## Host environment - Operating system: Arch Linux - OS/kernel version: Linux 6.18.3-arch1-1 SMP PREEMPT_DYNAMIC - Architecture: x86_64 - QEMU flavor: qemu-system-x86_64 - QEMU version: QEMU emulator version 10.2.50 (commit: c4a9d49c7b23a02c646ebac756519c15a24f7ecc) - QEMU command line: ``` ./qemu-system-x86_64 -smp 2 ``` ## Emulated/Virtualized environment - Operating system: Windows XP - OS/kernel version: SP0/RTM (Build 2600.xpclient.010817-1148) - Architecture: x86 ## Description of problem When rebooting a multicore Windows XP guest, QEMU crashes with an `IOT instruction` error. ## Steps to reproduce 1. Boot Windows XP with `-smp 2` 2. Wait for Windows to recognize and install the CPU drivers 3. Reboot 4. After reboot back to Windows, reboot again. ## Additional information ``` 0x00007ffff4d9a5df in abort () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff4d9a5df in abort () from /usr/lib/libc.so.6 #1 0x0000555555e41041 in do_patch_instruction (cs=0x5555582d6f30, data=...) at ../hw/i386/vapic.c:443 #2 0x00005555558b066c in process_queued_cpu_work (cpu=0x5555582d6f30) at ../cpu-common.c:374 #3 0x0000555555c3dde1 in qemu_process_cpu_events_common (cpu=0x5555582d6f30) at ../system/cpus.c:459 #4 0x0000555555c3de8b in qemu_process_cpu_events (cpu=0x5555582d6f30) at ../system/cpus.c:478 #5 0x0000555555f908be in kvm_vcpu_thread_fn (arg=0x5555582d6f30) at ../accel/kvm/kvm-accel-ops.c:50 #6 0x00005555561cb6de in qemu_thread_start (args=0x5555582e1fd0) at ../util/qemu-thread-posix.c:393 #7 0x00007ffff4e0b98b in ?? () from /usr/lib/libc.so.6 #8 0x00007ffff4e8fa0c in ?? () from /usr/lib/libc.so.6 ``` On reboot, the following opcodes are executed: ``` opcode[0] = 0x90 opcode[0] = 0x90 opcode[0] = 0xe8 opcode[0] = 0x68 ``` <!-- The line below ensures that proper tags are added to the issue. Please do not remove it. -->