On Fri, Jun 29, 2018 at 10:25:03 +0300, Pavel Dovgalyuk wrote: > This patch breaks record/replay. > > I run execution recording of the WindowsXP machine with the following script: > > ./bin/qemu-system-i386 -d in_asm,exec -D xp_save.log -global > apic-common.vapic=off \ > -icount shift=7,rr=record,rrfile=xp0.replay \ > -drive file=./images/xp_sp2.qcow2,if=none,id=img-direct,snapshot \ > -drive driver=blkreplay,if=none,image=img-direct,id=img-replay \ > -device ide-hd,drive=img-replay -net none -m 512M > > QEMU fails at some moment. Here are the contents of the log: > > ---------------- > IN: > 0x806ee2d0: 33 c0 xorl %eax, %eax > 0x806ee2d2: 8a c1 movb %cl, %al > 0x806ee2d4: 33 c9 xorl %ecx, %ecx > 0x806ee2d6: 8a 88 58 e2 6e 80 movb -0x7f911da8(%eax), %cl > 0x806ee2dc: 89 0d 80 00 fe ff movl %ecx, 0xfffe0080 > 0x806ee2e2: a1 80 00 fe ff movl 0xfffe0080, %eax > 0x806ee2e7: c3 retl > > Trace 0: 0x7fdc103b16a0 [00000000/806ee2d0/0x4000b0] > qemu: fatal: cpu_io_recompile: could not find TB for pc=0x7fec24fde2de
Thanks for reporting. >From code inspection I can see how this could happen: we're calling tcg_tb_remove for a TB that we did not just generate--we got an existing one instead. Note that CF_NOCACHE is not part of the CF_HASH mask, so this might explain why the problem only occurs for r/r. Can you reproduce this with any other guest? If not, I'd be happy to use your windows qcow2 file if you could share it with me off-list. Thanks, Emilio