Hello, I am reporting an RCU stall detected in __dentry_kill(), which was observed during syzkaller-style fuzz testing. The stall eventually leads to prolonged RCU grace-period starvation and system instability.
=== Summary === The kernel reports an RCU preempt stall involving __dentry_kill() during file and dentry teardown. One CPU remains stuck in a filesystem cleanup path while holding locks, preventing RCU grace periods from completing. The stall is detected reliably under syzkaller fuzzing. === Environment === Kernel: 6.18.0 (locally built) Config: PREEMPT(full) Arch: x86_64 Hardware: QEMU Standard PC (i440FX + PIIX) Workload: syzkaller (syz-executor) === Triggering context === The stall is detected while a syzkaller executor process is exiting and releasing file descriptors. The problematic task is in process context during file teardown: do_exit __fput dput __dentry_kill dentry_unlink_inode iput evict shmem_evict_inode shmem_truncate_range At the same time, other CPUs are observed handling DRM-related atomic operations and vblank timers. === Warning details === The kernel reports: INFO: rcu detected stall in __dentry_kill rcu: rcu_preempt detected stalls on CPUs/tasks The stall persists for over 10k jiffies, triggering NMI backtraces on multiple CPUs. RCU also reports starvation of the grace-period kthread: rcu: rcu_preempt kthread starved for 10502 jiffies === Call trace === Stalled task backtrace (CPU 3): lock_release _raw_spin_unlock_irqrestore hrtimer_cancel drm_vblank_disable_and_save drm_crtc_vblank_off drm_atomic_helper_commit_modeset_disables drm_atomic_commit drm_mode_obj_set_property_ioctl drm_ioctl __do_sys_ioctl File teardown path involved in the stall: __dentry_kill dentry_unlink_inode iput evict shmem_evict_inode shmem_truncate_range __fput do_exit === Observations === The RCU stall occurs while tearing down dentries and inodes, suggesting that a filesystem cleanup path may be holding locks or disabling preemption for an excessive amount of time. The presence of DRM atomic commit and vblank timer activity in parallel may exacerbate scheduling delays, but the stall is ultimately detected in __dentry_kill(). This points to a possible locking or preemption imbalance in dentry or inode teardown paths, potentially triggered by adversarial userspace behavior. === Reproducer === No standalone reproducer is available. The issue was observed during syzkaller-style fuzzing. === Expected behavior === RCU grace periods should complete without stalls during normal or malformed file teardown operations. === Actual behavior === RCU reports prolonged stalls in __dentry_kill(), leading to repeated NMI backtraces and RCU kthread starvation. === Notes === Additional logs, full kernel configuration, or syzkaller artifacts can be provided if needed. Reported-by: Zhi Wang
