Bug #2043841 “kernel BUG: io_uring openat triggers audit referen...” : Bugs : linux package : Ubuntu

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2023-11-17:

#1

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Libera.chat.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/2043841/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags:

added: bot-comment

Revision history for this message

Dan Clash (daclash) wrote on 2023-11-17:

#2

This bug is a in the Linux kernel, specifically in the filesystem / io_uring / audit areas.

affects:

ubuntu → linux (Ubuntu)

Paul White (paulw2u) on 2023-11-17

affects:	linux (Ubuntu) → linux-azure-6.2 (Ubuntu)
tags:	added: jammy

Tim Gardner (timg-tpi) on 2023-11-27

affects:	linux-azure-6.2 (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
status:	New → Fix Released
Changed in linux (Ubuntu Lunar):
assignee:	nobody → Tim Gardner (timg-tpi)
status:	New → In Progress
importance:	Undecided → Medium
Changed in linux (Ubuntu Mantic):
assignee:	nobody → Tim Gardner (timg-tpi)
importance:	Undecided → Medium
status:	New → In Progress

Stefan Bader (smb) on 2023-12-01

Changed in linux (Ubuntu Mantic):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Lunar):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-01-09:

#3

This bug is awaiting verification that the linux/6.2.0-41.42 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar-linux' to 'verification-done-lunar-linux'. If the problem still exists, change the tag 'verification-needed-lunar-linux' to 'verification-failed-lunar-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-lunar-linux-v2 verification-needed-lunar-linux

Revision history for this message

Dan Clash (daclash) wrote on 2024-01-09:

#4

Download full text (4.0 KiB)

The pre-patch discussion thread has a test program that I used to reproduce the issue.
The test program never completes if the bug is present.

I have not been through this process yet. Is it appropriate for me to do the testing? If yes then is there a document or steps that describes the appropriate way to test?

https://lore<email address hidden>/T/#u

The following is a copy of the test program:

Test program usage:

./io_uring_open_close_audit_hang --directory /tmp/deleteme --count 10000

Test program source:

// Note: The test program is C++ but could be converted to C.
#include <cassert>
#include <fcntl.h>
#include <filesystem>
#include <getopt.h>
#include <iostream>
#include <liburing.h>

// open and close a file. the file is created if it does not exist.

void
openClose(struct io_uring& ring, std::string fileName)
{
    int ret;
    struct io_uring_cqe* cqe {};
    struct io_uring_sqe* sqe {};
    int fd {};
    int flags {O_RDWR | O_CREAT};
    mode_t mode {0666};

// openat2

sqe = io_uring_get_sqe(&ring);
assert(sqe != nullptr);

io_uring_prep_openat(sqe, AT_FDCWD, fileName.data(), flags, mode);
io_uring_sqe_set_flags(sqe, IOSQE_ASYNC);

ret = io_uring_submit(&ring);
assert(ret == 1);

ret = io_uring_wait_cqe(&ring, &cqe);
assert(ret == 0);

fd = cqe->res;
assert(fd > 0);

io_uring_cqe_seen(&ring, cqe);

// close

sqe = io_uring_get_sqe(&ring);
assert(sqe != nullptr);

io_uring_prep_close(sqe, fd);
io_uring_sqe_set_flags(sqe, IOSQE_ASYNC);

ret = io_uring_submit(&ring);
assert(ret == 1);

    // wait for the close to complete.
    ret = io_uring_wait_cqe(&ring, &cqe);
    assert(ret == 0);

// verify that close succeeded.
assert(cqe->res == 0);

io_uring_cqe_seen(&ring, cqe);
}

// create 100 files and then open each file twice.

void
openCloseHang(std::string filePath)
{
int ret;
struct io_uring ring;

ret = io_uring_queue_init(8, &ring, 0);
assert(0 == ret);

int repeat {3};
int numFiles {100};

std::filesystem::create_directory(filePath);

    // files of length 0 are created in the j==0 iteration below.
    // those files are opened and closed during the j>0 iteraions.
    // a repeat of 3 results in a fairly reliable reproduction.

    for (int j = 0; j < repeat; j += 1) {
        for (int i = 0; i < numFiles; i += 1) {
            std::string fileName(filePath + "/file" + std::to_string(i));
            openClose(ring, fileName);
        }
    }

std::filesystem::remove_all(filePath);

io_uring_queue_exit(&ring);
}

int
main(int argc, char** argv)
{
std::string filePath {};
int iterations {};

    struct option options[]
    {
        {"help", no_argument, 0, 'h'}, {"directory", required_argument, 0, 'd'},
            {"count", required_argument, 0, 'c'},
        {
            0, 0, 0, 0
        }
    };
    bool printUsage {false};
    int val {};

    while ((val = getopt_long_only(argc, argv, "", options, nullptr)) != -1) {
        if (val == 'h') {
            printUsage = true;
        } else if (val == 'd') ...

The pre-patch discussion thread has a test program that I used to reproduce the issue.
The test program never completes if the bug is present.

I have not been through this process yet.  Is it appropriate for me to do the testing?  If yes then is there a document or steps that describes the appropriate way to test?

https://lore.kernel.org/io-uring/MW2PR2101MB1033FFF044A258F84AEAA584F1C9A@MW2PR2101MB1033.namprd21.prod.outlook.com/T/#u

The following is a copy of the test program:

Test program usage:

./io_uring_open_close_audit_hang --directory /tmp/deleteme --count 10000

Test program source:

// Note: The test program is C++ but could be converted to C.
#include <cassert>
#include <fcntl.h>
#include <filesystem>
#include <getopt.h>
#include <iostream>
#include <liburing.h>

// open and close a file.  the file is created if it does not exist.

void
openClose(struct io_uring& ring, std::string fileName)
{
    int ret;
    struct io_uring_cqe* cqe {};
    struct io_uring_sqe* sqe {};
    int fd {};
    int flags {O_RDWR | O_CREAT};
    mode_t mode {0666};

// openat2

sqe = io_uring_get_sqe(&ring);
    assert(sqe != nullptr);

io_uring_prep_openat(sqe, AT_FDCWD, fileName.data(), flags, mode);
    io_uring_sqe_set_flags(sqe, IOSQE_ASYNC);

ret = io_uring_submit(&ring);
    assert(ret == 1);

ret = io_uring_wait_cqe(&ring, &cqe);
    assert(ret == 0);

fd = cqe->res;
    assert(fd > 0);

io_uring_cqe_seen(&ring, cqe);

// close

sqe = io_uring_get_sqe(&ring);
    assert(sqe != nullptr);

io_uring_prep_close(sqe, fd);
    io_uring_sqe_set_flags(sqe, IOSQE_ASYNC);

ret = io_uring_submit(&ring);
    assert(ret == 1);

// wait for the close to complete.
    ret = io_uring_wait_cqe(&ring, &cqe);
    assert(ret == 0);

// verify that close succeeded.
    assert(cqe->res == 0);

io_uring_cqe_seen(&ring, cqe);
}

// create 100 files and then open each file twice.

void
openCloseHang(std::string filePath)
{
    int ret;
    struct io_uring ring;

ret = io_uring_queue_init(8, &ring, 0);
    assert(0 == ret);

int repeat {3};
    int numFiles {100};

std::filesystem::create_directory(filePath);

// files of length 0 are created in the j==0 iteration below.
    // those files are opened and closed during the j>0 iteraions.
    // a repeat of 3 results in a fairly reliable reproduction.

for (int j = 0; j < repeat; j += 1) {
        for (int i = 0; i < numFiles; i += 1) {
            std::string fileName(filePath + "/file" + std::to_string(i));
            openClose(ring, fileName);
        }
    }

std::filesystem::remove_all(filePath);

io_uring_queue_exit(&ring);
}

int
main(int argc, char** argv)
{
    std::string filePath {};
    int iterations {};

struct option options[]
    {
        {"help", no_argument, 0, 'h'}, {"directory", required_argument, 0, 'd'},
            {"count", required_argument, 0, 'c'},
        {
            0, 0, 0, 0
        }
    };
    bool printUsage {false};
    int val {};

while ((val = getopt_long_only(argc, argv, "", options, nullptr)) != -1) {
        if (val == 'h') {
            printUsage = true;
        } else if (val == 'd') {
            filePath = optarg;
            if (std::filesystem::exists(filePath)) {
                printUsage = true;
                std::cerr << "directory must not exist" << std::endl;
            }
        } else if (val == 'c') {
            iterations = atoi(optarg);
            if (0 == iterations) {
                printUsage = true;
            }
        } else {
            printUsage = true;
        }
    }

if ((0 == iterations) || (filePath.empty())) {
        printUsage = true;
    }

if (printUsage || (optind < argc)) {
        std::cerr << "io_uring_open_close_audit_hang.cc --directory DIR --count COUNT" << std::endl;
        exit(1);
    }

for (int i = 0; i < iterations; i += 1) {
        if (0 == (i % 100)) {
            std::cout << "i=" << std::to_string(i) << std::endl;
        }
        openCloseHang(filePath);
    }
    return 0;
}

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-01-09:

#5

This bug is awaiting verification that the linux/6.5.0-16.16 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux' to 'verification-done-mantic-linux'. If the problem still exists, change the tag 'verification-needed-mantic-linux' to 'verification-failed-mantic-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-v2 verification-needed-mantic-linux

Revision history for this message

Roxana Nicolescu (roxanan) wrote on 2024-02-05:

#6

Dan Clash, apologize for the late reply. Next time feel free to test it since you know the details better than anyone. Just use the latest version in proposed.
But providing the test info was really useful as I managed to test it without spending time on it, so thanks for that :)

Revision history for this message

Roxana Nicolescu (roxanan) wrote on 2024-02-05:

#7

Ran ./io_uring_open_close_audit_hang --directory /tmp/deleteme --count 10000 on 6.5.0-17-generic
and it finished

tags:

added: verification-done-lunar-linux verification-done-mantic-linux
removed: verification-needed-lunar-linux verification-needed-mantic-linux

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-02-07:

#8

Download full text (86.2 KiB)

This bug was fixed in the package linux - 6.5.0-17.17

---------------
linux (6.5.0-17.17) mantic; urgency=medium

* mantic/linux: 6.5.0-17.17 -proposed tracker (LP: #2049026)

  * [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
    anymore (LP: #2048919)
    - [Config] Enable S390_UV_UAPI (built-in)

linux (6.5.0-16.16) mantic; urgency=medium

* mantic/linux: 6.5.0-16.16 -proposed tracker (LP: #2048372)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] remove helper scripts
    - [Packaging] update annotations scripts
    - debian/dkms-versions -- update from kernel-versions (main/2024.01.08)

* Add missing RPL P/U CPU IDs (LP: #2047398)
- drm/i915/rpl: Update pci ids for RPL P/U

* Fix BCM57416 lost after resume (LP: #2047518)
- bnxt_en: Clear resource reservation during resume

* Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary"

  * Update bnxt_en with bug fixes and support for Broadcom 5760X network
    adapters (LP: #2045796)
    - bnxt_en: use dev_consume_skb_any() in bnxt_tx_int
    - eth: bnxt: move and rename reset helpers
    - eth: bnxt: take the bit to set as argument of bnxt_queue_sp_work()
    - eth: bnxt: handle invalid Tx completions more gracefully
    - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
    - eth: bnxt: fix warning for define in struct_group
    - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
    - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
    - bnxt_en: Use the unified RX page pool buffers for XDP and non-XDP
    - bnxt_en: Let the page pool manage the DMA mapping
    - bnxt_en: Increment rx_resets counter in bnxt_disable_napi()
    - bnxt_en: Save ring error counters across reset
    - bnxt_en: Display the ring error counters under ethtool -S
    - bnxt_en: Add tx_resets ring counter
    - bnxt: use the NAPI skb allocation cache
    - bnxt_en: Update firmware interface to 1.10.2.171
    - bnxt_en: Enhance hwmon temperature reporting
    - bnxt_en: Move hwmon functions into a dedicated file
    - bnxt_en: Modify the driver to use hwmon_device_register_with_info
    - bnxt_en: Expose threshold temperatures through hwmon
    - bnxt_en: Use non-standard attribute to expose shutdown temperature
    - bnxt_en: Event handler for Thermal event
    - bnxt_en: Support QOS and TPID settings for the SRIOV VLAN
    - bnxt_en: Update VNIC resource calculation for VFs
    - Revert "bnxt_en: Support QOS and TPID settings for the SRIOV VLAN"
    - eth: bnxt: fix backward compatibility with older devices
    - bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI
    - bnxt_en: Fix invoking hwmon_notify_event
    - bnxt_en: add infrastructure to lookup ethtool link mode
    - bnxt_en: support lane configuration via ethtool
    - bnxt_en: refactor speed independent ethtool modes
    - bnxt_en: Refactor NRZ/PAM4 link speed related logic
    - bnxt_en: convert to linkmode_set_bit() API
    - bnxt_en: extend media types to supported and autoneg modes
    - bnxt_en: Fix 2...

This bug was fixed in the package linux - 6.5.0-17.17

---------------
linux (6.5.0-17.17) mantic; urgency=medium

* mantic/linux: 6.5.0-17.17 -proposed tracker (LP: #2049026)

* [UBUNTU 23.04] Regression: Ubuntu 23.04/23.10 do not include uvdevice
    anymore (LP: #2048919)
    - [Config] Enable S390_UV_UAPI (built-in)

linux (6.5.0-16.16) mantic; urgency=medium

* mantic/linux: 6.5.0-16.16 -proposed tracker (LP: #2048372)

* Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper
    - [Packaging] remove helper scripts
    - [Packaging] update annotations scripts
    - debian/dkms-versions -- update from kernel-versions (main/2024.01.08)

* Add missing RPL P/U CPU IDs (LP: #2047398)
    - drm/i915/rpl: Update pci ids for RPL P/U

* Fix BCM57416 lost after resume (LP: #2047518)
    - bnxt_en: Clear resource reservation during resume

* Hotplugging SCSI disk in QEMU VM fails (LP: #2047382)
    - Revert "PCI: acpiphp: Reassign resources on bridge if necessary"

* Update bnxt_en with bug fixes and support for Broadcom 5760X network
    adapters (LP: #2045796)
    - bnxt_en: use dev_consume_skb_any() in bnxt_tx_int
    - eth: bnxt: move and rename reset helpers
    - eth: bnxt: take the bit to set as argument of bnxt_queue_sp_work()
    - eth: bnxt: handle invalid Tx completions more gracefully
    - eth: bnxt: fix one of the W=1 warnings about fortified memcpy()
    - eth: bnxt: fix warning for define in struct_group
    - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy()
    - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c
    - bnxt_en: Use the unified RX page pool buffers for XDP and non-XDP
    - bnxt_en: Let the page pool manage the DMA mapping
    - bnxt_en: Increment rx_resets counter in bnxt_disable_napi()
    - bnxt_en: Save ring error counters across reset
    - bnxt_en: Display the ring error counters under ethtool -S
    - bnxt_en: Add tx_resets ring counter
    - bnxt: use the NAPI skb allocation cache
    - bnxt_en: Update firmware interface to 1.10.2.171
    - bnxt_en: Enhance hwmon temperature reporting
    - bnxt_en: Move hwmon functions into a dedicated file
    - bnxt_en: Modify the driver to use hwmon_device_register_with_info
    - bnxt_en: Expose threshold temperatures through hwmon
    - bnxt_en: Use non-standard attribute to expose shutdown temperature
    - bnxt_en: Event handler for Thermal event
    - bnxt_en: Support QOS and TPID settings for the SRIOV VLAN
    - bnxt_en: Update VNIC resource calculation for VFs
    - Revert "bnxt_en: Support QOS and TPID settings for the SRIOV VLAN"
    - eth: bnxt: fix backward compatibility with older devices
    - bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI
    - bnxt_en: Fix invoking hwmon_notify_event
    - bnxt_en: add infrastructure to lookup ethtool link mode
    - bnxt_en: support lane configuration via ethtool
    - bnxt_en: refactor speed independent ethtool modes
    - bnxt_en: Refactor NRZ/PAM4 link speed related logic
    - bnxt_en: convert to linkmode_set_bit() API
    - bnxt_en: extend media types to supported and autoneg modes
    - bnxt_en: Fix 2 stray ethtool -S counters
    - bnxt_en: Put the TX producer information in the TX BD opaque field
    - bnxt_en: Add completion ring pointer in TX and RX ring structures
    - bnxt_en: Restructure cp_ring_arr in struct bnxt_cp_ring_info
    - bnxt_en: Add completion ring pointer in TX and RX ring structures
    - bnxt_en: Remove BNXT_RX_HDL and BNXT_TX_HDL
    - bnxt_en: Refactor bnxt_tx_int()
    - bnxt_en: New encoding for the TX opaque field
    - bnxt_en: Refactor bnxt_hwrm_set_coal()
    - bnxt_en: Support up to 8 TX rings per MSIX
    - bnxt_en: Add helper to get the number of CP rings required for TX rings
    - bnxt_en: Add macros related to TC and TX rings
    - bnxt_en: Use existing MSIX vectors for all mqprio TX rings
    - bnxt_en: Optimize xmit_more TX path
    - bnxt_en: The caller of bnxt_alloc_ctx_mem() should always free bp->ctx
    - bnxt_en: Free bp->ctx inside bnxt_free_ctx_mem()
    - bnxt_en: Restructure context memory data structures
    - bnxt_en: Add page info to struct bnxt_ctx_mem_type
    - bnxt_en: Use the pg_info field in bnxt_ctx_mem_type struct
    - bnxt_en: Add bnxt_setup_ctxm_pg_tbls() helper function
    - bnxt_en: Add support for new backing store query firmware API
    - bnxt_en: Add support for HWRM_FUNC_BACKING_STORE_CFG_V2 firmware calls
    - bnxt_en: Add db_ring_mask and related macro to bnxt_db_info struct.
    - bnxt_en: Modify TX ring indexing logic.
    - bnxt_en: Modify RX ring indexing logic.
    - bnxt_en: Modify the NAPI logic for the new P7 chips
    - bnxt_en: Rename some macros for the P5 chips
    - bnxt_en: Fix backing store V2 logic
    - bnxt_en: Update firmware interface to 1.10.3.15
    - bnxt_en: Define basic P7 macros
    - bnxt_en: Consolidate DB offset calculation
    - bnxt_en: Implement the new toggle bit doorbell mechanism on P7 chips
    - bnxt_en: Refactor RSS capability fields
    - bnxt_en: Add new P7 hardware interface definitions
    - bnxt_en: Refactor RX VLAN acceleration logic.
    - bnxt_en: Refactor and refine bnxt_tpa_start() and bnxt_tpa_end().
    - bnxt_en: Add support for new RX and TPA_START completion types for P7
    - bnxt_en: Refactor ethtool speeds logic
    - bnxt_en: Support new firmware link parameters
    - bnxt_en: Support force speed using the new HWRM fields
    - bnxt_en: Report the new ethtool link modes in the new firmware interface
    - bnxt_en: Add 5760X (P7) PCI IDs
    - net: bnxt: fix a potential use-after-free in bnxt_init_tc

* drm: Update file owner during use (LP: #2047461)
    - drm: Update file owner during use

* CVE-2023-6622
    - netfilter: nf_tables: bail out on mismatching dynset and set expressions

* CVE-2024-0193
    - netfilter: nf_tables: skip set commit for deleted/destroyed sets

* Support Cirrus CS35L41 codec on Dell Oasis 13/14/16 laptops (LP: #2044096)
    - ALSA: hda/realtek: Add support dual speaker for Dell

* Add support of MTL audio of Lenovo (LP: #2048078)
    - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format

* Fix AMDGPU crash on 6.5 kernel (LP: #2047389)
    - drm/amdgpu: disable MCBP by default

* Some machines can't pass the pm-graph test (LP: #2046217)
    - wifi: iwlwifi: pcie: rescan bus if no parent

* Sound: Add rtl quirk of M90-Gen5 (LP: #2046105)
    - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5

* linux tools packages for derived kernels refuse to install simultaneously
    due to libcpupower name collision (LP: #2035971)
    - [Packaging] Statically link libcpupower into cpupower tool

* [Debian] autoreconstruct - Do not generate chmod -x for deleted  files
    (LP: #2045562)
    - [Debian] autoreconstruct - Do not generate chmod -x for deleted files

* CVE-2023-6931
    - perf: Fix perf_event_validate_size()
    - perf: Fix perf_event_validate_size() lockdep splat

* Mantic update: v6.5.8 upstream stable release (LP: #2046269)
    - net: stmmac: remove unneeded stmmac_poll_controller
    - RDMA/cxgb4: Check skb value for failure to allocate
    - perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7
    - platform/x86: think-lmi: Fix reference leak
    - drm/i915: Register engines early to avoid type confusion
    - cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer
    - drm/amdgpu: Fix a memory leak
    - platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section
      mismatch warning
    - media: dt-bindings: imx7-csi: Make power-domains not required for imx8mq
    - drm/amd/display: implement pipe type definition and adding accessors
    - drm/amd/display: apply edge-case DISPCLK WDIVIDER changes to master OTG
      pipes only
    - scsi: Do not rescan devices with a suspended queue
    - ata: pata_parport: fix pata_parport_devchk
    - ata: pata_parport: implement set_devctl
    - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
    - quota: Fix slow quotaoff
    - dm crypt: Fix reqsize in crypt_iv_eboiv_gen
    - ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM
    - ASoC: hdmi-codec: Fix broken channel map reporting
    - ata: libata-scsi: Disable scsi device manage_system_start_stop
    - net: prevent address rewrite in kernel_bind()
    - arm64: dts: qcom: sm8150: extend the size of the PDC resource
    - dt-bindings: interrupt-controller: renesas,rzg2l-irqc: Update description
      for '#interrupt-cells' property
    - irqchip: renesas-rzg2l: Fix logic to clear TINT interrupt source
    - KEYS: trusted: Remove redundant static calls usage
    - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
    - ALSA: usb-audio: Fix microphone sound on Nexigo webcam.
    - ALSA: hda: cs35l41: Cleanup and fix double free in firmware request
    - ALSA: hda/realtek: Change model for Intel RVP board
    - ASoC: SOF: amd: fix for firmware reload failure after playback
    - ASoC: simple-card-utils: fixup simple_util_startup() error handling
    - ASoC: Intel: soc-acpi: fix Dell SKU 0B34
    - ASoC: Intel: soc-acpi: Add entry for HDMI_In capture support in MTL match
      table
    - ASoC: fsl_sai: Don't disable bitclock for i.MX8MP
    - ASoC: Intel: sof_sdw: add support for SKU 0B14
    - ASoC: Intel: soc-acpi: Add entry for sof_es8336 in MTL match table.
    - ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP
    - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED
    - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx
    - pinctrl: nuvoton: wpcm450: fix out of bounds write
    - pinctrl: starfive: jh7110: Fix failure to set irq after CONFIG_PM is enabled
    - drm/msm/dp: do not reinitialize phy unless retry during link training
    - drm/msm/dsi: skip the wait for video mode done if not applicable
    - drm/msm/dsi: fix irq_of_parse_and_map() error checking
    - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow
    - drm/msm/dp: Add newlines to debug printks
    - drm/msm/dpu: fail dpu_plane_atomic_check() based on mdp clk limits
    - phy: lynx-28g: cancel the CDR check work item on the remove path
    - phy: lynx-28g: lock PHY while performing CDR lock workaround
    - phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared
      registers
    - net: dsa: qca8k: fix regmap bulk read/write methods on big endian systems
    - net: dsa: qca8k: fix potential MDIO bus conflict when accessing internal
      PHYs via management frames
    - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior
    - can: sun4i_can: Only show Kconfig if ARCH_SUNXI is set
    - arm64: dts: mediatek: fix t-phy unit name
    - arm64: dts: mediatek: mt8195: Set DSU PMU status to fail
    - devlink: Hold devlink lock on health reporter dump get
    - ravb: Fix up dma_free_coherent() call in ravb_remove()
    - ravb: Fix use-after-free issue in ravb_tx_timeout_work()
    - ieee802154: ca8210: Fix a potential UAF in ca8210_probe
    - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type
    - xen-netback: use default TX queue size for vifs
    - riscv, bpf: Sign-extend return values
    - riscv, bpf: Track both a0 (RISC-V ABI) and a5 (BPF) return values
    - xdp: Fix zero-size allocation warning in xskq_create()
    - drm/vmwgfx: fix typo of sizeof argument
    - bpf: Fix verifier log for async callback return values
    - net: refine debug info in skb_checksum_help()
    - octeontx2-pf: mcs: update PN only when update_pn is true
    - net: macsec: indicate next pn update when offloading
    - net: phy: mscc: macsec: reject PN update requests
    - net/mlx5e: macsec: use update_pn flag instead of PN comparation
    - drm/panel: boe-tv101wum-nl6: Completely pull GPW to VGL before TP term
    - ixgbe: fix crash with empty VF macvlan list
    - net/smc: Fix dependency of SMC on ISM
    - net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp
    - s390/bpf: Fix clobbering the caller's backchain in the trampoline
    - s390/bpf: Fix unwinding past the trampoline
    - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
    - net: tcp: fix crashes trying to free half-baked MTU probes
    - pinctrl: renesas: rzn1: Enable missing PINMUX
    - af_packet: Fix fortified memcpy() without flex array.
    - nfc: nci: assert requested protocol is valid
    - octeontx2-pf: Fix page pool frag allocation warning
    - rswitch: Fix renesas_eth_sw_remove() implementation
    - rswitch: Fix imbalance phy_power_off() calling
    - workqueue: Override implicit ordered attribute in
      workqueue_apply_unbound_cpumask()
    - riscv: signal: fix sigaltstack frame size checking
    - ovl: temporarily disable appending lowedirs
    - dmaengine: stm32-mdma: abort resume if no ongoing transfer
    - dmaengine: stm32-dma: fix stm32_dma_prep_slave_sg in case of MDMA chaining
    - dmaengine: stm32-dma: fix residue in case of MDMA chaining
    - dmaengine: stm32-mdma: use Link Address Register to compute residue
    - dmaengine: stm32-mdma: set in_flight_bytes in case CRQA flag is set
    - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
    - xhci: track port suspend state correctly in unsuccessful resume cases
    - xhci: Clear EHB bit only at end of interrupt handler
    - xhci: Preserve RsvdP bits in ERSTBA register correctly
    - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
    - usb: dwc3: Soft reset phy on probe for host
    - usb: cdns3: Modify the return value of cdns_set_active () to void when
      CONFIG_PM_SLEEP is disabled
    - usb: hub: Guard against accesses to uninitialized BOS descriptors
    - usb: musb: Get the musb_qh poniter after musb_giveback
    - usb: musb: Modify the "HWVers" register address
    - iio: pressure: bmp280: Fix NULL pointer exception
    - iio: imu: bno055: Fix missing Kconfig dependencies
    - iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data()
    - iio: adc: imx8qxp: Fix address for command buffer registers
    - iio: dac: ad3552r: Correct device IDs
    - iio: admv1013: add mixer_vgate corner cases
    - iio: pressure: dps310: Adjust Timeout Settings
    - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
    - iio: adc: ad7192: Correct reference voltage
    - iio: addac: Kconfig: update ad74413r selections
    - media: subdev: Don't report V4L2_SUBDEV_CAP_STREAMS when the streams API is
      disabled
    - arm64: dts: mediatek: mt8195-demo: fix the memory size to 8GB
    - arm64: dts: mediatek: mt8195-demo: update and reorder reserved memory
      regions
    - drm: Do not overrun array in drm_gem_get_pages()
    - drm/tiny: correctly print `struct resource *` on error
    - drm/atomic-helper: relax unregistered connector check
    - drm/amdgpu: add missing NULL check
    - drm/amd/display: Don't set dpms_off for seamless boot
    - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
    - ACPI: resource: Add TongFang GM6BGEQ, GM6BG5Q and GM6BG0Q to
      irq1_edge_low_force_override[]
    - ACPI: EC: Add quirk for the HP Pavilion Gaming 15-dk1xxx
    - serial: Reduce spinlocked portion of uart_rs485_config()
    - serial: 8250_omap: Fix errors with no_console_suspend
    - serial: core: Fix checks for tx runtime PM state
    - binder: fix memory leaks of spam and pending work
    - ksmbd: not allow to open file if delelete on close bit is set
    - perf/x86/lbr: Filter vsyscall addresses
    - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
    - x86/alternatives: Disable KASAN in apply_alternatives()
    - mcb: remove is_added flag from mcb_device struct
    - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple
      Ridge
    - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding
    - thunderbolt: Correct TMU mode initialization from hardware
    - thunderbolt: Restart XDomain discovery handshake after failure
    - powerpc/pseries: Fix STK_PARAM access in the hcall tracing code
    - powerpc/47x: Fix 47x syscall return crash
    - libceph: use kernel_connect()
    - ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
    - ceph: fix type promotion bug on 32bit systems
    - Input: powermate - fix use-after-free in powermate_config_complete
    - Input: psmouse - fix fast_reconnect function for PS/2 mode
    - Input: xpad - add PXN V900 support
    - Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table
    - Input: xpad - add HyperX Clutch Gladiate Support
    - Input: goodix - ensure int GPIO is in input for gpio_count == 1 &&
      gpio_int_idx == 0 case
    - tee: amdtee: fix use-after-free vulnerability in amdtee_close_session
    - mctp: perform route lookups under a RCU read-side lock
    - block: Don't invalidate pagecache for invalid falloc modes
    - nfp: flower: avoid rmmod nfp crash issues
    - can: sja1000: Always restart the Tx queue after an overrun
    - power: supply: qcom_battmgr: fix battery_id type
    - power: supply: qcom_battmgr: fix enable request endianness
    - usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply
      scope
    - cgroup: Remove duplicates in cgroup v1 tasks file
    - dma-buf: add dma_fence_timestamp helper
    - scsi: ufs: core: Correct clear TM error log
    - riscv: Only consider swbp/ss handlers for correct privileged mode
    - counter: chrdev: fix getting array extensions
    - counter: microchip-tcb-capture: Fix the use of internal GCLK logic
    - coresight: Fix run time warnings while reusing ETR buffer
    - riscv: Remove duplicate objcopy flag
    - RISC-V: Fix wrong use of CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK
    - usb: typec: ucsi: Fix missing link removal
    - usb: typec: altmodes/displayport: Signal hpd low when exiting mode
    - usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails
    - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
    - usb: cdnsp: Fixes issue with dequeuing not queued requests
    - usb: typec: qcom: Update the logic of regulator enable and disable
    - usb: misc: onboard_hub: add support for Microchip USB2412 USB 2.0 hub
    - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq
    - dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
    - powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
    - powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
    - fs: Fix kernel-doc warnings
    - fs: factor out vfs_parse_monolithic_sep() helper
    - ovl: fix regression in parsing of mount options with escaped comma
    - ovl: make use of ->layers safe in rcu pathwalk
    - ovl: fix regression in showing lowerdir mount option
    - ALSA: hda/realtek - Fixed two speaker platform
    - Linux 6.5.8

* Mantic update: v6.5.7 upstream stable release (LP: #2045806)
    - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
    - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
    - maple_tree: add mas_is_active() to detect in-tree walks
    - mptcp: Remove unnecessary test for __mptcp_init_sock()
    - mptcp: rename timer related helper to less confusing names
    - mptcp: fix dangling connection hang-up
    - scsi: core: Improve type safety of scsi_rescan_device()
    - scsi: Do not attempt to rescan suspended devices
    - ata: libata-scsi: Fix delayed scsi_rescan_device() execution
    - btrfs: remove btrfs_writepage_endio_finish_ordered
    - btrfs: remove end_extent_writepage
    - btrfs: don't clear uptodate on write errors
    - arm64: add HWCAP for FEAT_HBC (hinted conditional branches)
    - arm64: cpufeature: Fix CLRBHB and BC detection
    - net: add sysctl accept_ra_min_rtr_lft
    - net: change accept_ra_min_rtr_lft to affect all RA lifetimes
    - net: release reference to inet6_dev pointer
    - iommu/arm-smmu-v3: Avoid constructing invalid range commands
    - maple_tree: reduce resets during store setup
    - maple_tree: add MAS_UNDERFLOW and MAS_OVERFLOW states
    - iommu/apple-dart: Handle DMA_FQ domains in attach_dev()
    - scsi: zfcp: Fix a double put in zfcp_port_enqueue()
    - iommu/vt-d: Avoid memory allocation in iommu_suspend()
    - net: mana: Fix TX CQE error handling
    - net: ethernet: mediatek: disable irq before schedule napi
    - mptcp: fix delegated action races
    - mptcp: userspace pm allow creating id 0 subflow
    - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info
    - Bluetooth: hci_codec: Fix leaking content of local_codecs
    - wifi: brcmfmac: Replace 1-element arrays with flexible arrays
    - Bluetooth: hci_sync: Fix handling of HCI_QUIRK_STRICT_DUPLICATE_FILTER
    - wifi: rtw88: rtw8723d: Fix MAC address offset in EEPROM
    - wifi: mwifiex: Fix tlv_buf_left calculation
    - md/raid5: release batch_last before waiting for another stripe_head
    - PCI/PM: Mark devices disconnected if upstream PCIe link is down on resume
    - PCI: qcom: Fix IPQ8074 enumeration
    - platform/x86/intel/ifs: release cpus_read_lock()
    - net: replace calls to sock->ops->connect() with kernel_connect()
    - btrfs: always print transaction aborted messages with an error level
    - net: prevent rewrite of msg_name in sock_sendmsg()
    - drm/i915: Don't set PIPE_CONTROL_FLUSH_L3 for aux inval
    - drm/amd: Fix detection of _PR3 on the PCIe root port
    - drm/amd: Fix logic error in sienna_cichlid_update_pcie_parameters()
    - arm64: Add Cortex-A520 CPU part definition
    - [Config] updateconfigs for ARM64_ERRATUM_2966298
    - arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
    - HID: sony: Fix a potential memory leak in sony_probe()
    - wifi: mt76: fix lock dependency problem for wed_lock
    - ubi: Refuse attaching if mtd's erasesize is 0
    - erofs: fix memory leak of LZMA global compressed deduplication
    - wifi: cfg80211/mac80211: hold link BSSes when assoc fails for MLO connection
    - iwlwifi: mvm: handle PS changes in vif_cfg_changed
    - wifi: iwlwifi: dbg_ini: fix structure packing
    - wifi: iwlwifi: mvm: Fix a memory corruption issue
    - wifi: cfg80211: fix cqm_config access race
    - rtla/timerlat_aa: Zero thread sum after every sample analysis
    - rtla/timerlat_aa: Fix negative IRQ delay
    - rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread
      sample
    - wifi: cfg80211: add missing kernel-doc for cqm_rssi_work
    - wifi: mac80211: fix mesh id corruption on 32 bit systems
    - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet
    - HID: nvidia-shield: add LEDS_CLASS dependency
    - erofs: allow empty device tags in flatdev mode
    - s390/bpf: Let arch_prepare_bpf_trampoline return program size
    - leds: Drop BUG_ON check for LED_COLOR_ID_MULTI
    - bpf: Fix tr dereferencing
    - bpf: unconditionally reset backtrack_state masks on global func exit
    - regulator: mt6358: split ops for buck and linear range LDO regulators
    - Bluetooth: Delete unused hci_req_prepare_suspend() declaration
    - Bluetooth: Fix hci_link_tx_to RCU lock usage
    - Bluetooth: ISO: Fix handling of listen for unicast
    - drivers/net: process the result of hdlc_open() and add call of hdlc_close()
      in uhdlc_close()
    - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
    - perf/x86/amd/core: Fix overflow reset on hotplug
    - rtla/timerlat: Do not stop user-space if a cpu is offline
    - regmap: rbtree: Fix wrong register marked as in-cache when creating new node
    - wifi: mac80211: fix potential key use-after-free
    - perf/x86/amd: Do not WARN() on every IRQ
    - iommu/mediatek: Fix share pgtable for iova over 4GB
    - wifi: mac80211: Create resources for disabled links
    - regulator/core: regulator_register: set device->class earlier
    - ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig
    - [Config] updateconfigs for IMA_BLACKLIST_KEYRING
    - wifi: iwlwifi: mvm: Fix incorrect usage of scan API
    - scsi: target: core: Fix deadlock due to recursive locking
    - ima: rework CONFIG_IMA dependency block
    - NFSv4: Fix a nfs4_state_manager() race
    - ice: always add legacy 32byte RXDID in supported_rxdids
    - bpf: tcp_read_skb needs to pop skb regardless of seq
    - bpf, sockmap: Do not inc copied_seq when PEEK flag set
    - bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
    - modpost: add missing else to the "of" check
    - net: stmmac: platform: fix the incorrect parameter
    - net: fix possible store tearing in neigh_periodic_work()
    - neighbour: fix data-races around n->output
    - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
    - ptp: ocp: Fix error handling in ptp_ocp_device_init
    - net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent
    - ovl: move freeing ovl_entry past rcu delay
    - ovl: fetch inode once in ovl_dentry_revalidate_common()
    - ipv6: tcp: add a missing nf_reset_ct() in 3WHS handling
    - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
    - ethtool: plca: fix plca enable data type while parsing the value
    - net: nfc: llcp: Add lock when modifying device list
    - net: renesas: rswitch: Add spin lock protection for irq {un}mask
    - rswitch: Fix PHY station management clock setting
    - net: ethernet: ti: am65-cpsw: Fix error code in
      am65_cpsw_nuss_init_tx_chns()
    - ibmveth: Remove condition to recompute TCP header checksum.
    - netfilter: nft_payload: rebuild vlan header on h_proto access
    - netfilter: handle the connecting collision properly in
      nf_conntrack_proto_sctp
    - selftests: netfilter: Test nf_tables audit logging
    - selftests: netfilter: Extend nft_audit.sh
    - netfilter: nf_tables: Deduplicate nft_register_obj audit logs
    - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure
    - ipv4: Set offload_failed flag in fibmatch results
    - net: stmmac: dwmac-stm32: fix resume on STM32 MCU
    - tipc: fix a potential deadlock on &tx->lock
    - tcp: fix quick-ack counting to count actual ACKs of new data
    - tcp: fix delayed ACKs for MSS boundary condition
    - sctp: update transport state when processing a dupcook packet
    - sctp: update hb timer immediately after users change hb_interval
    - netlink: annotate data-races around sk->sk_err
    - net: mana: Fix the tso_bytes calculation
    - net: mana: Fix oversized sge0 for GSO packets
    - HID: nvidia-shield: Fix a missing led_classdev_unregister() in the probe
      error handling path
    - HID: sony: remove duplicate NULL check before calling usb_free_urb()
    - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
    - net: lan743x: also select PHYLIB
    - parisc: Restore __ldcw_align for PA-RISC 2.0 processors
    - smb: use kernel_connect() and kernel_bind()
    - parisc: Fix crash with nr_cpus=1 option
    - dm zoned: free dmz->ddev array in dmz_put_zoned_devices
    - RDMA/core: Require admin capabilities to set system parameters
    - of: dynamic: Fix potential memory leak in of_changeset_action()
    - IB/mlx4: Fix the size of a buffer in add_port_entries()
    - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config()
    - gpio: pxa: disable pinctrl calls for MMP_GPIO
    - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join
    - RDMA/cma: Fix truncation compilation warning in make_cma_ports
    - RDMA/bnxt_re: Fix the handling of control path response data
    - RDMA/uverbs: Fix typo of sizeof argument
    - RDMA/srp: Do not call scsi_done() from srp_abort()
    - RDMA/siw: Fix connection failure handling
    - RDMA/mlx5: Fix mkey cache possible deadlock on cleanup
    - RDMA/mlx5: Fix assigning access flags to cache mkeys
    - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation
    - RDMA/mlx5: Fix NULL string error
    - x86/sev: Change npages to unsigned long in snp_accept_memory()
    - x86/sev: Use the GHCB protocol when available for SNP CPUID requests
    - ksmbd: fix race condition between session lookup and expire
    - ksmbd: fix uaf in smb20_oplock_break_ack
    - ksmbd: fix race condition from parallel smb2 lock requests
    - RDMA/mlx5: Remove not-used cache disable flag
    - Linux 6.5.7

* Mantic update: v6.5.7 upstream stable release (LP: #2045806) //
    CVE-2023-34324
    - xen/events: replace evtchn_rwlock with RCU

* CVE-2023-6932
    - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

* CVE-2023-6531
    - io_uring/af_unix: disable sending io_uring over sockets

* CVE-2023-6606
    - smb: client: fix OOB in smbCalcSize()

* CVE-2023-6817
    - netfilter: nft_set_pipapo: skip inactive elements during set walk

* Avoid using damage rectangle under hardware rotation mode when PSR is
    enabled (LP: #2045958)
    - drm/amd/display: fix hw rotated modes when PSR-SU is enabled

* CVE-2023-46813
    - x86/sev: Disable MMIO emulation from user mode
    - x86/sev: Check IOBM for IOIO exceptions from user-space
    - x86/sev: Check for user-space IOIO pointing to kernel space

* CVE-2023-6111
    - netfilter: nf_tables: remove catchall element in GC sync path

* CVE-2023-5972
    - nf_tables: fix NULL pointer dereference in nft_inner_init()
    - nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()

* Orchid Bay MLK2/Maya Bay MLK soundwire support (LP: #2042090)
    - ASoC: Intel: soc-acpi-intel-mtl-match: add rt713 rt1316 config
    - ASoC: Intel: sof_sdw_rt_sdca_jack_common: add rt713 support
    - ASoC: Intel: sof_sdw_rt712_sdca: construct cards->components by name_prefix
    - ASoC: Intel: soc-acpi: rt713+rt1316, no sdw-dmic config

* Build failure if run in a console (LP: #2044512)
    - [Packaging] Fix kernel module compression failures

* Fix system suspend problem for Cirrus CS35L41 HDA codec on HP ZBook Fury 16
    G9 (LP: #2042060)
    - ALSA: hda: cs35l41: Override the _DSD for HP Zbook Fury 17 G9 to correct
      boost type
    - ALSA: hda: cs35l41: Use reset label to get GPIO for HP Zbook Fury 17 G9
    - ALSA: hda: cs35l41: Assert reset before system suspend
    - ALSA: hda: cs35l41: Assert Reset prior to de-asserting in probe and system
      resume
    - ALSA: hda: cs35l41: Run boot process during resume callbacks
    - ALSA: hda: cs35l41: Force a software reset after hardware reset
    - ALSA: hda: cs35l41: Do not unload firmware before reset in system suspend
    - ALSA: hda: cs35l41: Check CSPL state after loading firmware
    - ASoC: cs35l41: Detect CSPL errors when sending CSPL commands

* Support speaker mute hotkey for Cirrus CS35L41 HDA codec (LP: #2039151)
    - ALSA: hda: cs35l41: Support systems with missing _DSD properties
    - ALSA: hda: cs35l41: Fix the loop check in cs35l41_add_dsd_properties
    - ALSA: hda: cs35l41: Add notification support into component binding
    - ALSA: hda/realtek: Support ACPI Notification framework via component binding
    - ALSA: hda: cs35l41: Support mute notifications for CS35L41 HDA
    - ALSA: hda: cs35l41: Add read-only ALSA control for forced mute

* Add SoF topology support on Intel RaptorLake DELL SKU 0C11 (LP: #2038263)
    - ASoC: Intel: soc-acpi-intel-rpl-match: add rt711-l0-rt1316-l12 support

* Update io_uring to 6.6 (LP: #2043730)
    - fs: create kiocb_{start,end}_write() helpers
    - fs: add IOCB flags related to passing back dio completions
    - io_uring/poll: always set 'ctx' in io_cancel_data
    - io_uring/timeout: always set 'ctx' in io_cancel_data
    - io_uring/cancel: abstract out request match helper
    - io_uring/cancel: fix sequence matching for IORING_ASYNC_CANCEL_ANY
    - io_uring: use cancelation match helper for poll and timeout requests
    - io_uring/cancel: add IORING_ASYNC_CANCEL_USERDATA
    - io_uring/cancel: support opcode based lookup and cancelation
    - io_uring/cancel: wire up IORING_ASYNC_CANCEL_OP for sync cancel
    - io_uring/rw: add write support for IOCB_DIO_CALLER_COMP
    - io_uring: Add io_uring command support for sockets
    - io_uring/rsrc: Remove unused declaration io_rsrc_put_tw()
    - io_uring: cleanup 'ret' handling in io_iopoll_check()
    - io_uring/fdinfo: get rid of ref tryget
    - io_uring/splice: use fput() directly
    - io_uring: have io_file_put() take an io_kiocb rather than the file
    - io_uring: remove unnecessary forward declaration
    - io_uring/io-wq: don't grab wq->lock for worker activation
    - io_uring/io-wq: reduce frequency of acct->lock acquisitions
    - io_uring/io-wq: don't gate worker wake up success on wake_up_process()
    - io_uring: open code io_fill_cqe_req()
    - io_uring: remove return from io_req_cqe_overflow()
    - io_uring: never overflow io_aux_cqe
    - io_uring/rsrc: keep one global dummy_ubuf
    - io_uring: simplify io_run_task_work_sig return
    - io_uring/rsrc: Annotate struct io_mapped_ubuf with __counted_by
    - io_uring: rename kiocb_end_write() local helper
    - io_uring: use kiocb_{start,end}_write() helpers
    - io_uring: stop calling free_compound_page()
    - io_uring: improve cqe !tracing hot path
    - io_uring: cqe init hardening
    - io_uring: simplify big_cqe handling
    - io_uring: refactor __io_get_cqe()
    - io_uring: optimise extra io_get_cqe null check
    - io_uring: reorder cqring_flush and wakeups
    - io_uring: merge iopoll and normal completion paths
    - io_uring: force inline io_fill_cqe_req
    - io_uring: compact SQ/CQ heads/tails
    - io_uring: add option to remove SQ indirection
    - io_uring: move non aligned field to the end
    - io_uring: banish non-hot data to end of io_ring_ctx
    - io_uring: separate task_work/waiting cache line
    - io_uring: move multishot cqe cache in ctx
    - io_uring: move iopoll ctx fields around
    - io_uring: fix IO hang in io_wq_put_and_exit from do_exit()
    - io_uring/fdinfo: only print ->sq_array[] if it's there
    - io_uring: fix unprotected iopoll overflow
    - Revert "io_uring: fix IO hang in io_wq_put_and_exit from do_exit()"
    - io_uring/kbuf: don't allow registered buffer rings on highmem pages
    - io_uring: ensure io_lockdep_assert_cq_locked() handles disabled rings
    - io_uring: don't allow IORING_SETUP_NO_MMAP rings on highmem pages
    - io-wq: fully initialize wqe before calling
      cpuhp_state_add_instance_nocalls()
    - io_uring: fix crash with IORING_SETUP_NO_MMAP and invalid SQ ring address
    - io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
    - io_uring/rw: disable IOCB_DIO_CALLER_COMP
    - io_uring: kiocb_done() should *not* trust ->ki_pos if ->{read,write}_iter()
      failed

* System hang after unplug/plug DP monitor with AMD W7500 card (LP: #2042912)
    - drm/amd/pm: Fix error of MACO flag setting code

* correct cephfs pull request for uidmap support (LP: #2041613)
    - Revert "UBUNTU: SAUCE: ceph: BUG if MDS changed truncate_seq with client
      caps still outstanding"
    - Revert "UBUNTU: SAUCE: ceph: make sure all the files successfully put before
      unmounting"
    - Revert "UBUNTU: SAUCE: mm: BUG if filemap_alloc_folio gives us a folio with
      a non-NULL ->private"
    - Revert "UBUNTU: SAUCE: ceph: dump info about cap flushes when we're waiting
      too long for them"
    - Revert "UBUNTU: SAUCE: rbd: bump RBD_MAX_PARENT_CHAIN_LEN to 128"

* RTL8111EPP: Fix the network lost after resume with DASH (LP: #2043786)
    - r8169: add handling DASH when DASH is disabled
    - r8169: fix network lost after resume on DASH systems

* kernel BUG: io_uring openat triggers audit reference count underflow
    (LP: #2043841)
    - audit, io_uring: io_uring openat triggers audit reference count underflow

* Fix ADL: System enabled AHCI can't get into s0ix when attached ODD
    (LP: #2037493)
    - ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list

* [UBUNTU 23.04] Kernel config option missing for s390x PCI passthrough
    (LP: #2042853)
    - [Config] CONFIG_VFIO_PCI_ZDEV_KVM=y

* Azure: Fix Azure vendor ID (LP: #2036600)
    - SAUCE: (no-up) hv: Fix supply vendor ID

* Mantic update: v6.5.6 upstream stable release (LP: #2044174)
    - NFS: Fix error handling for O_DIRECT write scheduling
    - NFS: Fix O_DIRECT locking issues
    - NFS: More O_DIRECT accounting fixes for error paths
    - NFS: Use the correct commit info in nfs_join_page_group()
    - NFS: More fixes for nfs_direct_write_reschedule_io()
    - NFS/pNFS: Report EINVAL errors from connect() to the server
    - SUNRPC: Mark the cred for revalidation if the server rejects it
    - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server
    - NFSv4.1: fix pnfs MDS=DS session trunking
    - media: v4l: Use correct dependency for camera sensor drivers
    - media: via: Use correct dependency for camera sensor drivers
    - gfs2: Fix another freeze/thaw hang
    - netfs: Only call folio_start_fscache() one time for each folio
    - btrfs: improve error message after failure to add delayed dir index item
    - btrfs: remove BUG() after failure to insert delayed dir index item
    - ext4: replace the traditional ternary conditional operator with with
      max()/min()
    - ext4: move setting of trimmed bit into ext4_try_to_trim_range()
    - ext4: do not let fstrim block system suspend
    - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
    - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
    - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation
      fails
    - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
    - netfilter: nf_tables: fix memleak when more than 255 elements expired
    - ASoC: meson: spdifin: start hw on dai probe
    - netfilter: nf_tables: disallow element removal on anonymous sets
    - bpf: Avoid deadlock when using queue and stack maps from NMI
    - bpf: Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init
    - ALSA: docs: Fix a typo of midi2_ump_probe option for snd-usb-audio
    - ALSA: seq: Avoid delivery of events for disabled UMP groups
    - ASoC: rt5640: Revert "Fix sleep in atomic context"
    - ASoC: rt5640: Fix sleep in atomic context
    - ASoC: rt5640: fix typos
    - ASoC: rt5640: Do not disable/enable IRQ twice on suspend/resume
    - ASoC: rt5640: Enable the IRQ on resume after configuring jack-detect
    - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode
    - bpf: Fix a erroneous check after snprintf()
    - selftests/bpf: fix unpriv_disabled check in test_verifier
    - ALSA: hda/realtek: Splitting the UX3402 into two separate models
    - netfilter: conntrack: fix extension size table
    - netfilter: nf_tables: Fix entries val in rule reset audit log
    - Compiler Attributes: counted_by: Adjust name and identifier expansion
    - uapi: stddef.h: Fix header guard location
    - uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++
    - memblock tests: Fix compilation errors.
    - ASoC: SOF: ipc4-topology: fix wrong sizeof argument
    - net: microchip: sparx5: Fix memory leak for
      vcap_api_rule_add_keyvalue_test()
    - net: microchip: sparx5: Fix memory leak for
      vcap_api_rule_add_actionvalue_test()
    - net: microchip: sparx5: Fix possible memory leak in
      vcap_api_encode_rule_test()
    - net: microchip: sparx5: Fix possible memory leaks in
      test_vcap_xn_rule_creator()
    - net: microchip: sparx5: Fix possible memory leaks in vcap_api_kunit
    - selftests: tls: swap the TX and RX sockets in some tests
    - net/core: Fix ETH_P_1588 flow dissector
    - ALSA: seq: ump: Fix -Wformat-truncation warning
    - ASoC: hdaudio.c: Add missing check for devm_kstrdup
    - ASoC: imx-audmix: Fix return error with devm_clk_get()
    - octeon_ep: fix tx dma unmap len values in SG
    - iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set
    - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was
      successful
    - iavf: add iavf_schedule_aq_request() helper
    - iavf: schedule a request immediately after add/delete vlan
    - i40e: Fix VF VLAN offloading when port VLAN is configured
    - netfilter, bpf: Adjust timeouts of non-confirmed CTs in
      bpf_ct_insert_entry()
    - ionic: fix 16bit math issue when PAGE_SIZE >= 64KB
    - igc: Fix infinite initialization loop with early XDP redirect
    - scsi: iscsi_tcp: restrict to TCP sockets
    - powerpc/perf/hv-24x7: Update domain value check
    - powerpc/dexcr: Move HASHCHK trap handler
    - dccp: fix dccp_v4_err()/dccp_v6_err() again
    - x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
    - net: hsr: Properly parse HSRv1 supervisor frames.
    - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop()
    - platform/x86: intel_scu_ipc: Check status upon timeout in
      ipc_wait_for_interrupt()
    - platform/x86: intel_scu_ipc: Don't override scu in
      intel_scu_ipc_dev_simple_command()
    - platform/x86: intel_scu_ipc: Fail IPC send if still busy
    - x86/asm: Fix build of UML with KASAN
    - x86/srso: Fix srso_show_state() side effect
    - x86/srso: Set CPUID feature bits independently of bug or mitigation status
    - x86/srso: Don't probe microcode in a guest
    - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off
    - net: hns3: add cmdq check for vf periodic service task
    - net: hns3: fix GRE checksum offload issue
    - net: hns3: only enable unicast promisc when mac table full
    - net: hns3: fix fail to delete tc flower rules during reset issue
    - net: hns3: add 5ms delay before clear firmware reset irq source
    - net: bridge: use DEV_STATS_INC()
    - team: fix null-ptr-deref when team device type is changed
    - net: rds: Fix possible NULL-pointer dereference
    - vxlan: Add missing entries to vxlan_get_size()
    - netfilter: nf_tables: disable toggling dormant table state more than once
    - net: hinic: Fix warning-hinic_set_vlan_fliter() warn: variable dereferenced
      before check 'hwdev'
    - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file()
    - i915/pmu: Move execlist stats initialization to execlist specific setup
    - drm/virtio: clean out_fence on complete_submit
    - locking/seqlock: Do the lockdep annotation before locking in
      do_write_seqcount_begin_nested()
    - net: ena: Flush XDP packets on error.
    - bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI
    - octeontx2-pf: Do xdp_do_flush() after redirects.
    - igc: Expose tx-usecs coalesce setting to user
    - cxl/region: Match auto-discovered region decoders by HPA range
    - proc: nommu: /proc/<pid>/maps: release mmap read lock
    - proc: nommu: fix empty /proc/<pid>/maps
    - cifs: Fix UAF in cifs_demultiplex_thread()
    - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
    - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup()
    - i2c: mux: gpio: Add missing fwnode_handle_put()
    - i2c: xiic: Correct return value check for xiic_reinit()
    - drm/amdgpu: set completion status as preempted for the resubmission
    - ASoC: cs35l56: Disable low-power hibernation mode
    - drm/amd/display: Update DPG test pattern programming
    - drm/amd/display: fix a regression in blank pixel data caused by coding
      mistake
    - arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
    - direct_write_fallback(): on error revert the ->ki_pos update from buffered
      write
    - btrfs: reset destination buffer when read_extent_buffer() gets invalid range
    - vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
    - MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
    - spi: spi-gxp: BUG: Correct spi write return value
    - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset()
    - bus: ti-sysc: Fix missing AM35xx SoC matching
    - firmware: arm_scmi: Harden perf domain info access
    - firmware: arm_scmi: Fixup perf power-cost/microwatt support
    - power: supply: mt6370: Fix missing error code in mt6370_chg_toggle_cfo()
    - clk: sprd: Fix thm_parents incorrect configuration
    - clk: si521xx: Use REGCACHE_FLAT instead of NONE
    - clk: si521xx: Fix regmap write accessor
    - clk: tegra: fix error return case for recalc_rate
    - ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4
    - ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot
    - bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up
    - swiotlb: use the calculated number of areas
    - power: supply: ucs1002: fix error code in ucs1002_get_property()
    - power: supply: rt9467: Fix rt9467_run_aicl()
    - power: supply: core: fix use after free in uevent
    - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels()
    - xtensa: add default definition for XCHAL_HAVE_DIV32
    - xtensa: iss/network: make functions static
    - xtensa: boot: don't add include-dirs
    - xtensa: umulsidi3: fix conditional expression
    - xtensa: boot/lib: fix function prototypes
    - power: supply: rk817: Fix node refcount leak
    - powerpc/stacktrace: Fix arch_stack_walk_reliable()
    - selftests/powerpc: Fix emit_tests to work with run_kselftest.sh
    - arm64: dts: imx8mp: Fix SDMA2/3 clocks
    - arm64: dts: imx8mp-beacon-kit: Fix audio_pll2 clock
    - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers
    - arm64: dts: imx8mm-evk: Fix hdmi@3d node
    - arm64: dts: imx: Add imx8mm-prt8mm.dtb to build
    - firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND
    - i915/guc: Get runtime pm in busyness worker only if already active
    - accel/ivpu: Do not use wait event interruptible
    - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
    - i2c: npcm7xx: Fix callback completion ordering
    - NFSD: Fix zero NFSv4 READ results when RQ_SPLICE_OK is not set
    - x86/reboot: VMCLEAR active VMCSes before emergency reboot
    - dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
    - bpf: Annotate bpf_long_memcpy with data_race
    - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop
      15-fb0xxx (8A3E)
    - spi: sun6i: reduce DMA RX transfer width to single byte
    - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
    - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
    - parisc: sba: Fix compile warning wrt list of SBA devices
    - parisc: sba-iommu: Fix sparse warnigs
    - parisc: ccio-dma: Fix sparse warnings
    - parisc: iosapic.c: Fix sparse warnings
    - parisc: drivers: Fix sparse warning
    - parisc: irq: Make irq_stack_union static to avoid sparse warning
    - scsi: qedf: Add synchronization between I/O completions and abort
    - scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock
    - scsi: ufs: core: Poll HCS.UCRDY before issuing a UIC command
    - selftests/ftrace: Correctly enable event in instance-event.tc
    - ring-buffer: Avoid softlockup in ring_buffer_resize()
    - btrfs: assert delayed node locked when removing delayed item
    - selftests: fix dependency checker script
    - ring-buffer: Do not attempt to read past "commit"
    - net/smc: bugfix for smcr v2 server connect success statistic
    - ata: sata_mv: Fix incorrect string length computation in mv_dump_mem()
    - efi/x86: Ensure that EFI_RUNTIME_MAP is enabled for kexec
    - platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig
    - platform/x86: asus-wmi: Support 2023 ROG X16 tablet mode
    - thermal/of: add missing of_node_put()
    - drm/amdgpu: Store CU info from all XCCs for GFX v9.4.3
    - drm/amdkfd: Update cache info reporting for GFX v9.4.3
    - drm/amdkfd: Update CU masking for GFX 9.4.3
    - drm/amd/display: Don't check registers, if using AUX BL control
    - drm/amdgpu/soc21: don't remap HDP registers for SR-IOV
    - drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV
    - drm/amdgpu: fallback to old RAS error message for aqua_vanjaram
    - drm/amdkfd: Checkpoint and restore queues on GFX11
    - drm/amdgpu: Handle null atom context in VBIOS info ioctl
    - objtool: Fix _THIS_IP_ detection for cold functions
    - nvme-pci: do not set the NUMA node of device if it has none
    - riscv: errata: fix T-Head dcache.cva encoding
    - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command
    - scsi: pm80xx: Avoid leaking tags when processing
      OPC_INB_SET_CONTROLLER_CONFIG command
    - smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP
    - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset()
    - ata: libata-eh: do not thaw the port twice in ata_eh_reset()
    - Add DMI ID for MSI Bravo 15 B7ED
    - spi: nxp-fspi: reset the FLSHxCR1 registers
    - spi: stm32: add a delay before SPI disable
    - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
    - spi: intel-pci: Add support for Granite Rapids SPI serial flash
    - bpf: Clarify error expectations from bpf_clone_redirect
    - ASoC: rt5640: Only cancel jack-detect work on suspend if active
    - ALSA: hda: intel-sdw-acpi: Use u8 type for link index
    - ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width.
    - ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low
    - ASoC: cs42l42: Avoid stale SoundWire ATTACH after hard reset
    - firmware: cirrus: cs_dsp: Only log list of algorithms in debug build
    - ASoC: wm_adsp: Fix missing locking in wm_adsp_[read|write]_ctl()
    - memblock tests: fix warning: "__ALIGN_KERNEL" redefined
    - memblock tests: fix warning ‘struct seq_file’ declared inside parameter list
    - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
    - ASoC: SOF: sof-audio: Fix DSP core put imbalance on widget setup failure
    - media: vb2: frame_vector.c: replace WARN_ONCE with a comment
    - NFSv4.1: fix zero value filehandle in post open getattr
    - ASoC: SOF: Intel: MTL: Reduce the DSP init timeout
    - powerpc/watchpoints: Disable preemption in thread_change_pc()
    - powerpc/watchpoint: Disable pagefaults when getting user instruction
    - powerpc/watchpoints: Annotate atomic context in more places
    - ncsi: Propagate carrier gain/loss events to the NCSI controller
    - net: hsr: Add __packed to struct hsr_sup_tlv.
    - tsnep: Fix NAPI scheduling
    - tsnep: Fix ethtool channels
    - tsnep: Fix NAPI polling with budget 0
    - gfs2: fix glock shrinker ref issues
    - i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low
    - LoongArch: Use _UL() and _ULL()
    - LoongArch: Set all reserved memblocks on Node#0 at initialization
    - fbdev/sh7760fb: Depend on FB=y
    - perf build: Define YYNOMEM as YYNOABORT for bison < 3.81
    - ASoC: cs35l56: Call pm_runtime_dont_use_autosuspend()
    - iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
    - spi: zynqmp-gqspi: fix clock imbalance on probe failure
    - x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
    - x86/srso: Add SRSO mitigation for Hygon processors
    - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway
    - KVM: SVM: Fix TSC_AUX virtualization setup
    - KVM: x86/mmu: Open code leaf invalidation from mmu_notifier
    - KVM: x86/mmu: Do not filter address spaces in
      for_each_tdp_mmu_root_yield_safe()
    - KVM: x86/mmu: Stop zapping invalidated TDP MMU roots asynchronously
    - mptcp: fix bogus receive window shrinkage with multiple subflows
    - mptcp: move __mptcp_error_report in protocol.c
    - mptcp: process pending subflow error on close
    - Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
    - scsi: core: ata: Do no try to probe for CDL on old drives
    - serial: 8250_port: Check IRQ data before use
    - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
    - crypto: sm2 - Fix crash caused by uninitialized context
    - ALSA: rawmidi: Fix NULL dereference at proc read
    - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre
      M70q
    - LoongArch: Fix lockdep static memory detection
    - LoongArch: Define relocation types for ABI v2.10
    - LoongArch: numa: Fix high_memory calculation
    - LoongArch: Add support for 32_PCREL relocation type
    - LoongArch: Add support for 64_PCREL relocation type
    - ata: libata-scsi: link ata port and scsi device
    - scsi: sd: Differentiate system and runtime start/stop management
    - scsi: sd: Do not issue commands to suspended disks on shutdown
    - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES
    - io_uring/fs: remove sqe->rw_flags checking from LINKAT
    - i2c: i801: unregister tco_pdev in i801_probe() error path
    - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG
    - kernel/sched: Modify initial boot task idle setup
    - sched/rt: Fix live lock between select_fallback_rq() and RT push
    - Revert "SUNRPC dont update timeout value on connection reset"
    - NFSv4: Fix a state manager thread deadlock regression
    - ACPI: NFIT: Fix incorrect calculation of idt size
    - timers: Tag (hr)timer softirq as hotplug safe
    - drm/tests: Fix incorrect argument in drm_test_mm_insert_range
    - cxl/mbox: Fix CEL logic for poison and security commands
    - arm64: defconfig: remove CONFIG_COMMON_CLK_NPCM8XX=y
    - mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()
    - selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and
      hugetlb_reparenting_test.sh that may cause error
    - mm: mempolicy: keep VMA walk if both MPOL_MF_STRICT and MPOL_MF_MOVE are
      specified
    - mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy()
    - mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list
    - mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement
    - cxl/port: Fix cxl_test register enumeration regression
    - cxl/pci: Fix appropriate checking for _OSC while handling CXL RAS registers
    - ring-buffer: Fix bytes info in per_cpu buffer stats
    - ring-buffer: Update "shortest_full" in polling
    - btrfs: refresh dir last index during a rewinddir(3) call
    - btrfs: file_remove_privs needs an exclusive lock in direct io write
    - btrfs: set last dir index to the current last index when opening dir
    - btrfs: fix race between reading a directory and adding entries to it
    - btrfs: properly report 0 avail for very full file systems
    - media: uvcvideo: Fix OOB read
    - bpf: Add override check to kprobe multi link attach
    - bpf: Fix BTF_ID symbol generation collision
    - bpf: Fix BTF_ID symbol generation collision in tools/
    - net: thunderbolt: Fix TCPv6 GSO checksum calculation
    - thermal: sysfs: Fix trip_point_hyst_store()
    - tracing/user_events: Align set_bit() address for all archs
    - ata: libata-core: Fix ata_port_request_pm() locking
    - ata: libata-core: Fix port and device removal
    - ata: libata-core: Do not register PM operations for SAS ports
    - ata: libata-sata: increase PMP SRST timeout to 10s
    - i915: Limit the length of an sg list to the requested length
    - drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top
    - power: supply: rk817: Add missing module alias
    - power: supply: ab8500: Set typing and props
    - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC
    - drm/amdkfd: Use gpu_offset for user queue's wptr
    - drm/amd/display: fix the ability to use lower resolution modes on eDP
    - drm/meson: fix memory leak on ->hpd_notify callback
    - rbd: move rbd_dev_refresh() definition
    - rbd: decouple header read-in from updating rbd_dev->header
    - rbd: decouple parent info read-in from updating rbd_dev
    - rbd: take header_rwsem in rbd_dev_refresh() only when updating
    - memcg: drop kmem.limit_in_bytes
    - mm, memcg: reconsider kmem.limit_in_bytes deprecation
    - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
    - Linux 6.5.6

* Mantic update: v6.5.5 upstream stable release (LP: #2043416)
    - iomap: Fix possible overflow condition in iomap_write_delalloc_scan
    - autofs: fix memory leak of waitqueues in autofs_catatonic_mode
    - btrfs: handle errors properly in update_inline_extent_backref()
    - btrfs: output extra debug info if we failed to find an inline backref
    - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock
    - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
    - kernel/fork: beware of __put_task_struct() calling context
    - rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to
      _idle()
    - scftorture: Forgive memory-allocation failure if KASAN
    - ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
    - platform/chrome: cros_ec_lpc: Remove EC panic shutdown timeout
    - x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models
    - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09
    - s390/boot: cleanup number of page table levels setup
    - kselftest/arm64: fix a memleak in zt_regs_run()
    - perf/imx_ddr: speed up overflow frequency of cycle
    - ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2
    - hw_breakpoint: fix single-stepping when using bpf_overflow_handler
    - ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
    - selftests/nolibc: fix up kernel parameters support
    - selftests/nolibc: prevent out of bounds access in expect_vfprintf
    - spi: sun6i: add quirk for dual and quad SPI modes support
    - devlink: remove reload failed checks in params get/set callbacks
    - crypto: lrw,xts - Replace strlcpy with strscpy
    - ice: Don't tx before switchdev is fully configured
    - wifi: ath9k: fix fortify warnings
    - wifi: ath9k: fix printk specifier
    - wifi: rtw88: delete timer and free skb queue when unloading
    - wifi: mwifiex: fix fortify warning
    - mt76: mt7921: don't assume adequate headroom for SDIO headers
    - wifi: wil6210: fix fortify warnings
    - can: sun4i_can: Add acceptance register quirk
    - can: sun4i_can: Add support for the Allwinner D1
    - [Config] updateconfigs for CAN_SUN4I
    - net: Use sockaddr_storage for getsockopt(SO_PEERNAME).
    - wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()
    - wifi: ath12k: avoid array overflow of hw mode for preferred_hw_mode
    - net/ipv4: return the real errno instead of -EINVAL
    - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
    - Bluetooth: btusb: Add device 0489:e0f5 as MT7922 device
    - Bluetooth: btusb: Add a new VID/PID 0489/e0f6 for MT7922
    - Bluetooth: btusb: Add new VID/PID 0489/e102 for MT7922
    - Bluetooth: btusb: Add new VID/PID 04ca/3804 for MT7922
    - Bluetooth: Fix hci_suspend_sync crash
    - Bluetooth: btusb: Add support for another MediaTek 7922 VID/PID
    - netlink: convert nlk->flags to atomic flags
    - tpm_tis: Resend command to recover from data transfer errors
    - mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450
    - alx: fix OOB-read compiler warning
    - wifi: iwlwifi: pcie: avoid a warning in case prepare card failed
    - wifi: mac80211: check S1G action frame size
    - netfilter: ebtables: fix fortify warnings in size_entry_mwt()
    - wifi: cfg80211: reject auth/assoc to AP with our address
    - wifi: cfg80211: ocb: don't leave if not joined
    - wifi: mac80211: check for station first in client probe
    - wifi: mac80211_hwsim: drop short frames
    - Revert "wifi: mac80211_hwsim: check the return value of nla_put_u32"
    - libbpf: Free btf_vmlinux when closing bpf_object
    - wifi: ath12k: Fix memory leak in rx_desc and tx_desc
    - wifi: ath12k: add check max message length while scanning with extraie
    - Fix nomenclature for USB and PCI wireless devices
    - bpf: Consider non-owning refs trusted
    - bpf: Consider non-owning refs to refcounted nodes RCU protected
    - drm/bridge: tc358762: Instruct DSI host to generate HSE packets
    - drm/edid: Add quirk for OSVR HDK 2.0
    - drm: bridge: samsung-dsim: Drain command transfer FIFO before transfer
    - arm64: dts: qcom: sm6125-pdx201: correct ramoops pmsg-size
    - arm64: dts: qcom: sm6125-sprout: correct ramoops pmsg-size
    - arm64: dts: qcom: sm6350: correct ramoops pmsg-size
    - arm64: dts: qcom: sm8150-kumano: correct ramoops pmsg-size
    - arm64: dts: qcom: sm8250-edo: correct ramoops pmsg-size
    - drm/amdgpu: Increase soft IH ring size
    - samples/hw_breakpoint: Fix kernel BUG 'invalid opcode: 0000'
    - drm/amdgpu: Update ring scheduler info as needed
    - drm/amd/display: Fix underflow issue on 175hz timing
    - ASoC: SOF: topology: simplify code to prevent static analysis warnings
    - ASoC: Intel: sof_sdw: Update BT offload config for soundwire config
    - ALSA: hda: intel-dsp-cfg: add LunarLake support
    - drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK
    - drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31
    - drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN314
    - drm/amd/display: Use max memclk variable when setting max memclk
    - drm/msm/adreno: Use quirk identify hw_apriv
    - drm/msm/adreno: Use quirk to identify cached-coherent support
    - drm/exynos: fix a possible null-pointer dereference due to data race in
      exynos_drm_crtc_atomic_disable()
    - io_uring: annotate the struct io_kiocb slab for appropriate user copy
    - drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()
    - bus: ti-sysc: Configure uart quirks for k3 SoC
    - arm64: dts: qcom: sc8280xp-x13s: Add camera activity LED
    - md: raid1: fix potential OOB in raid1_remove_disk()
    - ext2: fix datatype of block number in ext2_xattr_set2()
    - blk-mq: fix tags leak when shrink nr_hw_queues
    - ASoC: SOF: amd: clear panic mask status when panic occurs
    - x86: bring back rep movsq for user access on CPUs without ERMS
    - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
    - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
    - ext4: add two helper functions extent_logical_end() and pa_logical_end()
    - ext4: avoid overlapping preallocations due to overflow
    - PCI: dwc: Provide deinit callback for i.MX
    - ARM: 9317/1: kexec: Make smp stop calls asynchronous
    - powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
    - PCI: vmd: Disable bridge window for domain reset
    - PCI: fu740: Set the number of MSI vectors
    - media: mdp3: Fix resource leaks in of_find_device_by_node
    - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
    - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
    - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
    - media: anysee: fix null-ptr-deref in anysee_master_xfer
    - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
    - media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer
    - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is
      detected
    - media: tuners: qt1010: replace BUG_ON with a regular error
    - media: pci: cx23885: replace BUG with error return
    - usb: cdns3: Put the cdns set active part outside the spin lock
    - usb: typec: intel_pmc_mux: Add new ACPI ID for Lunar Lake IOM device
    - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
    - tools: iio: iio_generic_buffer: Fix some integer type and calculation
    - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
    - serial: cpm_uart: Avoid suspicious locking
    - misc: open-dice: make OPEN_DICE depend on HAS_IOMEM
    - usb: dwc3: dwc3-octeon: Verify clock divider
    - usb: ehci: add workaround for chipidea PORTSC.PEC bug
    - usb: chipidea: add workaround for chipidea PEC bug
    - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
    - kobject: Add sanity check for kset->kobj.ktype in kset_register()
    - interconnect: Fix locking for runpm vs reclaim
    - usb: typec: qcom-pmic-typec: register drm_bridge
    - printk: Reduce console_unblank() usage in unsafe scenarios
    - printk: Keep non-panic-CPUs out of console lock
    - printk: Do not take console lock for console_flush_on_panic()
    - printk: Consolidate console deferred printing
    - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic()
    - ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow
    - btrfs: introduce struct to consolidate extent buffer write context
    - btrfs: zoned: introduce block group context to btrfs_eb_write_context
    - btrfs: zoned: return int from btrfs_check_meta_write_pointer
    - btrfs: zoned: defer advancing meta write pointer
    - btrfs: zoned: activate metadata block group on write time
    - mtd: spi-nor: spansion: use CLPEF as an alternative to CLSR
    - mtd: spi-nor: spansion: preserve CFR2V[7] when writing MEMLAT
    - btrfs: add a helper to read the superblock metadata_uuid
    - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
    - nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page()
    - drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
    - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
    - md: don't dereference mddev after export_rdev()
    - md: fix warning for holder mismatch from export_rdev()
    - efivarfs: fix statfs() on efivarfs
    - PM: hibernate: Fix the exclusive get block device in test_resume mode
    - selftests: tracing: Fix to unmount tracefs for recovering environment
    - x86/ibt: Suppress spurious ENDBR
    - x86/ibt: Avoid duplicate ENDBR in __put_user_nocheck*()
    - riscv: kexec: Align the kexeced kernel entry
    - x86/sched: Restore the SD_ASYM_PACKING flag in the DIE domain
    - scsi: target: core: Fix target_cmd_counter leak
    - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file()
    - panic: Reenable preemption in WARN slowpath
    - ata: libata-core: fetch sense data for successful commands iff CDL enabled
    - x86/boot/compressed: Reserve more memory for page tables
    - x86/purgatory: Remove LTO flags
    - samples/hw_breakpoint: fix building without module unloading
    - blk-mq: prealloc tags when increase tagset nr_hw_queues
    - blk-mq: fix tags UAF when shrinking q->nr_hw_queues
    - md/raid1: fix error: ISO C90 forbids mixed declarations
    - Revert "SUNRPC: Fail faster on bad verifier"
    - attr: block mode changes of symlinks
    - ovl: fix failed copyup of fileattr on a symlink
    - ovl: fix incorrect fdput() on aio completion
    - io_uring/net: fix iter retargeting for selected buf
    - x86/platform/uv: Use alternate source for socket to node data
    - Revert "firewire: core: obsolete usage of GFP_ATOMIC at building node tree"
    - drm/amd: Make fence wait in suballocator uninterruptible
    - Revert "drm/amd: Disable S/G for APUs when 64GB or more host memory"
    - dm: don't attempt to queue IO under RCU protection
    - dm: fix a race condition in retrieve_deps
    - btrfs: fix lockdep splat and potential deadlock after failure running
      delayed items
    - btrfs: fix a compilation error if DEBUG is defined in btree_dirty_folio
    - btrfs: fix race between finishing block group creation and its item update
    - btrfs: release path before inode lookup during the ino lookup ioctl
    - btrfs: check for BTRFS_FS_ERROR in pending ordered assert
    - tracing/synthetic: Fix order of struct trace_dynamic_info
    - tracing: Have tracing_max_latency inc the trace array ref count
    - tracing: Have event inject files inc the trace array ref count
    - tracing/synthetic: Print out u64 values properly
    - tracing: Increase trace array ref count on enable and filter files
    - tracing: Have current_trace inc the trace array ref count
    - tracing: Have option files inc the trace array ref count
    - selinux: fix handling of empty opts in selinux_fs_context_submount()
    - nfsd: fix change_info in NFSv4 RENAME replies
    - tracefs: Add missing lockdown check to tracefs_create_dir()
    - i2c: aspeed: Reset the i2c controller when timeout occurs
    - ata: libata: disallow dev-initiated LPM transitions to unsupported states
    - ata: libahci: clear pending interrupt status
    - scsi: megaraid_sas: Fix deadlock on firmware crashdump
    - scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()
    - scsi: pm8001: Setup IRQs on resume
    - Revert "comedi: add HAS_IOPORT dependencies"
    - [Config] updateconfigs for COMEDI/HAS_IOPORT deps
    - ext4: fix rec_len verify error
    - drm/radeon: make fence wait in suballocator uninterrruptable
    - drm/i915: Only check eDP HPD when AUX CH is shared
    - drm/amdkfd: Insert missing TLB flush on GFX10 and later
    - drm/tests: helpers: Avoid a driver uaf
    - drm/amd/display: Adjust the MST resume flow
    - drm/amd/display: fix the white screen issue when >= 64GB DRAM
    - drm/amd/display: Add DPIA Link Encoder Assignment Fix
    - drm/amd/display: Fix 2nd DPIA encoder Assignment
    - Revert "memcg: drop kmem.limit_in_bytes"
    - drm/amdgpu: fix amdgpu_cs_p1_user_fence
    - interconnect: Teach lockdep about icc_bw_lock order
    - x86/alternatives: Remove faulty optimization
    - x86,static_call: Fix static-call vs return-thunk
    - Linux 6.5.5

* Could not probe Samsung P44 30S3 PM9C1a SSD correctly: nvme nvme0: Device
    not ready: aborting installation, CSTS=0x0 (LP: #2041495) // Mantic update:
    v6.5.5 upstream stable release (LP: #2043416)
    - nvme: avoid bogus CRTO values

* Mantic update: v6.5.4 upstream stable release (LP: #2041999)
    - net/ipv6: SKB symmetric hash should incorporate transport ports
    - drm/virtio: Conditionally allocate virtio_gpu_fence
    - scsi: ufs: core: Add advanced RPMB support where UFSHCI 4.0 does not support
      EHS length in UTRD
    - scsi: qla2xxx: Adjust IOCB resource on qpair create
    - scsi: qla2xxx: Limit TMF to 8 per function
    - scsi: qla2xxx: Fix deletion race condition
    - scsi: qla2xxx: fix inconsistent TMF timeout
    - scsi: qla2xxx: Fix command flush during TMF
    - scsi: qla2xxx: Fix erroneous link up failure
    - scsi: qla2xxx: Turn off noisy message log
    - scsi: qla2xxx: Fix session hang in gnl
    - scsi: qla2xxx: Fix TMF leak through
    - scsi: qla2xxx: Remove unsupported ql2xenabledif option
    - scsi: qla2xxx: Flush mailbox commands on chip reset
    - scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
    - scsi: qla2xxx: Error code did not return to upper layer
    - scsi: qla2xxx: Fix firmware resource tracking
    - null_blk: fix poll request timeout handling
    - kernfs: fix missing kernfs_iattr_rwsem locking
    - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
    - clk: qcom: camcc-sc7180: fix async resume during probe
    - drm/ast: Fix DRAM init on AST2200
    - ASoC: tegra: Fix SFC conversion for few rates
    - ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size
    - arm64: tegra: Update AHUB clock parent and rate on Tegra234
    - arm64: tegra: Update AHUB clock parent and rate
    - clk: qcom: turingcc-qcs404: fix missing resume during probe
    - ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen
    - arm64: dts: qcom: msm8953-vince: drop duplicated touschreen parent interrupt
    - ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names
    - ARM: dts: qcom: msm8974pro-castor: correct touchscreen syna,nosleep-mode
    - arm64: dts: renesas: rzg2l: Fix txdv-skew-psec typos
    - ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
    - send channel sequence number in SMB3 requests after reconnects
    - memcg: drop kmem.limit_in_bytes
    - mm: hugetlb_vmemmap: fix a race between vmemmap pmd split
    - lib/test_meminit: allocate pages up to order MAX_ORDER
    - Multi-gen LRU: avoid race in inc_min_seq()
    - parisc: led: Fix LAN receive and transmit LEDs
    - parisc: led: Reduce CPU overhead for disk & lan LED computation
    - cifs: update desired access while requesting for directory lease
    - pinctrl: cherryview: fix address_space_handler() argument
    - dt-bindings: clock: xlnx,versal-clk: drop select:false
    - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz
    - clk: imx: pll14xx: align pdiv with reference manual
    - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
    - soc: qcom: qmi_encdec: Restrict string length in decode
    - clk: qcom: dispcc-sm8450: fix runtime PM imbalance on probe errors
    - clk: qcom: dispcc-sm8550: fix runtime PM imbalance on probe errors
    - clk: qcom: lpasscc-sc7280: fix missing resume during probe
    - clk: qcom: q6sstop-qcs404: fix missing resume during probe
    - clk: qcom: mss-sc7180: fix missing resume during probe
    - NFS: Fix a potential data corruption
    - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
    - bus: mhi: host: Skip MHI reset if device is in RDDM
    - kbuild: rpm-pkg: define _arch conditionally
    - kbuild: do not run depmod for 'make modules_sign'
    - kbuild: dummy-tools: make MPROFILE_KERNEL checks work on BE
    - tpm_crb: Fix an error handling path in crb_acpi_add()
    - gfs2: Switch to wait_event in gfs2_logd
    - gfs2: low-memory forced flush fixes
    - mailbox: qcom-ipcc: fix incorrect num_chans counting
    - kconfig: fix possible buffer overflow
    - tools/mm: fix undefined reference to pthread_once
    - Input: iqs7222 - configure power mode before triggering ATI
    - perf trace: Really free the evsel->priv area
    - pwm: atmel-tcb: Harmonize resource allocation order
    - pwm: atmel-tcb: Fix resource freeing in error path and remove
    - backlight: lp855x: Initialize PWM state on first brightness change
    - backlight: gpio_backlight: Drop output GPIO direction check for initial
      power state
    - perf parse-events: Separate YYABORT and YYNOMEM cases
    - perf parse-events: Move instances of YYABORT to YYNOMEM
    - perf parse-events: Separate ENOMEM memory handling
    - perf parse-events: Additional error reporting
    - KVM: SVM: Don't defer NMI unblocking until next exit for SEV-ES guests
    - Input: tca6416-keypad - always expect proper IRQ number in i2c client
    - Input: tca6416-keypad - fix interrupt enable disbalance
    - perf annotate bpf: Don't enclose non-debug code with an assert()
    - x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
    - perf script: Print "cgroup" field on the same line as "comm"
    - perf bpf-filter: Fix sample flag check with ||
    - perf dlfilter: Initialize addr_location before passing it to
      thread__find_symbol_fb()
    - perf dlfilter: Add al_cleanup()
    - perf vendor events: Update the JSON/events descriptions for power10 platform
    - perf vendor events: Drop some of the JSON/events for power10 platform
    - perf vendor events: Drop STORES_PER_INST metric event for power10 platform
    - perf vendor events: Move JSON/events to appropriate files for power10
      platform
    - perf vendor events: Update metric event names for power10 platform
    - perf top: Don't pass an ERR_PTR() directly to perf_session__delete()
    - perf lock: Don't pass an ERR_PTR() directly to perf_session__delete()
    - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
    - perf vendor events arm64: Remove L1D_CACHE_LMISS from AmpereOne list
    - pwm: lpc32xx: Remove handling of PWM channels
    - accel/ivpu: refactor deprecated strncpy
    - perf header: Fix missing PMU caps
    - i3c: master: svc: Describe member 'saved_regs'
    - perf test stat_bpf_counters_cgrp: Fix shellcheck issue about logical
      operators
    - perf test stat_bpf_counters_cgrp: Enhance perf stat cgroup BPF counter test
    - regulator: tps6287x: Fix n_voltages
    - selftests/bpf: Fix flaky cgroup_iter_sleepable subtest
    - drm/i915: mark requests for GuC virtual engines to avoid use-after-free
    - blk-throttle: use calculate_io/bytes_allowed() for throtl_trim_slice()
    - blk-throttle: consider 'carryover_ios/bytes' in throtl_trim_slice()
    - netfilter: nf_tables: Audit log setelem reset
    - netfilter: nf_tables: Audit log rule reset
    - smb: propagate error code of extract_sharename()
    - net/sched: fq_pie: avoid stalls in fq_pie_timer()
    - sctp: annotate data-races around sk->sk_wmem_queued
    - ipv4: annotate data-races around fi->fib_dead
    - net: read sk->sk_family once in sk_mc_loop()
    - net: fib: avoid warn splat in flow dissector
    - xsk: Fix xsk_diag use-after-free error during socket cleanup
    - drm/i915/gvt: Verify pfn is "valid" before dereferencing "struct page"
    - drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn()
    - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
    - drm/amd/display: fix mode scaling (RMX_.*)
    - net/handshake: fix null-ptr-deref in handshake_nl_done_doit()
    - net: use sk_forward_alloc_get() in sk_get_meminfo()
    - net: annotate data-races around sk->sk_forward_alloc
    - mptcp: annotate data-races around msk->rmem_fwd_alloc
    - net: annotate data-races around sk->sk_tsflags
    - net: annotate data-races around sk->sk_bind_phc
    - ipv4: ignore dst hint for multipath routes
    - ipv6: ignore dst hint for multipath routes
    - selftests/bpf: Fix a CI failure caused by vsock write
    - igb: disable virtualization features on 82580
    - gve: fix frag_list chaining
    - veth: Fixing transmit return status for dropped packets
    - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
    - net: phy: micrel: Correct bit assignments for phy_device flags
    - bpf, sockmap: Fix skb refcnt race after locking changes
    - af_unix: Fix msg_controllen test in scm_pidfd_recv() for MSG_CMSG_COMPAT.
    - af_unix: Fix data-races around user->unix_inflight.
    - af_unix: Fix data-race around unix_tot_inflight.
    - af_unix: Fix data-races around sk->sk_shutdown.
    - af_unix: Fix data race around sk->sk_err.
    - kcm: Destroy mutex in kcm_exit_net()
    - octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler
    - igc: Change IGC_MIN to allow set rx/tx value between 64 and 80
    - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
    - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
    - s390/zcrypt: don't leak memory if dev_set_name() fails
    - regulator: tps6594-regulator: Fix random kernel crash
    - idr: fix param name in idr_alloc_cyclic() doc
    - ip_tunnels: use DEV_STATS_INC()
    - net/mlx5e: Clear mirred devices array if the rule is split
    - net/mlx5: Give esw_offloads_load/unload_rep() "mlx5_" prefix
    - net/mlx5: Rework devlink port alloc/free into init/cleanup
    - net/mlx5: Push devlink port PF/VF init/cleanup calls out of
      devlink_port_register/unregister()
    - mlx5/core: E-Switch, Create ACL FT for eswitch manager in switchdev mode
    - net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and
      offload
    - net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times
    - net: dsa: sja1105: complete tc-cbs offload support on SJA1110
    - net: phylink: fix sphinx complaint about invalid literal
    - bpf: Invoke __bpf_prog_exit_sleepable_recur() on recursion in
      kern_sys_bpf().
    - bpf: Assign bpf_tramp_run_ctx::saved_run_ctx before recursion check.
    - s390/bpf: Pass through tail call counter in trampolines
    - bpf: bpf_sk_storage: Fix invalid wait context lockdep report
    - bpf: bpf_sk_storage: Fix the missing uncharge in sk_omem_alloc
    - netfilter: nf_tables: Unbreak audit log reset
    - net: phy: Provide Module 4 KSZ9477 errata (DS80000754C)
    - net: hns3: fix tx timeout issue
    - net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read()
    - net: hns3: fix debugfs concurrency issue between kfree buffer and read
    - net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue
    - net: hns3: fix the port information display when sfp is absent
    - net: hns3: remove GSO partial feature bit
    - net: enetc: distinguish error from valid pointers in
      enetc_fixup_clear_rss_rfs()
    - sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory()
    - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
    - linux/export: fix reference to exported functions for parisc64
    - watchdog: advantech_ec_wdt: fix Kconfig dependencies
    - drm/amd/display: Temporary Disable MST DP Colorspace Property
    - ARC: atomics: Add compiler barrier to atomic operations...
    - clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL
    - dmaengine: sh: rz-dmac: Fix destination and source data size setting
    - misc: fastrpc: Fix remote heap allocation request
    - misc: fastrpc: Fix incorrect DMA mapping unmap request
    - jbd2: fix checkpoint cleanup performance regression
    - jbd2: check 'jh->b_transaction' before removing it from checkpoint
    - jbd2: correct the end of the journal recovery scan range
    - ext4: add correct group descriptors and reserved GDT blocks to system zone
    - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
    - ext4: drop dio overwrite only flag and associated warning
    - f2fs: get out of a repeat loop when getting a locked data page
    - f2fs: flush inode if atomic file is aborted
    - f2fs: avoid false alarm of circular locking
    - lib: test_scanf: Add explicit type cast to result initialization in
      test_number_prefix()
    - hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation
    - memcontrol: ensure memcg acquired by id is properly set up
    - ata: ahci: Add Elkhart Lake AHCI controller
    - ata: pata_falcon: fix IO base selection for Q40
    - ata: sata_gemini: Add missing MODULE_DESCRIPTION
    - ata: pata_ftide010: Add missing MODULE_DESCRIPTION
    - fuse: nlookup missing decrement in fuse_direntplus_link
    - btrfs: zoned: do not zone finish data relocation block group
    - btrfs: fix start transaction qgroup rsv double free
    - btrfs: free qgroup rsv on io failure
    - btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
    - btrfs: set page extent mapped after read_folio in relocate_one_page
    - btrfs: zoned: re-enable metadata over-commit for zoned mode
    - btrfs: use the correct superblock to compare fsid in btrfs_validate_super
    - btrfs: scrub: avoid unnecessary extent tree search preparing stripes
    - btrfs: scrub: avoid unnecessary csum tree search preparing stripes
    - btrfs: scrub: fix grouping of read IO
    - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
    - mtd: rawnand: brcmnand: Fix crash during the panic_write
    - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
    - mtd: spi-nor: Correct flags for Winbond w25q128
    - mtd: rawnand: brcmnand: Fix potential false time out warning
    - mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
    - Revert "drm/amd/display: Remove v_startup workaround for dcn3+"
    - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma
    - drm/amd/display: limit the v_startup workaround to ASICs older than DCN3.1
    - drm/amd/display: prevent potential division by zero errors
    - KVM: VMX: Refresh available regs and IDT vectoring info before NMI handling
    - KVM: SVM: Take and hold ir_list_lock when updating vCPU's Physical ID entry
    - KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
    - KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration
    - KVM: nSVM: Check instead of asserting on nested TSC scaling support
    - KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state
    - KVM: SVM: Set target pCPU during IRTE update if target vCPU is running
    - KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
    - MIPS: Only fiddle with CHECKFLAGS if `need-compiler'
    - MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS `modules_install' regression
    - perf hists browser: Fix hierarchy mode header
    - perf build: Update build rule for generated files
    - perf test shell stat_bpf_counters: Fix test on Intel
    - perf tools: Handle old data in PERF_RECORD_ATTR
    - perf build: Include generated header files properly
    - perf hists browser: Fix the number of entries for 'e' key
    - drm/amd/display: always switch off ODM before committing more streams
    - drm/amd/display: Remove wait while locked
    - drm/amdkfd: Add missing gfx11 MQD manager callbacks
    - drm/amdgpu: register a dirty framebuffer callback for fbcon
    - bpf: fix bpf_probe_read_kernel prototype mismatch
    - regulator: raa215300: Change the scope of the variables {clkin_name,
      xin_name}
    - regulator: raa215300: Fix resource leak in case of error
    - parisc: sba_iommu: Fix build warning if procfs if disabled
    - kunit: Fix wild-memory-access bug in kunit_free_suite_set()
    - net: ipv4: fix one memleak in __inet_del_ifa()
    - kselftest/runner.sh: Propagate SIGTERM to runner child
    - selftests: Keep symlinks, when possible
    - selftests/ftrace: Fix dependencies for some of the synthetic event tests
    - net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()
    - octeontx2-pf: Fix page pool cache index corruption.
    - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in
      smcr_port_add
    - net: stmmac: fix handling of zero coalescing tx-usecs
    - net: ethernet: mvpp2_main: fix possible OOB write in
      mvpp2_ethtool_get_rxnfc()
    - net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in
      mtk_hwlro_get_fdir_all()
    - hsr: Fix uninit-value access in fill_frame_info()
    - net: ethernet: adi: adin1110: use eth_broadcast_addr() to assign broadcast
      address
    - net:ethernet:adi:adin1110: Fix forwarding offload
    - net: dsa: sja1105: hide all multicast addresses from "bridge fdb show"
    - net: dsa: sja1105: propagate exact error code from
      sja1105_dynamic_config_poll_valid()
    - net: dsa: sja1105: fix multicast forwarding working only for last added mdb
      entry
    - net: dsa: sja1105: serialize sja1105_port_mcast_flood() with other FDB
      accesses
    - net: dsa: sja1105: block FDB accesses that are concurrent with a switch
      reset
    - r8152: check budget for r8152_poll()
    - kcm: Fix memory leak in error path of kcm_sendmsg()
    - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors
    - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames
    - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
    - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
    - platform/mellanox: NVSW_SN2201 should depend on ACPI
    - [Config] updateconfigs for NVSW_SN2201
    - net: macb: fix sleep inside spinlock
    - veth: Update XDP feature set when bringing up device
    - ipv6: fix ip6_sock_set_addr_preferences() typo
    - tcp: Factorise sk_family-independent comparison in
      inet_bind2_bucket_match(_addr_any).
    - tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
    - tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
    - selftest: tcp: Fix address length in bind_wildcard.c.
    - ixgbe: fix timestamp configuration code
    - igb: clean up in all error paths when enabling SR-IOV
    - net: renesas: rswitch: Fix unmasking irq condition
    - kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
    - vm: fix move_vma() memory accounting being off
    - drm/amd/display: Fix a bug when searching for insert_above_mpcc
    - Linux 6.5.4

* CVE-2023-6176
    - net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Thu, 11 Jan 2024 13:47:08 +0100

Changed in linux (Ubuntu Mantic):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-02-07:

#9

This bug is awaiting verification that the linux-gcp-6.5/6.5.0-1013.13~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-gcp-6.5' to 'verification-done-jammy-linux-gcp-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-gcp-6.5' to 'verification-failed-jammy-linux-gcp-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-gcp-6.5-v2 verification-needed-jammy-linux-gcp-6.5

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-02-08:

#10

This bug is awaiting verification that the linux-azure/6.5.0-1013.13 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux-azure' to 'verification-done-mantic-linux-azure'. If the problem still exists, change the tag 'verification-needed-mantic-linux-azure' to 'verification-failed-mantic-linux-azure'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-mantic-linux-azure-v2 verification-needed-mantic-linux-azure

Revision history for this message

Dan Clash (daclash) wrote on 2024-02-08:

#11

I previously verified that the test program hangs when 6.5.0-1011-azure is installed.
I have been testing with 6.5.0-1012-azure from the Canonical Kernel PPA for a while with no issues.
I upgraded to 6.5.0-1013-azure just now and the test program still passes.

devvm7 ~ $ uname -a
Linux daclashlinux7 6.5.0-1013-azure #13~22.04.1-Ubuntu SMP Tue Feb 6 20:34:09 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

devvm7 ~ $ sudo dmesg --clear

devvm7 ~ $ ./io_uring_open_close_audit_hang --directory /tmp/deleteme --count 10000
i=0
i=100
i=200
...
i=9800
i=9900

devvm7 ~ $ sudo dmesg
devvm7 ~ $

The test program does not hang when running with 6.5.0-1012-azure.

daclash@daclashlinux4:~$ uname -a
Linux daclashlinux4 6.5.0-1012-azure #12~22.04.1-Ubuntu SMP Tue Jan 16 21:24:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

daclash@daclashlinux4:~$ sudo dmesg --clear

daclash@daclashlinux4:~$ ./io_uring_open_close_audit_hang --directory /tmp/deleteme --count 10000
...
i=9900

daclash@daclashlinux4:~$ sudo dmesg
daclash@daclashlinux4:~$

The test program does hang when running with 6.5.0-1011-azure.

daclash@daclashlinux4:~$ uname -a
Linux daclashlinux4 6.5.0-1011-azure #11~22.04.1-Ubuntu SMP Mon Jan 15 16:59:12 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

daclash@daclashlinux4:~$ sudo dmesg --clear
daclash@daclashlinux4:~$ ./io_uring_open_close_audit_hang --directory /tmp/deleteme --count 10000
i=0
...
i=5900
i=6000
^C

daclash@daclashlinux4:~$ sudo dmesg | grep "kernel BUG at fs/namei.c"
[ 125.159601] kernel BUG at fs/namei.c:264!

Revision history for this message

Dan Clash (daclash) wrote on 2024-02-08:

#12

Please let me know if testing from the Canonical Kernel PPA is sufficient or if I should test again using -proposed.

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-02-13:

#13

This bug is awaiting verification that the linux-aws-6.5/6.5.0-1013.13~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-done-jammy-linux-aws-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-aws-6.5' to 'verification-failed-jammy-linux-aws-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-aws-6.5-v2 verification-needed-jammy-linux-aws-6.5

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-03-26:

#14

This bug is awaiting verification that the linux-nvidia-6.5/6.5.0-1014.14 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-done-jammy-linux-nvidia-6.5'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-6.5' to 'verification-failed-jammy-linux-nvidia-6.5'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-6.5-v2 verification-needed-jammy-linux-nvidia-6.5

Ubuntu
linux package

kernel BUG: io_uring openat triggers audit reference count underflow

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Lunar	Fix Committed	Medium	Tim Gardner
Mantic	Fix Released	Medium	Tim Gardner

Ubuntulinux package

kernel BUG: io_uring openat triggers audit reference count underflow

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package