I noticed this while I was trying to debug something and so was single stepping through the CPU realize function.
The rcu thread seems to get set up and try to start working too early in QEMU's initialization process. Specifically, it can try to do things before we've completed the creation and init of all the CPUs: I'm seeing call_rcu_thread() calling qemu_mutex_lock_iothread() calling qemu_cpu_kick_thread() before we've even finished actually creating and realizing the CPU objects. This segfaults because cpu->thread isn't set yet. -- PMM
