<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body> <div> <a class="bz_bug_link bz_status_NEW " title="NEW - [CI][DRMTIP] igt@sw_sync@sync_multi_producer_single_consumer - incomplete - BUG: kernel NULL pointer dereference, address: 0000000000000000" href="https://bugs.freedesktop.org/show_bug.cgi?id=111381#c2">Comment # 2</a> on <a class="bz_bug_link bz_status_NEW " title="NEW - [CI][DRMTIP] igt@sw_sync@sync_multi_producer_single_consumer - incomplete - BUG: kernel NULL pointer dereference, address: 0000000000000000" href="https://bugs.freedesktop.org/show_bug.cgi?id=111381">bug 111381</a> from <a class="email" href="mailto:chris@chris-wilson.co.uk" title="Chris Wilson <chris@chris-wilson.co.uk>"> Chris Wilson</a> <pre>dma_fence_signal_locked+0x3e int dma_fence_signal_locked(struct dma_fence *fence) { struct dma_fence_cb *cur, *tmp; int ret = 0; lockdep_assert_held(fence->lock); if (WARN_ON(!fence)) return -EINVAL; if (test_and_set_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &fence->flags)) { ret = -EINVAL; /* * we might have raced with the unlocked dma_fence_signal, * still run through all callbacks */ } else { fence->timestamp = ktime_get(); set_bit(DMA_FENCE_FLAG_TIMESTAMP_BIT, &fence->flags); trace_dma_fence_signaled(fence); } list_for_each_entry_safe(cur, tmp, &fence->cb_list, node) { list_del_init(&cur->node); cur->func(fence, cur); } return ret; } Doesn't make much sense to have a NULL later in the function; except at say the fence->cb_list. However, my kernel puts 0x3e at the test_and_set_bit(). Sensible guess would be either en element was freed from the cb_list.</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the QA Contact for the bug.</li> <li>You are the assignee for the bug.</li> <li>You are on the CC list for the bug.</li> </ul> </body> </html>