Hi, I'm getting the following error in a qemu trace file: "Disassembler disagrees with translator over instruction decoding Please report this to qemu-devel@nongnu.org"
The instruction sequence involves a move to %cr4. After this instruction, the trace output is corrupted. The actual emulation seems to continue properly, but the tracing is borked from this point on. Here is the instruction sequence: ... 40abaa: 83 c8 20 or $0x20,%eax 40abad: f7 c6 00 10 00 00 test $0x1000,%esi 40abb3: 75 4b jne 40ac00 <init_one_cpuinfo+0x1a0> 40abb5: 0f 22 e0 mov %eax,%cr4 40abb8: a1 9c 97 41 00 mov 0x41979c,%eax 40abbd: f6 40 06 01 testb $0x1,0x6(%eax) 40abc1: 74 06 je 40abc9 <init_one_cpuinfo+0x169> 40abc3: 81 ce 00 00 00 40 or $0x40000000,%esi ... Attached are two files: - qemu.error.in.txt tracing set to -d exec,int,in_asm - qemu.error.inout.txt tracing set to -d exec,int,in_asm,out_asm This was first observed in 0.15.1, but is still present in a git build showing 1.0.50. -- Scott Miller | Cisco Support Engineer | smil...@qnx.com Tel: +1 613 591 0836 x2679 | Cell: +1 613 296 5349
---------------- IN: 0x0040abaa: or $0x20,%eax 0x0040abad: test $0x1000,%esi 0x0040abb3: jne 0x40ac00 ---------------- IN: 0x0040ac00: or $0x2,%ah 0x0040ac03: jmp 0x40abb5 ---------------- IN: 0x0040abb5: mov %eax,%cr4 ---------------- IN: 0x0040abb8: mov %eax,%cr4 0x0040abbb: mov %eax,%cr4 0x0040abbe: mov %eax,%cr4 0x0040abc1: mov %eax,%cr4 Disassembler disagrees with translator over instruction decoding Please report this to qemu-devel@nongnu.org ---------------- IN: 0x0040abc3: mov %eax,%cr4 0x0040abc6: mov %eax,%cr4 0x0040abc9: mov %eax,%cr4 0x0040abcc: mov %eax,%cr4 0x0040abcf: mov %eax,%cr4 0x0040abd2: mov %eax,%cr4 ---------------- IN: 0x0040ac10: mov %eax,%cr4 0x0040ac13: mov %eax,%cr4 0x0040ac16: mov %eax,%cr4 Disassembler disagrees with translator over instruction decoding Please report this to qemu-devel@nongnu.org ---------------- IN: 0x00412030: mov %eax,%cr4 0x00412033: mov %eax,%cr4 0x00412036: mov %eax,%cr4 0x00412039: mov %eax,%cr4 0x0041203c: mov %eax,%cr4 0x0041203f: mov %eax,%cr4 0x00412042: mov %eax,%cr4 0x00412045: mov %eax,%cr4 0x00412048: mov %eax,%cr4 0x0041204b: mov %eax,%cr4 ---------------- IN: 0x00412110: mov %eax,%cr4 0x00412113: mov %eax,%cr4 0x00412116: mov %eax,%cr4 0x00412119: mov %eax,%cr4 ---------------- IN: 0x0040fc30: mov %eax,%cr4 0x0040fc33: mov %eax,%cr4 0x0040fc36: mov %eax,%cr4 0x0040fc39: mov %eax,%cr4 0x0040fc3c: mov %eax,%cr4 0x0040fc3f: mov %eax,%cr4 0x0040fc42: mov %eax,%cr4 Disassembler disagrees with translator over instruction decoding Please report this to qemu-devel@nongnu.org ----------------
---------------- IN: 0x0040abaa: or $0x20,%eax 0x0040abad: test $0x1000,%esi 0x0040abb3: jne 0x40ac00 OUT: [size=115] 0x4139da00: mov (%r14),%ebp 0x4139da03: or $0x20,%ebp 0x4139da06: mov 0x18(%r14),%ebx 0x4139da0a: and $0x1000,%ebx 0x4139da10: mov $0x18,%r12d 0x4139da16: mov %r12d,0x30(%r14) 0x4139da1a: mov %ebx,0x2c(%r14) 0x4139da1e: mov %ebp,(%r14) 0x4139da21: test %ebx,%ebx 0x4139da23: jne 0x4139da4e 0x4139da29: jmpq 0x4139da2e 0x4139da2e: mov $0x40abb5,%ebp 0x4139da33: mov %ebp,0x20(%r14) 0x4139da37: mov $0x7f19496cb920,%rax 0x4139da41: mov $0x7f195060c476,%r10 0x4139da4b: jmpq *%r10 0x4139da4e: jmpq 0x4139da53 0x4139da53: mov $0x40ac00,%ebp 0x4139da58: mov %ebp,0x20(%r14) 0x4139da5c: mov $0x7f19496cb921,%rax 0x4139da66: mov $0x7f195060c476,%r10 0x4139da70: jmpq *%r10 ---------------- IN: 0x0040ac00: or $0x2,%ah 0x0040ac03: jmp 0x40abb5 OUT: [size=71] 0x4139da80: mov (%r14),%ebp 0x4139da83: mov %ebp,%ebx 0x4139da85: shr $0x8,%ebx 0x4139da88: movzbl %bl,%ebx 0x4139da8b: or $0x2,%ebx 0x4139da8e: mov %ebp,%ecx 0x4139da90: mov %bl,%ch 0x4139da92: mov $0x16,%ebp 0x4139da97: mov %ebp,0x30(%r14) 0x4139da9b: mov %ebx,0x2c(%r14) 0x4139da9f: mov %ecx,(%r14) 0x4139daa2: jmpq 0x4139daa7 0x4139daa7: mov $0x40abb5,%ebp 0x4139daac: mov %ebp,0x20(%r14) 0x4139dab0: mov $0x7f19496cb990,%rax 0x4139daba: mov $0x7f195060c476,%r10 0x4139dac4: jmpq *%r10 ---------------- IN: 0x0040abb5: mov %eax,%cr4 OUT: [size=56] 0x4139dad0: mov $0x40abb5,%ebp 0x4139dad5: mov %ebp,0x20(%r14) 0x4139dad9: mov (%r14),%ebp 0x4139dadc: mov $0x4,%edi 0x4139dae1: mov %ebp,%esi 0x4139dae3: mov $0x7f194fa1e980,%r10 0x4139daed: callq *%r10 0x4139daf0: mov $0x40abb8,%ebp 0x4139daf5: mov %ebp,0x20(%r14) 0x4139daf9: xor %eax,%eax 0x4139dafb: mov $0x7f195060c476,%r10 0x4139db05: jmpq *%r10 ---------------- IN: 0x0040abb8: dec %esi 0x0040abb9: dec %esi 0x0040abba: dec %esi 0x0040abbb: dec %esi 0x0040abbc: dec %esi 0x0040abbd: dec %esi 0x0040abbe: dec %esi 0x0040abbf: dec %esi 0x0040abc0: dec %esi 0x0040abc1: dec %esi 0x0040abc2: dec %esi OUT: [size=235] 0x4139db10: mov $0x41979c,%ebp 0x4139db15: mov %ebp,%esi 0x4139db17: mov %ebp,%edi 0x4139db19: shr $0x7,%esi 0x4139db1c: and $0xfffff003,%edi 0x4139db22: and $0x1fe0,%esi 0x4139db28: lea 0x378(%r14,%rsi,1),%rsi 0x4139db30: cmp (%rsi),%edi 0x4139db32: mov %ebp,%edi 0x4139db34: jne 0x4139db3e 0x4139db36: add 0x10(%rsi),%rdi 0x4139db3a: mov (%rdi),%ebp 0x4139db3c: jmp 0x4139db4f 0x4139db3e: xor %esi,%esi 0x4139db40: mov $0x7f194fa20410,%r10 0x4139db4a: callq *%r10 0x4139db4d: mov %eax,%ebp 0x4139db4f: mov %ebp,%ebx 0x4139db51: add $0x6,%ebx 0x4139db54: mov %ebp,(%r14) 0x4139db57: mov %ebx,%esi 0x4139db59: mov %ebx,%edi 0x4139db5b: shr $0x7,%esi 0x4139db5e: and $0xfffff000,%edi 0x4139db64: and $0x1fe0,%esi 0x4139db6a: lea 0x378(%r14,%rsi,1),%rsi 0x4139db72: cmp (%rsi),%edi 0x4139db74: mov %ebx,%edi 0x4139db76: jne 0x4139db81 0x4139db78: add 0x10(%rsi),%rdi 0x4139db7c: movzbl (%rdi),%ebp 0x4139db7f: jmp 0x4139db93 0x4139db81: xor %esi,%esi 0x4139db83: mov $0x7f194fa23b00,%r10 0x4139db8d: callq *%r10 0x4139db90: movzbl %al,%ebp 0x4139db93: and $0x1,%ebp 0x4139db96: mov %ebp,%ebx 0x4139db98: movzbl %bl,%ebx 0x4139db9b: mov $0x16,%r12d 0x4139dba1: mov %r12d,0x30(%r14) 0x4139dba5: mov %ebp,0x2c(%r14) 0x4139dba9: test %ebx,%ebx 0x4139dbab: je 0x4139dbd6 0x4139dbb1: jmpq 0x4139dbb6 0x4139dbb6: mov $0x40abc3,%ebp 0x4139dbbb: mov %ebp,0x20(%r14) 0x4139dbbf: mov $0x7f19496cba70,%rax 0x4139dbc9: mov $0x7f195060c476,%r10 0x4139dbd3: jmpq *%r10 0x4139dbd6: jmpq 0x4139dbdb 0x4139dbdb: mov $0x40abc9,%ebp 0x4139dbe0: mov %ebp,0x20(%r14) 0x4139dbe4: mov $0x7f19496cba71,%rax 0x4139dbee: mov $0x7f195060c476,%r10 0x4139dbf8: jmpq *%r10 ---------------- IN: 0x0040abc3: dec %esi 0x0040abc4: dec %esi 0x0040abc5: dec %esi 0x0040abc6: dec %esi 0x0040abc7: dec %esi 0x0040abc8: dec %esi 0x0040abc9: dec %esi 0x0040abca: dec %esi 0x0040abcb: dec %esi 0x0040abcc: dec %esi 0x0040abcd: dec %esi 0x0040abce: dec %esi 0x0040abcf: dec %esi 0x0040abd0: dec %esi 0x0040abd1: dec %esi 0x0040abd2: dec %esi 0x0040abd3: dec %esi 0x0040abd4: dec %esi OUT: [size=264] 0x4139dc00: mov 0x18(%r14),%ebp 0x4139dc04: or $0x40000000,%ebp 0x4139dc0a: mov %ebp,%ebx 0x4139dc0c: mov $0x419774,%r12d 0x4139dc12: mov %ebp,0x2c(%r14) 0x4139dc16: mov %ebx,0x18(%r14) 0x4139dc1a: mov %r12d,%esi 0x4139dc1d: mov %r12d,%edi 0x4139dc20: shr $0x7,%esi 0x4139dc23: and $0xfffff003,%edi 0x4139dc29: and $0x1fe0,%esi 0x4139dc2f: lea 0x378(%r14,%rsi,1),%rsi 0x4139dc37: cmp (%rsi),%edi 0x4139dc39: mov %r12d,%edi 0x4139dc3c: jne 0x4139dc46 0x4139dc3e: add 0x10(%rsi),%rdi 0x4139dc42: mov (%rdi),%ebp 0x4139dc44: jmp 0x4139dc57 0x4139dc46: xor %esi,%esi 0x4139dc48: mov $0x7f194fa20410,%r10 0x4139dc52: callq *%r10 0x4139dc55: mov %eax,%ebp 0x4139dc57: mov 0xc(%r14),%ebx 0x4139dc5b: add $0x8,%ebx 0x4139dc5e: mov 0x18(%r14),%r12d 0x4139dc62: mov %ebp,(%r14) 0x4139dc65: mov %ebx,%esi 0x4139dc67: mov %ebx,%edi 0x4139dc69: shr $0x7,%esi 0x4139dc6c: and $0xfffff003,%edi 0x4139dc72: and $0x1fe0,%esi 0x4139dc78: lea 0x37c(%r14,%rsi,1),%rsi 0x4139dc80: cmp (%rsi),%edi 0x4139dc82: mov %ebx,%edi 0x4139dc84: jne 0x4139dc8f 0x4139dc86: add 0xc(%rsi),%rdi 0x4139dc8a: mov %r12d,(%rdi) 0x4139dc8d: jmp 0x4139dca1 0x4139dc8f: mov %r12d,%esi 0x4139dc92: xor %edx,%edx 0x4139dc94: mov $0x7f194fa1fe50,%r10 0x4139dc9e: callq *%r10 0x4139dca1: mov (%r14),%ebp 0x4139dca4: mov (%r14),%ebx 0x4139dca7: and %ebx,%ebp 0x4139dca9: mov $0x18,%ebx 0x4139dcae: mov %ebx,0x30(%r14) 0x4139dcb2: mov %ebp,0x2c(%r14) 0x4139dcb6: test %ebp,%ebp 0x4139dcb8: je 0x4139dce3 0x4139dcbe: jmpq 0x4139dcc3 0x4139dcc3: mov $0x40abd5,%ebp 0x4139dcc8: mov %ebp,0x20(%r14) 0x4139dccc: mov $0x7f19496cbae0,%rax 0x4139dcd6: mov $0x7f195060c476,%r10 0x4139dce0: jmpq *%r10 0x4139dce3: jmpq 0x4139dce8 0x4139dce8: mov $0x40ac10,%ebp 0x4139dced: mov %ebp,0x20(%r14) 0x4139dcf1: mov $0x7f19496cbae1,%rax 0x4139dcfb: mov $0x7f195060c476,%r10 0x4139dd05: jmpq *%r10
