Description of problem: when guest do reboot or reset after hotunplug virtio NIC, Segmentation fault occurs.It can reproduce 100%. Similar to https://bugzilla.redhat.com/show_bug.cgi?id=988256
Version-Release number of selected component (if applicable): Host OS:sles11sp2 kernel version:3.0.58 qemu-1.5.1 libvirt-1.1.0 guest os:win2k8 R2 x64bit or sles11sp2 x64 or win2k3 32bit Steps shown as below: 1.use virsh to start a vm with a virtio NIC 2.after booting, use virsh detach-device to hotunplug the virito NIC 3.use virsh reboot/reset the restart the vm 4.when vm is rebooting, Segmentation fault appears. the backstrace: #0 0x00007ff4be3288d0 in __memcmp_sse4_1 () from /lib64/libc.so.6 #1 0x00007ff4c07f82c0 in patch_hypercalls (s=0x7ff4c15dd610) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/hw/i386/kvmvapic.c:549 #2 0x00007ff4c07f84f0 in vapic_prepare (s=0x7ff4c15dd610) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/hw/i386/kvmvapic.c:614 #3 0x00007ff4c07f85e7 in vapic_write (opaque=0x7ff4c15dd610, addr=0, data=32, size=2) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/hw/i386/kvmvapic.c:651 #4 0x00007ff4c082a917 in memory_region_write_accessor (opaque=0x7ff4c15df938, addr=0, value=0x7ff4bbfe3d00, size=2, shift=0, mask=65535) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/memory.c:334 #5 0x00007ff4c082a9ee in access_with_adjusted_size (addr=0, value=0x7ff4bbfe3d00, size=2, access_size_min=1, access_size_max=4, access=0x7ff4c082a89a <memory_region_write_accessor>, opaque=0x7ff4c15df938) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/memory.c:364 #6 0x00007ff4c082ae49 in memory_region_iorange_write (iorange=0x7ff4c15dfca0, offset=0, width=2, data=32) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/memory.c:439 #7 0x00007ff4c08236f7 in ioport_writew_thunk (opaque=0x7ff4c15dfca0, addr=126, data=32) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/ioport.c:219 #8 0x00007ff4c0823078 in ioport_write (index=1, address=126, data=32) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/ioport.c:83 #9 0x00007ff4c0823ca9 in cpu_outw (addr=126, val=32) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/ioport.c:296 #10 0x00007ff4c0827485 in kvm_handle_io (port=126, data=0x7ff4c0510000, direction=1, size=2, count=1) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/kvm-all.c:1485 #11 0x00007ff4c0827e14 in kvm_cpu_exec (env=0x7ff4c15bf270) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/kvm-all.c:1634 #12 0x00007ff4c07b6f27 in qemu_kvm_cpu_thread_fn (arg=0x7ff4c15bf270) at /mnt/zhanghaoyu/qemu/qemu-1.5.1/cpus.c:759 #13 0x00007ff4be58af05 in start_thread () from /lib64/libpthread.so.0 #14 0x00007ff4be2cd53d in clone () from /lib64/libc.so.6 In function vapic_write(), when reboot or reset the vm after hotunplug the virtio NIC, the rom_paddr may changed since virtio NIC rom will not load to ram. switch (size) { case 2: if (s->state == VAPIC_INACTIVE) { rom_paddr = (env->segs[R_CS].base + env->eip) & ROM_BLOCK_MASK; s->rom_state_paddr = rom_paddr + data; s->state = VAPIC_STANDBY; } if (vapic_prepare(s) < 0) { s->state = VAPIC_INACTIVE; break; } So I change this code like this: switch (size) { case 2: if (s->state == VAPIC_INACTIVE) { s->state = VAPIC_STANDBY; } rom_paddr = (env->segs[R_CS].base + env->eip) & ROM_BLOCK_MASK; s->rom_state_paddr = rom_paddr + data; if (vapic_prepare(s) < 0) { s->state = VAPIC_INACTIVE; break; } Apply above change, the segmentation fault disappears and the vm reboot or reset successfully. Is above change the correct way to fix the problem? Thanks, Daniel