Bug #1966499 “Recent 5.13 kernel has broken KVM support” : Bugs : linux package : Ubuntu

Revision history for this message

Stéphane Graber (stgraber) wrote on 2022-03-25:

#1

Download full text (5.8 KiB)

Mar 25 16:18:30 abydos kernel: [ 1319.549186] ------------[ cut here ]------------
Mar 25 16:18:30 abydos kernel: [ 1319.549191] WARNING: CPU: 12 PID: 15052 at arch/x86/kvm/vmx/vmx.c:6336 vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 25 16:18:30 abydos kernel: [ 1319.549213] Modules linked in: wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libblake2s blake2s_x86_64 libcurve25519_generic libchacha libblake2s_generic xt_HL xt_MASQUERADE xt_TCPMSS xt_tcpudp binfmt_misc rbd unix_diag nf_conntrack_netlink veth ceph libceph fscache netfs zfs(PO) zunicode(PO) zzstd(O) zlua(O) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) ebtable_filter ebtables ip6table_raw ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_raw iptable_mangle iptable_nat iptable_filter bpfilter nf_tables vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock shiftfs sch_ingress geneve ip6_udp_tunnel udp_tunnel nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 8021q garp mrp nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ipmi_ssif intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm rapl intel_cstate
Mar 25 16:18:30 abydos kernel: [ 1319.549305] efi_pstore joydev input_leds cdc_acm mei_me mei ioatdma bridge stp llc bonding acpi_ipmi tls ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad mac_hid sch_fq_codel ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid ast drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt crct10dif_pclmul fb_sys_fops crc32_pclmul ghash_clmulni_intel cec nvme rc_core aesni_intel crypto_simd ixgbe igb i2c_i801 xfrm_algo nvme_core drm i2c_smbus ahci i2c_algo_bit cryptd lpc_ich dca xhci_pci mdio libahci xhci_pci_renesas wmi
Mar 25 16:18:30 abydos kernel: [ 1319.549394] CPU: 12 PID: 15052 Comm: qemu-system-x86 Tainted: P O 5.13.0-39-generic #44~20.04.1-Ubuntu
Mar 25 16:18:30 abydos kernel: [ 1319.549399] Hardware name: Supermicro PIO-618U-T4T+-ST031/X10DRU-i+, BIOS 3.2a 11/19/2019
Mar 25 16:18:30 abydos kernel: [ 1319.549402] RIP: 0010:vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 25 16:18:30 abydos kernel: [ 1319.549415] Code: 83 c4 10 5b 5d c3 48 89 df e8 5d dc eb fd 8b 93 00 03 00 00 89 45 ec 83 e2 20 85 d2 75 d2 89 c7 e8 f6 fd ff ff 8b 45 ec eb c6 <0f> 0b eb 86 f0 80 4b 39 40 8b 93 00 03 00 00 8b 45 ec 83 e2 20 eb
Mar 25 16:18:30 abydos kernel: [ 1319.549419] RSP: 0018:ffffaed30c577cd8 EFLAGS: 00010246
Mar 25 16:18:30 abydos kernel: [ 1319.549423] RAX: 0000000000000000 RBX: ffff98162a4f8000 RCX: 0000000000000000
Mar 25 16:18:30 abydos kernel: [ 1319.549425] RDX: 0000000000000400 RSI: ffffffffc0c38509 RDI: ffff98162a4f8000
Mar 25 16:18:30 abydos kernel: [ 1319.549428] RBP: ffffaed30c577cf0 R08: 0000000000000400 R09: ffff98161e73fc00
Mar 25 16:18:30 abydos kernel: [ 1319.549430] R10: 0000000000000000 R11: 0000000000000000 R12: ffff98162a4f8000
Mar 25 16:18:30 aby...

Mar 25 16:18:30 abydos kernel: [ 1319.549186] ------------[ cut here ]------------
Mar 25 16:18:30 abydos kernel: [ 1319.549191] WARNING: CPU: 12 PID: 15052 at arch/x86/kvm/vmx/vmx.c:6336 vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 25 16:18:30 abydos kernel: [ 1319.549213] Modules linked in: wireguard curve25519_x86_64 libchacha20poly1305 chacha_x86_64 poly1305_x86_64 libblake2s blake2s_x86_64 libcurve25519_generic libchacha libblake2s_generic xt_HL xt_MASQUERADE xt_TCPMSS xt_tcpudp binfmt_misc rbd unix_diag nf_conntrack_netlink veth ceph libceph fscache netfs zfs(PO) zunicode(PO) zzstd(O) zlua(O) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) ebtable_filter ebtables ip6table_raw ip6table_mangle ip6table_nat ip6table_filter ip6_tables iptable_raw iptable_mangle iptable_nat iptable_filter bpfilter nf_tables vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock shiftfs sch_ingress geneve ip6_udp_tunnel udp_tunnel nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 8021q garp mrp nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua ipmi_ssif intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm rapl intel_cstate
Mar 25 16:18:30 abydos kernel: [ 1319.549305]  efi_pstore joydev input_leds cdc_acm mei_me mei ioatdma bridge stp llc bonding acpi_ipmi tls ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad mac_hid sch_fq_codel ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid ast drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt crct10dif_pclmul fb_sys_fops crc32_pclmul ghash_clmulni_intel cec nvme rc_core aesni_intel crypto_simd ixgbe igb i2c_i801 xfrm_algo nvme_core drm i2c_smbus ahci i2c_algo_bit cryptd lpc_ich dca xhci_pci mdio libahci xhci_pci_renesas wmi
Mar 25 16:18:30 abydos kernel: [ 1319.549394] CPU: 12 PID: 15052 Comm: qemu-system-x86 Tainted: P           O      5.13.0-39-generic #44~20.04.1-Ubuntu
Mar 25 16:18:30 abydos kernel: [ 1319.549399] Hardware name: Supermicro PIO-618U-T4T+-ST031/X10DRU-i+, BIOS 3.2a 11/19/2019
Mar 25 16:18:30 abydos kernel: [ 1319.549402] RIP: 0010:vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 25 16:18:30 abydos kernel: [ 1319.549415] Code: 83 c4 10 5b 5d c3 48 89 df e8 5d dc eb fd 8b 93 00 03 00 00 89 45 ec 83 e2 20 85 d2 75 d2 89 c7 e8 f6 fd ff ff 8b 45 ec eb c6 <0f> 0b eb 86 f0 80 4b 39 40 8b 93 00 03 00 00 8b 45 ec 83 e2 20 eb
Mar 25 16:18:30 abydos kernel: [ 1319.549419] RSP: 0018:ffffaed30c577cd8 EFLAGS: 00010246
Mar 25 16:18:30 abydos kernel: [ 1319.549423] RAX: 0000000000000000 RBX: ffff98162a4f8000 RCX: 0000000000000000
Mar 25 16:18:30 abydos kernel: [ 1319.549425] RDX: 0000000000000400 RSI: ffffffffc0c38509 RDI: ffff98162a4f8000
Mar 25 16:18:30 abydos kernel: [ 1319.549428] RBP: ffffaed30c577cf0 R08: 0000000000000400 R09: ffff98161e73fc00
Mar 25 16:18:30 abydos kernel: [ 1319.549430] R10: 0000000000000000 R11: 0000000000000000 R12: ffff98162a4f8000
Mar 25 16:18:30 abydos kernel: [ 1319.549433] R13: 00007f272bff9dd0 R14: ffff98161e73fc00 R15: ffff98162a4f8000
Mar 25 16:18:30 abydos kernel: [ 1319.549435] FS:  00007f272bffe700(0000) GS:ffff981c9f800000(0000) knlGS:0000000000000000
Mar 25 16:18:30 abydos kernel: [ 1319.549439] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Mar 25 16:18:30 abydos kernel: [ 1319.549442] CR2: 00007f2a31708001 CR3: 00000009ea4ac001 CR4: 00000000001726e0
Mar 25 16:18:30 abydos kernel: [ 1319.549445] Call Trace:
Mar 25 16:18:30 abydos kernel: [ 1319.549447]  <TASK>
Mar 25 16:18:30 abydos kernel: [ 1319.549450]  kvm_arch_vcpu_ioctl+0x8fd/0x1260 [kvm]
Mar 25 16:18:30 abydos kernel: [ 1319.549590]  ? kvm_arch_vcpu_ioctl+0xc1/0x1260 [kvm]
Mar 25 16:18:30 abydos kernel: [ 1319.549659]  ? kfree+0xd8/0x2a0
Mar 25 16:18:30 abydos kernel: [ 1319.549669]  kvm_vcpu_ioctl+0x3a7/0x5f0 [kvm]
Mar 25 16:18:30 abydos kernel: [ 1319.549720]  ? __fget_light+0xce/0xf0
Mar 25 16:18:30 abydos kernel: [ 1319.549728]  __x64_sys_ioctl+0x91/0xc0
Mar 25 16:18:30 abydos kernel: [ 1319.549734]  do_syscall_64+0x61/0xb0
Mar 25 16:18:30 abydos kernel: [ 1319.549739]  ? do_syscall_64+0x6e/0xb0
Mar 25 16:18:30 abydos kernel: [ 1319.549742]  ? syscall_exit_to_user_mode+0x27/0x50
Mar 25 16:18:30 abydos kernel: [ 1319.549747]  ? do_syscall_64+0x6e/0xb0
Mar 25 16:18:30 abydos kernel: [ 1319.549750]  ? syscall_exit_to_user_mode+0x27/0x50
Mar 25 16:18:30 abydos kernel: [ 1319.549755]  ? do_syscall_64+0x6e/0xb0
Mar 25 16:18:30 abydos kernel: [ 1319.549758]  entry_SYSCALL_64_after_hwframe+0x44/0xae
Mar 25 16:18:30 abydos kernel: [ 1319.549771] RIP: 0033:0x7f2a3b2b33db
Mar 25 16:18:30 abydos kernel: [ 1319.549775] Code: 0f 1e fa 48 8b 05 b5 7a 0d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 85 7a 0d 00 f7 d8 64 89 01 48
Mar 25 16:18:30 abydos kernel: [ 1319.549779] RSP: 002b:00007f272bff9d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
Mar 25 16:18:30 abydos kernel: [ 1319.549784] RAX: ffffffffffffffda RBX: 000000008400ae8e RCX: 00007f2a3b2b33db
Mar 25 16:18:30 abydos kernel: [ 1319.549786] RDX: 00007f272bff9dd0 RSI: ffffffff8400ae8e RDI: 000000000000001a
Mar 25 16:18:30 abydos kernel: [ 1319.549788] RBP: 000056352c6f0240 R08: 000056352b0bc6f4 R09: 000056352b0bc794
Mar 25 16:18:30 abydos kernel: [ 1319.549791] R10: 000056352b0bca9c R11: 0000000000000246 R12: 00007f272bff9dd0
Mar 25 16:18:30 abydos kernel: [ 1319.549793] R13: 000fc00000000000 R14: 00007fff9bf54510 R15: 00007f272bffa500
Mar 25 16:18:30 abydos kernel: [ 1319.549797]  </TASK>
Mar 25 16:18:30 abydos kernel: [ 1319.549799] ---[ end trace 7c4ac6549c7adaa2 ]---
Mar 25 16:18:30 abydos kernel: [ 1319.549950] ------------[ cut here ]------------

Changed in linux (Ubuntu):
status:	New → Confirmed

Revision history for this message

Stéphane Graber (stgraber) wrote on 2022-03-25:

#2

This repeats in a loop and fills tens of GBs of space with kernel logs in just a few minutes before crashing the entire system.

Revision history for this message

Simon Déziel (sdeziel) wrote on 2022-03-25:

#3

5.13.0-38.43 has the fix but 5.13.0-39.44 doesn't, presumably because -39 includes urgent security fixes.

Revision history for this message

Stéphane Graber (stgraber) wrote on 2022-03-25:

#4

Ah yeah, that could be. I figured I'd test what's in -proposed but if -proposed is a security only fix on top of -37, that wouldn't help much.

It's a bit frustrating because users would have gotten the busted kernel as part of -37 which includes a security fix but then the only real option to get a booting system back now is to go to pre-security-fix.

Unfortunately this is a production server and I already spent half of the week dealing with this mess so don't have more time to play kernel bingo. Server is now running a clean upstream build.

Revision history for this message

Eric Anopolsky (erpo41) wrote on 2022-03-29:

#5

I arrived at work this morning to find a frozen workstation with a full disk. This bug was one of two relevant search results, so I'm documenting the recovery steps I took here in case it will be helpful to others:

1. Held down the power button until the PC turned off.
2. Waited a few seconds and powered the PC back on.
3. On the grub menu, chose Advanced options for Ubuntu -> Ubuntu, with Linux 5.13.0-35-generic (recovery mode) and waited for the system to boot.
4. On the Recovery Menu, chose the root option and hit enter.
5. Ran the following:

rm /var/log/kern.log # freed up about 800GB
head -n 100000 /var/log/syslog > /var/log/syslog.bak # saved a few copies of the error just in case
rm /var/log/syslog # freed up another 800GB
apt remove linux-image-5.13.0-37-generic linux-image-unsigned-5.13.0-37-generic # it was necessary to remove the second package because that's what apt tried to install when only the first one was specified
reboot # temporary fix is complete

6. Allowed the system to boot normally without intervention.
7. Logged in, opened a terminal, and confirmed that the fix worked:

uname -a
# Expected output: Linux IS01209 5.13.0-35-generic #40~20.04.1-Ubuntu SMP Mon Mar 7 09:18:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

virsh list
# Expected output:
# Id Name State
#---------------------------------
# 1 my-windows-vm running
#
# Note: My Windows VM is configured to start on boot. For affected users who have a Windows VM that is not configured to start on boot, it may be necessary to start the VM manually before moving on to the next step.

watch du -h /var/log/syslog /var/log/kern.log
# Expected output:
# Every 2.0s: du -h /var/... (hostname and date/time)
#
# 320K /var/log/syslog
# 100K /var/log/kern.log
#
# Note: If those two files stay the same size or grow slowly, the fix worked. If those two files grow rapidly, the fix did not work.

Note that the above steps will also uninstall the linux-generic-hwe-20.04 package, which will prevent future kernel updates. When this bug is resolved, I plan to run (and recommend that others run) `sudo apt install linux-generic-hwe-20.04` to resume kernel updates.

I arrived at work this morning to find a frozen workstation with a full disk. This bug was one of two relevant search results, so I'm documenting the recovery steps I took here in case it will be helpful to others:

1. Held down the power button until the PC turned off.
2. Waited a few seconds and powered the PC back on.
3. On the grub menu, chose Advanced options for Ubuntu -> Ubuntu, with Linux 5.13.0-35-generic (recovery mode) and waited for the system to boot.
4. On the Recovery Menu, chose the root option and hit enter.
5. Ran the following:

rm /var/log/kern.log # freed up about 800GB
head -n 100000 /var/log/syslog > /var/log/syslog.bak # saved a few copies of the error just in case
rm /var/log/syslog # freed up another 800GB
apt remove linux-image-5.13.0-37-generic linux-image-unsigned-5.13.0-37-generic # it was necessary to remove the second package because that's what apt tried to install when only the first one was specified
reboot # temporary fix is complete

6. Allowed the system to boot normally without intervention.
7. Logged in, opened a terminal, and confirmed that the fix worked:

uname -a
# Expected output: Linux IS01209 5.13.0-35-generic #40~20.04.1-Ubuntu SMP Mon Mar 7 09:18:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

virsh list
# Expected output:
# Id   Name              State
#---------------------------------
# 1    my-windows-vm     running
#
# Note: My Windows VM is configured to start on boot. For affected users who have a Windows VM that is not configured to start on boot, it may be necessary to start the VM manually before moving on to the next step.

watch du -h /var/log/syslog /var/log/kern.log
# Expected output:
# Every 2.0s: du -h /var/...  (hostname and date/time)
# 
# 320K    /var/log/syslog
# 100K    /var/log/kern.log
#
# Note: If those two files stay the same size or grow slowly, the fix worked. If those two files grow rapidly, the fix did not work.

Note that the above steps will also uninstall the linux-generic-hwe-20.04 package, which will prevent future kernel updates. When this bug is resolved, I plan to run (and recommend that others run) `sudo apt install linux-generic-hwe-20.04` to resume kernel updates.

Revision history for this message

DaveTickem (dave-tickem) wrote on 2022-03-29 (last edit on 2022-03-29):

#6

Same here, rollback to .35 and have a hold on that version until a fix released. Behaviour aligns with comments on related thread - only when passing through a PCIe GPU to a (linux in my case) guest. Drop the VM back to QEMU graphics, serial terminal or other and this logspam does not materialise.

Snip of log, can provide more, however very similar to first report.

Mar 22 07:43:27 giskard kernel: [ 295.128031] ------------[ cut here ]------------
Mar 22 07:43:27 giskard kernel: [ 295.128124] RIP: 0010:vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 22 07:43:27 giskard kernel: [ 295.128137] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8bb030e90000
Mar 22 07:43:27 giskard kernel: [ 295.128143] <TASK>
Mar 22 07:43:27 giskard kernel: [ 295.128271] __x64_sys_ioctl+0x91/0xc0
Mar 22 07:43:27 giskard kernel: [ 295.128286] entry_SYSCALL_64_after_hwframe+0x44/0xae
Mar 22 07:43:27 giskard kernel: [ 295.128295] RBP: 0000560f97b50c70 R08: 0000560f966401f0 R09: 00000000ffffffff
Mar 22 07:43:27 giskard kernel: [ 295.128317] WARNING: CPU: 4 PID: 8318 at arch/x86/kvm/vmx/vmx.c:6336 vmx_sync_pir_to_irr+0x9f/0xc
0 [kvm_intel]
Mar 22 07:43:27 giskard kernel: [ 295.128417] Code: 83 c4 10 5b 5d c3 48 89 df e8 5d 6c 12 00 8b 93 00 03 00 00 89 45 ec 83 e2 20 8
5 d2 75 d2 89 c7 e8 f6 fd ff ff 8b 45 ec eb c6 <0f> 0b eb 86 f0 80 4b 39 40 8b 93 00 03 00 00 8b 45 ec 83 e2 20 eb
Mar 22 07:43:27 giskard kernel: [ 295.128425] R13: 0000000000000000 R14: ffffb071854f23e0 R15: ffff8bafc4d43080
Mar 22 07:43:27 giskard kernel: [ 295.128432] vcpu_enter_guest+0x354/0x11e0 [kvm]
Mar 22 07:43:27 giskard kernel: [ 295.128562] do_syscall_64+0x61/0xb0
Mar 22 07:43:27 giskard kernel: [ 295.128576] RIP: 0033:0x7fcada3633db
Mar 22 07:43:27 giskard kernel: [ 295.128582] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000015
Mar 22 07:43:27 giskard kernel: [ 295.128588] </TASK>

Revision history for this message

Eric Anopolsky (erpo41) wrote on 2022-03-29:

#7

This issue occurs in my environment with a Windows guest even without PCIe GPU passthrough:

anopolsky@IS01209:~$ virsh dumpxml windows-primary |grep hostdev|wc -l
0
anopolsky@IS01209:~$ virsh dumpxml windows-primary |grep -A 4 '<video>'
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>

Revision history for this message

Axton Grams (axton-grams) wrote on 2022-03-29:

#8

Download full text (6.3 KiB)

Similar configuration with Windows guests (6 total):

root@cluster-05:/var/log# virsh dumpxml guest1 |grep -A 4 '<video>'
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>

This is the first error, just after starting the first vm.

Mar 28 06:27:17 cluster-05 systemd[1]: Started Virtual Machine guest1.
Mar 28 06:27:17 cluster-05 kernel: [ 21.227759] ------------[ cut here ]------------
Mar 28 06:27:17 cluster-05 kernel: [ 21.227762] WARNING: CPU: 21 PID: 5027 at arch/x86/kvm/vmx/vmx.c:6336 vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 28 06:27:17 cluster-05 kernel: [ 21.227779] Modules linked in: vhost_net vhost vhost_iotlb tap ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bpfilter nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua zfs(PO) zunicode(PO) zzstd(O) ipmi_ssif zlua(O) intel_rapl_msr zavl(PO) intel_rapl_common icp(PO) zcommon(PO) znvpair(PO) spl(O) isst_if_common skx_edac nfit x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ast kvm crct10dif_pclmul drm_vram_helper ghash_clmulni_intel joydev drm_ttm_helper ttm rapl drm_kms_helper input_leds intel_cstate cec rc_core i2c_algo_bit efi_pstore fb_sys_fops syscopyarea sysfillrect sysimgblt mei_me ioatdma mei intel_pch_thermal dca acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler bridge acpi_pad acpi_power_meter mac_hid sch_fq_codel mii 8021q garp mrp stp llc bonding tls drm ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear
Mar 28 06:27:17 cluster-05 kernel: [ 21.227848] hid_generic usbhid hid raid1 crc32_pclmul aesni_intel crypto_simd i40e mpt3sas cryptd nvme raid_class i2c_i801 scsi_transport_sas ahci nvme_core xhci_pci i2c_smbus lpc_ich libahci xhci_pci_renesas wmi
Mar 28 06:27:17 cluster-05 kernel: [ 21.227865] CPU: 21 PID: 5027 Comm: CPU 0/KVM Tainted: P O 5.13.0-37-generic #42~20.04.1-Ubuntu
Mar 28 06:27:17 cluster-05 kernel: [ 21.227868] Hardware name: Supermicro SYS-5019P-M/X11SPM-F, BIOS 3.0c 03/27/2019
Mar 28 06:27:17 cluster-05 kernel: [ 21.227870] RIP: 0010:vmx_sync_pir_to_irr+0x9f/0xc0 [kvm_intel]
Mar 28 06:27:17 cluster-05 kernel: [ 21.227879] Code: 83 c4 10 5b 5d c3 48 89 df e8 5d 1c 30 00 8b 93 00 03 00 00 89 45 ec 83 e2 20 85 d2 75 d2 89 c7 e8 f6 fd ff ff 8b 45 ec eb c6 <0f> 0b eb 86 f0 80 4b 39 40 8b 93 00 03 00 00 8b 45 ec 83 e2 20 eb
Mar 28 06:27:17 cluster-05 kernel: [ 21.227881] RSP: 0018:ffffb6e7c1f97cf0 EFLAGS: 00010246
Mar 28 06:27:17 cluster-05 kernel: [ 21.227884] RAX: 0000000000000000 RBX: ffff9cd2b0a5a640 RCX: 0000000000000006
Mar 28 06:27:17 cluster-05 kernel: [ 21.227886] RDX: 00000000fffe2b98 RSI: ffffffffc0e9c509 RDI: ffff9cd2b0a5a640
Mar 28 06:27:17 cluster-05 kernel: [ 21.227887] RBP: ffffb6e7c1f97d08 R08: 0000000000000400 R09: 00000000ffffffff
Mar 28 06:27:17 cluster-05 kernel: [ 21.227889] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9cd2b0a5a640
Mar 28 06:27:17 ...

I managed to reproduce this with the hyperv_stimer test in kvm-unit-tests with Impish 5.13.0-39, with the identical output spamming in dmesg.

And I can reproduce this with 5.13.0-40

[  921.874608] ------------[ cut here ]------------
[  921.874609] WARNING: CPU: 13 PID: 6997 at arch/x86/kvm/vmx/vmx.c:6336 vmx_sync_pir_to_irr+0x9e/0xc0 [kvm_intel]
[  921.874613]  ? xfer_to_guest_mode_work+0xe2/0x110
[  921.874616] Modules linked in: vhost_net vhost vhost_iotlb tap xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter nf_tables nfnetlink bridge stp llc nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm joydev input_leds ioatdma rapl intel_cstate efi_pstore ipmi_si mei_me mei mac_hid acpi_pad
[  921.874616]  vcpu_run+0x4d/0x220 [kvm]
[  921.874635]  acpi_power_meter sch_fq_codel ipmi_devintf ipmi_msghandler msr ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear hid_generic usbhid hid mgag200 i2c_algo_bit drm_kms_helper crct10dif_pclmul syscopyarea crc32_pclmul sysfillrect sysimgblt ghash_clmulni_intel fb_sys_fops ixgbe cec aesni_intel rc_core crypto_simd xfrm_algo cryptd drm ahci dca i2c_i801 xhci_pci mdio libahci i2c_smbus lpc_ich xhci_pci_renesas wmi
[  921.874664] CPU: 13 PID: 6997 Comm: qemu-system-x86 Tainted: G        W I       5.13.0-39-generic #44-Ubuntu
[  921.874665] Hardware name: Intel Corporation S2600WTT/S2600WTT, BIOS SE5C610.86B.01.01.1008.031920151331 03/19/2015
[  921.874651]  kvm_arch_vcpu_ioctl_run+0xc5/0x4f0 [kvm]
[  921.874666] RIP: 0010:vmx_sync_pir_to_irr+0x9e/0xc0 [kvm_intel]
[  921.874671] Code: e8 47 f5 18 00 8b 93 00 03 00 00 89 45 ec 83 e2 20 85 d2 74 dc 48 8b 55 f0 65 48 2b 14 25 28 00 00 00 75 1d 48 8b 5d f8 c9 c3 <0f> 0b eb 87 f0 80 4b 39 40 8b 93 00 03 00 00 8b 45 ec 83 e2 20 eb
[  921.874673] RSP: 0018:ffffae4d8d107c98 EFLAGS: 00010046
[  921.874674] RAX: 0000000000000000 RBX: ffff99c552942640 RCX: ffff99c5043a72f0
[  921.874675] RDX: ffff99c552942640 RSI: 0000000000000001 RDI: ffff99c552942640
[  921.874676] RBP: ffffae4d8d107cb0 R08: ffff99c86f6a7140 R09: 0000000000027100
[  921.874677] R10: 0000000042280000 R11: 000000000000000a R12: ffff99c552942640
[  921.874678] R13: 0000000000000000 R14: ffffae4d8d1a63e0 R15: ffff99c552942640
[  921.874679] FS:  00007f6ae9be7640(0000) GS:ffff99c86f680000(0000) knlGS:0000000000000000
[  921.874680] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  921.874681] CR2: 0000000000000000 CR3: 000000010b8a6006 CR4: 00000000001726e0
[  921.874683] Call Trace:
[  921.874684]  <TASK>
[  921.874684]  kvm_vcpu_ioctl+0x243/0x5e0 [kvm]
[  921.874685]  vcpu_enter_guest+0x383/0xf50 [kvm]
[  921.874720]  ? xfer_to_guest_mode_work+0xe2/0x110
[  921.874709]  ? kvm_vm_ioctl+0x364/0x730 [kvm]
[  921.874738]  ? __fget_files+0x86/0xc0
[  921.874723]  vcpu_run+0x4d/0x220 [kvm]
[  921.874742]  __x64_sys_ioctl+0x91/0xc0
[  921.874744]  do_syscall_64+0x61/0xb0
[  921.874747]  ? fput+0x13/0x20
[  921.874749]  ? exit_to_user_mode_prepare+0x37/0xb0
[  921.874751]  ? syscall_exit_to_user_mode+0x27/0x50
[  921.874752]  ? do_syscall_64+0x6e/0xb0
[  921.874755]  ? syscall_exit_to_user_mode+0x27/0x50
[  921.874756]  ? do_syscall_64+0x6e/0xb0
[  921.874759]  ? do_syscall_64+0x6e/0xb0
[  921.874761]  ? do_syscall_64+0x6e/0xb0
[  921.874764]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  921.874766] RIP: 0033:0x7f6aebce1a2b
[  921.874767] Code: ff ff ff 85 c0 79 8b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d d5 f3 0f 00 f7 d8 64 89 01 48
[  921.874769] RSP: 002b:00007f6ae8ffe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  921.874771] RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007f6aebce1a2b
[  921.874772] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000c
[  921.874774] RBP: 0000557d3b429b90 R08: 0000557d3a4ebff0 R09: 00000000ffffffff
[  921.874758]  kvm_arch_vcpu_ioctl_run+0xc5/0x4f0 [kvm]
[  921.874776] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  921.874777] R13: 0000000000000001 R14: 0000000000003000 R15: 0000000000000000
[  921.874779]  </TASK>
[  921.874780] ---[ end trace 5b722d71a78069b1 ]---

Po-Hsu Lin (cypressyew) on 2022-04-07

Changed in linux (Ubuntu Impish):
assignee:	nobody → Po-Hsu Lin (cypressyew)

Po-Hsu Lin (cypressyew) on 2022-04-08

tags:

added: 5.13 impish

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-08:

#12

Hello folks,
can you give this test kernel a try:
https://people.canonical.com/~phlin/kernel/lp-1966499-kvm-warn-flood/

Which contains the following commits:
* KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled
* KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM
* KVM: Add infrastructure and macro to mark VM as bugged

$ uname -a
Linux fili 5.13.0-41-generic #46+lp1966499v2 SMP Fri Apr 8 05:39:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

I am not sure how to reproduce this issue by creating a new VM, so I have it verified on my bare-metal testing node with the hyperv_stimer test in: https://code.launchpad.net/~canonical-kernel-team/+git/kvm-unit-tests
Steps:
1. sudo apt install -y build-essential cpu-checker qemu-kvm git gcc
2. git clone -b hirsute --depth=1 https://code.launchpad.net/~canonical-kernel-team/+git/kvm-unit-tests
3. cd kvm-unit-tests; make standalone
4. sudo ./tests/hyperv_stimer

With unpatched kernel the test will fail with timeout.
And dmesg will be flooded with this warning until disk ran out of space:
WARNING: CPU: 13 PID: 6997 at arch/x86/kvm/vmx/vmx.c:6336 vmx_sync_pir_to_irr+0x9e/0xc0 [kvm_intel]

With the patched kernel this test will pass with clean dmesg.

Revision history for this message

Daniël Vos (vosdev) wrote on 2022-04-08:

#13

I'm available for testing but I only have Ubuntu 20.04 servers available. I believe you built it for a newer version.

dpkg: dependency problems prevent configuration of linux-headers-5.13.0-41-generic:
linux-headers-5.13.0-41-generic depends on libc6 (>= 2.34); however:
Version of libc6:amd64 on system is 2.31-0ubuntu9.7.

You could also `snap install lxd` and `lxc launch images:ubuntu/20.04 --vm vm1` to run a VM using LXD.

Followed by `lxc exec vm1 bash` after 10-30 seconds

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-08:

#14

Hey Daniël Vos (vosdev),
thanks for the reproducer, it helps to ensure this fix is working as expected, and provides us more coverage in the future!
I can get this flooded warning message right after starting the VM on my Impish test server. And the fix works.

And yes, this kernel is for Impish, I should have build a Focal hwe kernel as well. You will find the Focal 5.13 HWE kernel in the focal directory:
https://people.canonical.com/~phlin/kernel/lp-1966499-kvm-warn-flood/

Revision history for this message

Daniël Vos (vosdev) wrote on 2022-04-08:

#15

Hey Po-Hsu Lin,

Tested on Ubuntu 20.04 and can confirm my VMs run again! Thanks for the quick fix!

Po-Hsu Lin (cypressyew) on 2022-04-09

Changed in linux (Ubuntu Impish):
status:	Confirmed → In Progress

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-11:

#16

Thanks for your feedback, I have submitted the patch for SRU:
https://lists.ubuntu.com/archives/kernel-team/2022-April/129362.html

description:	updated
Changed in linux (Ubuntu Jammy):
status:	Confirmed → Fix Released

Stefan Bader (smb) on 2022-04-12

Changed in linux (Ubuntu Impish):
importance:	Undecided → High

Kleber Sacilotto de Souza (kleber-souza) on 2022-04-13

Changed in linux (Ubuntu Impish):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-04-19:

#17

This bug is awaiting verification that the linux/5.13.0-41.46 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-impish' to 'verification-done-impish'. If the problem still exists, change the tag 'verification-needed-impish' to 'verification-failed-impish'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-impish

Revision history for this message

Stéphane Z (salamafet) wrote on 2022-04-19:

#18

Works great on my side with the 5.13.0-41.46 kernel.

VM start correctly and no more log spamming.

tags:

added: verification-done-impish
removed: verification-needed-impish

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-20:

#19

Thanks for testing this!

Revision history for this message

Axton Grams (axton-grams) wrote on 2022-04-26:

#20

Will this also be released for focal?

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-04-27:

#21

Hi,
Yes it will be shipped with Focal HWE 5.13 kernel.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-05-10:

#22

Download full text (33.7 KiB)

This bug was fixed in the package linux - 5.13.0-41.46

---------------
linux (5.13.0-41.46) impish; urgency=medium

* impish/linux: 5.13.0-41.46 -proposed tracker (LP: #1969014)

  * NVMe devices fail to probe due to ACPI power state change (LP: #1942624)
    - ACPI: power: Rework turning off unused power resources
    - ACPI: PM: Do not turn off power resources in unknown state

  * Recent 5.13 kernel has broken KVM support (LP: #1966499)
    - KVM: Add infrastructure and macro to mark VM as bugged
    - KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM
    - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled

* LRMv6: add multi-architecture support (LP: #1968774)
- [Packaging] resync dkms-build{,--nvidia-N}

* io_uring regression - lost write request (LP: #1952222)
- io-wq: split bounded and unbounded work into separate lists

* xfrm interface cannot be changed anymore (LP: #1968591)
- xfrm: fix the if_id check in changelink

* Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
- [Debian] Use kernel-testing repo from launchpad

  * vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
    selector (got 50)) (LP: #1956315)
    - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit

* audio from external sound card is distorted (LP: #1966066)
- ALSA: usb-audio: Fix packet size calculation regression

  * Impish update: upstream stable patchset 2022-04-12 (LP: #1968771)
    - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
    - btrfs: tree-checker: check item_size for inode_item
    - btrfs: tree-checker: check item_size for dev_item
    - clk: jz4725b: fix mmc0 clock gating
    - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
    - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
    - parisc/unaligned: Fix ldw() and stw() unalignment handlers
    - KVM: x86/mmu: make apf token non-zero to fix bug
    - drm/amdgpu: disable MMHUB PG for Picasso
    - drm/i915: Correctly populate use_sagv_wm for all pipes
    - sr9700: sanity check for packet length
    - USB: zaurus: support another broken Zaurus
    - CDC-NCM: avoid overflow in sanity checking
    - x86/fpu: Correct pkru/xstate inconsistency
    - tee: export teedev_open() and teedev_close_context()
    - optee: use driver internal tee_context for some rpc
    - ping: remove pr_err from ping_lookup
    - perf data: Fix double free in perf_session__delete()
    - bnx2x: fix driver load from initrd
    - bnxt_en: Fix active FEC reporting to ethtool
    - hwmon: Handle failure to register sensor with thermal zone correctly
    - bpf: Do not try bpf_msg_push_data with len 0
    - selftests: bpf: Check bpf_msg_push_data return value
    - bpf: Add schedule points in batch ops
    - io_uring: add a schedule point in io_add_buffers()
    - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
    - tipc: Fix end of loop tests for list_for_each_entry()
    - gso: do not skip outer ip header in case of ipip and net_failover
    - openvswitch: Fix setting ipv6 fields causing hw csum failure
   ...

This bug was fixed in the package linux - 5.13.0-41.46

---------------
linux (5.13.0-41.46) impish; urgency=medium

* impish/linux: 5.13.0-41.46 -proposed tracker (LP: #1969014)

* NVMe devices fail to probe due to ACPI power state change (LP: #1942624)
    - ACPI: power: Rework turning off unused power resources
    - ACPI: PM: Do not turn off power resources in unknown state

* Recent 5.13 kernel has broken KVM support (LP: #1966499)
    - KVM: Add infrastructure and macro to mark VM as bugged
    - KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM
    - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled

* LRMv6: add multi-architecture support (LP: #1968774)
    - [Packaging] resync dkms-build{,--nvidia-N}

* io_uring regression - lost write request (LP: #1952222)
    - io-wq: split bounded and unbounded work into separate lists

* xfrm interface cannot be changed anymore (LP: #1968591)
    - xfrm: fix the if_id check in changelink

* Use kernel-testing repo from launchpad for ADT tests (LP: #1968016)
    - [Debian] Use kernel-testing repo from launchpad

* vmx_ldtr_test in ubuntu_kvm_unit_tests failed (FAIL: Expected 0 for L1 LDTR
    selector (got 50)) (LP: #1956315)
    - KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit

* audio from external sound card is distorted (LP: #1966066)
    - ALSA: usb-audio: Fix packet size calculation regression

* Impish update: upstream stable patchset 2022-04-12 (LP: #1968771)
    - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
    - btrfs: tree-checker: check item_size for inode_item
    - btrfs: tree-checker: check item_size for dev_item
    - clk: jz4725b: fix mmc0 clock gating
    - vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
    - parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
    - parisc/unaligned: Fix ldw() and stw() unalignment handlers
    - KVM: x86/mmu: make apf token non-zero to fix bug
    - drm/amdgpu: disable MMHUB PG for Picasso
    - drm/i915: Correctly populate use_sagv_wm for all pipes
    - sr9700: sanity check for packet length
    - USB: zaurus: support another broken Zaurus
    - CDC-NCM: avoid overflow in sanity checking
    - x86/fpu: Correct pkru/xstate inconsistency
    - tee: export teedev_open() and teedev_close_context()
    - optee: use driver internal tee_context for some rpc
    - ping: remove pr_err from ping_lookup
    - perf data: Fix double free in perf_session__delete()
    - bnx2x: fix driver load from initrd
    - bnxt_en: Fix active FEC reporting to ethtool
    - hwmon: Handle failure to register sensor with thermal zone correctly
    - bpf: Do not try bpf_msg_push_data with len 0
    - selftests: bpf: Check bpf_msg_push_data return value
    - bpf: Add schedule points in batch ops
    - io_uring: add a schedule point in io_add_buffers()
    - net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
    - tipc: Fix end of loop tests for list_for_each_entry()
    - gso: do not skip outer ip header in case of ipip and net_failover
    - openvswitch: Fix setting ipv6 fields causing hw csum failure
    - drm/edid: Always set RGB444
    - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
    - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
    - net: ll_temac: check the return value of devm_kmalloc()
    - net: Force inlining of checksum functions in net/checksum.h
    - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
    - netfilter: nf_tables: fix memory leak during stateful obj update
    - net/smc: Use a mutex for locking "struct smc_pnettable"
    - surface: surface3_power: Fix battery readings on batteries without a serial
      number
    - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
    - net/mlx5: Fix possible deadlock on rule deletion
    - net/mlx5: Fix wrong limitation of metadata match on ecpf
    - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
    - spi: spi-zynq-qspi: Fix a NULL pointer dereference in
      zynq_qspi_exec_mem_op()
    - regmap-irq: Update interrupt clear register for proper reset
    - RDMA/rtrs-clt: Fix possible double free in error case
    - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
    - configfs: fix a race in configfs_{,un}register_subsystem()
    - RDMA/ib_srp: Fix a deadlock
    - tracing: Have traceon and traceoff trigger honor the instance
    - iio: adc: men_z188_adc: Fix a resource leak in an error handling path
    - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits
    - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot
    - iio: Fix error handling for PM
    - sc16is7xx: Fix for incorrect data being transmitted
    - ata: pata_hpt37x: disable primary channel on HPT371
    - Revert "USB: serial: ch341: add new Product ID for CH341A"
    - usb: gadget: rndis: add spinlock for rndis response list
    - tracefs: Set the group ownership in apply_options() not parse_options()
    - USB: serial: option: add support for DW5829e
    - USB: serial: option: add Telit LE910R1 compositions
    - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
    - usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
    - xhci: re-initialize the HC during resume if HCE was set
    - xhci: Prevent futile URB re-submissions due to incorrect return value.
    - driver core: Free DMA range map when device is released
    - RDMA/cma: Do not change route.addr.src_addr outside state checks
    - thermal: int340x: fix memory leak in int3400_notify()
    - riscv: fix oops caused by irqsoff latency tracer
    - tty: n_gsm: fix encoding of control signal octet bit DV
    - tty: n_gsm: fix proper link termination after failed open
    - tty: n_gsm: fix NULL pointer access due to DLCI release
    - tty: n_gsm: fix wrong tty control line for flow control
    - tty: n_gsm: fix deadlock in gsmtty_open()
    - gpio: tegra186: Fix chip_data type confusion
    - memblock: use kfree() to release kmalloced memblock regions
    - mm/filemap: Fix handling of THPs in generic_file_buffered_read()
    - cgroup-v1: Correct privileges check in release_agent writes
    - selinux: fix misuse of mutex_is_locked()
    - drm/amd/display: Protect update_bw_bounding_box FPU code.
    - drm/amdgpu: do not enable asic reset for raven2
    - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV
    - netfilter: xt_socket: fix a typo in socket_mt_destroy()
    - selftests: mptcp: fix diag instability
    - bnxt_en: Fix offline ethtool selftest with RDMA enabled
    - bnxt_en: Fix incorrect multicast rx mask setting when not requested
    - net/mlx5: Fix tc max supported prio for nic mode
    - ice: initialize local variable 'tlv'
    - net/mlx5: Update the list of the PCI supported devices
    - net: mv643xx_eth: process retval from of_get_mac_address
    - drm/vc4: crtc: Fix runtime_pm reference counting
    - netfilter: nf_tables: unregister flowtable hooks on netns exit
    - net/mlx5: DR, Cache STE shadow memory
    - ibmvnic: schedule failover only if vioctl fails
    - net/mlx5: DR, Don't allow match on IP w/o matching on full
      ethertype/ip_version
    - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated
    - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
    - net/mlx5: Update log_max_qp value to be 17 at most
    - tracing: Dump stacktrace trigger to the corresponding instance
    - usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail
    - nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios property
    - mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios property
    - staging: fbtft: fb_st7789v: reset display before initialization
    - tps6598x: clear int mask on probe failure
    - riscv: fix nommu_k210_sdcard_defconfig
    - tty: n_gsm: fix wrong modem processing in convergence layer type 2
    - pinctrl: fix loop in k210_pinconf_get_drive()
    - pinctrl: k210: Fix bias-pull-up
    - ice: Fix race conditions between virtchnl handling and VF ndo ops
    - ice: fix concurrent reset and removal of VFs

* Impish update: upstream stable patchset 2022-04-07 (LP: #1968223)
    - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence
    - mm: memcg: synchronize objcg lists with a dedicated spinlock
    - fs/proc: task_mmu.c: don't read mapcount for migration entry
    - scsi: lpfc: Fix mailbox command failure during driver initialization
    - HID:Add support for UGTABLET WP5540
    - Revert "svm: Add warning message for AVIC IPI invalid target"
    - serial: parisc: GSC: fix build when IOSAPIC is not set
    - parisc: Drop __init from map_pages declaration
    - parisc: Fix data TLB miss in sba_unmap_sg
    - parisc: Fix sglist access in ccio-dma.c
    - mmc: block: fix read single on recovery logic
    - mm: don't try to NUMA-migrate COW pages that have other uses
    - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA
      topology
    - parisc: Add ioread64_lo_hi() and iowrite64_lo_hi()
    - btrfs: send: in case of IO error log it
    - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1
    - platform/x86: ISST: Fix possible circular locking dependency detected
    - selftests: rtc: Increase test timeout so that all tests run
    - kselftest: signal all child processes
    - net: ieee802154: at86rf230: Stop leaking skb's
    - selftests/zram: Skip max_comp_streams interface on newer kernel
    - selftests/zram01.sh: Fix compression ratio calculation
    - selftests/zram: Adapt the situation that /dev/zram0 is being used
    - selftests: openat2: Print also errno in failure messages
    - selftests: openat2: Add missing dependency in Makefile
    - selftests: openat2: Skip testcases that fail with EOPNOTSUPP
    - selftests: skip mincore.check_file_mmap when fs lacks needed support
    - ax25: improve the incomplete fix to avoid UAF and NPD bugs
    - vfs: make freeze_super abort when sync_filesystem returns error
    - quota: make dquot_quota_sync return errors from ->sync_fs
    - scsi: pm8001: Fix use-after-free for aborted TMF sas_task
    - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
    - nvme: fix a possible use-after-free in controller reset during load
    - nvme-tcp: fix possible use-after-free in transport error_recovery work
    - nvme-rdma: fix possible use-after-free in transport error_recovery work
    - drm/amdgpu: fix logic inversion in check
    - x86/Xen: streamline (and fix) PV CPU enumeration
    - Revert "module, async: async_synchronize_full() on module init iff async is
      used"
    - gcc-plugins/stackleak: Use noinstr in favor of notrace
    - random: wake up /dev/random writers after zap
    - iwlwifi: fix use-after-free
    - drm/radeon: Fix backlight control on iMac 12,1
    - drm/i915/opregion: check port number bounds for SWSCI display power state
    - vsock: remove vsock from connected table when connect is interrupted by a
      signal
    - drm/i915/gvt: Make DRM_I915_GVT depend on X86
    - iwlwifi: pcie: fix locking when "HW not ready"
    - iwlwifi: pcie: gen2: fix locking when "HW not ready"
    - selftests: netfilter: fix exit value for nft_concat_range
    - netfilter: nft_synproxy: unregister hooks on init error path
    - ipv6: per-netns exclusive flowlabel checks
    - net: dsa: lan9303: fix reset on probe
    - net: dsa: lantiq_gswip: fix use after free in gswip_remove()
    - net: ieee802154: ca8210: Fix lifs/sifs periods
    - ping: fix the dif and sdif check in ping_lookup
    - bonding: force carrier update when releasing slave
    - drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
    - net_sched: add __rcu annotation to netdev->qdisc
    - bonding: fix data-races around agg_select_timer
    - libsubcmd: Fix use-after-free for realloc(..., 0)
    - dpaa2-eth: Initialize mutex used in one step timestamping path
    - perf bpf: Defer freeing string after possible strlen() on it
    - selftests/exec: Add non-regular to TEST_GEN_PROGS
    - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019
    - ALSA: hda/realtek: Fix deadlock by COEF mutex
    - ALSA: hda: Fix regression on forced probe mask option
    - ALSA: hda: Fix missing codec probe on Shenker Dock 15
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
    - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
    - powerpc/lib/sstep: fix 'ptesync' build error
    - mtd: rawnand: gpmi: don't leak PM reference in error path
    - ASoC: tas2770: Insert post reset delay
    - block/wbt: fix negative inflight counter when remove scsi device
    - NFS: LOOKUP_DIRECTORY is also ok with symlinks
    - NFS: Do not report writeback errors in nfs_getattr()
    - tty: n_tty: do not look ahead for EOL character past the end of the buffer
    - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
    - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
    - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
    - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
    - KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating a perf event
    - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
    - ARM: OMAP2+: hwmod: Add of_node_put() before break
    - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of
    - phy: usb: Leave some clocks running during suspend
    - irqchip/sifive-plic: Add missing thead,c900-plic match string
    - netfilter: conntrack: don't refresh sctp entries in closed state
    - arm64: dts: meson-gx: add ATF BL32 reserved-memory region
    - arm64: dts: meson-g12: add ATF BL32 reserved-memory region
    - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
    - pidfd: fix test failure due to stack overflow on some arches
    - selftests: fixup build warnings in pidfd / clone3 tests
    - kconfig: let 'shell' return enough output for deep path names
    - ata: libata-core: Disable TRIM on M88V29
    - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases
    - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
    - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
    - tracing: Fix tp_printk option related with tp_printk_stop_on_boot
    - net: usb: qmi_wwan: Add support for Dell DW5829e
    - net: macb: Align the dma and coherent dma masks
    - kconfig: fix failing to generate auto.conf
    - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
    - EDAC: Fix calculation of returned address and next offset in
      edac_align_ptr()
    - net: sched: limit TC_ACT_REPEAT loops
    - dmaengine: sh: rcar-dmac: Check for error num after setting mask
    - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in
      stm32_dmamux_probe
    - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
    - i2c: qcom-cci: don't delete an unregistered adapter
    - i2c: qcom-cci: don't put a device tree node before i2c_add_adapter()
    - copy_process(): Move fd_install() out of sighand->siglock critical section
    - i2c: brcmstb: fix support for DSL and CM variants
    - lockdep: Correct lock_classes index mapping
    - btrfs: zoned: cache reported zone during mount
    - HID: amd_sfh: Add illuminance mask to limit ALS max value
    - HID: amd_sfh: Correct the structure field name
    - KVM: x86/xen: Fix runstate updates to be atomic when preempting vCPU
    - drm/i915: Fix dbuf slice config lookup
    - drm/cma-helper: Set VM_DONTEXPAND for mmap
    - selftests: netfilter: disable rp_filter on router
    - ipv4: fix data races in fib_alias_hw_flags_set
    - ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt
    - ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
    - mac80211: mlme: check for null after calling kmemdup
    - cfg80211: fix race in netlink owner interface destruction
    - net/smc: Avoid overwriting the copies of clcsock callback functions
    - tipc: fix wrong publisher node address in link publications
    - net: bridge: multicast: notify switchdev driver whenever MC processing gets
      disabled
    - arm64: Correct wrong label in macro __init_el2_gicv3
    - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra
    - cifs: fix set of group SID via NTSD xattrs
    - powerpc/603: Fix boot failure with DEBUG_PAGEALLOC and KFENCE
    - smb3: fix snapshot mount option
    - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked()
    - mtd: parsers: qcom: Fix kernel panic on skipped partition
    - mtd: parsers: qcom: Fix missing free for pparts in cleanup
    - mtd: phram: Prevent divide by zero bug in phram_setup()
    - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get
    - tests: fix idmapped mount_setattr test
    - ice: enable parsing IPSEC SPI headers for RSS

* Impish update: upstream stable patchset 2022-03-31 (LP: #1967439)
    - integrity: check the return value of audit_log_start()
    - ima: Remove ima_policy file before directory
    - ima: Allow template selection with ima_template[_fmt]= after ima_hash=
    - mmc: sdhci-of-esdhc: Check for error num after setting mask
    - can: isotp: fix potential CAN frame reception race in isotp_rcv()
    - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
    - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
    - NFS: Fix initialisation of nfs_client cl_flags field
    - NFSD: Clamp WRITE offsets
    - NFSD: Fix offset type in I/O trace points
    - tracing: Propagate is_signed to expression
    - NFS: change nfs_access_get_cached to only report the mask
    - NFSv4 only print the label when its queried
    - nfs: nfs4clinet: check the return value of kstrdup()
    - NFSv4.1: Fix uninitialised variable in devicenotify
    - NFSv4 remove zero number of fs_locations entries error check
    - NFSv4 expose nfs_parse_server_name function
    - NFSv4 handle port presence in fs_location server string
    - x86/perf: Avoid warning for Arch LBR without XSAVE
    - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
    - net: sched: Clarify error message when qdisc kind is unknown
    - powerpc/fixmap: Fix VM debug warning on unmap
    - scsi: target: iscsi: Make sure the np under each tpg is unique
    - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup()
    - scsi: qedf: Add stag_work to all the vports
    - scsi: qedf: Fix refcount issue when LOGO is received during TMF
    - scsi: pm8001: Fix bogus FW crash for maxcpus=1
    - scsi: ufs: Treat link loss as fatal error
    - scsi: myrs: Fix crash in error case
    - PM: hibernate: Remove register_nosave_region_late()
    - usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
    - perf: Always wake the parent event
    - nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs
    - net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
    - KVM: eventfd: Fix false positive RCU usage warning
    - KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
    - KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS
    - KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
    - KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow
    - riscv: fix build with binutils 2.38
    - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
    - ARM: dts: Fix boot regression on Skomer
    - ARM: socfpga: fix missing RESET_CONTROLLER
    - nvme-tcp: fix bogus request completion when failing to send AER
    - ACPI/IORT: Check node revision for PMCG resources
    - drm/rockchip: vop: Correct RK3399 VOP register fields
    - ARM: dts: Fix timer regression for beagleboard revision c
    - ARM: dts: meson: Fix the UART compatible strings
    - ARM: dts: meson8: Fix the UART device-tree schema validation
    - ARM: dts: meson8b: Fix the UART device-tree schema validation
    - staging: fbtft: Fix error path in fbtft_driver_module_init()
    - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
    - phy: xilinx: zynqmp: Fix bus width setting for SGMII
    - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo
    - usb: f_fs: Fix use-after-free for epfile
    - gpio: aggregator: Fix calling into sleeping GPIO controllers
    - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd.
    - misc: fastrpc: avoid double fput() on failed usercopy
    - netfilter: ctnetlink: disable helper autoassign
    - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133'
    - ixgbevf: Require large buffers for build_skb on 82599VF
    - drm/panel: simple: Assign data from panel_dpi_probe() correctly
    - gpio: sifive: use the correct register to read output values
    - bonding: pair enable_port with slave_arr_updates
    - net: dsa: mv88e6xxx: don't use devres for mdiobus
    - net: dsa: ar9331: register the mdiobus under devres
    - net: dsa: bcm_sf2: don't use devres for mdiobus
    - net: dsa: felix: don't use devres for mdiobus
    - net: dsa: lantiq_gswip: don't use devres for mdiobus
    - ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
    - nfp: flower: fix ida_idx not being released
    - net: do not keep the dst cache when uncloning an skb dst and its metadata
    - net: fix a memleak when uncloning an skb dst and its metadata
    - veth: fix races around rq->rx_notify_masked
    - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
    - tipc: rate limit warning for received illegal binding update
    - net: amd-xgbe: disable interrupts during pci removal
    - dpaa2-eth: unregister the netdev before disconnecting from the PHY
    - ice: fix an error code in ice_cfg_phy_fec()
    - ice: fix IPIP and SIT TSO offload
    - net: mscc: ocelot: fix mutex lock error during ethtool stats read
    - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
    - vt_ioctl: fix array_index_nospec in vt_setactivate
    - vt_ioctl: add array_index_nospec to VT_ACTIVATE
    - n_tty: wake up poll(POLLRDNORM) on receiving data
    - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
    - usb: dwc2: drd: fix soft connect when gadget is unconfigured
    - Revert "usb: dwc2: drd: fix soft connect when gadget is unconfigured"
    - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
    - usb: ulpi: Move of_node_put to ulpi_dev_release
    - usb: ulpi: Call of_node_put correctly
    - usb: dwc3: gadget: Prevent core from processing stale TRBs
    - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
    - USB: gadget: validate interface OS descriptor requests
    - usb: gadget: rndis: check size of RNDIS_MSG_SET command
    - usb: gadget: f_uac2: Define specific wTerminalType
    - usb: raw-gadget: fix handling of dual-direction-capable endpoints
    - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
    - USB: serial: option: add ZTE MF286D modem
    - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
    - USB: serial: cp210x: add NCR Retail IO box id
    - USB: serial: cp210x: add CPI Bulk Coin Recycler id
    - speakup-dectlk: Restore pitch setting
    - phy: ti: Fix missing sentinel for clk_div_table
    - hwmon: (dell-smm) Speed up setting of fan speed
    - Makefile.extrawarn: Move -Wunaligned-access to W=1
    - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue
    - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
    - scsi: lpfc: Reduce log messages seen after firmware download
    - arm64: dts: imx8mq: fix lcdif port node
    - perf: Fix list corruption in perf_cgroup_switch()
    - iommu: Fix potential use-after-free during probe
    - ima: fix reference leak in asymmetric_verify()
    - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
    - NFSD: Fix ia_size underflow
    - NFSD: Fix the behavior of READ near OFFSET_MAX
    - NFSv4 store server support for fs_location attribute
    - NFSv4.1 query for fs_location attr on a new file system
    - perf/x86/rapl: fix AMD event handling
    - sched: Avoid double preemption in __cond_resched_*lock*()
    - drm/vc4: Fix deadlock on DSI device attach error
    - scsi: qedf: Change context reset messages to ratelimited
    - net: stmmac: reduce unnecessary wakeups from eee sw timer
    - MIPS: Fix build error due to PTR used in more places
    - KVM: x86: Report deprecated x87 features in supported CPUID
    - riscv: cpu-hotplug: clear cpu from numa map when teardown
    - riscv: eliminate unreliable __builtin_frame_address(1)
    - gfs2: Fix gfs2_release for non-writers regression
    - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option
    - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable()
    - phy: dphy: Correct clk_pre parameter
    - NFS: Don't overfill uncached readdir pages
    - NFS: Don't skip directory entries when doing uncached readdir
    - gpiolib: Never return internal error codes to user space
    - fbcon: Avoid 'cap' set but not used warning
    - drm/amd/pm: fix hwmon node of power1_label create issue
    - mptcp: netlink: process IPv6 addrs in creating listening sockets
    - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL
    - seccomp: Invalidate seccomp mode to catch death failures
    - x86/sgx: Silence softlockup detection when releasing large enclaves

* Impish update: upstream stable patchset 2022-03-22 (LP: #1966021)
    - selinux: fix double free of cond_list on error paths
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
    - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
    - ALSA: usb-audio: Correct quirk for VF0770
    - ALSA: hda: Fix UAF of leds class devs at unbinding
    - ALSA: hda: realtek: Fix race at concurrent COEF updates
    - ALSA: hda/realtek: Add quirk for ASUS GU603
    - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220
      quirks
    - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer
      chipset)
    - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after
      reboot from Windows
    - btrfs: fix deadlock between quota disable and qgroup rescan worker
    - drm/nouveau: fix off by one in BIOS boundary checking
    - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina
      panels
    - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
    - mm/debug_vm_pgtable: remove pte entry from the page table
    - mm/pgtable: define pte_index so that preprocessor could recognize it
    - mm/kmemleak: avoid scanning potential huge holes
    - block: bio-integrity: Advance seed correctly for larger interval sizes
    - dma-buf: heaps: Fix potential spectre v1 gadget
    - IB/hfi1: Fix AIP early init panic
    - memcg: charge fs_context and legacy_fs_context
    - RDMA/cma: Use correct address when leaving multicast group
    - RDMA/ucma: Protect mc during concurrent multicast leaves
    - IB/rdmavt: Validate remote_addr during loopback atomic tests
    - RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
    - RDMA/mlx4: Don't continue event handler after memory allocation failure
    - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
    - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
    - spi: bcm-qspi: check for valid cs before applying chip select
    - spi: mediatek: Avoid NULL pointer crash in interrupt
    - spi: meson-spicc: add IRQ check in meson_spicc_probe
    - spi: uniphier: fix reference count leak in uniphier_spi_probe()
    - net: ieee802154: hwsim: Ensure proper channel selection at probe time
    - net: ieee802154: mcr20a: Fix lifs/sifs periods
    - net: ieee802154: ca8210: Stop leaking skb's
    - net: ieee802154: Return meaningful error codes from the netlink helpers
    - net: macsec: Fix offload support for NETDEV_UNREGISTER event
    - net: macsec: Verify that send_sci is on when setting Tx sci explicitly
    - net: stmmac: dump gmac4 DMA registers correctly
    - net: stmmac: ensure PTP time register reads are consistent
    - drm/i915/overlay: Prevent divide by zero bugs in scaling
    - ASoC: fsl: Add missing error handling in pcm030_fabric_probe
    - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
    - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
    - ASoC: max9759: fix underflow in speaker_gain_control_put()
    - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line
    - pinctrl: intel: fix unexpected interrupt
    - pinctrl: bcm2835: Fix a few error paths
    - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
    - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
    - gve: fix the wrong AdminQ buffer queue index check
    - bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
    - selftests/exec: Remove pipe from TEST_GEN_FILES
    - selftests: futex: Use variable MAKE instead of make
    - tools/resolve_btfids: Do not print any commands when building silently
    - rtc: cmos: Evaluate century appropriate
    - Revert "fbcon: Disable accelerated scrolling"
    - updateconfigs for FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION
    - fbcon: Add option to enable legacy hardware acceleration
    - perf stat: Fix display of grouped aliased events
    - perf/x86/intel/pt: Fix crash with stop filters in single-range mode
    - x86/perf: Default set FREEZE_ON_SMI for all
    - EDAC/altera: Fix deferred probing
    - EDAC/xgene: Fix deferred probing
    - ext4: prevent used blocks from being allocated during fast commit replay
    - ext4: modify the logic of ext4_mb_new_blocks_simple
    - ext4: fix error handling in ext4_restore_inline_data()
    - ext4: fix error handling in ext4_fc_record_modified_inode()
    - ext4: fix incorrect type issue during replay_del_range
    - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
    - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
    - selftests: nft_concat_range: add test for reload with no element add/del
    - drm/i915: Disable DSB usage for now
    - btrfs: don't start transaction for scrub if the fs is mounted read-only
    - btrfs: fix use-after-free after failure to create a snapshot
    - Revert "fs/9p: search open fids first"
    - mptcp: fix msk traversal in mptcp_nl_cmd_set_flags()
    - KVM: arm64: Avoid consuming a stale esr value when SError occur
    - KVM: arm64: Stop handle_exit() from handling HVC twice when an SError occurs
    - ALSA: usb-audio: initialize variables that could ignore errors
    - ALSA: hda: Skip codec shutdown in case the codec is not registered
    - IB/hfi1: Fix tstats alloc and dealloc
    - IB/cm: Release previously acquired reference counter in the cm_id_priv
    - netfilter: nft_reject_bridge: Fix for missing reply from prerouting
    - net/smc: Forward wakeup to smc socket waitqueue after fallback
    - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected
      speed request.
    - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove()
    - drm/kmb: Fix for build errors with Warray-bounds
    - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled
    - ASoC: simple-card: fix probe failure on platform component
    - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets
    - pinctrl: sunxi: Fix H616 I2S3 pin data
    - kvm: add guest_state_{enter,exit}_irqoff()
    - kvm/arm64: rework guest entry logic
    - perf: Copy perf_event_attr::sig_data on modification
    - tools include UAPI: Sync sound/asound.h copy with the kernel sources
    - gpio: mpc8xxx: Fix an ignored error return from platform_get_irq()
    - selftests: netfilter: check stateless nat udp checksum fixup
    - moxart: fix potential use-after-free on remove path
    - crypto: api - Move cryptomgr soft dependency into algapi

* Impish update: upstream stable patchset 2022-03-18 (LP: #1965589)
    - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
    - net: ipa: use a bitmap for endpoint replenish_enabled
    - net: ipa: prevent concurrent replenish
    - KVM: x86: Forcibly leave nested virt when SMM state is toggled
    - net/mlx5e: Fix handling of wrong devices during bond netevent
    - net/mlx5: Use del_timer_sync in fw reset flow of halting poll
    - net/mlx5: E-Switch, Fix uninitialized variable modact
    - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
    - net: amd-xgbe: ensure to reset the tx_timer_active flag
    - net: amd-xgbe: Fix skb data length underflow
    - fanotify: Fix stale file descriptor in copy_event_to_user()
    - rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
    - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
    - af_packet: fix data-race in packet_setsockopt / packet_setsockopt
    - tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data()
    - selftests: mptcp: fix ipv6 routing setup
    - net/mlx5e: Fix module EEPROM query
    - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
    - net/mlx5e: Don't treat small ceil values as unlimited in HTB offload
    - i40e: Fix reset path while removing the driver

* CVE-2022-27223
    - USB: gadget: validate endpoint index for xilinx udc

* CVE-2022-26490
    - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION

* CVE-2021-26401
    - x86/speculation: Use generic retpoline by default on AMD
    - x86/speculation: Update link to AMD speculation whitepaper
    - x86/speculation: Warn about Spectre v2 LFENCE mitigation
    - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT

* CVE-2022-0001
    - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation
      reporting

* USB devices not detected during boot on USB 3.0 hubs (LP: #1968210)
    - SAUCE: Revert "Revert "xhci: Set HCD flag to defer primary roothub
      registration""
    - SAUCE: Revert "Revert "usb: core: hcd: Add support for deferring roothub
      registration""

-- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Thu, 14 Apr 2022 18:38:58 +0200

Changed in linux (Ubuntu Impish):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-06-01:

#23

This bug is awaiting verification that the linux-intel-5.13/5.13.0-1012.12 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-focal

Ubuntu
linux package

Recent 5.13 kernel has broken KVM support

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Impish	Fix Released	High	Po-Hsu Lin
Jammy	Fix Released	Undecided	Unassigned

Ubuntulinux package

Recent 5.13 kernel has broken KVM support

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package