Re: Segfault in hw/scsi/scsi-disk.c caused by null pointer

From: Denis Krienbühl
Subject: Re: Segfault in hw/scsi/scsi-disk.c caused by null pointer
Date: Tue, 9 Aug 2022 18:25:57 +0200

On 9 Aug 2022, at 18:15, Peter Maydell <peter.maydell@linaro.org> wrote:

My wild guess is that there's a race condition somewhere such
that when you're doing this huge amount of detaches, very rarely
a disk is detached and deleted but this INQUIRY request is
incorrectly still sent to the disk (which being a freed object,
might be overwritten with other stuff). But that is purely a guess.

So.. should this be something I create a bug report for?

If you can repro this on current head-of-git, or at least on
the most recent release, then yes, file a bug report.

The best I can currently do is start to log what’s going on. Since I’m not at all familiar with SCSI and this code-base, do you have any tipps on what I should log to maybe find out where this race-condition occurs?

Or if there’s any kind of documentation I could read to understand better what is going on in the hw/scsi subsystem and how I should navigate the code. After reading your explanation we’ll probably look for other workarounds, but I would love to understand what’s going on.

Appreciate your help,


