../../linux-user/main.c:638 2 Thread 0x7ffff7ff8700 (LWP 979) "qemu-aarch64-st" 0x00000000007cb581 in clock_nanosleep () (gdb) print &mmap_lock_count $1 = (int *) 0xd87310 (gdb) thread 2 [Switching to thread 2 (Thread 0x7ffff7ff8700 (LWP 979))] #0 0x00000000007cb581 in clock_nanosleep () (gdb) print &mmap_lock_count $2 = (int *) 0x7ffff7ff8650 https://sources.debian.org/src/qemu/1:5.2+dfsg-10/linux-user/mmap.c/#L43 25 static __thread int mmap_lock_count; ... 41 bool have_mmap_lock(void) 42 { 43 return mmap_lock_count > 0 ? true : false; 44 } apt install systemd-coredump debootstrap busybox-static:arm64 gdb -q --args qemu-aarch64-static /usr/bin/busybox ls (gdb) b have_mmap_lock (gdb) run (gdb) print/x $fs $1 = 0x0 (gdb) print mmap_lock_count $2 = 2 (gdb) print &mmap_lock_count $3 = (int *) 0xd87310 (gdb) disassemble /r have_mmap_lock Dump of assembler code for function have_mmap_lock: => 0x00000000005637c0 <+0>: 64 8b 04 25 50 ff ff ff mov %fs:0xffffffffffffff50,%eax 0x00000000005637c8 <+8>: 85 c0 test %eax,%eax 0x00000000005637ca <+10>: 0f 9f c0 setg %al 0x00000000005637cd <+13>: c3 ret End of assembler dump. https://stackoverflow.com/questions/57484261/debugging-segment-register-fs-using-gdb?noredirect=1&lq=1 https://stackoverflow.com/questions/23095665/using-gdb-to-read-msrs (gdb) print/x $fs_base $4 = 0xd873c0 https://chao-tic.github.io/blog/2018/12/25/tls (gdb) print (int)0xffffffffffffff50 $7 = -176 (gdb) x/1xg $fs_base - 176 0xd87310: 0x0000000000000002 cd /home/benutzer/ mkdir chroot1/usr/bin -p cp -a /usr/bin/qemu-aarch64-static chroot1/usr/bin/ debootstrap --arch=arm64 --include=busybox-static,python3 bullseye chroot1 http://192.168.178.25:9999/debian-11-bullseye-deb.debian.org/
