Bug 1007325

Summary: [abrt] qemu-system-x86-1.6.0-6.fc20: object_dynamic_cast_assert: Process /usr/bin/qemu-system-x86_64 was killed by signal 6 (SIGABRT)
Product: Red Hat Enterprise Linux 7 Reporter: Gerd Hoffmann <kraxel>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: acathrow, amit.shah, berrange, cfergeau, crobinso, dwmw2, hdegoede, itamar, jfrieben, kraxel, pbonzini, rjones, scottt.tw, virt-maint, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:37d942c55a1c564a47c249f5063a752571509899
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1005495 Environment:
Last Closed: 2013-09-12 09:43:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1005495    
Bug Blocks:    

Description Gerd Hoffmann 2013-09-12 09:32:47 UTC 
+++ This bug was initially created as a clone of Bug #1005495 +++

Version-Release number of selected component:
qemu-system-x86-1.6.0-6.fc20

Additional info:
reporter:       libreport-2.1.6
backtrace_rating: 4
cmdline:        /usr/bin/qemu-system-x86_64 -machine accel=kvm -name boxes-unknown -S -machine pc-i440fx-1.6,accel=kvm,usb=off -cpu Penryn,+osxsave,+xsave,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme -m 1054 -realtime mlock=off -smp 2,sockets=1,cores=2,threads=1 -uuid 8d32e017-7756-400a-871f-e5a604a4e1fc -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/home/frieben/.config/libvirt/qemu/lib/boxes-unknown.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -no-kvm-pit-reinjection -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -device usb-ccid,id=ccid0 -drive file=/home/frieben/.local/share/gnome-boxes/images/boxes-unknown,if=none,id=drive-ide0-0-0,format=qcow2,cache=none -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/home/frieben/Downloads/iso/ReactOS/ReactOS-BootCD.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev user,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:f5:fb:e9,bus=pci.0,addr=0x3 -chardev spicevmc,id=charsmartcard0,name=smartcard -device ccid-card-passthru,chardev=charsmartcard0,id=smartcard0,bus=ccid0.0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device AC97,id=sound0,bus=pci.0,addr=0x4 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7
crash_function: object_dynamic_cast_assert
executable:     /usr/bin/qemu-system-x86_64
kernel:         3.11.0-3.fc20.x86_64
runlevel:       5 3
uid:            1001

Truncated backtrace:
Thread no. 1 (10 frames)
 #2 object_dynamic_cast_assert at qom/object.c:456
 #3 ehci_process_itd at hw/usb/hcd-ehci.c:1489
 #4 ehci_state_fetchitd at hw/usb/hcd-ehci.c:1759
 #5 ehci_advance_state at hw/usb/hcd-ehci.c:2096
 #6 ehci_advance_periodic_state at hw/usb/hcd-ehci.c:2251
 #7 ehci_frame_timer at hw/usb/hcd-ehci.c:2333
 #8 qemu_run_timers at qemu-timer.c:394
 #10 qemu_run_all_timers at qemu-timer.c:452
 #11 main_loop_wait at main-loop.c:471
 #12 main_loop at vl.c:2090

--- Additional comment from Christoph Frieben on 2013-09-07 17:56:04 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:09 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:15 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:21 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:27 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:34 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:42 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:48 CEST ---



--- Additional comment from Christoph Frieben on 2013-09-07 17:56:53 CEST ---



--- Additional comment from Cole Robinson on 2013-09-08 19:39:34 CEST ---

Christoph, what were you doing when the crash happened? What OS is this?

Traceback from ehci, CCing gerd and hans

--- Additional comment from Christoph Frieben on 2013-09-08 20:36:48 CEST ---

As stated in the initial report, qemu was launched with boot option

  -drive file=/home/frieben/Downloads/iso/ReactOS/ReactOS-BootCD.iso ,

thus from the standard ReactOS 0.3.15 install media. The crash occurred after confirming that the OS was to be installed to drive C:

However, GNOME Boxes also crashes when booting from the corresponding image file ReactOS.vmdk.

--- Additional comment from Hans de Goede on 2013-09-09 10:22:37 CEST ---

Ah, good catch, thanks for the bug-report. This is a regression in the qemu ehci code in 1.6.0, I've managed to reproduce this, and I've just completed writing a fix for it.

I'll attach the patch fixing this. Cole can you please add this patch to the F20+ qemu builds? I'll try to get it into qemu-1.6.1 .

--- Additional comment from Hans de Goede on 2013-09-09 10:23:19 CEST ---



--- Additional comment from Hans de Goede on 2013-09-09 12:52:22 CEST ---

Upstream discussion has led to a slightly different patch.
Comment 1 Gerd Hoffmann 2013-09-12 09:34:01 UTC 
commit adbecc89731cf3e0ae656d50ea9fa58c589c4bdc
Comment 2 Gerd Hoffmann 2013-09-12 09:43:38 UTC 
Oops, bug was added after 1.5.0, so rhel7 isn't affected.