ppc: mac99 immediate segfault in vga_init with bus=pci.0 Description of problem: I'm trying to figure out why `mac99` PowerPC VMs launched by libvirt always immediately segfault (signal SIGSEGV, segmentation fault). I narrowed it down to the `bus=pci.0` option that libvirt adds to the `-device VGA` argument. If I remove the `bus=pci.0` option then it doesn't segfault. Full backtrace from gdb: ``` #0 memory_region_update_container_subregions (subregion=0x555556d795e0) at ../softmmu/memory.c:2538 mr = other = alias = __PRETTY_FUNCTION__ = "memory_region_add_subregion_common" #1 memory_region_add_subregion_common (mr=, offset=, subregion=0x555556d795e0) at ../softmmu/memory.c:2556 alias = __PRETTY_FUNCTION__ = "memory_region_add_subregion_common" #2 0x0000555555b81fad in vga_init (s=s@entry=0x555556dbe590, obj=obj@entry=0x555556dbdb70, address_space=0x5555568ea570, address_space_io=address_space_io@entry=0x5555568ea790, init_vga_ports=init_vga_ports@entry=true) at ../hw/display/vga.c:2305 vga_io_memory = 0x555556d795e0 vga_ports = 0x55555623bda0 vbe_ports = 0x55555623bd20 #3 0x00005555558fbe3a in pci_std_vga_realize (dev=0x555556dbdb70, errp=) at ../hw/display/vga-pci.c:245 d = 0x555556dbdb70 s = 0x555556dbe590 qext = false edid = false #4 0x0000555555990128 in pci_qdev_realize (qdev=0x555556dbdb70, errp=) at ../hw/pci/pci.c:2218 pci_dev = 0x555556dbdb70 pc = klass = local_err = 0x0 is_default_rom = class_id = __func__ = "pci_qdev_realize" #5 0x0000555555c6aa2f in device_set_realized (obj=, value=true, errp=0x7fffffffd570) at ../hw/core/qdev.c:553 dev = 0x555556dbdb70 dc = 0x555556634130 hotplug_ctrl = 0x0 bus = ncl = local_err = 0x0 unattached_parent = false unattached_count = 12 __func__ = "device_set_realized" __PRETTY_FUNCTION__ = "device_set_realized" #6 0x0000555555c6de7a in property_set_bool (obj=0x555556dbdb70, v=, name=, opaque=0x5555564c40b0, errp=0x7fffffffd570) at ../qom/object.c:2273 prop = 0x5555564c40b0 value = true #7 0x0000555555c70158 in object_property_set (obj=obj@entry=0x555556dbdb70, name=name@entry=0x555555ee1196 "realized", v=v@entry=0x555556d745d0, errp=errp@entry=0x7fffffffd570) at ../qom/object.c:1408 _auto_errp_prop = {local_err = 0x0, errp = 0x7fffffffd570} prop = __func__ = "object_property_set" #8 0x0000555555c73384 in object_property_set_qobject (obj=obj@entry=0x555556dbdb70, name=name@entry=0x555555ee1196 "realized", value=value@entry=0x555556d732c0, errp=errp@entry=0x7fffffffd570) at ../qom/qom-qobject.c:28 v = 0x555556d745d0 ok = #9 0x0000555555c703c9 in object_property_set_bool (obj=0x555556dbdb70, name=name@entry=0x555555ee1196 "realized", value=value@entry=true, errp=errp@entry=0x7fffffffd570) at ../qom/object.c:1477 qbool = 0x555556d732c0 ok = #10 0x0000555555c69ec2 in qdev_realize (dev=, bus=bus@entry=0x5555568eb750, errp=errp@entry=0x7fffffffd570) at ../hw/core/qdev.c:333 __PRETTY_FUNCTION__ = "qdev_realize" #11 0x0000555555a1db80 in qdev_device_add_from_qdict (opts=opts@entry=0x555556d72130, from_json=from_json@entry=false, errp=, errp@entry=0x5555563be3d0 ) at /home/rhansen/floss/qemu/include/hw/qdev-core.h:17 _auto_errp_prop = {local_err = 0x0, errp = 0x5555563be3d0 } dc = 0x555556634130 driver = 0x555556d73150 "VGA" path = id = dev = 0x555556dbdb70 bus = __func__ = "qdev_device_add_from_qdict" #12 0x0000555555a1dca6 in qdev_device_add (opts=0x5555564c10d0, errp=errp@entry=0x5555563be3d0 ) at ../softmmu/qdev-monitor.c:733 qdict = 0x555556d72130 ret = #13 0x0000555555a1fb83 in device_init_func (opaque=, opts=, errp=0x5555563be3d0 ) at ../softmmu/vl.c:1142 dev = #14 0x0000555555dde692 in qemu_opts_foreach (list=, func=func@entry=0x555555a1fb70 , opaque=opaque@entry=0x0, errp=0x5555563be3d0 ) at ../util/qemu-option.c:1135 loc = {kind = LOC_CMDLINE, num = 2, ptr = 0x7fffffffd990, prev = 0x5555563be400 } opts = 0x5555564c10d0 next = 0x0 rc = 0 __PRETTY_FUNCTION__ = "qemu_opts_foreach" #15 0x0000555555a22921 in qemu_create_cli_devices () at ../softmmu/vl.c:2522 opt = __func__ = "qmp_x_exit_preconfig" __func__ = "qmp_x_exit_preconfig" #16 qmp_x_exit_preconfig (errp=0x5555563be3d0 ) at ../softmmu/vl.c:2590 __func__ = "qmp_x_exit_preconfig" __func__ = "qmp_x_exit_preconfig" #17 qmp_x_exit_preconfig (errp=0x5555563be3d0 ) at ../softmmu/vl.c:2582 __func__ = "qmp_x_exit_preconfig" #18 0x0000555555a25ec2 in qemu_init (argc=, argv=, envp=) at ../softmmu/vl.c:3586 opts = icount_opts = accel_opts = olist = optind = 11 optarg = 0x7fffffffdec3 "chardev=mon0,mode=readline" machine_class = userconfig = vmstate_dump_file = __func__ = "qemu_init" __PRETTY_FUNCTION__ = "qemu_init" #19 0x000055555585410d in qemu_main (envp=0x0, argv=, argc=) at ../softmmu/main.c:47 status = #20 main (argc=, argv=) at ../softmmu/main.c:47 ```