When I try to use virtio on xen(HVM guest), qemu crashed. Here is the backtrace:
(gdb) bt
#0 0x00007f49581f0b55 in raise () from /lib64/libc.so.6
#1 0x00007f49581f2131 in abort () from /lib64/libc.so.6
#2 0x00007f495af2af32 in xen_ram_addr_from_mapcache (ptr=0x7f4951858ac8) at
/root/work/xen/tools/qemu-xen-dir/xen-mapcache.c:316
#3 0x00007f495ae30fb3 in qemu_ram_addr_from_host (ptr=0x7f4951858ac8,
ram_addr=0x7fff564dc9b0) at /root/work/xen/tools/qemu-xen-dir/exec.c:1508
#4 0x00007f495ae33424 in address_space_unmap (as=0x7f495b7c3520,
buffer=0x7f4951858ac8, len=6, is_write=0, access_len=6) at
/root/work/xen/tools/qemu-xen-dir/exec.c:2315
#5 0x00007f495ae335b3 in cpu_physical_memory_unmap (buffer=0x7f4951858ac8,
len=6, is_write=0, access_len=6) at
/root/work/xen/tools/qemu-xen-dir/exec.c:2353
#6 0x00007f495ae9058d in virtqueue_fill (vq=0x7f495b931250,
elem=0x7fff564dcb00, len=1, idx=0) at
/root/work/xen/tools/qemu-xen-dir/hw/virtio/virtio.c:258
#7 0x00007f495ae90a0d in virtqueue_push (vq=0x7f495b931250,
elem=0x7fff564dcb00, len=1) at
/root/work/xen/tools/qemu-xen-dir/hw/virtio/virtio.c:286
#8 0x00007f495ae82cf3 in virtio_net_handle_ctrl (vdev=0x7f495b92a5d0,
vq=0x7f495b931250) at /root/work/xen/tools/qemu-xen-dir/hw/net/virtio-net.c:806
#9 0x00007f495ae925e5 in virtio_queue_notify_vq (vq=0x7f495b931250) at
/root/work/xen/tools/qemu-xen-dir/hw/virtio/virtio.c:729
#10 0x00007f495ae926c3 in virtio_queue_notify (vdev=0x7f495b92a5d0, n=2) at
/root/work/xen/tools/qemu-xen-dir/hw/virtio/virtio.c:735
#11 0x00007f495ad743c2 in virtio_ioport_write (opaque=0x7f495b929cd0, addr=16,
val=2) at hw/virtio/virtio-pci.c:301
#12 0x00007f495ad74923 in virtio_pci_config_write (opaque=0x7f495b929cd0,
addr=16, val=2, size=2) at hw/virtio/virtio-pci.c:433
#13 0x00007f495ae9f071 in memory_region_write_accessor (mr=0x7f495b92a468,
addr=16, value=0x7fff564e8d08, size=2, shift=0, mask=65535) at
/root/work/xen/tools/qemu-xen-dir/memory.c:441
#14 0x00007f495ae9f1ad in access_with_adjusted_size (addr=16, value=0x7fff564e8d08,
size=2, access_size_min=1, access_size_max=4, access=0x7f495ae9efe8
<memory_region_write_accessor>, mr=0x7f495b92a468)
at /root/work/xen/tools/qemu-xen-dir/memory.c:478
#15 0x00007f495aea200e in memory_region_dispatch_write (mr=0x7f495b92a468,
addr=16, data=2, size=2) at /root/work/xen/tools/qemu-xen-dir/memory.c:985
#16 0x00007f495aea5824 in io_mem_write (mr=0x7f495b92a468, addr=16, val=2,
size=2) at /root/work/xen/tools/qemu-xen-dir/memory.c:1744
#17 0x00007f495ae328d3 in address_space_rw (as=0x7f495b7c3600, addr=49200,
buf=0x7fff564e8e60 "\002", len=2, is_write=true) at
/root/work/xen/tools/qemu-xen-dir/exec.c:2029
#18 0x00007f495ae32c85 in address_space_write (as=0x7f495b7c3600, addr=49200,
buf=0x7fff564e8e60 "\002", len=2) at
/root/work/xen/tools/qemu-xen-dir/exec.c:2091
#19 0x00007f495ae9c130 in cpu_outw (addr=49200, val=2) at
/root/work/xen/tools/qemu-xen-dir/ioport.c:77
#20 0x00007f495af289d0 in do_outp (addr=49200, size=2, val=2) at
/root/work/xen/tools/qemu-xen-dir/xen-hvm.c:668
#21 0x00007f495af28b94 in cpu_ioreq_pio (req=0x7f495ab25000) at
/root/work/xen/tools/qemu-xen-dir/xen-hvm.c:729
#22 0x00007f495af28ee5 in handle_ioreq (req=0x7f495ab25000) at
/root/work/xen/tools/qemu-xen-dir/xen-hvm.c:781
#23 0x00007f495af29237 in cpu_handle_ioreq (opaque=0x7f495b884ad0) at
/root/work/xen/tools/qemu-xen-dir/xen-hvm.c:856
#24 0x00007f495ad7d2c2 in qemu_iohandler_poll (pollfds=0x7f495b823820, ret=1)
at iohandler.c:143
#25 0x00007f495ad7e2fd in main_loop_wait (nonblocking=0) at main-loop.c:485
#26 0x00007f495ae1386f in main_loop () at vl.c:2056
#27 0x00007f495ae1af17 in main (argc=35, argv=0x7fff564e94c8,
envp=0x7fff564e95e8) at vl.c:4535
(gdb) q