Re: [Qemu-devel] [PULL, 14/18] translate-all: discard TB when tb_link_page returns an existing matching TB

[Pavel Dovgalyuk]

> From: Emilio G. Cota [mailto:address@hidden
> On Fri, Jun 29, 2018 at 10:25:03 +0300, Pavel Dovgalyuk wrote:
> > This patch breaks record/replay.
> >
> > I run execution recording of the WindowsXP machine with the following 
> > script:
> >
> > ./bin/qemu-system-i386 -d in_asm,exec -D xp_save.log -global 
> > apic-common.vapic=off \
> >   -icount shift=7,rr=record,rrfile=xp0.replay \
> >   -drive file=./images/xp_sp2.qcow2,if=none,id=img-direct,snapshot \
> >   -drive driver=blkreplay,if=none,image=img-direct,id=img-replay \
> >   -device ide-hd,drive=img-replay -net none -m 512M
> >
> > QEMU fails at some moment. Here are the contents of the log:
> >
> > ----------------
> > IN:
> > 0x806ee2d0:  33 c0                    xorl     %eax, %eax
> > 0x806ee2d2:  8a c1                    movb     %cl, %al
> > 0x806ee2d4:  33 c9                    xorl     %ecx, %ecx
> > 0x806ee2d6:  8a 88 58 e2 6e 80        movb     -0x7f911da8(%eax), %cl
> > 0x806ee2dc:  89 0d 80 00 fe ff        movl     %ecx, 0xfffe0080
> > 0x806ee2e2:  a1 80 00 fe ff           movl     0xfffe0080, %eax
> > 0x806ee2e7:  c3                       retl
> >
> > Trace 0: 0x7fdc103b16a0 [00000000/806ee2d0/0x4000b0]
> > qemu: fatal: cpu_io_recompile: could not find TB for pc=0x7fec24fde2de
> 
> Thanks for reporting.
> 
> From code inspection I can see how this could happen: we're calling
> tcg_tb_remove for a TB that we did not just generate--we got an
> existing one instead. Note that CF_NOCACHE is not part of
> the CF_HASH mask, so this might explain why the problem only
> occurs for r/r.

Thanks.

> Can you reproduce this with any other guest? If not, I'd be
> happy to use your windows qcow2 file if you could share it
> with me off-list.

The same failure can be reproduced with linux-0.2.img, which was
downloaded from QEMU site.
I can't find it now, but I can upload this file if needed.

Pavel Dovgalyuk