I tried to manually changed this line then test this branch on local host. After the migration is successful, the qemu core dump occurs on the shutdown inside guest.
Compiled qemu Steps:
# cd qemu-kvm/
# mkdir build
# cd build/
# git checkout bd85496c2a8c1ebf34f908fca2be2ab9852fd0e9
# vim /root/qemu-kvm/hw/virtio/vhost-vdpa.c
(Chanege "vhost_iova_tree_remove(v->iova_tree, &mem_region);" to "vhost_iova_tree_remove(v->iova_tree, result);")
# ../configure --target-list=x86_64-softmmu --enable-debug
# make
Core dump messages:
# gdb /root/qemu-kvm/build/x86_64-softmmu/qemu-system-x86_64 core.qemu-system-x86.7419
(gdb) bt full
#0 0x000056107c19afa9 in vhost_vdpa_listener_region_del (listener=0x7ff9a9c691a0, section=0x7ffd3889ad20)
at ../hw/virtio/vhost-vdpa.c:290
result = 0x0
vaddr = 0x7ff29be00000
mem_region = {iova = 0, translated_addr = 140679973961728, size = 30064771071, perm = IOMMU_NONE}
v = 0x7ff9a9c69190
iova = 4294967296
llend = 34359738368
llsize = 30064771072
ret = 32765
__func__ = "vhost_vdpa_listener_region_del"
#1 0x000056107c1ca915 in listener_del_address_space (listener=0x7ff9a9c691a0, as=0x56107cccbc00 <address_space_memory>)
at ../softmmu/memory.c:2939
section =
{size = 30064771072, mr = 0x56107e116270, fv = 0x7ff1e02a4090, offset_within_region = 2147483648, offset_within_address_space = 4294967296, readonly = false, nonvolatile = false}
view = 0x7ff1e02a4090
fr = 0x7ff1e04027f0
#2 0x000056107c1cac39 in memory_listener_unregister (listener=0x7ff9a9c691a0) at ../softmmu/memory.c:2989
#3 0x000056107c19d007 in vhost_vdpa_dev_start (dev=0x56107e126ea0, started=false) at ../hw/virtio/vhost-vdpa.c:1134
v = 0x7ff9a9c69190
ok = true
#4 0x000056107c190252 in vhost_dev_stop (hdev=0x56107e126ea0, vdev=0x56107f40cb50) at ../hw/virtio/vhost.c:1828
i = 32761
__PRETTY_FUNCTION__ = "vhost_dev_stop"
#5 0x000056107bebe26c in vhost_net_stop_one (net=0x56107e126ea0, dev=0x56107f40cb50) at ../hw/net/vhost_net.c:315
file = {index = 0, fd = -1}
__PRETTY_FUNCTION__ = "vhost_net_stop_one"
#6 0x000056107bebe6bf in vhost_net_stop (dev=0x56107f40cb50, ncs=0x56107f421850, data_queue_pairs=1, cvq=0)
at ../hw/net/vhost_net.c:425
qbus = 0x56107f40cac8
vbus = 0x56107f40cac8
k = 0x56107df1a220
n = 0x56107f40cb50
peer = 0x7ff9a9c69010
total_notifiers = 2
nvhosts = 1
i = 0
--Type <RET> for more, q to quit, c to continue without paging--
r = 32765
__PRETTY_FUNCTION__ = "vhost_net_stop"
#7 0x000056107c14af24 in virtio_net_vhost_status (n=0x56107f40cb50, status=15 '\017') at ../hw/net/virtio-net.c:298
vdev = 0x56107f40cb50
nc = 0x56107f421850
queue_pairs = 1
cvq = 0
#8 0x000056107c14b17e in virtio_net_set_status (vdev=0x56107f40cb50, status=15 '\017') at ../hw/net/virtio-net.c:372
n = 0x56107f40cb50
q = 0x56107f40cb50
i = 32765
queue_status = 137 '\211'
#9 0x000056107c185af2 in virtio_set_status (vdev=0x56107f40cb50, val=15 '\017') at ../hw/virtio/virtio.c:1947
k = 0x56107dfe2c60
#10 0x000056107c188cbb in virtio_vmstate_change (opaque=0x56107f40cb50, running=false, state=RUN_STATE_SHUTDOWN)
at ../hw/virtio/virtio.c:3195
vdev = 0x56107f40cb50
qbus = 0x56107f40cac8
k = 0x56107df1a220
backend_run = false
#11 0x000056107bfdca5e in vm_state_notify (running=false, state=RUN_STATE_SHUTDOWN) at ../softmmu/runstate.c:334
e = 0x56107f419950
next = 0x56107f224b80
#12 0x000056107bfd43e6 in do_vm_stop (state=RUN_STATE_SHUTDOWN, send_stop=false) at ../softmmu/cpus.c:263
ret = 0
#13 0x000056107bfd4420 in vm_shutdown () at ../softmmu/cpus.c:281
#14 0x000056107bfdd584 in qemu_cleanup () at ../softmmu/runstate.c:813
#15 0x000056107bd81a5b in main (argc=65, argv=0x7ffd3889b178, envp=0x7ffd3889b388) at ../softmmu/main.c:51
Thanks
Lei