This patch was taken from NixOS https://raw.githubusercontent.com/Mindavi/nixpkgs/1a737743a829746e48f4869ac517ff29c23c9d09/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff It is based on an unmerged patch against american-fuzzy-lop and was never merged upstream because the author was unable to sign Google's CLA. Based on https://github.com/google/AFL/commit/6c917e3d63a2a0685d58c3518524f9615b001893.patch --- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100 +++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100 @@ -34,6 +34,7 @@ #include #include #include +#include // https://lkml.org/lkml/2019/6/3/988 #include #include #ifdef __ia64__ @@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2, #endif #ifdef __NR_gettid -_syscall0(int, gettid) +// taken from https://patchwork.kernel.org/patch/10862231/ +#define __NR_sys_gettid __NR_gettid +_syscall0(int, sys_gettid) #else /* This is a replacement for the host gettid() and must return a host errno. */ @@ -6219,7 +6222,7 @@ static void *clone_func(void *arg) cpu = ENV_GET_CPU(env); thread_cpu = cpu; ts = (TaskState *)cpu->opaque; - info->tid = gettid(); + info->tid = sys_gettid(); task_settid(ts); if (info->child_tidptr) put_user_u32(info->tid, info->child_tidptr); @@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un mapping. We can't repeat the spinlock hack used above because the child process gets its own copy of the lock. */ if (flags & CLONE_CHILD_SETTID) - put_user_u32(gettid(), child_tidptr); + put_user_u32(sys_gettid(), child_tidptr); if (flags & CLONE_PARENT_SETTID) - put_user_u32(gettid(), parent_tidptr); + put_user_u32(sys_gettid(), parent_tidptr); ts = (TaskState *)cpu->opaque; if (flags & CLONE_SETTLS) cpu_set_tls (env, newtls); @@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n break; #endif case TARGET_NR_gettid: - ret = get_errno(gettid()); + ret = get_errno(sys_gettid()); break; #ifdef TARGET_NR_readahead case TARGET_NR_readahead: