qemu user aarch64 crashes when giving the dynamic loader as argument

This only happens when supplying the dynamic loader on the command line. If the dynamic loader is inferred, everything works. I think this has to do with addresses because many other binaries work.

Ubuntu supplied qemu is fine:

$ /usr/bin/qemu-aarch64-static /lib/ld-linux-aarch64.so.1 ./test
./test: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory

It is fine if you run the binary directly and have the loader in the proper place:

$ build_user/qemu-aarch64 ./test
./test: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory

It crashes if you supply the dynamic loader.

++ ../build_user/qemu-aarch64 /lib/ld-linux-aarch64.so.1 ./test
./test.sh: line 11: 14781 Segmentation fault      (core dumped) ../build_user/qemu-aarch64 /lib/ld-linux-aarch64.so.1 ./test

The dynamic loader used is the one that comes with Ubuntu 18.04 for aarch64, but it also happens with the one from Fedora 34.

The "test" program is the following C code:

int main() {
    return 0;
}

Compiled with the following line:

clang-11 --target=aarch64-linux-gnu test.c -o test

Make sure to use clang, as the same program compiled with gcc works. As said, it is probably about addresses.

This was reproduced with latest qemu (v6.1.0-rc4) and also with qemu-5.2.0. Qemu was compiled with the following options:

../qemu/configure --static --disable-system --enable-linux-user --target-list=aarch64-linux-user,arm-linux-user