As of commit 28db64fce55,
using demo from QEMU advent calendar 2018 day 1:
https://www.qemu-advent-calendar.org/2018/download/day01.tar.xz
$ qemu-system-x86_64 -M pc \
-net none -soundhw pcspk \
-drive file=day01/fbird.img,format=raw,if=floppy \
-monitor stdio -S
(qemu) info qtree
bus: main-system-bus
type System
dev: i440FX-pcihost, id ""
bus: pci.0
dev: PIIX3, id ""
bus: isa.0
dev: isa-pcspk, id ""
audiodev = "pa"
iobase = 97 (0x61)
migrate = true
(qemu) wavcapture out.wav pa
(qemu) cont
(qemu) # Press 'up' key in demo
Segmentation fault (core dumped)
(gdb) bt
#0 0x0000555bfef0dc51 in audio_pcm_sw_write (sw=0x555c01333930, buf=0x0, size=14728) at audio/audio.c:725
#1 0x0000555bfef10a49 in audio_capture_mix_and_clear (hw=0x555c012379b0, rpos=0, samples=3682) at audio/audio.c:1054
#2 0x0000555bfef11059 in audio_run_out (s=0x555c01235550) at audio/audio.c:1186
#3 0x0000555bfef11894 in audio_run (s=0x555c01235550, msg=0x555bff3e37e8 "timer") at audio/audio.c:1355
#4 0x0000555bfef10334 in audio_timer (opaque=0x555c01235550) at audio/audio.c:831
#5 0x0000555bff33f041 in timerlist_run_timers (timer_list=0x555c00377b50) at util/qemu-timer.c:588
#6 0x0000555bff33f0eb in qemu_clock_run_timers (type=QEMU_CLOCK_VIRTUAL) at util/qemu-timer.c:602
#7 0x0000555bff33f3b6 in qemu_clock_run_all_timers () at util/qemu-timer.c:688
#8 0x0000555bff33fb60 in main_loop_wait (nonblocking=0) at util/main-loop.c:525
#9 0x0000555bfef0187c in main_loop () at vl.c:1683
#10 0x0000555bfef090ab in main (argc=12, argv=0x7ffec49184c8, envp=0x7ffec4918530) at vl.c:4438
(gdb) p *sw
$1 = {card = 0x0, s = 0x0, info = {bits = 16, sign = 1, freq = 44100, nchannels = 2, bytes_per_frame = 4, bytes_per_second = 176400, swap_endianness = 0}, conv = 0x555bfef0ced1 <noop_conv>, ratio = 4294967296, buf = 0x555c0123f6f0,
rate = 0x555c007c0ec0, total_hw_samples_mixed = 0, active = 1, empty = 1, hw = 0x555c014b12a0, name = 0x0, vol = {mute = 0, r = 4294967296, l = 4294967296}, callback = {opaque = 0x0, fn = 0x0}, entries = {le_next = 0x0,
le_prev = 0x555c014b1310}}
(gdb) p *sw->hw
$2 = {s = 0x555c01235550, enabled = 1, poll_mode = 0, pending_disable = 0, info = {bits = 16, sign = 1, freq = 44100, nchannels = 2, bytes_per_frame = 4, bytes_per_second = 176400, swap_endianness = 0},
clip = 0x555bfef16376 <clip_natural_int16_t_from_stereo>, ts_helper = 0, mix_buf = 0x555c0059d680, buf_emul = 0x0, pos_emul = 0, pending_emul = 0, size_emul = 0, samples = 16384, sw_head = {lh_first = 0x555c01333930}, cap_head = {
lh_first = 0x0}, pcm_ops = 0x0, entries = {le_next = 0x0, le_prev = 0x0}}
sw->hw->pcm_ops is NULL.
The QEMU project is currently considering to move its bug tracking to another system. For this we need to know which bugs are still valid and which could be closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch the state back to "New" within the next 60 days, otherwise this report will be marked as "Expired". Or mark it as "Fix Released" if the problem has been solved with a newer version of QEMU already. Thank you and sorry for the inconvenience.