groovy qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.

Hello Ryutaroh,

I tried to reproduce the problem by running the command you provided basically as-it on an up-to-date Groovy amd64 system, but I couldn't:

$ dpkg-query -W | grep qemu-user-static
qemu-user-static 1:5.0-5ubuntu9

$ mmdebstrap --architectures=armhf,arm64 --variant=apt --components="main contrib non-free" --include=linux-image-arm64,udev,kmod,e2fsprogs,btrfs-progs,systemd-sysv,libpam-systemd,libnss-systemd,dbus-user-session,locales,tzdata,openssh-server,bash,apt-utils,whiptail,vim-tiny,less,man-db,wpasupplicant,crda,raspi-firmware,firmware-brcm80211,firmware-linux-free,firmware-misc-nonfree,keyboard-configuration,console-setup bullseye /home/paride/delme/
I: automatically chosen mode: unshare
I: armhf cannot be executed, falling back to qemu-user
I: running apt-get update...
done
I: downloading packages with apt...
done
I: extracting archives...
done
I: installing packages...
done
I: installing remaining packages inside the chroot...
done
I: cleaning package lists and apt cache...
done
done

Could you please confirm the problem is reproducible, and provide any other bit of information about your setup that may be relevant?

Also: in the bug description you wrote "Host is Ubuntu Focal". Did you mean Groovy?

For the moment I'm setting the status of this report to Incomplete, please change it back to New after commenting back and we'll look at it again. Thanks!

I'm experiencing the same issue:

$ sudo qemu-debootstrap --arch armhf groovy armhf-chroot
...
I: Running command: chroot armhf-chroot /debootstrap/debootstrap --second-stage
qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.
Aborted (core dumped)

this on a recent Groovy amd64 installation.

flag@harukaze:~/canonical$ dpkg -l | grep debootstrap
ii debootstrap 1.0.123ubuntu1 all Bootstrap a basic Debian system

I'm also running into this trying to set up a pbuilder environment:

$ pbuilder-dist sid armhf create
...
I: Running command: chroot /var/cache/pbuilder/build/430992 /debootstrap/debootstrap --second-stage
qemu-arm-static: /build/qemu-W3R0Rj/qemu-5.0/linux-user/elfload.c:2317: pgb_reserved_va: Assertion `guest_base != 0' failed.
Aborted (core dumped)

This appears to have been fixed upstream [1, 2] in qemu 5.1, which has been in Debian unstable since August [3], but hasn't been merged into Ubuntu yet.

[1] https://bugs.launchpad.net/qemu/+bug/1888728
[2] https://github.com/qemu/qemu/commit/c9f8066
[3] https://tracker.debian.org/news/1169793/accepted-qemu-151dfsg-1-source-into-unstable/

Thanks Doug,
I'm working on 5.1 already.
Once done we can evaluate and consider SRUing this ...

This bug was fixed in the package qemu - 1:5.1+dfsg-4ubuntu1

---------------
qemu (1:5.1+dfsg-4ubuntu1) hirsute; urgency=medium

  * Merge with Debian testing, remaining changes:
    Fixes qemu-arm-static Assertion `guest_base != 0' failed (LP: #1897854)
    - qemu-kvm to systemd unit
      - d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
        hugepages and architecture specifics
      - d/qemu-system-common.qemu-kvm.service: systemd unit to call
        qemu-kvm-init
      - d/qemu-system-common.install: install helper script
      - d/qemu-system-common.qemu-kvm.default: defaults for
        /etc/default/qemu-kvm
      - d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
    - Distribution specific machine type (LP: 1304107 1621042)
      - d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
        types
      - d/qemu-system-x86.NEWS Info on fixed machine type definitions
        for host-phys-bits=true (LP: 1776189)
      - add an info about -hpb machine type in debian/qemu-system-x86.NEWS
      - provide pseries-bionic-2.11-sxxm type as convenience with all
        meltdown/spectre workarounds enabled by default. (LP: 1761372).
      - ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
    - Enable nesting by default
      - d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
        in qemu64 on amd
        [ No more strictly needed, but required for backward compatibility ]
    - improved dependencies
      - Make qemu-system-common depend on qemu-block-extra
      - Make qemu-utils depend on qemu-block-extra
      - let qemu-utils recommend sharutils
    - tolerate ipxe size change on migrations to >=18.04 (LP: 1713490)
      - d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
        reference 256k path
      - d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
        handle incoming migrations from former releases.
    - d/control-in: Disable capstone disassembler library support (universe)
    - d/qemu-system-x86.README.Debian: add info about updated nesting changes
    - d/control*, d/rules: disable xen by default, but provide universe
      package qemu-system-x86-xen as alternative
      [includes compat links changes of 5.0-5ubuntu4]
    - allow qemu to load old modules post upgrade (LP 1847361)
      - d/qemu-block-extra.*.in, d/qemu-system-gui.*.in: save shared objects on
        upgrade
      - d/rules: generate maintainer scripts matching package version on build
      - d/rules: enable --enable-module-upgrades where --enable-modules is set
    - d/control: regenerate debian/control out of control-in
  * Dropped changes [in Debian or no more needed]
    - d/control-in: disable pmem on ppc64 as it is currently considered
      experimental on that architecture (pmdk v1.8-1)
    - d/rules: makefile definitions can't be recursive - sys_systems for s390x
    - d/rules: report config log from the correct subdir
    - d/control-in: disable rbd support unavailable on riscv (LP: 1872931)
    - Pick further changes for groovy from debian/master since 5.0-5
      - ati-vga-check-mm_index-before-recursive-call-CVE-2...

We've bundled this fix for Groovy (Thanks Mark) with another upcoming upload.
This should soon be resolved in groovy as well.

This bug was fixed in the package qemu - 1:5.0-5ubuntu9.2

---------------
qemu (1:5.0-5ubuntu9.2) groovy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in sdhci_sdma_transfer_multi_blocks()
    - debian/patches/ubuntu/CVE-2020-17380.patch: fix DMA Transfer Block
      Size field in hw/sd/sdhci.c.
    - CVE-2020-17380
    - CVE-2020-25085
  * SECURITY UPDATE: use-after-free via unchecked return value
    - debian/patches/ubuntu/CVE-2020-25084.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-xhci.c.
    - CVE-2020-25084
  * SECURITY UPDATE: out-of-bound access issue
    - debian/patches/ubuntu/CVE-2020-25624.patch: check len and
      frame_number variables in hw/usb/hcd-ohci.c.
    - CVE-2020-25624
  * SECURITY UPDATE: infinite loop when a TD list has a loop
    - debian/patches/ubuntu/CVE-2020-25625.patch: check for processed TD
      before retire in hw/usb/hcd-ohci.c.
    - CVE-2020-25625
  * SECURITY UPDATE: assertion failure through usb_packet_unmap()
    - debian/patches/ubuntu/CVE-2020-25723.patch: check return value of
      'usb_packet_map' in hw/usb/hcd-ehci.c.
    - CVE-2020-25723
  * SECURITY UPDATE: bounds issue in ati_2d_blt
    - debian/patches/ubuntu/CVE-2020-27616.patch: check x y display
      parameter values in hw/display/ati_2d.c.
    - CVE-2020-27616
  * SECURITY UPDATE: assertion failure
    - debian/patches/ubuntu/CVE-2020-27617.patch: remove an assert call in
      eth_get_gso_type in net/eth.c.
    - CVE-2020-27617
  * Assertion failure via zero mmap_min_addr (LP: #1897854)
    - debian/patches/ubuntu/lp1897854-Ensure-mmap_min_addr-is-non-zero.patch:
      ensure mmap_min_addr is non-zero in linux-user/main.c.

 -- Marc Deslauriers <email address hidden> Fri, 20 Nov 2020 08:02:13 -0500