Created attachment 293705 [details]
dmesg output - used decode_stacktrace script
When using the Apple Trackpad 2 with the "hid-magicmouse" driver via USB, I get reproducible kernel crashes after unplugging the device. Sometimes, the computer hangs immediately, and even Magic SysRQ is not always possible in this state. But most of the times, the computer hangs during shutdown afterwards.
The same problem appears when turning the device off, or unloading the hid-magicmouse module, instead of unplugging it.
With enabled KASAN, I get reports like this when unplugging this device most of the time (but not always):
BUG: KASAN: double-free or invalid-free in hid_free_buffers.isra.0 (drivers/hid/usbhid/hid-core.c:978) usbhid
See attached dmesg output.
The problem is not reproducible when the hid-magicmouse module is blacklisted. The device can still be used (fallback to hid-generic driver) without this driver, but with very limited functionality.
Kernel built from unmodified 5.9.8 source code.
Created attachment 293707 [details]
Used kernel configuration
Works when unloading / blacklisting the "hid-generic" driver, too.
The problem only occurs when both driver modules, hid-generic and hid-magicmouse are loaded.
Adding the Apple Magic Trackpad 2 to the "hid_have_special_driver" list in hid-quirks.c solves the problem, too.
Is this not the right thing to do anyway? I am going to send a patch...
I may be experiencing the same bug:
I'm going to test your patch, building now...
Tested with 5.9.11.arch1-1, your patch seems to fix the issue I had.
Used kernel configuration:
Regarding your comment earlier, I don't know if it's the right way to do it, but it seems to work (it's hard to say for sure since the issue appears somewhat random). Should I encounter any issues again I will report it back here.
Thanks for looking into this!
Please let me know if I can do something else to help resolve this, e.g. testing with a different kernel version/config.
I'm experiencing the same bug, detected by KASAN, with Proxmox kernel 5.4.78-2-pve (based on Ubuntu Focal's kernel).
Created attachment 294807 [details]
logs from machine that cannot boot with trackpad attached
My machine cannot boot with Apple magic trackpad 2 plugged in:
Linux version 5.8.0-38-generic (buildd@lgw01-amd64-022) (gcc (Ubuntu 10.2.0-13ubuntu1) 10.2.0, GNU ld (GNU Binutils for Ubuntu) 2.35.1) #43-Ubuntu SMP Tue Jan 12 12:42:13 UTC 2021
I've attached logs.
From a security standpoint I'm curious if this could be exploited. I realize this would require physical access to exploit but Android phones run linux kernel and people often plug their phones into various usb outlets for charging purposes. If something pretends to be a Magic Trackpad I wonder how much such a device might be able to intrude into the kernel. This my affect priority of getting a fix.