On Thu, Apr 21, 2016 at 11:45 AM, Andrey Ryabinin <ryabinin....@gmail.com> wrote: > 2016-04-21 11:35 GMT+03:00 Dmitry Vyukov <dvyu...@google.com>: >> >> ffffffff818884dd: 48 8b 03 mov (%rbx),%rax >> >> So whatever load "&wb->bdi->wb" produces is a NULL deref. (is it wb >> that is NULL?) > > Yes it's NULL wb, because there is only one load: > mov (%rbx),%rax => rax = wb->bdi > add $0x50,%rax => rax = &bdi->wb
I bet that wb becomes NULL on the second iteration of the loop. The loop loops in case of a race with another thread, so it would also explain why it is difficult to reproduce. Tejun, does it make any sense to you?
