From: "Pavel Dovgalyuk" <dovgaluk@ispras.ru>
To: "'Emilio G. Cota'" <cota@braap.org>
Cc: 'Richard Henderson' <richard.henderson@linaro.org>,
qemu-devel@nongnu.org, peter.maydell@linaro.org
Subject: Re: [Qemu-devel] [PULL, 14/18] translate-all: discard TB when tb_link_page returns an existing matching TB
Date: Mon, 2 Jul 2018 08:52:14 +0300 [thread overview]
Message-ID: <000901d411c8$d3bfc9c0$7b3f5d40$@ru> (raw)
In-Reply-To: <20180629184832.GB14726@flamenco>
> From: Emilio G. Cota [mailto:cota@braap.org]
> On Fri, Jun 29, 2018 at 10:25:03 +0300, Pavel Dovgalyuk wrote:
> > This patch breaks record/replay.
> >
> > I run execution recording of the WindowsXP machine with the following script:
> >
> > ./bin/qemu-system-i386 -d in_asm,exec -D xp_save.log -global apic-common.vapic=off \
> > -icount shift=7,rr=record,rrfile=xp0.replay \
> > -drive file=./images/xp_sp2.qcow2,if=none,id=img-direct,snapshot \
> > -drive driver=blkreplay,if=none,image=img-direct,id=img-replay \
> > -device ide-hd,drive=img-replay -net none -m 512M
> >
> > QEMU fails at some moment. Here are the contents of the log:
> >
> > ----------------
> > IN:
> > 0x806ee2d0: 33 c0 xorl %eax, %eax
> > 0x806ee2d2: 8a c1 movb %cl, %al
> > 0x806ee2d4: 33 c9 xorl %ecx, %ecx
> > 0x806ee2d6: 8a 88 58 e2 6e 80 movb -0x7f911da8(%eax), %cl
> > 0x806ee2dc: 89 0d 80 00 fe ff movl %ecx, 0xfffe0080
> > 0x806ee2e2: a1 80 00 fe ff movl 0xfffe0080, %eax
> > 0x806ee2e7: c3 retl
> >
> > Trace 0: 0x7fdc103b16a0 [00000000/806ee2d0/0x4000b0]
> > qemu: fatal: cpu_io_recompile: could not find TB for pc=0x7fec24fde2de
>
> Thanks for reporting.
>
> From code inspection I can see how this could happen: we're calling
> tcg_tb_remove for a TB that we did not just generate--we got an
> existing one instead. Note that CF_NOCACHE is not part of
> the CF_HASH mask, so this might explain why the problem only
> occurs for r/r.
Thanks.
> Can you reproduce this with any other guest? If not, I'd be
> happy to use your windows qcow2 file if you could share it
> with me off-list.
The same failure can be reproduced with linux-0.2.img, which was
downloaded from QEMU site.
I can't find it now, but I can upload this file if needed.
Pavel Dovgalyuk
next prev parent reply other threads:[~2018-07-02 5:52 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 19:31 [Qemu-devel] [PULL 00/18] tcg queued patches Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 01/18] tcg/i386: Use byte form of xgetbv instruction Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 02/18] qht: require a default comparison function Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 03/18] qht: return existing entry when qht_insert fails Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 04/18] tcg: track TBs with per-region BST's Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 05/18] tcg: move tb_ctx.tb_phys_invalidate_count to tcg_ctx Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 06/18] translate-all: iterate over TBs in a page with PAGE_FOR_EACH_TB Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 07/18] translate-all: make l1_map lockless Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 08/18] translate-all: remove hole in PageDesc Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 09/18] translate-all: work page-by-page in tb_invalidate_phys_range_1 Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 10/18] translate-all: move tb_invalidate_phys_page_range up in the file Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 11/18] translate-all: use per-page locking in !user-mode Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 12/18] translate-all: add page_locked assertions Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 13/18] translate-all: introduce assert_no_pages_locked Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 14/18] translate-all: discard TB when tb_link_page returns an existing matching TB Richard Henderson
2018-06-29 7:25 ` [Qemu-devel] [PULL, " Pavel Dovgalyuk
2018-06-29 18:48 ` Emilio G. Cota
2018-07-02 5:52 ` Pavel Dovgalyuk [this message]
2018-07-02 19:52 ` Emilio G. Cota
2018-07-03 5:38 ` Pavel Dovgalyuk
2018-07-04 19:38 ` Emilio G. Cota
2018-07-05 5:51 ` Pavel Dovgalyuk
2018-06-14 19:31 ` [Qemu-devel] [PULL 15/18] translate-all: protect TB jumps with a per-destination-TB lock Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 16/18] cputlb: remove tb_lock from tlb_flush functions Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 17/18] translate-all: remove tb_lock mention from cpu_restore_state_from_tb Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 18/18] tcg: remove tb_lock Richard Henderson
2018-06-15 10:41 ` [Qemu-devel] [PULL 00/18] tcg queued patches Peter Maydell
2018-06-15 14:01 ` Emilio G. Cota
2018-06-15 17:54 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000901d411c8$d3bfc9c0$7b3f5d40$@ru' \
--to=dovgaluk@ispras.ru \
--cc=cota@braap.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.