Hi, I see random crashes when running qemu-system-{x86, x86_64}. The problem started happening several releases ago, but I finally have been able to capture some core dumps. This is with qemu v4.0.
The crash always happens in io_writex(), and the reason is that 'mr' is NULL. I attached some gdb information below. The crash is seen maybe once every ~100 boots, and it seems to happen during PCI enumeration. [ 2.044504] PCI host bridge to bus 0000:00 [ 2.044836] pci_bus 0000:00: root bus resource [bus 00-ff] [ 2.045142] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7] [ 2.045286] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff] [ 2.045436] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff] [ 2.045583] pci_bus 0000:00: root bus resource [mem 0x90000000-0xfebfffff] [ 2.045747] pci_bus 0000:00: root bus resource [mem 0x100000000-0x8ffffffff] ^^^ crash here [ 2.732815] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 2.733081] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 2.733301] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 2.733509] pci_bus 0000:00: root bus resource [mem 0x90000000-0xfebfffff window] [ 2.733716] pci_bus 0000:00: root bus resource [mem 0x800000000-0xfffffffff window] [ 2.734187] pci_bus 0000:00: root bus resource [bus 00-ff] ^^^ crash here Has anyone else seen this problem ? Any idea what I can do to help tracking it down ? Thanks, Guenter --- (gdb) info stack #0 io_writex (env=env@entry=0x5555567982c0, iotlbentry=0x7fffb006d5d0, mmu_idx=mmu_idx@entry=2, val=val@entry=2301, addr=addr@entry=18446744073699050240, retaddr=retaddr@entry=140736404017834, recheck=false, size=4) at /opt/buildbot/qemu/qemu/accel/tcg/cputlb.c:971 #1 0x000055555588e75f in io_writel (recheck=<optimized out>, retaddr=140736404017834, addr=18446744073699050240, val=2301, index=<optimized out>, mmu_idx=2, env=0x5555567982c0) at /opt/buildbot/qemu/qemu/accel/tcg/softmmu_template.h:277 #2 helper_le_stl_mmu (env=0x5555567982c0, addr=18446744073699050240, val=2301, oi=34, retaddr=140736404017834) at /opt/buildbot/qemu/qemu/accel/tcg/softmmu_template.h:316 #3 0x00007fffbf5e52aa in code_gen_buffer () #4 0x00005555558a3c70 in cpu_tb_exec (itb=<optimized out>, cpu=0x7fffbf186800 <code_gen_buffer+51931091>) at /opt/buildbot/qemu/qemu/accel/tcg/cpu-exec.c:171 #5 cpu_loop_exec_tb (tb_exit=<synthetic pointer>, last_tb=<synthetic pointer>, tb=<optimized out>, cpu=0x7fffbf186800 <code_gen_buffer+51931091>) at /opt/buildbot/qemu/qemu/accel/tcg/cpu-exec.c:618 #6 cpu_exec (cpu=cpu@entry=0x555556790010) at /opt/buildbot/qemu/qemu/accel/tcg/cpu-exec.c:729 #7 0x000055555585d4af in tcg_cpu_exec (cpu=0x555556790010) at /opt/buildbot/qemu/qemu/cpus.c:1430 #8 0x000055555585f818 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x555556790010) at /opt/buildbot/qemu/qemu/cpus.c:1734 #9 0x0000555555c5c676 in qemu_thread_start (args=<optimized out>) at util/qemu-thread-posix.c:502 #10 0x00007ffff270b6db in __gettimeofday@plt () from /lib/x86_64-linux-gnu/libpthread.so.0 #11 0x00007fffd37fe700 in ?? () #12 0x00007fffd37fe700 in ?? () #13 0x544ac8b6bb8ba609 in ?? () #14 0x00007fffd37fb300 in ?? () #15 0x0000000000000000 in ?? () (gdb) p *iotlbentry $14 = {addr = 10502175, attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 0, target_tlb_bit0 = 0, target_tlb_bit1 = 0, target_tlb_bit2 = 0}} (gdb) p mr $15 = (MemoryRegion *) 0x0 (gdb) p *section $16 = {mr = 0x0, fv = 0x0, offset_within_region = 0, size = 0, offset_within_address_space = 0, readonly = false, nonvolatile = false} (gdb) l /opt/buildbot/qemu/qemu/accel/tcg/cputlb.c:971 966 cpu_io_recompile(cpu, retaddr); 967 } 968 cpu->mem_io_vaddr = addr; 969 cpu->mem_io_pc = retaddr; 970 971 if (mr->global_locking && !qemu_mutex_iothread_locked()) { 972 qemu_mutex_lock_iothread(); 973 locked = true; 974 } 975 r = memory_region_dispatch_write(mr, mr_offset,