* [BUG] rcu: stall detected in drm_ioctl with PREEMPT(full) during DRM vblank and printk
@ 2026-01-07 5:48 王志
0 siblings, 0 replies; only message in thread
From: 王志 @ 2026-01-07 5:48 UTC (permalink / raw)
To: linux-kernel
Cc: rcu, dri-devel, linux-mm, x86, paulmck, tglx, peterz, akpm,
syzkaller-bugs
Hello,
I am reporting an RCU stall detected during syzkaller-style fuzz testing.
The stall is reported while executing drm_ioctl(), with CPUs spinning in
native_queued_spin_lock_slowpath() in DRM vblank handling and DRM file
cleanup paths. With PREEMPT(full) enabled, the rcu_preempt grace-period
kthread is starved for over 10 seconds.
=== Summary ===
The kernel reports:
INFO: rcu detected stall in drm_ioctl
rcu_preempt kthread starved for over 10000 jiffies
Multiple CPUs are observed spinning in native_queued_spin_lock_slowpath()
inside DRM-related code paths, while the RCU grace period fails to
complete.
=== Environment ===
Kernel: 6.18.0 (locally built)
Config: PREEMPT(full)
Arch: x86_64
Hardware: QEMU Standard PC (i440FX + PIIX)
Workload: syz-executor (syzkaller-style fuzzing)
=== Triggering context ===
The stall is detected while a userspace syzkaller executor issues DRM
ioctls. The main task context is:
drm_ioctl
drm_ioctl_kernel
drm_mode_createblob_ioctl
drm_property_create_blob
__kvmalloc_node_noprof
At the same time, other CPUs are executing DRM vblank simulation in
interrupt context and DRM file teardown paths.
=== Warning details ===
RCU reports:
INFO: rcu_preempt detected stalls on CPUs/tasks
rcu_preempt kthread timer wakeup didn't happen for ~10450 jiffies
rcu_preempt kthread starved for over 10450 jiffies
Unless rcu_preempt kthread gets sufficient CPU time,
OOM is now expected behavior.
=== Call trace ===
CPU 2 (IRQ context):
native_queued_spin_lock_slowpath
drm_handle_vblank
vkms_vblank_simulate
hrtimer_interrupt
sysvec_apic_timer_interrupt
CPU 2 (task context):
console_flush_all
console_unlock
vprintk_emit
show_free_areas
warn_alloc
__vmalloc_node_range_noprof
drm_property_create_blob
drm_mode_createblob_ioctl
drm_ioctl
__x64_sys_ioctl
CPU 1 (task context):
native_queued_spin_lock_slowpath
drm_file_free
drm_close_helper
drm_release
__fput
task_work_run
exit_to_user_mode_loop
RCU GP kthread:
rcu_gp_fqs_loop
rcu_gp_kthread
=== Observations ===
The stall appears to involve contention between:
DRM vblank handling acquiring spinlocks in interrupt context
DRM ioctl paths performing memory allocation and emitting printk
DRM file cleanup paths holding DRM-related spinlocks
PREEMPT(full) scheduling, which amplifies lock contention and delays
the rcu_preempt grace-period kthread
Multiple CPUs spin in native_queued_spin_lock_slowpath(), preventing the
RCU GP kthread from running and completing the grace period.
=== Reproducer ===
No standalone reproducer is currently available.
The issue was observed during syzkaller-style fuzz testing.
=== Expected behavior ===
DRM ioctls, vblank handling, and file cleanup should not lead to
prolonged RCU stalls, even under adversarial or malformed userspace
workloads.
=== Actual behavior ===
RCU reports prolonged stalls, CPUs spin in
native_queued_spin_lock_slowpath(), and the rcu_preempt grace-period
kthread is starved for more than 10 seconds.
=== Notes ===
This issue has been observed multiple times under fuzzing workloads.
Additional logs, kernel configuration, or further traces can be
provided if needed.
Reported-by:
Zhi Wang
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-01-07 5:48 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-07 5:48 [BUG] rcu: stall detected in drm_ioctl with PREEMPT(full) during DRM vblank and printk 王志
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox