1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
id = 2791
title = "\"Missing character write event in the replay log\" when trying rr=replay with snapshot"
state = "opened"
created_at = "2025-01-23T16:07:25.357Z"
closed_at = "n/a"
labels = ["accel: TCG", "icount"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/2791"
host-os = "Debian testing"
host-arch = "x86"
qemu-version = "Built from `cf86770c7aa31ebd6e56f4eeb25c34107f92c51e"
guest-os = "n/a"
guest-arch = "n/a"
description = """Probably best to just illustrate with commands. Happy path:
```sh
rm replay.bin snapshots.qcow2; qemu-img create -f qcow2 snapshots.qcow2 256M
~/src/qemu/build/qemu-system-x86_64 -nodefaults -nographic -serial stdio \\
-icount shift=auto,rr=record,rrfile=replay.bin,rrsnapshot=init \\
-drive file=snapshots.qcow2,if=none,id=rr \\
-kernel ./.kunit/arch/x86/boot/bzImage -append "nokaslr console=ttyS0"
# It runs, guest kernel crashes when realising it has no rootfs, all good
du -sh snapshots.qcow2 # 976K
# Repeat same command just switched to rr=replay
~/src/qemu/build/qemu-system-x86_64 -nodefaults -nographic -serial stdio \\
-icount shift=auto,rr=replay,rrfile=replay.bin,rrsnapshot=init \\
-drive file=snapshots.qcow2,if=none,id=rr \\
-kernel ./.kunit/arch/x86/boot/bzImage -append "nokaslr console=ttyS0"
# Much slower, but same result. All good
```
But, I want to take a snapshot later in boot.
```sh
rm replay.bin snapshots.qcow2; qemu-img create -f qcow2 snapshots.qcow2 256M
# This time, running with debug. Also have to switch to -monitor stdio because of
# https://gitlab.com/qemu-project/qemu/-/issues/2790
~/src/qemu/build/qemu-system-x86_64 -nodefaults -nographic -monitor stdio \\
-icount shift=auto,rr=record,rrfile=replay.bin,rrsnapshot=init \\
-drive file=snapshots.qcow2,if=none,id=rr \\
-kernel ./.kunit/arch/x86/boot/bzImage -append "nokaslr console=ttyS0" \\
-s -S
# In another terminal, attach a debugger, set a breakpoint, continue to the breakpoint
gdb -ex "target remote localhost:1234" .kunit/vmlinux
(gdb) hb start_kernel
(gdb) continue
# When the breakpoint is hit, back in the first terminal:
(qemu) savevm test
(qemu) quit
du -sh snapshots.qcow2 # 21M
# Now try to replay again
~/src/qemu/build/qemu-system-x86_64 -nodefaults -nographic -serial stdio \\
-icount shift=auto,rr=replay,rrfile=replay.bin,rrsnapshot=init \\
-drive file=snapshots.qcow2,if=none,id=rr \\
-kernel ./.kunit/arch/x86/boot/bzImage -append "nokaslr console=ttyS0"
```
Result:
```
qemu-system-x86_64: Missing character write event in the replay log (insn total 1598039/586 left, event 886 is EVENT_INSTRUCTION)
fish: Job 1, '~/src/qemu/build/qemu-system-x8…' terminated by signal -icount shift=auto,rr=repla… ( -drive file=snapshots.qcow2…)
fish: Job -kernel ./.kunit/arch/x86/b…, 'SIGABRT' terminated by signal Abort ()
```
Exit code is 134."""
reproduce = "n/a"
additional = "n/a"
|