* Kernel Null Pointer Dereference on Fedora with thinkpad_acpi
@ 2025-03-30 5:19 Damian Tometzki
2025-03-30 6:01 ` Kurt Borja
0 siblings, 1 reply; 6+ messages in thread
From: Damian Tometzki @ 2025-03-30 5:19 UTC (permalink / raw)
To: hmh, ibm-acpi-devel, platform-driver-x86,
Linux Kernel Mailing List
Hi together,
I encountered a kernel crash on a Lenovo ThinkPad (BIOS N32ET95W 1.71)
running Fedora with kernel 6.15 (merge window) 7f2ff7b62617. The issue
is a NULL pointer dereference during initialization of the
thinkpad_acpi module. The crash occurs in kobject_get() while handling
RFKill device registration (tpacpi_new_rfkill → rfkill_register →
device_add).
With kernel 6.14 system boot´s fine
Let me know if further logs or debugging info are needed. Below the short dump
Mar 29 17:43:16.173712 fedora kernel: thinkpad_acpi: Disabling
thinkpad-acpi brightness events by default...
Mar 29 17:43:16.175636 fedora kernel: ACPI: bus type thunderbolt registered
Mar 29 17:43:16.179626 fedora kernel: BUG: kernel NULL pointer
dereference, address: 000000000000004c
Mar 29 17:43:16.179689 fedora kernel: #PF: supervisor read access in kernel mode
Mar 29 17:43:16.180235 fedora kernel: #PF: error_code(0x0000) - not-present page
Mar 29 17:43:16.180290 fedora kernel: PGD 0 P4D 0
Mar 29 17:43:16.180325 fedora kernel: Oops: Oops: 0000 [#1] SMP NOPTI
Mar 29 17:43:16.180340 fedora kernel: CPU: 6 UID: 0 PID: 1015 Comm:
(udev-worker) Not tainted 6.14.0 #355 PREEMPT(lazy)
Mar 29 17:43:16.180449 fedora kernel: Hardware name: LENOVO
20XWCTO1WW/20XWCTO1WW, BIOS N32ET95W (1.71 ) 10/24/2024
Mar 29 17:43:16.180469 fedora kernel: RIP: 0010:kobject_get+0xd/0x70
Mar 29 17:43:16.180491 fedora kernel: Code: 66 66 2e 0f 1f 84 00 00 00
00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
fa 53 48 89 fb 48 85 ff 74 1f <f6> 47 3c 01 74 22 48 8d 7b 38 b8 01
00>
Mar 29 17:43:16.180506 fedora kernel: RSP: 0018:ffffd3d200b5f750
EFLAGS: 00010202
Mar 29 17:43:16.180523 fedora kernel: RAX: ffff8ebbc10fac00 RBX:
0000000000000010 RCX: 0000000000000000
Mar 29 17:43:16.180534 fedora kernel: RDX: 0000000000000000 RSI:
ffffffff9aebafa0 RDI: 0000000000000010
Mar 29 17:43:16.180547 fedora kernel: RBP: ffff8ebbd49f4b88 R08:
0000000000000100 R09: 0000000000000000
Mar 29 17:43:16.180559 fedora kernel: R10: ffffd3d200b5f760 R11:
0000000000000008 R12: 0000000000000010
Mar 29 17:43:16.180573 fedora kernel: R13: ffff8ebbc8b12388 R14:
ffffffffc14a7500 R15: 0000000000000000
Mar 29 17:43:16.180587 fedora kernel: FS: 00007f1aa7c15040(0000)
GS:ffff8ebf72546000(0000) knlGS:0000000000000000
Mar 29 17:43:16.180606 fedora kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Mar 29 17:43:16.180630 fedora kernel: CR2: 000000000000004c CR3:
0000000113948001 CR4: 0000000000f70ef0
Mar 29 17:43:16.180642 fedora kernel: PKRU: 55555554
Mar 29 17:43:16.180654 fedora kernel: Call Trace:
Mar 29 17:43:16.180664 fedora kernel: <TASK>
Mar 29 17:43:16.180676 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
Mar 29 17:43:16.180688 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
Mar 29 17:43:16.180704 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
Mar 29 17:43:16.180712 fedora kernel: ? device_add+0x8f/0x6e0
Mar 29 17:43:16.180724 fedora kernel: ? __die_body.cold+0x8/0x12
Mar 29 17:43:16.180739 fedora kernel: ? page_fault_oops+0x146/0x180
Mar 29 17:43:16.180748 fedora kernel: ? exc_page_fault+0x7e/0x1a0
Mar 29 17:43:16.180758 fedora kernel: ? asm_exc_page_fault+0x26/0x30
Mar 29 17:43:16.180769 fedora kernel: ? __pfx_klist_children_get+0x10/0x10
Mar 29 17:43:16.180781 fedora kernel: ? kobject_get+0xd/0x70
Mar 29 17:43:16.180792 fedora kernel: device_add+0x8f/0x6e0
Mar 29 17:43:16.180804 fedora kernel: rfkill_register+0xbc/0x2c0 [rfkill]
Mar 29 17:43:16.180813 fedora kernel: tpacpi_new_rfkill+0x185/0x230
[thinkpad_acpi]
Mar 29 17:43:16.180826 fedora kernel: ibm_init+0x66/0x2a0 [thinkpad_acpi]
Mar 29 17:43:16.180840 fedora kernel:
tpacpi_pdriver_probe+0x160/0x250 [thinkpad_acpi]
Mar 29 17:43:16.180852 fedora kernel: platform_probe+0x41/0xa0
Mar 29 17:43:16.180887 fedora kernel: really_probe+0xdb/0x340
Mar 29 17:43:16.180900 fedora kernel: ? pm_runtime_barrier+0x55/0x90
Mar 29 17:43:16.180912 fedora kernel: ? __pfx___driver_attach+0x10/0x10
Mar 29 17:43:16.180920 fedora kernel: __driver_probe_device+0x78/0x140
Mar 29 17:43:16.180932 fedora kernel: driver_probe_device+0x1f/0xa0
Mar 29 17:43:16.180942 fedora kernel: __driver_attach+0xb8/0x1d0
Mar 29 17:43:16.180954 fedora kernel: bus_for_each_dev+0x82/0xd0
Mar 29 17:43:16.180966 fedora kernel: bus_add_driver+0x12f/0x210
Mar 29 17:43:16.180976 fedora kernel: driver_register+0x72/0xd0
Mar 29 17:43:16.180988 fedora kernel: __platform_driver_probe+0x45/0x90
Mar 29 17:43:16.180999 fedora kernel: __platform_create_bundle+0xe7/0x100
Mar 29 17:43:16.181011 fedora kernel: ?
__pfx_tpacpi_pdriver_probe+0x10/0x10 [thinkpad_acpi]
Mar 29 17:43:16.181025 fedora kernel: ?
__pfx_thinkpad_acpi_module_init+0x10/0x10 [thinkpad_acpi]
Mar 29 17:43:16.181035 fedora kernel:
thinkpad_acpi_module_init+0x37e/0x430 [thinkpad_acpi]
Mar 29 17:43:16.181045 fedora kernel: do_one_initcall+0x58/0x300
Mar 29 17:43:16.181053 fedora kernel: do_init_module+0x82/0x240
Mar 29 17:43:16.181065 fedora kernel: init_module_from_file+0x8b/0xe0
Mar 29 17:43:16.181073 fedora kernel: idempotent_init_module+0x113/0x310
Mar 29 17:43:16.181083 fedora kernel: __x64_sys_finit_module+0x67/0xc0
Mar 29 17:43:16.181093 fedora kernel: do_syscall_64+0x7f/0x170
Mar 29 17:43:16.181103 fedora kernel: ? syscall_exit_to_user_mode+0x1d5/0x210
Mar 29 17:43:16.181112 fedora kernel: ? do_syscall_64+0x8c/0x170
Mar 29 17:43:16.181124 fedora kernel: ?
syscall_exit_to_user_mode_prepare+0x14a/0x180
Mar 29 17:43:16.181135 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
Mar 29 17:43:16.181144 fedora kernel: ? do_syscall_64+0x8c/0x170
Mar 29 17:43:16.181152 fedora kernel: ?
syscall_exit_to_user_mode_prepare+0x14a/0x180
Mar 29 17:43:16.181163 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
Mar 29 17:43:16.181173 fedora kernel: ? do_syscall_64+0x8c/0x170
Mar 29 17:43:16.181182 fedora kernel: ? seq_read_iter+0x20e/0x480
Mar 29 17:43:16.181198 fedora kernel: ? vfs_read+0x29b/0x370
Mar 29 17:43:16.181217 fedora kernel: ? __seccomp_filter+0x41/0x4e0
Mar 29 17:43:16.181233 fedora kernel: ?
syscall_exit_to_user_mode_prepare+0x14a/0x180
Mar 29 17:43:16.181250 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
Mar 29 17:43:16.181264 fedora kernel: ? do_syscall_64+0x8c/0x170
Mar 29 17:43:16.181280 fedora kernel: ? do_syscall_64+0x8c/0x170
Mar 29 17:43:16.181292 fedora kernel: ?
syscall_exit_to_user_mode_prepare+0x14a/0x180
Mar 29 17:43:16.181316 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
Mar 29 17:43:16.181331 fedora kernel: ? clear_bhb_loop+0x35/0x90
Mar 29 17:43:16.181341 fedora kernel: ? clear_bhb_loop+0x35/0x90
Mar 29 17:43:16.181351 fedora kernel: ? clear_bhb_loop+0x35/0x90
Mar 29 17:43:16.181360 fedora kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
Mar 29 17:43:16.181372 fedora kernel: RIP: 0033:0x7f1aa84c5a8d
Mar 29 17:43:16.181381 fedora kernel: Code: ff c3 66 2e 0f 1f 84 00 00
00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2
4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d
4b>
Mar 29 17:43:16.181392 fedora kernel: RSP: 002b:00007ffe5ca79bc8
EFLAGS: 00000246 ORIG_RAX: 0000000000000139
Mar 29 17:43:16.181406 fedora kernel: RAX: ffffffffffffffda RBX:
00005610a8c7deb0 RCX: 00007f1aa84c5a8d
Mar 29 17:43:16.181419 fedora kernel: RDX: 0000000000000000 RSI:
00007f1aa7b88965 RDI: 0000000000000032
Mar 29 17:43:16.181431 fedora kernel: RBP: 00007ffe5ca79c80 R08:
0000000000000000 R09: 00007ffe5ca79c30
Mar 29 17:43:16.181441 fedora kernel: R10: 0000000000000000 R11:
0000000000000246 R12: 0000000000020000
Mar 29 17:43:16.181448 fedora kernel: R13: 00005610a8c7f880 R14:
00007f1aa7b88965 R15: 0000000000000000
Mar 29 17:43:16.181458 fedora kernel: </TASK>
Mar 29 17:43:16.181472 fedora kernel: Modules linked in: cfg80211(+)
thunderbolt(+) thinkpad_acpi(+) igen6_edac intel_soc_dts_iosf
platform_profile snd soundcore int3403_thermal int340x_thermal_zone
soc_button_>
Mar 29 17:43:16.181784 fedora kernel: CR2: 000000000000004c
Mar 29 17:43:16.181806 fedora kernel: ---[ end trace 0000000000000000 ]---
Best regards
Damian
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel Null Pointer Dereference on Fedora with thinkpad_acpi
2025-03-30 5:19 Kernel Null Pointer Dereference on Fedora with thinkpad_acpi Damian Tometzki
@ 2025-03-30 6:01 ` Kurt Borja
2025-03-30 6:28 ` Damian Tometzki
0 siblings, 1 reply; 6+ messages in thread
From: Kurt Borja @ 2025-03-30 6:01 UTC (permalink / raw)
To: Damian Tometzki, hmh, ibm-acpi-devel, platform-driver-x86,
Linux Kernel Mailing List
[-- Attachment #1.1: Type: text/plain, Size: 8910 bytes --]
Hi Damian,
On Sun Mar 30, 2025 at 2:19 AM -03, Damian Tometzki wrote:
> Hi together,
>
> I encountered a kernel crash on a Lenovo ThinkPad (BIOS N32ET95W 1.71)
> running Fedora with kernel 6.15 (merge window) 7f2ff7b62617. The issue
> is a NULL pointer dereference during initialization of the
> thinkpad_acpi module. The crash occurs in kobject_get() while handling
> RFKill device registration (tpacpi_new_rfkill → rfkill_register →
> device_add).
> With kernel 6.14 system boot´s fine
>
> Let me know if further logs or debugging info are needed. Below the short dump
>
> Mar 29 17:43:16.173712 fedora kernel: thinkpad_acpi: Disabling
> thinkpad-acpi brightness events by default...
> Mar 29 17:43:16.175636 fedora kernel: ACPI: bus type thunderbolt registered
> Mar 29 17:43:16.179626 fedora kernel: BUG: kernel NULL pointer
> dereference, address: 000000000000004c
> Mar 29 17:43:16.179689 fedora kernel: #PF: supervisor read access in kernel mode
> Mar 29 17:43:16.180235 fedora kernel: #PF: error_code(0x0000) - not-present page
> Mar 29 17:43:16.180290 fedora kernel: PGD 0 P4D 0
> Mar 29 17:43:16.180325 fedora kernel: Oops: Oops: 0000 [#1] SMP NOPTI
> Mar 29 17:43:16.180340 fedora kernel: CPU: 6 UID: 0 PID: 1015 Comm:
> (udev-worker) Not tainted 6.14.0 #355 PREEMPT(lazy)
> Mar 29 17:43:16.180449 fedora kernel: Hardware name: LENOVO
> 20XWCTO1WW/20XWCTO1WW, BIOS N32ET95W (1.71 ) 10/24/2024
> Mar 29 17:43:16.180469 fedora kernel: RIP: 0010:kobject_get+0xd/0x70
> Mar 29 17:43:16.180491 fedora kernel: Code: 66 66 2e 0f 1f 84 00 00 00
> 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
> fa 53 48 89 fb 48 85 ff 74 1f <f6> 47 3c 01 74 22 48 8d 7b 38 b8 01
> 00>
> Mar 29 17:43:16.180506 fedora kernel: RSP: 0018:ffffd3d200b5f750
> EFLAGS: 00010202
> Mar 29 17:43:16.180523 fedora kernel: RAX: ffff8ebbc10fac00 RBX:
> 0000000000000010 RCX: 0000000000000000
> Mar 29 17:43:16.180534 fedora kernel: RDX: 0000000000000000 RSI:
> ffffffff9aebafa0 RDI: 0000000000000010
> Mar 29 17:43:16.180547 fedora kernel: RBP: ffff8ebbd49f4b88 R08:
> 0000000000000100 R09: 0000000000000000
> Mar 29 17:43:16.180559 fedora kernel: R10: ffffd3d200b5f760 R11:
> 0000000000000008 R12: 0000000000000010
> Mar 29 17:43:16.180573 fedora kernel: R13: ffff8ebbc8b12388 R14:
> ffffffffc14a7500 R15: 0000000000000000
> Mar 29 17:43:16.180587 fedora kernel: FS: 00007f1aa7c15040(0000)
> GS:ffff8ebf72546000(0000) knlGS:0000000000000000
> Mar 29 17:43:16.180606 fedora kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
> 0000000080050033
> Mar 29 17:43:16.180630 fedora kernel: CR2: 000000000000004c CR3:
> 0000000113948001 CR4: 0000000000f70ef0
> Mar 29 17:43:16.180642 fedora kernel: PKRU: 55555554
> Mar 29 17:43:16.180654 fedora kernel: Call Trace:
> Mar 29 17:43:16.180664 fedora kernel: <TASK>
> Mar 29 17:43:16.180676 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> Mar 29 17:43:16.180688 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> Mar 29 17:43:16.180704 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> Mar 29 17:43:16.180712 fedora kernel: ? device_add+0x8f/0x6e0
> Mar 29 17:43:16.180724 fedora kernel: ? __die_body.cold+0x8/0x12
> Mar 29 17:43:16.180739 fedora kernel: ? page_fault_oops+0x146/0x180
> Mar 29 17:43:16.180748 fedora kernel: ? exc_page_fault+0x7e/0x1a0
> Mar 29 17:43:16.180758 fedora kernel: ? asm_exc_page_fault+0x26/0x30
> Mar 29 17:43:16.180769 fedora kernel: ? __pfx_klist_children_get+0x10/0x10
> Mar 29 17:43:16.180781 fedora kernel: ? kobject_get+0xd/0x70
> Mar 29 17:43:16.180792 fedora kernel: device_add+0x8f/0x6e0
> Mar 29 17:43:16.180804 fedora kernel: rfkill_register+0xbc/0x2c0 [rfkill]
> Mar 29 17:43:16.180813 fedora kernel: tpacpi_new_rfkill+0x185/0x230
> [thinkpad_acpi]
> Mar 29 17:43:16.180826 fedora kernel: ibm_init+0x66/0x2a0 [thinkpad_acpi]
> Mar 29 17:43:16.180840 fedora kernel:
> tpacpi_pdriver_probe+0x160/0x250 [thinkpad_acpi]
> Mar 29 17:43:16.180852 fedora kernel: platform_probe+0x41/0xa0
> Mar 29 17:43:16.180887 fedora kernel: really_probe+0xdb/0x340
> Mar 29 17:43:16.180900 fedora kernel: ? pm_runtime_barrier+0x55/0x90
> Mar 29 17:43:16.180912 fedora kernel: ? __pfx___driver_attach+0x10/0x10
> Mar 29 17:43:16.180920 fedora kernel: __driver_probe_device+0x78/0x140
> Mar 29 17:43:16.180932 fedora kernel: driver_probe_device+0x1f/0xa0
> Mar 29 17:43:16.180942 fedora kernel: __driver_attach+0xb8/0x1d0
> Mar 29 17:43:16.180954 fedora kernel: bus_for_each_dev+0x82/0xd0
> Mar 29 17:43:16.180966 fedora kernel: bus_add_driver+0x12f/0x210
> Mar 29 17:43:16.180976 fedora kernel: driver_register+0x72/0xd0
> Mar 29 17:43:16.180988 fedora kernel: __platform_driver_probe+0x45/0x90
> Mar 29 17:43:16.180999 fedora kernel: __platform_create_bundle+0xe7/0x100
> Mar 29 17:43:16.181011 fedora kernel: ?
> __pfx_tpacpi_pdriver_probe+0x10/0x10 [thinkpad_acpi]
> Mar 29 17:43:16.181025 fedora kernel: ?
> __pfx_thinkpad_acpi_module_init+0x10/0x10 [thinkpad_acpi]
> Mar 29 17:43:16.181035 fedora kernel:
> thinkpad_acpi_module_init+0x37e/0x430 [thinkpad_acpi]
> Mar 29 17:43:16.181045 fedora kernel: do_one_initcall+0x58/0x300
> Mar 29 17:43:16.181053 fedora kernel: do_init_module+0x82/0x240
> Mar 29 17:43:16.181065 fedora kernel: init_module_from_file+0x8b/0xe0
> Mar 29 17:43:16.181073 fedora kernel: idempotent_init_module+0x113/0x310
> Mar 29 17:43:16.181083 fedora kernel: __x64_sys_finit_module+0x67/0xc0
> Mar 29 17:43:16.181093 fedora kernel: do_syscall_64+0x7f/0x170
> Mar 29 17:43:16.181103 fedora kernel: ? syscall_exit_to_user_mode+0x1d5/0x210
> Mar 29 17:43:16.181112 fedora kernel: ? do_syscall_64+0x8c/0x170
> Mar 29 17:43:16.181124 fedora kernel: ?
> syscall_exit_to_user_mode_prepare+0x14a/0x180
> Mar 29 17:43:16.181135 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> Mar 29 17:43:16.181144 fedora kernel: ? do_syscall_64+0x8c/0x170
> Mar 29 17:43:16.181152 fedora kernel: ?
> syscall_exit_to_user_mode_prepare+0x14a/0x180
> Mar 29 17:43:16.181163 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> Mar 29 17:43:16.181173 fedora kernel: ? do_syscall_64+0x8c/0x170
> Mar 29 17:43:16.181182 fedora kernel: ? seq_read_iter+0x20e/0x480
> Mar 29 17:43:16.181198 fedora kernel: ? vfs_read+0x29b/0x370
> Mar 29 17:43:16.181217 fedora kernel: ? __seccomp_filter+0x41/0x4e0
> Mar 29 17:43:16.181233 fedora kernel: ?
> syscall_exit_to_user_mode_prepare+0x14a/0x180
> Mar 29 17:43:16.181250 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> Mar 29 17:43:16.181264 fedora kernel: ? do_syscall_64+0x8c/0x170
> Mar 29 17:43:16.181280 fedora kernel: ? do_syscall_64+0x8c/0x170
> Mar 29 17:43:16.181292 fedora kernel: ?
> syscall_exit_to_user_mode_prepare+0x14a/0x180
> Mar 29 17:43:16.181316 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> Mar 29 17:43:16.181331 fedora kernel: ? clear_bhb_loop+0x35/0x90
> Mar 29 17:43:16.181341 fedora kernel: ? clear_bhb_loop+0x35/0x90
> Mar 29 17:43:16.181351 fedora kernel: ? clear_bhb_loop+0x35/0x90
> Mar 29 17:43:16.181360 fedora kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
> Mar 29 17:43:16.181372 fedora kernel: RIP: 0033:0x7f1aa84c5a8d
> Mar 29 17:43:16.181381 fedora kernel: Code: ff c3 66 2e 0f 1f 84 00 00
> 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2
> 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d
> 4b>
> Mar 29 17:43:16.181392 fedora kernel: RSP: 002b:00007ffe5ca79bc8
> EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> Mar 29 17:43:16.181406 fedora kernel: RAX: ffffffffffffffda RBX:
> 00005610a8c7deb0 RCX: 00007f1aa84c5a8d
> Mar 29 17:43:16.181419 fedora kernel: RDX: 0000000000000000 RSI:
> 00007f1aa7b88965 RDI: 0000000000000032
> Mar 29 17:43:16.181431 fedora kernel: RBP: 00007ffe5ca79c80 R08:
> 0000000000000000 R09: 00007ffe5ca79c30
> Mar 29 17:43:16.181441 fedora kernel: R10: 0000000000000000 R11:
> 0000000000000246 R12: 0000000000020000
> Mar 29 17:43:16.181448 fedora kernel: R13: 00005610a8c7f880 R14:
> 00007f1aa7b88965 R15: 0000000000000000
> Mar 29 17:43:16.181458 fedora kernel: </TASK>
> Mar 29 17:43:16.181472 fedora kernel: Modules linked in: cfg80211(+)
> thunderbolt(+) thinkpad_acpi(+) igen6_edac intel_soc_dts_iosf
> platform_profile snd soundcore int3403_thermal int340x_thermal_zone
> soc_button_>
> Mar 29 17:43:16.181784 fedora kernel: CR2: 000000000000004c
> Mar 29 17:43:16.181806 fedora kernel: ---[ end trace 0000000000000000 ]---
>
> Best regards
> Damian
Hmmm - I have a feeling about this one.
Can you apply and test the attached proposed patch? If you do please
verify if the problem persist and if the driver has all the features
present before the regression.
If everything goes nicely, feel free to add a Tested-by: tag for when I
submit this.
--
~ Kurt
[-- Attachment #2: 0001-platform-x86-thinkpad_acpi-Fix-rfkill-null-pointer-d.patch --]
[-- Type: text/x-patch, Size: 2223 bytes --]
From 671b687742abf66bfa755a253ee33dd061b2e35f Mon Sep 17 00:00:00 2001
From: Kurt Borja <kuurtb@gmail.com>
Date: Sun, 30 Mar 2025 02:53:26 -0300
Subject: [PATCH] platform/x86: thinkpad_acpi: Fix rfkill null pointer deref
Signed-off-by: Kurt Borja <kuurtb@gmail.com>
---
drivers/platform/x86/thinkpad_acpi.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
index 0384cf311878..1d4e9fa21808 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -367,6 +367,7 @@ static struct {
u32 beep_needs_two_args:1;
u32 mixer_no_level_control:1;
u32 battery_force_primary:1;
+ u32 platform_drv_registered:1;
u32 hotkey_poll_active:1;
u32 has_adaptive_kbd:1;
u32 kbd_lang:1;
@@ -11820,10 +11821,10 @@ static void thinkpad_acpi_module_exit(void)
platform_device_unregister(tpacpi_sensors_pdev);
}
- if (tpacpi_pdev) {
+ if (tp_features.platform_drv_registered)
platform_driver_unregister(&tpacpi_pdriver);
+ if (tpacpi_pdev)
platform_device_unregister(tpacpi_pdev);
- }
if (proc_dir)
remove_proc_entry(TPACPI_PROC_DIR, acpi_root_dir);
@@ -11965,16 +11966,24 @@ static int __init thinkpad_acpi_module_init(void)
tp_features.quirks = dmi_id->driver_data;
/* Device initialization */
- tpacpi_pdev = platform_create_bundle(&tpacpi_pdriver, tpacpi_pdriver_probe,
- NULL, 0, NULL, 0);
+ tpacpi_pdev = platform_device_register_simple(TPACPI_DRVR_NAME, PLATFORM_DEVID_NONE,
+ NULL, 0);
if (IS_ERR(tpacpi_pdev)) {
ret = PTR_ERR(tpacpi_pdev);
tpacpi_pdev = NULL;
- pr_err("unable to register platform device/driver bundle\n");
+ pr_err("unable to register platform device\n");
thinkpad_acpi_module_exit();
return ret;
}
+ ret = platform_driver_probe(&tpacpi_pdriver, tpacpi_pdriver_probe);
+ if (ret) {
+ pr_err("unable to register main platform driver\n");
+ thinkpad_acpi_module_exit();
+ return ret;
+ }
+ tp_features.platform_drv_registered = 1;
+
tpacpi_sensors_pdev = platform_create_bundle(&tpacpi_hwmon_pdriver,
tpacpi_hwmon_pdriver_probe,
NULL, 0, NULL, 0);
--
2.49.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: Kernel Null Pointer Dereference on Fedora with thinkpad_acpi
2025-03-30 6:01 ` Kurt Borja
@ 2025-03-30 6:28 ` Damian Tometzki
2025-03-30 6:47 ` Kurt Borja
0 siblings, 1 reply; 6+ messages in thread
From: Damian Tometzki @ 2025-03-30 6:28 UTC (permalink / raw)
To: Kurt Borja
Cc: hmh, ibm-acpi-devel, platform-driver-x86,
Linux Kernel Mailing List
On Sun, Mar 30, 2025 at 8:01 AM Kurt Borja <kuurtb@gmail.com> wrote:
>
> Hi Damian,
>
> On Sun Mar 30, 2025 at 2:19 AM -03, Damian Tometzki wrote:
> > Hi together,
> >
> > I encountered a kernel crash on a Lenovo ThinkPad (BIOS N32ET95W 1.71)
> > running Fedora with kernel 6.15 (merge window) 7f2ff7b62617. The issue
> > is a NULL pointer dereference during initialization of the
> > thinkpad_acpi module. The crash occurs in kobject_get() while handling
> > RFKill device registration (tpacpi_new_rfkill → rfkill_register →
> > device_add).
> > With kernel 6.14 system boot´s fine
> >
> > Let me know if further logs or debugging info are needed. Below the short dump
> >
> > Mar 29 17:43:16.173712 fedora kernel: thinkpad_acpi: Disabling
> > thinkpad-acpi brightness events by default...
> > Mar 29 17:43:16.175636 fedora kernel: ACPI: bus type thunderbolt registered
> > Mar 29 17:43:16.179626 fedora kernel: BUG: kernel NULL pointer
> > dereference, address: 000000000000004c
> > Mar 29 17:43:16.179689 fedora kernel: #PF: supervisor read access in kernel mode
> > Mar 29 17:43:16.180235 fedora kernel: #PF: error_code(0x0000) - not-present page
> > Mar 29 17:43:16.180290 fedora kernel: PGD 0 P4D 0
> > Mar 29 17:43:16.180325 fedora kernel: Oops: Oops: 0000 [#1] SMP NOPTI
> > Mar 29 17:43:16.180340 fedora kernel: CPU: 6 UID: 0 PID: 1015 Comm:
> > (udev-worker) Not tainted 6.14.0 #355 PREEMPT(lazy)
> > Mar 29 17:43:16.180449 fedora kernel: Hardware name: LENOVO
> > 20XWCTO1WW/20XWCTO1WW, BIOS N32ET95W (1.71 ) 10/24/2024
> > Mar 29 17:43:16.180469 fedora kernel: RIP: 0010:kobject_get+0xd/0x70
> > Mar 29 17:43:16.180491 fedora kernel: Code: 66 66 2e 0f 1f 84 00 00 00
> > 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
> > fa 53 48 89 fb 48 85 ff 74 1f <f6> 47 3c 01 74 22 48 8d 7b 38 b8 01
> > 00>
> > Mar 29 17:43:16.180506 fedora kernel: RSP: 0018:ffffd3d200b5f750
> > EFLAGS: 00010202
> > Mar 29 17:43:16.180523 fedora kernel: RAX: ffff8ebbc10fac00 RBX:
> > 0000000000000010 RCX: 0000000000000000
> > Mar 29 17:43:16.180534 fedora kernel: RDX: 0000000000000000 RSI:
> > ffffffff9aebafa0 RDI: 0000000000000010
> > Mar 29 17:43:16.180547 fedora kernel: RBP: ffff8ebbd49f4b88 R08:
> > 0000000000000100 R09: 0000000000000000
> > Mar 29 17:43:16.180559 fedora kernel: R10: ffffd3d200b5f760 R11:
> > 0000000000000008 R12: 0000000000000010
> > Mar 29 17:43:16.180573 fedora kernel: R13: ffff8ebbc8b12388 R14:
> > ffffffffc14a7500 R15: 0000000000000000
> > Mar 29 17:43:16.180587 fedora kernel: FS: 00007f1aa7c15040(0000)
> > GS:ffff8ebf72546000(0000) knlGS:0000000000000000
> > Mar 29 17:43:16.180606 fedora kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
> > 0000000080050033
> > Mar 29 17:43:16.180630 fedora kernel: CR2: 000000000000004c CR3:
> > 0000000113948001 CR4: 0000000000f70ef0
> > Mar 29 17:43:16.180642 fedora kernel: PKRU: 55555554
> > Mar 29 17:43:16.180654 fedora kernel: Call Trace:
> > Mar 29 17:43:16.180664 fedora kernel: <TASK>
> > Mar 29 17:43:16.180676 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> > Mar 29 17:43:16.180688 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> > Mar 29 17:43:16.180704 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> > Mar 29 17:43:16.180712 fedora kernel: ? device_add+0x8f/0x6e0
> > Mar 29 17:43:16.180724 fedora kernel: ? __die_body.cold+0x8/0x12
> > Mar 29 17:43:16.180739 fedora kernel: ? page_fault_oops+0x146/0x180
> > Mar 29 17:43:16.180748 fedora kernel: ? exc_page_fault+0x7e/0x1a0
> > Mar 29 17:43:16.180758 fedora kernel: ? asm_exc_page_fault+0x26/0x30
> > Mar 29 17:43:16.180769 fedora kernel: ? __pfx_klist_children_get+0x10/0x10
> > Mar 29 17:43:16.180781 fedora kernel: ? kobject_get+0xd/0x70
> > Mar 29 17:43:16.180792 fedora kernel: device_add+0x8f/0x6e0
> > Mar 29 17:43:16.180804 fedora kernel: rfkill_register+0xbc/0x2c0 [rfkill]
> > Mar 29 17:43:16.180813 fedora kernel: tpacpi_new_rfkill+0x185/0x230
> > [thinkpad_acpi]
> > Mar 29 17:43:16.180826 fedora kernel: ibm_init+0x66/0x2a0 [thinkpad_acpi]
> > Mar 29 17:43:16.180840 fedora kernel:
> > tpacpi_pdriver_probe+0x160/0x250 [thinkpad_acpi]
> > Mar 29 17:43:16.180852 fedora kernel: platform_probe+0x41/0xa0
> > Mar 29 17:43:16.180887 fedora kernel: really_probe+0xdb/0x340
> > Mar 29 17:43:16.180900 fedora kernel: ? pm_runtime_barrier+0x55/0x90
> > Mar 29 17:43:16.180912 fedora kernel: ? __pfx___driver_attach+0x10/0x10
> > Mar 29 17:43:16.180920 fedora kernel: __driver_probe_device+0x78/0x140
> > Mar 29 17:43:16.180932 fedora kernel: driver_probe_device+0x1f/0xa0
> > Mar 29 17:43:16.180942 fedora kernel: __driver_attach+0xb8/0x1d0
> > Mar 29 17:43:16.180954 fedora kernel: bus_for_each_dev+0x82/0xd0
> > Mar 29 17:43:16.180966 fedora kernel: bus_add_driver+0x12f/0x210
> > Mar 29 17:43:16.180976 fedora kernel: driver_register+0x72/0xd0
> > Mar 29 17:43:16.180988 fedora kernel: __platform_driver_probe+0x45/0x90
> > Mar 29 17:43:16.180999 fedora kernel: __platform_create_bundle+0xe7/0x100
> > Mar 29 17:43:16.181011 fedora kernel: ?
> > __pfx_tpacpi_pdriver_probe+0x10/0x10 [thinkpad_acpi]
> > Mar 29 17:43:16.181025 fedora kernel: ?
> > __pfx_thinkpad_acpi_module_init+0x10/0x10 [thinkpad_acpi]
> > Mar 29 17:43:16.181035 fedora kernel:
> > thinkpad_acpi_module_init+0x37e/0x430 [thinkpad_acpi]
> > Mar 29 17:43:16.181045 fedora kernel: do_one_initcall+0x58/0x300
> > Mar 29 17:43:16.181053 fedora kernel: do_init_module+0x82/0x240
> > Mar 29 17:43:16.181065 fedora kernel: init_module_from_file+0x8b/0xe0
> > Mar 29 17:43:16.181073 fedora kernel: idempotent_init_module+0x113/0x310
> > Mar 29 17:43:16.181083 fedora kernel: __x64_sys_finit_module+0x67/0xc0
> > Mar 29 17:43:16.181093 fedora kernel: do_syscall_64+0x7f/0x170
> > Mar 29 17:43:16.181103 fedora kernel: ? syscall_exit_to_user_mode+0x1d5/0x210
> > Mar 29 17:43:16.181112 fedora kernel: ? do_syscall_64+0x8c/0x170
> > Mar 29 17:43:16.181124 fedora kernel: ?
> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> > Mar 29 17:43:16.181135 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> > Mar 29 17:43:16.181144 fedora kernel: ? do_syscall_64+0x8c/0x170
> > Mar 29 17:43:16.181152 fedora kernel: ?
> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> > Mar 29 17:43:16.181163 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> > Mar 29 17:43:16.181173 fedora kernel: ? do_syscall_64+0x8c/0x170
> > Mar 29 17:43:16.181182 fedora kernel: ? seq_read_iter+0x20e/0x480
> > Mar 29 17:43:16.181198 fedora kernel: ? vfs_read+0x29b/0x370
> > Mar 29 17:43:16.181217 fedora kernel: ? __seccomp_filter+0x41/0x4e0
> > Mar 29 17:43:16.181233 fedora kernel: ?
> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> > Mar 29 17:43:16.181250 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> > Mar 29 17:43:16.181264 fedora kernel: ? do_syscall_64+0x8c/0x170
> > Mar 29 17:43:16.181280 fedora kernel: ? do_syscall_64+0x8c/0x170
> > Mar 29 17:43:16.181292 fedora kernel: ?
> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> > Mar 29 17:43:16.181316 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> > Mar 29 17:43:16.181331 fedora kernel: ? clear_bhb_loop+0x35/0x90
> > Mar 29 17:43:16.181341 fedora kernel: ? clear_bhb_loop+0x35/0x90
> > Mar 29 17:43:16.181351 fedora kernel: ? clear_bhb_loop+0x35/0x90
> > Mar 29 17:43:16.181360 fedora kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
> > Mar 29 17:43:16.181372 fedora kernel: RIP: 0033:0x7f1aa84c5a8d
> > Mar 29 17:43:16.181381 fedora kernel: Code: ff c3 66 2e 0f 1f 84 00 00
> > 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2
> > 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d
> > 4b>
> > Mar 29 17:43:16.181392 fedora kernel: RSP: 002b:00007ffe5ca79bc8
> > EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> > Mar 29 17:43:16.181406 fedora kernel: RAX: ffffffffffffffda RBX:
> > 00005610a8c7deb0 RCX: 00007f1aa84c5a8d
> > Mar 29 17:43:16.181419 fedora kernel: RDX: 0000000000000000 RSI:
> > 00007f1aa7b88965 RDI: 0000000000000032
> > Mar 29 17:43:16.181431 fedora kernel: RBP: 00007ffe5ca79c80 R08:
> > 0000000000000000 R09: 00007ffe5ca79c30
> > Mar 29 17:43:16.181441 fedora kernel: R10: 0000000000000000 R11:
> > 0000000000000246 R12: 0000000000020000
> > Mar 29 17:43:16.181448 fedora kernel: R13: 00005610a8c7f880 R14:
> > 00007f1aa7b88965 R15: 0000000000000000
> > Mar 29 17:43:16.181458 fedora kernel: </TASK>
> > Mar 29 17:43:16.181472 fedora kernel: Modules linked in: cfg80211(+)
> > thunderbolt(+) thinkpad_acpi(+) igen6_edac intel_soc_dts_iosf
> > platform_profile snd soundcore int3403_thermal int340x_thermal_zone
> > soc_button_>
> > Mar 29 17:43:16.181784 fedora kernel: CR2: 000000000000004c
> > Mar 29 17:43:16.181806 fedora kernel: ---[ end trace 0000000000000000 ]---
> >
> > Best regards
> > Damian
>
> Hmmm - I have a feeling about this one.
>
> Can you apply and test the attached proposed patch? If you do please
> verify if the problem persist and if the driver has all the features
> present before the regression.
>
> If everything goes nicely, feel free to add a Tested-by: tag for when I
> submit this.
>
> --
> ~ Kurt
Hi Kurt,
many thnaks for the fast response.
With this patch my system boot again but i have other dump in dmesg
3.719602] input: ThinkPad Extra Buttons as
/devices/platform/thinkpad_acpi/input/input14
[ 3.720189] idma64 idma64.0: Found Intel integrated DMA 64-bit
[ 3.737008] BUG: kernel NULL pointer dereference, address: 00000000000002a0
[ 3.737014] #PF: supervisor read access in kernel mode
[ 3.737016] #PF: error_code(0x0000) - not-present page
[ 3.737018] PGD 0 P4D 0
[ 3.737022] Oops: Oops: 0000 [#1] SMP NOPTI
[ 3.737026] CPU: 3 UID: 0 PID: 772 Comm: (udev-worker) Not tainted
6.14.0 #357 PREEMPT(lazy)
[ 3.737029] Hardware name: LENOVO 20XWCTO1WW/20XWCTO1WW, BIOS
N32ET95W (1.71 ) 10/24/2024
[ 3.737031] RIP: 0010:device_property_present+0x9/0x20
[ 3.737039] Code: cc cc 31 c0 c3 cc cc cc cc 0f 1f 84 00 00 00 00
00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f
44 00 00 <48> 8b bf 90 02 00 00 e9 5b ff ff ff 66 66 2e 0f 1f 84 00 00
00 00
[ 3.737042] RSP: 0018:ffffcfedc0deb7e8 EFLAGS: 00010202
[ 3.737045] RAX: ffff8d37d5c05810 RBX: 0000000000000010 RCX: 0000000000000000
[ 3.737047] RDX: 0000000000000000 RSI: ffffffff8feded5f RDI: 0000000000000010
[ 3.737049] RBP: ffff8d37d5c05800 R08: 0000000000000400 R09: 0000000000000000
[ 3.737050] R10: ffffcfedc0deb7f0 R11: 0000000000000000 R12: 0000000000000000
[ 3.737052] R13: ffffffffc14c66c0 R14: ffffffffc14d9b8a R15: ffff8d37ccb0de68
[ 3.737054] FS: 00007ff510cec040(0000) GS:ffff8d3b7e3c4000(0000)
knlGS:0000000000000000
[ 3.737056] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.737058] CR2: 00000000000002a0 CR3: 0000000115b28001 CR4: 0000000000f70ef0
[ 3.737060] PKRU: 55555554
[ 3.737061] Call Trace:
[ 3.737064] <TASK>
[ 3.737068] ? show_trace_log_lvl+0x1d2/0x2f0
[ 3.737073] ? show_trace_log_lvl+0x1d2/0x2f0
[ 3.737075] ? show_trace_log_lvl+0x1d2/0x2f0
[ 3.737079] ? __hwmon_device_register+0x2cd/0x550
[ 3.737084] ? __die_body.cold+0x8/0x12
[ 3.737087] ? page_fault_oops+0x146/0x180
[ 3.737093] ? exc_page_fault+0x7e/0x1a0
[ 3.737098] ? asm_exc_page_fault+0x26/0x30
[ 3.737104] ? device_property_present+0x9/0x20
[ 3.737106] __hwmon_device_register+0x2cd/0x550
[ 3.737111] devm_hwmon_device_register_with_groups+0x6d/0xc0
[ 3.737116] tpacpi_hwmon_pdriver_probe+0x29/0x60 [thinkpad_acpi]
[ 3.737132] platform_probe+0x41/0xa0
[ 3.737136] really_probe+0xdb/0x340
[ 3.737140] ? pm_runtime_barrier+0x55/0x90
[ 3.737144] ? __pfx___driver_attach+0x10/0x10
[ 3.737147] __driver_probe_device+0x78/0x140
[ 3.737149] driver_probe_device+0x1f/0xa0
[ 3.737153] __driver_attach+0xb8/0x1d0
[ 3.737156] bus_for_each_dev+0x82/0xd0
[ 3.737159] bus_add_driver+0x12f/0x210
[ 3.737162] driver_register+0x72/0xd0
[ 3.737165] __platform_driver_probe+0x45/0x90
[ 3.737167] __platform_create_bundle+0xe7/0x100
[ 3.737170] ? __pfx_tpacpi_hwmon_pdriver_probe+0x10/0x10 [thinkpad_acpi]
[ 3.737180] ? __pfx_thinkpad_acpi_module_init+0x10/0x10 [thinkpad_acpi]
[ 3.737190] thinkpad_acpi_module_init+0x417/0x470 [thinkpad_acpi]
[ 3.737201] do_one_initcall+0x58/0x300
[ 3.737207] do_init_module+0x82/0x240
[ 3.737211] init_module_from_file+0x8b/0xe0
[ 3.737215] idempotent_init_module+0x113/0x310
[ 3.737218] __x64_sys_finit_module+0x67/0xc0
[ 3.737221] do_syscall_64+0x7f/0x170
[ 3.737225] ? syscall_exit_to_user_mode+0x1d5/0x210
[ 3.737229] ? do_syscall_64+0x8c/0x170
[ 3.737231] ? rseq_get_rseq_cs+0x1d/0x220
[ 3.737236] ? rseq_ip_fixup+0x8c/0x1d0
[ 3.737239] ? __seccomp_filter+0x41/0x4e0
[ 3.737243] ? syscall_exit_to_user_mode_prepare+0x14a/0x180
[ 3.737246] ? syscall_exit_to_user_mode+0x10/0x210
[ 3.737249] ? do_syscall_64+0x8c/0x170
[ 3.737252] ? __x64_sys_close+0x3d/0x80
[ 3.737256] ? kmem_cache_free+0x399/0x440
[ 3.737261] ? syscall_exit_to_user_mode_prepare+0x14a/0x180
[ 3.737264] ? syscall_exit_to_user_mode+0x10/0x210
[ 3.737267] ? do_syscall_64+0x8c/0x170
[ 3.737270] ? do_syscall_64+0x8c/0x170
[ 3.737272] ? clear_bhb_loop+0x35/0x90
[ 3.737275] ? clear_bhb_loop+0x35/0x90
[ 3.737277] ? clear_bhb_loop+0x35/0x90
[ 3.737280] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 3.737283] RIP: 0033:0x7ff5114ffa8d
[ 3.737287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e
fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24
08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4b 63 0f 00 f7 d8 64 89
01 48
[ 3.737289] RSP: 002b:00007ffe378c0848 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 3.737291] RAX: ffffffffffffffda RBX: 0000564e7ff98630 RCX: 00007ff5114ffa8d
[ 3.737293] RDX: 0000000000000000 RSI: 00007ff510c5f965 RDI: 000000000000002d
[ 3.737295] RBP: 00007ffe378c0900 R08: 0000000000000000 R09: 00007ffe378c08b0
[ 3.737297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000020000
[ 3.737298] R13: 0000564e802a2620 R14: 00007ff510c5f965 R15: 0000000000000000
[ 3.737301] </TASK>
[ 3.737303] Modules linked in: snd_pcm pcspkr(+) think_lmi(+)
snd_ctl_led spi_intel_pci intel_rapl_common i2c_i801
processor_thermal_wt_req processor_thermal_power_floor wmi_bmof
firmware_attributes_class cfg80211 idma64 snd_timer spi_intel mei
i2c_smbus processor_thermal_mbox thunderbolt(+) igen6_edac
intel_soc_dts_iosf thinkpad_acpi(+) platform_profile snd
soc_button_array soundcore int3403_thermal int340x_thermal_zone
intel_pmc_core intel_hid sparse_keymap int3400_thermal
acpi_thermal_rel pmt_telemetry acpi_pad pmt_class acpi_tad joydev loop
nfnetlink zram lz4hc_compress lz4_compress bnep xe drm_ttm_helper
drm_suballoc_helper gpu_sched drm_gpuvm drm_exec drm_gpusvm btusb
btrtl btintel btbcm btmtk bluetooth rfkill i915 hid_multitouch
polyval_clmulni nvme polyval_generic i2c_algo_bit nvme_core
ghash_clmulni_intel drm_buddy sha512_ssse3 video ttm sha256_ssse3
nvme_keyring sha1_ssse3 ucsi_acpi drm_display_helper nvme_auth
typec_ucsi i2c_hid_acpi intel_vsec cec typec i2c_hid wmi
pinctrl_tigerlake serio_raw fuse
[ 3.737373] CR2: 00000000000002a0
[ 3.737376] ---[ end trace 0000000000000000 ]---
[ 3.737377] RIP: 0010:device_property_present+0x9/0x20
[ 3.737381] Code: cc cc 31 c0 c3 cc cc cc cc 0f 1f 84 00 00 00 00
00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f
44 00 00 <48> 8b bf 90 02 00 00 e9 5b ff ff ff 66 66 2e 0f 1f 84 00 00
00 00
[ 3.737383] RSP: 0018:ffffcfedc0deb7e8 EFLAGS: 00010202
[ 3.737386] RAX: ffff8d37d5c05810 RBX: 0000000000000010 RCX: 0000000000000000
[ 3.737388] RDX: 0000000000000000 RSI: ffffffff8feded5f RDI: 0000000000000010
[ 3.737389] RBP: ffff8d37d5c05800 R08: 0000000000000400 R09: 0000000000000000
[ 3.737391] R10: ffffcfedc0deb7f0 R11: 0000000000000000 R12: 0000000000000000
[ 3.737393] R13: ffffffffc14c66c0 R14: ffffffffc14d9b8a R15: ffff8d37ccb0de68
[ 3.737394] FS: 00007ff510cec040(0000) GS:ffff8d3b7e3c4000(0000)
knlGS:0000000000000000
[ 3.737397] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.737398] CR2: 00000000000002a0 CR3: 0000000115b28001 CR4: 0000000000f70ef0
[ 3.737400] PKRU: 55555554
[ 3.737402] note: (udev-worker)[772] exited with irqs disabled
[ 3.746619] mc: Linux media interface: v0.10
[ 3.750063] input: PC Speaker as /devices/platform/pcspkr/input/input15
[ 3.755922] resource: resource sanity check: requesting [mem
0x00000000fedc0000-0x00000000fedcdfff], which spans more than pnp
00:05 [mem 0xfedc0000-0xfedc7fff]
[ 3.755929] caller uncore_get_box_mmio_addr+0xe6/0x150
[intel_uncore] mapping multiple BARs
[ 3.796862] intel_rapl_msr: PL4 support detected.
[ 3.796919] intel_rapl_common: Found RAPL domain package
[ 3.796924] intel_rapl_common: Found RAPL domain core
[ 3.796926] intel_rapl_common: Found RAPL domain uncore
[ 3.796929] intel_rapl_common: Found RAPL domain psys
[ 3.926269] i801_smbus 0000:00:1f.4: SMBus is busy, can't use it!
Best regards
Damian
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel Null Pointer Dereference on Fedora with thinkpad_acpi
2025-03-30 6:28 ` Damian Tometzki
@ 2025-03-30 6:47 ` Kurt Borja
2025-03-30 10:16 ` Damian Tometzki
0 siblings, 1 reply; 6+ messages in thread
From: Kurt Borja @ 2025-03-30 6:47 UTC (permalink / raw)
To: Damian Tometzki
Cc: hmh, ibm-acpi-devel, platform-driver-x86,
Linux Kernel Mailing List
[-- Attachment #1.1: Type: text/plain, Size: 9789 bytes --]
On Sun Mar 30, 2025 at 3:28 AM -03, Damian Tometzki wrote:
> On Sun, Mar 30, 2025 at 8:01 AM Kurt Borja <kuurtb@gmail.com> wrote:
>>
>> Hi Damian,
>>
>> On Sun Mar 30, 2025 at 2:19 AM -03, Damian Tometzki wrote:
>> > Hi together,
>> >
>> > I encountered a kernel crash on a Lenovo ThinkPad (BIOS N32ET95W 1.71)
>> > running Fedora with kernel 6.15 (merge window) 7f2ff7b62617. The issue
>> > is a NULL pointer dereference during initialization of the
>> > thinkpad_acpi module. The crash occurs in kobject_get() while handling
>> > RFKill device registration (tpacpi_new_rfkill → rfkill_register →
>> > device_add).
>> > With kernel 6.14 system boot´s fine
>> >
>> > Let me know if further logs or debugging info are needed. Below the short dump
>> >
>> > Mar 29 17:43:16.173712 fedora kernel: thinkpad_acpi: Disabling
>> > thinkpad-acpi brightness events by default...
>> > Mar 29 17:43:16.175636 fedora kernel: ACPI: bus type thunderbolt registered
>> > Mar 29 17:43:16.179626 fedora kernel: BUG: kernel NULL pointer
>> > dereference, address: 000000000000004c
>> > Mar 29 17:43:16.179689 fedora kernel: #PF: supervisor read access in kernel mode
>> > Mar 29 17:43:16.180235 fedora kernel: #PF: error_code(0x0000) - not-present page
>> > Mar 29 17:43:16.180290 fedora kernel: PGD 0 P4D 0
>> > Mar 29 17:43:16.180325 fedora kernel: Oops: Oops: 0000 [#1] SMP NOPTI
>> > Mar 29 17:43:16.180340 fedora kernel: CPU: 6 UID: 0 PID: 1015 Comm:
>> > (udev-worker) Not tainted 6.14.0 #355 PREEMPT(lazy)
>> > Mar 29 17:43:16.180449 fedora kernel: Hardware name: LENOVO
>> > 20XWCTO1WW/20XWCTO1WW, BIOS N32ET95W (1.71 ) 10/24/2024
>> > Mar 29 17:43:16.180469 fedora kernel: RIP: 0010:kobject_get+0xd/0x70
>> > Mar 29 17:43:16.180491 fedora kernel: Code: 66 66 2e 0f 1f 84 00 00 00
>> > 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
>> > fa 53 48 89 fb 48 85 ff 74 1f <f6> 47 3c 01 74 22 48 8d 7b 38 b8 01
>> > 00>
>> > Mar 29 17:43:16.180506 fedora kernel: RSP: 0018:ffffd3d200b5f750
>> > EFLAGS: 00010202
>> > Mar 29 17:43:16.180523 fedora kernel: RAX: ffff8ebbc10fac00 RBX:
>> > 0000000000000010 RCX: 0000000000000000
>> > Mar 29 17:43:16.180534 fedora kernel: RDX: 0000000000000000 RSI:
>> > ffffffff9aebafa0 RDI: 0000000000000010
>> > Mar 29 17:43:16.180547 fedora kernel: RBP: ffff8ebbd49f4b88 R08:
>> > 0000000000000100 R09: 0000000000000000
>> > Mar 29 17:43:16.180559 fedora kernel: R10: ffffd3d200b5f760 R11:
>> > 0000000000000008 R12: 0000000000000010
>> > Mar 29 17:43:16.180573 fedora kernel: R13: ffff8ebbc8b12388 R14:
>> > ffffffffc14a7500 R15: 0000000000000000
>> > Mar 29 17:43:16.180587 fedora kernel: FS: 00007f1aa7c15040(0000)
>> > GS:ffff8ebf72546000(0000) knlGS:0000000000000000
>> > Mar 29 17:43:16.180606 fedora kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
>> > 0000000080050033
>> > Mar 29 17:43:16.180630 fedora kernel: CR2: 000000000000004c CR3:
>> > 0000000113948001 CR4: 0000000000f70ef0
>> > Mar 29 17:43:16.180642 fedora kernel: PKRU: 55555554
>> > Mar 29 17:43:16.180654 fedora kernel: Call Trace:
>> > Mar 29 17:43:16.180664 fedora kernel: <TASK>
>> > Mar 29 17:43:16.180676 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
>> > Mar 29 17:43:16.180688 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
>> > Mar 29 17:43:16.180704 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
>> > Mar 29 17:43:16.180712 fedora kernel: ? device_add+0x8f/0x6e0
>> > Mar 29 17:43:16.180724 fedora kernel: ? __die_body.cold+0x8/0x12
>> > Mar 29 17:43:16.180739 fedora kernel: ? page_fault_oops+0x146/0x180
>> > Mar 29 17:43:16.180748 fedora kernel: ? exc_page_fault+0x7e/0x1a0
>> > Mar 29 17:43:16.180758 fedora kernel: ? asm_exc_page_fault+0x26/0x30
>> > Mar 29 17:43:16.180769 fedora kernel: ? __pfx_klist_children_get+0x10/0x10
>> > Mar 29 17:43:16.180781 fedora kernel: ? kobject_get+0xd/0x70
>> > Mar 29 17:43:16.180792 fedora kernel: device_add+0x8f/0x6e0
>> > Mar 29 17:43:16.180804 fedora kernel: rfkill_register+0xbc/0x2c0 [rfkill]
>> > Mar 29 17:43:16.180813 fedora kernel: tpacpi_new_rfkill+0x185/0x230
>> > [thinkpad_acpi]
>> > Mar 29 17:43:16.180826 fedora kernel: ibm_init+0x66/0x2a0 [thinkpad_acpi]
>> > Mar 29 17:43:16.180840 fedora kernel:
>> > tpacpi_pdriver_probe+0x160/0x250 [thinkpad_acpi]
>> > Mar 29 17:43:16.180852 fedora kernel: platform_probe+0x41/0xa0
>> > Mar 29 17:43:16.180887 fedora kernel: really_probe+0xdb/0x340
>> > Mar 29 17:43:16.180900 fedora kernel: ? pm_runtime_barrier+0x55/0x90
>> > Mar 29 17:43:16.180912 fedora kernel: ? __pfx___driver_attach+0x10/0x10
>> > Mar 29 17:43:16.180920 fedora kernel: __driver_probe_device+0x78/0x140
>> > Mar 29 17:43:16.180932 fedora kernel: driver_probe_device+0x1f/0xa0
>> > Mar 29 17:43:16.180942 fedora kernel: __driver_attach+0xb8/0x1d0
>> > Mar 29 17:43:16.180954 fedora kernel: bus_for_each_dev+0x82/0xd0
>> > Mar 29 17:43:16.180966 fedora kernel: bus_add_driver+0x12f/0x210
>> > Mar 29 17:43:16.180976 fedora kernel: driver_register+0x72/0xd0
>> > Mar 29 17:43:16.180988 fedora kernel: __platform_driver_probe+0x45/0x90
>> > Mar 29 17:43:16.180999 fedora kernel: __platform_create_bundle+0xe7/0x100
>> > Mar 29 17:43:16.181011 fedora kernel: ?
>> > __pfx_tpacpi_pdriver_probe+0x10/0x10 [thinkpad_acpi]
>> > Mar 29 17:43:16.181025 fedora kernel: ?
>> > __pfx_thinkpad_acpi_module_init+0x10/0x10 [thinkpad_acpi]
>> > Mar 29 17:43:16.181035 fedora kernel:
>> > thinkpad_acpi_module_init+0x37e/0x430 [thinkpad_acpi]
>> > Mar 29 17:43:16.181045 fedora kernel: do_one_initcall+0x58/0x300
>> > Mar 29 17:43:16.181053 fedora kernel: do_init_module+0x82/0x240
>> > Mar 29 17:43:16.181065 fedora kernel: init_module_from_file+0x8b/0xe0
>> > Mar 29 17:43:16.181073 fedora kernel: idempotent_init_module+0x113/0x310
>> > Mar 29 17:43:16.181083 fedora kernel: __x64_sys_finit_module+0x67/0xc0
>> > Mar 29 17:43:16.181093 fedora kernel: do_syscall_64+0x7f/0x170
>> > Mar 29 17:43:16.181103 fedora kernel: ? syscall_exit_to_user_mode+0x1d5/0x210
>> > Mar 29 17:43:16.181112 fedora kernel: ? do_syscall_64+0x8c/0x170
>> > Mar 29 17:43:16.181124 fedora kernel: ?
>> > syscall_exit_to_user_mode_prepare+0x14a/0x180
>> > Mar 29 17:43:16.181135 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
>> > Mar 29 17:43:16.181144 fedora kernel: ? do_syscall_64+0x8c/0x170
>> > Mar 29 17:43:16.181152 fedora kernel: ?
>> > syscall_exit_to_user_mode_prepare+0x14a/0x180
>> > Mar 29 17:43:16.181163 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
>> > Mar 29 17:43:16.181173 fedora kernel: ? do_syscall_64+0x8c/0x170
>> > Mar 29 17:43:16.181182 fedora kernel: ? seq_read_iter+0x20e/0x480
>> > Mar 29 17:43:16.181198 fedora kernel: ? vfs_read+0x29b/0x370
>> > Mar 29 17:43:16.181217 fedora kernel: ? __seccomp_filter+0x41/0x4e0
>> > Mar 29 17:43:16.181233 fedora kernel: ?
>> > syscall_exit_to_user_mode_prepare+0x14a/0x180
>> > Mar 29 17:43:16.181250 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
>> > Mar 29 17:43:16.181264 fedora kernel: ? do_syscall_64+0x8c/0x170
>> > Mar 29 17:43:16.181280 fedora kernel: ? do_syscall_64+0x8c/0x170
>> > Mar 29 17:43:16.181292 fedora kernel: ?
>> > syscall_exit_to_user_mode_prepare+0x14a/0x180
>> > Mar 29 17:43:16.181316 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
>> > Mar 29 17:43:16.181331 fedora kernel: ? clear_bhb_loop+0x35/0x90
>> > Mar 29 17:43:16.181341 fedora kernel: ? clear_bhb_loop+0x35/0x90
>> > Mar 29 17:43:16.181351 fedora kernel: ? clear_bhb_loop+0x35/0x90
>> > Mar 29 17:43:16.181360 fedora kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
>> > Mar 29 17:43:16.181372 fedora kernel: RIP: 0033:0x7f1aa84c5a8d
>> > Mar 29 17:43:16.181381 fedora kernel: Code: ff c3 66 2e 0f 1f 84 00 00
>> > 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2
>> > 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d
>> > 4b>
>> > Mar 29 17:43:16.181392 fedora kernel: RSP: 002b:00007ffe5ca79bc8
>> > EFLAGS: 00000246 ORIG_RAX: 0000000000000139
>> > Mar 29 17:43:16.181406 fedora kernel: RAX: ffffffffffffffda RBX:
>> > 00005610a8c7deb0 RCX: 00007f1aa84c5a8d
>> > Mar 29 17:43:16.181419 fedora kernel: RDX: 0000000000000000 RSI:
>> > 00007f1aa7b88965 RDI: 0000000000000032
>> > Mar 29 17:43:16.181431 fedora kernel: RBP: 00007ffe5ca79c80 R08:
>> > 0000000000000000 R09: 00007ffe5ca79c30
>> > Mar 29 17:43:16.181441 fedora kernel: R10: 0000000000000000 R11:
>> > 0000000000000246 R12: 0000000000020000
>> > Mar 29 17:43:16.181448 fedora kernel: R13: 00005610a8c7f880 R14:
>> > 00007f1aa7b88965 R15: 0000000000000000
>> > Mar 29 17:43:16.181458 fedora kernel: </TASK>
>> > Mar 29 17:43:16.181472 fedora kernel: Modules linked in: cfg80211(+)
>> > thunderbolt(+) thinkpad_acpi(+) igen6_edac intel_soc_dts_iosf
>> > platform_profile snd soundcore int3403_thermal int340x_thermal_zone
>> > soc_button_>
>> > Mar 29 17:43:16.181784 fedora kernel: CR2: 000000000000004c
>> > Mar 29 17:43:16.181806 fedora kernel: ---[ end trace 0000000000000000 ]---
>> >
>> > Best regards
>> > Damian
>>
>> Hmmm - I have a feeling about this one.
>>
>> Can you apply and test the attached proposed patch? If you do please
>> verify if the problem persist and if the driver has all the features
>> present before the regression.
>>
>> If everything goes nicely, feel free to add a Tested-by: tag for when I
>> submit this.
>>
>> --
>> ~ Kurt
>
> Hi Kurt,
>
> many thnaks for the fast response.
> With this patch my system boot again but i have other dump in dmesg
Oh, makes sense. It's the same problem but it was hidden because of the
previous one.
The attached patch should fix it.
--
~ Kurt
[-- Attachment #2: 0001-platform-x86-thinkpad_acpi-Fix-rfkill-null-pointer-d.patch --]
[-- Type: text/x-patch, Size: 2733 bytes --]
From 4cd53867580d85128ef81bd076e423faf4069076 Mon Sep 17 00:00:00 2001
From: Kurt Borja <kuurtb@gmail.com>
Date: Sun, 30 Mar 2025 02:53:26 -0300
Subject: [PATCH] platform/x86: thinkpad_acpi: Fix rfkill null pointer deref
Signed-off-by: Kurt Borja <kuurtb@gmail.com>
---
drivers/platform/x86/thinkpad_acpi.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
index 0384cf311878..a17efb68664c 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -367,6 +367,7 @@ static struct {
u32 beep_needs_two_args:1;
u32 mixer_no_level_control:1;
u32 battery_force_primary:1;
+ u32 platform_drv_registered:1;
u32 hotkey_poll_active:1;
u32 has_adaptive_kbd:1;
u32 kbd_lang:1;
@@ -11820,10 +11821,10 @@ static void thinkpad_acpi_module_exit(void)
platform_device_unregister(tpacpi_sensors_pdev);
}
- if (tpacpi_pdev) {
+ if (tp_features.platform_drv_registered)
platform_driver_unregister(&tpacpi_pdriver);
+ if (tpacpi_pdev)
platform_device_unregister(tpacpi_pdev);
- }
if (proc_dir)
remove_proc_entry(TPACPI_PROC_DIR, acpi_root_dir);
@@ -11893,9 +11894,8 @@ static int __init tpacpi_pdriver_probe(struct platform_device *pdev)
static int __init tpacpi_hwmon_pdriver_probe(struct platform_device *pdev)
{
- tpacpi_hwmon = devm_hwmon_device_register_with_groups(
- &tpacpi_sensors_pdev->dev, TPACPI_NAME, NULL, tpacpi_hwmon_groups);
-
+ tpacpi_hwmon = devm_hwmon_device_register_with_groups(&pdev->dev, TPACPI_NAME,
+ NULL, tpacpi_hwmon_groups);
if (IS_ERR(tpacpi_hwmon))
pr_err("unable to register hwmon device\n");
@@ -11965,16 +11965,24 @@ static int __init thinkpad_acpi_module_init(void)
tp_features.quirks = dmi_id->driver_data;
/* Device initialization */
- tpacpi_pdev = platform_create_bundle(&tpacpi_pdriver, tpacpi_pdriver_probe,
- NULL, 0, NULL, 0);
+ tpacpi_pdev = platform_device_register_simple(TPACPI_DRVR_NAME, PLATFORM_DEVID_NONE,
+ NULL, 0);
if (IS_ERR(tpacpi_pdev)) {
ret = PTR_ERR(tpacpi_pdev);
tpacpi_pdev = NULL;
- pr_err("unable to register platform device/driver bundle\n");
+ pr_err("unable to register platform device\n");
thinkpad_acpi_module_exit();
return ret;
}
+ ret = platform_driver_probe(&tpacpi_pdriver, tpacpi_pdriver_probe);
+ if (ret) {
+ pr_err("unable to register main platform driver\n");
+ thinkpad_acpi_module_exit();
+ return ret;
+ }
+ tp_features.platform_drv_registered = 1;
+
tpacpi_sensors_pdev = platform_create_bundle(&tpacpi_hwmon_pdriver,
tpacpi_hwmon_pdriver_probe,
NULL, 0, NULL, 0);
--
2.49.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: Kernel Null Pointer Dereference on Fedora with thinkpad_acpi
2025-03-30 6:47 ` Kurt Borja
@ 2025-03-30 10:16 ` Damian Tometzki
2025-03-30 15:41 ` Kurt Borja
0 siblings, 1 reply; 6+ messages in thread
From: Damian Tometzki @ 2025-03-30 10:16 UTC (permalink / raw)
To: Kurt Borja
Cc: hmh, ibm-acpi-devel, platform-driver-x86,
Linux Kernel Mailing List
Hello Kurt,
hello together,
I successfully tested the patch on my ThinkPad X1. System boots
normally without errors.
Tested-by: Damian Tometzki <damian@riscv-rocks.de>
Best regards
Damian
On Sun, Mar 30, 2025 at 8:47 AM Kurt Borja <kuurtb@gmail.com> wrote:
>
> On Sun Mar 30, 2025 at 3:28 AM -03, Damian Tometzki wrote:
> > On Sun, Mar 30, 2025 at 8:01 AM Kurt Borja <kuurtb@gmail.com> wrote:
> >>
> >> Hi Damian,
> >>
> >> On Sun Mar 30, 2025 at 2:19 AM -03, Damian Tometzki wrote:
> >> > Hi together,
> >> >
> >> > I encountered a kernel crash on a Lenovo ThinkPad (BIOS N32ET95W 1.71)
> >> > running Fedora with kernel 6.15 (merge window) 7f2ff7b62617. The issue
> >> > is a NULL pointer dereference during initialization of the
> >> > thinkpad_acpi module. The crash occurs in kobject_get() while handling
> >> > RFKill device registration (tpacpi_new_rfkill → rfkill_register →
> >> > device_add).
> >> > With kernel 6.14 system boot´s fine
> >> >
> >> > Let me know if further logs or debugging info are needed. Below the short dump
> >> >
> >> > Mar 29 17:43:16.173712 fedora kernel: thinkpad_acpi: Disabling
> >> > thinkpad-acpi brightness events by default...
> >> > Mar 29 17:43:16.175636 fedora kernel: ACPI: bus type thunderbolt registered
> >> > Mar 29 17:43:16.179626 fedora kernel: BUG: kernel NULL pointer
> >> > dereference, address: 000000000000004c
> >> > Mar 29 17:43:16.179689 fedora kernel: #PF: supervisor read access in kernel mode
> >> > Mar 29 17:43:16.180235 fedora kernel: #PF: error_code(0x0000) - not-present page
> >> > Mar 29 17:43:16.180290 fedora kernel: PGD 0 P4D 0
> >> > Mar 29 17:43:16.180325 fedora kernel: Oops: Oops: 0000 [#1] SMP NOPTI
> >> > Mar 29 17:43:16.180340 fedora kernel: CPU: 6 UID: 0 PID: 1015 Comm:
> >> > (udev-worker) Not tainted 6.14.0 #355 PREEMPT(lazy)
> >> > Mar 29 17:43:16.180449 fedora kernel: Hardware name: LENOVO
> >> > 20XWCTO1WW/20XWCTO1WW, BIOS N32ET95W (1.71 ) 10/24/2024
> >> > Mar 29 17:43:16.180469 fedora kernel: RIP: 0010:kobject_get+0xd/0x70
> >> > Mar 29 17:43:16.180491 fedora kernel: Code: 66 66 2e 0f 1f 84 00 00 00
> >> > 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
> >> > fa 53 48 89 fb 48 85 ff 74 1f <f6> 47 3c 01 74 22 48 8d 7b 38 b8 01
> >> > 00>
> >> > Mar 29 17:43:16.180506 fedora kernel: RSP: 0018:ffffd3d200b5f750
> >> > EFLAGS: 00010202
> >> > Mar 29 17:43:16.180523 fedora kernel: RAX: ffff8ebbc10fac00 RBX:
> >> > 0000000000000010 RCX: 0000000000000000
> >> > Mar 29 17:43:16.180534 fedora kernel: RDX: 0000000000000000 RSI:
> >> > ffffffff9aebafa0 RDI: 0000000000000010
> >> > Mar 29 17:43:16.180547 fedora kernel: RBP: ffff8ebbd49f4b88 R08:
> >> > 0000000000000100 R09: 0000000000000000
> >> > Mar 29 17:43:16.180559 fedora kernel: R10: ffffd3d200b5f760 R11:
> >> > 0000000000000008 R12: 0000000000000010
> >> > Mar 29 17:43:16.180573 fedora kernel: R13: ffff8ebbc8b12388 R14:
> >> > ffffffffc14a7500 R15: 0000000000000000
> >> > Mar 29 17:43:16.180587 fedora kernel: FS: 00007f1aa7c15040(0000)
> >> > GS:ffff8ebf72546000(0000) knlGS:0000000000000000
> >> > Mar 29 17:43:16.180606 fedora kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
> >> > 0000000080050033
> >> > Mar 29 17:43:16.180630 fedora kernel: CR2: 000000000000004c CR3:
> >> > 0000000113948001 CR4: 0000000000f70ef0
> >> > Mar 29 17:43:16.180642 fedora kernel: PKRU: 55555554
> >> > Mar 29 17:43:16.180654 fedora kernel: Call Trace:
> >> > Mar 29 17:43:16.180664 fedora kernel: <TASK>
> >> > Mar 29 17:43:16.180676 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> >> > Mar 29 17:43:16.180688 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> >> > Mar 29 17:43:16.180704 fedora kernel: ? show_trace_log_lvl+0x1d2/0x2f0
> >> > Mar 29 17:43:16.180712 fedora kernel: ? device_add+0x8f/0x6e0
> >> > Mar 29 17:43:16.180724 fedora kernel: ? __die_body.cold+0x8/0x12
> >> > Mar 29 17:43:16.180739 fedora kernel: ? page_fault_oops+0x146/0x180
> >> > Mar 29 17:43:16.180748 fedora kernel: ? exc_page_fault+0x7e/0x1a0
> >> > Mar 29 17:43:16.180758 fedora kernel: ? asm_exc_page_fault+0x26/0x30
> >> > Mar 29 17:43:16.180769 fedora kernel: ? __pfx_klist_children_get+0x10/0x10
> >> > Mar 29 17:43:16.180781 fedora kernel: ? kobject_get+0xd/0x70
> >> > Mar 29 17:43:16.180792 fedora kernel: device_add+0x8f/0x6e0
> >> > Mar 29 17:43:16.180804 fedora kernel: rfkill_register+0xbc/0x2c0 [rfkill]
> >> > Mar 29 17:43:16.180813 fedora kernel: tpacpi_new_rfkill+0x185/0x230
> >> > [thinkpad_acpi]
> >> > Mar 29 17:43:16.180826 fedora kernel: ibm_init+0x66/0x2a0 [thinkpad_acpi]
> >> > Mar 29 17:43:16.180840 fedora kernel:
> >> > tpacpi_pdriver_probe+0x160/0x250 [thinkpad_acpi]
> >> > Mar 29 17:43:16.180852 fedora kernel: platform_probe+0x41/0xa0
> >> > Mar 29 17:43:16.180887 fedora kernel: really_probe+0xdb/0x340
> >> > Mar 29 17:43:16.180900 fedora kernel: ? pm_runtime_barrier+0x55/0x90
> >> > Mar 29 17:43:16.180912 fedora kernel: ? __pfx___driver_attach+0x10/0x10
> >> > Mar 29 17:43:16.180920 fedora kernel: __driver_probe_device+0x78/0x140
> >> > Mar 29 17:43:16.180932 fedora kernel: driver_probe_device+0x1f/0xa0
> >> > Mar 29 17:43:16.180942 fedora kernel: __driver_attach+0xb8/0x1d0
> >> > Mar 29 17:43:16.180954 fedora kernel: bus_for_each_dev+0x82/0xd0
> >> > Mar 29 17:43:16.180966 fedora kernel: bus_add_driver+0x12f/0x210
> >> > Mar 29 17:43:16.180976 fedora kernel: driver_register+0x72/0xd0
> >> > Mar 29 17:43:16.180988 fedora kernel: __platform_driver_probe+0x45/0x90
> >> > Mar 29 17:43:16.180999 fedora kernel: __platform_create_bundle+0xe7/0x100
> >> > Mar 29 17:43:16.181011 fedora kernel: ?
> >> > __pfx_tpacpi_pdriver_probe+0x10/0x10 [thinkpad_acpi]
> >> > Mar 29 17:43:16.181025 fedora kernel: ?
> >> > __pfx_thinkpad_acpi_module_init+0x10/0x10 [thinkpad_acpi]
> >> > Mar 29 17:43:16.181035 fedora kernel:
> >> > thinkpad_acpi_module_init+0x37e/0x430 [thinkpad_acpi]
> >> > Mar 29 17:43:16.181045 fedora kernel: do_one_initcall+0x58/0x300
> >> > Mar 29 17:43:16.181053 fedora kernel: do_init_module+0x82/0x240
> >> > Mar 29 17:43:16.181065 fedora kernel: init_module_from_file+0x8b/0xe0
> >> > Mar 29 17:43:16.181073 fedora kernel: idempotent_init_module+0x113/0x310
> >> > Mar 29 17:43:16.181083 fedora kernel: __x64_sys_finit_module+0x67/0xc0
> >> > Mar 29 17:43:16.181093 fedora kernel: do_syscall_64+0x7f/0x170
> >> > Mar 29 17:43:16.181103 fedora kernel: ? syscall_exit_to_user_mode+0x1d5/0x210
> >> > Mar 29 17:43:16.181112 fedora kernel: ? do_syscall_64+0x8c/0x170
> >> > Mar 29 17:43:16.181124 fedora kernel: ?
> >> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> >> > Mar 29 17:43:16.181135 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> >> > Mar 29 17:43:16.181144 fedora kernel: ? do_syscall_64+0x8c/0x170
> >> > Mar 29 17:43:16.181152 fedora kernel: ?
> >> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> >> > Mar 29 17:43:16.181163 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> >> > Mar 29 17:43:16.181173 fedora kernel: ? do_syscall_64+0x8c/0x170
> >> > Mar 29 17:43:16.181182 fedora kernel: ? seq_read_iter+0x20e/0x480
> >> > Mar 29 17:43:16.181198 fedora kernel: ? vfs_read+0x29b/0x370
> >> > Mar 29 17:43:16.181217 fedora kernel: ? __seccomp_filter+0x41/0x4e0
> >> > Mar 29 17:43:16.181233 fedora kernel: ?
> >> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> >> > Mar 29 17:43:16.181250 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> >> > Mar 29 17:43:16.181264 fedora kernel: ? do_syscall_64+0x8c/0x170
> >> > Mar 29 17:43:16.181280 fedora kernel: ? do_syscall_64+0x8c/0x170
> >> > Mar 29 17:43:16.181292 fedora kernel: ?
> >> > syscall_exit_to_user_mode_prepare+0x14a/0x180
> >> > Mar 29 17:43:16.181316 fedora kernel: ? syscall_exit_to_user_mode+0x10/0x210
> >> > Mar 29 17:43:16.181331 fedora kernel: ? clear_bhb_loop+0x35/0x90
> >> > Mar 29 17:43:16.181341 fedora kernel: ? clear_bhb_loop+0x35/0x90
> >> > Mar 29 17:43:16.181351 fedora kernel: ? clear_bhb_loop+0x35/0x90
> >> > Mar 29 17:43:16.181360 fedora kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
> >> > Mar 29 17:43:16.181372 fedora kernel: RIP: 0033:0x7f1aa84c5a8d
> >> > Mar 29 17:43:16.181381 fedora kernel: Code: ff c3 66 2e 0f 1f 84 00 00
> >> > 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2
> >> > 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d
> >> > 4b>
> >> > Mar 29 17:43:16.181392 fedora kernel: RSP: 002b:00007ffe5ca79bc8
> >> > EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> >> > Mar 29 17:43:16.181406 fedora kernel: RAX: ffffffffffffffda RBX:
> >> > 00005610a8c7deb0 RCX: 00007f1aa84c5a8d
> >> > Mar 29 17:43:16.181419 fedora kernel: RDX: 0000000000000000 RSI:
> >> > 00007f1aa7b88965 RDI: 0000000000000032
> >> > Mar 29 17:43:16.181431 fedora kernel: RBP: 00007ffe5ca79c80 R08:
> >> > 0000000000000000 R09: 00007ffe5ca79c30
> >> > Mar 29 17:43:16.181441 fedora kernel: R10: 0000000000000000 R11:
> >> > 0000000000000246 R12: 0000000000020000
> >> > Mar 29 17:43:16.181448 fedora kernel: R13: 00005610a8c7f880 R14:
> >> > 00007f1aa7b88965 R15: 0000000000000000
> >> > Mar 29 17:43:16.181458 fedora kernel: </TASK>
> >> > Mar 29 17:43:16.181472 fedora kernel: Modules linked in: cfg80211(+)
> >> > thunderbolt(+) thinkpad_acpi(+) igen6_edac intel_soc_dts_iosf
> >> > platform_profile snd soundcore int3403_thermal int340x_thermal_zone
> >> > soc_button_>
> >> > Mar 29 17:43:16.181784 fedora kernel: CR2: 000000000000004c
> >> > Mar 29 17:43:16.181806 fedora kernel: ---[ end trace 0000000000000000 ]---
> >> >
> >> > Best regards
> >> > Damian
> >>
> >> Hmmm - I have a feeling about this one.
> >>
> >> Can you apply and test the attached proposed patch? If you do please
> >> verify if the problem persist and if the driver has all the features
> >> present before the regression.
> >>
> >> If everything goes nicely, feel free to add a Tested-by: tag for when I
> >> submit this.
> >>
> >> --
> >> ~ Kurt
> >
> > Hi Kurt,
> >
> > many thnaks for the fast response.
> > With this patch my system boot again but i have other dump in dmesg
>
> Oh, makes sense. It's the same problem but it was hidden because of the
> previous one.
>
> The attached patch should fix it.
>
> --
> ~ Kurt
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Kernel Null Pointer Dereference on Fedora with thinkpad_acpi
2025-03-30 10:16 ` Damian Tometzki
@ 2025-03-30 15:41 ` Kurt Borja
0 siblings, 0 replies; 6+ messages in thread
From: Kurt Borja @ 2025-03-30 15:41 UTC (permalink / raw)
To: Damian Tometzki
Cc: hmh, ibm-acpi-devel, platform-driver-x86,
Linux Kernel Mailing List
On Sun Mar 30, 2025 at 7:16 AM -03, Damian Tometzki wrote:
> Hello Kurt,
> hello together,
>
> I successfully tested the patch on my ThinkPad X1. System boots
> normally without errors.
>
> Tested-by: Damian Tometzki <damian@riscv-rocks.de>
>
> Best regards
> Damian
Thanks a lot for reporting and testing! The fix has been submitted now.
--
~ Kurt
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-03-30 15:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-30 5:19 Kernel Null Pointer Dereference on Fedora with thinkpad_acpi Damian Tometzki
2025-03-30 6:01 ` Kurt Borja
2025-03-30 6:28 ` Damian Tometzki
2025-03-30 6:47 ` Kurt Borja
2025-03-30 10:16 ` Damian Tometzki
2025-03-30 15:41 ` Kurt Borja
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox