Bug #1983357 “test_021_aslr_dapper_libs from ubuntu_qrt_kernel_s...” : Bugs : ubuntu-kernel-tests

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2022-08-02: Missing required logs.

#1

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1983357

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-08-24: Re: test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 AMD64

#2

This test is trying to call a compiled binary "aslr32" and execute:
./aslr32 libs --verbose

If you try to call it from the script, it will fail, however if you run the binary directly it will be good:

ubuntu@harpo:~/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts$ sudo python2 ./test-kernel-security.py -v KernelSecurityTest.test_021_aslr_dapper_libs
Running test: './test-kernel-security.py' distro: 'Ubuntu 22.10' kernel: '5.19.0-15.15 (Ubuntu 5.19.0-15.15-generic 5.19.0)' arch: 'amd64' uid: 0/0 SUDO_USER: 'ubuntu')
test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
ASLR of libs ... (default libs native) (default libs native rekey) (default libs COMPAT) FAIL

======================================================================
FAIL: test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
ASLR of libs
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1782, in test_021_aslr_dapper_libs
    self._test_aslr('libs', expected)
  File "./test-kernel-security.py", line 1739, in _test_aslr
    self._test_aslr_all(area, expected, "default %s" % area)
  File "./test-kernel-security.py", line 1732, in _test_aslr_all
    self._test_aslr_exec(area, expected, target, name)
  File "./test-kernel-security.py", line 1715, in _test_aslr_exec
    self.assertShellExitEquals(aslr_expected, ["./%s" % (target), area, "--verbose"], msg="%s:\n" % name)
  File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py", line 1203, in assertShellExitEquals
    self.assertEqual(expected, rc, msg + result + report)
AssertionError: default libs COMPAT:
Got exit code 1, expected 0
Command: './aslr32', 'libs', '--verbose'
Output:
Checking ASLR of libs:
0xf7c81790
0xf7c81790
0xf7c81790
FAIL: ASLR not functional (libs always at 0xf7c81790)

----------------------------------------------------------------------
Ran 1 test in 0.589s

FAILED (failures=1)
ubuntu@harpo:~/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts$ sudo ./kernel-security/aslr/aslr libs --verbose
Checking ASLR of libs:
0x007fb495c907c0
0x007f674ea907c0
0x007f0e0fe907c0
ok: ASLR of libs functional

This test is trying to call a compiled binary "aslr32" and execute:
./aslr32 libs --verbose

If you try to call it from the script, it will fail, however if you run the binary directly it will be good:

ubuntu@harpo:~/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts$ sudo python2 ./test-kernel-security.py -v KernelSecurityTest.test_021_aslr_dapper_libs
Running test: './test-kernel-security.py' distro: 'Ubuntu 22.10' kernel: '5.19.0-15.15 (Ubuntu 5.19.0-15.15-generic 5.19.0)' arch: 'amd64' uid: 0/0 SUDO_USER: 'ubuntu')
test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
ASLR of libs ... (default libs native) (default libs native rekey) (default libs COMPAT) FAIL

======================================================================
FAIL: test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
ASLR of libs
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1782, in test_021_aslr_dapper_libs
    self._test_aslr('libs', expected)
  File "./test-kernel-security.py", line 1739, in _test_aslr
    self._test_aslr_all(area, expected, "default %s" % area)
  File "./test-kernel-security.py", line 1732, in _test_aslr_all
    self._test_aslr_exec(area, expected, target, name)
  File "./test-kernel-security.py", line 1715, in _test_aslr_exec
    self.assertShellExitEquals(aslr_expected, ["./%s" % (target), area, "--verbose"], msg="%s:\n" % name)
  File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py", line 1203, in assertShellExitEquals
    self.assertEqual(expected, rc, msg + result + report)
AssertionError: default libs COMPAT:
Got exit code 1, expected 0
Command: './aslr32', 'libs', '--verbose'
Output:
Checking ASLR of libs:
	0xf7c81790
	0xf7c81790
	0xf7c81790
FAIL: ASLR not functional (libs always at 0xf7c81790)

----------------------------------------------------------------------
Ran 1 test in 0.589s

FAILED (failures=1)
ubuntu@harpo:~/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts$ sudo ./kernel-security/aslr/aslr libs --verbose
Checking ASLR of libs:
	0x007fb495c907c0
	0x007f674ea907c0
	0x007f0e0fe907c0
ok: ASLR of libs functional

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-08-24:

#3

For comment #2, I misread the output, it's actually calling aslr32 instead of aslr, and no it's not working with running the binary directly

ubuntu@harpo:~/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/kernel-security/aslr$ sudo ./aslr32 libs --verbose
Checking ASLR of libs:
0xf7c81790
0xf7c81790
0xf7c81790
FAIL: ASLR not functional (libs always at 0xf7c81790)

Revision history for this message

Paolo Pisati (p-pisati) wrote on 2022-08-24:

#4

Some instances, show the same issue with test_021_aslr_dapper_mmap

FAIL: test_021_aslr_dapper_mmap (__main__.KernelSecurityTest)
ASLR of mmap

Traceback (most recent call last):
File "./test-kernel-security.py", line 1755, in test_021_aslr_dapper_mmap
  self._test_aslr('mmap', expected)
File "./test-kernel-security.py", line 1727, in _test_aslr
  self._test_aslr_all(area, expected, "default %s" % area)
File "./test-kernel-security.py", line 1720, in _test_aslr_all
  self._test_aslr_exec(area, expected, target, name)
File "./test-kernel-security.py", line 1703, in _test_aslr_exec
  self.assertShellExitEquals(aslr_expected, ["./%s" % (target), area, "--verbose"], msg="%s:\n" % name)
File "/home/ubuntu/autotest/client/tmp/ubuntu_qrt_kernel_security/src/qa-regression-testing/scripts/testlib.py", line 1203, in assertShellExitEquals
  self.assertEqual(expected, rc, msg + result + report)
AssertionError: default mmap COMPAT:
Got exit code 1, expected 0
Command: './aslr32', 'mmap', '--verbose'
Output:
Checking ASLR of mmap:
  0xf7aff010
  0xf7aff010
  0xf7aff010
ASLR not functional (mmap always at 0xf7aff010)

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2022-09-05 (last edit on 2022-09-05):

#5

This issue, test_021_aslr_dapper_libs failure, can be found on J-oem-6.0.0-1002.2 as well.

Changed in linux (Ubuntu Jammy):
status:	New → Invalid
Changed in linux-oem-6.0 (Ubuntu Kinetic):
status:	New → Invalid
summary:	test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on - K-5.19 AMD64 + K-5.19 / J-OEM-6.0 AMD64

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2023-01-05: Re: test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.0 AMD64

#6

This issue can be found on J-nvidia-5.19/5.19.0-1002.2 with node blanka.

tags:

added: jammy

Timo Aaltonen (tjaalton) on 2023-03-07

affects:	linux-oem-6.0 (Ubuntu) → linux-oem-6.1 (Ubuntu)
summary:	test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on - K-5.19 / J-OEM-6.0 AMD64 + K-5.19 / J-OEM-6.1 AMD64

Roxana Nicolescu (roxanan) on 2023-05-08

tags:

added: kernel-adt-failure sru-20230417

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2023-07-04: Re: test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.1 AMD64

#7

This issue can be found on J-azure-6.2 AMD64 as well.

tags:	added: 6.2
tags:	added: sru-20230515
summary:	test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on - K-5.19 / J-OEM-6.1 AMD64 + K-5.19 / J-OEM-6.1 / J-6.2 AMD64

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2023-10-19:

#8

aslr32 libs regressed because of upstream commit 1854bc6e2420 ("mm/readahead: Align file mappings for non-DAX").

Some filesystems mmap will try to align the address by the size and when glibc loaded maps the ELF file, a randomized address will be chosen but then aligned to the PMD size (21 bits on x86). Given we default to randomizing 8 bits of the address on 32-bit programs on x86 and the page size of 4096, we end up clearing the random bits when that alignment is done.

There are a couple of paths here:

1) revert that upstream commit, losing optimization on transparent huge pages due to the PMD aligment for every file mapped by either 32-bit of 64-bit programs;
2) do not align for 32-bit programs. I don't expect code to be maintainable here.
3) increase the default random bits for 32-bit programs to 16 (the x86 maximum) and other sensible values on other platforms (arm64 and ppc64el), which has the potential of breaking a few programs, specially ones that require "too much memory", but those should be using 64-bit if that is really needed;
4) ignore the issue and leave 32-bit programs vulnerable to attacks.

Given the alternative of leaving programs vulnerable, I would rather experimenting with changing the default (option 3). The option is tunable anyway and users should be able to change the setting if necessary. We could also consider making the behavior tunable and we actually have THP as a setting, so could as well use it.

Cascardo.

Revision history for this message

Steve Beattie (sbeattie) wrote on 2023-10-26:

#9

Thanks for investigating this, Cascardo. I agree that option 3 is likely the best path forward, either via changing our kernel config defaults or adjusting the sysctl defaults via the procps package. For reference the adjustable sysctl setting is vm.mmap_rnd_compat_bits.

Thadeu Lima de Souza Cascardo (cascardo) on 2023-10-26

Changed in ubuntu-kernel-tests:
status:	New → Invalid
Changed in qa-regression-testing:
status:	New → Invalid
Changed in linux (Ubuntu):
status:	Incomplete → Fix Committed
Changed in linux (Ubuntu Kinetic):
status:	Incomplete → Invalid
Changed in linux (Ubuntu Mantic):
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
importance:	Undecided → Medium
status:	New → Confirmed
Changed in linux (Ubuntu Lunar):
assignee:	nobody → Thadeu Lima de Souza Cascardo (cascardo)
importance:	Undecided → Medium
status:	New → Confirmed

Revision history for this message

Thadeu Lima de Souza Cascardo (cascardo) wrote on 2023-10-26:

#10

Hey, Steve, we have applied this on linux-unstable, and will let it sit there for a bit before we try this on mantic and lunar. I took the opportunity and raised all values to the max, including the non-compat ones. That should recover some of the bits we lost due to this PMD alignment.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-01-04:

#11

Download full text (32.3 KiB)

This bug was fixed in the package linux - 6.6.0-14.14

---------------
linux (6.6.0-14.14) noble; urgency=medium

* noble/linux: 6.6.0-14.14 -proposed tracker (LP: #2045243)

  * Noble update: v6.6.3 upstream stable release (LP: #2045244)
    - locking/ww_mutex/test: Fix potential workqueue corruption
    - btrfs: abort transaction on generation mismatch when marking eb as dirty
    - lib/generic-radix-tree.c: Don't overflow in peek()
    - x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN
    - perf/core: Bail out early if the request AUX area is out of bound
    - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
    - selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
    - clocksource/drivers/timer-imx-gpt: Fix potential memory leak
    - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
    - srcu: Only accelerate on enqueue time
    - smp,csd: Throw an error if a CSD lock is stuck for too long
    - cpu/hotplug: Don't offline the last non-isolated CPU
    - workqueue: Provide one lock class key per work_on_cpu() callsite
    - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
    - wifi: plfxlc: fix clang-specific fortify warning
    - wifi: ath12k: Ignore fragments from uninitialized peer in dp
    - wifi: mac80211_hwsim: fix clang-specific fortify warning
    - wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
    - atl1c: Work around the DMA RX overflow issue
    - bpf: Detect IP == ksym.end as part of BPF program
    - wifi: ath9k: fix clang-specific fortify warnings
    - wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
    - wifi: ath10k: fix clang-specific fortify warning
    - wifi: ath12k: fix possible out-of-bound write in
      ath12k_wmi_ext_hal_reg_caps()
    - ACPI: APEI: Fix AER info corruption when error status data has multiple
      sections
    - net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
    - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
    - wifi: mt76: fix clang-specific fortify warnings
    - net: annotate data-races around sk->sk_tx_queue_mapping
    - net: annotate data-races around sk->sk_dst_pending_confirm
    - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register()
    - wifi: ath10k: Don't touch the CE interrupt registers after power up
    - net: sfp: add quirk for FS's 2.5G copper SFP
    - vsock: read from socket's error queue
    - bpf: Ensure proper register state printing for cond jumps
    - wifi: iwlwifi: mvm: fix size check for fw_link_id
    - Bluetooth: btusb: Add date->evt_skb is NULL check
    - Bluetooth: Fix double free in hci_conn_cleanup
    - ACPI: EC: Add quirk for HP 250 G7 Notebook PC
    - tsnep: Fix tsnep_request_irq() format-overflow warning
    - gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
    - platform/chrome: kunit: initialize lock for fake ec_dev
    - of: address: Fix address translation when address-size is greater than 2
    - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
    - drm/gma500: Fix call trace when psb_gem_mm_init() fails
    - drm/amdkfd: rateli...

This bug was fixed in the package linux - 6.6.0-14.14

---------------
linux (6.6.0-14.14) noble; urgency=medium

* noble/linux: 6.6.0-14.14 -proposed tracker (LP: #2045243)

* Noble update: v6.6.3 upstream stable release (LP: #2045244)
    - locking/ww_mutex/test: Fix potential workqueue corruption
    - btrfs: abort transaction on generation mismatch when marking eb as dirty
    - lib/generic-radix-tree.c: Don't overflow in peek()
    - x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN
    - perf/core: Bail out early if the request AUX area is out of bound
    - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
    - selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
    - clocksource/drivers/timer-imx-gpt: Fix potential memory leak
    - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
    - srcu: Only accelerate on enqueue time
    - smp,csd: Throw an error if a CSD lock is stuck for too long
    - cpu/hotplug: Don't offline the last non-isolated CPU
    - workqueue: Provide one lock class key per work_on_cpu() callsite
    - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
    - wifi: plfxlc: fix clang-specific fortify warning
    - wifi: ath12k: Ignore fragments from uninitialized peer in dp
    - wifi: mac80211_hwsim: fix clang-specific fortify warning
    - wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
    - atl1c: Work around the DMA RX overflow issue
    - bpf: Detect IP == ksym.end as part of BPF program
    - wifi: ath9k: fix clang-specific fortify warnings
    - wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
    - wifi: ath10k: fix clang-specific fortify warning
    - wifi: ath12k: fix possible out-of-bound write in
      ath12k_wmi_ext_hal_reg_caps()
    - ACPI: APEI: Fix AER info corruption when error status data has multiple
      sections
    - net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
    - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
    - wifi: mt76: fix clang-specific fortify warnings
    - net: annotate data-races around sk->sk_tx_queue_mapping
    - net: annotate data-races around sk->sk_dst_pending_confirm
    - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register()
    - wifi: ath10k: Don't touch the CE interrupt registers after power up
    - net: sfp: add quirk for FS's 2.5G copper SFP
    - vsock: read from socket's error queue
    - bpf: Ensure proper register state printing for cond jumps
    - wifi: iwlwifi: mvm: fix size check for fw_link_id
    - Bluetooth: btusb: Add date->evt_skb is NULL check
    - Bluetooth: Fix double free in hci_conn_cleanup
    - ACPI: EC: Add quirk for HP 250 G7 Notebook PC
    - tsnep: Fix tsnep_request_irq() format-overflow warning
    - gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
    - platform/chrome: kunit: initialize lock for fake ec_dev
    - of: address: Fix address translation when address-size is greater than 2
    - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
    - drm/gma500: Fix call trace when psb_gem_mm_init() fails
    - drm/amdkfd: ratelimited SQ interrupt messages
    - drm/komeda: drop all currently held locks if deadlock happens
    - drm/amd/display: Blank phantom OTG before enabling
    - drm/amd/display: Don't lock phantom pipe on disabling
    - drm/amd/display: add seamless pipe topology transition check
    - drm/edid: Fixup h/vsync_end instead of h/vtotal
    - md: don't rely on 'mddev->pers' to be set in mddev_suspend()
    - drm/amdgpu: not to save bo in the case of RAS err_event_athub
    - drm/amdkfd: Fix a race condition of vram buffer unref in svm code
    - drm/amdgpu: update retry times for psp vmbx wait
    - drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments
    - drm/amd/display: use full update for clip size increase of large plane
      source
    - string.h: add array-wrappers for (v)memdup_user()
    - kernel: kexec: copy user-array safely
    - kernel: watch_queue: copy user-array safely
    - drm_lease.c: copy user-array safely
    - drm: vmwgfx_surface.c: copy user-array safely
    - drm/msm/dp: skip validity check for DP CTS EDID checksum
    - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
    - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
    - drm/amdgpu: Fix potential null pointer derefernce
    - drm/panel: fix a possible null pointer dereference
    - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
    - drm/radeon: fix a possible null pointer dereference
    - drm/amdgpu/vkms: fix a possible null pointer dereference
    - drm/panel: st7703: Pick different reset sequence
    - drm/amdkfd: Fix shift out-of-bounds issue
    - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
    - drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported
    - drm/amd/display: fix num_ways overflow error
    - drm/amd: check num of link levels when update pcie param
    - soc: qcom: pmic: Fix resource leaks in a device_for_each_child_node() loop
    - arm64: dts: rockchip: Add NanoPC T6 PCIe e-key support
    - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size
    - selftests/efivarfs: create-read: fix a resource leak
    - ASoC: mediatek: mt8188-mt6359: support dynamic pinctrl
    - ASoC: soc-card: Add storage for PCI SSID
    - ASoC: SOF: Pass PCI SSID to machine driver
    - ASoC: Intel: sof_sdw: Copy PCI SSID to struct snd_soc_card
    - ASoC: cs35l56: Use PCI SSID as the firmware UID
    - crypto: pcrypt - Fix hungtask for PADATA_RESET
    - ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware
    - RDMA/hfi1: Use FIELD_GET() to extract Link Width
    - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
    - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
    - fs/jfs: Add check for negative db_l2nbperpage
    - fs/jfs: Add validity check for db_maxag and db_agpref
    - jfs: fix array-index-out-of-bounds in dbFindLeaf
    - jfs: fix array-index-out-of-bounds in diAlloc
    - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
    - ARM: 9320/1: fix stack depot IRQ stack filter
    - ALSA: hda: Fix possible null-ptr-deref when assigning a stream
    - gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound
    - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
    - PCI: mvebu: Use FIELD_PREP() with Link Width
    - atm: iphase: Do PCI error checks on own line
    - PCI: Do error check on own line to split long "if" conditions
    - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
    - PCI: Use FIELD_GET() to extract Link Width
    - PCI: Extract ATS disabling to a helper function
    - PCI: Disable ATS for specific Intel IPU E2000 devices
    - PCI: dwc: Add dw_pcie_link_set_max_link_width()
    - PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling
    - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
    - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
    - ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk
    - crypto: hisilicon/qm - prevent soft lockup in receive loop
    - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
    - exfat: support handle zero-size directory
    - mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs
    - iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()
    - thunderbolt: Apply USB 3.x bandwidth quirk only in software connection
      manager
    - tty: vcc: Add check for kstrdup() in vcc_probe()
    - dt-bindings: phy: qcom,snps-eusb2-repeater: Add magic tuning overrides
    - phy: qualcomm: phy-qcom-eusb2-repeater: Use regmap_fields
    - phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs
    - usb: dwc3: core: configure TX/RX threshold for DWC3_IP
    - usb: ucsi: glink: use the connector orientation GPIO to provide switch
      events
    - soundwire: dmi-quirks: update HP Omen match
    - f2fs: fix error path of __f2fs_build_free_nids
    - f2fs: fix error handling of __get_node_page
    - usb: host: xhci: Avoid XHCI resume delay if SSUSB device is not present
    - usb: gadget: f_ncm: Always set current gadget in ncm_bind()
    - 9p/trans_fd: Annotate data-racy writes to file::f_flags
    - 9p: v9fs_listxattr: fix %s null argument warning
    - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
    - i2c: i801: Add support for Intel Birch Stream SoC
    - i2c: fix memleak in i2c_new_client_device()
    - i2c: sun6i-p2wi: Prevent potential division by zero
    - virtio-blk: fix implicit overflow on virtio_max_dma_size
    - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
    - media: gspca: cpia1: shift-out-of-bounds in set_flicker
    - media: vivid: avoid integer overflow
    - media: ipu-bridge: increase sensor_name size
    - gfs2: ignore negated quota changes
    - gfs2: fix an oops in gfs2_permission
    - media: cobalt: Use FIELD_GET() to extract Link Width
    - media: ccs: Fix driver quirk struct documentation
    - media: imon: fix access to invalid resource for the second interface
    - drm/amd/display: Avoid NULL dereference of timing generator
    - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
    - kgdb: Flush console before entering kgdb on panic
    - riscv: VMAP_STACK overflow detection thread-safe
    - i2c: dev: copy userspace array safely
    - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
    - drm/qxl: prevent memory leak
    - ALSA: hda/realtek: Add quirk for ASUS UX7602ZM
    - drm/amdgpu: fix software pci_unplug on some chips
    - pwm: Fix double shift bug
    - mtd: rawnand: tegra: add missing check for platform_get_irq()
    - wifi: iwlwifi: Use FW rate for non-data frames
    - sched/core: Optimize in_task() and in_interrupt() a bit
    - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests
    - samples/bpf: syscall_tp_user: Fix array out-of-bound access
    - dt-bindings: serial: fix regex pattern for matching serial node children
    - SUNRPC: ECONNRESET might require a rebind
    - mtd: rawnand: intel: check return value of devm_kasprintf()
    - mtd: rawnand: meson: check return value of devm_kasprintf()
    - drm/i915/mtl: avoid stringop-overflow warning
    - NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking
    - SUNRPC: Add an IS_ERR() check back to where it was
    - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
    - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
    - RISC-V: hwprobe: Fix vDSO SIGSEGV
    - riscv: provide riscv-specific is_trap_insn()
    - gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
    - drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init
    - riscv: split cache ops out of dma-noncoherent.c
    - vdpa_sim_blk: allocate the buffer zeroed
    - vhost-vdpa: fix use after free in vhost_vdpa_probe()
    - gcc-plugins: randstruct: Only warn about true flexible arrays
    - bpf: handle ldimm64 properly in check_cfg()
    - bpf: fix precision backtracking instruction iteration
    - bpf: fix control-flow graph checking in privileged mode
    - net: set SOCK_RCU_FREE before inserting socket into hashtable
    - ipvlan: add ipvlan_route_v6_outbound() helper
    - tty: Fix uninit-value access in ppp_sync_receive()
    - net: ti: icssg-prueth: Add missing icss_iep_put to error path
    - net: ti: icssg-prueth: Fix error cleanup on failing pruss_request_mem_region
    - xen/events: avoid using info_for_irq() in xen_send_IPI_one()
    - net: hns3: fix add VLAN fail issue
    - net: hns3: add barrier in vf mailbox reply process
    - net: hns3: fix incorrect capability bit display for copper port
    - net: hns3: fix out-of-bounds access may occur when coalesce info is read via
      debugfs
    - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
    - net: hns3: fix VF reset fail issue
    - net: hns3: fix VF wrong speed and duplex issue
    - tipc: Fix kernel-infoleak due to uninitialized TLV value
    - net: mvneta: fix calls to page_pool_get_stats
    - ppp: limit MRU to 64K
    - xen/events: fix delayed eoi list handling
    - blk-mq: make sure active queue usage is held for bio_integrity_prep()
    - ptp: annotate data-race around q->head and q->tail
    - bonding: stop the device in bond_setup_by_slave()
    - net: ethernet: cortina: Fix max RX frame define
    - net: ethernet: cortina: Handle large frames
    - net: ethernet: cortina: Fix MTU max setting
    - af_unix: fix use-after-free in unix_stream_read_actor()
    - netfilter: nf_conntrack_bridge: initialize err to 0
    - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
    - netfilter: nf_tables: bogus ENOENT when destroying element which does not
      exist
    - net: stmmac: fix rx budget limit check
    - net: stmmac: avoid rx queue overrun
    - pds_core: use correct index to mask irq
    - pds_core: fix up some format-truncation complaints
    - gve: Fixes for napi_poll when budget is 0
    - io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval
    - Revert "net/mlx5: DR, Supporting inline WQE when possible"
    - net/mlx5: Free used cpus mask when an IRQ is released
    - net/mlx5: Decouple PHC .adjtime and .adjphase implementations
    - net/mlx5e: fix double free of encap_header
    - net/mlx5e: fix double free of encap_header in update funcs
    - net/mlx5e: Fix pedit endianness
    - net/mlx5e: Don't modify the peer sent-to-vport rules for IPSec offload
    - net/mlx5e: Avoid referencing skb after free-ing in drop path of
      mlx5e_sq_xmit_wqe
    - net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
    - net/mlx5e: Update doorbell for port timestamping CQ before the software
      counter
    - net/mlx5: Increase size of irq name buffer
    - net/mlx5e: Reduce the size of icosq_str
    - net/mlx5e: Check return value of snprintf writing to fw_version buffer
    - net/mlx5e: Check return value of snprintf writing to fw_version buffer for
      representors
    - net: sched: do not offload flows with a helper in act_ct
    - macvlan: Don't propagate promisc change to lower dev in passthru
    - tools/power/turbostat: Fix a knl bug
    - tools/power/turbostat: Enable the C-state Pre-wake printing
    - scsi: ufs: core: Expand MCQ queue slot to DeviceQueueDepth + 1
    - cifs: spnego: add ';' in HOST_KEY_LEN
    - cifs: fix check of rc in function generate_smb3signingkey
    - perf/core: Fix cpuctx refcounting
    - i915/perf: Fix NULL deref bugs with drm_dbg() calls
    - perf: arm_cspmu: Reject events meant for other PMUs
    - drivers: perf: Check find_first_bit() return value
    - media: venus: hfi: add checks to perform sanity on queue pointers
    - perf intel-pt: Fix async branch flags
    - powerpc/perf: Fix disabling BHRB and instruction sampling
    - randstruct: Fix gcc-plugin performance mode to stay in group
    - spi: Fix null dereference on suspend
    - bpf: Fix check_stack_write_fixed_off() to correctly spill imm
    - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
    - scsi: mpt3sas: Fix loop logic
    - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
      selected registers
    - scsi: ufs: qcom: Update PHY settings only when scaling to higher gears
    - scsi: qla2xxx: Fix system crash due to bad pointer access
    - scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR
    - x86/shstk: Delay signal entry SSP write until after user accesses
    - crypto: x86/sha - load modules based on CPU features
    - x86/PCI: Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4
    - x86/apic/msi: Fix misconfigured non-maskable MSI quirk
    - x86/cpu/hygon: Fix the CPU topology evaluation for real
    - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
    - KVM: x86: Ignore MSR_AMD64_TW_CFG access
    - KVM: x86: Clear bit12 of ICR after APIC-write VM-exit
    - KVM: x86: Fix lapic timer interrupt lost after loading a snapshot.
    - mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER
    - sched: psi: fix unprivileged polling against cgroups
    - audit: don't take task_lock() in audit_exe_compare() code path
    - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
    - proc: sysctl: prevent aliased sysctls from getting passed to init
    - tty/sysrq: replace smp_processor_id() with get_cpu()
    - tty: serial: meson: fix hard LOCKUP on crtscts mode
    - acpi/processor: sanitize _OSC/_PDC capabilities for Xen dom0
    - hvc/xen: fix console unplug
    - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
    - hvc/xen: fix event channel handling for secondary consoles
    - PCI/sysfs: Protect driver's D3cold preference from user space
    - mm/damon/sysfs: remove requested targets when online-commit inputs
    - mm/damon/sysfs: update monitoring target regions for online input commit
    - watchdog: move softlockup_panic back to early_param
    - iommufd: Fix missing update of domains_itree after splitting iopt_area
    - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
    - dm crypt: account large pages in cc->n_allocated_pages
    - mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation
    - mm/damon/ops-common: avoid divide-by-zero during region hotness calculation
    - mm/damon: implement a function for max nr_accesses safe calculation
    - mm/damon/core: avoid divide-by-zero during monitoring results update
    - mm/damon/sysfs-schemes: handle tried region directory allocation failure
    - mm/damon/sysfs-schemes: handle tried regions sysfs directory allocation
      failure
    - mm/damon/core.c: avoid unintentional filtering out of schemes
    - mm/damon/sysfs: check error from damon_sysfs_update_target()
    - parisc: Add nop instructions after TLB inserts
    - ACPI: resource: Do IRQ override on TongFang GMxXGxx
    - regmap: Ensure range selector registers are updated after cache sync
    - wifi: ath11k: fix temperature event locking
    - wifi: ath11k: fix dfs radar event locking
    - wifi: ath11k: fix htt pktlog locking
    - wifi: ath11k: fix gtk offload status event locking
    - wifi: ath12k: fix htt mlo-offset event locking
    - wifi: ath12k: fix dfs-radar and temperature event locking
    - mmc: meson-gx: Remove setting of CMD_CFG_ERROR
    - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
    - sched/core: Fix RQCF_ACT_SKIP leak
    - pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable
    - KEYS: trusted: tee: Refactor register SHM usage
    - KEYS: trusted: Rollback init_trusted() consistently
    - PCI: keystone: Don't discard .remove() callback
    - PCI: keystone: Don't discard .probe() callback
    - pmdomain: amlogic: Fix mask for the second NNA mem PD domain
    - arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
    - arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n
    - pmdomain: imx: Make imx pgc power domain also set the fwnode
    - parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table
    - parisc/pdc: Add width field to struct pdc_model
    - parisc/power: Add power soft-off when running on qemu
    - cpufreq: stats: Fix buffer overflow detection in trans_stats()
    - powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug()
    - clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data
    - clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider
    - integrity: powerpc: Do not select CA_MACHINE_KEYRING
    - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    - ksmbd: fix recursive locking in vfs helpers
    - ksmbd: handle malformed smb1 message
    - ksmbd: fix slab out of bounds write in smb_inherit_dacl()
    - mmc: vub300: fix an error code
    - mmc: sdhci_am654: fix start loop index for TAP value parsing
    - mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A
    - PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers
    - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
    - PCI: kirin: Don't discard .remove() callback
    - PCI: exynos: Don't discard .remove() callback
    - PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card
    - wifi: wilc1000: use vmm_table as array in wilc struct
    - svcrdma: Drop connection after an RDMA Read error
    - rcu/tree: Defer setting of jiffies during stall reset
    - arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM
    - dt-bindings: timer: renesas,rz-mtu3: Fix overflow/underflow interrupt names
    - PM: hibernate: Use __get_safe_page() rather than touching the list
    - PM: hibernate: Clean up sync_read handling in snapshot_write_next()
    - rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects
    - btrfs: don't arbitrarily slow down delalloc if we're committing
    - thermal: intel: powerclamp: fix mismatch in get function for max_idle
    - arm64: dts: qcom: ipq5332: Fix hwlock index for SMEM
    - arm64: dts: qcom: ipq8074: Fix hwlock index for SMEM
    - firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit
    - ACPI: FPDT: properly handle invalid FPDT subtables
    - arm64: dts: qcom: ipq9574: Fix hwlock index for SMEM
    - arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size
    - leds: trigger: netdev: Move size check in set_device_name
    - mfd: qcom-spmi-pmic: Fix reference leaks in revid helper
    - mfd: qcom-spmi-pmic: Fix revid implementation
    - ima: annotate iint mutex to avoid lockdep false positive warnings
    - ima: detect changes to the backing overlay file
    - netfilter: nf_tables: remove catchall element in GC sync path
    - netfilter: nf_tables: split async and sync catchall in two functions
    - ASoC: soc-dai: add flag to mute and unmute stream during trigger
    - ASoC: codecs: wsa883x: make use of new mute_unmute_on_trigger flag
    - selftests/resctrl: Fix uninitialized .sa_flags
    - selftests/resctrl: Remove duplicate feature check from CMT test
    - selftests/resctrl: Move _GNU_SOURCE define into Makefile
    - selftests/resctrl: Refactor feature check to use resource and feature name
    - selftests/resctrl: Fix feature checks
    - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests
    - hid: lenovo: Resend all settings on reset_resume for compact keyboards
    - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
    - jbd2: fix potential data lost in recovering journal raced with synchronizing
      fs bdev
    - quota: explicitly forbid quota files from being encrypted
    - kernel/reboot: emergency_restart: Set correct system_state
    - scripts/gdb/vmalloc: disable on no-MMU
    - fs: use nth_page() in place of direct struct page manipulation
    - mips: use nth_page() in place of direct struct page manipulation
    - i2c: core: Run atomic i2c xfer when !preemptible
    - selftests/clone3: Fix broken test under !CONFIG_TIME_NS
    - tracing: Have the user copy of synthetic event address use correct context
    - driver core: Release all resources during unbind before updating device
      links
    - mcb: fix error handling for different scenarios when parsing
    - dmaengine: stm32-mdma: correct desc prep when channel running
    - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
    - s390/mm: add missing arch_set_page_dat() call to gmap allocations
    - s390/cmma: fix detection of DAT pages
    - mm/cma: use nth_page() in place of direct struct page manipulation
    - mm/hugetlb: use nth_page() in place of direct struct page manipulation
    - mm/memory_hotplug: use pfn math in place of direct struct page manipulation
    - mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long
    - mtd: cfi_cmdset_0001: Byte swap OTP info
    - cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails
    - i3c: master: cdns: Fix reading status register
    - i3c: master: svc: fix race condition in ibi work thread
    - i3c: master: svc: fix wrong data return when IBI happen during start frame
    - i3c: master: svc: fix ibi may not return mandatory data byte
    - i3c: master: svc: fix check wrong status register in irq handler
    - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen
    - i3c: master: svc: fix random hot join failure since timeout error
    - cxl/region: Fix x1 root-decoder granularity calculations
    - cxl/port: Fix delete_endpoint() vs parent unregistration race
    - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables
    - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
    - drm/amd/display: enable dsc_clk even if dsc_pg disabled
    - torture: Make torture_hrtimeout_ns() take an hrtimer mode parameter
    - rcutorture: Fix stuttering races and other issues
    - selftests/resctrl: Remove bw_report and bm_type from main()
    - selftests/resctrl: Simplify span lifetime
    - selftests/resctrl: Make benchmark command const and build it with pointers
    - selftests/resctrl: Extend signal handler coverage to unmount on receiving
      signal
    - parisc: Prevent booting 64-bit kernels on PA1.x machines
    - parisc/pgtable: Do not drop upper 5 address bits of physical address
    - parisc/power: Fix power soft-off when running on qemu
    - parisc: fix mmap_base calculation when stack grows upwards
    - xhci: Enable RPM on controllers that support low-power states
    - smb3: fix creating FIFOs when mounting with "sfu" mount option
    - smb3: fix touch -h of symlink
    - smb3: allow dumping session and tcon id to improve stats analysis and
      debugging
    - smb3: fix caching of ctime on setxattr
    - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
    - smb: client: fix use-after-free in smb2_query_info_compound()
    - smb: client: fix potential deadlock when releasing mids
    - smb: client: fix mount when dns_resolver key is not available
    - cifs: reconnect helper should set reconnect for the right channel
    - cifs: force interface update before a fresh session setup
    - cifs: do not reset chan_max if multichannel is not supported at mount
    - cifs: do not pass cifs_sb when trying to add channels
    - cifs: Fix encryption of cleared, but unset rq_iter data buffers
    - xfs: recovery should not clear di_flushiter unconditionally
    - btrfs: zoned: wait for data BG to be finished on direct IO allocation
    - ALSA: info: Fix potential deadlock at disconnection
    - ALSA: hda/realtek: Enable Mute LED on HP 255 G8
    - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
    - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
    - ALSA: hda/realtek: Enable Mute LED on HP 255 G10
    - ALSA: hda/realtek: Add quirks for HP Laptops
    - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
    - Revert "i2c: pxa: move to generic GPIO recovery"
    - lsm: fix default return value for vm_enough_memory
    - lsm: fix default return value for inode_getsecctx
    - sbsa_gwdt: Calculate timeout with 64-bit math
    - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
    - s390/ap: fix AP bus crash on early config change callback invocation
    - net: ethtool: Fix documentation of ethtool_sprintf()
    - net: dsa: lan9303: consequently nested-lock physical MDIO
    - net: phylink: initialize carrier state at creation
    - gfs2: don't withdraw if init_threads() got interrupted
    - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
    - f2fs: do not return EFSCORRUPTED, but try to run online repair
    - f2fs: set the default compress_level on ioctl
    - f2fs: avoid format-overflow warning
    - f2fs: split initial and dynamic conditions for extent_cache
    - media: lirc: drop trailing space from scancode transmit
    - media: sharp: fix sharp encoding
    - media: venus: hfi_parser: Add check to keep the number of codecs within
      range
    - media: venus: hfi: fix the check to handle session buffer requirement
    - media: venus: hfi: add checks to handle capabilities from firmware
    - media: ccs: Correctly initialise try compose rectangle
    - drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection
    - drm/mediatek/dp: fix memory leak on ->get_edid callback error path
    - dm-bufio: fix no-sleep mode
    - dm-verity: don't use blocking calls from tasklets
    - nfsd: fix file memleak on client_opens_release
    - NFSD: Update nfsd_cache_append() to use xdr_stream
    - LoongArch: Mark __percpu functions as always inline
    - tracing: fprobe-event: Fix to check tracepoint event and return
    - swiotlb: do not free decrypted pages if dynamic
    - swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC
    - riscv: Using TOOLCHAIN_HAS_ZIHINTPAUSE marco replace zihintpause
    - riscv: put interrupt entries into .irqentry.text
    - riscv: mm: Update the comment of CONFIG_PAGE_OFFSET
    - riscv: correct pt_level name via pgtable_l5/4_enabled
    - riscv: kprobes: allow writing to x0
    - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2
    - mm: fix for negative counter: nr_file_hugepages
    - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
    - mptcp: deal with large GSO size
    - mptcp: add validity check for sending RM_ADDR
    - mptcp: fix setsockopt(IP_TOS) subflow locking
    - selftests: mptcp: fix fastclose with csum failure
    - r8169: fix network lost after resume on DASH systems
    - r8169: add handling DASH when DASH is disabled
    - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER
    - media: qcom: camss: Fix pm_domain_on sequence in probe
    - media: qcom: camss: Fix vfe_get() error jump
    - media: qcom: camss: Fix VFE-17x vfe_disable_output()
    - media: qcom: camss: Fix VFE-480 vfe_disable_output()
    - media: qcom: camss: Fix missing vfe_lite clocks check
    - media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3
    - media: qcom: camss: Fix invalid clock enable bit disjunction
    - media: qcom: camss: Fix csid-gen2 for test pattern generator
    - Revert "HID: logitech-dj: Add support for a new lightspeed receiver
      iteration"
    - Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E"
    - ext4: fix race between writepages and remount
    - ext4: no need to generate from free list in mballoc
    - ext4: make sure allocate pending entry not fail
    - ext4: apply umask if ACL support is disabled
    - ext4: correct offset of gdb backup in non meta_bg group to update_backups
    - ext4: mark buffer new if it is unwritten to avoid stale data exposure
    - ext4: correct return value of ext4_convert_meta_bg
    - ext4: correct the start block of counting reserved clusters
    - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
    - ext4: add missed brelse in update_backups
    - ext4: properly sync file size update after O_SYNC direct IO
    - ext4: fix racy may inline data check in dio write
    - drm/amd/pm: Handle non-terminated overdrive commands.
    - drm: bridge: it66121: ->get_edid callback must not return err pointers
    - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block
    - drm/amd/display: Add Null check for DPP resource
    - drm/i915/mtl: Support HBR3 rate with C10 phy and eDP in MTL
    - drm/i915: Bump GLK CDCLK frequency when driving multiple pipes
    - drm/i915: Fix potential spectre vulnerability
    - drm/i915: Flush WC GGTT only on required platforms
    - drm/amd/pm: Fix error of MACO flag setting code
    - drm/amdgpu/smu13: drop compute workload workaround
    - drm/amdgpu: don't use pci_is_thunderbolt_attached()
    - drm/amdgpu: fix GRBM read timeout when do mes_self_test
    - drm/amdgpu: add a retry for IP discovery init
    - drm/amdgpu: don't use ATRM for external devices
    - drm/amdgpu: fix error handling in amdgpu_vm_init
    - drm/amdgpu: fix error handling in amdgpu_bo_list_get()
    - drm/amdgpu: lower CS errors to debug severity
    - drm/amdgpu: Fix possible null pointer dereference
    - drm/amd/display: Guard against invalid RPTR/WPTR being set
    - drm/amd/display: Fix DSC not Enabled on Direct MST Sink
    - drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()
    - drm/amd/display: Enable fast plane updates on DCN3.2 and above
    - drm/amd/display: Clear dpcd_sink_ext_caps if not set
    - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
    - Linux 6.6.3

-- Paolo Pisati <paolo.pisati@canonical.com>  Thu, 30 Nov 2023 09:57:53 +0100

Changed in linux (Ubuntu Noble):
status:	Fix Committed → Fix Released

Revision history for this message

Roxana Nicolescu (roxanan) wrote on 2024-01-26:

#12

Lunar is EOL

Changed in linux (Ubuntu Lunar):
status:	Confirmed → Won't Fix

Stefan Bader (smb) on 2024-01-31

Changed in linux (Ubuntu Mantic):
status:	Confirmed → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-02-08:

#13

This bug is awaiting verification that the linux/6.5.0-25.25 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux' to 'verification-done-mantic-linux'. If the problem still exists, change the tag 'verification-needed-mantic-linux' to 'verification-failed-mantic-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-v2 verification-needed-mantic-linux

Revision history for this message

Steve Beattie (sbeattie) wrote on 2024-02-08:

#14

I have confirmed that with the 6.5.0-25.25 kernel in mantic-proposed, shared libraries for 32bit binaries are loaded with some randoness; specifically, we are back to 7 bits of randomness with this kernel update:

$ cat /proc/version_signature
Ubuntu 6.5.0-25.25-generic 6.5.13
$ for ((i = 0 ; i < 5; i++ )) ; do ./aslr32 --report libs ; done
0xe8a86e80
0xf4a86e80
0xf2886e80
0xf2a86e80
0xf1686e80
# report the number of distinct values we get:
$ for ((i = 0 ; i < 10000; i++ )) ; do ./aslr32 --report libs ; done | sort | uniq -c | wc -l
129

For reference, on the 6.5.0-17.17 kernel, we had no randomness whatsoever:

$ cat /proc/version_signature
Ubuntu 6.5.0-17.17-generic 6.5.8
$ for ((i = 0 ; i < 10000; i++ )) ; do ./aslr32 --report libs ; done | sort | uniq -c
10000 0xf7c86e80

tags:

added: verification-done-mantic-linux
removed: verification-needed-mantic-linux

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-03-06:

#15

Download full text (121.8 KiB)

This bug was fixed in the package linux - 6.5.0-25.25

---------------
linux (6.5.0-25.25) mantic; urgency=medium

* mantic/linux: 6.5.0-25.25 -proposed tracker (LP: #2052615)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2024.02.05)

  * [SRU][22.04.04]: mpi3mr driver update (LP: #2045233)
    - scsi: mpi3mr: Invoke soft reset upon TSU or event ack time out
    - scsi: mpi3mr: Update MPI Headers to version 3.00.28
    - scsi: mpi3mr: Add support for more than 1MB I/O
    - scsi: mpi3mr: WRITE SAME implementation
    - scsi: mpi3mr: Enhance handling of devices removed after controller reset
    - scsi: mpi3mr: Update driver version to 8.5.0.0.0
    - scsi: mpi3mr: Split off bus_reset function from host_reset
    - scsi: mpi3mr: Add support for SAS5116 PCI IDs
    - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
    - scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32
    - scsi: mpi3mr: Add support for status reply descriptor
    - scsi: mpi3mr: driver version upgrade to 8.5.0.0.50
    - scsi: mpi3mr: Refresh sdev queue depth after controller reset
    - scsi: mpi3mr: Clean up block devices post controller reset
    - scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable
      State
    - scsi: mpi3mr: Fetch correct device dev handle for status reply descriptor
    - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-1
    - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-2
    - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-3
    - scsi: mpi3mr: Update driver version to 8.5.1.0.0

  * The display becomes frozen after some time when a HDMI device is connected.
    (LP: #2049027)
    - drm/i915/dmc: Don't enable any pipe DMC events

* Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models

* partproke is broken on empty loopback device (LP: #2049689)
- block: Move checking GENHD_FL_NO_PART to bdev_add_partition()

* CVE-2023-51780
- atm: Fix Use-After-Free in do_vcc_ioctl

* CVE-2023-6915
- ida: Fix crash in ida_free when the bitmap is empty

* Update Ubuntu.md (LP: #2051176)
- [Packaging] update Ubuntu.md

  * test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 /
    J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
    - [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum

  * Intel E810-XXV - NETDEV WATCHDOG: (ice): transmit queue timed out
    (LP: #2036239)
    - ice: Add driver support for firmware changes for LAG
    - ice: alter feature support check for SRIOV and LAG

  * Mantic update: upstream stable patchset 2024-01-29 (LP: #2051584)
    - Upstream stable to v6.1.67, v6.6.6
    - vdpa/mlx5: preserve CVQ vringh index
    - hrtimers: Push pending hrtimers away from outgoing CPU earlier
    - i2c: designware: Fix corrupted memory seen in the ISR
    - netfilter: ipset: fix race condition between swap/destroy and kernel side
      add/del/test
    - zstd: Fix array-index-out-of-bounds UBSAN warning
    - tg3: Move the [rt]x_dropped counters...

This bug was fixed in the package linux - 6.5.0-25.25

---------------
linux (6.5.0-25.25) mantic; urgency=medium

* mantic/linux: 6.5.0-25.25 -proposed tracker (LP: #2052615)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2024.02.05)

* [SRU][22.04.04]: mpi3mr driver update (LP: #2045233)
    - scsi: mpi3mr: Invoke soft reset upon TSU or event ack time out
    - scsi: mpi3mr: Update MPI Headers to version 3.00.28
    - scsi: mpi3mr: Add support for more than 1MB I/O
    - scsi: mpi3mr: WRITE SAME implementation
    - scsi: mpi3mr: Enhance handling of devices removed after controller reset
    - scsi: mpi3mr: Update driver version to 8.5.0.0.0
    - scsi: mpi3mr: Split off bus_reset function from host_reset
    - scsi: mpi3mr: Add support for SAS5116 PCI IDs
    - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116
    - scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32
    - scsi: mpi3mr: Add support for status reply descriptor
    - scsi: mpi3mr: driver version upgrade to 8.5.0.0.50
    - scsi: mpi3mr: Refresh sdev queue depth after controller reset
    - scsi: mpi3mr: Clean up block devices post controller reset
    - scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable
      State
    - scsi: mpi3mr: Fetch correct device dev handle for status reply descriptor
    - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-1
    - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-2
    - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-3
    - scsi: mpi3mr: Update driver version to 8.5.1.0.0

* The display becomes frozen after some time when a HDMI device is connected.
    (LP: #2049027)
    - drm/i915/dmc: Don't enable any pipe DMC events

* Audio balancing setting doesn't work with the cirrus codec (LP: #2051050)
    - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models

* partproke is broken on empty loopback device (LP: #2049689)
    - block: Move checking GENHD_FL_NO_PART to bdev_add_partition()

* CVE-2023-51780
    - atm: Fix Use-After-Free in do_vcc_ioctl

* CVE-2023-6915
    - ida: Fix crash in ida_free when the bitmap is empty

* Update Ubuntu.md (LP: #2051176)
    - [Packaging] update Ubuntu.md

* test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 /
    J-OEM-6.1 / J-6.2 AMD64 (LP: #1983357)
    - [Config]: set ARCH_MMAP_RND_{COMPAT_, }BITS to the maximum

* Intel E810-XXV - NETDEV WATCHDOG: (ice): transmit queue timed out
    (LP: #2036239)
    - ice: Add driver support for firmware changes for LAG
    - ice: alter feature support check for SRIOV and LAG

* Mantic update: upstream stable patchset 2024-01-29 (LP: #2051584)
    - Upstream stable to v6.1.67, v6.6.6
    - vdpa/mlx5: preserve CVQ vringh index
    - hrtimers: Push pending hrtimers away from outgoing CPU earlier
    - i2c: designware: Fix corrupted memory seen in the ISR
    - netfilter: ipset: fix race condition between swap/destroy and kernel side
      add/del/test
    - zstd: Fix array-index-out-of-bounds UBSAN warning
    - tg3: Move the [rt]x_dropped counters to tg3_napi
    - tg3: Increment tx_dropped in tg3_tso_bug()
    - kconfig: fix memory leak from range properties
    - drm/amdgpu: correct chunk_ptr to a pointer to chunk.
    - x86: Introduce ia32_enabled()
    - x86/coco: Disable 32-bit emulation by default on TDX and SEV
    - x86/entry: Convert INT 0x80 emulation to IDTENTRY
    - x86/entry: Do not allow external 0x80 interrupts
    - x86/tdx: Allow 32-bit emulation by default
    - dt: dt-extract-compatibles: Handle cfile arguments in generator function
    - dt: dt-extract-compatibles: Don't follow symlinks when walking tree
    - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code
    - of: dynamic: Fix of_reconfig_get_state_change() return value documentation
    - platform/x86: wmi: Skip blocks with zero instances
    - ipv6: fix potential NULL deref in fib6_add()
    - octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam
    - octeontx2-af: Check return value of nix_get_nixlf before using nixlf
    - hv_netvsc: rndis_filter needs to select NLS
    - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
    - r8152: Add RTL8152_INACCESSIBLE checks to more loops
    - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
    - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
    - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en()
    - mlxbf-bootctl: correctly identify secure boot with development keys
    - platform/mellanox: Add null pointer checks for devm_kasprintf()
    - platform/mellanox: Check devm_hwmon_device_register_with_groups() return
      value
    - arcnet: restoring support for multiple Sohard Arcnet cards
    - octeontx2-pf: consider both Rx and Tx packet stats for adaptive interrupt
      coalescing
    - net: stmmac: fix FPE events losing
    - xsk: Skip polling event check for unbound socket
    - octeontx2-af: fix a use-after-free in rvu_npa_register_reporters
    - i40e: Fix unexpected MFS warning message
    - iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero
    - tcp: fix mid stream window clamp.
    - ionic: fix snprintf format length warning
    - ionic: Fix dim work handling in split interrupt mode
    - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit()
    - net: atlantic: Fix NULL dereference of skb pointer in
    - net: hns: fix wrong head when modify the tx feature when sending packets
    - net: hns: fix fake link up on xge port
    - octeontx2-af: Adjust Tx credits when MCS external bypass is disabled
    - octeontx2-af: Fix mcs sa cam entries size
    - octeontx2-af: Fix mcs stats register address
    - octeontx2-af: Add missing mcs flr handler call
    - octeontx2-af: Update Tx link register range
    - dt-bindings: interrupt-controller: Allow #power-domain-cells
    - netfilter: nf_tables: fix 'exist' matching on bigendian arches
    - netfilter: nf_tables: validate family when identifying table via handle
    - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
    - tcp: do not accept ACK of bytes we never sent
    - bpf: sockmap, updating the sg structure should also update curr
    - psample: Require 'CAP_NET_ADMIN' when joining "packets" group
    - drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
    - mm/damon/sysfs: eliminate potential uninitialized variable warning
    - tee: optee: Fix supplicant based device enumeration
    - RDMA/hns: Fix unnecessary err return when using invalid congest control
      algorithm
    - RDMA/irdma: Do not modify to SQD on error
    - RDMA/irdma: Add wait for suspend on SQD
    - arm64: dts: rockchip: Expand reg size of vdec node for RK3328
    - arm64: dts: rockchip: Expand reg size of vdec node for RK3399
    - ASoC: fsl_sai: Fix no frame sync clock issue on i.MX8MP
    - RDMA/rtrs-srv: Do not unconditionally enable irq
    - RDMA/rtrs-clt: Start hb after path_up
    - RDMA/rtrs-srv: Check return values while processing info request
    - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true
    - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight
    - RDMA/rtrs-clt: Fix the max_send_wr setting
    - RDMA/rtrs-clt: Remove the warnings for req in_use check
    - RDMA/bnxt_re: Correct module description string
    - RDMA/irdma: Refactor error handling in create CQP
    - RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info()
    - hwmon: (acpi_power_meter) Fix 4.29 MW bug
    - ASoC: codecs: lpass-tx-macro: set active_decimator correct default value
    - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
    - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
    - RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz
    - RDMA/irdma: Avoid free the non-cqp_request scratch
    - drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS
    - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3
    - ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock
    - tracing: Fix a warning when allocating buffered events fails
    - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
    - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init
    - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt
    - ARM: dts: imx28-xea: Pass the 'model' property
    - riscv: fix misaligned access handling of C.SWSP and C.SDSP
    - md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
    - rethook: Use __rcu pointer for rethook::handler
    - kprobes: consistent rcu api usage for kretprobe holder
    - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA
    - nvme-pci: Add sleep quirk for Kingston drives
    - io_uring: fix mutex_unlock with unreferenced ctx
    - ALSA: usb-audio: Add Pioneer DJM-450 mixer controls
    - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
    - ALSA: hda/realtek: add new Framework laptop to quirks
    - ALSA: hda/realtek: Add Framework laptop 16 to quirks
    - ring-buffer: Test last update in 32bit version of __rb_time_read()
    - nilfs2: fix missing error check for sb_set_blocksize call
    - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
    - cgroup_freezer: cgroup_freezing: Check if not frozen
    - checkstack: fix printed address
    - tracing: Always update snapshot buffer size
    - tracing: Disable snapshot buffer when stopping instance tracers
    - tracing: Fix incomplete locking when disabling buffered events
    - tracing: Fix a possible race when disabling buffered events
    - packet: Move reference count in packet_sock to atomic_long_t
    - r8169: fix rtl8125b PAUSE frames blasting when suspended
    - regmap: fix bogus error on regcache_sync success
    - platform/surface: aggregator: fix recv_buf() return value
    - hugetlb: fix null-ptr-deref in hugetlb_vma_lock_write
    - mm: fix oops when filemap_map_pmd() without prealloc_pte
    - powercap: DTPM: Fix missing cpufreq_cpu_put() calls
    - md/raid6: use valid sector values to determine if an I/O should wait on the
      reshape
    - arm64: dts: mediatek: mt7622: fix memory node warning check
    - arm64: dts: mediatek: mt8183-kukui-jacuzzi: fix dsi unnecessary cells
      properties
    - arm64: dts: mediatek: cherry: Fix interrupt cells for MT6360 on I2C7
    - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
    - arm64: dts: mediatek: mt8195: Fix PM suspend/resume with venc clocks
    - arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory
    - arm64: dts: mediatek: mt8183: Move thermal-zones to the root node
    - arm64: dts: mediatek: mt8183-evb: Fix unit_address_vs_reg warning on ntc
    - coresight: etm4x: Remove bogous __exit annotation for some functions
    - hwtracing: hisi_ptt: Add dummy callback pmu::read()
    - misc: mei: client.c: return negative error code in mei_cl_write
    - misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write
    - LoongArch: BPF: Don't sign extend memory load operand
    - LoongArch: BPF: Don't sign extend function return value
    - ring-buffer: Force absolute timestamp on discard of event
    - tracing: Set actual size after ring buffer resize
    - tracing: Stop current tracer when resizing buffer
    - parisc: Reduce size of the bug_table on 64-bit kernel by half
    - parisc: Fix asm operand number out of range build error in bug table
    - arm64: dts: mediatek: add missing space before {
    - arm64: dts: mt8183: kukui: Fix underscores in node names
    - x86/sev: Fix kernel crash due to late update to read-only ghcb_version
    - gpiolib: sysfs: Fix error handling on failed export
    - drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
    - drm/amdgpu: Add I2C EEPROM support on smu v13_0_6
    - usb: gadget: f_hid: fix report descriptor allocation
    - serial: 8250_dw: Add ACPI ID for Granite Rapids-D UART
    - parport: Add support for Brainboxes IX/UC/PX parallel cards
    - cifs: Fix non-availability of dedup breaking generic/304
    - Revert "xhci: Loosen RPM as default policy to cover for AMD xHC 1.1"
    - smb: client: fix potential NULL deref in parse_dfs_referrals()
    - ARM: PL011: Fix DMA support
    - serial: sc16is7xx: address RX timeout interrupt errata
    - serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
    - serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
    - serial: 8250_omap: Add earlycon support for the AM654 UART controller
    - devcoredump: Send uevent once devcd is ready
    - x86/CPU/AMD: Check vendor in the AMD microcode callback
    - USB: gadget: core: adjust uevent timing on gadget unbind
    - cifs: Fix flushing, invalidation and file size with copy_file_range()
    - cifs: Fix flushing, invalidation and file size with FICLONE
    - MIPS: kernel: Clear FPU states when setting up kernel threads
    - KVM: s390/mm: Properly reset no-dat
    - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
    - MIPS: Loongson64: Reserve vgabios memory on boot
    - MIPS: Loongson64: Handle more memory types passed from firmware
    - MIPS: Loongson64: Enable DMA noncoherent support
    - riscv: Kconfig: Add select ARM_AMBA to SOC_STARFIVE
    - [Config] updateconfigs after enabling ARM_AMBA on riscv
    - scsi: sd: Fix sshdr use in sd_suspend_common()
    - nouveau: use an rwlock for the event lock.
    - modpost: fix section mismatch message for RELA
    - drm/amdgpu: Do not program VF copy regs in mmhub v1.8 under SRIOV (v2)
    - drm/amdgpu: finalizing mem_partitions at the end of GMC v9 sw_fini
    - dm-crypt: start allocating with MAX_ORDER
    - r8152: Hold the rtnl_lock for all of reset
    - net: dsa: microchip: provide a list of valid protocols for xmit handler
    - net/smc: fix missing byte order conversion in CLC handshake
    - RDMA/core: Fix uninit-value access in ib_get_eth_speed()
    - ARM: dts: imx6q: skov: fix ethernet clock regression
    - ARM: dts: rockchip: Fix sdmmc_pwren's pinmux setting for RK3128
    - ARM: dts: bcm2711-rpi-400: Fix delete-node of led_act
    - firmware: arm_scmi: Extend perf protocol ops to get number of domains
    - firmware: arm_scmi: Extend perf protocol ops to get information of a domain
    - firmware: arm_scmi: Fix frequency truncation by promoting multiplier type
    - firmware: arm_scmi: Simplify error path in scmi_dvfs_device_opps_add()
    - RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
    - RDMA/irdma: Fix support for 64k pages
    - io_uring/kbuf: Fix an NULL vs IS_ERR() bug in io_alloc_pbuf_ring()
    - io_uring/kbuf: check for buffer list readiness after NULL check
    - arm64: dts: imx8-ss-lsio: Add PWM interrupts
    - arm64: dts: freescale: imx8-ss-lsio: Fix #pwm-cells
    - arm64: dts: imx93: correct mediamix power
    - arm64: dts: imx8-apalis: set wifi regulator to always-on
    - arm64: dts: rockchip: Fix eMMC Data Strobe PD on rk3588
    - scripts/gdb: fix lx-device-list-bus and lx-device-list-class
    - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA
    - ALSA: hda/realtek: Apply quirk for ASUS UM3504DA
    - ALSA: hda/realtek: fix speakers on XPS 9530 (2023)
    - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7
    - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly
    - leds: trigger: netdev: fix RTNL handling to prevent potential deadlock
    - nfp: flower: fix for take a mutex lock in soft irq context and rcu lock
    - workqueue: Make sure that wq_unbound_cpumask is never empty
    - drivers/base/cpu: crash data showing should depends on KEXEC_CORE
    - mm/memory_hotplug: add missing mem_hotplug_lock
    - mm/memory_hotplug: fix error handling in add_memory_resource()
    - drm/atomic-helpers: Invoke end_fb_access while owning plane state
    - drm/i915/mst: Fix .mode_valid_ctx() return values
    - drm/i915/mst: Reject modes that require the bigjoiner
    - arm64: dts: mt7986: change cooling trips
    - arm64: dts: mt7986: define 3W max power to both SFP on BPI-R3
    - arm64: dts: mt7986: fix emmc hs400 mode without uboot initialization
    - arm64: dts: mediatek: mt8186: fix clock names for power domains
    - arm64: dts: mediatek: mt8186: Change gpu speedbin nvmem cell name
    - coresight: Fix crash when Perf and sysfs modes are used concurrently
    - coresight: ultrasoc-smb: Fix sleep while close preempt in enable_smb
    - coresight: ultrasoc-smb: Config SMB buffer before register sink
    - coresight: ultrasoc-smb: Fix uninitialized before use buf_hw_base
    - ASoC: ops: add correct range check for limiting volume
    - nvmem: Do not expect fixed layouts to grab a layout driver
    - serial: ma35d1: Validate console index before assignment
    - powerpc/ftrace: Fix stack teardown in ftrace_no_trace
    - perf metrics: Avoid segv if default metricgroup isn't set
    - ASoC: qcom: sc8280xp: Limit speaker digital volumes
    - gcc-plugins: randstruct: Update code comment in relayout_struct()
    - drm/amdgpu: Fix refclk reporting for SMU v13.0.6
    - drm/amdgpu: Add bootloader status check
    - drm/amdgpu: Add bootloader wait for PSP v13
    - drm/amdgpu: Restrict bootloader wait to SMUv13.0.6
    - drm/amdgpu: update retry times for psp vmbx wait
    - drm/amdgpu: update retry times for psp BL wait
    - drm/amdgpu: Restrict extended wait to PSP v13.0.6
    - Upstream stable to v6.1.68, v6.6.7

* i915 regression introduced with 5.5 kernel (LP: #2044131)
    - drm/i915: Skip some timing checks on BXT/GLK DSI transcoders

* Mantic update: upstream stable patchset 2024-01-26 (LP: #2051366)
    - cifs: Fix FALLOC_FL_ZERO_RANGE by setting i_size if EOF moved
    - cifs: Fix FALLOC_FL_INSERT_RANGE by setting i_size after EOF moved
    - smb: client: report correct st_size for SMB and NFS symlinks
    - pinctrl: avoid reload of p state in list iteration
    - firewire: core: fix possible memory leak in create_units()
    - mmc: sdhci-pci-gli: Disable LPM during initialization
    - mmc: cqhci: Increase recovery halt timeout
    - mmc: cqhci: Warn of halt or task clear failure
    - mmc: cqhci: Fix task clearing in CQE error recovery
    - mmc: block: Retry commands in CQE error recovery
    - mmc: block: Do not lose cache flush during CQE error recovery
    - mmc: block: Be sure to wait while busy in CQE error recovery
    - ALSA: hda: Disable power-save on KONTRON SinglePC
    - ALSA: hda/realtek: Headset Mic VREF to 100%
    - ALSA: hda/realtek: Add supported ALC257 for ChromeOS
    - dm-verity: align struct dm_verity_fec_io properly
    - scsi: Change SCSI device boolean fields to single bit flags
    - scsi: sd: Fix system start for ATA devices
    - drm/amd: Enable PCIe PME from D3
    - drm/amdgpu: Force order between a read and write to the same address
    - drm/amd/display: Include udelay when waiting for INBOX0 ACK
    - drm/amd/display: Remove min_dst_y_next_start check for Z8
    - drm/amd/display: Use DRAM speed from validation for dummy p-state
    - drm/amd/display: Update min Z8 residency time to 2100 for DCN314
    - drm/amd/display: fix ABM disablement
    - dm verity: initialize fec io before freeing it
    - dm verity: don't perform FEC for failed readahead IO
    - nvme: check for valid nvme_identify_ns() before using it
    - powercap: DTPM: Fix unneeded conversions to micro-Watts
    - cpufreq/amd-pstate: Fix the return value of amd_pstate_fast_switch()
    - dma-buf: fix check in dma_resv_add_fence
    - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR
    - iommu/vt-d: Add MTL to quirk list to skip TE disabling
    - KVM: PPC: Book3S HV: Fix KVM_RUN clobbering FP/VEC user registers
    - powerpc: Don't clobber f0/vs0 during fp|altivec register save
    - parisc: Mark ex_table entries 32-bit aligned in assembly.h
    - parisc: Mark ex_table entries 32-bit aligned in uaccess.h
    - parisc: Use natural CPU alignment for bug_table
    - parisc: Mark lock_aligned variables 16-byte aligned on SMP
    - parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes
    - parisc: Mark jump_table naturally aligned
    - parisc: Ensure 32-bit alignment on parisc unwind section
    - parisc: Mark altinstructions read-only and 32-bit aligned
    - btrfs: add dmesg output for first mount and last unmount of a filesystem
    - btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
    - btrfs: fix off-by-one when checking chunk map includes logical address
    - btrfs: send: ensure send_fd is writable
    - btrfs: make error messages more clear when getting a chunk map
    - btrfs: fix 64bit compat send ioctl arguments not initializing version member
    - auxdisplay: hd44780: move cursor home after clear display command
    - serial: sc16is7xx: Put IOControl register into regmap_volatile
    - serial: sc16is7xx: add missing support for rs485 devicetree properties
    - dpaa2-eth: increase the needed headroom to account for alignment
    - uapi: propagate __struct_group() attributes to the container union
    - selftests/net: ipsec: fix constant out of range
    - selftests/net: fix a char signedness issue
    - selftests/net: unix: fix unused variable compiler warning
    - selftests/net: mptcp: fix uninitialized variable warnings
    - octeontx2-af: Fix possible buffer overflow
    - net: stmmac: xgmac: Disable FPE MMC interrupts
    - octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64
    - octeontx2-af: Install TC filter rules in hardware based on priority
    - octeontx2-pf: Restore TC ingress police rules when interface is up
    - r8169: prevent potential deadlock in rtl8169_close
    - ravb: Fix races between ravb_tx_timeout_work() and net related ops
    - net: ravb: Check return value of reset_control_deassert()
    - net: ravb: Use pm_runtime_resume_and_get()
    - net: ravb: Make write access to CXR35 first before accessing other EMAC
      registers
    - net: ravb: Start TX queues after HW initialization succeeded
    - net: ravb: Stop DMA in case of failures on ravb_open()
    - net: ravb: Keep reverse order of operations in ravb_remove()
    - octeontx2-af: Initialize 'cntr_val' to fix uninitialized symbol error
    - spi: Fix null dereference on suspend
    - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily
    - iommu/vt-d: Omit devTLB invalidation requests when TES=0
    - iommu/vt-d: Disable PCI ATS in legacy passthrough mode
    - iommu/vt-d: Make context clearing consistent with context mapping
    - drm/amd/pm: fix a memleak in aldebaran_tables_init
    - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled
    - drm/amd/display: Fix MPCC 1DLUT programming
    - r8169: fix deadlock on RTL8125 in jumbo mtu mode
    - xen: simplify evtchn_do_upcall() call maze
    - x86/xen: fix percpu vcpu_info allocation
    - smb: client: fix missing mode bits for SMB symlinks
    - ksmbd: fix possible deadlock in smb2_open
    - drm/i915: Also check for VGA converter in eDP probe
    - net: libwx: fix memory leak on msix entry
    - drm/amdgpu: correct the amdgpu runtime dereference usage count
    - drm/amdgpu: fix memory overflow in the IB test
    - drm/amdgpu: Update EEPROM I2C address for smu v13_0_0
    - drm/amd/display: force toggle rate wa for first link training for a retimer
    - ACPI: video: Use acpi_video_device for cooling-dev driver data
    - iommu/vt-d: Fix incorrect cache invalidation for mm notification
    - io_uring: free io_buffer_list entries via RCU
    - io_uring: don't guard IORING_OFF_PBUF_RING with SETUP_NO_MMAP
    - iommu: Avoid more races around device probe
    - ext2: Fix ki_pos update for DIO buffered-io fallback case
    - btrfs: free the allocated memory if btrfs_alloc_page_array() fails
    - io_uring/kbuf: recycle freed mapped buffer ring entries
    - media: v4l2-subdev: Fix a 64bit bug
    - netdevsim: Don't accept device bound programs
    - net: rswitch: Fix type of ret in rswitch_start_xmit()
    - net: rswitch: Fix return value in rswitch_start_xmit()
    - net: rswitch: Fix missing dev_kfree_skb_any() in error path
    - wifi: iwlwifi: mvm: fix an error code in iwl_mvm_mld_add_sta()
    - wifi: mac80211: do not pass AP_VLAN vif pointer to drivers during flush
    - net: dsa: mv88e6xxx: fix marvell 6350 switch probing
    - dpaa2-eth: recycle the RX buffer only after all processing done
    - bpf: Add missed allocation hint for bpf_mem_cache_alloc_flags()
    - neighbour: Fix __randomize_layout crash in struct neighbour
    - efi/unaccepted: Fix off-by-one when checking for overlapping ranges
    - ethtool: don't propagate EOPNOTSUPP from dumps
    - bpf, sockmap: af_unix stream sockets need to hold ref for pair sock
    - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-
      IOV device
    - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
    - drm/amd/display: Refactor edp power control
    - drm/amd/display: Remove power sequencing check
    - drm/i915/gsc: Mark internal GSC engine with reserved uabi class
    - drm/panel: starry-2081101qfh032011-53g: Fine tune the panel power sequence
    - drm/panel: nt36523: fix return value check in nt36523_probe()
    - cpufreq/amd-pstate: Fix scaling_min_freq and scaling_max_freq update
    - cpufreq/amd-pstate: Only print supported EPP values for performance governor
    - iommu: Fix printk arg in of_iommu_get_resv_regions()
    - drm/amd/display: refactor ILR to make it work
    - drm/amd/display: Reduce default backlight min from 5 nits to 1 nits
    - Upstream stable to v6.1.66, v6.6.5

* Mantic update: upstream stable patchset 2024-01-25 (LP: #2051231)
    - afs: Fix afs_server_list to be cleaned up with RCU
    - afs: Make error on cell lookup failure consistent with OpenAFS
    - drm/panel: auo,b101uan08.3: Fine tune the panel power sequence
    - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
    - drm/panel: simple: Fix Innolux G101ICE-L01 timings
    - wireguard: use DEV_STATS_INC()
    - octeontx2-pf: Fix memory leak during interface down
    - ata: pata_isapnp: Add missing error check for devm_ioport_map()
    - drm/i915: do not clean GT table on error path
    - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
    - HID: fix HID device resource race between HID core and debugging support
    - ipv4: Correct/silence an endian warning in __ip_do_redirect
    - net: usb: ax88179_178a: fix failed operations during ax88179_reset
    - net/smc: avoid data corruption caused by decline
    - arm/xen: fix xen_vcpu_info allocation alignment
    - octeontx2-pf: Fix ntuple rule creation to direct packet to VF with higher Rx
      queue than its PF
    - amd-xgbe: handle corner-case during sfp hotplug
    - amd-xgbe: handle the corner-case during tx completion
    - amd-xgbe: propagate the correct speed and duplex status
    - net: axienet: Fix check for partial TX checksum
    - afs: Return ENOENT if no cell DNS record can be found
    - afs: Fix file locking on R/O volumes to operate in local mode
    - arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y
    - i40e: Fix adding unsupported cloud filters
    - nvmet: nul-terminate the NQNs passed in the connect command
    - USB: dwc3: qcom: fix resource leaks on probe deferral
    - USB: dwc3: qcom: fix ACPI platform device leak
    - lockdep: Fix block chain corruption
    - cifs: distribute channels across interfaces based on speed
    - cifs: account for primary channel in the interface list
    - cifs: fix leak of iface for primary channel
    - MIPS: KVM: Fix a build warning about variable set but not used
    - media: qcom: Initialise V4L2 async notifier later
    - media: qcom: camss: Fix V4L2 async notifier error path
    - media: qcom: camss: Fix genpd cleanup
    - NFSD: Fix "start of NFS reply" pointer passed to nfsd_cache_update()
    - NFSD: Fix checksum mismatches in the duplicate reply cache
    - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
    - swiotlb-xen: provide the "max_mapping_size" method
    - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
      btree_gc_coalesce()
    - md: fix bi_status reporting in md_end_clone_io
    - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race
    - io_uring/fs: consider link->flags when getting path for LINKAT
    - s390/dasd: protect device queue against concurrent access
    - USB: serial: option: add Luat Air72*U series products
    - hv_netvsc: fix race of netvsc and VF register_netdevice
    - hv_netvsc: Fix race of register_netdevice_notifier and VF register
    - hv_netvsc: Mark VF as slave before exposing it to user-mode
    - dm-delay: fix a race between delay_presuspend and delay_bio
    - bcache: check return value from btree_node_alloc_replacement()
    - bcache: prevent potential division by zero error
    - bcache: fixup init dirty data errors
    - bcache: fixup lock c->root error
    - usb: cdnsp: Fix deadlock issue during using NCM gadget
    - USB: serial: option: add Fibocom L7xx modules
    - USB: serial: option: fix FM101R-GL defines
    - USB: serial: option: don't claim interface 4 for ZTE MF290
    - usb: typec: tcpm: Skip hard reset when in error recovery
    - USB: dwc2: write HCINT with INTMASK applied
    - usb: dwc3: Fix default mode initialization
    - usb: dwc3: set the dma max_seg_size
    - USB: dwc3: qcom: fix software node leak on probe errors
    - USB: dwc3: qcom: fix wakeup after probe deferral
    - io_uring: fix off-by one bvec index
    - irqchip/gic-v3-its: Flush ITS tables correctly in non-coherent GIC designs
    - drm/msm/dsi: use the correct VREG_CTRL_1 value for 4nm cphy
    - s390/ism: ism driver implies smc protocol
    - rxrpc: Fix RTT determination to use any ACK as a source
    - rxrpc: Defer the response to a PING ACK until we've parsed it
    - blk-cgroup: avoid to warn !rcu_read_lock_held() in blkg_lookup()
    - fs: Pass AT_GETATTR_NOSEC flag to getattr interface function
    - net: wangxun: fix kernel panic due to null pointer
    - filemap: add a per-mapping stable writes flag
    - block: update the stable_writes flag in bdev_add
    - PM: tools: Fix sleepgraph syntax error
    - net, vrf: Move dstats structure to core
    - net: Move {l,t,d}stats allocation to core and convert veth & vrf
    - bpf: Fix dev's rx stats for bpf_redirect_peer traffic
    - drm/panel: boe-tv101wum-nl6: Fine tune Himax83102-j02 panel HFP and HBP
    - s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init()
    - net: veth: fix ethtool stats reporting
    - vsock/test: fix SEQPACKET message bounds test
    - net: ipa: fix one GSI register field width
    - nvme: blank out authentication fabrics options if not configured
    - mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl
    - prctl: Disable prctl(PR_SET_MDWE) on parisc
    - kselftest/arm64: Fix output formatting for za-fork
    - drm/msm/dpu: Add missing safe_lut_tbl in sc8280xp catalog
    - drm/ast: Disconnect BMC if physical connector is connected
    - thunderbolt: Set lane bonding bit only for downstream port
    - ACPI: video: Use acpi_device_fix_up_power_children()
    - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead()
    - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
    - ACPI: PM: Add acpi_device_fix_up_power_children() function
    - tls: fix NULL deref on tls_sw_splice_eof() with empty record
    - dt-bindings: usb: microchip,usb5744: Add second supply
    - usb: misc: onboard-hub: add support for Microchip USB5744
    - platform/x86/amd/pmc: adjust getting DRAM size behavior
    - ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus
    - ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks
    - veth: Use tstats per-CPU traffic counters
    - USB: xhci-plat: fix legacy PHY double init
    - usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
    - Upstream stable to v6.1.65, v6.6.4

* Mantic update: v6.5.13 upstream stable release (LP: #2051142)
    - locking/ww_mutex/test: Fix potential workqueue corruption
    - btrfs: abort transaction on generation mismatch when marking eb as dirty
    - lib/generic-radix-tree.c: Don't overflow in peek()
    - x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN
    - perf/core: Bail out early if the request AUX area is out of bound
    - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
    - selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
    - clocksource/drivers/timer-imx-gpt: Fix potential memory leak
    - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
    - srcu: Only accelerate on enqueue time
    - smp,csd: Throw an error if a CSD lock is stuck for too long
    - cpu/hotplug: Don't offline the last non-isolated CPU
    - workqueue: Provide one lock class key per work_on_cpu() callsite
    - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
    - wifi: plfxlc: fix clang-specific fortify warning
    - wifi: ath12k: Ignore fragments from uninitialized peer in dp
    - wifi: mac80211_hwsim: fix clang-specific fortify warning
    - wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
    - atl1c: Work around the DMA RX overflow issue
    - bpf: Detect IP == ksym.end as part of BPF program
    - wifi: ath9k: fix clang-specific fortify warnings
    - wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
    - wifi: ath10k: fix clang-specific fortify warning
    - wifi: ath12k: fix possible out-of-bound write in
      ath12k_wmi_ext_hal_reg_caps()
    - ACPI: APEI: Fix AER info corruption when error status data has multiple
      sections
    - net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
    - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
    - net: annotate data-races around sk->sk_tx_queue_mapping
    - net: annotate data-races around sk->sk_dst_pending_confirm
    - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register()
    - wifi: ath10k: Don't touch the CE interrupt registers after power up
    - net: sfp: add quirk for FS's 2.5G copper SFP
    - vsock: read from socket's error queue
    - bpf: Ensure proper register state printing for cond jumps
    - wifi: iwlwifi: mvm: fix size check for fw_link_id
    - Bluetooth: btusb: Add date->evt_skb is NULL check
    - Bluetooth: Fix double free in hci_conn_cleanup
    - ACPI: EC: Add quirk for HP 250 G7 Notebook PC
    - tsnep: Fix tsnep_request_irq() format-overflow warning
    - gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
    - platform/chrome: kunit: initialize lock for fake ec_dev
    - of: address: Fix address translation when address-size is greater than 2
    - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
    - drm/gma500: Fix call trace when psb_gem_mm_init() fails
    - drm/amdkfd: ratelimited SQ interrupt messages
    - drm/komeda: drop all currently held locks if deadlock happens
    - drm/amd/display: Blank phantom OTG before enabling
    - drm/amd/display: Don't lock phantom pipe on disabling
    - drm/amd/display: add seamless pipe topology transition check
    - drm/edid: Fixup h/vsync_end instead of h/vtotal
    - md: don't rely on 'mddev->pers' to be set in mddev_suspend()
    - drm/amdgpu: not to save bo in the case of RAS err_event_athub
    - drm/amdkfd: Fix a race condition of vram buffer unref in svm code
    - drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments
    - drm/amd/display: use full update for clip size increase of large plane
      source
    - string.h: add array-wrappers for (v)memdup_user()
    - kernel: kexec: copy user-array safely
    - kernel: watch_queue: copy user-array safely
    - drm_lease.c: copy user-array safely
    - drm: vmwgfx_surface.c: copy user-array safely
    - drm/msm/dp: skip validity check for DP CTS EDID checksum
    - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
    - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
    - drm/amdgpu: Fix potential null pointer derefernce
    - drm/panel: fix a possible null pointer dereference
    - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference
    - drm/radeon: fix a possible null pointer dereference
    - drm/amdgpu/vkms: fix a possible null pointer dereference
    - drm/panel: st7703: Pick different reset sequence
    - drm/amdkfd: Fix shift out-of-bounds issue
    - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
    - drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported
    - drm/amd/display: fix num_ways overflow error
    - drm/amd: check num of link levels when update pcie param
    - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size
    - selftests/efivarfs: create-read: fix a resource leak
    - ASoC: mediatek: mt8188-mt6359: support dynamic pinctrl
    - ASoC: soc-card: Add storage for PCI SSID
    - ASoC: SOF: Pass PCI SSID to machine driver
    - crypto: pcrypt - Fix hungtask for PADATA_RESET
    - ASoC: SOF: ipc4: handle EXCEPTION_CAUGHT notification from firmware
    - RDMA/hfi1: Use FIELD_GET() to extract Link Width
    - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
    - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
    - fs/jfs: Add check for negative db_l2nbperpage
    - fs/jfs: Add validity check for db_maxag and db_agpref
    - jfs: fix array-index-out-of-bounds in dbFindLeaf
    - jfs: fix array-index-out-of-bounds in diAlloc
    - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround
    - ARM: 9320/1: fix stack depot IRQ stack filter
    - ALSA: hda: Fix possible null-ptr-deref when assigning a stream
    - gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound
    - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields
    - PCI: mvebu: Use FIELD_PREP() with Link Width
    - atm: iphase: Do PCI error checks on own line
    - PCI: Do error check on own line to split long "if" conditions
    - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
    - PCI: Use FIELD_GET() to extract Link Width
    - PCI: Extract ATS disabling to a helper function
    - PCI: Disable ATS for specific Intel IPU E2000 devices
    - PCI: dwc: Add dw_pcie_link_set_max_link_width()
    - PCI: dwc: Add missing PCI_EXP_LNKCAP_MLW handling
    - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller
    - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
    - ASoC: Intel: soc-acpi-cht: Add Lenovo Yoga Tab 3 Pro YT3-X90 quirk
    - crypto: hisilicon/qm - prevent soft lockup in receive loop
    - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
    - exfat: support handle zero-size directory
    - mfd: intel-lpss: Add Intel Lunar Lake-M PCI IDs
    - iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()
    - thunderbolt: Apply USB 3.x bandwidth quirk only in software connection
      manager
    - tty: vcc: Add check for kstrdup() in vcc_probe()
    - dt-bindings: phy: qcom,snps-eusb2-repeater: Add magic tuning overrides
    - phy: qualcomm: phy-qcom-eusb2-repeater: Use regmap_fields
    - phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs
    - usb: dwc3: core: configure TX/RX threshold for DWC3_IP
    - usb: ucsi: glink: use the connector orientation GPIO to provide switch
      events
    - soundwire: dmi-quirks: update HP Omen match
    - f2fs: fix error path of __f2fs_build_free_nids
    - f2fs: fix error handling of __get_node_page
    - usb: host: xhci: Avoid XHCI resume delay if SSUSB device is not present
    - usb: gadget: f_ncm: Always set current gadget in ncm_bind()
    - 9p/trans_fd: Annotate data-racy writes to file::f_flags
    - 9p: v9fs_listxattr: fix %s null argument warning
    - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler
    - i2c: i801: Add support for Intel Birch Stream SoC
    - i2c: fix memleak in i2c_new_client_device()
    - i2c: sun6i-p2wi: Prevent potential division by zero
    - virtio-blk: fix implicit overflow on virtio_max_dma_size
    - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data.
    - media: gspca: cpia1: shift-out-of-bounds in set_flicker
    - media: vivid: avoid integer overflow
    - media: ipu-bridge: increase sensor_name size
    - gfs2: ignore negated quota changes
    - gfs2: fix an oops in gfs2_permission
    - media: cobalt: Use FIELD_GET() to extract Link Width
    - media: ccs: Fix driver quirk struct documentation
    - media: imon: fix access to invalid resource for the second interface
    - drm/amd/display: Avoid NULL dereference of timing generator
    - kgdb: Flush console before entering kgdb on panic
    - riscv: VMAP_STACK overflow detection thread-safe
    - i2c: dev: copy userspace array safely
    - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
    - drm/qxl: prevent memory leak
    - ALSA: hda/realtek: Add quirk for ASUS UX7602ZM
    - drm/amdgpu: fix software pci_unplug on some chips
    - pwm: Fix double shift bug
    - mtd: rawnand: tegra: add missing check for platform_get_irq()
    - wifi: iwlwifi: Use FW rate for non-data frames
    - sched/core: Optimize in_task() and in_interrupt() a bit
    - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests
    - samples/bpf: syscall_tp_user: Fix array out-of-bound access
    - dt-bindings: serial: fix regex pattern for matching serial node children
    - SUNRPC: ECONNRESET might require a rebind
    - mtd: rawnand: intel: check return value of devm_kasprintf()
    - mtd: rawnand: meson: check return value of devm_kasprintf()
    - drm/i915/mtl: avoid stringop-overflow warning
    - NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking
    - SUNRPC: Add an IS_ERR() check back to where it was
    - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
    - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
    - RISC-V: hwprobe: Fix vDSO SIGSEGV
    - riscv: provide riscv-specific is_trap_insn()
    - gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
    - drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init
    - vdpa_sim_blk: allocate the buffer zeroed
    - vhost-vdpa: fix use after free in vhost_vdpa_probe()
    - gcc-plugins: randstruct: Only warn about true flexible arrays
    - bpf: handle ldimm64 properly in check_cfg()
    - bpf: fix precision backtracking instruction iteration
    - net: set SOCK_RCU_FREE before inserting socket into hashtable
    - ipvlan: add ipvlan_route_v6_outbound() helper
    - tty: Fix uninit-value access in ppp_sync_receive()
    - xen/events: avoid using info_for_irq() in xen_send_IPI_one()
    - net: hns3: fix add VLAN fail issue
    - net: hns3: add barrier in vf mailbox reply process
    - net: hns3: fix incorrect capability bit display for copper port
    - net: hns3: fix out-of-bounds access may occur when coalesce info is read via
      debugfs
    - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr()
    - net: hns3: fix VF reset fail issue
    - net: hns3: fix VF wrong speed and duplex issue
    - tipc: Fix kernel-infoleak due to uninitialized TLV value
    - net: mvneta: fix calls to page_pool_get_stats
    - ppp: limit MRU to 64K
    - xen/events: fix delayed eoi list handling
    - blk-mq: make sure active queue usage is held for bio_integrity_prep()
    - ptp: annotate data-race around q->head and q->tail
    - bonding: stop the device in bond_setup_by_slave()
    - net: ethernet: cortina: Fix max RX frame define
    - net: ethernet: cortina: Handle large frames
    - net: ethernet: cortina: Fix MTU max setting
    - af_unix: fix use-after-free in unix_stream_read_actor()
    - netfilter: nf_conntrack_bridge: initialize err to 0
    - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
    - netfilter: nf_tables: bogus ENOENT when destroying element which does not
      exist
    - net: stmmac: fix rx budget limit check
    - net: stmmac: avoid rx queue overrun
    - pds_core: use correct index to mask irq
    - pds_core: fix up some format-truncation complaints
    - gve: Fixes for napi_poll when budget is 0
    - io_uring/fdinfo: remove need for sqpoll lock for thread/pid retrieval
    - net/mlx5: Decouple PHC .adjtime and .adjphase implementations
    - net/mlx5e: fix double free of encap_header
    - net/mlx5e: fix double free of encap_header in update funcs
    - net/mlx5e: Fix pedit endianness
    - net/mlx5: Consolidate devlink documentation in devlink/mlx5.rst
    - net/mlx5e: Make tx_port_ts logic resilient to out-of-order CQEs
    - net/mlx5e: Add recovery flow for tx devlink health reporter for unhealthy
      PTP SQ
    - net/mlx5e: Update doorbell for port timestamping CQ before the software
      counter
    - net/mlx5: Increase size of irq name buffer
    - net/mlx5e: Reduce the size of icosq_str
    - net/mlx5e: Check return value of snprintf writing to fw_version buffer
    - net/mlx5e: Check return value of snprintf writing to fw_version buffer for
      representors
    - net: sched: do not offload flows with a helper in act_ct
    - macvlan: Don't propagate promisc change to lower dev in passthru
    - tools/power/turbostat: Fix a knl bug
    - tools/power/turbostat: Enable the C-state Pre-wake printing
    - scsi: ufs: core: Expand MCQ queue slot to DeviceQueueDepth + 1
    - cifs: spnego: add ';' in HOST_KEY_LEN
    - cifs: fix check of rc in function generate_smb3signingkey
    - perf/core: Fix cpuctx refcounting
    - i915/perf: Fix NULL deref bugs with drm_dbg() calls
    - perf: arm_cspmu: Reject events meant for other PMUs
    - drivers: perf: Check find_first_bit() return value
    - media: venus: hfi: add checks to perform sanity on queue pointers
    - perf intel-pt: Fix async branch flags
    - powerpc/perf: Fix disabling BHRB and instruction sampling
    - randstruct: Fix gcc-plugin performance mode to stay in group
    - bpf: Fix check_stack_write_fixed_off() to correctly spill imm
    - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
    - scsi: mpt3sas: Fix loop logic
    - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for
      selected registers
    - scsi: ufs: qcom: Update PHY settings only when scaling to higher gears
    - scsi: qla2xxx: Fix system crash due to bad pointer access
    - scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR
    - crypto: x86/sha - load modules based on CPU features
    - x86/PCI: Avoid PME from D3hot/D3cold for AMD Rembrandt and Phoenix USB4
    - x86/apic/msi: Fix misconfigured non-maskable MSI quirk
    - x86/cpu/hygon: Fix the CPU topology evaluation for real
    - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space
    - KVM: x86: Ignore MSR_AMD64_TW_CFG access
    - KVM: x86: Clear bit12 of ICR after APIC-write VM-exit
    - KVM: x86: Fix lapic timer interrupt lost after loading a snapshot.
    - mmc: sdhci-pci-gli: GL9755: Mask the replay timer timeout of AER
    - sched: psi: fix unprivileged polling against cgroups
    - audit: don't take task_lock() in audit_exe_compare() code path
    - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
    - proc: sysctl: prevent aliased sysctls from getting passed to init
    - tty/sysrq: replace smp_processor_id() with get_cpu()
    - tty: serial: meson: fix hard LOCKUP on crtscts mode
    - hvc/xen: fix console unplug
    - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
    - hvc/xen: fix event channel handling for secondary consoles
    - PCI/sysfs: Protect driver's D3cold preference from user space
    - mm/damon/sysfs: remove requested targets when online-commit inputs
    - mm/damon/sysfs: update monitoring target regions for online input commit
    - watchdog: move softlockup_panic back to early_param
    - iommufd: Fix missing update of domains_itree after splitting iopt_area
    - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
    - dm crypt: account large pages in cc->n_allocated_pages
    - mm/damon/lru_sort: avoid divide-by-zero in hot threshold calculation
    - mm/damon/ops-common: avoid divide-by-zero during region hotness calculation
    - mm/damon: implement a function for max nr_accesses safe calculation
    - mm/damon/core: avoid divide-by-zero during monitoring results update
    - mm/damon/sysfs-schemes: handle tried region directory allocation failure
    - mm/damon/sysfs-schemes: handle tried regions sysfs directory allocation
      failure
    - mm/damon/sysfs: check error from damon_sysfs_update_target()
    - parisc: Add nop instructions after TLB inserts
    - ACPI: resource: Do IRQ override on TongFang GMxXGxx
    - regmap: Ensure range selector registers are updated after cache sync
    - wifi: ath11k: fix temperature event locking
    - wifi: ath11k: fix dfs radar event locking
    - wifi: ath11k: fix htt pktlog locking
    - wifi: ath11k: fix gtk offload status event locking
    - wifi: ath12k: fix htt mlo-offset event locking
    - wifi: ath12k: fix dfs-radar and temperature event locking
    - mmc: meson-gx: Remove setting of CMD_CFG_ERROR
    - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
    - sched/core: Fix RQCF_ACT_SKIP leak
    - KEYS: trusted: tee: Refactor register SHM usage
    - KEYS: trusted: Rollback init_trusted() consistently
    - PCI: keystone: Don't discard .remove() callback
    - PCI: keystone: Don't discard .probe() callback
    - arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer
    - arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n
    - parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table
    - parisc/pdc: Add width field to struct pdc_model
    - parisc/power: Add power soft-off when running on qemu
    - cpufreq: stats: Fix buffer overflow detection in trans_stats()
    - powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug()
    - clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data
    - clk: visconti: Fix undefined behavior bug in struct visconti_pll_provider
    - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks
    - ksmbd: fix recursive locking in vfs helpers
    - ksmbd: handle malformed smb1 message
    - ksmbd: fix slab out of bounds write in smb_inherit_dacl()
    - mmc: vub300: fix an error code
    - mmc: sdhci_am654: fix start loop index for TAP value parsing
    - mmc: Add quirk MMC_QUIRK_BROKEN_CACHE_FLUSH for Micron eMMC Q2J54A
    - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
    - PCI: kirin: Don't discard .remove() callback
    - PCI: exynos: Don't discard .remove() callback
    - wifi: wilc1000: use vmm_table as array in wilc struct
    - svcrdma: Drop connection after an RDMA Read error
    - rcu/tree: Defer setting of jiffies during stall reset
    - arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM
    - dt-bindings: timer: renesas,rz-mtu3: Fix overflow/underflow interrupt names
    - PM: hibernate: Use __get_safe_page() rather than touching the list
    - PM: hibernate: Clean up sync_read handling in snapshot_write_next()
    - rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects
    - btrfs: don't arbitrarily slow down delalloc if we're committing
    - thermal: intel: powerclamp: fix mismatch in get function for max_idle
    - arm64: dts: qcom: ipq5332: Fix hwlock index for SMEM
    - arm64: dts: qcom: ipq8074: Fix hwlock index for SMEM
    - firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit
    - ACPI: FPDT: properly handle invalid FPDT subtables
    - arm64: dts: qcom: ipq9574: Fix hwlock index for SMEM
    - arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size
    - leds: trigger: netdev: Move size check in set_device_name
    - mfd: qcom-spmi-pmic: Fix reference leaks in revid helper
    - mfd: qcom-spmi-pmic: Fix revid implementation
    - ima: annotate iint mutex to avoid lockdep false positive warnings
    - ima: detect changes to the backing overlay file
    - netfilter: nf_tables: split async and sync catchall in two functions
    - ASoC: soc-dai: add flag to mute and unmute stream during trigger
    - ASoC: codecs: wsa883x: make use of new mute_unmute_on_trigger flag
    - selftests/resctrl: Fix uninitialized .sa_flags
    - selftests/resctrl: Remove duplicate feature check from CMT test
    - selftests/resctrl: Move _GNU_SOURCE define into Makefile
    - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests
    - hid: lenovo: Resend all settings on reset_resume for compact keyboards
    - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix
    - jbd2: fix potential data lost in recovering journal raced with synchronizing
      fs bdev
    - quota: explicitly forbid quota files from being encrypted
    - kernel/reboot: emergency_restart: Set correct system_state
    - i2c: core: Run atomic i2c xfer when !preemptible
    - selftests/clone3: Fix broken test under !CONFIG_TIME_NS
    - tracing: Have the user copy of synthetic event address use correct context
    - driver core: Release all resources during unbind before updating device
      links
    - mcb: fix error handling for different scenarios when parsing
    - dmaengine: stm32-mdma: correct desc prep when channel running
    - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc()
    - s390/cmma: fix detection of DAT pages
    - mm/cma: use nth_page() in place of direct struct page manipulation
    - mm/memory_hotplug: use pfn math in place of direct struct page manipulation
    - mm: make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long
    - mtd: cfi_cmdset_0001: Byte swap OTP info
    - cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails
    - i3c: master: cdns: Fix reading status register
    - i3c: master: svc: fix race condition in ibi work thread
    - i3c: master: svc: fix wrong data return when IBI happen during start frame
    - i3c: master: svc: fix ibi may not return mandatory data byte
    - i3c: master: svc: fix check wrong status register in irq handler
    - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen
    - i3c: master: svc: fix random hot join failure since timeout error
    - cxl/region: Fix x1 root-decoder granularity calculations
    - cxl/port: Fix delete_endpoint() vs parent unregistration race
    - pmdomain: bcm: bcm2835-power: check if the ASB register is equal to enable
    - pmdomain: amlogic: Fix mask for the second NNA mem PD domain
    - pmdomain: imx: Make imx pgc power domain also set the fwnode
    - PCI: qcom-ep: Add dedicated callback for writing to DBI2 registers
    - PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card
    - torture: Add a kthread-creation callback to _torture_create_kthread()
    - torture: Add lock_torture writer_fifo module parameter
    - torture: Make torture_hrtimeout_*() use TASK_IDLE
    - torture: Move stutter_wait() timeouts to hrtimers
    - torture: Make torture_hrtimeout_ns() take an hrtimer mode parameter
    - rcutorture: Fix stuttering races and other issues
    - mm/hugetlb: prepare hugetlb_follow_page_mask() for FOLL_PIN
    - mm/hugetlb: use nth_page() in place of direct struct page manipulation
    - parisc: Prevent booting 64-bit kernels on PA1.x machines
    - parisc/pgtable: Do not drop upper 5 address bits of physical address
    - parisc/power: Fix power soft-off when running on qemu
    - xhci: Enable RPM on controllers that support low-power states
    - fs: add ctime accessors infrastructure
    - smb3: fix creating FIFOs when mounting with "sfu" mount option
    - smb3: fix touch -h of symlink
    - smb3: allow dumping session and tcon id to improve stats analysis and
      debugging
    - smb3: fix caching of ctime on setxattr
    - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
    - smb: client: fix use-after-free in smb2_query_info_compound()
    - smb: client: fix potential deadlock when releasing mids
    - cifs: reconnect helper should set reconnect for the right channel
    - cifs: force interface update before a fresh session setup
    - cifs: do not reset chan_max if multichannel is not supported at mount
    - cifs: Fix encryption of cleared, but unset rq_iter data buffers
    - xfs: recovery should not clear di_flushiter unconditionally
    - btrfs: zoned: wait for data BG to be finished on direct IO allocation
    - ALSA: info: Fix potential deadlock at disconnection
    - ALSA: hda/realtek: Enable Mute LED on HP 255 G8
    - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
    - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
    - ALSA: hda/realtek: Enable Mute LED on HP 255 G10
    - ALSA: hda/realtek: Add quirks for HP Laptops
    - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller
    - Revert "i2c: pxa: move to generic GPIO recovery"
    - lsm: fix default return value for vm_enough_memory
    - lsm: fix default return value for inode_getsecctx
    - sbsa_gwdt: Calculate timeout with 64-bit math
    - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
    - s390/ap: fix AP bus crash on early config change callback invocation
    - net: ethtool: Fix documentation of ethtool_sprintf()
    - net: dsa: lan9303: consequently nested-lock physical MDIO
    - net: phylink: initialize carrier state at creation
    - gfs2: don't withdraw if init_threads() got interrupted
    - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
    - f2fs: do not return EFSCORRUPTED, but try to run online repair
    - f2fs: set the default compress_level on ioctl
    - f2fs: avoid format-overflow warning
    - f2fs: split initial and dynamic conditions for extent_cache
    - media: lirc: drop trailing space from scancode transmit
    - media: sharp: fix sharp encoding
    - media: venus: hfi_parser: Add check to keep the number of codecs within
      range
    - media: venus: hfi: fix the check to handle session buffer requirement
    - media: venus: hfi: add checks to handle capabilities from firmware
    - media: ccs: Correctly initialise try compose rectangle
    - drm/mediatek/dp: fix memory leak on ->get_edid callback audio detection
    - drm/mediatek/dp: fix memory leak on ->get_edid callback error path
    - dm-bufio: fix no-sleep mode
    - dm-verity: don't use blocking calls from tasklets
    - nfsd: fix file memleak on client_opens_release
    - NFSD: Update nfsd_cache_append() to use xdr_stream
    - LoongArch: Mark __percpu functions as always inline
    - riscv: Using TOOLCHAIN_HAS_ZIHINTPAUSE marco replace zihintpause
    - riscv: put interrupt entries into .irqentry.text
    - riscv: mm: Update the comment of CONFIG_PAGE_OFFSET
    - riscv: correct pt_level name via pgtable_l5/4_enabled
    - riscv: kprobes: allow writing to x0
    - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2
    - mm: fix for negative counter: nr_file_hugepages
    - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
    - mptcp: deal with large GSO size
    - mptcp: add validity check for sending RM_ADDR
    - mptcp: fix setsockopt(IP_TOS) subflow locking
    - selftests: mptcp: fix fastclose with csum failure
    - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER
    - media: qcom: camss: Fix pm_domain_on sequence in probe
    - media: qcom: camss: Fix vfe_get() error jump
    - media: qcom: camss: Fix VFE-17x vfe_disable_output()
    - media: qcom: camss: Fix VFE-480 vfe_disable_output()
    - media: qcom: camss: Fix missing vfe_lite clocks check
    - media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3
    - media: qcom: camss: Fix invalid clock enable bit disjunction
    - media: qcom: camss: Fix csid-gen2 for test pattern generator
    - ext4: fix race between writepages and remount
    - ext4: make sure allocate pending entry not fail
    - ext4: apply umask if ACL support is disabled
    - ext4: correct offset of gdb backup in non meta_bg group to update_backups
    - ext4: mark buffer new if it is unwritten to avoid stale data exposure
    - ext4: correct return value of ext4_convert_meta_bg
    - ext4: correct the start block of counting reserved clusters
    - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
    - ext4: add missed brelse in update_backups
    - ext4: properly sync file size update after O_SYNC direct IO
    - ext4: fix racy may inline data check in dio write
    - drm/amd/pm: Handle non-terminated overdrive commands.
    - drm: bridge: it66121: ->get_edid callback must not return err pointers
    - drm/i915/mtl: Support HBR3 rate with C10 phy and eDP in MTL
    - drm/i915: Bump GLK CDCLK frequency when driving multiple pipes
    - drm/i915: Fix potential spectre vulnerability
    - drm/i915: Flush WC GGTT only on required platforms
    - drm/amdgpu/smu13: drop compute workload workaround
    - drm/amdgpu: don't use pci_is_thunderbolt_attached()
    - drm/amdgpu: fix GRBM read timeout when do mes_self_test
    - drm/amdgpu: add a retry for IP discovery init
    - drm/amdgpu: don't use ATRM for external devices
    - drm/amdgpu: fix error handling in amdgpu_vm_init
    - drm/amdgpu: fix error handling in amdgpu_bo_list_get()
    - drm/amdgpu: lower CS errors to debug severity
    - drm/amdgpu: Fix possible null pointer dereference
    - drm/amd/display: Guard against invalid RPTR/WPTR being set
    - drm/amd/display: Fix DSC not Enabled on Direct MST Sink
    - drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()
    - drm/amd/display: Enable fast plane updates on DCN3.2 and above
    - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox
    - powerpc/powernv: Fix fortify source warnings in opal-prd.c
    - tracing: Have trace_event_file have ref counters
    - net/mlx5e: Avoid referencing skb after free-ing in drop path of
      mlx5e_sq_xmit_wqe
    - net/mlx5e: Track xmit submission to PTP WQ after populating metadata map
    - Linux 6.5.13

* Mantic update: v6.5.12 upstream stable release (LP: #2051129)
    - hwmon: (nct6775) Fix incorrect variable reuse in fan_div calculation
    - numa: Generalize numa_map_to_online_node()
    - sched/topology: Fix sched_numa_find_nth_cpu() in CPU-less case
    - sched/topology: Fix sched_numa_find_nth_cpu() in non-NUMA case
    - sched/fair: Fix cfs_rq_is_decayed() on !SMP
    - iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user()
    - sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
    - sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0
    - objtool: Propagate early errors
    - sched: Fix stop_one_cpu_nowait() vs hotplug
    - nfsd: Handle EOPENSTALE correctly in the filecache
    - vfs: fix readahead(2) on block devices
    - writeback, cgroup: switch inodes with dirty timestamps to release dying
      cgwbs
    - x86/srso: Fix SBPB enablement for (possible) future fixed HW
    - x86/srso: Print mitigation for retbleed IBPB case
    - x86/srso: Fix vulnerability reporting for missing microcode
    - x86/srso: Fix unret validation dependencies
    - futex: Don't include process MM in futex key on no-MMU
    - x86/numa: Introduce numa_fill_memblks()
    - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window
    - x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot
    - x86/boot: Fix incorrect startup_gdt_descr.size
    - cpu/hotplug: Remove dependancy against cpu_primary_thread_mask
    - cpu/SMT: Create topology_smt_thread_allowed()
    - cpu/SMT: Make SMT control more robust against enumeration failures
    - x86/apic: Fake primary thread mask for XEN/PV
    - srcu: Fix callbacks acceleration mishandling
    - drivers/clocksource/timer-ti-dm: Don't call clk_get_rate() in stop function
    - x86/nmi: Fix out-of-order NMI nesting checks & false positive warning
    - pstore/platform: Add check for kstrdup
    - perf: Optimize perf_cgroup_switch()
    - selftests/x86/lam: Zero out buffer for readlink()
    - PCI/MSI: Provide stubs for IMS functions
    - string: Adjust strtomem() logic to allow for smaller sources
    - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated()
    - irqchip/sifive-plic: Fix syscore registration for multi-socket systems
    - wifi: ath12k: fix undefined behavior with __fls in dp
    - wifi: cfg80211: add flush functions for wiphy work
    - wifi: mac80211: move radar detect work to wiphy work
    - wifi: mac80211: move scan work to wiphy work
    - wifi: mac80211: move offchannel works to wiphy work
    - wifi: mac80211: move sched-scan stop work to wiphy work
    - wifi: mac80211: fix RCU usage warning in mesh fast-xmit
    - wifi: cfg80211: fix off-by-one in element defrag
    - wifi: mac80211: fix # of MSDU in A-MSDU calculation
    - wifi: iwlwifi: honor the enable_ini value
    - wifi: iwlwifi: don't use an uninitialized variable
    - i40e: fix potential memory leaks in i40e_remove()
    - iavf: Fix promiscuous mode configuration flow messages
    - selftests/bpf: Correct map_fd to data_fd in tailcalls
    - bpf, x86: save/restore regs with BPF_DW size
    - bpf, x86: allow function arguments up to 12 for TRACING
    - bpf, x64: Fix tailcall infinite loop
    - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush()
    - udp: introduce udp->udp_flags
    - udp: move udp->no_check6_tx to udp->udp_flags
    - udp: move udp->no_check6_rx to udp->udp_flags
    - udp: move udp->gro_enabled to udp->udp_flags
    - udp: add missing WRITE_ONCE() around up->encap_rcv
    - udp: move udp->accept_udp_{l4|fraglist} to udp->udp_flags
    - udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO
    - udp: annotate data-races around udp->encap_type
    - udplite: remove UDPLITE_BIT
    - udplite: fix various data-races
    - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not
      available
    - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed
    - bpf: Fix kfunc callback register type handling
    - gve: Use size_add() in call to struct_size()
    - mlxsw: Use size_mul() in call to struct_size()
    - tls: Use size_add() in call to struct_size()
    - tipc: Use size_add() in calls to struct_size()
    - net: spider_net: Use size_add() in call to struct_size()
    - net: ethernet: mtk_wed: fix EXT_INT_STATUS_RX_FBUF definitions for MT7986
      SoC
    - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
    - wifi: ath12k: fix DMA unmap warning on NULL DMA address
    - wifi: ath11k: fix boot failure with one MSI vector
    - wifi: mac80211: fix check for unusable RX result
    - PM: sleep: Fix symbol export for _SIMPLE_ variants of _PM_OPS()
    - cpufreq: tegra194: fix warning due to missing opp_put
    - wifi: mt76: mt7603: rework/fix rx pse hang check
    - wifi: mt76: mt7603: improve watchdog reset reliablity
    - wifi: mt76: mt7603: improve stuck beacon handling
    - wifi: mt76: connac: move connac3 definitions in mt76_connac3_mac.h
    - wifi: mt76: remove unused error path in mt76_connac_tx_complete_skb
    - wifi: mt76: mt7996: set correct wcid in txp
    - wifi: mt76: mt7996: fix beamform mcu cmd configuration
    - wifi: mt76: mt7996: fix beamformee ss subfield in EHT PHY cap
    - wifi: mt76: mt7996: fix wmm queue mapping
    - wifi: mt76: mt7996: fix rx rate report for CBW320-2
    - wifi: mt76: mt7996: fix TWT command format
    - wifi: mt76: update beacon size limitation
    - wifi: mt76: fix potential memory leak of beacon commands
    - wifi: mt76: get rid of false alamrs of tx emission issues
    - wifi: mt76: fix per-band IEEE80211_CONF_MONITOR flag comparison
    - wifi: mt76: mt7915: fix beamforming availability check
    - wifi: ath: dfs_pattern_detector: Fix a memory initialization issue
    - tcp_metrics: add missing barriers on delete
    - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
    - tcp_metrics: do not create an entry from tcp_init_metrics()
    - wifi: rtlwifi: fix EDCA limit set by BT coexistence
    - ACPI: property: Allow _DSD buffer data only for byte accessors
    - ACPI: video: Add acpi_backlight=vendor quirk for Toshiba Portégé R100
    - can: etas_es58x: rework the version check logic to silence -Wformat-
      truncation
    - can: etas_es58x: add missing a blank line after declaration
    - wifi: ath11k: fix Tx power value during active CAC
    - can: dev: can_restart(): don't crash kernel if carrier is OK
    - can: dev: can_restart(): fix race condition between controller restart and
      netif_carrier_on()
    - can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is
      accessed out of bounds
    - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
    - wifi: wfx: fix case where rates are out of order
    - netfilter: nf_tables: Drop pointless memset when dumping rules
    - wifi: rtw88: Remove duplicate NULL check before calling usb_kill/free_urb()
    - thermal: core: prevent potential string overflow
    - r8169: fix rare issue with broken rx after link-down on RTL8125
    - thermal/drivers/mediatek: Fix probe for THERMAL_V2
    - bpf: Fix missed rcu read lock in bpf_task_under_cgroup()
    - selftests: netfilter: test for sctp collision processing in nf_conntrack
    - net: skb_find_text: Ignore patterns extending past 'to'
    - thermal: core: Don't update trip points inside the hysteresis range
    - chtls: fix tp->rcv_tstamp initialization
    - tcp: fix cookie_init_timestamp() overflows
    - wifi: iwlwifi: mvm: update station's MFP flag after association
    - wifi: iwlwifi: mvm: fix removing pasn station for responder
    - wifi: iwlwifi: mvm: use correct sta ID for IGTK/BIGTK
    - wifi: mac80211: don't recreate driver link debugfs in reconfig
    - wifi: mac80211: Fix setting vif links
    - wifi: iwlwifi: yoyo: swap cdb and jacket bits values
    - wifi: iwlwifi: mvm: Correctly set link configuration
    - wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface
    - wifi: iwlwifi: mvm: Don't always bind/link the P2P Device interface
    - wifi: iwlwifi: mvm: change iwl_mvm_flush_sta() API
    - wifi: iwlwifi: mvm: fix iwl_mvm_mac_flush_sta()
    - wifi: iwlwifi: mvm: remove TDLS stations from FW
    - wifi: iwlwifi: increase number of RX buffers for EHT devices
    - wifi: iwlwifi: mvm: fix netif csum flags
    - wifi: iwlwifi: pcie: synchronize IRQs before NAPI
    - wifi: iwlwifi: mvm: update IGTK in mvmvif upon D3 resume
    - wifi: iwlwifi: empty overflow queue during flush
    - Bluetooth: ISO: Use defer setup to separate PA sync and BIG sync
    - Bluetooth: ISO: Pass BIG encryption info through QoS
    - Bluetooth: Make handle of hci_conn be unique
    - Bluetooth: hci_sync: Fix Opcode prints in bt_dev_dbg/err
    - bpf: Fix unnecessary -EBUSY from htab_lock_bucket
    - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
    - mptcp: properly account fastopen data
    - ipv6: avoid atomic fragment on GSO packets
    - virtio_net: use u64_stats_t infra to avoid data-races
    - net: add DEV_STATS_READ() helper
    - ipvlan: properly track tx_errors
    - regmap: debugfs: Fix a erroneous check after snprintf()
    - spi: tegra: Fix missing IRQ check in tegra_slink_probe()
    - clk: qcom: ipq5332: Drop set rate parent from gpll0 dependent clocks
    - clk: qcom: gcc-msm8996: Remove RPM bus clocks
    - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
    - clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks
    - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC
    - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src
    - regulator: mt6358: Fail probe on unknown chip ID
    - clk: imx: Select MXC_CLK for CLK_IMX8QXP
    - clk: imx: imx8mq: correct error handling path
    - clk: imx: imx8qxp: Fix elcdif_pll clock
    - clk: renesas: rcar-gen3: Extend SDnH divider table
    - clk: renesas: rzg2l: Wait for status bit of SD mux before continuing
    - clk: renesas: rzg2l: Lock around writes to mux register
    - clk: renesas: rzg2l: Trust value returned by hardware
    - clk: renesas: rzg2l: Use FIELD_GET() for PLL register fields
    - clk: renesas: rzg2l: Fix computation formula
    - clk: linux/clk-provider.h: fix kernel-doc warnings and typos
    - spi: nxp-fspi: use the correct ioremap function
    - clk: ralink: mtmips: quiet unused variable warning
    - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
    - clk: ti: fix double free in of_ti_divider_clk_setup()
    - clk: npcm7xx: Fix incorrect kfree
    - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
    - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
    - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
    - clk: qcom: clk-alpha-pll: introduce stromer plus ops
    - clk: qcom: apss-ipq-pll: Use stromer plus ops for stromer plus pll
    - clk: qcom: apss-ipq-pll: Fix 'l' value for ipq5332_pll_config
    - clk: qcom: ipq9574: drop the CLK_SET_RATE_PARENT flag from GPLL clocks
    - clk: qcom: ipq5332: drop the CLK_SET_RATE_PARENT flag from GPLL clocks
    - clk: mediatek: fix double free in mtk_clk_register_pllfh()
    - platform/x86: wmi: Fix probe failure when failing to register WMI devices
    - platform/x86: wmi: Fix opening of char device
    - regulator: qcom-rpmh: Fix smps4 regulator for pm8550ve
    - hwmon: (axi-fan-control) Fix possible NULL pointer dereference
    - hwmon: (coretemp) Fix potentially truncated sysfs attribute name
    - Revert "hwmon: (sch56xx-common) Add DMI override table"
    - Revert "hwmon: (sch56xx-common) Add automatic module loading on supported
      devices"
    - hwmon: (sch5627) Use bit macros when accessing the control register
    - hwmon: (sch5627) Disallow write access if virtual registers are locked
    - hte: tegra: Fix missing error code in tegra_hte_test_probe()
    - platform/chrome: cros_ec_lpc: Separate host command and irq disable
    - spi: omap2-mcspi: remove redundant dev_err_probe()
    - spi: omap2-mcspi: switch to use modern name
    - spi: omap2-mcspi: Fix hardcoded reference clock
    - drm: bridge: samsung-dsim: Initialize ULPS EXIT for i.MX8M DSIM
    - drm: bridge: for GENERIC_PHY_MIPI_DPHY also select GENERIC_PHY
    - drm: bridge: samsung-dsim: Fix waiting for empty cmd transfer FIFO on older
      Exynos
    - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
    - drm/rockchip: vop: Fix call to crtc reset helper
    - drm/rockchip: vop2: Don't crash for invalid duplicate_state
    - drm/rockchip: vop2: Add missing call to crtc reset helper
    - drm/radeon: possible buffer overflow
    - drm: bridge: it66121: Fix invalid connector dereference
    - drm/bridge: lt8912b: Fix bridge_detach
    - drm/bridge: lt8912b: Fix crash on bridge detach
    - drm/bridge: lt8912b: Manually disable HPD only if it was enabled
    - drm/bridge: lt8912b: Add missing drm_bridge_attach call
    - drm/mediatek: Fix coverity issue with unintentional integer overflow
    - x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro
    - drm/bridge: tc358768: Fix use of uninitialized variable
    - drm/bridge: tc358768: Fix bit updates
    - drm/bridge: tc358768: Use struct videomode
    - drm/bridge: tc358768: Print logical values, not raw register values
    - drm/bridge: tc358768: Use dev for dbg prints, not priv->dev
    - drm/bridge: tc358768: Rename dsibclk to hsbyteclk
    - drm/bridge: tc358768: Clean up clock period code
    - drm/bridge: tc358768: Fix tc358768_ns_to_cnt()
    - drm/aspeed: Convert to platform remove callback returning void
    - drm/stm: Convert to platform remove callback returning void
    - drm/tve200: Convert to platform remove callback returning void
    - drm: Call drm_atomic_helper_shutdown() at shutdown/remove time for misc
      drivers
    - drm/amdgpu: Increase IH soft ring size for GFX v9.4.3 dGPU
    - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code
    - drm/amdkfd: retry after EBUSY is returned from hmm_ranges_get_pages
    - drm/amdkfd: Remove svm range validated_once flag
    - drm/amdkfd: Handle errors from svm validate and map
    - drm/amd/display: Fix null pointer dereference in error message
    - drm/amd/display: Check all enabled planes in dm_check_crtc_cursor
    - drm/amd/display: Refactor dm_get_plane_scale helper
    - drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change
    - io_uring/kbuf: Fix check of BID wrapping in provided buffers
    - io_uring/kbuf: Allow the full buffer id space for provided buffers
    - drm/mediatek: Add mmsys_dev_num to mt8188 vdosys0 driver data
    - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state
    - drm/mediatek: Fix iommu fault during crtc enabling
    - accel/habanalabs/gaudi2: Fix incorrect string length computation in
      gaudi2_psoc_razwi_get_engines()
    - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
    - gpu: host1x: Correct allocated size for contexts
    - drm/bridge: lt9611uxc: fix the race in the error path
    - arm64/arm: xen: enlighten: Fix KPTI checks
    - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
    - xenbus: fix error exit in xenbus_init()
    - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
    - drm/msm/dsi: use msm_gem_kernel_put to free TX buffer
    - drm/msm/dsi: free TX buffer in unbind
    - clocksource/drivers/arm_arch_timer: limit XGene-1 workaround
    - drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling
    - drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for
      hisi_hns3_pmu uninit process
    - drm/amd/pm: Fix a memory leak on an error path
    - perf/arm-cmn: Fix DTC domain detection
    - drivers/perf: hisi_pcie: Check the type first in pmu::event_init()
    - perf: hisi: Fix use-after-free when register pmu fails
    - ARM: dts: renesas: blanche: Fix typo in GP_11_2 pin name
    - arm64: dts: qcom: sdm845: Fix PSCI power domain names
    - arm64: dts: qcom: sdm845: cheza doesn't support LMh node
    - arm64: dts: qcom: sc7280: link usb3_phy_wrapper_gcc_usb30_pipe_clk
    - arm64: dts: qcom: msm8916: Fix iommu local address range
    - arm64: dts: qcom: msm8992-libra: drop duplicated reserved memory
    - arm64: dts: qcom: sm6125: Pad APPS IOMMU address to 8 characters
    - arm64: dts: qcom: sc7280: Add missing LMH interrupts
    - arm64: dts: qcom: qrb2210-rb1: Swap UART index
    - arm64: dts: qcom: sc7280: drop incorrect EUD port on SoC side
    - arm64: dts: qcom: sm8150: add ref clock to PCIe PHYs
    - arm64: dts: qcom: sm8350: fix pinctrl for UART18
    - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration
    - ARM64: dts: marvell: cn9310: Use appropriate label for spi1 pins
    - arm64: dts: qcom: msm8976: Fix ipc bit shifts
    - arm64: dts: qcom: msm8939: Fix iommu local address range
    - riscv: dts: allwinner: remove address-cells from intc node
    - arm64: dts: qcom: apq8016-sbc: Add missing ADV7533 regulators
    - ARM: dts: qcom: apq8026-samsung-matisse-wifi: Fix inverted hall sensor
    - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
    - soc: qcom: llcc: Handle a second device without data corruption
    - kunit: Fix missed memory release in kunit_free_suite_set()
    - firmware: ti_sci: Mark driver as non removable
    - arm64: dts: ti: k3-am625-beagleplay: Fix typo in ramoops reg
    - arm64: dts: ti: k3-am62a7-sk: Drop i2c-1 to 100Khz
    - firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device
    - firmware: arm_ffa: Allow the FF-A drivers to use 32bit mode of messaging
    - ARM: dts: am3517-evm: Fix LED3/4 pinmux
    - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are
      skipped
    - arm64: dts: imx8qm-ss-img: Fix jpegenc compatible entry
    - arm64: dts: imx8mp-debix-model-a: Remove USB hub reset-gpios
    - arm64: dts: imx8mm: Add sound-dai-cells to micfil node
    - arm64: dts: imx8mn: Add sound-dai-cells to micfil node
    - arm64: tegra: Fix P3767 card detect polarity
    - arm64: tegra: Fix P3767 QSPI speed
    - firmware: tegra: Add suspend hook and reset BPMP IPC early on resume
    - memory: tegra: Set BPMP msg flags to reset IPC channels
    - arm64: tegra: Use correct interrupts for Tegra234 TKE
    - selftests/pidfd: Fix ksft print formats
    - selftests/resctrl: Ensure the benchmark commands fits to its array
    - soc: qcom: pmic_glink: fix connector type to be DisplayPort
    - ARM: dts: BCM5301X: Explicitly disable unused switch CPU ports
    - iommufd: Add iopt_area_alloc()
    - module/decompress: use vmalloc() for gzip decompression workspace
    - ASoC: cs35l41: Handle mdsync_down reg write errors
    - ASoC: cs35l41: Initialize completion object before requesting IRQ
    - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler
    - ASoC: cs35l41: Undo runtime PM changes at driver exit time
    - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get()
    - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time
    - KEYS: Include linux/errno.h in linux/verification.h
    - crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
    - hwrng: bcm2835 - Fix hwrng throughput regression
    - hwrng: geode - fix accessing registers
    - RDMA/core: Use size_{add,sub,mul}() in calls to struct_size()
    - crypto: qat - fix state machines cleanup paths
    - crypto: qat - ignore subsequent state up commands
    - crypto: qat - fix unregistration of crypto algorithms
    - crypto: qat - fix unregistration of compression algorithms
    - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code
    - ASoC: soc-pcm.c: Make sure DAI parameters cleared if the DAI becomes
      inactive
    - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return
      value
    - nd_btt: Make BTT lanes preemptible
    - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
    - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
    - crypto: qat - increase size of buffers
    - ASoC: SOF: ipc4-topology: Use size_add() in call to struct_size()
    - PCI: vmd: Correct PCI Header Type Register's multi-function check
    - hid: cp2112: Fix duplicate workqueue initialization
    - crypto: hisilicon/qm - fix PF queue parameter issue
    - ARM: 9321/1: memset: cast the constant byte to unsigned char
    - ARM: 9323/1: mm: Fix ARCH_LOW_ADDRESS_LIMIT when CONFIG_ZONE_DMA
    - ext4: move 'ix' sanity check to corrent position
    - kselftest: vm: fix mdwe's mmap_FIXED test case
    - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not
      described
    - backlight: pwm_bl: Disable PWM on shutdown, suspend and remove
    - ASoC: fsl-asoc-card: Add comment for mclk in the codec_priv
    - dlm: fix no ack after final message
    - IB/mlx5: Fix rdma counter binding for RAW QP
    - RDMA/hns: Fix printing level of asynchronous events
    - RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common()
    - RDMA/hns: Fix signed-unsigned mixed comparisons
    - RDMA/hns: Add check for SL
    - RDMA/hns: The UD mode can only be configured with DCQCN
    - ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran.
    - ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
    - scsi: ufs: core: Leave space for '\0' in utf8 desc string
    - RDMA/hfi1: Workaround truncation compilation error
    - HID: cp2112: Make irq_chip immutable
    - hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip
    - HID: uclogic: Fix user-memory-access bug in
      uclogic_params_ugee_v2_init_event_hooks()
    - HID: uclogic: Fix a work->entry not empty bug in __queue_work()
    - sh: bios: Revive earlyprintk support
    - HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only
    - HID: logitech-hidpp: Revert "Don't restart communication if not necessary"
    - HID: logitech-hidpp: Move get_wireless_feature_index() check to
      hidpp_connect_event()
    - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
    - PCI: endpoint: Fix double free in __pci_epc_create()
    - padata: Fix refcnt handling in padata_free_shell()
    - certs: Break circular dependency when selftest is modular
    - crypto: qat - fix deadlock in backlog processing
    - ASoC: ams-delta.c: use component after check
    - erofs: fix erofs_insert_workgroup() lockref usage
    - IB/mlx5: Fix init stage error handling to avoid double free of same QP and
      UAF
    - mfd: core: Un-constify mfd_cell.of_reg
    - mfd: core: Ensure disabled devices are skipped without aborting
    - mfd: dln2: Fix double put in dln2_probe
    - dt-bindings: mfd: mt6397: Split out compatible for MediaTek MT6366 PMIC
    - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs
    - leds: turris-omnia: Drop unnecessary mutex locking
    - leds: turris-omnia: Do not use SMBUS calls
    - leds: pwm: Don't disable the PWM when the LED should be off
    - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
    - scripts/gdb: fix usage of MOD_TEXT not defined when CONFIG_MODULES=n
    - perf stat: Fix aggr mode initialization
    - iio: frequency: adf4350: Use device managed functions and fix power down
      issue.
    - perf kwork: Fix incorrect and missing free atom in work_push_atom()
    - perf kwork: Add the supported subcommands to the document
    - perf kwork: Set ordered_events to true in 'struct perf_tool'
    - f2fs: compress: fix deadloop in f2fs_write_cache_pages()
    - f2fs: compress: fix to avoid use-after-free on dic
    - f2fs: compress: fix to avoid redundant compress extension
    - f2fs: fix to drop meta_inode's page cache in f2fs_put_super()
    - tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
    - perf parse-events: Remove unused PE_PMU_EVENT_FAKE token
    - perf parse-events: Remove unused PE_KERNEL_PMU_EVENT token
    - perf parse-events: Remove ABORT_ON
    - perf tools: Revert enable indices setting syntax for BPF map
    - perf parse-events: Fix tracepoint name memory leak
    - livepatch: Fix missing newline character in klp_resolve_symbols()
    - pinctrl: renesas: rzg2l: Make reverse order of enable() for disable()
    - perf record: Fix BTF type checks in the off-cpu profiling
    - dmaengine: idxd: Register dsa_bus_type before registering idxd sub-drivers
    - usb: dwc2: fix possible NULL pointer dereference caused by driver
      concurrency
    - usb: chipidea: Fix DMA overwrite for Tegra
    - usb: chipidea: Simplify Tegra DMA alignment code
    - dmaengine: ti: edma: handle irq_of_parse_and_map() errors
    - tools/perf: Update call stack check in builtin-lock.c
    - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
    - tools: iio: iio_generic_buffer ensure alignment
    - USB: usbip: fix stub_dev hub disconnect
    - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
    - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents()
    - interconnect: qcom: qdu1000: Set ACV enable_mask
    - interconnect: qcom: sc7180: Retire DEFINE_QBCM
    - interconnect: qcom: sc7180: Set ACV enable_mask
    - interconnect: qcom: sc7280: Set ACV enable_mask
    - interconnect: qcom: sc8180x: Set ACV enable_mask
    - interconnect: qcom: sc8280xp: Set ACV enable_mask
    - interconnect: qcom: sdm670: Retire DEFINE_QBCM
    - interconnect: qcom: sdm670: Set ACV enable_mask
    - interconnect: qcom: sdm845: Retire DEFINE_QBCM
    - interconnect: qcom: sdm845: Set ACV enable_mask
    - interconnect: qcom: sm6350: Retire DEFINE_QBCM
    - interconnect: qcom: sm6350: Set ACV enable_mask
    - interconnect: qcom: sm8150: Retire DEFINE_QBCM
    - interconnect: qcom: sm8150: Set ACV enable_mask
    - interconnect: qcom: sm8350: Retire DEFINE_QBCM
    - interconnect: qcom: sm8350: Set ACV enable_mask
    - powerpc: Only define __parse_fpscr() when required
    - interconnect: fix error handling in qnoc_probe()
    - perf build: Add missing comment about NO_LIBTRACEEVENT=1
    - perf parse-events: Fix for term values that are raw events
    - perf pmu: Remove logic for PMU name being NULL
    - perf mem-events: Avoid uninitialized read
    - s390/ap: re-init AP queues on config on
    - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
    - modpost: fix ishtp MODULE_DEVICE_TABLE built on big-endian host
    - perf tools: Do not ignore the default vmlinux.h
    - powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro
    - powerpc/xive: Fix endian conversion size
    - powerpc: Hide empty pt_regs at base of the stack
    - perf trace: Use the right bpf_probe_read(_str) variant for reading user data
    - powerpc/vas: Limit open window failure messages in log bufffer
    - powerpc/imc-pmu: Use the correct spinlock initializer.
    - powerpc/pseries: fix potential memory leak in init_cpu_associativity()
    - perf vendor events: Update PMC used in PM_RUN_INST_CMPL event for power10
      platform
    - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1
    - usb: host: xhci-plat: fix possible kernel oops while resuming
    - perf machine: Avoid out of bounds LBR memory read
    - libperf rc_check: Make implicit enabling work for GCC
    - perf hist: Add missing puts to hist__account_cycles
    - perf vendor events intel: Fix broadwellde tma_info_system_dram_bw_use metric
    - perf vendor events intel: Add broadwellde two metrics
    - 9p/net: fix possible memory leak in p9_check_errors()
    - rtla: Fix uninitialized variable found
    - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs
    - rtc: brcmstb-waketimer: support level alarm_irq
    - cxl/pci: Remove unnecessary device reference management in sanitize work
    - cxl/pci: Cleanup 'sanitize' to always poll
    - cxl/pci: Remove inconsistent usage of dev_err_probe()
    - cxl/pci: Clarify devm host for memdev relative setup
    - cxl/pci: Fix sanitize notifier setup
    - cxl/memdev: Fix sanitize vs decoder setup locking
    - cxl/mem: Fix shutdown order
    - virt: sevguest: Fix passing a stack buffer as a scatterlist target
    - rtc: pcf85363: Allow to wake up system without IRQ
    - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call
    - cxl/region: Prepare the decoder match range helper for reuse
    - cxl/region: Calculate a target position in a region interleave
    - cxl/region: Use cxl_calc_interleave_pos() for auto-discovery
    - cxl/region: Fix cxl_region_rwsem lock held when returning to user space
    - cxl/core/regs: Rename @dev to @host in struct cxl_register_map
    - cxl/port: Fix @host confusion in cxl_dport_setup_regs()
    - cxl/hdm: Remove broken error path
    - pcmcia: cs: fix possible hung task and memory leak pccardd()
    - pcmcia: ds: fix refcount leak in pcmcia_device_add()
    - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
    - media: imx-jpeg: initiate a drain of the capture queue in dynamic resolution
      change
    - media: hantro: Check whether reset op is defined before use
    - media: verisilicon: Do not enable G2 postproc downscale if source is
      narrower than destination
    - media: ov5640: fix vblank unchange issue when work at dvp mode
    - media: i2c: max9286: Fix some redundant of_node_put() calls
    - media: ov5640: Fix a memory leak when ov5640_probe fails
    - media: bttv: fix use after free error due to btv->timeout timer
    - media: amphion: handle firmware debug message
    - media: mtk-jpegenc: Fix bug in JPEG encode quality selection
    - media: s3c-camif: Avoid inappropriate kfree()
    - media: vidtv: psi: Add check for kstrdup
    - media: vidtv: mux: Add check and kfree for kstrdup
    - media: cedrus: Fix clock/reset sequence
    - media: cadence: csi2rx: Unregister v4l2 async notifier
    - media: dvb-usb-v2: af9035: fix missing unlock
    - media: verisilicon: Fixes clock list for rk3588 av1 decoder
    - media: imx-jpeg: notify source chagne event when the first picture parsed
    - media: platform: mtk-mdp3: fix uninitialized variable in mdp_path_config()
    - media: cec: meson: always include meson sub-directory in Makefile
    - cpupower: fix reference to nonexistent document
    - regmap: prevent noinc writes from clobbering cache
    - drm/amdgpu/gfx10,11: use memcpy_to/fromio for MQDs
    - drm/amdgpu: don't put MQDs in VRAM on ARM | ARM64
    - pwm: sti: Reduce number of allocations and drop usage of chip_data
    - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
    - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
    - watchdog: ixp4xx: Make sure restart always works
    - llc: verify mac len before reading mac header
    - hsr: Prevent use after free in prp_create_tagged_frame()
    - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
    - rxrpc: Fix two connection reaping bugs
    - bpf: Check map->usercnt after timer->timer is assigned
    - inet: shrink struct flowi_common
    - octeontx2-pf: Fix error codes
    - octeontx2-pf: Fix holes in error code
    - net: page_pool: add missing free_percpu when page_pool_init fail
    - dccp: Call security_inet_conn_request() after setting IPv4 addresses.
    - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
    - Fix termination state for idr_for_each_entry_ul()
    - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs
    - selftests: pmtu.sh: fix result checking
    - octeontx2-pf: Free pending and dropped SQEs
    - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT
    - net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc
    - net/smc: put sk reference if close work was canceled
    - nvme: fix error-handling for io_uring nvme-passthrough
    - riscv: boot: Fix creation of loader.bin
    - tg3: power down device only on SYSTEM_POWER_OFF
    - nbd: fix uaf in nbd_open
    - blk-core: use pr_warn_ratelimited() in bio_check_ro()
    - vsock/virtio: remove socket from connected/bound list on shutdown
    - r8169: respect userspace disabling IFF_MULTICAST
    - net: enetc: shorten enetc_setup_xdp_prog() error message to fit
      NETLINK_MAX_FMTMSG_LEN
    - i2c: iproc: handle invalid slave state
    - netfilter: xt_recent: fix (increase) ipv6 literal buffer length
    - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
    - net/sched: act_ct: Always fill offloading tuple iifidx
    - RISC-V: Don't fail in riscv_of_parent_hartid() for disabled HARTs
    - module/decompress: use kvmalloc() consistently
    - drm/vc4: tests: Fix UAF in the mock helpers
    - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
    - ASoC: mediatek: mt8186_mt6366_rt1019_rt5682s: trivial: fix error messages
    - ASoC: hdmi-codec: register hpd callback on component probe
    - ASoC: dapm: fix clock get name
    - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
    - arm64/arm: arm_pmuv3: perf: Don't truncate 64-bit registers
    - fbdev: imsttfb: fix double free in probe()
    - fbdev: imsttfb: fix a resource leak in probe
    - fbdev: fsl-diu-fb: mark wr_reg_wa() static
    - tracing/kprobes: Fix the order of argument descriptions
    - Revert "drm/ast: report connection status on Display Port."
    - selftests: mptcp: fix wait_rm_addr/sf parameters
    - io_uring/net: ensure socket is marked connected on connect retry
    - x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs
    - Revert "PCI/ASPM: Disable only ASPM_STATE_L1 when driver, disables L1"
    - btrfs: use u64 for buffer sizes in the tree search ioctls
    - bpf, x86: initialize the variable "first_off" in save_args()
    - perf parse-events: Fix driver config term
    - btrfs: make found_logical_ret parameter mandatory for function
      queue_scrub_stripe()
    - Linux 6.5.12

* Mantic update: v6.5.11 upstream stable release (LP: #2051117)
    - ASoC: Intel: sof_sdw: add support for SKU 0B14
    - ASoC: simple-card: fixup asoc_simple_probe() error handling
    - coresight: tmc-etr: Disable warnings for allocation failures
    - ASoC: fsl-asoc-card: use integer type for fll_id and pll_id
    - ASoC: core: Do not call link_exit() on uninitialized rtd objects
    - ASoC: tlv320adc3xxx: BUG: Correct micbias setting
    - net: sched: cls_u32: Fix allocation size in u32_init()
    - arm64: dts: imx93: add the Flex-CAN stop mode by GPR
    - can: flexcan: remove the auto stop mode for IMX93
    - irqchip/riscv-intc: Mark all INTC nodes as initialized
    - irqchip/stm32-exti: add missing DT IRQ flag translation
    - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
    - ata: pata_parport: add custom version of wait_after_reset
    - ata: pata_parport: fit3: implement IDE command set registers
    - powerpc/85xx: Fix math emulation exception
    - media: i2c: ov8858: Don't set fwnode in the driver
    - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
    - fbdev: atyfb: only use ioremap_uc() on i386 and ia64
    - fs/ntfs3: Add ckeck in ni_update_parent()
    - fs/ntfs3: Write immediately updated ntfs state
    - fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN)
    - fs/ntfs3: Add more attributes checks in mi_enum_attr()
    - fs/ntfs3: Fix alternative boot searching
    - fs/ntfs3: Add more info into /proc/fs/ntfs3/<dev>/volinfo
    - fs/ntfs3: Do not allow to change label if volume is read-only
    - fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr()
    - fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame()
    - fs/ntfs3: Fix directory element type detection
    - fs/ntfs3: Avoid possible memory leak
    - spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0
    - ASoC: soc-dapm: Add helper for comparing widget name
    - netfilter: nfnetlink_log: silence bogus compiler warning
    - net/mlx5: Bridge, fix peer entry ageing in LAG mode
    - x86/efistub: Don't try to print after ExitBootService()
    - efi: fix memory leak in krealloc failure handling
    - ASoC: rt5650: fix the wrong result of key button
    - ASoC: codecs: tas2780: Fix log of failed reset via I2C.
    - s390/kasan: handle DCSS mapping in memory holes
    - fbdev: omapfb: fix some error codes
    - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
    - scsi: mpt3sas: Fix in error path
    - ASoC: da7219: Correct the process of setting up Gnd switch in AAD
    - drm/amdgpu: Unset context priority is now invalid
    - gpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET
    - LoongArch: Use SYM_CODE_* to annotate exception handlers
    - LoongArch: Export symbol invalid_pud_table for modules building
    - LoongArch: Replace kmap_atomic() with kmap_local_page() in
      copy_user_highpage()
    - LoongArch: Disable WUC for pgprot_writecombine() like ioremap_wc()
    - netfilter: nf_tables: audit log object reset once per table
    - platform/mellanox: mlxbf-tmfifo: Fix a warning message
    - drm/amdgpu: Reserve fences for VM update
    - riscv: dts: thead: set dma-noncoherent to soc bus
    - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
    - r8152: Check for unplug in rtl_phy_patch_request()
    - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en()
    - powerpc/mm: Fix boot crash with FLATMEM
    - ceph_wait_on_conflict_unlink(): grab reference before dropping ->d_lock
    - drm/amd/display: Don't use fsleep for PSR exit waits
    - rust: make `UnsafeCell` the outer type in `Opaque`
    - rust: types: make `Opaque` be `!Unpin`
    - perf evlist: Avoid frequency mode for the dummy event
    - mmap: fix vma_iterator in error path of vma_merge()
    - mmap: fix error paths with dup_anon_vma()
    - ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices
    - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
    - usb: storage: set 1.50 as the lower bcdDevice for older "Super Top"
      compatibility
    - usb: typec: tcpm: Add additional checks for contaminant
    - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
    - usb: raw-gadget: properly handle interrupted requests
    - Bluetooth: hci_bcm4377: Mark bcm4378/bcm4387 as BROKEN_LE_CODED
    - tty: n_gsm: fix race condition in status line change on dead connections
    - tty: 8250: Remove UC-257 and UC-431
    - tty: 8250: Add support for additional Brainboxes UC cards
    - tty: 8250: Add support for Brainboxes UP cards
    - tty: 8250: Add support for Intashield IS-100
    - tty: 8250: Fix port count of PX-257
    - tty: 8250: Fix up PX-803/PX-857
    - tty: 8250: Add support for additional Brainboxes PX cards
    - tty: 8250: Add support for Intashield IX cards
    - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks
    - dt-bindings: serial: rs485: Add rs485-rts-active-high
    - misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support
    - serial: core: Fix runtime PM handling for pending tx
    - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
    - ASoC: SOF: sof-pci-dev: Fix community key quirk detection
    - Linux 6.5.11

* Mantic update: v6.5.11 upstream stable release (LP: #2051117) // black
    screen when wake up from s3 with AMD W7600 gfx (LP: #2051341)
    - drm/ttm: Reorder sys manager cleanup step

* CVE-2024-0646
    - net: tls, update curr on splice as well

* CVE-2024-0582
    - io_uring: enable io_mem_alloc/free to be used in other parts
    - io_uring/kbuf: defer release of mapped buffer rings

* CVE-2024-0565
    - smb: client: fix OOB in receive_encrypted_standard()

* CVE-2023-51781
    - appletalk: Fix Use-After-Free in atalk_ioctl

* Reject connection when malformed L2CAP signal packet is received
    (LP: #2047634)
    - Bluetooth: L2CAP: Send reject on command corrupted request

* Mantic update: v6.5.10 upstream stable release (LP: #2049412)
    - vdpa/mlx5: Fix firmware error on creation of 1k VQs
    - smb3: allow controlling length of time directory entries are cached with dir
      leases
    - smb3: allow controlling maximum number of cached directories
    - smb3: do not start laundromat thread when dir leases disabled
    - smb: client: do not start laundromat thread on nohandlecache
    - smb: client: make laundromat a delayed worker
    - smb: client: prevent new fids from being removed by laundromat
    - virtio_balloon: Fix endless deflation and inflation on arm64
    - virtio-mmio: fix memory leak of vm_dev
    - virtio-crypto: handle config changed by work queue
    - virtio_pci: fix the common cfg map size
    - vsock/virtio: initialize the_virtio_vsock before using VQs
    - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
    - arm64: dts: qcom: apq8096-db820c: fix missing clock populate
    - arm64: dts: qcom: msm8996-xiaomi: fix missing clock populate
    - arm64: dts: rockchip: use codec as clock master on px30-ringneck-haikou
    - arm64: dts: rockchip: set codec system-clock-fixed on px30-ringneck-haikou
    - arm64: dts: qcom: sa8775p: correct PMIC GPIO label in gpio-ranges
    - arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399
    - arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards
    - i40e: sync next_to_clean and next_to_process for programming status desc
    - mm: fix vm_brk_flags() to not bail out while holding lock
    - hugetlbfs: clear resv_map pointer if mmap fails
    - mm/page_alloc: correct start page when guard page debug is enabled
    - mm/migrate: fix do_pages_move for compat pointers
    - selftests/mm: include mman header to access MREMAP_DONTUNMAP identifier
    - mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer
    - hugetlbfs: extend hugetlb_vma_lock to private VMAs
    - maple_tree: add GFP_KERNEL to allocations in mas_expected_entries()
    - nfsd: lock_rename() needs both directories to live on the same fs
    - vdpa_sim_blk: Fix the potential leak of mgmt_dev
    - vdpa/mlx5: Fix double release of debugfs entry
    - ARM: OMAP1: ams-delta: Fix MODEM initialization failure
    - ARM: dts: rockchip: Fix i2c0 register address for RK3128
    - ARM: dts: rockchip: Add missing arm timer interrupt for RK3128
    - ARM: dts: rockchip: Add missing quirk for RK3128's dma engine
    - ARM: dts: rockchip: Fix timer clocks for RK3128
    - accel/ivpu: Don't enter d0i3 during FLR
    - drm/i915/pmu: Check if pmu is closed before stopping event
    - drm/amd: Disable ASPM for VI w/ all Intel systems
    - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
    - btrfs: remove v0 extent handling
    - btrfs: fix unwritten extent buffer after snapshotting a new subvolume
    - ARM: OMAP: timer32K: fix all kernel-doc warnings
    - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
    - clk: ti: Fix missing omap4 mcbsp functional clock and aliases
    - clk: ti: Fix missing omap5 mcbsp functional clock and aliases
    - r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx
    - r8169: fix the KCSAN reported data-race in rtl_tx while reading
      TxDescArray[entry].opts1
    - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1
    - iavf: initialize waitqueues before starting watchdog_task
    - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value
    - treewide: Spelling fix in comment
    - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
    - net: do not leave an empty skb in write queue
    - neighbour: fix various data-races
    - igc: Fix ambiguity in the ethtool advertising
    - net: ethernet: adi: adin1110: Fix uninitialized variable
    - net: ieee802154: adf7242: Fix some potential buffer overflow in
      adf7242_stats_show()
    - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
    - r8152: Increase USB control msg timeout to 5000ms as per spec
    - r8152: Run the unload routine if we have errors during probe
    - r8152: Cancel hw_phy_work if we have an error in probe
    - r8152: Release firmware if we have an error in probe
    - tcp: fix wrong RTO timeout when received SACK reneging
    - wifi: cfg80211: pass correct pointer to rdev_inform_bss()
    - wifi: cfg80211: fix assoc response warning on failed links
    - wifi: mac80211: don't drop all unprotected public action frames
    - net/handshake: fix file ref count in handshake_nl_accept_doit()
    - gtp: uapi: fix GTPA_MAX
    - gtp: fix fragmentation needed check with gso
    - drm/i915/perf: Determine context valid in OA reports
    - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
    - netfilter: flowtable: GC pushes back packets to classic path
    - net/sched: act_ct: additional checks for outdated flows
    - drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO
    - drm/i915/mcr: Hold GT forcewake during steering operations
    - iavf: in iavf_down, disable queues when removing the driver
    - scsi: sd: Introduce manage_shutdown device flag
    - blk-throttle: check for overflow in calculate_bytes_allowed
    - kasan: print the original fault addr when access invalid shadow
    - iio: afe: rescale: Accept only offset channels
    - iio: exynos-adc: request second interupt only when touchscreen mode is used
    - iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds
    - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale
    - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
    - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
    - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
    - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
    - i2c: aspeed: Fix i2c bus hang in slave read
    - tracing/kprobes: Fix symbol counting logic by looking at modules as well
    - tracing/kprobes: Fix the description of variable length arguments
    - misc: fastrpc: Reset metadata buffer to avoid incorrect free
    - misc: fastrpc: Free DMA handles for RPC calls with no arguments
    - misc: fastrpc: Clean buffers on remote invocation failures
    - misc: fastrpc: Unmap only if buffer is unmapped from DSP
    - nvmem: imx: correct nregs for i.MX6ULL
    - nvmem: imx: correct nregs for i.MX6SLL
    - nvmem: imx: correct nregs for i.MX6UL
    - x86/tsc: Defer marking TSC unstable to a worker
    - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
    - x86/cpu: Add model number for Intel Arrow Lake mobile processor
    - perf/core: Fix potential NULL deref
    - sparc32: fix a braino in fault handling in csum_and_copy_..._user()
    - clk: Sanitize possible_parent_show to Handle Return Value of
      of_clk_get_parent_name
    - clk: socfpga: gate: Account for the divider in determine_rate
    - clk: stm32: Fix a signedness issue in clk_stm32_composite_determine_rate()
    - platform/x86: Add s2idle quirk for more Lenovo laptops
    - mm/damon/sysfs: check DAMOS regions update progress from before_terminate()
    - accel/ivpu/37xx: Fix missing VPUIP interrupts
    - Linux 6.5.10

* CVE-2023-6560
    - io_uring: don't allow discontig pages for IORING_SETUP_NO_MMAP

* CVE-2023-51782
    - net/rose: Fix Use-After-Free in rose_ioctl

* Mantic update: v6.5.9 upstream stable release (LP: #2049202)
    - Bluetooth: hci_event: Ignore NULL link key
    - Bluetooth: Reject connection with the device which has same BD_ADDR
    - Bluetooth: Fix a refcnt underflow problem for hci_conn
    - Bluetooth: vhci: Fix race when opening vhci device
    - Bluetooth: hci_event: Fix coding style
    - Bluetooth: avoid memcmp() out of bounds warning
    - Bluetooth: hci_conn: Fix modifying handle while aborting
    - ice: fix over-shifted variable
    - ice: Fix safe mode when DDP is missing
    - ice: reset first in crash dump kernels
    - net/smc: return the right falback reason when prefix checks fail
    - btrfs: fix stripe length calculation for non-zoned data chunk allocation
    - nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
    - regmap: fix NULL deref on lookup
    - KVM: x86: Mask LVTPC when handling a PMI
    - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer
    - KVM: x86/pmu: Truncate counter value to allowed width on write
    - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2}
    - x86: KVM: SVM: add support for Invalid IPI Vector interception
    - x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested()
    - tcp: check mptcp-level constraints for backlog coalescing
    - mptcp: more conservative check for zero probes
    - selftests: mptcp: join: no RST when rm subflow/addr
    - mm: slab: Do not create kmalloc caches smaller than arch_slab_minalign()
    - fs/ntfs3: Fix OOB read in ntfs_init_from_boot
    - fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e()
    - fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea()
    - fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super
    - fs/ntfs3: fix deadlock in mark_as_free_ex
    - Revert "net: wwan: iosm: enable runtime pm support for 7560"
    - netfilter: nft_payload: fix wrong mac header matching
    - drm/i915: Retry gtt fault when out of fence registers
    - drm/mediatek: Correctly free sg_table in gem prime vmap
    - drm/nouveau/disp: fix DP capable DSM connectors
    - drm/edid: add 8 bpc quirk to the BenQ GW2765
    - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
    - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV
    - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx
    - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
    - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors
    - ASoC: codecs: wcd938x: drop bogus bind error handling
    - ASoC: codecs: wcd938x: fix unbind tear down order
    - ASoC: codecs: wcd938x: fix resource leaks on bind errors
    - ASoC: codecs: wcd938x: fix regulator leaks on probe errors
    - ASoC: codecs: wcd938x: fix runtime PM imbalance on remove
    - qed: fix LL2 RX buffer allocation
    - xfrm: fix a data-race in xfrm_lookup_with_ifid()
    - xfrm6: fix inet6_dev refcount underflow problem
    - xfrm: fix a data-race in xfrm_gen_index()
    - xfrm: interface: use DEV_STATS_INC()
    - net: xfrm: skip policies marked as dead while reinserting policies
    - fprobe: Fix to ensure the number of active retprobes is not zero
    - wifi: cfg80211: use system_unbound_wq for wiphy work
    - net: ipv4: fix return value check in esp_remove_trailer
    - net: ipv6: fix return value check in esp_remove_trailer
    - net: rfkill: gpio: prevent value glitch during probe
    - tcp: fix excessive TLP and RACK timeouts from HZ rounding
    - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb
    - tcp: Fix listen() warning with v4-mapped-v6 address.
    - docs: fix info about representor identification
    - tun: prevent negative ifindex
    - gve: Do not fully free QPL pages on prefill errors
    - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
    - net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
    - octeon_ep: update BQL sent bytes before ringing doorbell
    - i40e: prevent crash on probe if hw registers have invalid values
    - net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register()
    - bonding: Return pointer to data after pull on skb
    - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
    - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
    - selftests: openvswitch: Catch cases where the tests are killed
    - selftests: openvswitch: Fix the ct_tuple for v4
    - selftests: netfilter: Run nft_audit.sh in its own netns
    - netfilter: nft_set_rbtree: .deactivate fails if element has expired
    - netlink: Correct offload_xstats size
    - netfilter: nf_tables: do not refresh timeout when resetting element
    - netfilter: nf_tables: do not remove elements if set backend implements
      .abort
    - netfilter: nf_tables: revert do not remove elements if set backend
      implements .abort
    - selftests: openvswitch: Add version check for pyroute2
    - net: phy: bcm7xxx: Add missing 16nm EPHY statistics
    - net: pktgen: Fix interface flags printing
    - net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
    - net: mdio-mux: fix C45 access returning -EIO after API change
    - net: avoid UAF on deleted altname
    - net: fix ifname in netlink ntf during netns move
    - net: check for altname conflicts when changing netdev's netns
    - iio: light: vcnl4000: Don't power on/off chip in config
    - pwr-mlxbf: extend Kconfig to include gpio-mlxbf3 dependency
    - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
    - arm64: dts: mediatek: Fix "mediatek,merge-mute" and "mediatek,merge-fifo-en"
      types
    - fs-writeback: do not requeue a clean inode having skipped pages
    - btrfs: fix race when refilling delayed refs block reserve
    - btrfs: prevent transaction block reserve underflow when starting transaction
    - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1
    - btrfs: initialize start_slot in btrfs_log_prealloc_extents
    - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
    - overlayfs: set ctime when setting mtime and atime
    - accel/ivpu: Don't flood dmesg with VPU ready message
    - gpio: timberdale: Fix potential deadlock on &tgpio->lock
    - ata: libata-core: Fix compilation warning in ata_dev_config_ncq()
    - ata: libata-eh: Fix compilation warning in ata_eh_link_report()
    - tracing: relax trace_event_eval_update() execution with cond_resched()
    - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
    - wifi: cfg80211: validate AP phy operation before starting it
    - wifi: iwlwifi: Ensure ack flag is properly cleared.
    - rfkill: sync before userspace visibility/changes
    - HID: logitech-hidpp: Add Bluetooth ID for the Logitech M720 Triathlon mouse
    - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
    - Bluetooth: btusb: add shutdown function for QCA6174
    - Bluetooth: Avoid redundant authentication
    - Bluetooth: hci_core: Fix build warnings
    - wifi: cfg80211: Fix 6GHz scan configuration
    - wifi: mac80211: work around Cisco AP 9115 VHT MPDU length
    - wifi: mac80211: allow transmitting EAPOL frames with tainted key
    - wifi: cfg80211: avoid leaking stack data into trace
    - regulator/core: Revert "fix kobject release warning and memory leak in
      regulator_register()"
    - SUNRPC: Fail quickly when server does not recognize TLS
    - SUNRPC/TLS: Lock the lower_xprt during the tls handshake
    - nfs: decrement nrequests counter before releasing the req
    - sky2: Make sure there is at least one frag_addr available
    - ipv4/fib: send notify when delete source address routes
    - drm: panel-orientation-quirks: Add quirk for One Mix 2S
    - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c
    - btrfs: error out when COWing block using a stale transaction
    - btrfs: error when COWing block from a root that is being deleted
    - btrfs: error out when reallocating block for defrag using a stale
      transaction
    - platform/x86: touchscreen_dmi: Add info for the BUSH Bush Windows tablet
    - drm/amd/pm: add unique_id for gc 11.0.3
    - HID: multitouch: Add required quirk for Synaptics 0xcd7e device
    - HID: nintendo: reinitialize USB Pro Controller after resuming from suspend
    - HID: Add quirk to ignore the touchscreen battery on HP ENVY 15-eu0556ng
    - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
    - cpufreq: schedutil: Update next_freq when cpufreq_limits change
    - Bluetooth: hci_sync: Fix not handling ISO_LINK in hci_abort_conn_sync
    - Bluetooth: hci_sync: Introduce PTR_UINT/UINT_PTR macros
    - Bluetooth: ISO: Fix invalid context error
    - Bluetooth: hci_sync: delete CIS in BT_OPEN/CONNECT/BOUND when aborting
    - Bluetooth: hci_sync: always check if connection is alive before deleting
    - net/mlx5: E-switch, register event handler before arming the event
    - net/mlx5: Handle fw tracer change ownership event based on MTRC
    - net/mlx5e: RX, Fix page_pool allocation failure recovery for striding rq
    - net/mlx5e: RX, Fix page_pool allocation failure recovery for legacy rq
    - net/mlx5e: XDP, Fix XDP_REDIRECT mpwqe page fragment leaks on shutdown
    - net/mlx5e: Take RTNL lock before triggering netdev notifiers
    - net/mlx5e: Don't offload internal port if filter device is out device
    - net/mlx5e: Fix VF representors reporting zero counters to "ip -s" command
    - net/tls: split tls_rx_reader_lock
    - tcp: allow again tcp_disconnect() when threads are waiting
    - Bluetooth: hci_event: Fix using memcmp when comparing keys
    - tcp_bpf: properly release resources on error paths
    - mtd: rawnand: qcom: Unmap the right resource upon probe failure
    - mtd: rawnand: pl353: Ensure program page operations are successful
    - mtd: rawnand: marvell: Ensure program page operations are successful
    - mtd: rawnand: arasan: Ensure program page operations are successful
    - mtd: rawnand: Ensure the nand chip supports cached reads
    - mtd: spinand: micron: correct bitmask for ecc status
    - mtd: physmap-core: Restore map_rom fallback
    - dt-bindings: mmc: sdhci-msm: correct minimum number of clocks
    - mmc: sdhci-pci-gli: fix LPM negotiation so x86/S0ix SoCs can suspend
    - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw
    - mmc: core: Fix error propagation for some ioctl commands
    - mmc: core: sdio: hold retuning if sdio in 1-bit mode
    - pinctrl: qcom: lpass-lpi: fix concurrent register updates
    - pNFS: Fix a hang in nfs4_evict_inode()
    - pNFS/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats
    - NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server
    - ACPI: irq: Fix incorrect return value in acpi_register_gsi()
    - ACPI: bus: Move acpi_arm_init() to the place of after acpi_ghes_init()
    - perf dlfilter: Fix use of addr_location__exit() in dlfilter__object_code()
    - fanotify: limit reporting of event with non-decodeable file handles
    - NFS: Fix potential oops in nfs_inode_remove_request()
    - nfs42: client needs to strip file mode's suid/sgid bit after ALLOCATE op
    - nvme: sanitize metadata bounce buffer for reads
    - nvme-pci: add BOGUS_NID for Intel 0a54 device
    - nvme-auth: use chap->s2 to indicate bidirectional authentication
    - nvmet-auth: complete a request only after freeing the dhchap pointers
    - nvme-rdma: do not try to stop unallocated queues
    - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
    - USB: serial: option: add entry for Sierra EM9191 with new firmware
    - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
    - thunderbolt: Call tb_switch_put() once DisplayPort bandwidth request is
      finished
    - s390/pci: fix iommu bitmap allocation
    - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols
    - selftests/ftrace: Add new test case which checks non unique symbol
    - KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash
    - apple-gmux: Hard Code max brightness for MMIO gmux
    - s390/cio: fix a memleak in css_alloc_subchannel
    - platform/surface: platform_profile: Propagate error if profile registration
      fails
    - platform/x86: intel-uncore-freq: Conditionally create attribute for read
      frequency
    - platform/x86: msi-ec: Fix the 3rd config
    - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
    - platform/x86: asus-wmi: Only map brightness codes when using asus-wmi
      backlight control
    - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events
    - rust: error: fix the description for `ECHILD`
    - gpiolib: acpi: Add missing memset(0) to acpi_get_gpiod_from_data()
    - gpio: vf610: set value before the direction to avoid a glitch
    - gpio: vf610: mask the gpio irq in system suspend and support wakeup
    - ASoC: cs35l56: Fix illegal use of init_completion()
    - ASoC: pxa: fix a memory leak in probe()
    - ASoC: cs42l42: Fix missing include of gpio/consumer.h
    - drm/bridge: ti-sn65dsi86: Associate DSI device lifetime with auxiliary
      device
    - drm/i915/cx0: Only clear/set the Pipe Reset bit of the PHY Lanes Owned
    - drm/amdgpu: Fix possible null pointer dereference
    - powerpc/mm: Allow ARCH_FORCE_MAX_ORDER up to 12
    - powerpc/qspinlock: Fix stale propagated yield_cpu
    - docs: Move rustdoc output, cross-reference it
    - rust: docs: fix logo replacement
    - phy: mapphone-mdm6600: Fix runtime disable on probe
    - phy: mapphone-mdm6600: Fix runtime PM for remove
    - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
    - phy: qcom-qmp-usb: initialize PCS_USB registers
    - phy: qcom-qmp-usb: split PCS_USB init table for sc8280xp and sa8775p
    - phy: qcom-qmp-combo: Square out 8550 POWER_STATE_CONFIG1
    - phy: qcom-qmp-combo: initialize PCS_USB registers
    - efi/unaccepted: Fix soft lockups caused by parallel memory acceptance
    - net: move altnames together with the netdevice
    - Bluetooth: hci_sock: fix slab oob read in create_monitor_event
    - net: rfkill: reduce data->mtx scope in rfkill_fop_open
    - docs: rust: update Rust docs output path
    - kbuild: remove old Rust docs output path
    - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
    - mptcp: avoid sending RST when closing the initial subflow
    - selftests: mptcp: join: correctly check for no RST
    - Linux 6.5.9

* CVE-2023-51779
    - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

-- Stefan Bader <stefan.bader@canonical.com>  Fri, 02 Feb 2024 15:00:42 +0100

Changed in linux (Ubuntu Mantic):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-06:

#16

This bug is awaiting verification that the linux-aws/6.5.0-1015.15 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-aws' to 'verification-done-mantic-linux-aws'. If the problem still exists, change the tag 'verification-needed-mantic-linux-aws' to 'verification-failed-mantic-linux-aws'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-aws-v2 verification-needed-mantic-linux-aws

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-06:

#17

This bug is awaiting verification that the linux-azure/6.5.0-1016.16 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-azure' to 'verification-done-mantic-linux-azure'. If the problem still exists, change the tag 'verification-needed-mantic-linux-azure' to 'verification-failed-mantic-linux-azure'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-azure-v2 verification-needed-mantic-linux-azure

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-06:

#18

This bug is awaiting verification that the linux-hwe-6.5/6.5.0-25.25~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-hwe-6.5' to 'verification-done-jammy-linux-hwe-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-hwe-6.5' to 'verification-failed-jammy-linux-hwe-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-hwe-6.5-v2 verification-needed-jammy-linux-hwe-6.5

Timo Aaltonen (tjaalton) on 2024-03-18

Changed in linux-oem-6.1 (Ubuntu Lunar):
status:	New → Invalid
Changed in linux-oem-6.1 (Ubuntu Mantic):
status:	New → Invalid
Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	New → Won't Fix

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-26:

#19

This bug is awaiting verification that the linux-nvidia-6.5/6.5.0-1014.14 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-done-jammy-linux-nvidia-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-failed-jammy-linux-nvidia-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-6.5-v2 verification-needed-jammy-linux-nvidia-6.5

ubuntu-kernel-tests

test_021_aslr_dapper_libs from ubuntu_qrt_kernel_security failed on K-5.19 / J-OEM-6.1 / J-6.2 AMD64

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
QA Regression Testing	Invalid	Undecided	Unassigned
ubuntu-kernel-tests	Invalid	Undecided	Unassigned
linux (Ubuntu)	Status tracked in Noble
Jammy	Invalid	Undecided	Unassigned
Kinetic	Invalid	Undecided	Unassigned
Lunar	Won't Fix	Medium	Thadeu Lima de Souza Cascardo
Mantic	Fix Released	Medium	Thadeu Lima de Souza Cascardo
Noble	Fix Released	Undecided	Unassigned
linux-oem-6.1 (Ubuntu)	Status tracked in Noble
Jammy	Won't Fix	Undecided	Unassigned
Kinetic	Invalid	Undecided	Unassigned
Lunar	Invalid	Undecided	Unassigned
Mantic	Invalid	Undecided	Unassigned
Noble	Invalid	Undecided	Unassigned