From: "Emilio G. Cota" <cota@braap.org>
To: Pavel Dovgalyuk <dovgaluk@ispras.ru>
Cc: 'Richard Henderson' <richard.henderson@linaro.org>,
qemu-devel@nongnu.org, peter.maydell@linaro.org
Subject: Re: [Qemu-devel] [PULL, 14/18] translate-all: discard TB when tb_link_page returns an existing matching TB
Date: Fri, 29 Jun 2018 14:48:32 -0400 [thread overview]
Message-ID: <20180629184832.GB14726@flamenco> (raw)
In-Reply-To: <000601d40f7a$4be320b0$e3a96210$@ru>
On Fri, Jun 29, 2018 at 10:25:03 +0300, Pavel Dovgalyuk wrote:
> This patch breaks record/replay.
>
> I run execution recording of the WindowsXP machine with the following script:
>
> ./bin/qemu-system-i386 -d in_asm,exec -D xp_save.log -global apic-common.vapic=off \
> -icount shift=7,rr=record,rrfile=xp0.replay \
> -drive file=./images/xp_sp2.qcow2,if=none,id=img-direct,snapshot \
> -drive driver=blkreplay,if=none,image=img-direct,id=img-replay \
> -device ide-hd,drive=img-replay -net none -m 512M
>
> QEMU fails at some moment. Here are the contents of the log:
>
> ----------------
> IN:
> 0x806ee2d0: 33 c0 xorl %eax, %eax
> 0x806ee2d2: 8a c1 movb %cl, %al
> 0x806ee2d4: 33 c9 xorl %ecx, %ecx
> 0x806ee2d6: 8a 88 58 e2 6e 80 movb -0x7f911da8(%eax), %cl
> 0x806ee2dc: 89 0d 80 00 fe ff movl %ecx, 0xfffe0080
> 0x806ee2e2: a1 80 00 fe ff movl 0xfffe0080, %eax
> 0x806ee2e7: c3 retl
>
> Trace 0: 0x7fdc103b16a0 [00000000/806ee2d0/0x4000b0]
> qemu: fatal: cpu_io_recompile: could not find TB for pc=0x7fec24fde2de
Thanks for reporting.
>From code inspection I can see how this could happen: we're calling
tcg_tb_remove for a TB that we did not just generate--we got an
existing one instead. Note that CF_NOCACHE is not part of
the CF_HASH mask, so this might explain why the problem only
occurs for r/r.
Can you reproduce this with any other guest? If not, I'd be
happy to use your windows qcow2 file if you could share it
with me off-list.
Thanks,
Emilio
next prev parent reply other threads:[~2018-06-29 18:48 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 19:31 [Qemu-devel] [PULL 00/18] tcg queued patches Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 01/18] tcg/i386: Use byte form of xgetbv instruction Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 02/18] qht: require a default comparison function Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 03/18] qht: return existing entry when qht_insert fails Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 04/18] tcg: track TBs with per-region BST's Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 05/18] tcg: move tb_ctx.tb_phys_invalidate_count to tcg_ctx Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 06/18] translate-all: iterate over TBs in a page with PAGE_FOR_EACH_TB Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 07/18] translate-all: make l1_map lockless Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 08/18] translate-all: remove hole in PageDesc Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 09/18] translate-all: work page-by-page in tb_invalidate_phys_range_1 Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 10/18] translate-all: move tb_invalidate_phys_page_range up in the file Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 11/18] translate-all: use per-page locking in !user-mode Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 12/18] translate-all: add page_locked assertions Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 13/18] translate-all: introduce assert_no_pages_locked Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 14/18] translate-all: discard TB when tb_link_page returns an existing matching TB Richard Henderson
2018-06-29 7:25 ` [Qemu-devel] [PULL, " Pavel Dovgalyuk
2018-06-29 18:48 ` Emilio G. Cota [this message]
2018-07-02 5:52 ` Pavel Dovgalyuk
2018-07-02 19:52 ` Emilio G. Cota
2018-07-03 5:38 ` Pavel Dovgalyuk
2018-07-04 19:38 ` Emilio G. Cota
2018-07-05 5:51 ` Pavel Dovgalyuk
2018-06-14 19:31 ` [Qemu-devel] [PULL 15/18] translate-all: protect TB jumps with a per-destination-TB lock Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 16/18] cputlb: remove tb_lock from tlb_flush functions Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 17/18] translate-all: remove tb_lock mention from cpu_restore_state_from_tb Richard Henderson
2018-06-14 19:31 ` [Qemu-devel] [PULL 18/18] tcg: remove tb_lock Richard Henderson
2018-06-15 10:41 ` [Qemu-devel] [PULL 00/18] tcg queued patches Peter Maydell
2018-06-15 14:01 ` Emilio G. Cota
2018-06-15 17:54 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180629184832.GB14726@flamenco \
--to=cota@braap.org \
--cc=dovgaluk@ispras.ru \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).