qemu-arm qemu: uncaught target signal 11 (Segmentation fault) - core dumped

Question

When I ran qemu-arm -L /usr/arm-linux-gnueabi/ ./foo in a docker Linux 4.9.125-linuxkit #1 SMP Fri Sep 7 08:20:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux on MacOS 10.13,

then got this error:

qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault

The qemu-arm version info is:

# qemu-arm --version
qemu-arm version 2.5.1, Copyright (c) 2003-2008 Fabrice Bellard

The foo binary info is:

ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.3, for GNU/Linux 3.2.0, BuildID[sha1]=86eb0b9c5fb202aad4f915699afc36e7bd209743, not stripped

Then, I used gdb to debug the qemu-arm, got the detail:

gdb-peda$ r -L /usr/arm-linux-gnueabi/lib ./foo
Starting program: /qira/tracers/qemu/qemu-2.5.1/arm-linux-user/qemu-arm -L /usr/arm-linux-gnueabi/lib ./foo
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff65ab700 (LWP 1980)]

Thread 1 "qemu-arm" received signal SIGSEGV, Segmentation fault.
...
Stopped reason: SIGSEGV
__GI__IO_fwrite (buf=0x7ffff45c6720, size=size@entry=0x1, count=count@entry=0x8e0, fp=fp@entry=0x0) at iofwrite.c:37
37  iofwrite.c: No such file or directory.
gdb-peda$ bt
#0  __GI__IO_fwrite (buf=0x7ffff45c6720, size=size@entry=0x1, count=count@entry=0x8e0, fp=fp@entry=0x0) at iofwrite.c:37
#1  0x0000000000418470 in write_out_base (env=env@entry=0x2e128a0, id=0x0) at /qira/tracers/qemu/qemu-latest/tci.c:895
#2  0x0000000000419fb5 in tcg_qemu_tb_exec (env=env@entry=0x2e128a0, tb_ptr=0x7985f0 <static_code_gen_buffer> "\f\b") at /qira/tracers/qemu/qemu-latest/tci.c:947
#3  0x000000000040ccec in cpu_tb_exec (tb_ptr=<optimized out>, cpu=0x2e0a630) at /qira/tracers/qemu/qemu-latest/cpu-exec.c:157
#4  cpu_arm_exec (cpu=cpu@entry=0x2e0a630) at /qira/tracers/qemu/qemu-latest/cpu-exec.c:520
#5  0x000000000042e6e4 in cpu_loop (env=env@entry=0x2e128a0) at /qira/tracers/qemu/qemu-latest/linux-user/main.c:676
#6  0x0000000000409d63 in main (argc=argc@entry=0x4, argv=argv@entry=0x7fffffffe588, envp=<optimized out>) at /qira/tracers/qemu/qemu-latest/linux-user/main.c:4695
#7  0x00007ffff683c830 in __libc_start_main (main=0x409710 <main>, argc=0x4, argv=0x7fffffffe588, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe578)
    at ../csu/libc-start.c:291
#8  0x000000000040a2e9 in _start ()

I googled a lot about this error but nothing helpful. Still can't run it correctly.

PS: On my colleague's Ubuntu-VM, the ./foo can run normally using qemu-arm with the same version, so I'm confused whether this segv is caused by docker environment? If not, how to run the ./foo correctly in my docker? Thanks!

=========== Update more info:

# qemu-arm  -strace -L /usr/arm-linux-gnueabi/ ./foo
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault

# strace qemu-arm -L /usr/arm-linux-gnueabi/ ./foo

...(lots of logs)

rt_sigaction(SIGRT_25, {0x44aa80, ~[RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f0f3f13d390}, NULL, 8) = 0
rt_sigaction(SIGRT_26, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_26, {0x44aa80, ~[RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f0f3f13d390}, NULL, 8) = 0
rt_sigaction(SIGRT_27, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_27, {0x44aa80, ~[RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f0f3f13d390}, NULL, 8) = 0
rt_sigaction(SIGRT_28, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_28, {0x44aa80, ~[RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f0f3f13d390}, NULL, 8) = 0
rt_sigaction(SIGRT_29, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_29, {0x44aa80, ~[RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f0f3f13d390}, NULL, 8) = 0
rt_sigaction(SIGRT_30, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_30, {0x44aa80, ~[RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f0f3f13d390}, NULL, 8) = 0
rt_sigaction(SIGRT_31, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGRT_31, {0x44aa80, ~[RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f0f3f13d390}, NULL, 8) = 0
stat("/tmp/qira_logs/0", 0x7ffde8aed530) = -1 ENOENT (No such file or directory)
open("/tmp/qira_logs/0_env", O_WRONLY|O_CREAT|O_TRUNC, 0666) = -1 ENOENT (No such file or directory)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
getrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM64_INFINITY}) = 0
getrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM64_INFINITY}) = 0
setrlimit(RLIMIT_CORE, {rlim_cur=0, rlim_max=RLIM64_INFINITY}) = 0
futex(0x7f0f3f128880, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(2, "qemu: uncaught target signal 11 "..., 67qemu: uncaught target signal 11 (Segmentation fault) - core dumped
) = 67
rt_sigaction(SIGSEGV, {SIG_DFL, ~[RTMIN RT_1], SA_RESTORER, 0x7f0f3f13d390}, NULL, 8) = 0
kill(2035, SIGSEGV)                     = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_USER, si_pid=2035, si_uid=0} ---
+++ killed by SIGSEGV +++
Segmentation fault

The whole log file is at strace-log.

Answer 1

I confirm that this problem is solved in qemu-user-static version 5.0-14,