Kernel panic shortly after pairing Apple Magic Touchpad

Bug #1252874 reported by Chris Halse Rogers
58
This bug affects 8 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Joseph Salisbury
Trusty
Fix Released
High
Joseph Salisbury

Bug Description

NOTE: there's important discussion in the duplicate of this bug, make sure you read that, too.

My kernel reliably panics shortly after - maybe 10 seconds or so? - pairing an Apple Magic Touchpad.

Other bluetooth devices don't cause the same problem - I've tried a pair of bluetooth headphones, a bluetooth speaker, a bluetooth printer, and a Nexus 4; all of these work as expected. This would seem to suggest a problem in hid_magicmouse?

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.12.0-2-generic 3.12.0-2.7
ProcVersionSignature: Ubuntu 3.12.0-2.7-generic 3.12.0
Uname: Linux 3.12.0-2-generic x86_64
ApportVersion: 2.12.6-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: chris 2576 F.... pulseaudio
 /dev/snd/controlC0: chris 2576 F.... pulseaudio
Date: Wed Nov 20 08:26:11 2013
InstallationDate: Installed on 2013-08-06 (105 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
MachineType: System76, Inc. Galago UltraPro
MarkForUpload: True
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.12.0-2-generic.efi.signed root=UUID=92c2fa03-f29c-4bcc-87ab-f0fe28c134f2 ro quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.12.0-2-generic N/A
 linux-backports-modules-3.12.0-2-generic N/A
 linux-firmware 1.117
SourcePackage: linux
UpgradeStatus: Upgraded to trusty on 2013-08-06 (105 days ago)
dmi.bios.date: 07/09/2013
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 4.6.5
dmi.board.asset.tag: Tag 12345
dmi.board.name: Galago UltraPro
dmi.board.vendor: System76, Inc.
dmi.board.version: galu1
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 9
dmi.chassis.vendor: System76, Inc,
dmi.chassis.version: galu1
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr4.6.5:bd07/09/2013:svnSystem76,Inc.:pnGalagoUltraPro:pvrgalu1:rvnSystem76,Inc.:rnGalagoUltraPro:rvrgalu1:cvnSystem76,Inc,:ct9:cvrgalu1:
dmi.product.name: Galago UltraPro
dmi.product.version: galu1
dmi.sys.vendor: System76, Inc.

CVE References

Revision history for this message
Chris Halse Rogers (raof) wrote :
Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Chris Halse Rogers (raof) wrote :

I've tried Andy's kernels from http://people.canonical.com/~apw/unstable-trusty/, but I can't tell whether this is fixed in 3.13 or not - bluetooth entirely fails to work in 3.13.

bluetoothd repeatedly spawns and crashes, with:
[ 31.268389] general protection fault: 0000 [#2] SMP
[ 31.268418] Modules linked in: rfcomm bnep binfmt_misc joydev x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm nls_iso8859_1 microcode arc4 psmouse serio_raw ath9k snd_hda_codec_via snd_seq_midi ath9k_common snd_seq_midi_event ath9k_hw snd_rawmidi ath snd_hda_codec_hdmi uvcvideo mac80211 videobuf2_vmalloc snd_hda_intel videobuf2_memops videobuf2_core snd_hda_codec snd_seq videodev snd_hwdep snd_seq_device ath3k cfg80211 snd_pcm lpc_ich btusb bluetooth rtsx_pci_ms snd_page_alloc memstick snd_timer snd mei_me mei soundcore mac_hid lp parport dm_crypt usb_storage rtsx_pci_sdmmc crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 i915 lrw gf128mul glue_helper ablk_helper cryptd i2c_algo_bit e1000e drm_kms_helper ahci libahci drm rtsx_pci ptp pps_core wmi video
[ 31.269003] CPU: 0 PID: 1165 Comm: bluetoothd Tainted: G D 3.13.0-0-generic #1~unstable201311192152
[ 31.269075] Hardware name: System76, Inc. Galago UltraPro/Galago UltraPro, BIOS 4.6.5 07/09/2013
[ 31.269138] task: ffff880402ac6000 ti: ffff8804093e0000 task.ti: ffff8804093e0000
[ 31.269195] RIP: 0010:[<ffffffffa061004b>] [<ffffffffa061004b>] rfcomm_sock_getsockopt+0x10b/0x290 [rfcomm]
[ 31.269272] RSP: 0018:ffff8804093e1f00 EFLAGS: 00010246
[ 31.269309] RAX: 0000b8763f78eb76 RBX: 0000000000000012 RCX: 00007fff73fcef88
[ 31.269360] RDX: 0000000000000003 RSI: 0000000000000012 RDI: ffff880404493700
[ 31.269411] RBP: ffff8804093e1f38 R08: 00007fff73fcef8c R09: 00007fff73fcf208
[ 31.269462] R10: ffff88040f010430 R11: 0000000000000202 R12: ffff88040932ec00
[ 31.269514] R13: 00007fff73fcef88 R14: 0000000000000003 R15: ffff880404493700
[ 31.269565] FS: 00007f86afcb5740(0000) GS:ffff88041fa00000(0000) knlGS:0000000000000000
[ 31.269622] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 31.269662] CR2: 00007f86aef2bec0 CR3: 0000000406aa9000 CR4: 00000000001407f0
[ 31.269707] Stack:
[ 31.269720] 0000000000000246 ffff8804093e1f58 ffff880404493700 0000000000000012
[ 31.269775] 0000000000000003 00007fff73fcef88 00007fff73fcef8c ffff8804093e1f78
[ 31.269833] ffffffff81614448 0000000000000000 0000000000000001 00007fff73fcf208
[ 31.269896] Call Trace:
[ 31.269923] [<ffffffff81614448>] SyS_getsockopt+0x68/0xd0
[ 31.269973] [<ffffffff817355ff>] tracesys+0xe1/0xe6
[ 31.270010] Code: f1 48 83 c4 10 44 89 c8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 1f 44 00 00 4d 8b 67 20 f6 05 47 6f 00 00 04 49 8b 84 24 e8 02 00 00 <48> 8b 18 0f 85 48 01 00 00 4c 89 c0 e8 f4 52 d7 e0 85 c0 49 89
[ 31.270233] RIP [<ffffffffa061004b>] rfcomm_sock_getsockopt+0x10b/0x290 [rfcomm]
[ 31.270294] RSP <ffff8804093e1f00>
[ 31.270322] ---[ end trace cd2dc7599da16d4a ]---

Changed in linux (Ubuntu):
importance: Undecided → High
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Can you give the latest upstream 3.11 kernel to see if the bug exists there or not? The kernel can be downloaded from:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.11.8-saucy/

Changed in linux (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
status: Confirmed → In Progress
Revision history for this message
Chris Halse Rogers (raof) wrote :
Revision history for this message
Chris Halse Rogers (raof) wrote :

The 3.11 kernel also panics in the same circumstances ; I can't tell if it's *exactly* the same panic, because the log didn't make it to disc, but it's triggered in the same way.

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Can you give the 3.11 final kernel a try:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.11-saucy/

Do you recall if there was a prior release that did not have this bug?

Revision history for this message
Chris Halse Rogers (raof) wrote :

Hm. I don't think I've ever successfully used the Apple touchpad with this laptop; I've only recently started to try.

I'll give the 3.11 final kernel a try as well.

Revision history for this message
Ugo Riboni (uriboni) wrote :

I have the same problem as the OP, but in my case the kernel log seems to give more useful information. There are a number of OOPSes in the log, before the actual crash, and one of them is in hid_magicmouse, always at the same location.

I'm attaching a log that shows the OOPSes. The system doesn't log anything else to disk after that.
If there's any other info that I can help provide please let me know.

Revision history for this message
Ugo Riboni (uriboni) wrote :

I also used apport-bug to open bug #1293528 mainly so that it could upload the rest of the info about my system. Feel free to mark it as duplicate.

Changed in linux (Ubuntu):
status: In Progress → Incomplete
Revision history for this message
Attila Lendvai (attila-lendvai) wrote :

i'm still seeing this with 3.13.5-1~bpo70+1.

i stopped using that touchpad around 3.10 or so because of the appearance of this bug, and tried just now again, but it's still panic-ing.

unfortunately nothing seems to reach the disk for me, or at least i can't find anything related in /var/log/syslog.

tags: added: kernel-fixed-upstream needs-bisect
description: updated
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

It appears this bug is fixed in the latest mainline kernel per bug 1293528 . Thanks for testing Ugo.

Can other folks affected by this bug confirm the 3.14-rc8 kernel fixes this bug? If it does, we can reverse bisect to identify the commit that fixes this.

The latest mainline kernel can be downloaded from:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.14-rc8-trusty/

It would also be good to know if this is fixed in the latest 3.13 upstream kernel, which can be downloaded from:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.13.7-trusty/

Changed in linux (Ubuntu):
status: Incomplete → In Progress
Revision history for this message
Andy Whitcroft (apw) wrote :

We believe we have found the upstream commit which fixes this, I have applied that under another bug as below. Could you guys also test and report back here:

    http://people.canonical.com/~apw/lp1301990-trusty/

Revision history for this message
Tim Gardner (timg-tpi) wrote :

HID: Bluetooth: hidp: make sure input buffers are big enough

Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.13.0-24.46

---------------
linux (3.13.0-24.46) trusty; urgency=low

  [ Andy Whitcroft ]

  * [Config] d-i -- add nvme devices to block-modules udeb
    - LP: #1303710

  [ Paolo Pisati ]

  * [Config] build vexpress a9 dtb
    - LP: #1303657
  * [Config] disable HVC_DCC
    - LP: #1303657

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1305158
  * rebase to v3.13.9
  * CONFIG_RTLBTCOEXIST=m
    - LP: #1296591

  [ Upstream Kernel Changes ]

  * HID: Bluetooth: hidp: make sure input buffers are big enough
    - LP: #1252874
  * ACPI / video: Add systems that should favour native backlight interface
    - LP: #1303419
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * x86/efi: Fix 32-bit fallout
    - LP: #1301590
  * drm/nouveau/devinit: tidy up the subdev class definition
    - LP: #1158689
  * drm/nouveau/device: provide a way for devinit to mark engines as
    disabled
    - LP: #1158689
  * drm/nv50-/devinit: prevent use of engines marked as disabled by
    hw/vbios
    - LP: #1158689
  * rtlwifi: btcoexist: Add new mini driver
    - LP: #1296591
  * rtlwifi: Prepare existing drivers for new driver
    - LP: #1296591
  * rtlwifi: add MSI interrupts mode support
    - LP: #1296591
  * rtlwifi: rtl8188ee: enable MSI interrupts mode
    - LP: #1296591

  [ Upstream Kernel Changes ]

  * rebase to v3.13.9
 -- Tim Gardner <email address hidden> Fri, 04 Apr 2014 09:26:27 -0400

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.