[PATCH v2 0/7] rcu: fix stuck defer_qs_pending state

From: Joel Fernandes

Date: Tue May 26 2026 - 18:50:38 EST

This series fixes a bug where rdp->defer_qs_pending can remain stuck in
PENDING when a preempted reader's quiescent state is reported up-tree via
a path other than the deferred-QS irq-work handler (FQS scan, hotplug
transition, expedited GP IPI, context switch). Once stuck, the pending
gate in rcu_read_unlock_special() silently suppresses all future arming
attempts on that CPU. The series adds PENDING -> IDLE transitions at the
missing sites.

Also handles the case where the deferred-QS irq-work handler may run
between segments of a compound section (per Paul McKenney's
counter-example).

The softirq deferred-QS arming path is now also handled (patch 6), which
was the remaining gap flagged in v1.

The last patch is a debug-only detector (CONFIG_RCU_GP_CLEANUP_STALE_CHECK,
marked [TEST COMMIT], not for merge) -- applied alone on unmodified
mainline without patches 2-6 it reliably fires a WARN within 5 minutes
under TREE03 rcutorture, confirming the bug exists and the detector
catches it; with the full fix applied, I could not reproduce the issue.

The git tree with all patches can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/jfern/linux.git (tag: rcu-dqs-stuck-v2-20260526)

Change log:

Changes from v1 to v2:
- Dropped RFC tag now that softirq paths have been investigated.
- Added new patch "rcu: set need_resched on softirq deferred-QS arming
path" to handle the softirq arming case that was deferred in v1.

Link to v1: https://lore.kernel.org/all/20260522142342.1536533-1-joelagnelf@xxxxxxxxxx/

Joel Fernandes (7):
rcu: introduce rcu_defer_qs_clear() helper
rcu: clear defer_qs_pending when notifying GP changes
rcu: clear defer_qs_pending in handler for compounded sections
rcu: drop redundant defer_qs_pending clear in irqrestore handler
rcu: clear defer_qs_pending at expedited IPI entry
rcu: set need_resched on softirq deferred-QS arming path
[TEST COMMIT] rcu: detect stuck defer_qs_pending at GP cleanup

kernel/rcu/Kconfig.debug | 11 +++++++++
kernel/rcu/tree.c | 49 ++++++++++++++++++++++++++++++++++++++++
kernel/rcu/tree.h | 13 +++++++++++
kernel/rcu/tree_exp.h | 6 +++++
kernel/rcu/tree_plugin.h | 31 +++++++++++++------------
5 files changed, 95 insertions(+), 15 deletions(-)


base-commit: 95c7d025cc8c3c6c41206e2a18332eb04878b7ef
--
2.34.1