qemu-system-x86_64 segfaults when executing ipxe selftests

When running ipxe selftests (-kernel tests.lknl), qemu 10.0.0-rc1 segfaults:

$ ./qemu-system-x86_64 -nographic -kernel ../tests.lkrn
SeaBIOS (version rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org)

iPXE (http://ipxe.org) 00:03.0 CA00 PCI2.10 PnP PMM+06FD0D90+06F30D90 CA00

Booting from ROM...
iPXE initialising devices...

iPXE 1.21.1+git20250317.42a29d56+dfsg-1 -- Open Source Network Boot Firmware -- 
https://ipxe.org
Features: VLAN DNS HTTP HTTPS iSCSI NFS TFTP AoE ELF MBOOT PXE bzImage Menu PXEXT
Starting i386 self-tests
OK: "time" 102 tests passed
OK: "uri" 727 tests passed
OK: "utf8" 116 tests passed
OK: "uuid" 13 tests passed
OK: "vsprintf" 56 tests passed
OK: "x25519" 126 tests passed
OK: "x509" 139 tests passed
OK: "zlib" 7 tests passed
OK: "acpi" 6 tests passed
OK: "aes" 90 tests passed
OK: "base16" 21 tests passed
OK: "base64" 21 tests passeSegmentation fault
$ _

I think this happens during bigint test, here's the non-segfault version of the output:

OK: "base16" 21 tests passed
OK: "base64" 21 tests passed
OK: "bigint" 212 tests passed
OK: "bitops" 28 tests passed
OK: "byteswap" 6 tests passed
...

Host environment

Operating system: Linux
Architecture: x86_64
QEMU flavor: qemu-system-x86_64
QEMU version: 456709db up to 10.0.0-rc1
QEMU command line: ./qemu-system-x86_64 -nographic -kernel ../tests.lkrn

Emulated/Virtualized environment

test image from ipxe.org tests.lkrn

git bisect points to 456709db as the first bad commit.

@bonzini can you take a look please?

Edited Mar 30, 2025 by Michael Tokarev

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information