Subject: [BUG] rcu: stall detected in __dentry_kill during file teardown

["WangzXD0325@outlook.com" <WangzXD0325@outlook.com>]

Hello,

I am reporting an RCU stall detected in __dentry_kill(), which was
observed during syzkaller-style fuzz testing. The stall eventually
leads to prolonged RCU grace-period starvation and system instability.

=== Summary ===
The kernel reports an RCU preempt stall involving __dentry_kill()
during file and dentry teardown. One CPU remains stuck in a filesystem
cleanup path while holding locks, preventing RCU grace periods from
completing.

The stall is detected reliably under syzkaller fuzzing.

=== Environment ===
Kernel: 6.18.0 (locally built)
Config: PREEMPT(full)
Arch: x86_64
Hardware: QEMU Standard PC (i440FX + PIIX)
Workload: syzkaller (syz-executor)

=== Triggering context ===
The stall is detected while a syzkaller executor process is exiting and
releasing file descriptors. The problematic task is in process context
during file teardown:

  do_exit
  __fput
  dput
  __dentry_kill
  dentry_unlink_inode
  iput
  evict
  shmem_evict_inode
  shmem_truncate_range

At the same time, other CPUs are observed handling DRM-related atomic
operations and vblank timers.

=== Warning details ===
The kernel reports:

  INFO: rcu detected stall in __dentry_kill
  rcu: rcu_preempt detected stalls on CPUs/tasks

The stall persists for over 10k jiffies, triggering NMI backtraces on
multiple CPUs.

RCU also reports starvation of the grace-period kthread:

  rcu: rcu_preempt kthread starved for 10502 jiffies

=== Call trace ===
Stalled task backtrace (CPU 3):

  lock_release
  _raw_spin_unlock_irqrestore
  hrtimer_cancel
  drm_vblank_disable_and_save
  drm_crtc_vblank_off
  drm_atomic_helper_commit_modeset_disables
  drm_atomic_commit
  drm_mode_obj_set_property_ioctl
  drm_ioctl
  __do_sys_ioctl

File teardown path involved in the stall:

  __dentry_kill
  dentry_unlink_inode
  iput
  evict
  shmem_evict_inode
  shmem_truncate_range
  __fput
  do_exit

=== Observations ===
The RCU stall occurs while tearing down dentries and inodes, suggesting
that a filesystem cleanup path may be holding locks or disabling
preemption for an excessive amount of time.

The presence of DRM atomic commit and vblank timer activity in parallel
may exacerbate scheduling delays, but the stall is ultimately detected
in __dentry_kill().

This points to a possible locking or preemption imbalance in dentry or
inode teardown paths, potentially triggered by adversarial userspace
behavior.

=== Reproducer ===
No standalone reproducer is available.
The issue was observed during syzkaller-style fuzzing.

=== Expected behavior ===
RCU grace periods should complete without stalls during normal or
malformed file teardown operations.

=== Actual behavior ===
RCU reports prolonged stalls in __dentry_kill(), leading to repeated
NMI backtraces and RCU kthread starvation.

=== Notes ===
Additional logs, full kernel configuration, or syzkaller artifacts can
be provided if needed.

Reported-by:
Zhi Wang