Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751787AbcDUJpZ (ORCPT <rfc822;w@1wt.eu>);
	Thu, 21 Apr 2016 05:45:25 -0400
Received: from mail-lb0-f171.google.com ([209.85.217.171]:35141 "EHLO
	mail-lb0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750991AbcDUJpX (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 21 Apr 2016 05:45:23 -0400
MIME-Version: 1.0
In-Reply-To: <CACT4Y+arruy73K7kATxByuGqJKr=vfmOGqxiQAVgLaJ3DZsV9g@mail.gmail.com>
References: <CACT4Y+YAjq8mcfiVxR075didJKCyOCVrqxdbfKdgUxabstbfmA@mail.gmail.com>
	<20160420211456.GE4775@htj.duckdns.org>
	<CACT4Y+arruy73K7kATxByuGqJKr=vfmOGqxiQAVgLaJ3DZsV9g@mail.gmail.com>
Date: Thu, 21 Apr 2016 12:45:21 +0300
Message-ID: <CAPAsAGzD1tk-zi+Khu-e3=8=vQL8e4huZmd1pRKVJ7gm0n6ajA@mail.gmail.com>
Subject: Re: fs: GPF in locked_inode_to_wb_and_lock_list
From: Andrey Ryabinin <ryabinin.a.a@gmail.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Tejun Heo <tj@kernel.org>, Alexander Viro <viro@zeniv.linux.org.uk>,
        "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        syzkaller <syzkaller@googlegroups.com>,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 381
Lines: 10

2016-04-21 11:35 GMT+03:00 Dmitry Vyukov <dvyukov@google.com>:
>
> ffffffff818884dd:       48 8b 03                mov    (%rbx),%rax
>
> So whatever load "&wb->bdi->wb" produces is a NULL deref. (is it wb
> that is NULL?)

Yes it's NULL wb, because there is only one load:
    mov    (%rbx),%rax        =>       rax = wb->bdi
    add    $0x50,%rax         =>       rax = &bdi->wb