QEMU  6.2.0: Random segfaults when access register eax using qemu-system-x86_64
Description of problem:
coredump info:
```
(gdb) bt
#0  0x0000152016187387 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
#1  0x0000152016188a78 in __GI_abort () at abort.c:90
#2  0x00001520159f2439 in os::abort (dump_core=<optimized out>)
    at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:1572
#3  0x0000152015c0e64a in VMError::report_and_die (this=this@entry=0x151fe009c4d0)
    at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/share/vm/utilities/vmError.cpp:1112
#4  0x00001520159fc5e5 in JVM_handle_linux_signal (sig=11, info=0x151fe009c770, ucVoid=0x151fe009c640,
    abort_if_unrecognized=<optimized out>)
    at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp:541
#5  0x00001520159ef5f8 in signalHandler (sig=11, info=0x151fe009c770, uc=0x151fe009c640)
    at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:4591
#6  <signal handler called>
#7  do_clone (pd=pd@entry=0x151fc7cfe700, attr=attr@entry=0x151fe009d410, stackaddr=<optimized out>,
    stopped=<optimized out>, fct=0x152016b4fde0 <start_thread>, clone_flags=4001536)
    at ../nptl/sysdeps/pthread/createthread.c:77
#8  0x0000152016b5056a in create_thread (stackaddr=<optimized out>, attr=0x151fe009d410, pd=0x151fc7cfe700)
    at ../nptl/sysdeps/pthread/createthread.c:244
#9  __pthread_create_2_1 (newthread=<optimized out>, attr=<optimized out>, start_routine=<optimized out>,
    arg=<optimized out>) at pthread_create.c:553
#10 0x00001520159fb9b8 in os::create_thread (thread=0x561592f7f000, thr_type=<optimized out>,
---Type <return> to continue, or q <return> to quit---f 7
    stack_size=<optimized out>)
    at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:921
#11 0x00001520157eea78 in JVM_StartThread (env=<optimized out>, jthread=0x151fe009d4d0)
    at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/share/vm/prims/jvm.cpp:3128
#12 0x0000152001ef0c26 in ?? ()
#13 0x00000006e100f538 in ?? ()
#14 0x00000000de00bfff in ?? ()
#15 0x0000151fe009d530 in ?? ()
#16 0x0000152001915328 in ?? ()
#17 0x00000006e100f538 in ?? ()
#18 0x0000152010062550 in ?? ()
#19 0x00000006f1450200 in ?? ()
#20 0x00001520de280104 in ?? ()
#21 0x0000000000000000 in ?? ()
(gdb) f 7
#7  do_clone (pd=pd@entry=0x151fc7cfe700, attr=attr@entry=0x151fe009d410, stackaddr=<optimized out>,
    stopped=<optimized out>, fct=0x152016b4fde0 <start_thread>, clone_flags=4001536)
    at ../nptl/sysdeps/pthread/createthread.c:77
77        if (__builtin_expect (rc == -1, 0))
(gdb) disas
Dump of assembler code for function do_clone:
   0x0000152016b4f010 <+0>:     push   %r12
   0x0000152016b4f012 <+2>:     xor    %r12d,%r12d
   0x0000152016b4f015 <+5>:     mov    %rdx,%r10
   0x0000152016b4f018 <+8>:     push   %rbp
   0x0000152016b4f019 <+9>:     mov    %rsi,%rbp
   0x0000152016b4f01c <+12>:    push   %rbx
   0x0000152016b4f01d <+13>:    mov    %rdi,%rbx
   0x0000152016b4f020 <+16>:    sub    $0x10,%rsp
   0x0000152016b4f024 <+20>:    test   %ecx,%ecx
   0x0000152016b4f026 <+22>:    setne  %r12b
   0x0000152016b4f02a <+26>:    jne    0x152016b4f07f <do_clone+111>
   0x0000152016b4f02c <+28>:    lock incl 0x21022d(%rip)        # 0x152016d5f260 <__nptl_nthreads>
   0x0000152016b4f033 <+35>:    lea    0x2d0(%rbx),%r8
   0x0000152016b4f03a <+42>:    lea    0xd9f(%rip),%rdi        # 0x152016b4fde0 <start_thread>
   0x0000152016b4f041 <+49>:    xor    %eax,%eax
   0x0000152016b4f043 <+51>:    mov    %rbx,%r9
   0x0000152016b4f046 <+54>:    mov    %rbx,%rcx
   0x0000152016b4f049 <+57>:    mov    $0x3d0f00,%edx
   0x0000152016b4f04e <+62>:    mov    %r8,(%rsp)
   0x0000152016b4f052 <+66>:    mov    %r10,%rsi
   0x0000152016b4f055 <+69>:    callq  0x152016b4d470 <__clone@plt>
=> 0x0000152016b4f05a <+74>:    cmp    $0xffffffff,%eax
   0x0000152016b4f05d <+77>:    je     0x152016b4f118 <do_clone+264>
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) p rc
$1 = 223935
(gdb) i r rax
rax            0x36abf  223935
(gdb) i r eax
eax            0x0      0
(gdb) l
72        atomic_increment (&__nptl_nthreads);
73
74        int rc = ARCH_CLONE (fct, STACK_VARIABLES_ARGS, clone_flags,
75                             pd, &pd->tid, TLS_VALUE, &pd->tid);
76
77        if (__builtin_expect (rc == -1, 0))
78          {
79            atomic_decrement (&__nptl_nthreads); /* Oops, we lied for a second.  */
80
81            /* Perhaps a thread wants to change the IDs and if waiting
(gdb)
```
Additional information:
```
# cat test.c
#include <stdlib.h>

int main() {
   int rc = test1();
   if(__builtin_expect (rc == -1, 0)) {
        return rc;
   }

  return 0;
}
# cat test_asm.s
global test1
section .text
test1:
      mov rax, 223935
      ret

(gdb) disas main
Dump of assembler code for function main:
   0x00000000004004f6 <+0>:     sub    $0x8,%rsp
   0x00000000004004fa <+4>:     mov    $0x0,%eax
   0x00000000004004ff <+9>:     callq  0x4004f0 <test1>
   0x0000000000400504 <+14>:    cmp    $0xffffffff,%eax
   0x0000000000400507 <+17>:    sete   %al
   0x000000000040050a <+20>:    movzbl %al,%eax
   0x000000000040050d <+23>:    neg    %eax
   0x000000000040050f <+25>:    add    $0x8,%rsp
   0x0000000000400513 <+29>:    retq
End of assembler dump.
...
# set breakpoint at 0x0000000000400504 
(gdb) i r eax
eax            0x36abf  223935
(gdb) i r rax
rax            0x36abf  223935
```