Re: linux/rmi4 driver: "BUG: kernel NULL pointer dereference" when accessing update_fw_status or bootloader_id
From: Dmitry Torokhov
Date: Wed Apr 30 2025 - 23:03:27 EST
Hi Hanno,
On Wed, Apr 30, 2025 at 09:38:16PM +0200, Hanno Böck wrote:
> Hi,
>
> I noticed that trying to read some sysfs entries created by the rmi4
> driver cause a kernel oops (BUG: kernel NULL pointer dereference).
>
> This can be triggered simply by running cat on these files, also as a
> user. Tested on a current vanilla kernel (6.14.4).
> It happens when trying to read from one of these files (exact path
> likely will differ depending on system):
> /sys/devices/pci0000:00/0000:00:1f.4/i2c-6/6-002c/rmi4-00/update_fw_status
> /sys/devices/pci0000:00/0000:00:1f.4/i2c-6/6-002c/rmi4-00/bootloader_id
>
> This is on a Lenovo X1 Carbon 2018 edition, lsusb lists the touchpad as:
> Bus 001 Device 010: ID 06cb:009a Synaptics, Inc. Metallica MIS Touch
> Fingerprint Reader
>
> The dmesg output for an access to bootloader_id:
> [ 68.184846] BUG: kernel NULL pointer dereference, address: 0000000000000008
> [ 68.184866] #PF: supervisor read access in kernel mode
> [ 68.184875] #PF: error_code(0x0000) - not-present page
> [ 68.184882] PGD 0 P4D 0
> [ 68.184892] Oops: Oops: 0000 [#1] SMP
> [ 68.184902] CPU: 6 UID: 1000 PID: 4704 Comm: cat Tainted: G U 6.14.4 #2
> [ 68.184915] Tainted: [U]=USER
> [ 68.184919] Hardware name: LENOVO 20KHCTO1WW/20KHCTO1WW, BIOS N23ET90W (1.65 ) 11/07/2024
> [ 68.184926] RIP: 0010:rmi_driver_bootloader_id_show+0x1d/0x60
Do you have anything earlier in your dmesg referencing "F34" by chance?
Thanks.
--
Dmitry