Curious but true: two independent reports of the same issue within
24 hours, one with an x86 guest and one with an arm guest.

Neither report included instructions for reproduction (and both seem
to be with complex setup), therefore this is untested, but seems simple
enough to be the proper fix.  It matches up with

    /*
     * If the TB is not associated with a physical RAM page then it must be
     * a temporary one-insn TB, and we have nothing left to do. Return early
     * before attempting to link to other TBs or add to the lookup table.
     */
    if (tb_page_addr0(tb) == -1) {
        return tb;
    }

in tb_gen_code().


r~


Richard Henderson (1):
  accel/tcg: Allow the second page of an instruction to be MMIO

 accel/tcg/translator.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

-- 
2.34.1

On 2/6/23 09:38, Richard Henderson wrote:
> Curious but true: two independent reports of the same issue within
> 24 hours, one with an x86 guest and one with an arm guest.
> 
> Neither report included instructions for reproduction (and both seem
> to be with complex setup), therefore this is untested, but seems simple
> enough to be the proper fix.  It matches up with
> 
>      /*
>       * If the TB is not associated with a physical RAM page then it must be
>       * a temporary one-insn TB, and we have nothing left to do. Return early
>       * before attempting to link to other TBs or add to the lookup table.
>       */
>      if (tb_page_addr0(tb) == -1) {
>          return tb;
>      }
> 
> in tb_gen_code().
> 
> 
> r~
> 
> 
> Richard Henderson (1):
>    accel/tcg: Allow the second page of an instruction to be MMIO
> 
>   accel/tcg/translator.c | 12 ++++++++++--
>   1 file changed, 10 insertions(+), 2 deletions(-)
> 

Queued to tcg-next.


r~