1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
|
id = 698
title = "linux-user: emulated process reading /proc/self/mem doesn't see guest view of memory map"
state = "opened"
created_at = "2021-10-28T21:31:41.255Z"
closed_at = "n/a"
labels = ["kind::Feature Request", "linux-user"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/698"
host-os = "Arch Linux"
host-arch = "x86_64"
qemu-version = "qemu-arm version 6.1.50 (v6.1.0-1735-gc52d69e7db)"
guest-os = "N/A"
guest-arch = "ARM"
description = """QEMU user-mode emulation of a 32-bit guest on a 64-bit host doesn't seem to emulate `/proc/self/mem` (or `/proc/$pid/mem`) correctly. Based on the contents of `/proc/self/maps`, there seems to be some sort of address translation happening that `/proc/self/mem` doesn't honor.
The following source file:
```c
#include <fcntl.h>
#include <inttypes.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/wait.h>
static const char string[] = "Hello, world!\\n";
static bool copy_to_stdout(const char *path)
{
\tbool success = false;
\tint fd = open(path, O_RDONLY);
\tif (fd < 0) {
\t\tperror("open");
\t\treturn false;
\t}
\tchar buf[16 * 1024];
\twhile (true) {
\t\tssize_t bytes_read = read(fd, buf, sizeof(buf));
\t\tif (bytes_read == 0) {
\t\t\tsuccess = true;
\t\t\tgoto out;
\t\t} else if (bytes_read < 0) {
\t\t\tperror("read");
\t\t\tgoto out;
\t\t}
\t\tssize_t bytes_written = 0;
\t\twhile (bytes_written < bytes_read) {
\t\t\tssize_t ret = write(STDOUT_FILENO, buf + bytes_written,
\t\t\t\t\t bytes_read - bytes_written);
\t\t\tif (ret < 0) {
\t\t\t\tperror("write");
\t\t\t\tgoto out;
\t\t\t}
\t\t\tbytes_written += ret;
\t\t}
\t}
out:
\tclose(fd);
\treturn success;
}
static bool dump_maps(void)
{
\tprintf("Maps read by self:\\n");
\tfflush(stdout);
\tif (!copy_to_stdout("/proc/self/maps"))
\t\treturn false;
\tprintf("\\nMaps read by child process:\\n");
\tfflush(stdout);
\tpid_t pid = fork();
\tif (pid < 0) {
\t\tperror("fork");
\t\treturn false;
\t}
\tif (pid == 0) {
\t\tchar parent_maps[32];
\t\tsprintf(parent_maps, "/proc/%u/maps", (unsigned int)getppid());
\t\tif (copy_to_stdout(parent_maps))
\t\t\t_exit(EXIT_SUCCESS);
\t\telse
\t\t\t_exit(EXIT_FAILURE);
\t}
\tint wstatus;
\tif (waitpid(pid, &wstatus, 0) < 0 ||
\t !WIFEXITED(wstatus) || WEXITSTATUS(wstatus) != EXIT_SUCCESS)
\t\treturn false;
\tprintf("\\n");
\treturn true;
}
int main(void)
{
\tif (!dump_maps())
\t\treturn EXIT_FAILURE;
\tint fd = open("/proc/self/mem", O_RDONLY);
\tif (fd < 0) {
\t\tperror("open: /proc/self/mem");
\t\treturn EXIT_FAILURE;
\t}
\tchar buf[sizeof(string)];
\tprintf("Reading %zu bytes from %p (%" PRIuPTR ") to %p of PID %u\\n",
\t sizeof(buf), string, (uintptr_t)string, buf,
\t (unsigned int)getpid());
\tfflush(stdout);
\tif (pread(fd, buf, sizeof(buf), (uintptr_t)string) < 0) {
\t\tperror("pread: /proc/self/mem");
\t\treturn EXIT_FAILURE;
\t}
\tif (memcmp(buf, string, sizeof(buf)) != 0) {
\t\tfprintf(stderr, "buffer doesn't match\\n");
\t\treturn EXIT_FAILURE;
\t}
\treturn EXIT_SUCCESS;
}
```
when compiled for 32-bit ARM produces the following output:
```
Maps read by self:
10000-7c000 r-xp 00000000 00:19 8275924 /home/osandov/repro
7c000-8b000 ---p 00000000 00:00 0
8b000-8c000 r--p 0006b000 00:19 8275924 /home/osandov/repro
8c000-8d000 rw-p 0006c000 00:19 8275924 /home/osandov/repro
8d000-b0000 rw-p 00000000 00:00 0
3ffff000-40000000 r-xp 00000000 00:00 0
40000000-40001000 ---p 00000000 00:00 0
40001000-40801000 rw-p 00000000 00:00 0 [stack]
Maps read by child process:
00010000-00020000 ---p 00000000 00:00 0
00020000-0008c000 r--p 00000000 00:19 8275924 /home/osandov/repro
0008c000-0009b000 ---p 00000000 00:00 0
0009b000-0009c000 r--p 0006b000 00:19 8275924 /home/osandov/repro
0009c000-0009d000 rw-p 0006c000 00:19 8275924 /home/osandov/repro
0009d000-000c0000 rw-p 00000000 00:00 0
000c0000-4000f000 ---p 00000000 00:00 0
4000f000-40010000 r--p 00000000 00:00 0
40010000-40011000 ---p 00000000 00:00 0
40011000-40811000 rw-p 00000000 00:00 0
40811000-100000000 ---p 00000000 00:00 0
100000000-100001000 r--p 00000000 00:00 0
5636dd7a2000-5636dd8a4000 r--p 00000000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm
5636dd8a4000-5636ddb13000 r-xp 00102000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm
5636ddb13000-5636ddf69000 r--p 00371000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm
5636ddf6a000-5636ddfe7000 r--p 007c7000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm
5636ddfe7000-5636ddff3000 rw-p 00844000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm
5636ddff3000-5636de010000 rw-p 00000000 00:00 0
5636df67b000-5636df80c000 rw-p 00000000 00:00 0 [heap]
7f3008000000-7f300ffff000 rwxp 00000000 00:00 0
7f300ffff000-7f3010000000 ---p 00000000 00:00 0
7f3010000000-7f3010021000 rw-p 00000000 00:00 0
7f3010021000-7f3014000000 ---p 00000000 00:00 0
7f3017119000-7f301719a000 rw-p 00000000 00:00 0
7f301719a000-7f301719b000 ---p 00000000 00:00 0
7f301719b000-7f30179a1000 rw-p 00000000 00:00 0
7f30179a1000-7f30179a3000 r--p 00000000 00:19 3660771 /usr/lib/libffi.so.8.1.0
7f30179a3000-7f30179a9000 r-xp 00002000 00:19 3660771 /usr/lib/libffi.so.8.1.0
7f30179a9000-7f30179ab000 r--p 00008000 00:19 3660771 /usr/lib/libffi.so.8.1.0
7f30179ab000-7f30179ac000 r--p 00009000 00:19 3660771 /usr/lib/libffi.so.8.1.0
7f30179ac000-7f30179ad000 rw-p 0000a000 00:19 3660771 /usr/lib/libffi.so.8.1.0
7f30179ad000-7f30179be000 r--p 00000000 00:19 1476709 /usr/lib/libgmp.so.10.4.1
7f30179be000-7f3017a32000 r-xp 00011000 00:19 1476709 /usr/lib/libgmp.so.10.4.1
7f3017a32000-7f3017a49000 r--p 00085000 00:19 1476709 /usr/lib/libgmp.so.10.4.1
7f3017a49000-7f3017a4a000 ---p 0009c000 00:19 1476709 /usr/lib/libgmp.so.10.4.1
7f3017a4a000-7f3017a4c000 r--p 0009c000 00:19 1476709 /usr/lib/libgmp.so.10.4.1
7f3017a4c000-7f3017a4d000 rw-p 0009e000 00:19 1476709 /usr/lib/libgmp.so.10.4.1
7f3017a4d000-7f3017a56000 r--p 00000000 00:19 2871144 /usr/lib/libhogweed.so.6.4
7f3017a56000-7f3017a69000 r-xp 00009000 00:19 2871144 /usr/lib/libhogweed.so.6.4
7f3017a69000-7f3017a93000 r--p 0001c000 00:19 2871144 /usr/lib/libhogweed.so.6.4
7f3017a93000-7f3017a95000 r--p 00045000 00:19 2871144 /usr/lib/libhogweed.so.6.4
7f3017a95000-7f3017a96000 rw-p 00047000 00:19 2871144 /usr/lib/libhogweed.so.6.4
7f3017a96000-7f3017a98000 rw-p 00000000 00:00 0
7f3017a98000-7f3017aa4000 r--p 00000000 00:19 2871147 /usr/lib/libnettle.so.8.4
7f3017aa4000-7f3017ac5000 r-xp 0000c000 00:19 2871147 /usr/lib/libnettle.so.8.4
7f3017ac5000-7f3017adb000 r--p 0002d000 00:19 2871147 /usr/lib/libnettle.so.8.4
7f3017adb000-7f3017adc000 ---p 00043000 00:19 2871147 /usr/lib/libnettle.so.8.4
7f3017adc000-7f3017ade000 r--p 00043000 00:19 2871147 /usr/lib/libnettle.so.8.4
7f3017ade000-7f3017adf000 rw-p 00045000 00:19 2871147 /usr/lib/libnettle.so.8.4
7f3017adf000-7f3017ae2000 r--p 00000000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1
7f3017ae2000-7f3017aee000 r-xp 00003000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1
7f3017aee000-7f3017af2000 r--p 0000f000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1
7f3017af2000-7f3017af3000 ---p 00013000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1
7f3017af3000-7f3017af4000 r--p 00013000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1
7f3017af4000-7f3017af5000 rw-p 00014000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1
7f3017af5000-7f3017b06000 r--p 00000000 00:19 937656 /usr/lib/libunistring.so.2.1.0
7f3017b06000-7f3017b3b000 r-xp 00011000 00:19 937656 /usr/lib/libunistring.so.2.1.0
7f3017b3b000-7f3017c72000 r--p 00046000 00:19 937656 /usr/lib/libunistring.so.2.1.0
7f3017c72000-7f3017c76000 r--p 0017c000 00:19 937656 /usr/lib/libunistring.so.2.1.0
7f3017c76000-7f3017c77000 rw-p 00180000 00:19 937656 /usr/lib/libunistring.so.2.1.0
7f3017c77000-7f3017c79000 r--p 00000000 00:19 3212638 /usr/lib/libidn2.so.0.3.7
7f3017c79000-7f3017c7d000 r-xp 00002000 00:19 3212638 /usr/lib/libidn2.so.0.3.7
7f3017c7d000-7f3017c97000 r--p 00006000 00:19 3212638 /usr/lib/libidn2.so.0.3.7
7f3017c97000-7f3017c98000 r--p 0001f000 00:19 3212638 /usr/lib/libidn2.so.0.3.7
7f3017c98000-7f3017c99000 rw-p 00020000 00:19 3212638 /usr/lib/libidn2.so.0.3.7
7f3017c99000-7f3017cc2000 r--p 00000000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0
7f3017cc2000-7f3017d60000 r-xp 00029000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0
7f3017d60000-7f3017dba000 r--p 000c7000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0
7f3017dba000-7f3017dc4000 r--p 00120000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0
7f3017dc4000-7f3017dce000 rw-p 0012a000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0
7f3017dce000-7f3017dd0000 r--p 00000000 00:19 2549813 /usr/lib/libdl-2.33.so
7f3017dd0000-7f3017dd2000 r-xp 00002000 00:19 2549813 /usr/lib/libdl-2.33.so
7f3017dd2000-7f3017dd3000 r--p 00004000 00:19 2549813 /usr/lib/libdl-2.33.so
7f3017dd3000-7f3017dd4000 r--p 00004000 00:19 2549813 /usr/lib/libdl-2.33.so
7f3017dd4000-7f3017dd5000 rw-p 00005000 00:19 2549813 /usr/lib/libdl-2.33.so
7f3017dd5000-7f3017dd7000 rw-p 00000000 00:00 0
7f3017dd7000-7f3017dd9000 r--p 00000000 00:19 3020974 /usr/lib/libpcre.so.1.2.13
7f3017dd9000-7f3017e2f000 r-xp 00002000 00:19 3020974 /usr/lib/libpcre.so.1.2.13
7f3017e2f000-7f3017e4c000 r--p 00058000 00:19 3020974 /usr/lib/libpcre.so.1.2.13
7f3017e4c000-7f3017e4d000 r--p 00074000 00:19 3020974 /usr/lib/libpcre.so.1.2.13
7f3017e4d000-7f3017e4e000 rw-p 00075000 00:19 3020974 /usr/lib/libpcre.so.1.2.13
7f3017e4e000-7f3017e74000 r--p 00000000 00:19 2549806 /usr/lib/libc-2.33.so
7f3017e74000-7f3017fbf000 r-xp 00026000 00:19 2549806 /usr/lib/libc-2.33.so
7f3017fbf000-7f301800b000 r--p 00171000 00:19 2549806 /usr/lib/libc-2.33.so
7f301800b000-7f301800e000 r--p 001bc000 00:19 2549806 /usr/lib/libc-2.33.so
7f301800e000-7f3018011000 rw-p 001bf000 00:19 2549806 /usr/lib/libc-2.33.so
7f3018011000-7f301801a000 rw-p 00000000 00:00 0
7f301801a000-7f3018021000 r--p 00000000 00:19 2549847 /usr/lib/libpthread-2.33.so
7f3018021000-7f3018030000 r-xp 00007000 00:19 2549847 /usr/lib/libpthread-2.33.so
7f3018030000-7f3018034000 r--p 00016000 00:19 2549847 /usr/lib/libpthread-2.33.so
7f3018034000-7f3018035000 ---p 0001a000 00:19 2549847 /usr/lib/libpthread-2.33.so
7f3018035000-7f3018036000 r--p 0001a000 00:19 2549847 /usr/lib/libpthread-2.33.so
7f3018036000-7f3018037000 rw-p 0001b000 00:19 2549847 /usr/lib/libpthread-2.33.so
7f3018037000-7f301803b000 rw-p 00000000 00:00 0
7f301803b000-7f301803e000 r--p 00000000 00:19 2550528 /usr/lib/libgcc_s.so.1
7f301803e000-7f3018050000 r-xp 00003000 00:19 2550528 /usr/lib/libgcc_s.so.1
7f3018050000-7f3018053000 r--p 00015000 00:19 2550528 /usr/lib/libgcc_s.so.1
7f3018053000-7f3018054000 ---p 00018000 00:19 2550528 /usr/lib/libgcc_s.so.1
7f3018054000-7f3018055000 r--p 00018000 00:19 2550528 /usr/lib/libgcc_s.so.1
7f3018055000-7f3018056000 rw-p 00019000 00:19 2550528 /usr/lib/libgcc_s.so.1
7f3018056000-7f3018065000 r--p 00000000 00:19 2549819 /usr/lib/libm-2.33.so
7f3018065000-7f30180ff000 r-xp 0000f000 00:19 2549819 /usr/lib/libm-2.33.so
7f30180ff000-7f3018197000 r--p 000a9000 00:19 2549819 /usr/lib/libm-2.33.so
7f3018197000-7f3018198000 ---p 00141000 00:19 2549819 /usr/lib/libm-2.33.so
7f3018198000-7f3018199000 r--p 00141000 00:19 2549819 /usr/lib/libm-2.33.so
7f3018199000-7f301819a000 rw-p 00142000 00:19 2549819 /usr/lib/libm-2.33.so
7f301819a000-7f3018233000 r--p 00000000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29
7f3018233000-7f3018333000 r-xp 00099000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29
7f3018333000-7f301839f000 r--p 00199000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29
7f301839f000-7f30183ac000 r--p 00204000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29
7f30183ac000-7f30183ad000 rw-p 00211000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29
7f30183ad000-7f30183b2000 rw-p 00000000 00:00 0
7f30183b2000-7f30183e6000 r--p 00000000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0
7f30183e6000-7f3018508000 r-xp 00034000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0
7f3018508000-7f301859d000 r--p 00156000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0
7f301859d000-7f301859e000 ---p 001eb000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0
7f301859e000-7f30185af000 r--p 001eb000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0
7f30185af000-7f30185b1000 rw-p 001fc000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0
7f30185b1000-7f30185b3000 rw-p 00000000 00:00 0
7f30185b3000-7f30185b5000 r--p 00000000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0
7f30185b5000-7f30185b7000 r-xp 00002000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0
7f30185b7000-7f30185b8000 r--p 00004000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0
7f30185b8000-7f30185b9000 r--p 00004000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0
7f30185b9000-7f30185ba000 rw-p 00005000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0
7f30185ba000-7f30185d7000 r--p 00000000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0
7f30185d7000-7f3018664000 r-xp 0001d000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0
7f3018664000-7f30186ec000 r--p 000aa000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0
7f30186ec000-7f30186ed000 ---p 00132000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0
7f30186ed000-7f30186ee000 r--p 00132000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0
7f30186ee000-7f30186ef000 rw-p 00133000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0
7f30186ef000-7f30186f0000 rw-p 00000000 00:00 0
7f30186f0000-7f30186f2000 r--p 00000000 00:19 3440204 /usr/lib/liburing.so.2.1.0
7f30186f2000-7f30186f4000 r-xp 00002000 00:19 3440204 /usr/lib/liburing.so.2.1.0
7f30186f4000-7f30186f5000 r--p 00004000 00:19 3440204 /usr/lib/liburing.so.2.1.0
7f30186f5000-7f30186f6000 r--p 00004000 00:19 3440204 /usr/lib/liburing.so.2.1.0
7f30186f6000-7f30186f7000 rw-p 00005000 00:19 3440204 /usr/lib/liburing.so.2.1.0
7f30186f7000-7f30186fa000 r--p 00000000 00:19 2549855 /usr/lib/librt-2.33.so
7f30186fa000-7f30186fe000 r-xp 00003000 00:19 2549855 /usr/lib/librt-2.33.so
7f30186fe000-7f3018700000 r--p 00007000 00:19 2549855 /usr/lib/librt-2.33.so
7f3018700000-7f3018701000 r--p 00008000 00:19 2549855 /usr/lib/librt-2.33.so
7f3018701000-7f3018702000 rw-p 00009000 00:19 2549855 /usr/lib/librt-2.33.so
7f3018702000-7f3018705000 r--p 00000000 00:19 15838 /usr/lib/libz.so.1.2.11
7f3018705000-7f3018713000 r-xp 00003000 00:19 15838 /usr/lib/libz.so.1.2.11
7f3018713000-7f3018719000 r--p 00011000 00:19 15838 /usr/lib/libz.so.1.2.11
7f3018719000-7f301871a000 ---p 00017000 00:19 15838 /usr/lib/libz.so.1.2.11
7f301871a000-7f301871b000 r--p 00017000 00:19 15838 /usr/lib/libz.so.1.2.11
7f301871b000-7f301871c000 rw-p 00018000 00:19 15838 /usr/lib/libz.so.1.2.11
7f301871c000-7f301871e000 rw-p 00000000 00:00 0
7f301871e000-7f301871f000 r--p 00000000 00:19 2549795 /usr/lib/ld-2.33.so
7f301871f000-7f3018743000 r-xp 00001000 00:19 2549795 /usr/lib/ld-2.33.so
7f3018743000-7f301874c000 r--p 00025000 00:19 2549795 /usr/lib/ld-2.33.so
7f301874c000-7f301874e000 r--p 0002d000 00:19 2549795 /usr/lib/ld-2.33.so
7f301874e000-7f3018750000 rw-p 0002f000 00:19 2549795 /usr/lib/ld-2.33.so
7ffc5c8f6000-7ffc5c917000 rw-p 00000000 00:00 0 [stack]
7ffc5c935000-7ffc5c939000 r--p 00000000 00:00 0 [vvar]
7ffc5c939000-7ffc5c93b000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]
Reading 15 bytes from 0x6377c (407420) to 0x40800638 of PID 278331
buffer doesn't match
```
The program is trying to read from 0x6377c, which according to the emulated maps is in this mapping:
```
10000-7c000 r-xp 00000000 00:19 8275924 /home/osandov/repro
```
but on the host, it's mapped differently:
```
00020000-0008c000 r--p 00000000 00:19 8275924 /home/osandov/repro
```
When using `qemu-arm-static` (version `6.1.0 (Debian 1:6.1+dfsg-6)`) via `binfmt_misc`, I also saw a case where the address isn't mapped in the host at all:
```
Maps read by self:
10000-7c000 r-xp 00000000 00:19 8275924 /home/osandov/repro
7c000-8b000 ---p 00000000 00:00 0
8b000-8c000 r--p 0006b000 00:19 8275924 /home/osandov/repro
8c000-8d000 rw-p 0006c000 00:19 8275924 /home/osandov/repro
8d000-b0000 rw-p 00000000 00:00 0
40000000-40001000 ---p 00000000 00:00 0
40001000-40801000 rw-p 00000000 00:00 0 [stack]
Maps read by child process:
00400000-00401000 r--p 00000000 00:19 297 /usr/bin/qemu-arm-static
00401000-00769000 r-xp 00001000 00:19 297 /usr/bin/qemu-arm-static
00769000-00abe000 r--p 00369000 00:19 297 /usr/bin/qemu-arm-static
00abe000-00c58000 r--p 006bd000 00:19 297 /usr/bin/qemu-arm-static
00c58000-00cd3000 rw-p 00857000 00:19 297 /usr/bin/qemu-arm-static
00cd3000-00cf7000 rw-p 00000000 00:00 0
0253c000-0268e000 rw-p 00000000 00:00 0 [heap]
42645000-42655000 ---p 00000000 00:00 0
42655000-426c1000 r--p 00000000 00:19 8275924 /home/osandov/repro
426c1000-426d0000 ---p 00000000 00:00 0
426d0000-426d1000 r--p 0006b000 00:19 8275924 /home/osandov/repro
426d1000-426d2000 rw-p 0006c000 00:19 8275924 /home/osandov/repro
426d2000-426f5000 rw-p 00000000 00:00 0
426f5000-82645000 ---p 00000000 00:00 0
82645000-82646000 ---p 00000000 00:00 0
82646000-82e46000 rw-p 00000000 00:00 0
82e46000-142635000 ---p 00000000 00:00 0
142635000-142636000 r--p 00000000 00:00 0
7f5584000000-7f558bfff000 rwxp 00000000 00:00 0
7f558bfff000-7f558c000000 ---p 00000000 00:00 0
7f558c000000-7f558c021000 rw-p 00000000 00:00 0
7f558c021000-7f5590000000 ---p 00000000 00:00 0
7f55929b5000-7f5592a36000 rw-p 00000000 00:00 0
7f5592a36000-7f5592a37000 ---p 00000000 00:00 0
7f5592a37000-7f5593237000 rw-p 00000000 00:00 0
7ffc4971a000-7ffc4973b000 rw-p 00000000 00:00 0 [stack]
7ffc497fa000-7ffc497fe000 r--p 00000000 00:00 0 [vvar]
7ffc497fe000-7ffc49800000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]
Reading 15 bytes from 0x6377c (407420) to 0x40800648 of PID 278443
pread: /proc/self/mem: Input/output error
```"""
reproduce = """1. Download statically-linked ARM [reproducer](/uploads/5563ad67d01f0ec4a10f27d1967216c4/repro).
2. Run `qemu-arm ./repro`."""
additional = """I encountered this when trying out a CI system that uses QEMU user-mode emulation for 32-bit ARM builds. My project is a debugger that uses `/proc/self/mem`, and a test case tripped over this. See https://github.com/osandov/drgn/pull/126.
This also seems to happen with a i386 guest, but not with an aarch64 guest, so I'm assuming that it's a 32-bit guest issue."""
|