Description of problem: Problem happened after normal system updates. The computer booted extremely slowly to the login prompt and booted unusually after that (no KDE splash screen and just a frozen Fedora screen until the desktop eventually loaded). Problem was resolved by stopping, disabling, and masking the iio-sensor-proxy.service. This was verified by the computer booting quickly again and by looking at dmesg (which showed a kernel specific bug before this fix and did not show that bug after this fix). The laptop this happened on has a touchscreen and the screen can fold backwards to make it like a tablet. As such, the laptop may have some sort of sensor that iio-sensor-proxy.service is now not getting along with. Additional info: reporter: libreport-2.17.15 BUG: kernel NULL pointer dereference, address: 0000000000000001 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 0 UID: 0 PID: 1039 Comm: iio-sensor-prox Not tainted 6.15.9-201.fc42.x86_64 #1 PREEMPT(lazy) Hardware name: LENOVO 20HSS00Q00/20HSS00Q00, BIOS R0LET22W (1.07 ) 05/11/2017 RIP: 0010:bmc150_accel_set_interrupt+0x73/0x140 [bmc150_accel_core] Code: 84 83 00 00 00 b8 01 00 00 00 f0 0f c1 06 83 c0 01 83 f8 01 7f 5f 49 8b 3c 24 be 01 00 00 00 e8 93 fa ff ff 89 c5 85 c0 75 4d <0f> b6 53 01 0f b6 33 45 31 c9 45 31 c0 49 8b 3c 24 6a 00 89 d1 e8 RSP: 0018:ffffcc27406dfc90 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffff01 RDX: ffffffff96583025 RSI: 0000000000000202 RDI: ffff88e4c02a4104 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: fffff54104037e80 R12: ffff88e4cda49570 R13: ffff88e4cda49330 R14: ffff88e4c02a4020 R15: ffff88e4cda49000 FS: 00007fbf1dba0940(0000) GS:ffff88e63e670000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000001 CR3: 000000010e572005 CR4: 00000000003726f0 Call Trace: <TASK> bmc150_accel_buffer_postenable+0x5e/0xa0 [bmc150_accel_core] iio_enable_buffers+0x172/0x2c0 [industrialio] __iio_update_buffers+0x237/0x2e0 [industrialio] enable_store+0x81/0xe0 [industrialio] kernfs_fop_write_iter+0x135/0x1f0 vfs_write+0x28b/0x470 ksys_write+0x73/0xe0 do_syscall_64+0x7b/0x160 ? ksys_write+0xa8/0xe0 ? syscall_exit_to_user_mode+0x10/0x210 ? do_syscall_64+0x87/0x160 ? syscall_exit_to_user_mode+0x10/0x210 ? do_syscall_64+0x87/0x160 ? exc_page_fault+0x7e/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fbf1df36642 Code: 08 0f 85 81 42 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 RSP: 002b:00007ffc83469198 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fbf1df36642 RDX: 0000000000000001 RSI: 00007ffc83469370 RDI: 0000000000000009 RBP: 00007ffc834691d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc83469370 R14: 000055e555be8fd0 R15: 0000000000000002 </TASK> Modules linked in: bnep snd_sof_pci_intel_skl snd_sof_intel_hda_generic soundwire_intel snd_sof_intel_hda_sdw_bpt snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi_intel_sdca_quirks soundwire_generic_allocation snd_soc_acpi intel_rapl_msr crc8 soundwire_bus intel_rapl_common snd_soc_sdca intel_uncore_frequency snd_soc_avs intel_uncore_frequency_common intel_pmc_core_pltdrv intel_pmc_core snd_soc_hda_codec pmt_telemetry snd_hda_ext_core pmt_class iwlmvm intel_vsec snd_soc_core snd_hda_codec_hdmi intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp coretemp snd_compress kvm_intel snd_hda_codec_realtek ac97_bus mac80211 snd_hda_codec_generic snd_hda_scodec_component btusb kvm snd_pcm_dmaengine libarc4 snd_hda_intel btrtl btintel mei_hdcp mei_pxp uvcvideo irqbypass btbcm snd_intel_dspcfg iTCO_wdt uvc ee1004 btmtk videobuf2_vmalloc intel_pmc_bxt snd_intel_sdw_acpi videobuf2_memops iTCO_vendor_support snd_hda_codec videobuf2_v4l2 iwlwifi bluetooth videobuf2_common snd_hda_core videodev rapl snd_hwdep intel_cstate snd_seq intel_uncore bmi323_i2c mc snd_ctl_led bmi323_core intel_wmi_thunderbolt wmi_bmof snd_seq_device pcspkr mei_me think_lmi cfg80211 i2c_i801 snd_pcm i2c_smbus firmware_attributes_class vfat fat mei snd_timer intel_xhci_usb_role_switch bmc150_accel_i2c thinkpad_acpi bmc150_accel_core industrialio_triggered_buffer idma64 intel_pch_thermal kfifo_buf sparse_keymap industrialio platform_profile rfkill snd soundcore acpi_pad joydev loop zram lz4hc_compress lz4_compress i915 i2c_algo_bit drm_buddy ttm drm_display_helper r8169 polyval_clmulni wacom polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 sha1_ssse3 realtek cec i2c_hid_acpi i2c_hid video pinctrl_sunrisepoint wmi serio_raw sunrpc iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fuse i2c_dev nfnetlink CR2: 0000000000000001
Lenovo ideapad D330-10IGM is also affected and this patch seems to be the solution https://lore.kernel.org/lkml/20250613124648.14141-1-marek.vasut+bmc150@mailbox.org/
Description of problem: during boot Version-Release number of selected component: kernel-core-6.17.4-200.fc42 Additional info: reporter: libreport-2.17.15 kernel: 6.17.4-200.fc42.x86_64 crash_function: __pm_runtime_resume reason: BUG: kernel NULL pointer dereference, address: 0000000000000001 type: Kerneloops cmdline: BOOT_IMAGE=(hd0,gpt2)/vmlinuz-6.17.4-200.fc42.x86_64 root=UUID=e28b0d3b-f18d-4645-b862-d5818849748c ro rootflags=subvol=root resume=UUID=06497cc5-de51-4001-a561-4515b611434e rhgb quiet crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M package: kernel-core-6.17.4-200.fc42 runlevel: unknown comment: during boot Truncated backtrace: #1 [TASK] ? __pm_runtime_resume #2 [TASK] bmc150_accel_buffer_postenable in bmc150_accel_core #3 [TASK] iio_enable_buffers in industrialio #4 [TASK] __iio_update_buffers in industrialio #5 [TASK] enable_store in industrialio #6 [TASK] kernfs_fop_write_iter #7 [TASK] vfs_write #8 [TASK] ksys_write #9 [TASK] do_syscall_64 #10 [TASK] ? kmem_cache_free #11 [TASK] ? __x64_sys_close #12 [TASK] ? __x64_sys_close #13 [TASK] ? do_syscall_64 #14 [TASK] ? arch_exit_to_user_mode_prepare #15 [TASK] ? irqentry_exit_to_user_mode #16 [TASK] entry_SYSCALL_64_after_hwframe
I have same issue on Linux fedora 6.17.7-300.fc43.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Nov 2 15:30:09 UTC 2025 x86_64 GNU/Linux Also same on Live Fedora KDE 43, but tried Fedora KDE 42 and here it works fine. Here is log from 6.17.7-300.fc43: [Thu Nov 6 22:36:44 2025] BUG: kernel NULL pointer dereference, address: 0000000000000001 [Thu Nov 6 22:36:44 2025] #PF: supervisor read access in kernel mode [Thu Nov 6 22:36:44 2025] #PF: error_code(0x0000) - not-present page [Thu Nov 6 22:36:44 2025] PGD 0 P4D 0 [Thu Nov 6 22:36:44 2025] Oops: Oops: 0000 [#1] SMP NOPTI [Thu Nov 6 22:36:44 2025] CPU: 1 UID: 0 PID: 727 Comm: iio-sensor-prox Tainted: G W 6.17.7-300.fc43.x86_64 #1 PREEMPT(lazy) [Thu Nov 6 22:36:44 2025] Tainted: [W]=WARN [Thu Nov 6 22:36:44 2025] Hardware name: ShenZhen ZhiWei Technology Co.,Ltd NA08H/Zwide Inc., BIOS 5.27 09/11/2025 [Thu Nov 6 22:36:44 2025] RIP: 0010:bmc150_accel_set_interrupt+0x73/0x140 [bmc150_accel_core] [Thu Nov 6 22:36:44 2025] Code: 84 83 00 00 00 b8 01 00 00 00 f0 0f c1 06 83 c0 01 83 f8 01 7f 5f 49 8b 3c 24 be 01 00 00 00 e8 83 fa ff ff 89 c5 85 c0 75 4d <0f> b6 53 01 0f b6 33 45 31 c9 45 31 c0 49 8b 3c 24 6a 00 89 d1 e8 [Thu Nov 6 22:36:44 2025] RSP: 0018:ffffd0bf0249bb58 EFLAGS: 00010246 [Thu Nov 6 22:36:44 2025] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffff01 [Thu Nov 6 22:36:44 2025] RDX: ffffffffa19cd465 RSI: 0000000000000202 RDI: ffff8d10c3387904 [Thu Nov 6 22:36:44 2025] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8d10c72e7800 [Thu Nov 6 22:36:44 2025] R10: 0000000000000000 R11: fffff0f5041263c0 R12: ffff8d10c19da578 [Thu Nov 6 22:36:44 2025] R13: ffff8d10c19da338 R14: ffff8d10c3387820 R15: ffff8d10c19da000 [Thu Nov 6 22:36:44 2025] FS: 00007f5de518f980(0000) GS:ffff8d148b8c4000(0000) knlGS:0000000000000000 [Thu Nov 6 22:36:44 2025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [Thu Nov 6 22:36:44 2025] CR2: 0000000000000001 CR3: 0000000109d33001 CR4: 0000000000f72ef0 [Thu Nov 6 22:36:44 2025] PKRU: 55555554 [Thu Nov 6 22:36:44 2025] Call Trace: [Thu Nov 6 22:36:44 2025] <TASK> [Thu Nov 6 22:36:44 2025] ? __pm_runtime_resume+0x5f/0x90 [Thu Nov 6 22:36:44 2025] bmc150_accel_buffer_postenable+0x5e/0xa0 [bmc150_accel_core] [Thu Nov 6 22:36:44 2025] iio_enable_buffers+0x172/0x2c0 [industrialio] [Thu Nov 6 22:36:44 2025] __iio_update_buffers+0x237/0x2e0 [industrialio] [Thu Nov 6 22:36:44 2025] enable_store+0x81/0xe0 [industrialio] [Thu Nov 6 22:36:44 2025] kernfs_fop_write_iter+0x14a/0x200 [Thu Nov 6 22:36:44 2025] vfs_write+0x25a/0x480 [Thu Nov 6 22:36:44 2025] ksys_write+0x73/0xf0 [Thu Nov 6 22:36:44 2025] do_syscall_64+0x7e/0x250 [Thu Nov 6 22:36:44 2025] ? do_sys_openat2+0xa2/0xe0 [Thu Nov 6 22:36:44 2025] ? __x64_sys_openat+0x61/0xa0 [Thu Nov 6 22:36:44 2025] ? do_syscall_64+0xb6/0x250 [Thu Nov 6 22:36:44 2025] ? __x64_sys_openat+0x61/0xa0 [Thu Nov 6 22:36:44 2025] ? do_syscall_64+0xb6/0x250 [Thu Nov 6 22:36:44 2025] ? __x64_sys_close+0x3d/0x80 [Thu Nov 6 22:36:44 2025] ? do_syscall_64+0xb6/0x250 [Thu Nov 6 22:36:44 2025] ? irqentry_exit_to_user_mode+0x2c/0x1c0 [Thu Nov 6 22:36:44 2025] entry_SYSCALL_64_after_hwframe+0x76/0x7e [Thu Nov 6 22:36:44 2025] RIP: 0033:0x7f5de5531982 [Thu Nov 6 22:36:44 2025] Code: 08 0f 85 21 42 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 66 [Thu Nov 6 22:36:44 2025] RSP: 002b:00007ffc4668e6a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [Thu Nov 6 22:36:44 2025] RAX: ffffffffffffffda RBX: 000056444a53a5b0 RCX: 00007f5de5531982 [Thu Nov 6 22:36:44 2025] RDX: 0000000000000001 RSI: 00007ffc4668e870 RDI: 0000000000000009 [Thu Nov 6 22:36:44 2025] RBP: 00007ffc4668e6d0 R08: 0000000000000000 R09: 0000000000000000 [Thu Nov 6 22:36:44 2025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [Thu Nov 6 22:36:44 2025] R13: 0000000000000001 R14: 00007ffc4668e870 R15: 0000000000000002 [Thu Nov 6 22:36:44 2025] </TASK> [Thu Nov 6 22:36:44 2025] Modules linked in: sunrpc snd_hda_codec_intelhdmi snd_hda_codec_alc269 snd_hda_scodec_component snd_hda_codec_realtek_lib snd_hda_codec_generic snd_hda_intel bnep snd_sof_pci_intel_tgl snd_sof_pci_intel_cnl snd_sof_intel_hda_generic soundwire_intel snd_sof_intel_hda_sdw_bpt snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda snd_hda_codec_hdmi soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_soc_acpi_intel_match intel_rapl_msr intel_rapl_common snd_soc_acpi_intel_sdca_quirks soundwire_generic_allocation snd_soc_acpi crc8 soundwire_bus x86_pkg_temp_thermal intel_powerclamp coretemp snd_soc_sdca iTCO_wdt kvm_intel spi_nor intel_pmc_bxt mtd mei_hdcp iTCO_vendor_support mei_pxp joydev snd_soc_avs kvm snd_soc_hda_codec snd_hda_ext_core snd_hda_codec iwlmvm snd_hda_core irqbypass rapl snd_intel_dspcfg snd_usb_audio(+) snd_intel_sdw_acpi mac80211 snd_usbmidi_lib intel_cstate snd_soc_core snd_hwdep snd_ump snd_rawmidi snd_compress ac97_bus snd_pcm_dmaengine [Thu Nov 6 22:36:44 2025] libarc4 intel_uncore wmi_bmof snd_seq snd_seq_device pcspkr uvcvideo snd_pcm spi_intel_pci uvc videobuf2_vmalloc videobuf2_memops i2c_i801 iwlwifi videobuf2_v4l2 bmi323_i2c bmi323_core spi_intel i2c_smbus snd_timer vfat videobuf2_common snd fat videodev soundcore cfg80211 mei_me mc mei idma64 bmc150_accel_i2c igen6_edac bmc150_accel_core industrialio_triggered_buffer kfifo_buf industrialio goodix_ts intel_pmc_core pmt_telemetry pmt_discovery soc_button_array pmt_class intel_hid intel_pmc_ssram_telemetry acpi_tad sparse_keymap acpi_pad btusb btrtl btintel btbcm btmtk bluetooth rfkill loop nfnetlink zram lz4hc_compress lz4_compress xe drm_ttm_helper drm_suballoc_helper gpu_sched drm_gpuvm drm_exec i915 nvme sdhci_pci sdhci_uhs2 polyval_clmulni ghash_clmulni_intel sdhci i2c_algo_bit intel_ish_ipc nvme_core drm_buddy cqhci ttm nvme_keyring mmc_core nvme_auth spi_pxa2xx_platform drm_display_helper intel_ishtp dw_dmac intel_vsec spi_pxa2xx_core cec video intel_oc_wdt wmi pinctrl_alderlake serio_raw fuse i2c_dev [Thu Nov 6 22:36:44 2025] CR2: 0000000000000001 [Thu Nov 6 22:36:44 2025] ---[ end trace 0000000000000000 ]--- [Thu Nov 6 22:36:44 2025] RIP: 0010:bmc150_accel_set_interrupt+0x73/0x140 [bmc150_accel_core] [Thu Nov 6 22:36:44 2025] Code: 84 83 00 00 00 b8 01 00 00 00 f0 0f c1 06 83 c0 01 83 f8 01 7f 5f 49 8b 3c 24 be 01 00 00 00 e8 83 fa ff ff 89 c5 85 c0 75 4d <0f> b6 53 01 0f b6 33 45 31 c9 45 31 c0 49 8b 3c 24 6a 00 89 d1 e8 [Thu Nov 6 22:36:44 2025] RSP: 0018:ffffd0bf0249bb58 EFLAGS: 00010246 [Thu Nov 6 22:36:44 2025] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffff01 [Thu Nov 6 22:36:44 2025] RDX: ffffffffa19cd465 RSI: 0000000000000202 RDI: ffff8d10c3387904 [Thu Nov 6 22:36:44 2025] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff8d10c72e7800 [Thu Nov 6 22:36:44 2025] R10: 0000000000000000 R11: fffff0f5041263c0 R12: ffff8d10c19da578 [Thu Nov 6 22:36:44 2025] R13: ffff8d10c19da338 R14: ffff8d10c3387820 R15: ffff8d10c19da000 [Thu Nov 6 22:36:44 2025] FS: 00007f5de518f980(0000) GS:ffff8d148b8c4000(0000) knlGS:0000000000000000 [Thu Nov 6 22:36:44 2025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
I have edited and rebuilt drivers/iio/accel/bmc150-accel-core.c static int bmc150_accel_set_interrupt(struct bmc150_accel_data *data, int i, bool state) ret = bmc150_accel_set_power_state(data, state); if (ret < 0) return ret; +if(!info) + return 0; /* map the interrupt to the appropriate pins */ After such edit module loads fine and accelerometer works. The root of issue is unclear, bmc150-accel-core.c shows few changes since fedora 42, maybe iio-sensor-proxy changed in way it request interrupt when info structure is empty.