ppc: mac99 immediate segfault in vga_init with bus=pci.0
Host environment
- Operating system: Ubuntu 20.04
- OS/kernel version: 5.15.0-41-generic
- Architecture: amd64
- QEMU flavor:
qemu-system-ppc
- QEMU version: 7.0.91 (v7.1.0-rc1-29-gc669f22f) (this is a recent build of master)
- QEMU command line:
qemu-system-ppc -no-user-config -nodefaults -machine mac99 -device VGA,bus=pci.0
Emulated/Virtualized environment
- Operating system: n/a (it segfaults before it attempts to boot)
- OS/kernel version: n/a
- Architecture: 32-bit PowerPC (ppc),
mac99
machine
Description of problem
I'm trying to figure out why mac99
PowerPC VMs launched by libvirt always immediately segfault (signal SIGSEGV, segmentation fault). I narrowed it down to the bus=pci.0
option that libvirt adds to the -device VGA
argument. If I remove the bus=pci.0
option then it doesn't segfault. Full backtrace from gdb:
#0 memory_region_update_container_subregions (subregion=0x555556d795e0) at ../softmmu/memory.c:2538
mr = <optimized out>
other = <optimized out>
alias = <optimized out>
__PRETTY_FUNCTION__ = "memory_region_add_subregion_common"
#1 memory_region_add_subregion_common (mr=<optimized out>, offset=<optimized out>, subregion=0x555556d795e0) at ../softmmu/memory.c:2556
alias = <optimized out>
__PRETTY_FUNCTION__ = "memory_region_add_subregion_common"
#2 0x0000555555b81fad in vga_init (s=s@entry=0x555556dbe590, obj=obj@entry=0x555556dbdb70, address_space=0x5555568ea570, address_space_io=address_space_io@entry=0x5555568ea790, init_vga_ports=init_vga_ports@entry=true) at ../hw/display/vga.c:2305
vga_io_memory = 0x555556d795e0
vga_ports = 0x55555623bda0 <vga_portio_list>
vbe_ports = 0x55555623bd20 <vbe_portio_list>
#3 0x00005555558fbe3a in pci_std_vga_realize (dev=0x555556dbdb70, errp=<optimized out>) at ../hw/display/vga-pci.c:245
d = 0x555556dbdb70
s = 0x555556dbe590
qext = false
edid = false
#4 0x0000555555990128 in pci_qdev_realize (qdev=0x555556dbdb70, errp=<optimized out>) at ../hw/pci/pci.c:2218
pci_dev = 0x555556dbdb70
pc = <optimized out>
klass = <optimized out>
local_err = 0x0
is_default_rom = <optimized out>
class_id = <optimized out>
__func__ = "pci_qdev_realize"
#5 0x0000555555c6aa2f in device_set_realized (obj=<optimized out>, value=true, errp=0x7fffffffd570) at ../hw/core/qdev.c:553
dev = 0x555556dbdb70
dc = 0x555556634130
hotplug_ctrl = 0x0
bus = <optimized out>
ncl = <optimized out>
local_err = 0x0
unattached_parent = false
unattached_count = 12
__func__ = "device_set_realized"
__PRETTY_FUNCTION__ = "device_set_realized"
#6 0x0000555555c6de7a in property_set_bool (obj=0x555556dbdb70, v=<optimized out>, name=<optimized out>, opaque=0x5555564c40b0, errp=0x7fffffffd570) at ../qom/object.c:2273
prop = 0x5555564c40b0
value = true
#7 0x0000555555c70158 in object_property_set (obj=obj@entry=0x555556dbdb70, name=name@entry=0x555555ee1196 "realized", v=v@entry=0x555556d745d0, errp=errp@entry=0x7fffffffd570) at ../qom/object.c:1408
_auto_errp_prop = {local_err = 0x0, errp = 0x7fffffffd570}
prop = <optimized out>
__func__ = "object_property_set"
#8 0x0000555555c73384 in object_property_set_qobject (obj=obj@entry=0x555556dbdb70, name=name@entry=0x555555ee1196 "realized", value=value@entry=0x555556d732c0, errp=errp@entry=0x7fffffffd570) at ../qom/qom-qobject.c:28
v = 0x555556d745d0
ok = <optimized out>
#9 0x0000555555c703c9 in object_property_set_bool (obj=0x555556dbdb70, name=name@entry=0x555555ee1196 "realized", value=value@entry=true, errp=errp@entry=0x7fffffffd570) at ../qom/object.c:1477
qbool = 0x555556d732c0
ok = <optimized out>
#10 0x0000555555c69ec2 in qdev_realize (dev=<optimized out>, bus=bus@entry=0x5555568eb750, errp=errp@entry=0x7fffffffd570) at ../hw/core/qdev.c:333
__PRETTY_FUNCTION__ = "qdev_realize"
#11 0x0000555555a1db80 in qdev_device_add_from_qdict (opts=opts@entry=0x555556d72130, from_json=from_json@entry=false, errp=<optimized out>, errp@entry=0x5555563be3d0 <error_fatal>) at /home/rhansen/floss/qemu/include/hw/qdev-core.h:17
_auto_errp_prop = {local_err = 0x0, errp = 0x5555563be3d0 <error_fatal>}
dc = 0x555556634130
driver = 0x555556d73150 "VGA"
path = <optimized out>
id = <optimized out>
dev = 0x555556dbdb70
bus = <optimized out>
__func__ = "qdev_device_add_from_qdict"
#12 0x0000555555a1dca6 in qdev_device_add (opts=0x5555564c10d0, errp=errp@entry=0x5555563be3d0 <error_fatal>) at ../softmmu/qdev-monitor.c:733
qdict = 0x555556d72130
ret = <optimized out>
#13 0x0000555555a1fb83 in device_init_func (opaque=<optimized out>, opts=<optimized out>, errp=0x5555563be3d0 <error_fatal>) at ../softmmu/vl.c:1142
dev = <optimized out>
#14 0x0000555555dde692 in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x555555a1fb70 <device_init_func>, opaque=opaque@entry=0x0, errp=0x5555563be3d0 <error_fatal>) at ../util/qemu-option.c:1135
loc = {kind = LOC_CMDLINE, num = 2, ptr = 0x7fffffffd990, prev = 0x5555563be400 <std_loc>}
opts = 0x5555564c10d0
next = 0x0
rc = 0
__PRETTY_FUNCTION__ = "qemu_opts_foreach"
#15 0x0000555555a22921 in qemu_create_cli_devices () at ../softmmu/vl.c:2522
opt = <optimized out>
__func__ = "qmp_x_exit_preconfig"
__func__ = "qmp_x_exit_preconfig"
#16 qmp_x_exit_preconfig (errp=0x5555563be3d0 <error_fatal>) at ../softmmu/vl.c:2590
__func__ = "qmp_x_exit_preconfig"
__func__ = "qmp_x_exit_preconfig"
#17 qmp_x_exit_preconfig (errp=0x5555563be3d0 <error_fatal>) at ../softmmu/vl.c:2582
__func__ = "qmp_x_exit_preconfig"
#18 0x0000555555a25ec2 in qemu_init (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/vl.c:3586
opts = <optimized out>
icount_opts = <optimized out>
accel_opts = <optimized out>
olist = <optimized out>
optind = 11
optarg = 0x7fffffffdec3 "chardev=mon0,mode=readline"
machine_class = <optimized out>
userconfig = <optimized out>
vmstate_dump_file = <optimized out>
__func__ = "qemu_init"
__PRETTY_FUNCTION__ = "qemu_init"
#19 0x000055555585410d in qemu_main (envp=0x0, argv=<optimized out>, argc=<optimized out>) at ../softmmu/main.c:47
status = <optimized out>
#20 main (argc=<optimized out>, argv=<optimized out>) at ../softmmu/main.c:47
Additional Information
Commands I ran to build QEMU:
mkdir build
cd build
../configure
make
Tail of configure
output:
qemu 7.0.91 [11052/12910]
Directories
Install prefix : /usr/local
BIOS directory : share/qemu
firmware path : share/qemu-firmware
binary directory : /usr/local/bin
library directory : /usr/local/lib/x86_64-linux-gnu
module directory : lib/x86_64-linux-gnu/qemu
libexec directory : /usr/local/libexec
include directory : /usr/local/include
config directory : /usr/local/etc
local state directory : /var/local
Manual directory : /usr/local/share/man
Doc directory : /usr/local/share/doc
Build directory : /home/rhansen/floss/qemu/build
Source path : /home/rhansen/floss/qemu
GIT submodules : ui/keycodemapdb tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc slirp roms/SLOF
Host binaries
git : git
make : make
python : /usr/bin/python3 (version: 3.8)
sphinx-build : /usr/bin/sphinx-build
gdb : /usr/bin/gdb
iasl : NO
genisoimage : /usr/bin/genisoimage
smbd : /usr/sbin/smbd
Configurable features
Documentation : YES
system-mode emulation : YES
user-mode emulation : YES
block layer : YES
Install blobs : YES
module support : NO
fuzzing support : NO
Audio drivers : pa oss
Trace backends : log
D-Bus display : NO
QOM debugging : NO
vhost-kernel support : YES
vhost-net support : YES
vhost-user support : YES
vhost-user-crypto support : YES
vhost-user-blk server support: YES
vhost-vdpa support : YES
build guest agent : YES
Compilation
host CPU : x86_64
host endianness : little
C compiler : cc -m64 -mcx16
Host C compiler : cc -m64 -mcx16
C++ compiler : c++ -m64 -mcx16
CFLAGS : -O2 -g
CXXFLAGS : -O2 -g
QEMU_CFLAGS : -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wfo
rmat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wimplicit-fallthrough=2 -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong
QEMU_CXXFLAGS : -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wundef -Wwrite-strings -fno-strict-aliasing -fno-common -fwrapv -Wtype-limits -Wformat-security -Wformat-y2k -Winit-se
lf -Wignored-qualifiers -Wempty-body -Wendif-labels -Wexpansion-to-defined -Wimplicit-fallthrough=2 -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong
QEMU_OBJCFLAGS : -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-re
definition -Wno-tautological-type-limit-compare
QEMU_LDFLAGS : -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -fstack-protector-strong
profiler : NO
link-time optimization (LTO) : NO
PIE : YES
static build : NO
malloc trim support : YES
membarrier : NO
debug stack usage : NO
mutex debugging : NO
memory allocator : system
avx2 optimization : YES
avx512f optimization : NO
gprof enabled : NO
gcov : NO
thread sanitizer : NO
CFI support : NO
strip binaries : NO
sparse : NO [10972/12910]
mingw32 support : NO
Cross compilers
aarch64 : $(DOCKER_SCRIPT) cc --cc aarch64-linux-gnu-gcc-10 -i qemu/debian-arm64-cross -s /home/rhansen/floss/qemu --
alpha : $(DOCKER_SCRIPT) cc --cc alpha-linux-gnu-gcc -i qemu/debian-alpha-cross -s /home/rhansen/floss/qemu --
arm : $(DOCKER_SCRIPT) cc --cc arm-linux-gnueabihf-gcc -i qemu/debian-armhf-cross -s /home/rhansen/floss/qemu --
i386 : cc
loongarch64 : $(DOCKER_SCRIPT) cc --cc loongarch64-unknown-linux-gnu-gcc -i qemu/debian-loongarch-cross -s /home/rhansen/floss/qemu --
nios2 : $(DOCKER_SCRIPT) cc --cc nios2-linux-gnu-gcc -i qemu/debian-nios2-cross -s /home/rhansen/floss/qemu --
riscv64 : $(DOCKER_SCRIPT) cc --cc riscv64-linux-gnu-gcc -i qemu/debian-riscv64-test-cross -s /home/rhansen/floss/qemu --
s390x : $(DOCKER_SCRIPT) cc --cc s390x-linux-gnu-gcc -i qemu/debian-s390x-cross -s /home/rhansen/floss/qemu --
x86_64 : cc
xtensa : $(DOCKER_SCRIPT) cc --cc /opt/2020.07/xtensa-dc232b-elf/bin/xtensa-dc232b-elf-gcc -i qemu/debian-xtensa-cross -s /home/rhansen/floss/qemu --
cris : $(DOCKER_SCRIPT) cc --cc cris-linux-gnu-gcc -i qemu/fedora-cris-cross -s /home/rhansen/floss/qemu --
hexagon : $(DOCKER_SCRIPT) cc --cc hexagon-unknown-linux-musl-clang -i qemu/debian-hexagon-cross -s /home/rhansen/floss/qemu --
hppa : $(DOCKER_SCRIPT) cc --cc hppa-linux-gnu-gcc -i qemu/debian-hppa-cross -s /home/rhansen/floss/qemu --
m68k : $(DOCKER_SCRIPT) cc --cc m68k-linux-gnu-gcc -i qemu/debian-m68k-cross -s /home/rhansen/floss/qemu --
microblaze : $(DOCKER_SCRIPT) cc --cc microblaze-linux-musl-gcc -i qemu/debian-microblaze-cross -s /home/rhansen/floss/qemu --
mips : $(DOCKER_SCRIPT) cc --cc mips-linux-gnu-gcc -i qemu/debian-mips-cross -s /home/rhansen/floss/qemu --
mips64 : $(DOCKER_SCRIPT) cc --cc mips64-linux-gnuabi64-gcc -i qemu/debian-mips64-cross -s /home/rhansen/floss/qemu --
mips64el : $(DOCKER_SCRIPT) cc --cc mips64el-linux-gnuabi64-gcc -i qemu/debian-mips64el-cross -s /home/rhansen/floss/qemu --
mipsel : $(DOCKER_SCRIPT) cc --cc mipsel-linux-gnu-gcc -i qemu/debian-mipsel-cross -s /home/rhansen/floss/qemu --
ppc : $(DOCKER_SCRIPT) cc --cc powerpc-linux-gnu-gcc-10 -i qemu/debian-powerpc-test-cross -s /home/rhansen/floss/qemu --
ppc64 : $(DOCKER_SCRIPT) cc --cc powerpc64-linux-gnu-gcc-10 -i qemu/debian-powerpc-test-cross -s /home/rhansen/floss/qemu --
ppc64le : $(DOCKER_SCRIPT) cc --cc powerpc64le-linux-gnu-gcc-10 -i qemu/debian-powerpc-test-cross -s /home/rhansen/floss/qemu --
sh4 : $(DOCKER_SCRIPT) cc --cc sh4-linux-gnu-gcc -i qemu/debian-sh4-cross -s /home/rhansen/floss/qemu --
sparc64 : $(DOCKER_SCRIPT) cc --cc sparc64-linux-gnu-gcc -i qemu/debian-sparc64-cross -s /home/rhansen/floss/qemu --
Targets and accelerators
KVM support : YES
HAX support : NO
HVF support : NO
WHPX support : NO
NVMM support : NO
Xen support : YES
xen ctrl version : 4.11.0
TCG support : YES
TCG backend : native (x86_64)
TCG plugins : YES
TCG debug enabled : NO
target list : aarch64-softmmu alpha-softmmu arm-softmmu avr-softmmu cris-softmmu hppa-softmmu i386-softmmu loongarch64-softmmu m68k-softmmu microblaze-softmmu microblazeel-softmmu mips-softmmu mips64-softmmu mips64el-softmmu mipsel-softmmu nios2-softmmu or1k-softmmu ppc-softmmu ppc64-softmmu riscv
32-softmmu riscv64-softmmu rx-softmmu s390x-softmmu sh4-softmmu sh4eb-softmmu sparc-softmmu sparc64-softmmu tricore-softmmu x86_64-softmmu xtensa-softmmu xtensaeb-softmmu aarch64-linux-user aarch64_be-linux-user alpha-linux-user arm-linux-user armeb-linux-user cris-linux-user hexagon-linux-user hppa-linux-user i386-li
nux-user loongarch64-linux-user m68k-linux-user microblaze-linux-user microblazeel-linux-user mips-linux-user mips64-linux-user mips64el-linux-user mipsel-linux-user mipsn32-linux-user mipsn32el-linux-user nios2-linux-user or1k-linux-user ppc-linux-user ppc64-linux-user ppc64le-linux-user riscv32-linux-user riscv64-li
nux-user s390x-linux-user sh4-linux-user sh4eb-linux-user sparc-linux-user sparc32plus-linux-user sparc64-linux-user x86_64-linux-user xtensa-linux-user xtensaeb-linux-user
default devices : YES
out of process emulation : YES
vfio-user server : NO
Block layer support
coroutine backend : ucontext
coroutine pool : YES
Block whitelist (rw) :
Block whitelist (ro) :
Use block whitelist in tools : NO
VirtFS support : YES
build virtiofs daemon : YES
Live block migration : YES
replication support : YES
bochs support : YES
cloop support : YES
dmg support : YES
qcow v1 support : YES
vdi support : YES
vvfat support : YES
qed support : YES
parallels support : YES
FUSE exports : YES 3.9.0
VDUSE block exports : YES
Crypto
TLS priority : NORMAL
GNUTLS support : YES 3.6.13
GNUTLS crypto : NO
libgcrypt : YES 1.8.5
nettle : NO
AF_ALG support : NO
rng-none : NO
Linux keyring : YES
Dependencies [10892/12910]
SDL support : YES
SDL image support : NO
GTK support : YES
pixman : YES 0.38.4
VTE support : YES 0.60.3
slirp support : YES 4.1.0
libtasn1 : YES 4.16.0
PAM : NO
iconv support : YES
curses support : YES
virgl support : YES 0.8.2
curl support : YES 7.68.0
Multipath support : NO
PNG support : YES 1.6.37
VNC support : YES
VNC SASL support : YES
VNC JPEG support : YES 2.0.3
OSS support : YES
ALSA support : YES 1.2.2
PulseAudio support : YES 13.99.1
JACK support : YES 0.125.0rc1
brlapi support : YES
vde support : NO
netmap support : NO
l2tpv3 support : YES
Linux AIO support : YES
Linux io_uring support : YES 2.0
ATTR/XATTR support : YES
RDMA support : YES
PVRDMA support : YES
fdt support : system
libcap-ng support : YES
bpf support : YES 0.5.0
spice protocol support : YES 0.14.0
spice server support : YES 0.14.2
rbd support : YES
smartcard support : YES 2.6.1
U2F support : NO
libusb : YES 1.0.23
usb net redir : YES 0.8.0
OpenGL support (epoxy) : YES 1.5.4
GBM : YES 21.2.6
libiscsi support : YES 1.18.0
libnfs support : NO
seccomp support : YES 2.5.1
GlusterFS support : YES 7.7.2
TPM support : YES
libssh support : YES 0.9.3
lzo support : NO
snappy support : NO
bzip2 support : YES
lzfse support : NO
zstd support : YES 1.4.4
NUMA host support : YES
capstone : NO
libpmem support : YES 1.8
libdaxctl support : NO
libudev : YES 245
FUSE lseek : YES
selinux : YES 3.0
Subprojects
libvduse : YES
libvhost-user : YES
User defined options
Native files : config-meson.cross
prefix : /usr/local
werror : true
vfio_user_server : disabled
Found ninja-1.10.0 at /usr/bin/ninja