Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-146583

qemu core dump after increasing memory via virtio memory device

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • Moderate
    • rhel-virt-windows
    • 8
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • Automated
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      Qemu crashed after running command: {"execute": "qom-set", "arguments":

      {"path": "virtio_mem-vmem0", "property": "requested-size", "value": 8589934592}

      , "id": "lSxxD11U"}
      [qemu output] qemu-kvm: Unable to map used ring for ring 0
      [qemu output] qemu-kvm: Verify ring failure on region 7

      In this tese scenario, we have a memory backend for virtiofs and balloon device. Before set the memory size via virtio memory device, there are some ballooing operation.

      Please provide the package NVR for which the bug is seen:

      virtio-win-1.9.52-0.el10
      DISTRO=RHEL-10.2-20260201.1
      virtiofsd-1.13.3-1.el10.x86_64
      qemu-kvm-10.1.0-11.el10.x86_64
      edk2-ovmf-20251114-2.el10.noarch
      package edk2-aarch64 is not installed
      seabios-bin-1.17.0-1.el10.noarch
      kernel-6.12.0-195.el10.x86_64
      swtpm-0.9.0-5.el10.x86_64

      How reproducible is this bug?:

      Run 3 times, hit once

      Steps to reproduce

      1.  start win2019 vm with balloon device + virtiofs + virtio memory device.

      -m 4096,maxmem=80G,slots=20 \
tdlog]     -object '{"size": 4294967296, "mem-path": "/dev/shm", "share": true, "id": "mem-mem1", "qom-type": "memory-backend-file"}' \
-object '{"size": 8589934592, "share": true, "id": "mem-vmem0", "qom-type": "memory-backend-memfd"}' \
-device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \
-device '{"memdev": "mem-vmem0", "requested-size": 1073741824, "driver": "virtio-mem-pci", "id": "virtio_mem-vmem0", "bus": "pcie-root-port-1", "addr": "0x0"}'  \
-chardev socket,id=char_virtiofs_fs,path=/var/tmp/avocado_8gqkti42/avocado-vt-vm1-fs-virtiofsd.sock \
-device '{"id": "pcie-root-port-7", "port": 7, "driver": "pcie-root-port", "addr": "0x1.0x7", "bus": "pcie.0", "chassis": 8}' \
-device '{"id": "vufs_virtiofs_fs", "chardev": "char_virtiofs_fs", "tag": "myfs", "queue-size": 1024, "driver": "vhost-user-fs-pci", "bus": "pcie-root-port-7", "addr": "0x0"}' \

      2. install all virtio-win drivers for virtio device

      3. balloon memory test and finally balloon memory to the original value

      2026-02-04 15:38:07: {"execute": "query-balloon", "id": "GOQy7ugj"}
2026-02-04 15:38:07: {"timestamp": {"seconds": 1770237486, "microseconds": 315936}, "event": "BALLOON_CHANGE", "data": {"actual": 4294967296}}
2026-02-04 15:38:07: {"return": {"actual": 4294967296}, "id": "GOQy7ugj"}

      4.update memory device with 4G, without error

      2026-02-04 15:38:54: {"execute": "qom-set", "arguments": {"path": "virtio_mem-vmem0", "property": "requested-size", "value": 4294967296}, "id": "4Vnihlqt"}

      5.update memory device with 8G, qemu core dump

      2026-02-04 15:40:31: {"execute": "qom-set", "arguments": {"path": "virtio_mem-vmem0", "property": "requested-size", "value": 8589934592}, "id": "lSxxD11U"}

      Expected results

      No core dump

      Actual results

      Qemu abort with core dump

      core dump file: https://drive.google.com/file/d/19J9sT8dgkAEg8OSJ1ktjmneTOLTNX18_/view?usp=drive_link

              rh-ee-eashurov Elizabeth Ashurov
              rhn-support-xiagao Xiaoling Gao
              Virt Windows SST Bugs Virt Windows SST Bugs
              Menghuan Li Menghuan Li
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: