#1138053 qemu-user: intermittent segfaults running ldconfig in emulated arm64

Package:
qemu-user
Source:
qemu-user
Description:
QEMU user mode emulation binaries
Submitter:
Noah Meyerhans
Date:
2026-05-28 16:33:02 UTC
Severity:
normal
#1138053#5
Date:
2026-05-27 15:22:15 UTC
From:
To:
The cloud team user qemu-user to emulate various non-amd64 architectures to
build images for those architectures on amd64 hosts.  We generate images for
all stable Debian releases including LTS, as well as sid and testing.  We
build for all supported releases for all architectures and supported cloud
environments each day.  Builds are performed in trixie VMs.

We have observed a scenario in which qemu segfaults when running ldconfig in
an arm64 chroot during the debootstrap process of the image build.

We have a bit more context in a gitlab issue at
https://salsa.debian.org/cloud-team/debian-cloud-images/-/work_items/97

The problem can be reproduced on a trixie amd64 system with:

$ sudo debootstrap --verbose --variant minbase --arch arm64 bullseye bullseye-rootfs https://deb.debian.org/debian
$ sudo chroot bullseye-rootfs /usr/bin/bash -c 'declare -i count=0; while ldconfig && [ $count -lt 1000 ]; do count+=1; done ; echo "Done after $count iterations"'

The problem appears to only be triggered by bullseye's ldconfig.  I have not
been able to reproduce it with newer versions.

The problem does not occur with every ldconfig invocation, as you can see
with:
root@fai-test:~# declare -i count=0; while ldconfig; do count+=1; done; echo "Done after $count iterations"
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
Done after 71 iterations
root@fai-test:~# declare -i count=0; while ldconfig; do count+=1; done; echo "Done after $count iterations"
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
Done after 99 iterations
root@fai-test:~# declare -i count=0; while ldconfig; do count+=1; done; echo "Done after $count iterations"
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
Done after 23 iterations
root@fai-test:~# declare -i count=0; while ldconfig; do count+=1; done; echo "Done after $count iterations"
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
Done after 41 iterations

Thanks
noah
#1138053#12
Date:
2026-05-28 12:32:36 UTC
From:
To:
Control: found -1 1:11.0.0+ds-2

The problem is also present in qemu 11 in unstable:

root@debootstrap-test:~# cat /etc/debian_version
forky/sid
root@debootstrap-test:~# apt policy qemu-user
qemu-user:
  Installed: 1:11.0.0+ds-2
  Candidate: 1:11.0.0+ds-2
  Version table:
 *** 1:11.0.0+ds-2 500
        500 mirror+file:/etc/apt/mirrors/debian.list sid/main amd64 Packages
        100 /var/lib/dpkg/status
root@debootstrap-test:~# chroot bullseye-rootfs /usr/bin/bash -c 'declare -i count=0; while ldconfig && [ $count -lt 1000 ]; do count+=1; done ; echo "Done after $count iterations"'
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
/usr/bin/bash: line 1: 15565 Segmentation fault      ldconfig
Done after 8 iterations
#1138053#19
Date:
2026-05-28 16:32:00 UTC
From:
To:
We've this in upstream qemu:

https://gitlab.com/qemu-project/qemu/-/work_items/1913

I wonder if it's the same.

At the time, I weren't able to reproduce that segfault anymore, but
maybe I wasn't persistent enough.

/mjt