Dixi quod… >My guess here is that it’s, as usual, the fault of qemu-user,
Strong evidence for that: doesn’t look like it even executes one bit of klibc code: $ qemu-arm-static -d cpu ./fstype --help qemu: uncaught target signal 11 (Segmentation fault) - core dumped Segmentation fault (core dumped) And: GNU gdb (Debian 10.1-2) 10.1.90.20210103-git Copyright (C) 2021 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/qemu-arm-static... Downloading separate debug info for /usr/bin/qemu-arm-static... Reading symbols from /home/tglase/.cache/debuginfod_client/5a14d0155c981c94a528d6468ded2c203f1e1908/debuginfo... (gdb) r Starting program: /usr/bin/qemu-arm-static ./fstype --help [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7ffff7ff8700 (LWP 27273)] Thread 1 "qemu-arm-static" received signal SIGSEGV, Segmentation fault. 0x00000000004c5cb6 in cpu_lduw_code (env=env@entry=0xcbed30, ptr=3670264) at ./include/qemu/bswap.h:329 Download failed: Invalid argument. Continuing without source file ./b/user-static/./include/qemu/bswap.h. 329 ./include/qemu/bswap.h: No such file or directory. (gdb) bt #0 0x00000000004c5cb6 in cpu_lduw_code (env=env@entry=0xcbed30, ptr=3670264) at ./include/qemu/bswap.h:329 #1 0x000000000045c9ac in translator_lduw_swap (do_swap=false, pc=<optimized out>, env=0xcbed30) at ./include/exec/translator.h:178 #2 arm_lduw_code (sctlr_b=false, addr=<optimized out>, env=0xcbed30) at ../../target/arm/arm_ldst.h:44 #3 thumb_tr_translate_insn (dcbase=0x7fffffffdd50, cpu=<optimized out>) at ../../target/arm/translate.c:9054 #4 0x00000000004bc1e9 in translator_loop (ops=0xa7f180 <thumb_translator_ops>, db=db@entry=0x7fffffffdd50, cpu=cpu@entry=0xcb6a60, tb=tb@entry=0x7fffe8000040 <code_gen_buffer+22>, max_insns=max_insns@entry=512) at ../../accel/tcg/translator.c:103 #5 0x0000000000463eb3 in gen_intermediate_code (cpu=cpu@entry=0xcb6a60, tb=tb@entry=0x7fffe8000040 <code_gen_buffer+22>, max_insns=max_insns@entry=512) at ../../target/arm/translate.c:9283 #6 0x0000000000512d75 in tb_gen_code (cpu=cpu@entry=0xcb6a60, pc=3670264, cs_base=0, flags=1196288, cflags=-16777216, cflags@entry=0) at ../../accel/tcg/translate-all.c:1744 #7 0x00000000004b4734 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0xcb6a60) at ../../accel/tcg/cpu-exec.c:414 #8 cpu_exec (cpu=cpu@entry=0xcb6a60) at ../../accel/tcg/cpu-exec.c:770 #9 0x0000000000422608 in cpu_loop (env=env@entry=0xcbed30) at ../../linux-user/arm/cpu_loop.c:237 #10 0x0000000000402949 in main (argc=<optimized out>, argv=0x7fffffffe230, envp=<optimized out>) at ../../linux-user/main.c:882 (gdb) info r rax 0x40d94000 1087979520 rbx 0x7fffffffdd50 140737488346448 rcx 0xd9a728 14264104 rdx 0xc64d60 12995936 rsi 0x3800f8 3670264 rdi 0xcbed30 13364528 rbp 0x0 0x0 rsp 0x7fffffffdc48 0x7fffffffdc48 r8 0xc64d60 12995936 r9 0xc656e8 12998376 r10 0x0 0 r11 0x0 0 r12 0xcbed30 13364528 r13 0x0 0 r14 0x0 0 r15 0x7fffffffdd50 140737488346448 rip 0x4c5cb6 0x4c5cb6 <cpu_lduw_code+22> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) disas Dump of assembler code for function cpu_lduw_code: 0x00000000004c5ca0 <+0>: mov QWORD PTR fs:0xffffffffffffff58,0x1 0x00000000004c5cad <+13>: mov esi,esi 0x00000000004c5caf <+15>: mov rax,QWORD PTR [rip+0x79efa2] # 0xc64c58 <guest_base> => 0x00000000004c5cb6 <+22>: movzx eax,WORD PTR [rax+rsi*1] 0x00000000004c5cba <+26>: mov QWORD PTR fs:0xffffffffffffff58,0x0 0x00000000004c5cc7 <+39>: ret End of assembler dump. The content of rax (guest_base) looks legit: $ cat /proc/27269/maps 00400000-00401000 r--p 00000000 fd:00 2624234 /usr/bin/qemu-arm-static 00401000-0071e000 r-xp 00001000 fd:00 2624234 /usr/bin/qemu-arm-static 0071e000-00a53000 r--p 0031e000 fd:00 2624234 /usr/bin/qemu-arm-static 00a53000-00be8000 r--p 00652000 fd:00 2624234 /usr/bin/qemu-arm-static 00be8000-00c62000 rw-p 007e7000 fd:00 2624234 /usr/bin/qemu-arm-static 00c62000-00db7000 rw-p 00000000 00:00 0 [heap] 40d94000-40da4000 ---p 00000000 00:00 0 40da4000-40da5000 r--p 00000000 fd:00 2234167 /home/tglase/fstype 40da5000-40da6000 rw-p 00000000 fd:00 2234167 /home/tglase/fstype 40da6000-80d94000 ---p 00000000 00:00 0 80d94000-80d95000 ---p 00000000 00:00 0 80d95000-81595000 rw-p 00000000 00:00 0 81595000-140d84000 ---p 00000000 00:00 0 140d84000-140d85000 r--p 00000000 00:00 0 7fffe8000000-7fffeffff000 rwxp 00000000 00:00 0 7fffeffff000-7ffff0000000 ---p 00000000 00:00 0 7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0 7ffff0021000-7ffff4000000 ---p 00000000 00:00 0 7ffff7777000-7ffff77f8000 rw-p 00000000 00:00 0 7ffff77f8000-7ffff77f9000 ---p 00000000 00:00 0 7ffff77f9000-7ffff7ff9000 rw-p 00000000 00:00 0 7ffff7ff9000-7ffff7ffd000 r--p 00000000 00:00 0 [vvar] 7ffff7ffd000-7ffff7fff000 r-xp 00000000 00:00 0 [vdso] 7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] rax+rsi is 0x411140F8 though, which isn’t currently mapped readable, so the ptr argument (rsi) doesn’t lie in usable memory or so. Does this help?: (gdb) frame 4 #4 0x00000000004bc1e9 in translator_loop (ops=0xa7f180 <thumb_translator_ops>, db=db@entry=0x7fffffffdd50, cpu=cpu@entry=0xcb6a60, tb=tb@entry=0x7fffe8000040 <code_gen_buffer+22>, max_insns=max_insns@entry=512) at ../../accel/tcg/translator.c:103 Download failed: Invalid argument. Continuing without source file ./b/user-static/../../accel/tcg/translator.c. 103 ../../accel/tcg/translator.c: No such file or directory. (gdb) print *cpu $2 = {parent_obj = {parent_obj = {class = 0xcab090, free = 0x615410 <g_free>, properties = 0xcab800, ref = 2, parent = 0xcaf8f0}, id = 0x0, canonical_path = 0xd52700 "/machine/unattached/device[0]", realized = true, pending_deleted_event = false, opts = 0x0, hotplugged = 0, allow_unplug_during_migration = false, parent_bus = 0x0, gpios = {lh_first = 0x0}, clocks = {lh_first = 0x0}, child_bus = {lh_first = 0x0}, num_child_bus = 0, instance_id_alias = -1, alias_required_for_version = 0, reset = {count = 0, hold_phase_pending = false, exit_phase_in_progress = false}}, nr_cores = 1, nr_threads = 1, thread = 0x0, thread_id = 0, running = true, has_waiter = false, halt_cond = 0x0, thread_kicked = false, created = false, stop = false, stopped = false, start_powered_off = false, unplug = false, crash_occurred = false, exit_request = false, in_exclusive_context = false, cflags_next_tb = 4294967295, interrupt_request = 0, singlestep_enabled = 0, icount_budget = 0, icount_extra = 0, random_seed = 0, jmp_env = {{__jmpbuf = { 13331040, -3916268391523349795, 13331040, 7528192, 14027408, 2, -3916268390873232675, 3916268883799247581}, __mask_was_saved = 0, __saved_mask = {__val = {0 <repeats 16 times>}}}}, work_mutex = {lock = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, initialized = true}, work_list = {sqh_first = 0x0, sqh_last = 0xcb6c30}, cpu_ases = 0x0, num_ases = 0, as = 0x0, memory = 0x0, env_ptr = 0xcbed30, icount_decr_ptr = 0xcbed28, tb_jmp_cache = { 0x0 <repeats 4096 times>}, gdb_regs = 0xd4fe30, gdb_num_regs = 192, gdb_num_g_regs = 26, node = { tqe_next = 0x0, tqe_circ = {tql_next = 0x0, tql_prev = 0xbe8010 <cpus>}}, breakpoints = {tqh_first = 0x0, tqh_circ = {tql_next = 0x0, tql_prev = 0xcbec90}}, watchpoints = {tqh_first = 0x0, tqh_circ = { tql_next = 0x0, tql_prev = 0xcbeca0}}, watchpoint_hit = 0x0, opaque = 0xd74700, mem_io_pc = 0, kvm_fd = 0, kvm_state = 0x0, kvm_run = 0x0, trace_dstate_delayed = {0}, trace_dstate = {0}, plugin_mask = { 0}, cpu_index = 0, cluster_index = -1, halted = 0, can_do_io = 1, exception_index = -1, vcpu_dirty = false, throttle_thread_scheduled = false, ignore_memory_transaction_failures = false, hax_vcpu = 0x0, hvf_fd = 0, iommu_notifiers = 0x0} (gdb) print *db $3 = {tb = 0x7fffe8000040 <code_gen_buffer+22>, pc_first = 3670264, pc_next = 3670264, is_jmp = DISAS_NEXT, num_insns = 1, max_insns = 512, singlestep_enabled = false} (gdb) frame 9 #9 0x0000000000422608 in cpu_loop (env=env@entry=0xcbed30) at ../../linux-user/arm/cpu_loop.c:237 Download failed: Invalid argument. Continuing without source file ./b/user-static/../../linux-user/arm/cpu_loop.c. 237 ../../linux-user/arm/cpu_loop.c: No such file or directory. (gdb) print *env $4 = {regs = {0, 1082133305, 1082133314, 0, 0, 0, 0, 0, 0, 0, 71688, 0, 0, 1082132928, 0, 3670264}, xregs = { 0 <repeats 32 times>}, pc = 0, pstate = 0, aarch64 = 0, hflags = 1179648, uncached_cpsr = 16, spsr = 0, banked_spsr = {0, 0, 0, 0, 0, 0, 0, 0}, banked_r13 = {0, 0, 0, 0, 0, 0, 0, 0}, banked_r14 = {0, 0, 0, 0, 0, 0, 0, 0}, usr_regs = {0, 0, 0, 0, 0}, fiq_regs = {0, 0, 0, 0, 0}, CF = 0, VF = 0, NF = 48, ZF = 1073741824, QF = 0, GE = 0, thumb = 1, condexec_bits = 0, btype = 0, daif = 0, elr_el = {0, 0, 0, 0}, sp_el = {0, 0, 0, 0}, cp15 = {c0_cpuid = 1093648625, {{_unused_csselr0 = 0, csselr_ns = 0, _unused_csselr1 = 0, csselr_s = 0}, csselr_el = {0, 0, 0, 0}}, {{_unused_sctlr = 0, sctlr_ns = 12910712, hsctlr = 0, sctlr_s = 0}, sctlr_el = {0, 12910712, 0, 0}}, cpacr_el1 = 15728640, cptr_el = {0, 0, 0, 0}, c1_xscaleauxcr = 0, sder = 0, nsacr = 0, {{_unused_ttbr0_0 = 0, ttbr0_ns = 0, _unused_ttbr0_1 = 0, ttbr0_s = 0}, ttbr0_el = {0, 0, 0, 0}}, {{_unused_ttbr1_0 = 0, ttbr1_ns = 0, _unused_ttbr1_1 = 0, ttbr1_s = 0}, ttbr1_el = {0, 0, 0, 0}}, vttbr_el2 = 0, tcr_el = {{raw_tcr = 0, mask = 0, base_mask = 0}, {raw_tcr = 0, mask = 0, base_mask = 4294950912}, {raw_tcr = 0, mask = 0, base_mask = 0}, {raw_tcr = 0, mask = 0, base_mask = 0}}, vtcr_el2 = {raw_tcr = 0, mask = 0, base_mask = 0}, c2_data = 0, c2_insn = 0, {{dacr_ns = 0, dacr_s = 0}, {dacr32_el2 = 0}}, pmsav5_data_ap = 0, pmsav5_insn_ap = 0, hcr_el2 = 0, scr_el3 = 0, {{ifsr_ns = 0, ifsr_s = 0}, { ifsr32_el2 = 0}}, {{_unused_dfsr = 0, dfsr_ns = 0, hsr = 0, dfsr_s = 0}, esr_el = {0, 0, 0, 0}}, c6_region = {0, 0, 0, 0, 0, 0, 0, 0}, {{_unused_far0 = 0, dfar_ns = 0, ifar_ns = 0, dfar_s = 0, ifar_s = 0, _unused_far3 = 0}, far_el = {0, 0, 0, 0}}, hpfar_el2 = 0, hstr_el2 = 0, {{_unused_par_0 = 0, par_ns = 0, _unused_par_1 = 0, par_s = 0}, par_el = {0, 0, 0, 0}}, c9_insn = 0, c9_data = 0, c9_pmcr = 1090527296, c9_pmcnten = 0, c9_pmovsr = 0, c9_pmuserenr = 0, c9_pmselr = 0, c9_pminten = 0, {{ _unused_mair_0 = 0, mair0_ns = 0, mair1_ns = 0, _unused_mair_1 = 0, mair0_s = 0, mair1_s = 0}, mair_el = {0, 0, 0, 0}}, {{_unused_vbar = 0, vbar_ns = 0, hvbar = 0, vbar_s = 0}, vbar_el = {0, 0, 0, 0}}, mvbar = 0, {fcseidr_ns = 0, fcseidr_s = 0}, {{_unused_contextidr_0 = 0, contextidr_ns = 0, _unused_contextidr_1 = 0, contextidr_s = 0}, contextidr_el = {0, 0, 0, 0}}, {{tpidrurw_ns = 0, tpidrprw_ns = 0, htpidr = 0, _tpidr_el3 = 0}, tpidr_el = {0, 0, 0, 0}}, tpidrurw_s = 0, tpidrprw_s = 0, tpidruro_s = 0, {tpidruro_ns = 0, tpidrro_el = {0}}, c14_cntfrq = 62500000, c14_cntkctl = 0, cnthctl_el2 = 0, cntvoff_el2 = 0, c14_timer = {{cval = 0, ctl = 0}, {cval = 0, ctl = 0}, {cval = 0, ctl = 0}, {cval = 0, ctl = 0}, {cval = 0, ctl = 0}}, c15_cpar = 0, c15_ticonfig = 0, c15_i_max = 0, c15_i_min = 0, c15_threadid = 0, c15_config_base_address = 0, c15_diagnostic = 0, c15_power_diagnostic = 0, c15_power_control = 0, dbgbvr = {0 <repeats 16 times>}, dbgbcr = {0 <repeats 16 times>}, dbgwvr = { 0 <repeats 16 times>}, dbgwcr = {0 <repeats 16 times>}, mdscr_el1 = 0, oslsr_el1 = 10, mdcr_el2 = 0, mdcr_el3 = 0, c15_ccnt = 0, c15_ccnt_delta = 0, c14_pmevcntr = {0 <repeats 31 times>}, c14_pmevcntr_delta = {0 <repeats 31 times>}, c14_pmevtyper = {0 <repeats 31 times>}, pmccfiltr_el0 = 0, --Type <RET> for more, q to quit, c to continue without paging-- vpidr_el2 = 0, vmpidr_el2 = 0, tfsr_el = {0, 0, 0, 0}, gcr_el1 = 0, rgsr_el1 = 0}, v7m = {other_sp = 0, other_ss_msp = 0, other_ss_psp = 0, vecbase = {0, 0}, basepri = {0, 0}, control = {0, 0}, ccr = {0, 0}, cfsr = {0, 0}, hfsr = 0, dfsr = 0, sfsr = 0, mmfar = {0, 0}, bfar = 0, sfar = 0, mpu_ctrl = {0, 0}, exception = 0, primask = {0, 0}, faultmask = {0, 0}, aircr = 0, secure = 0, csselr = {0, 0}, scr = {0, 0}, msplim = {0, 0}, psplim = {0, 0}, fpcar = {0, 0}, fpccr = {0, 0}, fpdscr = {0, 0}, cpacr = {0, 0}, nsacr = 0, ltpsize = 0}, exception = {syndrome = 0, fsr = 0, vaddress = 0, target_el = 0}, serror = { pending = 0 '\000', has_esr = 0 '\000', esr = 0}, ext_dabt_raised = 0 '\000', irq_line_state = 0, teecr = 0, teehbr = 0, vfp = {zregs = {{d = {0, 0}} <repeats 32 times>}, qc = {0, 0, 0, 0}, vec_len = 0, vec_stride = 0, xregs = {1090793712, 0, 0, 0, 0, 67, 320934161, 286327330, 1073741824, 0, 0, 0, 0, 0, 0, 0}, scratch = {0, 0, 0, 0, 0, 0, 0, 0}, fp_status = {float_rounding_mode = float_round_nearest_even, float_exception_flags = 0 '\000', floatx80_rounding_precision = 0 '\000', tininess_before_rounding = true, flush_to_zero = false, flush_inputs_to_zero = false, default_nan_mode = false, snan_bit_is_one = false, use_first_nan = false, no_signaling_nans = false}, fp_status_f16 = {float_rounding_mode = float_round_nearest_even, float_exception_flags = 0 '\000', floatx80_rounding_precision = 0 '\000', tininess_before_rounding = true, flush_to_zero = false, flush_inputs_to_zero = false, default_nan_mode = false, snan_bit_is_one = false, use_first_nan = false, no_signaling_nans = false}, standard_fp_status = {float_rounding_mode = float_round_nearest_even, float_exception_flags = 0 '\000', floatx80_rounding_precision = 0 '\000', tininess_before_rounding = true, flush_to_zero = true, flush_inputs_to_zero = true, default_nan_mode = true, snan_bit_is_one = false, use_first_nan = false, no_signaling_nans = false}, standard_fp_status_f16 = {float_rounding_mode = float_round_nearest_even, float_exception_flags = 0 '\000', floatx80_rounding_precision = 0 '\000', tininess_before_rounding = true, flush_to_zero = false, flush_inputs_to_zero = false, default_nan_mode = true, snan_bit_is_one = false, use_first_nan = false, no_signaling_nans = false}, zcr_el = {0, 0, 0, 0}}, exclusive_addr = 0, exclusive_val = 0, exclusive_high = 0, iwmmxt = {regs = {0 <repeats 16 times>}, val = 0, cregs = {0 <repeats 16 times>}}, eabi = 0, cpu_breakpoint = {0x0 <repeats 16 times>}, cpu_watchpoint = {0x0 <repeats 16 times>}, end_reset_fields = {<No data fields>}, features = 30989547897, pmsav7 = {drbar = 0x0, drsr = 0x0, dracr = 0x0, rnr = {0, 0}}, pmsav8 = {rbar = {0x0, 0x0}, rlar = {0x0, 0x0}, mair0 = {0, 0}, mair1 = {0, 0}}, sau = {rbar = 0x0, rlar = 0x0, rnr = 0, ctrl = 0}, nvic = 0x0, boot_info = 0x0, gicv3state = 0x0} At this point you’d have to know about the internals of qemu… Other approach: check how it goes there. Perhaps something about the ELF headers of klibc*.so and/or fstype… bye, //mirabilos -- <igli> exceptions: a truly awful implementation of quite a nice idea. <igli> just about the worst way you could do something like that, afaic. <igli> it's like anti-design. <mirabilos> that too… may I quote you on that? <igli> sure, tho i doubt anyone will listen ;)
