Hi LiZhiJian, just one thing I noticed in your call stack, your $Subject talks about AArch64, and you end up in arm_v7m_mmu_idx_for_secstate,
which means that ARM_FEATURE_M is detected, so definitely something looks off when it comes to the feature bits.. Ciao, Claudio On 2/5/21 4:04 AM, lizhijian wrote: > paste the call trace > > (gdb) bt > #0 0x0000aaaac036a02c in armv7m_nvic_neg_prio_requested (opaque=0x0, > secure=false) at ../hw/intc/armv7m_nvic.c:406 > #1 0x0000aaaac014dcf4 in arm_v7m_mmu_idx_for_secstate_and_priv > (env=0xaaaaca23d950, secstate=false, priv=true) at > ../target/arm/m_helper.c:2837 > #2 0x0000aaaac014dd8c in arm_v7m_mmu_idx_for_secstate (env=0xaaaaca23d950, > secstate=false) at ../target/arm/m_helper.c:2848 > #3 0x0000aaaac018aa6c in arm_mmu_idx_el (env=0xaaaaca23d950, el=1) at > ../target/arm/helper.c:12841 > #4 0x0000aaaac018b788 in rebuild_hflags_internal (env=0xaaaaca23d950) at > ../target/arm/helper.c:13100 > #5 0x0000aaaac018b80c in arm_rebuild_hflags (env=0xaaaaca23d950) at > ../target/arm/helper.c:13113 > #6 0x0000aaaac007f928 in cpu_post_load (opaque=0xaaaaca233b10, > version_id=22) at ../target/arm/machine.c:767 > #7 0x0000aaaabfc8f508 in vmstate_load_state (f=0xaaaaca355520, > vmsd=0xaaaac0d59ea8 <vmstate_arm_cpu>, opaque=0xaaaaca233b10, version_id=22) > at ../migration/vmstate.c:168 > #8 0x0000aaaabfca3404 in vmstate_load (f=0xaaaaca355520, se=0xaaaaca2708b0) > at ../migration/savevm.c:885 > #9 0x0000aaaabfca6410 in qemu_loadvm_section_start_full (f=0xaaaaca355520, > mis=0xaaaaca204d90) at ../migration/savevm.c:2396 > #10 0x0000aaaabfca6a8c in qemu_loadvm_state_main (f=0xaaaaca355520, > mis=0xaaaaca204d90) at ../migration/savevm.c:2582 > #11 0x0000aaaabfca6c34 in qemu_loadvm_state (f=0xaaaaca355520) at > ../migration/savevm.c:2661 > #12 0x0000aaaabfd95bf0 in process_incoming_migration_co (opaque=0x0) at > ../migration/migration.c:522 > #13 0x0000aaaac06c6248 in coroutine_trampoline (i0=-895198224, i1=43690) at > ../util/coroutine-ucontext.c:173 > #14 0x0000ffffa5071f90 in __startcontext () at > ../sysdeps/unix/sysv/linux/aarch64/setcontext.S:123 > > > ** Information type changed from Public to Public Security >