Comment # 6 on bug 1206780 from Martin Wilck

Trying to run qemu-aarch64 with debug options:

> > podman run -v /usr/bin/qemu-aarch64:/usr/bin/qemu-aarch64 -v /tmp:/tmp --arch arm64 -it --rm registry.opensuse.org/opensuse/tumbleweed:latest
> :/ # /usr/bin/qemu-aarch64 -d int,strace,tid -D /tmp/z%d.str /usr/bin/zypper --verbose ref

There are two alive threads when the SEGV occurs. One (123) is calling ppoll(),
read(), and write(), the other one (120, main thread) is doing more work.

Last lines of thread 120:

> 120 openat(AT_FDCWD,"/var/tmp/AP_0xzw3xCb/geoip",O_RDONLY|O_CLOEXEC) = 13
> 120 read(13,0x2a718b0,5) = 0
> 120 close(13) = 0
> 120 openat(AT_FDCWD,"/var/tmp/AP_0xzw3xCb/geoip",O_RDONLY|O_CLOEXEC) = 13
> 120 lseek(13,0,SEEK_CUR) = 0
> 120 newfstatat(AT_FDCWD,"/var/tmp/AP_0xzw3xCb/geoip",0x0000005502a71990,0) = 0
> 120 openat(AT_FDCWD,"/var/tmp/AP_0xzw3xCb/geoip",O_RDONLY|O_CLOEXEC) = 17
> 120 read(17,0x2a71920,5) = 0
> 120 close(17) = 0
> 120 read(13,0x3cf230,8192) = 0
> 120 clock_gettime(CLOCK_REALTIME_COARSE,0x0000005502a716a8) = 0 ({tv_sec = 1672739909,tv_nsec = 34004325})
> 120 newfstatat(AT_FDCWD,"/etc/localtime",0x0000005502a71520,0) = 0
> 120 uname(0x5502a71530) = 0
> 120 getpid() = 120
> 120 sendto(11,365076633824,118,16384,0,0) = 118
> 120 clock_gettime(CLOCK_REALTIME_COARSE,0x0000005502a71618) = 0 ({tv_sec = 1672739909,tv_nsec = 34004325})
> 120 newfstatat(AT_FDCWD,"/etc/localtime",0x0000005502a71490,0) = 0
> 120 uname(0x5502a714a0) = 0
> 120 getpid() = 120
> 120 sendto(11,365075816992,125,16384,0,0) = 125
> 120 futex(0x00000055035500a4,FUTEX_PRIVATE_FLAG|FUTEX_WAKE,2147483647,NULL,NULL,0) = 0
> --- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=NULL} ---
> 120 clock_gettime(CLOCK_REALTIME_COARSE,0x0000005502a6f748) = 0 ({tv_sec = 1672739909,tv_nsec = 38004368})
> 120 newfstatat(AT_FDCWD,"/etc/localtime",0x0000005502a6f5c0,0) = 0
> 120 uname(0x5502a6f5d0) = 0
> 120 getpid() = 120
> 120 sendto(11,365075366992,102,16384,0,0) = 102
> --- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=NULL} ---

Last lines of thread 123:

> 120 ppoll(365206462224,4,0,0,0,0) = 1
> 120 write(7,0x56fe1c0,8) = 8
> 120 ioctl(12,FIONREAD,0x00000055056fe004) = 0 (118)
> 120 read(12,0x8006800,118) = 118
> 120 write(10,0x2d77d0,118) = 118
> 120 write(7,0x56fe1c0,8) = 8
> 120 ppoll(365206462224,4,0,0,0,0) = 1
> 120 read(7,0x56fe1d8,16) = 8
> 120 ppoll(365206462224,4,0,0,0,0) = 1
> 120 write(7,0x56fe1c0,8) = 8
> 120 ioctl(12,FIONREAD,0x00000055056fe004) = 0 (125)
> 120 read(12,0x8006800,125) = 125
> 120 write(10,0x2d77d0,125) = 125
> 120 write(7,0x56fe1c0,8) = 8
> 120 ppoll(365206462224,4,0,0,0,0) = 1
> 120 read(7,0x56fe1d8,16) = 8
> 120 ppoll(365206462224,4,0,0,0,0) = 1
> 120 write(7,0x56fe1c0,8) = 8
> 120 ioctl(12,FIONREAD,0x00000055056fe004) = 0 (102)
> 120 read(12,0x8006800,102) = 102
> 120 write(10,0x2d77d0,102) = 102
> 120 write(7,0x56fe1c0,8) = 8
> 120 ppoll(365206462224,4,0,0,0,0) = 1
> 120 read(7,0x56fe1d8,16) = 8
> 120 ppoll(365206462224,4,0,0,0,0)

The main thread opens a geoip-related file and sends several pieces of data to
the other thread, which receives them (118, 125, and 102 bytes, respectively),
forwards them to another fd (10) and triggers an eventfd (fd 7).

The main thread receives SIGSEGV twice (??). The first time while the main
thread has called futex() and the other thread ppoll().

The futex() call is probably the most likely candidate for causing the issue.
Loooking at the futex() calls made by the main thread, it appears that the
first argument (futex address) is always distinct. Not sure why these futex
calls happen at all.