On 08/07, Andrii Nakryiko wrote: > > So, any ideas how we can end up with "corrupted" root on lockless > lookup with rb_find_rcu()? I certainly can't help ;) I know ABSOLUTELY NOTHING about rb or any other tree. But, > This seems to be the very first lockless > RB-tree lookup use case in the tree, Well, latch_tree_find() is supposed to be rcu-safe afaics, and __lt_erase() is just rb_erase(). So it is not the 1st use case. See also the "Notes on lockless lookups" comment in lib/rbtree.c. So it seems that rb_erase() is supposed to be rcu-safe. However it uses __rb_change_child(), not __rb_change_child_rcu(). Not that I think this can explain the problem, and on x86 __smp_store_release() is just WRITE_ONCE, but looks confusing... Oleg.
