Bug 1005495

Summary: [abrt] qemu-system-x86-1.6.0-6.fc20: object_dynamic_cast_assert: Process /usr/bin/qemu-system-x86_64 was killed by signal 6 (SIGABRT)
Product: [Fedora] Fedora Reporter: Joachim Frieben <jfrieben>
Component: qemuAssignee: Fedora Virtualization Maintainers <virt-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: amit.shah, berrange, cfergeau, crobinso, dwmw2, hdegoede, itamar, jfrieben, kraxel, pbonzini, rjones, scottt.tw, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:37d942c55a1c564a47c249f5063a752571509899
Fixed In Version: qemu-1.6.0-8.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1007325 (view as bug list) Environment:
Last Closed: 2013-10-01 02:17:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1007325    
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
[PATCH] ehci: Fix crash with isoc usb packets
none
[PATCH v2] ehci: save device pointer in EHCIState none

Description Joachim Frieben 2013-09-07 15:55:55 UTC 
Version-Release number of selected component:
qemu-system-x86-1.6.0-6.fc20

Additional info:
reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /usr/bin/qemu-system-x86_64 -machine accel=kvm -name boxes-unknown -S -machine pc-i440fx-1.6,accel=kvm,usb=off -cpu Penryn,+osxsave,+xsave,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme -m 1054 -realtime mlock=off -smp 2,sockets=1,cores=2,threads=1 -uuid 8d32e017-7756-400a-871f-e5a604a4e1fc -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/home/frieben/.config/libvirt/qemu/lib/boxes-unknown.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -no-kvm-pit-reinjection -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -device usb-ccid,id=ccid0 -drive file=/home/frieben/.local/share/gnome-boxes/images/boxes-unknown,if=none,id=drive-ide0-0-0,format=qcow2,cache=none -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/home/frieben/Downloads/iso/ReactOS/ReactOS-BootCD.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev user,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:f5:fb:e9,bus=pci.0,addr=0x3 -chardev spicevmc,id=charsmartcard0,name=smartcard -device ccid-card-passthru,chardev=charsmartcard0,id=smartcard0,bus=ccid0.0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device AC97,id=sound0,bus=pci.0,addr=0x4 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7
crash_function: object_dynamic_cast_assert
executable:     /usr/bin/qemu-system-x86_64
kernel:         3.11.0-3.fc20.x86_64
runlevel:       5 3
uid:            1001

Truncated backtrace:
Thread no. 1 (10 frames)
 #2 object_dynamic_cast_assert at qom/object.c:456
 #3 ehci_process_itd at hw/usb/hcd-ehci.c:1489
 #4 ehci_state_fetchitd at hw/usb/hcd-ehci.c:1759
 #5 ehci_advance_state at hw/usb/hcd-ehci.c:2096
 #6 ehci_advance_periodic_state at hw/usb/hcd-ehci.c:2251
 #7 ehci_frame_timer at hw/usb/hcd-ehci.c:2333
 #8 qemu_run_timers at qemu-timer.c:394
 #10 qemu_run_all_timers at qemu-timer.c:452
 #11 main_loop_wait at main-loop.c:471
 #12 main_loop at vl.c:2090
Comment 1 Joachim Frieben 2013-09-07 15:56:04 UTC 
Created attachment 795139 [details]
File: backtrace
Comment 2 Joachim Frieben 2013-09-07 15:56:09 UTC 
Created attachment 795140 [details]
File: cgroup
Comment 3 Joachim Frieben 2013-09-07 15:56:15 UTC 
Created attachment 795141 [details]
File: core_backtrace
Comment 4 Joachim Frieben 2013-09-07 15:56:21 UTC 
Created attachment 795142 [details]
File: dso_list
Comment 5 Joachim Frieben 2013-09-07 15:56:27 UTC 
Created attachment 795143 [details]
File: environ
Comment 6 Joachim Frieben 2013-09-07 15:56:34 UTC 
Created attachment 795144 [details]
File: limits
Comment 7 Joachim Frieben 2013-09-07 15:56:42 UTC 
Created attachment 795145 [details]
File: maps
Comment 8 Joachim Frieben 2013-09-07 15:56:48 UTC 
Created attachment 795146 [details]
File: open_fds
Comment 9 Joachim Frieben 2013-09-07 15:56:53 UTC 
Created attachment 795147 [details]
File: proc_pid_status
Comment 10 Cole Robinson 2013-09-08 17:39:34 UTC 
Christoph, what were you doing when the crash happened? What OS is this?

Traceback from ehci, CCing gerd and hans
Comment 11 Joachim Frieben 2013-09-08 18:36:48 UTC 
As stated in the initial report, qemu was launched with boot option

  -drive file=/home/frieben/Downloads/iso/ReactOS/ReactOS-BootCD.iso ,

thus from the standard ReactOS 0.3.15 install media. The crash occurred after confirming that the OS was to be installed to drive C:

However, GNOME Boxes also crashes when booting from the corresponding image file ReactOS.vmdk.
Comment 12 Hans de Goede 2013-09-09 08:22:37 UTC 
Ah, good catch, thanks for the bug-report. This is a regression in the qemu ehci code in 1.6.0, I've managed to reproduce this, and I've just completed writing a fix for it.

I'll attach the patch fixing this. Cole can you please add this patch to the F20+ qemu builds? I'll try to get it into qemu-1.6.1 .
Comment 13 Hans de Goede 2013-09-09 08:23:19 UTC 
Created attachment 795526 [details]
[PATCH] ehci: Fix crash with isoc usb packets
Comment 14 Hans de Goede 2013-09-09 10:52:22 UTC 
Created attachment 795576 [details]
[PATCH v2] ehci: save device pointer in EHCIState

Upstream discussion has led to a slightly different patch.
Comment 15 Gerd Hoffmann 2013-09-12 09:35:05 UTC 
commit adbecc89731cf3e0ae656d50ea9fa58c589c4bdc
Comment 16 Fedora Update System 2013-09-24 16:23:10 UTC 
qemu-1.6.0-8.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/qemu-1.6.0-8.fc20
Comment 17 Fedora Update System 2013-09-26 06:29:39 UTC 
Package qemu-1.6.0-8.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing qemu-1.6.0-8.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-17670/qemu-1.6.0-8.fc20
then log in and leave karma (feedback).
Comment 18 Fedora Update System 2013-10-01 02:17:50 UTC 
qemu-1.6.0-8.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.