Hi, Gerd The issue consequentially occur, I have tested various qemu versions, including the current qemu.git.
Any ideas? Thanks. The command line: ./x86_64-softmmu/qemu-system-x86_64 -enable-kvm -m 4096 -smp 4 -name sles \ -boot c -drive file=/mnt/sdb/gonglei/image/sles.img -vnc 0.0.0.0:10 -monitor \ stdio -device cirrus-vga,id=video0,vgamem_mb=2 The backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff2785700 (LWP 13966)] 0x00005555556ceb09 in cirrus_vga_mem_write (opaque=0x55555638e888, addr=0, mem_value=0, size=1) at hw/display/cirrus_vga.c:2039 2039 *(s->vga.vram_ptr + bank_offset) = mem_value; (gdb) bt #0 0x00005555556ceb09 in cirrus_vga_mem_write (opaque=0x55555638e888, addr=0, mem_value=0, size=1) at hw/display/cirrus_vga.c:2039 #1 0x00005555558bc394 in memory_region_write_accessor (mr=0x55555639f5a8, addr=0, value=0x7ffff27848a8, size=1, shift=0, mask=255) at /mnt/sdb/gonglei/code/qemu/memory.c:441 #2 0x00005555558bc4d0 in access_with_adjusted_size (addr=0, value=0x7ffff27848a8, size=2, access_size_min=1, access_size_max=1, access=0x5555558bc30b <memory_region_write_accessor>, mr=0x55555639f5a8) at /mnt/sdb/gonglei/code/qemu/memory.c:478 #3 0x00005555558bf331 in memory_region_dispatch_write (mr=0x55555639f5a8, addr=0, data=0, size=2) at /mnt/sdb/gonglei/code/qemu/memory.c:985 #4 0x00005555558c2b47 in io_mem_write (mr=0x55555639f5a8, addr=0, val=0, size=2) at /mnt/sdb/gonglei/code/qemu/memory.c:1744 #5 0x0000555555847c5b in address_space_rw (as=0x5555561e8600 <address_space_memory>, addr=655360, buf=0x7ffff7ff4030 "", len=2, is_write=true) at /mnt/sdb/gonglei/code/qemu/exec.c:2029 #6 0x00005555558480c2 in cpu_physical_memory_rw (addr=655360, buf=0x7ffff7ff4030 "", len=2, is_write=1) at /mnt/sdb/gonglei/code/qemu/exec.c:2103 #7 0x00005555558b90c7 in cpu_physical_memory_write (addr=655360, buf=0x7ffff7ff4030, len=2) at /mnt/sdb/gonglei/code/qemu/include/exec/cpu-common.h:68 #8 0x00005555558b9025 in kvm_flush_coalesced_mmio_buffer () at /mnt/sdb/gonglei/code/qemu/kvm-all.c:1607 #9 0x0000555555844c08 in qemu_flush_coalesced_mmio_buffer () at /mnt/sdb/gonglei/code/qemu/exec.c:976 #10 0x00005555558bc34a in memory_region_write_accessor (mr=0x55555639f5a8, addr=170, value=0x7ffff2784b58, size=1, shift=0, mask= 255) at /mnt/sdb/gonglei/code/qemu/memory.c:437 #11 0x00005555558bc4d0 in access_with_adjusted_size (addr=170, value=0x7ffff2784b58, size=2, access_size_min=1, access_size_max=1, access=0x5555558bc30b <memory_region_write_accessor>, mr=0x55555639f5a8) at /mnt/sdb/gonglei/code/qemu/memory.c:478 #12 0x00005555558bf331 in memory_region_dispatch_write (mr=0x55555639f5a8, addr=170, data=0, size=2) at /mnt/sdb/gonglei/code/qemu/memory.c:985 #13 0x00005555558c2b47 in io_mem_write (mr=0x55555639f5a8, addr=170, val=0, size=2) at /mnt/sdb/gonglei/code/qemu/memory.c:1744 #14 0x0000555555847c5b in address_space_rw (as=0x5555561e8600 <address_space_memory>, addr=655530, buf=0x7ffff7ff2028 "", len=2, is_write=true) at /mnt/sdb/gonglei/code/qemu/exec.c:2029 #15 0x00005555558480c2 in cpu_physical_memory_rw (addr=655530, buf=0x7ffff7ff2028 "", len=2, is_write=1) at /mnt/sdb/gonglei/code/qemu/exec.c:2103 #16 0x00005555558b940b in kvm_cpu_exec (cpu=0x5555562a7aa0) at /mnt/sdb/gonglei/code/qemu/kvm-all.c:1704 #17 0x0000555555838de2 in qemu_kvm_cpu_thread_fn (arg=0x5555562a7aa0) at /mnt/sdb/gonglei/code/qemu/cpus.c:873 #18 0x00007ffff59337f6 in start_thread () from /lib64/libpthread.so.0 #19 0x00007ffff568f09d in clone () from /lib64/libc.so.6 #20 0x0000000000000000 in ?? () Best regards, -Gonglei