Apple Wireless Trackpad causes kernel oops

Here is the oops which apport did not include:

Aug 28 09:53:03 impulse kernel: [ 676.261277] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
Aug 28 09:53:03 impulse kernel: [ 676.261290] Bluetooth: HIDP socket layer initialized
Aug 28 09:53:03 impulse kernel: [ 676.265270] magicmouse 0005:05AC:030E.0005: unknown main item tag 0x0
Aug 28 09:53:03 impulse kernel: [ 676.420107] input: Apple Wireless Trackpad as /devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.6/1-1.6:1.0/bluetooth/hci0/hci0:11/input15
Aug 28 09:53:03 impulse kernel: [ 676.420428] magicmouse 0005:05AC:030E.0005: input,hidraw4: BLUETOOTH HID v1.60 Mouse [Apple Wireless Trackpad] on 00:0a:3a:7c:58:95
Aug 28 09:53:04 impulse kernel: [ 677.189260] BUG: unable to handle kernel NULL pointer dereference at 00000000000003b0
Aug 28 09:53:04 impulse kernel: [ 677.189278] IP: [<ffffffff8155c952>] evdev_poll+0x32/0x60
Aug 28 09:53:04 impulse kernel: [ 677.189289] PGD 0
Aug 28 09:53:04 impulse kernel: [ 677.189293] Oops: 0000 [#1] SMP
Aug 28 09:53:04 impulse kernel: [ 677.189299] Modules linked in: hid_magicmouse hidp dm_crypt(F) xt_conntrack(F) ipt_REJECT(F) xt_CHECKSUM(F) iptable_mangle(F) xt_tcpudp(F) ip6table_filter(F) ip6_tables(F) iptable_filter(F) ebtable_nat(F) ebtables(F) ipt_MASQUERADE(F) iptable_nat(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F) nf_nat_ipv4(F) nf_nat(F) nf_conntrack(F) ip_tables(F) x_tables(F) bridge(F) stp(F) llc(F) autofs4(F) snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel(F) kvm(F) crc32_pclmul(F) ghash_clmulni_intel(F) aesni_intel(F) aes_x86_64(F) lrw(F) gf128mul(F) glue_helper(F) ablk_helper(F) cryptd(F) parport_pc(F) ppdev(F) eeepc_wmi asus_wmi sparse_keymap joydev(F) rfcomm microcode(F) bnep psmouse(F) serio_raw(F) snd_hda_codec_realtek snd_seq_midi(F) snd_seq_midi_event(F) btusb bluetooth snd_rawmidi(F) snd_hda_intel lpc_ich snd_hda_codec snd_hwdep(F) snd_pcm(F) snd_page_alloc(F) snd_seq(F) snd_seq_device(F) snd_timer(F) mei_me snd(F) mei dm_snapshot(F) mac_hid soundcore(F) lp(F) parp
Aug 28 09:53:04 impulse kernel: ort(F) nfsd(F) auth_rpcgss(F) nfs_acl(F) nfs(F) lockd(F) sunrpc(F) fscache(F) ext2(F) btrfs(F) xor(F) zlib_deflate(F) raid6_pq(F) libcrc32c(F) hid_microsoft usb_storage(F) hid_generic usbhid hid nouveau ahci(F) libahci(F) r8169 mii(F) mxm_wmi i2c_algo_bit ttm drm_kms_helper video(F) drm wmi
Aug 28 09:53:04 impulse kernel: [ 677.189472] CPU: 1 PID: 1330 Comm: Xorg Tainted: GF 3.11.0-4-generic #9-Ubuntu
Aug 28 09:53:04 impulse kernel: [ 677.189479] Hardware name: System manufacturer System Product Name/P8Z77-V LX, BIOS 1106 07/27/2012
Aug 28 09:53:04 impulse kernel: [ 677.189485] task: ffff880404f35dc0 ti: ffff880404f4e000 task.ti: ffff880404f4e000
Aug 28 09:53:04 impulse kernel: [ 677.189491] RIP: 0010:[<ffffffff8155c952>] [<ffffffff8155c952>] evdev_poll+0x32/0x60
Aug 28 09:53:04 impulse kernel: [ 677.189503] RSP: 0018:ffff880404f4f9e0 EFLAGS: 00010246
Aug 28 09:53:04 impulse kernel: [ 677.189508] RAX: 0000000000000000 RBX: ffff880404570800 RCX: 0000000000000000
Aug 28 09:53:04 impulse kernel: [ 677.189513] RDX: ffff880404f4faf0 RSI: ffff880404f4faf0 RDI: ffff8804031a4000
Aug 28 09:53:04 im...

Oops as an attachment.

This change was made by a bot.

Appears to be a duplicate of bug 1214931

If you have a chance, can you test the v3.11-rc4 kernel and confirm this bug goes away? The 3.11-rc4 kernel is available at:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.11-rc4-saucy/

Running that kernel I received a warning and then an Oops.

Aug 28 11:32:58 impulse kernel: [ 610.766544] ------------[ cut here ]------------
Aug 28 11:32:58 impulse kernel: [ 610.766554] WARNING: CPU: 1 PID: 3487 at /home/apw/COD/linux/include/linux/kref.h:47 kobject_get+0x42/0x50()
Aug 28 11:32:58 impulse kernel: [ 610.766555] Modules linked in: rpcsec_gss_krb5 nfsv4 nfsv3 hid_magicmouse hidp xt_conntrack ipt_REJECT xt_CHECKSUM iptable_mangle xt_tcpudp ip6table_filter ip6_tables iptable_filter ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack ip_tables x_tables bridge stp llc autofs4 dm_crypt snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd eeepc_wmi asus_wmi parport_pc sparse_keymap ppdev rfcomm bnep microcode psmouse serio_raw snd_hda_codec_realtek btusb snd_seq_midi joydev bluetooth snd_seq_midi_event snd_rawmidi snd_hda_intel snd_hda_codec snd_hwdep snd_pcm lpc_ich snd_seq snd_page_alloc snd_seq_device snd_timer snd dm_snapshot soundcore mei_me mei lp parport mac_hid nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache ext2 btrfs xor zlib_deflate raid6_pq libcrc32c hid_microsoft usb_storage hid_gen
Aug 28 11:32:58 impulse kernel: eric usbhid hid nouveau mxm_wmi i2c_algo_bit ttm drm_kms_helper ahci r8169 libahci drm mii video wmi
Aug 28 11:32:58 impulse kernel: [ 610.766625] CPU: 1 PID: 3487 Comm: gnome-control-c Not tainted 3.11.0-031100rc4-generic #201308041735
Aug 28 11:32:58 impulse kernel: [ 610.766626] Hardware name: System manufacturer System Product Name/P8Z77-V LX, BIOS 1106 07/27/2012
Aug 28 11:32:58 impulse kernel: [ 610.766628] 000000000000002f ffff8803e0201ca8 ffffffff8171e4eb 0000000000000007
Aug 28 11:32:58 impulse kernel: [ 610.766631] 0000000000000000 ffff8803e0201ce8 ffffffff8106532c ffff88040e001700
Aug 28 11:32:58 impulse kernel: [ 610.766633] ffff880404d85800 ffff8804060c0b40 0000000000000282 ffff88040626e8a0
Aug 28 11:32:58 impulse kernel: [ 610.766636] Call Trace:
Aug 28 11:32:58 impulse kernel: [ 610.766641] [<ffffffff8171e4eb>] dump_stack+0x46/0x58
Aug 28 11:32:58 impulse kernel: [ 610.766645] [<ffffffff8106532c>] warn_slowpath_common+0x8c/0xc0
Aug 28 11:32:58 impulse kernel: [ 610.766648] [<ffffffff8106537a>] warn_slowpath_null+0x1a/0x20
Aug 28 11:32:58 impulse kernel: [ 610.766651] [<ffffffff81368c62>] kobject_get+0x42/0x50
Aug 28 11:32:58 impulse kernel: [ 610.766656] [<ffffffff8160d567>] ? __alloc_skb+0x87/0x2a0
Aug 28 11:32:58 impulse kernel: [ 610.766659] [<ffffffff81482139>] get_device+0x19/0x20
Aug 28 11:32:58 impulse kernel: [ 610.766662] [<ffffffff8152b172>] usb_get_dev+0x22/0x30
Aug 28 11:32:58 impulse kernel: [ 610.766665] [<ffffffff815369e0>] usb_hcd_unlink_urb+0x40/0xf0
Aug 28 11:32:58 impulse kernel: [ 610.766668] [<ffffffff815379af>] usb_kill_urb.part.5+0x1f/0xa0
Aug 28 11:32:58 impulse kernel: [ 610.766672] [<ffffffff81199221>] ? kmem_cache_free+0x121/0x180
Aug 28 11:32:58 impulse kernel: [ 610.766687] [<ffffffffa051dd22>] ? hci_dev_do_close+0x182/0x430 [bluetooth]
Aug 28 11...

Thanks for testing rc4, Brian. That Oops is USB related, but it looks different than the original Oops and the Oops in bug 1214931. It could be another bug that was in rc4, but is now fixed.

In bug 1214931, having the bluetooth trackpad connected caused the system to freeze, in addition to the Oops. Are you also seeing a system freeze when running the latest Saucy kernel? If so, did you see a system freeze when running 3.11-rc4?

As I mentioned in the descripton, having the apple trackpad connected caused the system to lock up / freeze and I had to force a reboot.

I am also seeing a system freeze running kernel suggested in comment #6.

This crash was with the kernel from comment #6 and caused the system to freeze.

ProblemType: KernelOops
Annotation: Your system might become unstable now and might need to be restarted.
Date: Wed Aug 28 14:26:12 2013
Failure: oops
OopsText:
 BUG: unable to handle kernel NULL pointer dereference at 00000000000003b0
 IP: [<ffffffff815789c1>] evdev_poll+0x31/0x70
 PGD 0
 Oops: 0000 [#1] SMP
 Modules linked in: hid_magicmouse hidp hid cuse dm_crypt parport_pc ppdev autofs4 nfsd auth_rpcgss nfs_acl rfcomm nfs bnep lockd sunrpc fscache binfmt_misc intel_powerclamp coretemp kvm_intel kvm crc32_pclmul arc4 ghash_clmulni_intel iwldvm aesni_intel mac80211 aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd snd_hda_codec_hdmi joydev snd_hda_codec_conexant snd_hda_intel snd_hda_codec btusb snd_hwdep snd_pcm thinkpad_acpi nvram snd_page_alloc snd_seq_midi snd_seq_midi_event bluetooth snd_rawmidi snd_seq iwlwifi snd_seq_device snd_timer lpc_ich microcode mei_me psmouse snd serport serio_raw mei soundcore wacom_w8001 intel_ips cfg80211 lp tpm_tis parport mac_hid btrfs xor zlib_deflate raid6_pq libcrc32c i915 e1000e i2c_algo_bit drm_kms_helper ahci libahci ptp drm pps_core wmi video
 CPU: 1 PID: 1277 Comm: Xorg Not tainted 3.11.0-031100rc4-generic #201308041735
 Hardware name: LENOVO 0831CTO/0831CTO, BIOS 6QET53WW (1.23 ) 09/15/2010
 task: ffff88006395ddc0 ti: ffff880060d0c000 task.ti: ffff880060d0c000
 RIP: 0010:[<ffffffff815789c1>] [<ffffffff815789c1>] evdev_poll+0x31/0x70
 RSP: 0018:ffff880060d0d9a8 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff880035921800 RCX: 0000000000000050
 RDX: 0000000000000001 RSI: ffff880060d0dab8 RDI: ffff880060e39100
 RBP: ffff880060d0d9b8 R08: ffff880060e39138 R09: ffff880060d0ddb8
 R10: 0000000000000000 R11: 0000000000003246 R12: 0000000000000000
 R13: 0000000000002000 R14: 00080000001fe000 R15: ffff880060e39100
 FS: 00007fead9936980(0000) GS:ffff880077080000(0000) knlGS:0000000000000000
 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: 00000000000003b0 CR3: 0000000060ccb000 CR4: 00000000000007e0
 Stack:
  0000000000000040 000000000000000d ffff880060d0dd68 ffffffff811c572e
  0000000000000000 0000000000000000 0000000000000304 0000000000000001
  ffff880060d0dfd8 0000000000000000 0000000000000000 ffff880060d0df28
 Call Trace:
  [<ffffffff811c572e>] do_select+0x31e/0x6f0
  [<ffffffff811c4e40>] ? __pollwait+0xf0/0xf0
  [<ffffffff811c4e40>] ? __pollwait+0xf0/0xf0
  [<ffffffff811c4e40>] ? __pollwait+0xf0/0xf0
  [<ffffffff811c4e40>] ? __pollwait+0xf0/0xf0
  [<ffffffff811c4e40>] ? __pollwait+0xf0/0xf0
  [<ffffffff811c4e40>] ? __pollwait+0xf0/0xf0
  [<ffffffff811c4e40>] ? __pollwait+0xf0/0xf0
  [<ffffffff81199221>] ? kmem_cache_free+0x121/0x180
  [<ffffffff81074bed>] ? __sigqueue_free+0x3d/0x50
  [<ffffffff811c5cbd>] core_sys_select+0x1bd/0x2f0
  [<ffffffff81078775>] ? set_current_blocked+0x15/0x20
  [<ffffffff810787da>] ? signal_delivered+0x5a/0x70
  [<ffffffff8110bb5c>] ? acct_account_cputime+0x1c/0x20
  [<ffffffff8109ca76>] ? account_user_time+0xa6/0xc0
  [<ffffffff811c603c>] SyS_select+0xbc/0x100
  [<ffffffff817331af>] tracesys+0xe1/0xe6
 Code: 48 89 e5 48 83 ec 10 48 85 f6 48 89 5d f0 48 8b 9f a8 00 00 00 4c 89 ...

Thanks for testing, Brian.

Can you test the following two kernels to see if the bug can be reproduced:

v3.10 final: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.10-saucy/
v3.11-rc1: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.11-rc1-saucy/

I can perform a kernel bisect to identify the commit that introduced this. We first need to identify the last kernel version that did not have this bug and the first kernel version that does exhibit the bug.

v3.10-saucy seems to be fine after a similar period of testing that caused that crash. I'll do v3.11-r1-saucy soon.

Thanks again for testing, Brian. If rc1 does not have the bug, we should test rc2, then rc3, etc until we find the first kernel version that exhibits the bug.

Testing with 3.11.0-031100rc1-generic, I did experience the crash and system lock up.

Thanks, Brian. I took a look at the git log between 3.10 and 3.11-rc1 and there were quite a bit of changes to Bluetooth:

b8f4e068004859eefac7b1ced59ddb67ca6d2d80 Bluetooth: Improve comments on the HCI_Delete_Store_Link_Key issue
502f769662978a2fe99d0caed5e53e3006107381 Bluetooth: Add missing reset_resume dev_pm_ops
673e1dd7ed7701cac8c5c247d152fd3d2da2a4f1 Bluetooth: hidp: using strlcpy instead of strncpy, also beautify code.
0a804654af62dfea4899c66561d74d72273b2921 Bluetooth: Remove unneeded flag
034cbea0931433cf88a1f79a385402604f08bd67 Bluetooth: Use HCI_MGMT instead of HCI_LINK_KEYS flag
12602d0cc005354a519b3eba443d7912ab71313a Bluetooth: Mgmt Device Found Event
8892d8beb37cb4ea531a5076946d5cc809b04c25 Bluetooth: Remove empty event handler
b0434345f2a7330be5277b63606cff26a7965982 Bluetooth: Remove inquiry helpers
917eedc56c65ba96a3bab4c346d948e73dd872f1 Bluetooth: Remove LE scan helpers
3fd319b830247a3fe5f489e622ab404b618e0906 Bluetooth: Refactor hci_cc_le_set_scan_enable
1183fdcad42495073045a2d9755e0a6ac2fa874e Bluetooth: Make mgmt_stop_discovery_failed static
82f4785ca7b8d04ca6d0aaa37f1185c779744bc4 Bluetooth: Remove stop discovery handling from hci_event.c
0e05bba6f6f8c2dca7a13fe0566742277e92df07 Bluetooth: Update stop_discovery to use HCI request
4c87eaab01df271c81f6a68e3c28dbd44d348004 Bluetooth: Use HCI request in interleaved discovery
0d8cc935e01c0fd1312a10881f4c0f1c4b4d05ab Bluetooth: Move discovery macros to hci_core.h
41dc2bd6d13bfccc34d05586be2eb65876a5990a Bluetooth: Make mgmt_start_discovery_failed static
fef5234a791507a2fe1ccfc85f080523fe762320 Bluetooth: Remove start discovery handling from hci_event.c
7c3077207c705d0aa200ce22d49a0376d194dfca Bluetooth: Update start_discovery to use HCI request
1f9b9a5dc5bb8ee360db9d32b2090aac497ae82a Bluetooth: Make inquiry_cache_flush non-static
44f3b0fbaa9bfa7a88577ee8c446d0a78cb1d73a Bluetooth: Fix multiple LE socket handling
0cc59a72c723979cf8973aff4df874a5f7a697c7 Bluetooth: Remove useless hci_conn disc_timeout setting
5ee9891dd8a63df1bf2ccd437872ad30a5850449 Bluetooth: Simplify hci_conn_hold/drop logic for L2CAP
af1c01349ecc2b8ab2c329e4dbd46e9018469bd1 Bluetooth: Remove unnecessary L2CAP channel state check
60bac184c9c7df2299aca4dc45c4b5b486f49a89 Bluetooth: Remove useless sk variable in l2cap_le_conn_ready
97f57c0b14ad2ef0628fc6db48cd6c08e0e52c50 Bluetooth: Fix duplicate call to l2cap_chan_ready()
d8729922b474eab65ca738028a2e69fb12e2eaa6 Bluetooth: Add clarifying comment to l2cap_conn_ready()
9f22398ce4baf816535415e65949d03f55a7973a Bluetooth: Fix hardcoding ATT CID in __l2cap_chan_add()
141d57065afd11977c4d346f64b25350445bf689 Bluetooth: Fix EBUSY condition test in l2cap_chan_connect
f224ca5fc207a9957164e6f42ec6766da0f55d54 Bluetooth: Fix LE vs BR/EDR selection when connecting
073d1cf35fe45d89f5a553c21eea18b504dd6937 Bluetooth: Rename L2CAP_CID_LE_DATA to L2CAP_CID_ATT
c5623556fc61804713b1569b4f748e36956bc6e8 Bluetooth: Handle LE L2CAP signalling in its own function
6ea81c415574acb88faca905e1d7316057e90a5b Bluetooth: btmrvl: fix error return code in btmrvl_sdio_card_to_host()
178c059e7640aa8e50213400c6f3dde00189d979 Bluetooth: Add support for Mediatek Bluetooth device [0e8d:763f

...

I started a bisect between v3.10 final and v3.11-rc1. The bisect will required about 10 test kernels.

I built the first kernel, which is up to commit:
1286da8bc009cb2aee7f285e94623fc974c0c983

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Can you test this kernel and see if it exhibits the bug? I'll then update the bisect and built another test kernel based on your results.

This kernel seems to be fine: 3.10.0-031000-generic #201308291020

I built the next kernel, which is up to commit:
1b375dc30710180c4b88cc59caba6e3481ec5c8b

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Can you test this kernel and see if it exhibits the bug? I'll then update the bisect and built another test kernel based on your results.

Okay, that one exhibited the bug.

That one being the one from comment #18.

I built the next kernel, which is up to commit:
899dd388853071f5c8848545209d4e2c5d95b1d9

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Can you test this kernel and see if it exhibits the bug? I'll then update the bisect and built another test kernel based on your results.

The one from comment #21 also exhibits the crash. Although it may be worth noting that I don't actually get to see the Oops in /var/log/kern.log for every crash.

I updated the bisect and built the next kernel, which is up to commit:
f5b63ac0f77ecab46796ba5d368ea5dd51834e6e

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The kernel from comment #23 also exhibits the crash.

I updated the bisect and built the next kernel, which is up to commit:
3366dd9fa887ebbda4872e9554f853eaeda764be

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The latest kernel also causes the crash.

I updated the bisect and built the next kernel, which is up to commit:
c039e3a8ddd52139d0f81711ecd757772f868b22

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The kernel from comment #27 is running without a crash so far using the same type of tests.

I updated the bisect and built the next kernel, which is up to commit:
e61aca5158a84932cf9fbbcbf8aef9cef63f5026

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The kernel from comment #29 is also running without a crash.

I updated the bisect and built the next kernel, which is up to commit:
b8e0fe31a7c8623741f91bc27f925220341fdf81

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The bisect should determine the bad commit in about 4 or 5 test kernels.

This kernel is not crashing:

Linux blacklightning 3.9.0-030900-generic #201309051608 SMP

I updated the bisect and built the next kernel, which is up to commit:
08ec2dcc3527a20c619aca2fb36f800908256bac

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The kernel from above did crash.

Sep 9 13:29:36 localhost kernel: [ 0.000000] Linux version 3.10.0-031000rc5-generic (jsalisbury@gomeisa) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #201309091135 SMP Mon Sep 9 15:37:35 UTC 2013

I updated the bisect and built the next kernel, which is up to commit:
db58316892a5e9034efe718d4c1630788db7528f

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The kernel from above is not crashing:

[ 3:57PM ] [ bdmurray@blacklightning:~ ]
 $ uname -a
Linux blacklightning 3.10.0-031000rc5-generic #201309091706 SMP Mon Sep 9 21:07:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

I updated the bisect and built the next kernel, which is up to commit:
a688393bd3fb27690a77f7ae8607b4969039bac5

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The next test kernel crashed:

Sep 10 10:02:23 localhost kernel: [ 0.000000] Linux version 3.9.0-030900-generic (jsalisbury@gomeisa) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #201309101031 SMP Tue Sep 10 14:32:49 UTC 2013

I updated the bisect and built the next kernel, which is up to commit:
b1a1442a23776756b254b69786848a94d92445ba

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The next kernel experienced an Oops but did not lock up, and the oops looks unrelated afaict.

OopsText:
 BUG: unable to handle kernel NULL pointer dereference at 0000000000000119
 IP: [<ffffffff8135f232>] memcpy+0x12/0x110
 PGD 0
 Oops: 0002 [#1] SMP
 Modules linked in: hid_magicmouse hidp hid cuse dm_crypt autofs4 rfcomm parport_pc bnep ppdev intel_powerclamp coretemp kvm_intel kvm nfsd auth_rpcgss crc32_pclmul ghash_clmulni_intel nfs_acl aesni_intel btusb aes_x86_64 lrw gf128mul nfs bluetooth snd_hda_codec_hdmi lockd glue_helper sunrpc ablk_helper arc4 cryptd snd_hda_codec_conexant iwldvm snd_hda_intel mac80211 binfmt_misc fscache snd_hda_codec joydev snd_hwdep thinkpad_acpi snd_pcm nvram snd_page_alloc snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq serport snd_seq_device snd_timer iwlwifi psmouse mei_me snd cfg80211 microcode serio_raw mei soundcore wacom_w8001 intel_ips lpc_ich mac_hid tpm_tis lp parport btrfs xor zlib_deflate raid6_pq libcrc32c i915 i2c_algo_bit drm_kms_helper drm ahci e1000e libahci ptp pps_core wmi video
 CPU: 3 PID: 3541 Comm: firefox Not tainted 3.9.0-030900-generic #201309101628
 Hardware name: LENOVO 0831CTO/0831CTO, BIOS 6QET53WW (1.23 ) 09/15/2010
 task: ffff88004e145dc0 ti: ffff88001e180000 task.ti: ffff88001e180000
 RIP: 0010:[<ffffffff8135f232>] [<ffffffff8135f232>] memcpy+0x12/0x110
 RSP: 0018:ffff88001e181cc0 EFLAGS: 00010202
 RAX: 0000000000000119 RBX: ffffffff81ad53f6 RCX: 0000000000000002
 RDX: 0000000000000002 RSI: ffffffff81ad53f4 RDI: 0000000000000119
 RBP: ffff88001e181d18 R08: 000000000000005d R09: ffff880076c08400
 R10: 0000000000000001 R11: 0000000000000293 R12: ffff880036017800
 R13: 0000000000000002 R14: 0000000000000002 R15: 0000000000000002
 FS: 00007f7ffd34d740(0000) GS:ffff880077180000(0000) knlGS:0000000000000000
 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000119 CR3: 000000001e295000 CR4: 00000000000007e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Stack:
  ffffffff814330f8 ffff880070e25680 0000000000000000 0000000000000002
  ffff880072994800 00007f7ff6bb9000 ffff880072b23800 ffff880072b23400
  000000000000000a 000000000000005d ffff880072dfb800 ffff88001e181d48
 Call Trace:
  [<ffffffff814330f8>] ? tty_insert_flip_string_fixed_flag+0x88/0xd0
  [<ffffffff81434680>] pty_write+0x40/0x80
  [<ffffffff81162306>] ? handle_pte_fault+0x96/0x230
  [<ffffffff8142c9b1>] do_output_char+0x191/0x210
  [<ffffffff8142ca7b>] process_output+0x4b/0x70
  [<ffffffff8142d1c4>] n_tty_write+0x134/0x2f0
  [<ffffffff810910f0>] ? try_to_wake_up+0x200/0x200
  [<ffffffff8142a034>] do_tty_write+0xc4/0x1f0
  [<ffffffff8142d090>] ? n_tty_ioctl+0xf0/0xf0
  [<ffffffff8142a204>] tty_write+0xa4/0xf0
  [<ffffffff811a0fae>] vfs_write+0xce/0x1e0
  [<ffffffff811a1492>] SyS_write+0x52/0xa0
  [<ffffffff8172202f>] tracesys+0xe1/0xe6
 Code: 4e 48 83 c4 08 5b 5d c3 90 e8 fb fd ff ff eb e6 90 90 90 90 90 90 90 90 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 <f3> a4 c3 20 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 48 8d
 RIP [<ffffffff8135f232>] memcpy+0x12/0x110
  RSP <ffff88001e181cc0>
 CR2: 0000...

Sep 20 08:36:27 localhost kernel: [ 0.000000] Linux version 3.11.0-7-generic (root@gomeisa) (gcc version 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu2) ) #14~lp1218004Commitb1a1442Reverted SMP Thu Sep 19 23:20:35 UTC 2 (Ubuntu 3.11.0-7.14~lp1218004Commitb1a1442Reverted-generic 3.11.1)

That kernel crashed.

Ok, so it sounds like both commits need to be reverted. I'll build that kernel and post it shortly.

I created a test kernel with both commits reverted. Can you test the kernel and post back the results?

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

I tried it two times to be certain, but this kernel still crashes.

Linux blacklightning 3.11.0-7-generic #14~lp1218004BothCommitsReverted SMP Fri Sep 20 16:28:03 UTC 201 x86_64 x86_64 x86_64 GNU/Linux

Thanks, Brian. I'll take a closer look at the bisect results to make sure everything is correct.

In the meantime, could you test the latest mainline kernel, which is v3.12-rc1:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.12-rc1-saucy/

It's worth a shot to see if this is already fixed.

You'd asked me via irc to test that kernel and it crashed when I tested it then (on the 17th).

I marked commit b1a1442a23776756b254b69786848a94d92445ba as bad during the bisect. I'm going to build a mainline test kernel up to and including that commit. If that does not exhibit the bug, then we know commit b1a1442a23776756b254b69786848a94d92445ba should actually have been marked good, and I'll update the bisect with that info.

I'll have a test kernel to post shortly.

The test kernel up to commit b1a1442a23776756b254b69786848a94d92445ba is now at:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Can you see if this one exhibits the bug?

Sep 23 10:40:02 localhost kernel: [ 0.000000] Linux version 3.9.0-030900-generic (jsalisbury@gomeisa) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #201309231158 SMP Mon Sep 23 15:59:14 UTC 2013

That kernel also crashed.

I created a test kernel with commit 4e713cd Reverted. This is a HID commit that affects bluetooth:

commit 4e713cdffba8d486e58eefe2125041eb5df9aa3a
Author: David Herrmann <email address hidden>
Date: Thu May 23 13:10:25 2013 +0200

    HID: Bluetooth: hidp: register HID devices async

Can you test this kernel, to see if it also exhibits the bug:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

The .deb file names are:
linux-image-3.11.0-8-generic_3.11.0-8.15~lp1218004Commit4e713cdRevertedv3_amd64.deb
linux-image-extra-3.11.0-8-generic_3.11.0-8.15~lp1218004Commit4e713cdRevertedv3_amd64.deb

That kernel also crashed.

Sep 23 14:51:49 localhost kernel: [ 0.000000] Linux version 3.11.0-8-generic (root@gomeisa) (gcc version 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu3) ) #15~lp1218004Commit4e713cdRevertedv3 SMP Mon Sep 23 19:49:55 UTC (Ubuntu 3.11.0-8.15~lp1218004Commit4e713cdRevertedv3-generic 3.11.1)

I also tried 3.12...rc2 and that too crashed, there were actually multiple kernel oopses. You can see them in the attached log.

I started a bisect of just the HID subsystem. The first kernel is built up to commit:
5b22b91ab666634cab7fc4a7e0439d0bbbefb32e

Can you test this kernel, and post back the results:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

This kernel has not crashed.

Linux blacklightning 3.9.0-030900-generic #201309241430 SMP Tue Sep 24 18:34:06 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

The next kernel is built up to commit:
3685c18e17f12438d0a83331c1b6a5b00fade7a1

Can you test this kernel, and post back the results:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

That kernel did crash.

Sep 24 18:09:35 localhost kernel: [ 4473.626297] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
Sep 24 18:09:35 localhost kernel: [ 4473.626376] IP: [<ffffffff815f6a97>] datagram_poll+0xf7/0x110
Sep 24 18:09:35 localhost kernel: [ 4473.626434] PGD 6278e067 PUD 60c21067 PMD 0
Sep 24 18:09:35 localhost kernel: [ 4473.626474] Oops: 0002 [#1] SMP
Sep 24 18:09:35 localhost kernel: [ 4473.626506] Modules linked in: hid_magicmouse hidp hid dm_crypt cuse autofs4 snd_hda_codec_hdmi nfsd parport_pc snd_hda_codec_conexant bnep ppdev rfcomm auth_rpcgss nfs_acl nfs lockd sunrpc fscache binfmt_misc intel_powerclamp coretemp kvm_intel kvm crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper arc4 cryptd iwldvm mac80211 snd_hda_intel joydev snd_hda_codec snd_hwdep thinkpad_acpi snd_pcm nvram mei_me btusb snd_page_alloc snd_seq_midi snd_seq_midi_event mei snd_rawmidi snd_seq psmouse iwlwifi snd_seq_device snd_timer bluetooth lp wacom_w8001 snd cfg80211 microcode tpm_tis intel_ips soundcore serio_raw serport lpc_ich mac_hid parport btrfs xor zlib_deflate raid6_pq libcrc32c i915 i2c_algo_bit drm_kms_helper e1000e drm ahci libahci ptp pps_core wmi video
Sep 24 18:09:35 localhost kernel: [ 4473.627227] CPU: 2 PID: 1258 Comm: wpa_supplicant Not tainted 3.9.0-030900-generic #201309241735
Sep 24 18:09:35 localhost kernel: [ 4473.627293] Hardware name: LENOVO 0831CTO/0831CTO, BIOS 6QET53WW (1.23 ) 09/15/2010
Sep 24 18:09:35 localhost kernel: [ 4473.627355] task: ffff8800633cc650 ti: ffff880060c3a000 task.ti: ffff880060c3a000
Sep 24 18:09:35 localhost kernel: [ 4473.627411] RIP: 0010:[<ffffffff815f6a97>] [<ffffffff815f6a97>] datagram_poll+0xf7/0x110
Sep 24 18:09:35 localhost kernel: [ 4473.627476] RSP: 0018:ffff880060c3b998 EFLAGS: 00010246
Sep 24 18:09:35 localhost kernel: [ 4473.627519] RAX: 0000000000000049 RBX: ffff8800625b6000 RCX: 0000000000000000
Sep 24 18:09:35 localhost kernel: [ 4473.627573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880036673b00
Sep 24 18:09:35 localhost kernel: [ 4473.627629] RBP: ffff880060c3b9a8 R08: ffff880060c3a000 R09: ffff8800364b4cd8
Sep 24 18:09:35 localhost kernel: [ 4473.627682] R10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000b
Sep 24 18:09:35 localhost kernel: [ 4473.627735] R13: 0000000000000800 R14: 0000000000003e60 R15: ffff880036673b00
Sep 24 18:09:35 localhost kernel: [ 4473.627792] FS: 00007f7de0aa0740(0000) GS:ffff880077100000(0000) knlGS:0000000000000000
Sep 24 18:09:35 localhost kernel: [ 4473.627853] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
Sep 24 18:09:35 localhost kernel: [ 4473.627900] CR2: 0000000000000008 CR3: 0000000060c66000 CR4: 00000000000007e0
Sep 24 18:09:35 localhost kernel: [ 4473.627954] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Sep 24 18:09:35 localhost kernel: [ 4473.628007] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Sep 24 18:09:35 localhost kernel: [ 4473.628062] Stack:
Sep 24 18:09:35 localhost kernel: [ 4473.628079] ffff880060c3b9b8 ffff8800625b6000 ffff880060c3b9d8 ffffffff816d6e1b
Sep 24 18:09:35 localhost kernel: [ 4473.6...

The next kernel is built up to commit:
59e527866359ce6ff256775509ee65ffada9687d

Can you test this kernel, and post back the results:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Linux blacklightning 3.12.0-031200rc1-generic #201309251026 SMP Wed Sep 25 14:28:50 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

That kernel has not crashed.

That is great news. This is an interesting test result. That kernel is the mainline kernel with commit b1a1442a reverted. This last bisect indicated commit b1a1442a as the first bad commit. We tested a Saucy test kernel with this commit reverted and still hit the bug(comments #81 and #82).

This leads me to believe there is something specific to Saucy that needs to be pulled out as well as commit b1a1442a. Let me build another Saucy test kernel with commit b1a1442a reverted and see if the bug still exists. I'll also take a look at the Ubuntu changelogs to see what SAUCE patches have been applied.

I built another Saucy test kernel with commit b1a1442 reverted.

Can you test this kernel, and post back the results:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Sep 25 13:29:41 localhost kernel: [ 0.000000] Linux version 3.11.0-8-generic (root@gomeisa) (gcc version 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu3) ) #15~lp1218004Commitb1a1442aReverted SMP Wed Sep 25 17:48:58 UTC (Ubuntu 3.11.0-8.15~lp1218004Commitb1a1442aReverted-generic 3.11.1)
Sep 25 13:29:41 localhost kernel: [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-3.11.0-8-generic root=UUID=58a88244-4d22-41f7-bd3a-aaa049c553a6 ro initcall_debug usbcore.autosuspend=1 quiet splash vt.handoff=7

That kernel crashed.

Just a quick summary where we are currently:

Revert of b1a1442 in upstream v3.12-rc2 resolves bug.
Revert of b1a1442 in Ubuntu Saucy does NOT resolve bug.

There are no Ubuntu specific changes to HID between 3.10 and 3.11-rc1.
The 3.12-rc2 kernel has the following additionl commits on hid-core.c:
 cc6b54aa54bf40b762cab45a9fc8aa81653146eb HID: validate feature and input report details
 331415ff16a12147d57d5c953f3a961b7ede348b HID: provide a helper for validating hid reports

I propose the following tests:
Revert of b1a1442 in 3.11.1 stable.
Revert of b1a1442 in Saucy with a cherry pick of cc6b54a
Revert of b1a1442 in Saucy with a cherry pick of 331415f
If needed: Revert of b1a1442 in Saucy with a cherry pick of cc6b54a AND 331415f

If I recall, you tested upstrem 3.12-rc2 and it did exhibit this bug. If that is the case, we will probably need a combination of a revert of b1a1442 and a cherry pick of one of the other two commits mentioned above. I'll relay all of this information upstream once we have all the details.

I built the 3.11.1 stable kernel with commit b1a1442 reverted. Can you test this and see if it exhibits the bug:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Linux blacklightning 3.11.1-031101-generic #201309261009 SMP Thu Sep 26 14:12:24 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

That kernel has not crashed.

That was unexpected. This would further indicate an Ubuntu specific SAUCE patch that is causing this, since Saucy has been rebased to upstream 3.11.1. Let me build one more Saucy test kernel from the Saucy master-next tree and see if the bug is fixed by only reverting b1a1442. If the bug still does exist, I'll have to pull off some of the SAUCE patches to see which one is causing this.

I built the latest Saucy master-next kernel with commit b1a1442 reverted. Can you test this and see if it exhibits the bug:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

I built a Saucy kernel with commit b1a1442 reverted and all of the bluetooth SAUCE patches added since the 3.10 kernel. Can you test this and see if it exhibits the bug:

http://kernel.ubuntu.com/~jsalisbury/lp1218004/

That kernel has not crashed.

Linux blacklightning 3.11.0-9-generic #16~lp1218004Commitb1a1442aRevertedBluetoothSaucyReverted SMP Fr x86_64 x86_64 x86_64 GNU/Linux

That is good news. That kernel had b1a1442 reverted and the following SAUCE patches reverted:

a769174299b34c49ff53cb260686ba4e0448756a UBUNTU: SAUCE: Bluetooth: Add support for Broadcom 413c:8143
ce63c1821f06be1ff5db5514f1953e78dd99522c UBUNTU: SAUCE: Bluetooth: Add support for 105b:e065
b9095bbf7cc8e3d0998584c0f9b223e13ea983e1 UBUNTU: SAUCE: Bluetooth: Add support for 04ca:2007
dbf239e56edcf610fcd4b5c182d8a81ea5a7c429 UBUNTU: SAUCE: Bluetooth: Add support for 13d3:3388 and 13d3:3389
68192976e743c8d9eae22a6eb6871ea64c10d20a UBUNTU: SAUCE: Bluetooth: Support for loading broadcom patchram firmware

My guess is that it is commit 6819297 causing this issue. I'll build the next test kernel with commit b1a1442 reverted and only commit 6819297 reverted. If that kernel is good, then we found the two bad commits.

I'd also like to ensure that both reverts are required. We know that reverting b1a1442 and the bluetooth broadcom patchram firmware patches fixes the bug. I also built a test kernel with only the bluetooth patches reverted. Can you give this a test to see if it exhibits the bug:

http://kernel.ubuntu.com/~jsalisbury/lp1218004/

That kernel crashed too:

OopsText:
 BUG: unable to handle kernel paging request at ffff880062820000
 IP: [<ffffffff81369a4f>] memset+0x1f/0xb0
 PGD 1fe5067 PUD 1fe8067 PMD 633f4063 PTE 8000000062820161
 Oops: 0003 [#1] SMP
 Modules linked in: hid_magicmouse hidp hid cuse dm_crypt autofs4 parport_pc ppdev rfcomm bnep binfmt_misc nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache joydev arc4 iwldvm mac80211 intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd snd_hda_codec_hdmi snd_hda_codec_conexant snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc thinkpad_acpi nvram serport wacom_w8001 snd_seq_midi snd_seq_midi_event snd_rawmidi microcode snd_seq snd_seq_device snd_timer psmouse snd lp parport serio_raw intel_ips iwlwifi lpc_ich btusb bluetooth cfg80211 soundcore tpm_tis mei_me mac_hid mei btrfs xor zlib_deflate raid6_pq libcrc32c i915 i2c_algo_bit drm_kms_helper drm e1000e ahci libahci ptp pps_core wmi video
 CPU: 2 PID: 2775 Comm: khidpd_05ac030e Not tainted 3.11.0-9-generic #16~lp1218004BluetoothOnlyReverted
 Hardware name: LENOVO 0831CTO/0831CTO, BIOS 6QET53WW (1.23 ) 09/15/2010
 task: ffff88004b565dc0 ti: ffff8800133c4000 task.ti: ffff8800133c4000
 RIP: 0010:[<ffffffff81369a4f>] [<ffffffff81369a4f>] memset+0x1f/0xb0
 RSP: 0018:ffff8800133c5d20 EFLAGS: 00010202
 RAX: 0000000000000000 RBX: ffff88006281f011 RCX: 0000000000000002
 RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff88006281fffe
 RBP: ffff8800133c5da8 R08: 0000000000000001 R09: ffff88006281f01e
 R10: 0000000000000000 R11: 0000000000014580 R12: 000000000000000d
 R13: 000000000000000c R14: 0000000000000ff4 R15: 0000000000000001
 FS: 0000000000000000(0000) GS:ffff880077100000(0000) knlGS:0000000000000000
 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: ffff880062820000 CR3: 0000000001c0e000 CR4: 00000000000007e0
 Stack:
  ffffffffa07dabe1 ffff8800607f4000 ffffffff8155be01 000000008155c809
  0000000000000000 0000000000000001 ffff88004b504300 ffff88004b595000
  ffff880000000001 ffff88006281f012 ffff880000000000 ffff88006174a000
 Call Trace:
  [<ffffffffa07dabe1>] ? hid_report_raw_event+0xb1/0x410 [hid]
  [<ffffffff8155be01>] ? input_event+0x61/0x70
  [<ffffffffa07db052>] hid_input_report+0x112/0x190 [hid]
  [<ffffffffa07f37b5>] hidp_session_thread+0x6d5/0x8e0 [hidp]
  [<ffffffff81094b40>] ? wake_up_state+0x20/0x20
  [<ffffffff81094b40>] ? wake_up_state+0x20/0x20
  [<ffffffffa07f30e0>] ? hidp_copy_session+0x190/0x190 [hidp]
  [<ffffffff810847d0>] kthread+0xc0/0xd0
  [<ffffffff81084710>] ? kthread_create_on_node+0x120/0x120
  [<ffffffff8170302c>] ret_from_fork+0x7c/0xb0
  [<ffffffff81084710>] ? kthread_create_on_node+0x120/0x120
 Code: 1e 44 88 1f c3 90 90 90 90 90 90 90 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 66 66 66 90 66 66 66 90 66 66
 RIP [<ffffffff81369a4f>] memset+0x1f/0xb0
  RSP <ffff8800133c5d20>
 CR2: ffff880062820000
 ---[ end trace c3e149a55ccd53cb ]---

I a test kernel just to confirm all of our findings. This is the latest beta Saucy kernel with only commit b1a1442 reverted. This kernel should exhibit the bug, since it has the bluetooth SAUCE patches. If it does exhibit this bug, I'll submit requests to have all the bad commits reverted.

Getting the commits reverted will only be a temporary fix. In parallel, I'll work with upstream to get a proper fix for the issue commit b1a1442 introduced. I'll also bring up the issue of the bluetooth patches with the patch author.

Can you test this kernel and post back:
http://kernel.ubuntu.com/~jsalisbury/lp1218004/

Can you test the kernel at http://kernel.ubuntu.com/~jsalisbury/lp1218004/ and confirm it doesn't exhibit the bug. If it doesn't, I'll submit the request to have commit b1a1442 reverted.

Thanks for all the help testing!

This kernel has not crashed.

Linux blacklightning 3.11.0-9-generic #16~lp1218004LatestSaucyWithb1a1442Reverte

I submitted a request to have commit b1a1442 reverted in Saucy. I'll continue to work with upstream to see if there is an alternative to the revert.

This seems to be resolved for me with the latest kernel update (3.11.0-12-generic).

This bug was fixed in the package linux - 3.11.0-12.18

---------------
linux (3.11.0-12.18) saucy; urgency=low

  [ Andy Whitcroft ]

  * [Packing] tools -- when tools are off they are off
  * [config] tools -- linux-tools-common really is common
  * [Packaging] tools -- make cpupower optional
  * [Packaging] tools -- fix crosscompilation
  * [config] tools -- enable cpupower
  * SAUCE: storvsc -- host takes MAINTENANCE_IN commands badly elide them
    - LP: #1234417

  [ John Johansen ]

  * SAUCE: apparmor: fix unix domain sockets to be mediated on connection
    - LP: #1208988
  * SAUCE: apparmor: allocate path lookup buffers during init
    - LP: #1208988
  * SAUCE: apparmor: fix memleak of the profile hash
    - LP: #1235523
  * SAUCE: apparmor: fix memleak of replacedby struct
    - LP: #1235973
  * SAUCE: apparmor: fix bad lock balance when introspecting policy
    - LP: #1235977

  [ Paolo Pisati ]

  * [Config] arm: VIRTIO_[BLK|NET|MMIO]=y

  [ Rob Herring ]

  * SAUCE: (no-up) net: calxedaxgmac: fix clearing of old filter addresses
    - LP: #1235272
  * SAUCE: (no-up) net: calxedaxgmac: add uc and mc filter addresses in
    promiscuous mode
    - LP: #1235272
  * SAUCE: (no-up) net: calxedaxgmac: determine number of address filters
    at runtime
    - LP: #1235272

  [ Tim Gardner ]

  * [Config] CONFIG_ANDROID=n
    - LP: #1235161
  * [Config] CONFIG_L2TP_V3=y
    - LP: #1235914
  * Release tracker
    - LP: #1236999

  [ Upstream Kernel Changes ]

  * Revert "HID: core: fix reporting of raw events"
    - LP: #1218004
 -- Andy Whitcroft <email address hidden> Fri, 04 Oct 2013 13:08:59 +0100

Hi Brian,

Upstream has a patch that may fix this issue without a revert. Do you still have access to the hw to reproduce this bug? If so, do you think you can test a kernel to see if the patch from upstream does address the bug?

[0] http://www.kernelhub.org/?msg=380901&p=2

I posted some comments here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1248287

Apple Trackpad indeed crashes kernel 3.12.0-031200-generic on SAUCY (and TRUSTY with 3.12). But 3.11.0-12/3.11.0-14 seem to be good.

I have tried TRUSTY alpha1, either 3.12.0-6/3.12.0-7, both of them crashes with trackpad.

AND, I also test Apple MagicMouse, none of mentioned kernel crashes with either SAUCY nor TRUSTY.......

I had some issues with trackpad and trusty kernels, but now with 3.13.0-24 there are no OOPSes.