From: "Alex Bennée" <alex.bennee@linaro.org>
To: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
Cc: qemu-devel@nongnu.org,
Dmitry Osipenko <dmitry.osipenko@collabora.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PATCH v2 0/2] virtio-gpu: Do not wait for the main thread during reset
Date: Tue, 19 May 2026 13:45:18 +0100 [thread overview]
Message-ID: <878q9fbmap.fsf@draig.linaro.org> (raw)
In-Reply-To: <87h5o3bmp5.fsf@draig.linaro.org> ("Alex Bennée"'s message of "Tue, 19 May 2026 13:36:38 +0100")
Alex Bennée <alex.bennee@linaro.org> writes:
> Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp> writes:
>
>> On 2026/05/19 4:35, Alex Bennée wrote:
>>> Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp> writes:
>>>
>>>> This fixes a deadlock I previously observed with the test in [1].
>>>>
>>>> However, I can no longer reproduce the issue reliably with that test, so
>>>> I used Codex, a coding agent, to write a more reliable local test case,
>>>> shown below. I applied to Codex for Open Source to get access. The test
>>>> case is not intended for merge: current policy prohibits that, and it is
>>>> probably not worth carrying anyway because race-condition tests are
>>>> inherently fragile.
>>> What sort of hit rate where you getting with the race? So far they
>>> have
>>> both been rock solid without the additional patches for me.
>>
>> I hit the deadlock in 8 out of 10 trials.
>
> It's taking a lot longer on my system (~ 1 in 100) but with these
> patches I'm still seeing a hang, it just takes a lot longer to get
> there.
tsan shows:
[INFO] mapping blob object resource
[INFO] resource_map_blob response is CtrlHeader { hdr_type: Command(4358), flags: 0, fence_id: 0, ctx_id: 0, _padding: 0 }
[INFO] unmapping blob object resource
==================
WARNING: ThreadSanitizer: data race (pid=3564641)
Write of size 8 at 0x55c8ce6d4250 by thread T1 (mutexes: write M0, write M1):
#0 qemu_ram_free <null> (qemu-system-aarch64+0x98f863) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#1 memory_region_destructor_ram <null> (qemu-system-aarch64+0x977046) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#2 memory_region_finalize <null> (qemu-system-aarch64+0x9830e5) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#3 object_unref <null> (qemu-system-aarch64+0xfa741c) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#4 object_finalize_child_property <null> (qemu-system-aarch64+0xfa765f) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#5 object_unref <null> (qemu-system-aarch64+0xfa73d6) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#6 flatview_destroy <null> (qemu-system-aarch64+0x978e7d) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#7 call_rcu_thread <null> (qemu-system-aarch64+0x122e268) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#8 qemu_thread_start <null> (qemu-system-aarch64+0x121cc8d) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
Previous atomic read of size 8 at 0x55c8ce6d4250 by thread T7:
#0 qemu_ram_block_from_host <null> (qemu-system-aarch64+0x98fabb) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#1 qemu_ram_addr_from_host_nofail <null> (qemu-system-aarch64+0x98ff16) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#2 get_page_addr_code_hostp <null> (qemu-system-aarch64+0x4bbd0b) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#3 tb_htable_lookup <null> (qemu-system-aarch64+0x49f7bc) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#4 cpu_exec_loop <null> (qemu-system-aarch64+0x4a08a5) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#5 cpu_exec_setjmp <null> (qemu-system-aarch64+0x4a112b) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#6 cpu_exec <null> (qemu-system-aarch64+0x4a1b74) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#7 tcg_cpu_exec <null> (qemu-system-aarch64+0x4cb92b) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#8 mttcg_cpu_thread_fn <null> (qemu-system-aarch64+0x4cbe81) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#9 do_st2_mmu <null> (qemu-system-aarch64+0x4ba389) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#10 helper_stw_mmu <null> (qemu-system-aarch64+0x4bc571) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#11 <null> <null> (0x7f936faabdb2)
#12 cpu_exec_loop <null> (qemu-system-aarch64+0x4a04fc) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#13 cpu_exec_setjmp <null> (qemu-system-aarch64+0x4a112b) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#14 cpu_loop_exit_noexc <null> (qemu-system-aarch64+0x4a2242) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#15 cpu_io_recompile <null> (qemu-system-aarch64+0x4b0a9b) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#16 do_ld_mmio_beN <null> (qemu-system-aarch64+0x4b47c9) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#17 do_ld2_mmu <null> (qemu-system-aarch64+0x4b93aa) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#18 helper_lduw_mmu <null> (qemu-system-aarch64+0x4bc0a7) (BuildId: 9e57c19eb7cc79d8195b5fb05324859b4db6fbbc)
#19 <null> <null> (0x7f936faab758)
<snip>
So I guess we are trying to free the memory while still running?
--
Alex Bennée
Virtualisation Tech Lead @ Linaro
next prev parent reply other threads:[~2026-05-19 12:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-24 14:06 [PATCH v2 0/2] virtio-gpu: Do not wait for the main thread during reset Akihiko Odaki
2026-04-24 14:06 ` [PATCH v2 1/2] virtio-gpu: Run reset cleanup in the same BH Akihiko Odaki
2026-04-27 6:17 ` Philippe Mathieu-Daudé
2026-04-24 14:06 ` [PATCH v2 2/2] virtio-gpu: Do not wait for the main thread during reset Akihiko Odaki
2026-05-18 19:35 ` [PATCH v2 0/2] " Alex Bennée
2026-05-19 6:29 ` Akihiko Odaki
2026-05-19 12:36 ` Alex Bennée
2026-05-19 12:45 ` Alex Bennée [this message]
2026-05-19 14:25 ` Akihiko Odaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878q9fbmap.fsf@draig.linaro.org \
--to=alex.bennee@linaro.org \
--cc=dmitry.osipenko@collabora.com \
--cc=mst@redhat.com \
--cc=odaki@rsg.ci.i.u-tokyo.ac.jp \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.