I'm wondering if there's a known problem with PPC linux-user. It appears that static binaries work, but those that are dynamically linked seem to always fail in the same way:
./ppc-linux-user/c2-qemu-ppc -L /var/chroots/ppc /var/chroots/ppc/bin/ls / Invalid data memory access: 0x662c2008 NIP 4008b3d8 LR 4008b4ac CTR 00000000 XER 00000000 MSR 00006040 HID0 00000000 HF 00006000 idx 0 TB 00000000 00000000 GPR00 000000000001e087 000000004007edd0 0000000000000000 000000008a502010 GPR04 000000004009da2c 000000000000000b 0000000000000002 0000000000000003 GPR08 0000000000000000 0000000048480010 0000000042082000 00000000662c1ff4 GPR12 00000000400913a0 0000000000000000 000000004007ee34 0000000000000000 GPR16 000000000000000b 00000000400b0730 0000000000000001 0000000000000000 GPR20 00000000400b0550 00000000400b1658 0000000000000000 0000000010001575 GPR24 000000008a502010 0000000042082000 ffffffffb7b9e077 000000000605ffff GPR28 0000000000000000 000000000302ffff 00000000400b0ff4 000000002423fff4 CR 44042022 [ G G - G E - E E ] RES ffffffff FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000 qemu: uncaught target signal 11 (Segmentation fault) - exiting Segmentation fault qemu.log shows that the last two tb appear to be identical - which is odd that it fails (sorry for the spewage): NIP 4008b3b4 LR 4008b4ac CTR 00000000 XER 20000000 MSR 00006040 HID0 00000000 HF 00006000 idx 0 TB 00000000 00000000 GPR00 000000000001e087 000000004007ede0 0000000000000000 000000008a502010 GPR04 000000004009da2c 000000000000000b 0000000000000002 0000000000000004 GPR08 0000000000000000 0000000006060000 0000000042082000 000000004208200b GPR12 00000000400913a0 0000000000000000 000000004007ee44 0000000000000000 GPR16 000000000000000b 00000000400b0730 0000000000000001 0000000000000000 GPR20 00000000400b0550 00000000400b1658 0000000000000000 0000000010001575 GPR24 00000000ffffffff 0000000042082000 0000000000000000 000000000605ffff GPR28 00000000400b15e8 000000000001e087 00000000400b0ff4 0000000042082000 CR 44042022 [ G G - G E - E E ] RES ffffffff FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000 IN: 0x4008b3b4: srawi r29,r27,1 0x4008b3b8: addze r29,r29 0x4008b3bc: mulli r9,r9,12 0x4008b3c0: li r28,0 0x4008b3c4: mulli r31,r29,12 0x4008b3c8: addi r9,r9,16 0x4008b3cc: subf r26,r9,r0 0x4008b3d0: add r24,r25,r9 0x4008b3d4: add r11,r31,r25 0x4008b3d8: lwz r0,20(r11) 0x4008b3dc: cmplw cr7,r0,r26 0x4008b3e0: blt cr7,4008B41C OP: 0x0000: load_gpr_T0_gpr27 0x0001: move_T1_T0 0x0002: srawi 0x1 0x1 0x0003: store_T0_gpr_gpr29 0x0004: load_gpr_T0_gpr29 0x0005: move_T2_T0 0x0006: add_ze 0x0007: check_addc 0x0008: store_T0_gpr_gpr29 0x0009: load_gpr_T0_gpr9 0x000a: mulli 0xc 0x000b: store_T0_gpr_gpr9 0x000c: set_T0 0x0 0x000d: store_T0_gpr_gpr28 0x000e: load_gpr_T0_gpr29 0x000f: mulli 0xc 0x0010: store_T0_gpr_gpr31 0x0011: load_gpr_T0_gpr9 0x0012: addi 0x10 0x0013: store_T0_gpr_gpr9 0x0014: load_gpr_T0_gpr9 0x0015: load_gpr_T1_gpr0 0x0016: subf 0x0017: store_T0_gpr_gpr26 0x0018: load_gpr_T0_gpr25 0x0019: load_gpr_T1_gpr9 0x001a: add 0x001b: store_T0_gpr_gpr24 0x001c: load_gpr_T0_gpr31 0x001d: load_gpr_T1_gpr25 0x001e: add 0x001f: store_T0_gpr_gpr11 0x0020: load_gpr_T0_gpr11 0x0021: addi 0x14 0x0022: print_mem_EA 0x0023: lwz_raw 0x0024: store_T1_gpr_gpr0 0x0025: load_gpr_T0_gpr0 0x0026: load_gpr_T1_gpr26 0x0027: cmpl 0x0028: store_T0_crf_crf7 0x0029: load_crf_T0_crf7 0x002a: test_true 0x8 0x002b: jz_T0 0x0 0x002c: goto_tb0 0x60234810 0x002d: set_T1 0x4008b41c 0x002e: b_T1 0x002f: set_T0 0x60234810 0x0030: exit_tb 0x0031: goto_tb1 0x60234810 0x0032: set_T1 0x4008b3e4 0x0033: b_T1 0x0034: set_T0 0x60234811 0x0035: exit_tb 0x0036: end OUT: [size=460] 0x61c46920: mov 0x108(%r14),%r15 0x61c46927: mov %r15,%r12 0x61c4692a: lea -1640261935(%rip),%ecx # 0x1 0x61c46930: mov %r15d,%eax 0x61c46933: sar %cl,%eax 0x61c46935: test %r12d,%r12d 0x61c46938: movslq %eax,%r15 0x61c4693b: jns 0x61c46955 0x61c4693d: lea -1640261954(%rip),%eax # 0x1 0x61c46943: and %r12d,%eax 0x61c46946: test %rax,%rax 0x61c46949: je 0x61c46955 0x61c4694b: movb $0x1,0x242(%r14) 0x61c46953: jmp 0x61c4695d 0x61c46955: movb $0x0,0x242(%r14) 0x61c4695d: mov %r15,0x118(%r14) 0x61c46964: mov 0x118(%r14),%r15 0x61c4696b: mov %r15,%r13 0x61c4696e: movzbq 0x242(%r14),%rax 0x61c46976: lea (%rax,%r15,1),%r15 0x61c4697a: cmp %r13d,%r15d 0x61c4697d: setb 0x242(%r14) 0x61c46985: mov %r15,0x118(%r14) 0x61c4698c: mov 0x78(%r14),%r15 0x61c46990: lea -1640262026(%rip),%eax # 0xc 0x61c46996: imul %r15d,%eax 0x61c4699a: movslq %eax,%r15 0x61c4699d: mov %r15,0x78(%r14) 0x61c469a1: lea -1640262056(%rip),%r15d # 0x0 0x61c469a8: mov %r15,0x110(%r14) 0x61c469af: mov 0x118(%r14),%r15 0x61c469b6: lea -1640262064(%rip),%eax # 0xc 0x61c469bc: imul %r15d,%eax 0x61c469c0: movslq %eax,%r15 0x61c469c3: mov %r15,0x128(%r14) 0x61c469ca: mov 0x78(%r14),%r15 0x61c469ce: lea -1640262084(%rip),%eax # 0x10 0x61c469d4: cltq 0x61c469d6: add %rax,%r15 0x61c469d9: mov %r15,0x78(%r14) 0x61c469dd: mov 0x78(%r14),%r15 0x61c469e1: mov 0x30(%r14),%r12 0x61c469e5: mov %r12,%rax 0x61c469e8: sub %r15,%rax 0x61c469eb: mov %rax,%r15 0x61c469ee: mov %r15,0x100(%r14) 0x61c469f5: mov 0xf8(%r14),%r15 0x61c469fc: mov 0x78(%r14),%r12 0x61c46a00: add %r12,%r15 0x61c46a03: mov %r15,0xf0(%r14) 0x61c46a0a: mov 0x128(%r14),%r15 0x61c46a11: mov 0xf8(%r14),%r12 0x61c46a18: add %r12,%r15 0x61c46a1b: mov %r15,0x88(%r14) 0x61c46a22: mov 0x88(%r14),%r15 0x61c46a29: lea -1640262171(%rip),%eax # 0x14 0x61c46a2f: cltq 0x61c46a31: add %rax,%r15 0x61c46a34: sub $0x8,%rsp 0x61c46a38: mov %r15d,%edi 0x61c46a3b: callq 0x60046d40 0x61c46a40: add $0x8,%rsp 0x61c46a44: mov %r15d,%eax 0x61c46a47: mov (%rax),%eax 0x61c46a49: bswap %eax 0x61c46a4b: mov %eax,%r12d 0x61c46a4e: mov %r12,0x30(%r14) 0x61c46a52: mov 0x30(%r14),%r15 0x61c46a56: mov 0x100(%r14),%r12 0x61c46a5d: cmp %r12d,%r15d 0x61c46a60: jae 0x61c46a6a 0x61c46a62: mov $0x8,%r15d 0x61c46a68: jmp 0x61c46a77 0x61c46a6a: cmp %r15d,%r12d 0x61c46a6d: sbb %rax,%rax 0x61c46a70: and $0x2,%eax 0x61c46a73: lea 0x2(%rax),%r15 0x61c46a77: movzbq 0x244(%r14),%rax 0x61c46a7f: or %rax,%r15 0x61c46a82: mov %r15b,0x23f(%r14) 0x61c46a89: movzbq 0x23f(%r14),%r15 0x61c46a91: and $0x8,%r15d 0x61c46a98: test %r15,%r15 0x61c46a9b: jne 0x61c46aa2 0x61c46a9d: jmpq 0x61c46ac7 0x61c46aa2: mov -27337300(%rip),%eax # 0x60234854 0x61c46aa8: jmpq *%eax 0x61c46aaa: repz lea -565950102(%rip),%r12d # 0x4008b41c 0x61c46ab2: mov %r12d,%eax 0x61c46ab5: and $0xfffffffffffffffc,%eax 0x61c46ab8: mov %eax,0x140c0(%r14) 0x61c46abf: lea -27337398(%rip),%r15d # 0x60234810 0x61c46ac6: retq 0x61c46ac7: mov -27337333(%rip),%eax # 0x60234858 0x61c46acd: jmpq *%eax 0x61c46acf: repz lea -565950195(%rip),%r12d # 0x4008b3e4 0x61c46ad7: mov %r12d,%eax 0x61c46ada: and $0xfffffffffffffffc,%eax 0x61c46add: mov %eax,0x140c0(%r14) 0x61c46ae4: lea -27337434(%rip),%r15d # 0x60234811 0x61c46aeb: retq Memory access at address 662c2008 ---------------- nip=4008b3b4 super=0 ir=0 translate opcode 7f7d0e70 (1f 18 19) (big) ---------------- nip=4008b3b8 super=0 ir=0 translate opcode 7fbd0194 (1f 0a 06) (big) ---------------- nip=4008b3bc super=0 ir=0 translate opcode 1d29000c (07 06 00) (big) ---------------- nip=4008b3c0 super=0 ir=0 translate opcode 3b800000 (0e 00 00) (big) ---------------- nip=4008b3c4 super=0 ir=0 translate opcode 1ffd000c (07 06 00) (big) ---------------- nip=4008b3c8 super=0 ir=0 translate opcode 39290010 (0e 08 00) (big) ---------------- nip=4008b3cc super=0 ir=0 translate opcode 7f490050 (1f 08 01) (big) ---------------- nip=4008b3d0 super=0 ir=0 translate opcode 7f194a14 (1f 0a 08) (big) ---------------- nip=4008b3d4 super=0 ir=0 translate opcode 7d7fca14 (1f 0a 08) (big) ---------------- nip=4008b3d8 super=0 ir=0 translate opcode 800b0014 (20 0a 00) (big) ---------------- nip=4008b3dc super=0 ir=0 translate opcode 7f80d040 (1f 00 01) (big) ---------------- nip=4008b3e0 super=0 ir=0 translate opcode 419c003c (10 1e 00) (big) ---------------- excp: 0201 NIP 4008b3b4 LR 4008b4ac CTR 00000000 XER 00000000 MSR 00006040 HID0 00000000 HF 00006000 idx 0 TB 00000000 00000000 GPR00 000000000001e087 000000004007ede0 0000000000000000 000000008a502010 GPR04 000000004009da2c 000000000000000b 0000000000000002 0000000000000004 GPR08 0000000000000000 0000000048480010 0000000042082000 00000000662c1ff4 GPR12 00000000400913a0 0000000000000000 000000004007ee44 0000000000000000 GPR16 000000000000000b 00000000400b0730 0000000000000001 0000000000000000 GPR20 00000000400b0550 00000000400b1658 0000000000000000 0000000010001575 GPR24 000000008a502010 0000000042082000 ffffffffb7b9e077 000000000605ffff GPR28 0000000000000000 000000000302ffff 00000000400b0ff4 000000002423fff4 CR 44042022 [ G G - G E - E E ] RES ffffffff FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000 IN: 0x4008b3b4: srawi r29,r27,1 0x4008b3b8: addze r29,r29 0x4008b3bc: mulli r9,r9,12 0x4008b3c0: li r28,0 0x4008b3c4: mulli r31,r29,12 0x4008b3c8: addi r9,r9,16 0x4008b3cc: subf r26,r9,r0 0x4008b3d0: add r24,r25,r9 0x4008b3d4: add r11,r31,r25 0x4008b3d8: lwz r0,20(r11) 0x4008b3dc: cmplw cr7,r0,r26 0x4008b3e0: blt cr7,4008B41C OP: 0x0000: load_gpr_T0_gpr27 0x0001: move_T1_T0 0x0002: srawi 0x1 0x1 0x0003: store_T0_gpr_gpr29 0x0004: load_gpr_T0_gpr29 0x0005: move_T2_T0 0x0006: add_ze 0x0007: check_addc 0x0008: store_T0_gpr_gpr29 0x0009: load_gpr_T0_gpr9 0x000a: mulli 0xc 0x000b: store_T0_gpr_gpr9 0x000c: set_T0 0x0 0x000d: store_T0_gpr_gpr28 0x000e: load_gpr_T0_gpr29 0x000f: mulli 0xc 0x0010: store_T0_gpr_gpr31 0x0011: load_gpr_T0_gpr9 0x0012: addi 0x10 0x0013: store_T0_gpr_gpr9 0x0014: load_gpr_T0_gpr9 0x0015: load_gpr_T1_gpr0 0x0016: subf 0x0017: store_T0_gpr_gpr26 0x0018: load_gpr_T0_gpr25 0x0019: load_gpr_T1_gpr9 0x001a: add 0x001b: store_T0_gpr_gpr24 0x001c: load_gpr_T0_gpr31 0x001d: load_gpr_T1_gpr25 0x001e: add 0x001f: store_T0_gpr_gpr11 0x0020: load_gpr_T0_gpr11 0x0021: addi 0x14 0x0022: print_mem_EA 0x0023: lwz_raw 0x0024: store_T1_gpr_gpr0 0x0025: load_gpr_T0_gpr0 0x0026: load_gpr_T1_gpr26 0x0027: cmpl 0x0028: store_T0_crf_crf7 0x0029: load_crf_T0_crf7 0x002a: test_true 0x8 0x002b: jz_T0 0x0 0x002c: goto_tb0 0x60234810 0x002d: set_T1 0x4008b41c 0x002e: b_T1 0x002f: set_T0 0x60234810 0x0030: exit_tb 0x0031: goto_tb1 0x60234810 0x0032: set_T1 0x4008b3e4 0x0033: b_T1 0x0034: set_T0 0x60234811 0x0035: exit_tb 0x0036: end Invalid data memory access: 0x662c2008 NIP 4008b3d8 LR 4008b4ac CTR 00000000 XER 00000000 MSR 00006040 HID0 00000000 HF 00006000 idx 0 TB 00000000 00000000 GPR00 000000000001e087 000000004007ede0 0000000000000000 000000008a502010 GPR04 000000004009da2c 000000000000000b 0000000000000002 0000000000000004 GPR08 0000000000000000 0000000048480010 0000000042082000 00000000662c1ff4 GPR12 00000000400913a0 0000000000000000 000000004007ee44 0000000000000000 GPR16 000000000000000b 00000000400b0730 0000000000000001 0000000000000000 GPR20 00000000400b0550 00000000400b1658 0000000000000000 0000000010001575 GPR24 000000008a502010 0000000042082000 ffffffffb7b9e077 000000000605ffff GPR28 0000000000000000 000000000302ffff 00000000400b0ff4 000000002423fff4 CR 44042022 [ G G - G E - E E ] RES ffffffff FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000 FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000