Index: target-i386/op_helper.c
===================================================================
--- target-i386/op_helper.c	(revision 4661)
+++ target-i386/op_helper.c	(working copy)
@@ -4836,7 +4836,7 @@
     svm_save_seg(env->vm_hsave + offsetof(struct vmcb, save.ds), 
                  &env->segs[R_DS]);
 
-    stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip), EIP);
+    stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rip), EIP + 3);
     stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rsp), ESP);
     stq_phys(env->vm_hsave + offsetof(struct vmcb, save.rax), EAX);