Am 22.05.21 um 00:11 schrieb Bernhard Übelacker:
Maybe systemd-coredump would collect a core of such a crash?
And I did a debootstrap in a loop and got three crashes out of 20 tries. A core was collected and shows the stack below. It is strange that exec_path shows just "/arm64" and trying gdb to print the variable mmap_lock_count shows a warning about a corrupted shared library list. Kind regards, Bernhard (gdb) bt #0 have_mmap_lock () at ../../linux-user/mmap.c:43 #1 0x00000000005863ac in page_set_flags (start=start@entry=4194304, end=end@entry=21041152, flags=flags@entry=8) at ../../accel/tcg/translate-all.c:2568 #2 0x000000000056416d in target_mmap (start=start@entry=4194304, len=<optimized out>, len@entry=16842963, target_prot=target_prot@entry=0, flags=16434, fd=fd@entry=-1, offset=offset@entry=0) at ../../linux-user/mmap.c:602 #3 0x000000000057be4d in load_elf_image (image_name=0x7ffe12b44e4f "/arm64", image_fd=3, info=info@entry=0x7ffe12b43b20, pinterp_name=pinterp_name@entry=0x7ffe12b43880, bprm_buf=bprm_buf@entry=0x7ffe12b43d30 "\177ELF\002\001\001") at ../../linux-user/elfload.c:2700 #4 0x000000000057c5bc in load_elf_binary (bprm=bprm@entry=0x7ffe12b43d30, info=info@entry=0x7ffe12b43b20) at ../../linux-user/elfload.c:3104 #5 0x0000000000571a4b in loader_exec (fdexec=fdexec@entry=3, filename=<optimized out>, argv=argv@entry=0x20b8d20, envp=envp@entry=0x210db50, regs=regs@entry=0x7ffe12b43c20, infop=infop@entry=0x7ffe12b43b20, bprm=<optimized out>) at ../../linux-user/linuxload.c:147 #6 0x0000000000402831 in main (argc=<optimized out>, argv=0x7ffe12b442e8, envp=<optimized out>) at ../../linux-user/main.c:831 (gdb) display/i $pc 1: x/i $pc => 0x5637c0 <have_mmap_lock>: mov %fs:0xffffffffffffff50,%eax (gdb) frame 6 #6 0x0000000000402831 in main (argc=<optimized out>, argv=0x7ffe12b442e8, envp=<optimized out>) at ../../linux-user/main.c:831 831 ../../linux-user/main.c: Datei oder Verzeichnis nicht gefunden. (gdb) print argv[0] $6 = 0x7ffe12b44e25 "/usr/libexec/qemu-binfmt/aarch64-binfmt-P" (gdb) print argv[1] $7 = 0x7ffe12b44e4f "/arm64" (gdb) print argv[2] $8 = 0x7ffe12b44e56 "/arm64" (gdb) print argv[3] $9 = 0x0 (gdb) print &mmap_lock_count warning: Corrupted shared library list: 0xd5f120 != 0x0 Cannot find thread-local storage for LWP 148246, executable file /usr/lib/debug/.build-id/2e/c1a124ce847ca347222b5ddcdb8639aadff4e0.debug: Cannot find thread-local variables on this target (gdb) print exec_path $32 = 0x7ffe12b44e4f "/arm64"
From Diederik's second mail: [44932.698657] python3.9[313800]: segfault at 2524310 ip 00000000005637c0 sp 00007ffdeefd1098 error 4 in qemu-aarch64-static[401000+3e3000] [44932.698664] Code: 00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash error 4 == 0b00000100: bit 0 == 0: no page found bit 1 == 0: read access bit 2 == 1: user-mode access echo -n "find /b ..., ..., 0x" && \ echo "00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b" \ | sed 's/[<>]//g' | sed 's/ /, 0x/g' find /b ..., ..., 0x00, 0xe9, 0x94, 0x78, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x83, 0x2c, 0x25, 0x50, 0xff, 0xff, 0xff, 0x01, 0x74, 0x05, 0xc3, 0x0f, 0x1f, 0x40, 0x00, 0x48, 0x8d, 0x3d, 0xe9, 0xd0, 0x7f, 0x00, 0xe9, 0xe4, 0x85, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x8b, 0x04, 0x25, 0x50, 0xff, 0xff, 0xff, 0x85, 0xc0, 0x0f, 0x9f, 0xc0, 0xc3, 0x66, 0x90, 0x48, 0x83, 0xec, 0x08, 0x64, 0x8b ################## # Bullseye/testing amd64 qemu VM 2021-05-21 dpkg --add-architecture arm64 apt update apt dist-upgrade apt install gdb qemu-user-static-dbgsym echo "set enable-bracketed-paste off" >> /etc/inputrc; bash gdb -q set width 0 set pagination off file /usr/bin/qemu-aarch64-static tb main run (gdb) info target Symbols from "/usr/bin/qemu-aarch64-static". Native process: Using the running image of child Thread 0xd873c0 (LWP 975). While running this, GDB does not access memory from... Local exec file: `/usr/bin/qemu-aarch64-static', file type elf64-x86-64. Entry point: 0x403670 ... 0x0000000000401140 - 0x00000000007e2872 is .text ... (gdb) find /b 0x0000000000401140, 0x00000000007e2872, 0x00, 0xe9, 0x94, 0x78, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x83, 0x2c, 0x25, 0x50, 0xff, 0xff, 0xff, 0x01, 0x74, 0x05, 0xc3, 0x0f, 0x1f, 0x40, 0x00, 0x48, 0x8d, 0x3d, 0xe9, 0xd0, 0x7f, 0x00, 0xe9, 0xe4, 0x85, 0x1c, 0x00, 0x0f, 0x1f, 0x40, 0x00, 0x64, 0x8b, 0x04, 0x25, 0x50, 0xff, 0xff, 0xff, 0x85, 0xc0, 0x0f, 0x9f, 0xc0, 0xc3, 0x66, 0x90, 0x48, 0x83, 0xec, 0x08, 0x64, 0x8b 0x563796 <mmap_lock+38> 1 pattern found. (gdb) b * (0x563796 + 42) Breakpoint 2 at 0x5637c0: file ../../linux-user/mmap.c, line 43. (gdb) info b Num Type Disp Enb Address What 2 breakpoint keep y 0x00000000005637c0 in have_mmap_lock at ../../linux-user/mmap.c:43 (gdb) disassemble /r 0x563796, 0x563796 + 62 Dump of assembler code from 0x563796 to 0x5637d4: 0x0000000000563796 <mmap_lock+38>: 00 e9 add %ch,%cl 0x0000000000563798 <mmap_lock+40>: 94 xchg %eax,%esp 0x0000000000563799 <mmap_lock+41>: 78 1c js 0x5637b7 <mmap_unlock+23> 0x000000000056379b <mmap_lock+43>: 00 0f add %cl,(%rdi) 0x000000000056379d: 1f (bad) 0x000000000056379e: 40 00 64 83 2c add %spl,0x2c(%rbx,%rax,4) 0x00000000005637a3 <mmap_unlock+3>: 25 50 ff ff ff and $0xffffff50,%eax 0x00000000005637a8 <mmap_unlock+8>: 01 74 05 c3 add %esi,-0x3d(%rbp,%rax,1) 0x00000000005637ac <mmap_unlock+12>: 0f 1f 40 00 nopl 0x0(%rax) 0x00000000005637b0 <mmap_unlock+16>: 48 8d 3d e9 d0 7f 00 lea 0x7fd0e9(%rip),%rdi # 0xd608a0 <mmap_mutex> 0x00000000005637b7 <mmap_unlock+23>: e9 e4 85 1c 00 jmp 0x72bda0 <__pthread_mutex_unlock> 0x00000000005637bc: 0f 1f 40 00 nopl 0x0(%rax) >> 0x00000000005637c0 <have_mmap_lock+0>: 64 8b 04 25 50 ff ff ff mov >> %fs:0xffffffffffffff50,%eax 0x00000000005637c8 <have_mmap_lock+8>: 85 c0 test %eax,%eax 0x00000000005637ca <have_mmap_lock+10>: 0f 9f c0 setg %al 0x00000000005637cd <have_mmap_lock+13>: c3 ret 0x00000000005637ce: 66 90 xchg %ax,%ax 0x00000000005637d0 <mmap_fork_start+0>: 48 83 ec 08 sub $0x8,%rsp End of assembler dump. (gdb) info thread Id Target Id Frame * 1 Thread 0xd873c0 (LWP 975) "qemu-aarch64-st" main (argc=1, argv=0x7fffffffe608, envp=0x7fffffffe618) at ../../linux-user/main.c:638 2 Thread 0x7ffff7ff8700 (LWP 979) "qemu-aarch64-st" 0x00000000007cb581 in clock_nanosleep () (gdb) print &mmap_lock_count $1 = (int *) 0xd87310 (gdb) thread 2 [Switching to thread 2 (Thread 0x7ffff7ff8700 (LWP 979))] #0 0x00000000007cb581 in clock_nanosleep () (gdb) print &mmap_lock_count $2 = (int *) 0x7ffff7ff8650 https://sources.debian.org/src/qemu/1:5.2+dfsg-10/linux-user/mmap.c/#L43 25 static __thread int mmap_lock_count; ... 41 bool have_mmap_lock(void) 42 { 43 return mmap_lock_count > 0 ? true : false; 44 } apt install systemd-coredump debootstrap busybox-static:arm64 gdb -q --args qemu-aarch64-static /usr/bin/busybox ls (gdb) b have_mmap_lock (gdb) run (gdb) print/x $fs $1 = 0x0 (gdb) print mmap_lock_count $2 = 2 (gdb) print &mmap_lock_count $3 = (int *) 0xd87310 (gdb) disassemble /r have_mmap_lock Dump of assembler code for function have_mmap_lock: => 0x00000000005637c0 <+0>: 64 8b 04 25 50 ff ff ff mov %fs:0xffffffffffffff50,%eax 0x00000000005637c8 <+8>: 85 c0 test %eax,%eax 0x00000000005637ca <+10>: 0f 9f c0 setg %al 0x00000000005637cd <+13>: c3 ret End of assembler dump. https://stackoverflow.com/questions/57484261/debugging-segment-register-fs-using-gdb?noredirect=1&lq=1 https://stackoverflow.com/questions/23095665/using-gdb-to-read-msrs (gdb) print/x $fs_base $4 = 0xd873c0 https://chao-tic.github.io/blog/2018/12/25/tls (gdb) print (int)0xffffffffffffff50 $7 = -176 (gdb) x/1xg $fs_base - 176 0xd87310: 0x0000000000000002 cd /home/benutzer/ for i in {1..20}; do echo chroot$i $(date) mkdir chroot$i/usr/bin -p cp -a /usr/bin/qemu-aarch64-static chroot$i/usr/bin/ /bin/sh -x /usr/sbin/debootstrap --verbose --arch=arm64 --include=busybox-static,python3 bullseye chroot$i http://192.168.178.25:9999/debian-11-bullseye-deb.debian.org/ echo chroot$i $(date) done; [Sa Mai 22 02:25:24 2021] arm64[148246]: segfault at 209d310 ip 00000000005637c0 sp 00007ffe12b43628 error 4 in qemu-aarch64-static[401000+3e3000] [Sa Mai 22 02:25:24 2021] Code: 00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b [Sa Mai 22 02:31:51 2021] arm64[176825]: segfault at 1f81310 ip 00000000005637c0 sp 00007ffd3d4e3618 error 4 in qemu-aarch64-static[401000+3e3000] [Sa Mai 22 02:31:51 2021] Code: 00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b [Sa Mai 22 02:45:07 2021] arm64[233925]: segfault at 1e4b310 ip 00000000005637c0 sp 00007fff8daec7e8 error 4 in qemu-aarch64-static[401000+3e3000] [Sa Mai 22 02:45:07 2021] Code: 00 e9 94 78 1c 00 0f 1f 40 00 64 83 2c 25 50 ff ff ff 01 74 05 c3 0f 1f 40 00 48 8d 3d e9 d0 7f 00 e9 e4 85 1c 00 0f 1f 40 00 <64> 8b 04 25 50 ff ff ff 85 c0 0f 9f c0 c3 66 90 48 83 ec 08 64 8b root@debian:~# coredumpctl list TIME PID UID GID SIG COREFILE EXE Sat 2021-05-22 02:25:26 CEST 148246 0 0 11 present /usr/bin/qemu-aarch64-static Sat 2021-05-22 02:31:52 CEST 176825 0 0 11 present /usr/bin/qemu-aarch64-static Sat 2021-05-22 02:45:09 CEST 233925 0 0 11 present /usr/bin/qemu-aarch64-static root@debian:~# coredumpctl gdb 148246 PID: 148246 (arm64) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Sat 2021-05-22 02:25:25 CEST (8h ago) Command Line: /usr/libexec/qemu-binfmt/aarch64-binfmt-P /arm64 /arm64 Executable: /usr/bin/qemu-aarch64-static Control Group: /user.slice/user-1000.slice/session-7.scope Unit: session-7.scope Slice: user-1000.slice Session: 7 Owner UID: 1000 (benutzer) Boot ID: 33430e8e93a34ef796fc220c4d0d5f1e Machine ID: 33f18f39d2a9438eb75b0ed52848afcd Hostname: debian Storage: /var/lib/systemd/coredump/core.arm64.0.33430e8e93a34ef796fc220c4d0d5f1e.148246.1621643125000000.zst Message: Process 148246 (arm64) of user 0 dumped core. Stack trace of thread 148246: #0 0x00000000005637c0 have_mmap_lock (/usr/bin/qemu-aarch64-static + 0x1637c0) #1 0x00000000005863ac page_set_flags (/usr/bin/qemu-aarch64-static + 0x1863ac) #2 0x000000000056416d target_mmap (/usr/bin/qemu-aarch64-static + 0x16416d) #3 0x000000000057be4d load_elf_image (/usr/bin/qemu-aarch64-static + 0x17be4d) #4 0x000000000057c5bc load_elf_binary (/usr/bin/qemu-aarch64-static + 0x17c5bc) #5 0x0000000000571a4b loader_exec (/usr/bin/qemu-aarch64-static + 0x171a4b) #6 0x0000000000402831 main (/usr/bin/qemu-aarch64-static + 0x2831) #7 0x0000000000730cc9 __libc_start_main (/usr/bin/qemu-aarch64-static + 0x330cc9) #8 0x000000000040369a _start (/usr/bin/qemu-aarch64-static + 0x369a) Stack trace of thread 148247: #0 0x00000000007cb581 __clock_nanosleep (/usr/bin/qemu-aarch64-static + 0x3cb581) #1 0x00000000007a6213 __nanosleep (/usr/bin/qemu-aarch64-static + 0x3a6213) #2 0x00000000006eedff g_usleep (/usr/bin/qemu-aarch64-static + 0x2eedff) #3 0x0000000000600fca call_rcu_thread (/usr/bin/qemu-aarch64-static + 0x200fca) #4 0x00000000006060f9 qemu_thread_start (/usr/bin/qemu-aarch64-static + 0x2060f9) #5 0x0000000000729057 start_thread (/usr/bin/qemu-aarch64-static + 0x329057) #6 0x00000000007ab13f __clone (/usr/bin/qemu-aarch64-static + 0x3ab13f) GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git Copyright (C) 2021 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/qemu-aarch64-static... Reading symbols from /usr/lib/debug/.build-id/2e/c1a124ce847ca347222b5ddcdb8639aadff4e0.debug... [New LWP 148246] [New LWP 148247] warning: Corrupted shared library list: 0xd5f120 != 0x0 Warning: couldn't activate thread debugging using libthread_db: Cannot find new threads: debugger service failed Core was generated by `/usr/libexec/qemu-binfmt/aarch64-binfmt-P /arm64 /arm64'. Program terminated with signal SIGSEGV, Segmentation fault. #0 have_mmap_lock () at ../../linux-user/mmap.c:43 43 ../../linux-user/mmap.c: Datei oder Verzeichnis nicht gefunden. [Current thread is 1 (LWP 148246)] (gdb) display/i $pc 1: x/i $pc => 0x5637c0 <have_mmap_lock>: mov %fs:0xffffffffffffff50,%eax (gdb) bt #0 have_mmap_lock () at ../../linux-user/mmap.c:43 #1 0x00000000005863ac in page_set_flags (start=start@entry=4194304, end=end@entry=21041152, flags=flags@entry=8) at ../../accel/tcg/translate-all.c:2568 #2 0x000000000056416d in target_mmap (start=start@entry=4194304, len=<optimized out>, len@entry=16842963, target_prot=target_prot@entry=0, flags=16434, fd=fd@entry=-1, offset=offset@entry=0) at ../../linux-user/mmap.c:602 #3 0x000000000057be4d in load_elf_image (image_name=0x7ffe12b44e4f "/arm64", image_fd=3, info=info@entry=0x7ffe12b43b20, pinterp_name=pinterp_name@entry=0x7ffe12b43880, bprm_buf=bprm_buf@entry=0x7ffe12b43d30 "\177ELF\002\001\001") at ../../linux-user/elfload.c:2700 #4 0x000000000057c5bc in load_elf_binary (bprm=bprm@entry=0x7ffe12b43d30, info=info@entry=0x7ffe12b43b20) at ../../linux-user/elfload.c:3104 #5 0x0000000000571a4b in loader_exec (fdexec=fdexec@entry=3, filename=<optimized out>, argv=argv@entry=0x20b8d20, envp=envp@entry=0x210db50, regs=regs@entry=0x7ffe12b43c20, infop=infop@entry=0x7ffe12b43b20, bprm=<optimized out>) at ../../linux-user/linuxload.c:147 #6 0x0000000000402831 in main (argc=<optimized out>, argv=0x7ffe12b442e8, envp=<optimized out>) at ../../linux-user/main.c:831 (gdb) thread apply all bt full Thread 2 (LWP 148247): #0 0x00000000007cb581 in clock_nanosleep () No symbol table info available. #1 0x00000000007a6213 in nanosleep () No symbol table info available. #2 0x00000000006eedff in g_usleep () No symbol table info available. #3 0x0000000000600fca in call_rcu_thread (opaque=opaque@entry=0x0) at ../../util/rcu.c:250 tries = 0 n = 0 node = <optimized out> #4 0x00000000006060f9 in qemu_thread_start (args=0x7f667cedd1f0) at ../../util/qemu-thread-posix.c:521 __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {0, -8603122126274073418, 34204272, 140729212223295, 140078159352640, 8396800, 8527407331200298166, -8603116830225371978}, __mask_was_saved = 0}}, __pad = {0x7f667cedd290, 0x0, 0x0, 0x0}} __cancel_routine = 0x606150 <qemu_thread_atexit_notify> __cancel_arg = <optimized out> __not_first_call = <optimized out> qemu_thread_args = <optimized out> start_routine = 0x600fa0 <call_rcu_thread> arg = 0x0 r = <optimized out> #5 0x0000000000729057 in start_thread (arg=<optimized out>) at pthread_create.c:477 ret = <optimized out> pd = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140078159353600, -8603117658092507978, 140729212223294, 140729212223295, 140078159352640, 8396800, 8527407331103829174, -8603116674964820810}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 #6 0x00000000007ab13f in clone () No symbol table info available. Thread 1 (LWP 148246): #0 have_mmap_lock () at ../../linux-user/mmap.c:43 No locals. #1 0x00000000005863ac in page_set_flags (start=start@entry=4194304, end=end@entry=21041152, flags=flags@entry=8) at ../../accel/tcg/translate-all.c:2568 addr = <optimized out> len = <optimized out> __PRETTY_FUNCTION__ = "page_set_flags" #2 0x000000000056416d in target_mmap (start=start@entry=4194304, len=<optimized out>, len@entry=16842963, target_prot=target_prot@entry=0, flags=16434, fd=fd@entry=-1, offset=offset@entry=0) at ../../linux-user/mmap.c:602 ret = <optimized out> end = <optimized out> real_start = <optimized out> real_end = <optimized out> retaddr = <optimized out> host_offset = <optimized out> host_len = <optimized out> page_flags = 8 host_prot = 0 __PRETTY_FUNCTION__ = "target_mmap" __func__ = "target_mmap" #3 0x000000000057be4d in load_elf_image (image_name=0x7ffe12b44e4f "/arm64", image_fd=3, info=info@entry=0x7ffe12b43b20, pinterp_name=pinterp_name@entry=0x7ffe12b43880, bprm_buf=bprm_buf@entry=0x7ffe12b43d30 "\177ELF\002\001\001") at ../../linux-user/elfload.c:2700 ehdr = 0x7ffe12b43d30 phdr = 0x7ffe12b43d70 load_addr = <optimized out> load_bias = <optimized out> loaddr = <optimized out> hiaddr = <optimized out> error = <optimized out> i = <optimized out> retval = <optimized out> prot_exec = <optimized out> err = 0x0 __func__ = "load_elf_image" #4 0x000000000057c5bc in load_elf_binary (bprm=bprm@entry=0x7ffe12b43d30, info=info@entry=0x7ffe12b43b20) at ../../linux-user/elfload.c:3104 interp_info = {load_bias = 0, load_addr = 0, start_code = 0, end_code = 0, start_data = 0, end_data = 0, start_brk = 0, brk = 0, reserve_brk = 0, start_mmap = 0, start_stack = 0, stack_limit = 0, entry = 0, code_offset = 0, data_offset = 0, saved_auxv = 0, auxv_len = 0, arg_start = 0, arg_end = 0, arg_strings = 0, env_strings = 0, file_string = 0, elf_flags = 0, personality = 0, alignment = 0, loadmap_addr = 0, nsegs = 0, loadsegs = 0x0, pt_dynamic_addr = 0, interpreter_loadmap_addr = 0, interpreter_pt_dynamic_addr = 0, other_info = 0x0, note_flags = 0} elf_ex = {e_ident = {<optimized out> <repeats 16 times>}, e_type = <optimized out>, e_machine = <optimized out>, e_version = <optimized out>, e_entry = <optimized out>, e_phoff = <optimized out>, e_shoff = <optimized out>, e_flags = <optimized out>, e_ehsize = <optimized out>, e_phentsize = <optimized out>, e_phnum = <optimized out>, e_shentsize = <optimized out>, e_shnum = <optimized out>, e_shstrndx = <optimized out>} elf_interpreter = 0x0 scratch = <optimized out> #5 0x0000000000571a4b in loader_exec (fdexec=fdexec@entry=3, filename=<optimized out>, argv=argv@entry=0x20b8d20, envp=envp@entry=0x210db50, regs=regs@entry=0x7ffe12b43c20, infop=infop@entry=0x7ffe12b43b20, bprm=<optimized out>) at ../../linux-user/linuxload.c:147 retval = <optimized out> #6 0x0000000000402831 in main (argc=<optimized out>, argv=0x7ffe12b442e8, envp=<optimized out>) at ../../linux-user/main.c:831 regs1 = {regs = {0 <repeats 31 times>}, sp = 0, pc = 0, pstate = 0} regs = 0x7ffe12b43c20 info1 = {load_bias = 0, load_addr = 0, start_code = 0, end_code = 0, start_data = 0, end_data = 0, start_brk = 0, brk = 0, reserve_brk = 16777216, start_mmap = 2147483648, start_stack = 0, stack_limit = 0, entry = 0, code_offset = 0, data_offset = 0, saved_auxv = 0, auxv_len = 0, arg_start = 0, arg_end = 0, arg_strings = 0, env_strings = 0, file_string = 0, elf_flags = 0, personality = 0, alignment = 65536, loadmap_addr = 0, nsegs = 2, loadsegs = 0x0, pt_dynamic_addr = 0, interpreter_loadmap_addr = 0, interpreter_pt_dynamic_addr = 0, other_info = 0x0, note_flags = 0} info = 0x7ffe12b43b20 bprm = {buf = "\177ELF\002\001\001\000\000\000\000\000\000\000\000\000\002\000\267\000\001\000\000\000\260\000@\000\000\000\000\000@\000\000\000\000\000\000\000\360", '\000' <repeats 11 times>, "@\000\070\000\002\000@\000\004\000\003\000\001\000\000\000\005", '\000' <repeats 13 times>, "@\000\000\000\000\000\000\000@\000\000\000\000\000\320\000\000\000\000\000\000\000\320\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\001\000\000\000\006\000\000\000\320\000\000\000\000\000\000\000\320\000A\000\000\000\000\000\320\000A\000\000\000\000\000\003\000\000\000\000\000\000\000\003\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000 \000\200\322\341\000\b\020b\000\200\322\b\b\200\322\001\000\000\324\000\000\200Ҩ"..., p = 0, fd = 3, e_uid = 0, e_gid = 0, argc = 1, envc = 20, argv = 0x20b8d20, envp = 0x210db50, filename = 0x7ffe12b44e4f "/arm64", core_dump = 0x0} ts = 0x2111220 env = <optimized out> cpu = 0x20d12b0 optind = <optimized out> target_environ = 0x210db50 wrk = <optimized out> target_argv = 0x20b8d20 target_argc = 1 i = <optimized out> ret = <optimized out> execfd = <optimized out> log_mask = <optimized out> max_reserved_va = 281474976710656 . (gdb) info thread Id Target Id Frame * 1 LWP 148246 have_mmap_lock () at ../../linux-user/mmap.c:43 2 LWP 148247 0x00000000007cb581 in clock_nanosleep () (gdb) print/x $fs_base $1 = 0x209d3c0 (gdb) print/x $fs_base -176 $2 = 0x209d310 (gdb) x/1xg 0x209d310 0x209d310: 0x0000000000000000 (gdb) print &mmap_lock_count warning: Corrupted shared library list: 0xd5f120 != 0x0 Cannot find thread-local storage for LWP 148246, executable file /usr/lib/debug/.build-id/2e/c1a124ce847ca347222b5ddcdb8639aadff4e0.debug: Cannot find thread-local variables on this target (gdb) thread 2 [Switching to thread 2 (LWP 148247)] #0 0x00000000007cb581 in clock_nanosleep () (gdb) print/x $fs_base $4 = 0x7f667cedd700 (gdb) print/x $fs_base -176 $5 = 0x7f667cedd650 (gdb) x/1xg 0x7f667cedd650 0x7f667cedd650: 0x0000000000000000 (gdb) print &mmap_lock_count warning: Corrupted shared library list: 0xd5f120 != 0x0 Cannot find thread-local storage for LWP 148247, executable file /usr/lib/debug/.build-id/2e/c1a124ce847ca347222b5ddcdb8639aadff4e0.debug: Cannot find thread-local variables on this target (gdb) info share warning: Corrupted shared library list: 0xd5f120 != 0x0 No shared libraries loaded at this time. (gdb) thread 1 [Switching to thread 1 (LWP 148246)] #0 have_mmap_lock () at ../../linux-user/mmap.c:43 43 in ../../linux-user/mmap.c (gdb) frame 6 #6 0x0000000000402831 in main (argc=<optimized out>, argv=0x7ffe12b442e8, envp=<optimized out>) at ../../linux-user/main.c:831 831 ../../linux-user/main.c: Datei oder Verzeichnis nicht gefunden. (gdb) print argv[0] $6 = 0x7ffe12b44e25 "/usr/libexec/qemu-binfmt/aarch64-binfmt-P" (gdb) print argv[1] $7 = 0x7ffe12b44e4f "/arm64" (gdb) print argv[2] $8 = 0x7ffe12b44e56 "/arm64" (gdb) print argv[3] $9 = 0x0 (gdb) print environ $10 = (char **) 0x7ffe12b44308 (gdb) print environ[0] $11 = 0x7ffe12b44e5d "SHELL=/bin/bash" (gdb) print environ[1] $12 = 0x7ffe12b44e6d "DEBOOTSTRAP_CHECKSUM_FIELD=SHA256" (gdb) print environ[2] $13 = 0x7ffe12b44e8f "PWD=/home/benutzer" (gdb) print environ[3] $14 = 0x7ffe12b44ea2 "LOGNAME=root" (gdb) print environ[4] $15 = 0x7ffe12b44eaf "SHA_SIZE=256" (gdb) print environ[5] $16 = 0x7ffe12b44ebc "HOME=/root" (gdb) print environ[6] $17 = 0x7ffe12b44ec7 "LANG=C" (gdb) print environ[7] $18 = 0x7ffe12b44ece "TERM=xterm-256color" (gdb) print environ[8] $19 = 0x7ffe12b44ee2 "USER=root" (gdb) print environ[9] $20 = 0x7ffe12b44eec "CHROOT_CMD=chroot \"/home/benutzer/chroot10\"" (gdb) print environ[10] $21 = 0x7ffe12b44f18 "ARCH=arm64" (gdb) print environ[11] $22 = 0x7ffe12b44f23 "SHLVL=2" (gdb) print environ[12] $23 = 0x7ffe12b44f2b "USE_COMPONENTS=main" (gdb) print environ[13] $24 = 0x7ffe12b44f3f "SUITE=bullseye" (gdb) print environ[14] $25 = 0x7ffe12b44f4e "EXTRA_SUITES=" (gdb) print environ[15] $26 = 0x7ffe12b44f5c "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" (gdb) print environ[16] $27 = 0x7ffe12b44f9e "MAIL=/var/mail/root" (gdb) print environ[17] $28 = 0x7ffe12b44fb2 "OLDPWD=/root" (gdb) print environ[18] $29 = 0x7ffe12b44fbf "TARGET=/home/benutzer/chroot10" (gdb) print environ[19] $30 = 0x7ffe12b44fde "_=/usr/sbin/chroot" (gdb) print environ[20] $31 = 0x0 (gdb) print exec_path $32 = 0x7ffe12b44e4f "/arm64" (gdb) x/200xc 0x7ffe12b44e4f-50 0x7ffe12b44e1d: 0 '\000' 0 '\000' 0 '\000' 0 '\000' 0 '\000' 0 '\000' 0 '\000' 0 '\000' 0x7ffe12b44e25: 47 '/' 117 'u' 115 's' 114 'r' 47 '/' 108 'l' 105 'i' 98 'b' 0x7ffe12b44e2d: 101 'e' 120 'x' 101 'e' 99 'c' 47 '/' 113 'q' 101 'e' 109 'm' 0x7ffe12b44e35: 117 'u' 45 '-' 98 'b' 105 'i' 110 'n' 102 'f' 109 'm' 116 't' 0x7ffe12b44e3d: 47 '/' 97 'a' 97 'a' 114 'r' 99 'c' 104 'h' 54 '6' 52 '4' 0x7ffe12b44e45: 45 '-' 98 'b' 105 'i' 110 'n' 102 'f' 109 'm' 116 't' 45 '-' 0x7ffe12b44e4d: 80 'P' 0 '\000' 47 '/' 97 'a' 114 'r' 109 'm' 54 '6' 52 '4' 0x7ffe12b44e55: 0 '\000' 47 '/' 97 'a' 114 'r' 109 'm' 54 '6' 52 '4' 0 '\000' 0x7ffe12b44e5d: 83 'S' 72 'H' 69 'E' 76 'L' 76 'L' 61 '=' 47 '/' 98 'b' 0x7ffe12b44e65: 105 'i' 110 'n' 47 '/' 98 'b' 97 'a' 115 's' 104 'h' 0 '\000' 0x7ffe12b44e6d: 68 'D' 69 'E' 66 'B' 79 'O' 79 'O' 84 'T' 83 'S' 84 'T' 0x7ffe12b44e75: 82 'R' 65 'A' 80 'P' 95 '_' 67 'C' 72 'H' 69 'E' 67 'C' mount -t proc proc /home/benutzer/chroot20/proc chroot /home/benutzer/chroot20 dpkg --add-architecture amd64 apt update apt install file gdb:amd64 qemu-user-static:amd64 qemu-user-static-dbgsym:amd64 echo "set enable-bracketed-paste off" >> /etc/inputrc; bash for i in {1..50}; do gdb -q -ex run -ex quit --args /usr/bin/qemu-aarch64-static /usr/bin/python3.9 -c "exit()" done
