From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by dpdk.space (Postfix) with ESMTP id 3CF69A0096
	for <public@inbox.dpdk.org>; Mon,  8 Apr 2019 08:07:00 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 0105B4C8F;
	Mon,  8 Apr 2019 08:06:59 +0200 (CEST)
Received: by dpdk.org (Postfix, from userid 33)
 id A46BA4C8F; Mon,  8 Apr 2019 08:06:57 +0200 (CEST)
From: bugzilla@dpdk.org
To: dev@dpdk.org
Date: Mon, 08 Apr 2019 06:06:57 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: DPDK
X-Bugzilla-Component: vhost/virtio
X-Bugzilla-Version: 18.11
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: major
X-Bugzilla-Who: henry.tjf@antfin.com
X-Bugzilla-Status: CONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: Normal
X-Bugzilla-Assigned-To: dev@dpdk.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 target_milestone
Message-ID: <bug-241-3@http.bugs.dpdk.org/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://bugs.dpdk.org/
Auto-Submitted: auto-generated
X-Auto-Response-Suppress: All
MIME-Version: 1.0
Subject: [dpdk-dev] [Bug 241] QEMU (vIOMMU+virtio) crashes when DPDK exits
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>
Message-ID: <20190408060657.LGdqq1A2JAd4qsYD4AaPNAf-PZReCRBW3eofOWf2JsI@z>

https://bugs.dpdk.org/show_bug.cgi?id=3D241

            Bug ID: 241
           Summary: QEMU (vIOMMU+virtio) crashes when DPDK exits
           Product: DPDK
           Version: 18.11
          Hardware: All
                OS: All
            Status: CONFIRMED
          Severity: major
          Priority: Normal
         Component: vhost/virtio
          Assignee: dev@dpdk.org
          Reporter: henry.tjf@antfin.com
  Target Milestone: ---

This could be a QEMU bug, I record it here as it's convenient to reproduce
using DPDK.

QEMU version: v2.10.2/v2.11.2/v2.12.1
DPDK version: v18.11 (the other versions could also have this issue, which I
did not test)

The way to start QEMU:

  iommu=3D"-M q35,accel=3Dkvm,kernel-irqchip=3Dsplit -device
intel-iommu,device-iotlb=3Don,intremap=3Don,eim=3Don"

  VIRTIO0=3D"-chardev socket,id=3Dchar0,path=3D/tmp/sock0 -netdev
type=3Dvhost-user,id=3Dnetdev0,chardev=3Dchar0,vhostforce -device
virtio-net-pci,netdev=3Dnetdev0,disable-legacy=3Don,iommu_platform=3Don,ats=
=3Don"

  qemu ... $iommu $VIRTIO0 ...

Inside VM, we bind virtio to vfio-pci, and start testpmd:
  testpmd -c 3 --in-memory -- -i

And we forcely kill testpmd by:
  kill -9 `pidof testpmd`


QEMU crashes with "Bad ram offset ..."

(gdb) where
#0  0x0000555c004a5648 in qemu_get_ram_block (addr=3D146033025026) at
qemu/exec.c:1114
#1  0x0000555c004a8427 in qemu_map_ram_ptr (ram_block=3D0x0, addr=3D1460330=
25026)
at qemu/exec.c:2288
#2  0x0000555c004ac9b8 in address_space_lduw_internal_cached
(cache=3D0x7feeb41cf9d0, addr=3D2, attrs=3D..., result=3D0x0,
endian=3DDEVICE_LITTLE_ENDIAN)
    at qemu/memory_ldst.inc.c:281
#3  0x0000555c004acaaf in address_space_lduw_le_cached (cache=3D0x7feeb41cf=
9d0,
addr=3D2, attrs=3D..., result=3D0x0) at qemu/memory_ldst.inc.c:315
#4  0x0000555c004acb5b in lduw_le_phys_cached (cache=3D0x7feeb41cf9d0, addr=
=3D2) at
qemu/memory_ldst.inc.c:334
#5  0x0000555c005844ea in virtio_lduw_phys_cached (vdev=3D0x555c03ebb180,
cache=3D0x7feeb41cf9d0, pa=3D2)
    at qemu/include/hw/virtio/virtio-access.h:166
#6  0x0000555c00584d71 in vring_used_idx (vq=3D0x7ff2c04a4010) at
qemu/hw/virtio/virtio.c:262
#7  0x0000555c00589edc in virtio_queue_update_used_idx (vdev=3D0x555c03ebb1=
80,
n=3D0) at qemu/hw/virtio/virtio.c:2335
#8  0x0000555c0058ff9f in vhost_virtqueue_stop (dev=3D0x555c02d940c0,
vdev=3D0x555c03ebb180, vq=3D0x555c02d942e8, idx=3D0)
    at qemu/hw/virtio/vhost.c:1075
#9  0x0000555c005916ba in vhost_dev_stop (hdev=3D0x555c02d940c0,
vdev=3D0x555c03ebb180) at qemu/hw/virtio/vhost.c:1557
#10 0x0000555c00560fff in vhost_net_stop_one (net=3D0x555c02d940c0,
dev=3D0x555c03ebb180) at qemu/hw/net/vhost_net.c:289
#11 0x0000555c00561434 in vhost_net_stop (dev=3D0x555c03ebb180,
ncs=3D0x555c03ec9870, total_queues=3D1) at qemu/hw/net/vhost_net.c:368
#12 0x0000555c0055b615 in virtio_net_vhost_status (n=3D0x555c03ebb180, stat=
us=3D11
'\v') at qemu/hw/net/virtio-net.c:185
#13 0x0000555c0055b8a6 in virtio_net_set_status (vdev=3D0x555c03ebb180, sta=
tus=3D11
'\v') at qemu/hw/net/virtio-net.c:259
#14 0x0000555c00586f0b in virtio_set_status (vdev=3D0x555c03ebb180, val=3D1=
1 '\v')
at qemu/hw/virtio/virtio.c:1144
#15 0x0000555c0084f2e2 in virtio_write_config (pci_dev=3D0x555c03eb3010,
address=3D4, val=3D1283, len=3D2) at hw/virtio/virtio-pci.c:610
#16 0x0000555c007c1291 in pci_host_config_write_common (pci_dev=3D0x555c03e=
b3010,
addr=3D4, limit=3D256, val=3D1283, len=3D2) at hw/pci/pci_host.c:66
#17 0x0000555c007c13b9 in pci_data_write (s=3D0x555c03092d00, addr=3D214748=
9796,
val=3D1283, len=3D2) at hw/pci/pci_host.c:100
#18 0x0000555c007c14e5 in pci_host_data_write (opaque=3D0x555c030547a0, add=
r=3D0,
val=3D1283, len=3D2) at hw/pci/pci_host.c:153
#19 0x0000555c00506f01 in memory_region_write_accessor (mr=3D0x555c03054ba0,
addr=3D0, value=3D0x7ff2c1fe3838, size=3D2, shift=3D0, mask=3D65535, attrs=
=3D...)
    at qemu/memory.c:530
#20 0x0000555c00507119 in access_with_adjusted_size (addr=3D0,
value=3D0x7ff2c1fe3838, size=3D2, access_size_min=3D1, access_size_max=3D4,=
 access_fn=3D
    0x555c00506e17 <memory_region_write_accessor>, mr=3D0x555c03054ba0,
attrs=3D...) at qemu/memory.c:597
#21 0x0000555c00509da2 in memory_region_dispatch_write (mr=3D0x555c03054ba0,
addr=3D0, data=3D1283, size=3D2, attrs=3D...) at qemu/memory.c:1474
#22 0x0000555c004a9bcb in flatview_write_continue (fv=3D0x7fee9c3be520,
addr=3D3324, attrs=3D..., buf=3D0x7ff2d1ede000 "\003\005", len=3D2, addr1=
=3D0, l=3D2,
mr=3D0x555c03054ba0) at qemu/exec.c:3094
#23 0x0000555c004a9d47 in flatview_write (fv=3D0x7fee9c3be520, addr=3D3324,
attrs=3D..., buf=3D0x7ff2d1ede000 "\003\005", len=3D2)
    at qemu/exec.c:3144
#24 0x0000555c004aa125 in address_space_write (as=3D0x555c0137efe0
<address_space_io>, addr=3D3324, attrs=3D..., buf=3D0x7ff2d1ede000 "\003\00=
5", len=3D2)
    at qemu/exec.c:3260
#25 0x0000555c004aa176 in address_space_rw (as=3D0x555c0137efe0
<address_space_io>, addr=3D3324, attrs=3D..., buf=3D0x7ff2d1ede000 "\003\00=
5", len=3D2,
is_write=3Dtrue)
    at qemu/exec.c:3271
#26 0x0000555c0051fce6 in kvm_handle_io (port=3D3324, attrs=3D...,
data=3D0x7ff2d1ede000, direction=3D1, size=3D2, count=3D1)
    at qemu/accel/kvm/kvm-all.c:1730
#27 0x0000555c0052042a in kvm_cpu_exec (cpu=3D0x555c02e2c6d0) at
qemu/accel/kvm/kvm-all.c:1970
#28 0x0000555c004ed00e in qemu_kvm_cpu_thread_fn (arg=3D0x555c02e2c6d0) at
qemu/cpus.c:1215
#29 0x00007ff2ccc7d6ca in start_thread () at /lib64/libpthread.so.0
#30 0x00007ff2cc9b7edf in clone () at /lib64/libc.so.6

--=20
You are receiving this mail because:
You are the assignee for the bug.=