Ubuntu
linux package

vmd may fail to create sysfs entry while `pci_rescan_bus()` called in some other drivers like wwan

Bug #2011389 reported by You-Sheng Yang on 2023-03-13

This bug affects 1 person

	Status	Importance	Assigned to
HWE Next	New	Undecided	Unassigned
linux (Ubuntu)	Fix Released	High	You-Sheng Yang
Jammy	Invalid	Undecided	Unassigned
Lunar	Fix Released	High	You-Sheng Yang
linux-oem-6.0 (Ubuntu)	Invalid	Undecided	Unassigned
Jammy	Won't Fix	Undecided	Unassigned
Lunar	Invalid	Undecided	Unassigned
linux-oem-6.1 (Ubuntu)	Invalid	Undecided	Unassigned
Jammy	Fix Released	High	You-Sheng Yang
Lunar	Invalid	Undecided	Unassigned

Bug Description

[SRU Justification]

[Impact]

With wwan t7xx driver patched, vmd may fail the probe process because it does not lock properly.

[Fix]

https://<email address hidden>/T/#u

[Test Case]

Verify on platforms with FM350 wwan module with prebuilt oem-6.1 or above kernels. No vmd probe error should be found in dmesg.

[Where problems could occur]

This is the way it should have been done.

[Other Info]

This is not reproducible with v6.0 or older kernels, so only Lunar and oem-6.1 are nominated for fix. OEM-6.0 patch goes to Gerrit instead.

========== original bug report ==========

vmd may fail to create sysfs entry while `pci_rescan_bus()` called in some other drivers like wwan.

This happens after bug 2002089 re-added pci rescan feature back to wwan t7xx driver to support firmware updates via devlink. t7xx may call `pci_rescan_bus()` with proper locks, but vmd doesn't.

sysfs: cannot create duplicate filename '/devices/.../resource0'
Call Trace:
<TASK>
sysfs_warn_dup.cold+0x17/0x34
sysfs_add_bin_file_mode_ns+0xc0/0xf0
sysfs_create_bin_file+0x6d/0xb0
pci_create_attr+0x117/0x260
pci_create_resource_files+0x6b/0x150
pci_create_sysfs_dev_files+0x18/0x30
pci_bus_add_device+0x30/0x80
pci_bus_add_devices+0x31/0x80
pci_bus_add_devices+0x5b/0x80
vmd_enable_domain.constprop.0+0x6b7/0x880 [vmd]
vmd_probe+0x16d/0x193 [vmd]

See original description

Tags:

CVE References

You-Sheng Yang (vicamo) on 2023-03-13

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-03-13: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 2011389

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

You-Sheng Yang (vicamo) on 2023-03-13

Changed in linux-oem-6.1 (Ubuntu Lunar):
status:	New → Invalid
Changed in linux-oem-6.0 (Ubuntu Lunar):
status:	New → Invalid
Changed in linux (Ubuntu Jammy):
status:	New → Invalid
Changed in linux (Ubuntu Lunar):
status:	Incomplete → In Progress
importance:	Undecided → High
assignee:	nobody → You-Sheng Yang (vicamo)
Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	New → In Progress
importance:	Undecided → High
assignee:	nobody → You-Sheng Yang (vicamo)

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2023-03-13:

https://<email address hidden>/T/#u

tags:

added: oem-priority originate-from-2008984 somerville

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2023-03-13:

The lack of proper lock begins since commit 185a383ada2e ("x86/PCI: Add driver for Intel Volume Management Device (VMD)"), v4.4, but we only bump into this issue in 6.1 oem/generic kernels or above.

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2023-03-14:

SRU:
* http://ckctreview.internal/r/c/linux-oem/jammy/+/1860 (linux-oem-6.1/jammy)

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2023-03-15:

SRU: https://lists.ubuntu.com/archives/kernel-team/2023-March/137761.html (lunar, unstable)

description:

updated

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2023-03-15:

While we cannot reproduce this on kernels older than 6.1, we will skip this.

Changed in linux-oem-6.0 (Ubuntu Jammy):
status:	New → Won't Fix

Timo Aaltonen (tjaalton) on 2023-03-17

Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-04-11:

This bug is awaiting verification that the linux-oem-6.1/6.1.0-1009.9 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-oem-6.1 verification-needed-jammy

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2023-04-13:

verified.

tags:

added: verification-done-jammy
removed: verification-needed-jammy

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-04-18:

Download full text (110.6 KiB)

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1009.9

---------------
linux-oem-6.1 (6.1.0-1009.9) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1009.9 -proposed tracker (LP: #2011921)

  * Fix spurious wakeup from S5 when TBT dock is plugged (LP: #2012846)
    - ACPICA: MADT: Add loong_arch-specific APICs support
    - ACPICA: Events: Support fixed PCIe wake event

  * The panel get blank for too long after disconnecting dock with monitors
    (LP: #2013114)
    - drm/i915/tc: Abort DP AUX transfer on a disconnected TC port

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2023.03.20)

This bug was fixed in the package linux-oem-6.1 - 6.1.0-1009.9

---------------
linux-oem-6.1 (6.1.0-1009.9) jammy; urgency=medium

* jammy/linux-oem-6.1: 6.1.0-1009.9 -proposed tracker (LP: #2011921)

* Fix spurious wakeup from S5 when TBT dock is plugged (LP: #2012846)
    - ACPICA: MADT: Add loong_arch-specific APICs support
    - ACPICA: Events: Support fixed PCIe wake event

* The panel get blank for too long after disconnecting dock with monitors
    (LP: #2013114)
    - drm/i915/tc: Abort DP AUX transfer on a disconnected TC port

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2023.03.20)

* Jammy update: v6.1.22 upstream stable release (LP: #2013346)
    - interconnect: qcom: osm-l3: fix icc_onecell_data allocation
    - interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function
    - interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT
    - perf/core: Fix perf_output_begin parameter is incorrectly invoked in
      perf_event_bpf_output
    - perf: fix perf_event_context->time
    - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr
    - drm/amd/display: Include virtual signal to set k1 and k2 values
    - drm/amd/display: fix k1 k2 divider programming for phantom streams
    - drm/amd/display: Remove OTG DIV register write for Virtual signals.
    - mptcp: refactor passive socket initialization
    - mptcp: use the workqueue to destroy unaccepted sockets
    - mptcp: fix UaF in listener shutdown
    - drm/amd/display: Fix DP MST sinks removal issue
    - arm64: dts: qcom: sm8450: Mark UFS controller as cache coherent
    - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race
      condition
    - power: supply: da9150: Fix use after free bug in da9150_charger_remove due
      to race condition
    - arm64: dts: imx8dxl-evk: Disable hibernation mode of AR8031 for EQOS
    - arm64: dts: imx8dxl-evk: Fix eqos phy reset gpio
    - ARM: dts: imx6sll: e70k02: fix usbotg1 pinctrl
    - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl
    - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
    - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes
    - arm64: dts: imx93: add missing #address-cells and #size-cells to i2c nodes
    - NFS: Fix /proc/PID/io read_bytes for buffered reads
    - xsk: Add missing overflow check in xdp_umem_reg
    - iavf: fix inverted Rx hash condition leading to disabled hash
    - iavf: fix non-tunneled IPv6 UDP packet type and hashing
    - iavf: do not track VLAN 0 filters
    - intel/igbvf: free irq on the error path in igbvf_request_msix()
    - igbvf: Regard vf reset nack as success
    - igc: fix the validation logic for taprio's gate list
    - i2c: imx-lpi2c: check only for enabled interrupt flags
    - i2c: mxs: ensure that DMA buffers are safe for DMA
    - i2c: hisi: Only use the completion interrupt to finish the transfer
    - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
    - nfsd: don't replace page in rq_pages if it's a continuation of last page
    - net: dsa: b53: mmap: fix device tree support
    - net: usb: smsc95xx: Limit packet length to skb->len
    - efi/libstub: smbios: Use length member instead of record struct size
    - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
    - xirc2ps_cs: Fix use after free bug in xirc2ps_detach
    - net: phy: Ensure state transitions are processed from phy_stop()
    - net: mdio: fix owner field for mdio buses registered using device-tree
    - net: mdio: fix owner field for mdio buses registered using ACPI
    - net: stmmac: Fix for mismatched host/device DMA address width
    - thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function
    - mlxsw: core_thermal: Fix fan speed in maximum cooling state
    - drm/i915: Print return value on error
    - drm/i915/fbdev: lock the fbdev obj before vma pin
    - drm/i915/guc: Rename GuC register state capture node to be more obvious
    - drm/i915/guc: Fix missing ecodes
    - drm/i915/gt: perform uc late init after probe error injection
    - net: qcom/emac: Fix use after free bug in emac_remove due to race condition
    - net: usb: lan78xx: Limit packet length to skb->len
    - net/ps3_gelic_net: Fix RX sk_buff length
    - net/ps3_gelic_net: Use dma_mapping_error
    - octeontx2-vf: Add missing free for alloc_percpu
    - bootconfig: Fix testcase to increase max node
    - keys: Do not cache key in task struct if key is requested from kernel thread
    - ice: check if VF exists before mode check
    - iavf: fix hang on reboot with ice
    - i40e: fix flow director packet filter programming
    - bpf: Adjust insufficient default bpf_jit_limit
    - net/mlx5e: Set uplink rep as NETNS_LOCAL
    - net/mlx5e: Block entering switchdev mode with ns inconsistency
    - net/mlx5: Fix steering rules cleanup
    - net/mlx5e: Overcome slow response for first macsec ASO WQE
    - net/mlx5: Read the TC mapping of all priorities on ETS query
    - net/mlx5: E-Switch, Fix an Oops in error handling code
    - net: dsa: tag_brcm: legacy: fix daisy-chained switches
    - atm: idt77252: fix kmemleak when rmmod idt77252
    - erspan: do not use skb_mac_header() in ndo_start_xmit()
    - net/sonic: use dma_mapping_error() for error check
    - nvme-tcp: fix nvme_tcp_term_pdu to match spec
    - mlxsw: spectrum_fid: Fix incorrect local port type
    - hvc/xen: prevent concurrent accesses to the shared ring
    - ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA
    - ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES
    - ksmbd: fix possible refcount leak in smb2_open()
    - Bluetooth: hci_sync: Resume adv with no RPA when active scan
    - Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet
    - Bluetooth: btusb: Remove detection of ISO packets over bulk
    - Bluetooth: ISO: fix timestamped HCI ISO data packet parsing
    - Bluetooth: Remove "Power-on" check from Mesh feature
    - gve: Cache link_speed value from device
    - net: asix: fix modprobe "sysfs: cannot create duplicate filename"
    - net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup()
    - net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup()
    - net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case
    - net: mdio: thunder: Add missing fwnode_handle_put()
    - drm/amd/display: Set dcn32 caps.seamless_odm
    - Bluetooth: btqcomsmd: Fix command timeout after setting BD address
    - Bluetooth: L2CAP: Fix responding with wrong PDU type
    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished
      work
    - Bluetooth: mgmt: Fix MGMT add advmon with RSSI command
    - Bluetooth: HCI: Fix global-out-of-bounds
    - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
    - entry: Fix noinstr warning in __enter_from_user_mode()
    - perf/x86/amd/core: Always clear status for idx
    - entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up
    - hwmon: fix potential sensor registration fail if of_node is missing
    - hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
    - scsi: qla2xxx: Synchronize the IOCB count to be in order
    - scsi: qla2xxx: Perform lockless command completion in abort path
    - smb3: lower default deferred close timeout to address perf regression
    - smb3: fix unusable share after force unmount failure
    - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
    - thunderbolt: Use scale field when allocating USB3 bandwidth
    - thunderbolt: Call tb_check_quirks() after initializing adapters
    - thunderbolt: Add quirk to disable CLx
    - thunderbolt: Fix memory leak in margining
    - thunderbolt: Disable interrupt auto clear for rings
    - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access
    - thunderbolt: Use const qualifier for `ring_interrupt_index`
    - thunderbolt: Rename shadowed variables bit to interrupt_bit and
      auto_clear_bit
    - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
    - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43)
    - ACPI: x86: Drop quirk for HP Elitebook
    - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable
    - riscv: Bump COMMAND_LINE_SIZE value to 1024
    - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update()
    - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
    - ca8210: fix mac_len negative array access
    - HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse
    - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
    - m68k: mm: Fix systems with memory at end of 32-bit address space
    - m68k: Only force 030 bus error if PC not in exception table
    - selftests/bpf: check that modifier resolves after pointer
    - scsi: target: iscsi: Fix an error message in iscsi_check_key()
    - scsi: qla2xxx: Add option to disable FC2 Target support
    - scsi: hisi_sas: Check devm_add_action() return value
    - scsi: ufs: core: Add soft dependency on governor_simpleondemand
    - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
    - scsi: lpfc: Avoid usage of list iterator variable after loop
    - scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled
    - scsi: mpi3mr: Wait for diagnostic save during controller init
    - scsi: mpi3mr: NVMe command size greater than 8K fails
    - scsi: mpi3mr: Bad drive in topology results kernel crash
    - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
    - platform/x86: int3472: Add GPIOs to Surface Go 3 Board data
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
    - net: usb: qmi_wwan: add Telit 0x1080 composition
    - drm/amd/display: Update clock table to include highest clock setting
    - sh: sanitize the flags on sigreturn
    - drm/amdgpu: Fix call trace warning and hang when removing amdgpu device
    - drm/amd: Fix initialization mistake for NBIO 7.3.0
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress
    - cifs: lock chan_lock outside match_session
    - cifs: append path to open_enter trace event
    - cifs: do not poll server interfaces too regularly
    - cifs: empty interface list when server doesn't support query interfaces
    - cifs: dump pending mids for all channels in DebugData
    - cifs: print session id while listing open files
    - cifs: fix dentry lookups in directory handle cache
    - x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf()
    - selftests/x86/amx: Add a ptrace test
    - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
    - usb: misc: onboard-hub: add support for Microchip USB2517 USB 2.0 hub
    - usb: dwc2: drd: fix inconsistent mode if role-switch-default-mode="host"
    - usb: dwc2: fix a devres leak in hw_enable upon suspend resume
    - usb: gadget: u_audio: don't let userspace block driver unbind
    - btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile
    - Bluetooth: Fix race condition in hci_cmd_sync_clear
    - efi: sysfb_efi: Fix DMI quirks not working for simpledrm
    - mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP
    - fscrypt: destroy keyring after security_sb_delete()
    - fsverity: Remove WQ_UNBOUND from fsverity read workqueue
    - lockd: set file_lock start and end when decoding nlm4 testargs
    - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name
    - igb: revert rtnl_lock() that causes deadlock
    - dm thin: fix deadlock when swapping to thin device
    - usb: typec: tcpm: fix create duplicate source-capabilities file
    - usb: typec: tcpm: fix warning when handle discover_identity message
    - usb: cdns3: Fix issue with using incorrect PCI device function
    - usb: cdnsp: Fixes issue with redundant Status Stage
    - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver
    - usb: chipdea: core: fix return -EINVAL if request role is the same with
      current role
    - usb: chipidea: core: fix possible concurrent when switch role
    - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
    - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
    - usb: ucsi_acpi: Increase the command completion timeout
    - mm: kfence: fix using kfence_metadata without initialization in
      show_object()
    - kfence: avoid passing -g for test
    - io_uring/net: avoid sending -ECONNABORTED on repeated connection requests
    - io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get()
    - Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare"
    - test_maple_tree: add more testing for mas_empty_area()
    - maple_tree: fix mas_skip_node() end slot detection
    - ksmbd: fix wrong signingkey creation when encryption is AES256
    - ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION
    - ksmbd: don't terminate inactive sessions after a few seconds
    - ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect
    - ksmbd: return unsupported error on smb1 mount
    - wifi: mac80211: fix qos on mesh interfaces
    - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
    - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
    - drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk
    - drm/meson: fix missing component unbind on bind errors
    - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi
    - drm/i915/active: Fix missing debug object activation
    - drm/i915: Preserve crtc_state->inherited during state clearing
    - drm/amdgpu: skip ASIC reset for APUs when go to S4
    - drm/amdgpu: reposition the gpu reset checking for reuse
    - riscv: mm: Fix incorrect ASID argument when flushing TLB
    - riscv: Handle zicsr/zifencei issues between clang and binutils
    - tee: amdtee: fix race condition in amdtee_open_session
    - firmware: arm_scmi: Fix device node validation for mailbox transport
    - arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent
    - arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers
    - soc: qcom: llcc: Fix slice configuration values for SC8280XP
    - mm/ksm: fix race with VMA iteration and mm_struct teardown
    - bus: imx-weim: fix branch condition evaluates to a garbage value
    - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
    - dm stats: check for and propagate alloc_percpu failure
    - dm crypt: add cond_resched() to dmcrypt_write()
    - dm crypt: avoid accessing uninitialized tasklet
    - sched/fair: sanitize vruntime of entity being placed
    - sched/fair: Sanitize vruntime of entity being migrated
    - drm/amdkfd: introduce dummy cache info for property asic
    - drm/amdkfd: Fix the warning of array-index-out-of-bounds
    - drm/amdkfd: add GC 11.0.4 KFD support
    - drm/amdkfd: Fix the memory overrun
    - Linux 6.1.22
    - upstream stable to v6.1.22

* Jammy update: v6.1.21 upstream stable release (LP: #2013343)
    - xfrm: Allow transport-mode states with AF_UNSPEC selector
    - drm/virtio: Pass correct device to dma_sync_sgtable_for_device()
    - drm/msm/gem: Prevent blocking within shrinker loop
    - drm/panfrost: Don't sync rpm suspension after mmu flushing
    - fbdev: chipsfb: Fix error codes in chipsfb_pci_init()
    - cifs: Move the in_send statistic to __smb_send_rqst()
    - drm/meson: fix 1px pink line on GXM when scaling video overlay
    - clk: HI655X: select REGMAP instead of depending on it
    - ASoC: SOF: Intel: MTL: Fix the device description
    - ASoC: SOF: Intel: HDA: Fix device description
    - ASoC: SOF: Intel: SKL: Fix device description
    - ASOC: SOF: Intel: pci-tgl: Fix device description
    - ASoC: SOF: ipc4-topology: set dmic dai index from copier
    - docs: Correct missing "d_" prefix for dentry_operations member
      d_weak_revalidate
    - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
    - scsi: mpi3mr: Fix throttle_groups memory leak
    - scsi: mpi3mr: Fix config page DMA memory leak
    - scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()
    - scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
    - scsi: mpi3mr: Return proper values for failures in firmware init path
    - scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
    - scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt
    - scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()
    - ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
    - netfilter: nft_nat: correct length for loading protocol registers
    - netfilter: nft_masq: correct length for loading protocol registers
    - netfilter: nft_redir: correct length for loading protocol registers
    - netfilter: nft_redir: correct value of inet type `.maxattrs`
    - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD
    - scsi: core: Fix a procfs host directory removal regression
    - ftrace,kcfi: Define ftrace_stub_graph conditionally
    - tcp: tcp_make_synack() can be called from process context
    - vdpa/mlx5: should not activate virtq object when suspended
    - wifi: nl80211: fix NULL-ptr deref in offchan check
    - wifi: cfg80211: fix MLO connection ownership
    - selftests: fix LLVM build for i386 and x86_64
    - nfc: pn533: initialize struct pn533_out_arg properly
    - ipvlan: Make skb->skb_iif track skb->dev for l3s mode
    - i40e: Fix kernel crash during reboot when adapter is in recovery mode
    - vhost-vdpa: free iommu domain after last use during cleanup
    - vdpa_sim: not reset state in vdpasim_queue_ready
    - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
    - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
    - drm/i915/sseu: fix max_subslices array-index-out-of-bounds access
    - net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
    - qed/qed_dev: guard against a possible division by zero
    - net: dsa: mt7530: remove now incorrect comment regarding port 5
    - net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used
    - block: do not reverse request order when flushing plug list
    - loop: Fix use-after-free issues
    - net: tunnels: annotate lockless accesses to dev->needed_headroom
    - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
    - tcp: Fix bind() conflict check for dual-stack wildcard address.
    - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
    - mlxsw: spectrum: Fix incorrect parsing depth after reload
    - net/smc: fix deadlock triggered by cancel_delayed_work_syn()
    - net: usb: smsc75xx: Limit packet length to skb->len
    - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
    - powerpc/mm: Fix false detection of read faults
    - block: null_blk: Fix handling of fake timeout request
    - nvme: fix handling single range discard request
    - nvmet: avoid potential UAF in nvmet_req_complete()
    - block: sunvdc: add check for mdesc_grab() returning NULL
    - net/mlx5e: Fix macsec ASO context alignment
    - net/mlx5e: Don't cache tunnel offloads capability
    - net/mlx5: Fix setting ec_function bit in MANAGE_PAGES
    - net/mlx5: Disable eswitch before waiting for VF pages
    - net/mlx5e: Support Geneve and GRE with VF tunnel offload
    - net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
    - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs
      internal port
    - net/mlx5e: Fix cleanup null-ptr deref on encap lock
    - net/mlx5: Set BREAK_FW_WAIT flag first when removing driver
    - veth: Fix use after free in XDP_REDIRECT
    - ice: xsk: disable txq irq before flushing hw
    - net: dsa: don't error out when drivers return ETH_DATA_LEN in
      .port_max_mtu()
    - net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
    - ravb: avoid PHY being resumed when interface is not up
    - sh_eth: avoid PHY being resumed when interface is not up
    - ipv4: Fix incorrect table ID in IOCTL path
    - net: usb: smsc75xx: Move packet length check to prevent kernel panic in
      skb_pull
    - net: atlantic: Fix crash when XDP is enabled but no program is loaded
    - net/iucv: Fix size of interrupt data
    - i825xx: sni_82596: use eth_hw_addr_set()
    - selftests: net: devlink_port_split.py: skip test if no suitable device
      available
    - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
    - net: dsa: microchip: fix RGMII delay configuration on
      KSZ8765/KSZ8794/KSZ8795
    - ethernet: sun: add check for the mdesc_grab()
    - bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
    - bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
    - hwmon: (adt7475) Display smoothing attributes in correct order
    - hwmon: (adt7475) Fix masking of hysteresis registers
    - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race
      condition
    - hwmon: (ina3221) return prober error code
    - hwmon: (ucd90320) Add minimum delay between bus accesses
    - hwmon: tmp512: drop of_match_ptr for ID table
    - kconfig: Update config changed flag before calling callback
    - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
    - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip
    - media: m5mols: fix off-by-one loop termination error
    - mmc: atmel-mci: fix race between stop command and start of next command
    - soc: mediatek: mtk-svs: keep svs alive if CONFIG_DEBUG_FS not supported
    - jffs2: correct logic when creating a hole in jffs2_write_begin
    - rust: arch/um: Disable FP/SIMD instruction to match x86
    - ext4: fail ext4_iget if special inode unallocated
    - ext4: update s_journal_inum if it changes after journal replay
    - ext4: fix task hung in ext4_xattr_delete_inode
    - drm/amdkfd: Fix an illegal memory access
    - net/9p: fix bug in client create for .L
    - LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
    - sh: intc: Avoid spurious sizeof-pointer-div warning
    - drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
    - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
    - ext4: fix possible double unlock when moving a directory
    - Revert "tty: serial: fsl_lpuart: adjust SERIAL_FSL_LPUART_CONSOLE config
      dependency"
    - tty: serial: fsl_lpuart: skip waiting for transmission complete when
      UARTCTRL_SBK is asserted
    - serial: 8250_em: Fix UART port type
    - serial: 8250_fsl: fix handle_irq locking
    - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
    - firmware: xilinx: don't make a sleepable memory allocation from an atomic
      context
    - memory: tegra: fix interconnect registration race
    - memory: tegra20-emc: fix interconnect registration race
    - memory: tegra124-emc: fix interconnect registration race
    - memory: tegra30-emc: fix interconnect registration race
    - drm/ttm: Fix a NULL pointer dereference
    - s390/ipl: add missing intersection check to ipl_report handling
    - interconnect: fix icc_provider_del() error handling
    - interconnect: fix provider registration API
    - interconnect: imx: fix registration race
    - interconnect: fix mem leak when freeing nodes
    - interconnect: qcom: osm-l3: fix registration race
    - interconnect: qcom: rpm: fix probe child-node error handling
    - interconnect: qcom: rpm: fix registration race
    - interconnect: qcom: rpmh: fix probe child-node error handling
    - interconnect: qcom: rpmh: fix registration race
    - interconnect: qcom: msm8974: fix registration race
    - interconnect: exynos: fix node leak in probe PM QoS error path
    - interconnect: exynos: fix registration race
    - md: select BLOCK_LEGACY_AUTOLOAD
    - cifs: generate signkey for the channel that's reconnecting
    - tracing: Make splice_read available again
    - tracing: Check field value in hist_field_name()
    - tracing: Make tracepoint lockdep check actually test something
    - cifs: Fix smb2_set_path_size()
    - KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask
    - KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs
    - KVM: nVMX: add missing consistency checks for CR0 and CR4
    - ALSA: hda: intel-dsp-config: add MTL PCI id
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
    - Revert "riscv: mm: notify remote harts about mmu cache updates"
    - riscv: asid: Fixup stale TLB entry cause application crash
    - drm/shmem-helper: Remove another errant put in error path
    - drm/sun4i: fix missing component unbind on bind errors
    - drm/i915/active: Fix misuse of non-idle barriers as fence trackers
    - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
    - drm/amdgpu: Don't resume IOMMU after incomplete init
    - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
    - drm/amd/pm: bump SMU 13.0.4 driver_if header version
    - drm/amd/display: Do not set DRR on pipe Commit
    - drm/amd/display: disconnect MPCC only on OTG change
    - mptcp: fix possible deadlock in subflow_error_report
    - mptcp: add ro_after_init for tcp{,v6}_prot_override
    - mptcp: avoid setting TCP_CLOSE state twice
    - mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
    - ftrace: Fix invalid address access in lookup_rec() when index is 0
    - ocfs2: fix data corruption after failed write
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000
    - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
    - vp_vdpa: fix the crash in hot unplug with vp_vdpa
    - mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
    - mm: teach mincore_hugetlb about pte markers
    - powerpc/64: Set default CPU in Kconfig
    - powerpc/boot: Don't always pass -mcpu=powerpc when building 32-bit uImage
    - mmc: sdhci_am654: lower power-on failed message severity
    - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
    - trace/hwlat: Do not wipe the contents of per-cpu thread data
    - trace/hwlat: Do not start per-cpu thread if it is already running
    - ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent
    - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
    - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release()
    - cpuidle: psci: Iterate backwards over list in psci_pd_remove()
    - ASoC: Intel: soc-acpi: fix copy-paste issue in topology names
    - ASoC: qcom: q6prm: fix incorrect clk_root passed to ADSP
    - x86/mce: Make sure logged MCEs are processed after sysfs update
    - x86/mm: Fix use of uninitialized buffer in sme_enable()
    - x86/resctrl: Clear staged_config[] before and after it is used
    - powerpc: Pass correct CPU reference to assembler
    - virt/coco/sev-guest: Check SEV_SNP attribute at probe time
    - virt/coco/sev-guest: Simplify extended guest request handling
    - virt/coco/sev-guest: Remove the disable_vmpck label in
      handle_guest_request()
    - virt/coco/sev-guest: Carve out the request issuing logic into a helper
    - virt/coco/sev-guest: Do some code style cleanups
    - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case
    - virt/coco/sev-guest: Add throttling awareness
    - io_uring/msg_ring: let target know allocated index
    - perf: Fix check before add_event_to_groups() in perf_group_detach()
    - powerpc: Disable CPU unknown by CLANG when CC_IS_CLANG
    - powerpc/64: Replace -mcpu=e500mc64 by -mcpu=e5500
    - Linux 6.1.21
    - upstream stable to v6.1.21

* Jammy update: v6.1.20 upstream stable release (LP: #2012055)
    - fs: prevent out-of-bounds array speculation when closing a file descriptor
    - btrfs: fix unnecessary increment of read error stat on write error
    - btrfs: fix percent calculation for bg reclaim message
    - io_uring/uring_cmd: ensure that device supports IOPOLL
    - erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms
    - perf inject: Fix --buildid-all not to eat up MMAP2
    - fork: allow CLONE_NEWTIME in clone3 flags
    - RISC-V: Stop emitting attributes
    - x86/CPU/AMD: Disable XSAVES on AMD family 0x17
    - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15
    - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21
    - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv
    - drm/display: Don't block HDR_OUTPUT_METADATA on unknown EOTF
    - drm/connector: print max_requested_bpc in state debugfs
    - staging: rtl8723bs: Fix key-store index handling
    - staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()
    - ext4: fix cgroup writeback accounting with fs-layer encryption
    - ext4: fix RENAME_WHITEOUT handling for inline directories
    - ext4: fix another off-by-one fsmap error on 1k block filesystems
    - ext4: move where set the MAY_INLINE_DATA flag is set
    - ext4: fix WARNING in ext4_update_inline_data
    - ext4: zero i_disksize when initializing the bootloader inode
    - HID: core: Provide new max_buffer_size attribute to over-ride the default
    - HID: uhid: Over-ride the default maximum data buffer value with our own
    - nfc: change order inside nfc_se_io error path
    - KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
    - KVM: VMX: Don't bother disabling eVMCS static key on module exit
    - KVM: x86: Move guts of kvm_arch_init() to standalone helper
    - KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
    - fs: dlm: fix log of lowcomms vs midcomms
    - fs: dlm: add midcomms init/start functions
    - fs: dlm: start midcomms before scand
    - fs: dlm: remove send repeat remove handling
    - fs: dlm: use packet in dlm_mhandle
    - fd: dlm: trace send/recv of dlm message and rcom
    - fs: dlm: fix use after free in midcomms commit
    - fs: dlm: use WARN_ON_ONCE() instead of WARN_ON()
    - fs: dlm: be sure to call dlm_send_queue_flush()
    - fs: dlm: fix race setting stop tx flag
    - udf: Fix off-by-one error when discarding preallocation
    - bus: mhi: ep: Power up/down MHI stack during MHI RESET
    - bus: mhi: ep: Change state_lock to mutex
    - Input: exc3000 - properly stop timer on shutdown
    - ipmi:ssif: Remove rtc_us_timer
    - ipmi:ssif: Increase the message retry time
    - ipmi:ssif: Add a timer between request retries
    - spi: intel: Check number of chip selects after reading the descriptor
    - drm/i915: Populate encoder->devdata for DSI on icl+
    - block: Revert "block: Do not reread partition table on exclusively open
      device"
    - block: fix scan partition for exclusively open device again
    - riscv: Add header include guards to insn.h
    - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
    - ext4: Fix possible corruption when moving a directory
    - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID
    - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype
    - drm/msm: Fix potential invalid ptr free
    - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
    - drm/msm/a5xx: fix highest bank bit for a530
    - drm/msm/a5xx: fix the emptyness check in the preempt code
    - drm/msm/a5xx: fix context faults during ring switch
    - bgmac: fix *initial* chip reset to support BCM5358
    - nfc: fdp: add null check of devm_kmalloc_array in
      fdp_nci_i2c_read_device_properties
    - powerpc: dts: t1040rdb: fix compatible string for Rev A boards
    - tls: rx: fix return value for async crypto
    - drm/msm/dpu: disable features unsupported by QCM2290
    - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
    - net: lan966x: Fix port police support using tc-matchall
    - selftests: nft_nat: ensuring the listening side is up before starting the
      client
    - netfilter: nft_last: copy content when cloning expression
    - netfilter: nft_quota: copy content when cloning expression
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()
    - net: use indirect calls helpers for sk_exit_memory_pressure()
    - perf stat: Fix counting when initial delay configured
    - net: lan78xx: fix accessing the LAN7800's internal phy specific registers
      from the MAC driver
    - net: caif: Fix use-after-free in cfusbl_device_notify()
    - ice: copy last block omitted in ice_get_module_eeprom()
    - bpf, sockmap: Fix an infinite loop error when len is 0 in
      tcp_bpf_recvmsg_parser()
    - drm/msm/dpu: fix len of sc7180 ctl blocks
    - drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK
    - drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks
    - drm/msm/dpu: clear DSPP reservations in rm release
    - net: stmmac: add to set device wake up flag when stmmac init phy
    - net: phylib: get rid of unnecessary locking
    - bnxt_en: Avoid order-5 memory allocation for TPA data
    - netfilter: ctnetlink: revert to dumping mark regardless of event type
    - netfilter: tproxy: fix deadlock due to missing BH disable
    - m68k: mm: Move initrd phys_to_virt handling after paging_init()
    - btrfs: fix extent map logging bit not cleared for split maps after dropping
      range
    - bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES
    - btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
    - net: phy: smsc: fix link up detection in forced irq mode
    - net: ethernet: mtk_eth_soc: fix RX data corruption issue
    - net: tls: fix device-offloaded sendpage straddling records
    - scsi: megaraid_sas: Update max supported LD IDs to 240
    - scsi: sd: Fix wrong zone_write_granularity value during revalidate
    - netfilter: conntrack: adopt safer max chain length
    - platform: mellanox: select REGMAP instead of depending on it
    - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
    - block: fix wrong mode for blkdev_put() from disk_scan_partitions()
    - NFSD: Protect against filesystem freezing
    - ice: Fix DSCP PFC TLV creation
    - ethernet: ice: avoid gcc-9 integer overflow warning
    - net/smc: fix fallback failed while sendmsg with fastopen
    - octeontx2-af: Unlock contexts in the queue context cache in case of fault
      detection
    - SUNRPC: Fix a server shutdown leak
    - net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC
    - af_unix: fix struct pid leaks in OOB support
    - erofs: Revert "erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
    - riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
    - RISC-V: Don't check text_mutex during stop_machine
    - drm/amdgpu: fix return value check in kfd
    - ext4: Fix deadlock during directory rename
    - drm/amdgpu/soc21: don't expose AV1 if VCN0 is harvested
    - drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4
    - adreno: Shutdown the GPU properly
    - drm/msm/adreno: fix runtime PM imbalance at unbind
    - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
    - tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
    - MIPS: Fix a compilation issue
    - powerpc/64: Don't recurse irq replay
    - powerpc/iommu: fix memory leak with using debugfs_lookup()
    - clk: renesas: rcar-gen3: Disable R-Car H3 ES1.*
    - powerpc/bpf/32: Only set a stack frame when necessary
    - powerpc/64: Fix task_cpu in early boot when booting non-zero cpuid
    - powerpc/64: Move paca allocation to early_setup()
    - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
    - alpha: fix R_ALPHA_LITERAL reloc for large modules
    - macintosh: windfarm: Use unsigned type for 1-bit bitfields
    - PCI: Add SolidRun vendor ID
    - scripts: handle BrokenPipeError for python scripts
    - media: ov5640: Fix analogue gain control
    - media: rc: gpio-ir-recv: add remove function
    - drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60
    - drm/amd/display: adjust MALL size available for DCN32 and DCN321
    - filelocks: use mount idmapping for setlease permission check
    - Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES"
    - UML: define RUNTIME_DISCARD_EXIT
    - Linux 6.1.20
    - upstream stable to 6.1.20

* Fix screen that remains blank forever after it gets locked (LP: #2009164)
    - drm/i915: Remove PLL asserts from .load_luts()
    - drm/i915: Split up intel_color_init()
    - drm/i915: Simplify the intel_color_init_hooks() if ladder
    - drm/i915: Clean up intel_color_init_hooks()
    - drm/i915: Change glk_load_degamma_lut() calling convention
    - drm/i915: Make ilk_load_luts() deal with degamma
    - drm/i915: Introduce crtc_state->{pre,post}_csc_lut
    - drm/i915: Assert {pre,post}_csc_lut were assigned sensibly
    - drm/i915: Clean up some namespacing
    - drm/i915: Get rid of glk_load_degamma_lut_linear()
    - drm/i915: Stop loading linear degamma LUT on glk needlessly
    - drm/i915: Use sizeof(variable) instead sizeof(type)
    - drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
    - drm/i915: s/dev_priv/i915/ in intel_color.c
    - drm/i915: s/icl_load_gcmax/ivb_load_lut_max/
    - drm/i915: Split ivb_load_lut_ext_max() into two parts
    - drm/i915: Deconfuse the ilk+ 12.4 LUT entry functions
    - drm/i915: Pass limited_range explicitly to ilk_csc_convert_ctm()
    - drm/i915: Reuse ilk_gamma_mode() on ivb+
    - drm/i915: Reject YCbCr output with degamma+gamma on pre-icl
    - drm/i915: Share {csc,gamma}_enable calculation for ilk/snb vs. ivb+
    - drm/i915: Create resized LUTs for ivb+ split gamma mode
    - drm/i915: Clean up legacy palette defines
    - drm/i915: Clean up 10bit precision palette defines
    - drm/i915: Clean up 12.4bit precision palette defines
    - drm/i915: Clean up chv CGM (de)gamma defines
    - drm/i915: Reorder 12.4 lut udw vs. ldw functions
    - drm/i915: Fix adl+ degamma LUT size
    - drm/i915: s/gamma/post_csc_lut/
    - drm/i915: Add glk+ degamma readout
    - drm/i915: Read out CHV CGM degamma
    - drm/i915: Add gamma/degamma readout for bdw+
    - drm/i915: Add gamma/degamma readout for ivb/hsw
    - drm/i915: Make ilk_read_luts() capable of degamma readout
    - drm/i915: Prep for C8 palette readout
    - drm/i915: Make .read_luts() mandatory
    - drm/i915: Finish the LUT state checker
    - drm/i915: Rework legacy LUT handling
    - drm/i915: Use hw degamma LUT for sw gamma on glk with YCbCr output
    - drm/i915: Use gamma LUT for RGB limited range compression
    - drm/i915: Add 10bit gamma mode for gen2/3

* Speaker / Audio/Mic mute LED don't work on a HP platform (LP: #2011379)
    - ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform

* Jammy update: v6.1.19 upstream stable release (LP: #2011528)
    - tpm: disable hwrng for fTPM on some AMD designs
    - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
    - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
    - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
    - Linux 6.1.19
    - upstream stable to v6.1.19

* Jammy update: v6.1.18 upstream stable release (LP: #2011406)
    - net/sched: Retire tcindex classifier
    - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()
    - fs/jfs: fix shift exponent db_agl2size negative
    - driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event()
    - f2fs: don't rely on F2FS_MAP_* in f2fs_iomap_begin
    - f2fs: fix to avoid potential deadlock
    - objtool: Fix memory leak in create_static_call_sections()
    - soc: mediatek: mtk-pm-domains: Allow mt8186 ADSP default power on
    - memory: renesas-rpc-if: Split-off private data from struct rpcif
    - memory: renesas-rpc-if: Move resource acquisition to .probe()
    - soc: mediatek: mtk-svs: Enable the IRQ later
    - pwm: sifive: Always let the first pwm_apply_state succeed
    - pwm: stm32-lp: fix the check on arr and cmp registers update
    - f2fs: introduce trace_f2fs_replace_atomic_write_block
    - f2fs: correct i_size change for atomic writes
    - f2fs: clear atomic_write_task in f2fs_abort_atomic_write()
    - soc: mediatek: mtk-svs: restore default voltages when svs_init02() fail
    - soc: mediatek: mtk-svs: reset svs when svs_resume() fail
    - soc: mediatek: mtk-svs: Use pm_runtime_resume_and_get() in svs_init01()
    - fs: f2fs: initialize fsdata in pagecache_write()
    - f2fs: allow set compression option of files without blocks
    - f2fs: fix to abort atomic write only during do_exist()
    - um: vector: Fix memory leak in vector_config
    - ubi: ensure that VID header offset + VID header size <= alloc, size
    - ubifs: Fix build errors as symbol undefined
    - ubifs: Fix memory leak in ubifs_sysfs_init()
    - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
    - ubifs: Rectify space budget for ubifs_xrename()
    - ubifs: Fix wrong dirty space budget for dirty inode
    - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
    - ubifs: Reserve one leb for each journal head while doing budget
    - ubi: Fix use-after-free when volume resizing failed
    - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
    - ubifs: Fix memory leak in alloc_wbufs()
    - ubi: Fix possible null-ptr-deref in ubi_free_volume()
    - ubifs: Re-statistic cleaned znode count if commit failed
    - ubifs: dirty_cow_znode: Fix memleak in error handling path
    - ubifs: ubifs_writepage: Mark page dirty after writing inode failed
    - ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process
    - ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling
      fastmap
    - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
    - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
    - f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
    - soc: qcom: stats: Populate all subsystem debugfs files
    - ext4: use ext4_fc_tl_mem in fast-commit replay path
    - ext4: don't show commit interval if it is zero
    - netfilter: nf_tables: allow to fetch set elements when table has an owner
    - x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
    - um: virtio_uml: free command if adding to virtqueue failed
    - um: virtio_uml: mark device as unregistered when breaking it
    - um: virtio_uml: move device breaking into workqueue
    - um: virt-pci: properly remove PCI device from bus
    - f2fs: synchronize atomic write aborts
    - watchdog: rzg2l_wdt: Issue a reset before we put the PM clocks
    - watchdog: rzg2l_wdt: Handle TYPE-B reset for RZ/V2M
    - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in
      error path
    - watchdog: Fix kmemleak in watchdog_cdev_register
    - watchdog: pcwd_usb: Fix attempting to access uninitialized memory
    - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
    - netfilter: ctnetlink: fix possible refcount leak in
      ctnetlink_create_conntrack()
    - netfilter: conntrack: fix rmmod double-free race
    - netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
    - netfilter: ebtables: fix table blob use-after-free
    - netfilter: xt_length: use skb len to match in length_mt6
    - netfilter: ctnetlink: make event listener tracking global
    - netfilter: x_tables: fix percpu counter block leak on error path when
      creating new netns
    - ptp: vclock: use mutex to fix "sleep on atomic" bug
    - drm/i915: move a Kconfig symbol to unbreak the menu presentation
    - ipv6: Add lwtunnel encap size of all siblings in nexthop calculation
    - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet
    - net: sunhme: Fix region request
    - sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop
    - octeontx2-pf: Use correct struct reference in test condition
    - net: fix __dev_kfree_skb_any() vs drop monitor
    - 9p/xen: fix version parsing
    - 9p/xen: fix connection sequence
    - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
    - spi: tegra210-quad: Fix validate combined sequence
    - mlx5: fix skb leak while fifo resync and push
    - mlx5: fix possible ptp queue fifo use-after-free
    - net/mlx5: ECPF, wait for VF pages only after disabling host PFs
    - net/mlx5e: Verify flow_source cap before using it
    - net/mlx5: Geneve, Fix handling of Geneve object id as error code
    - ext4: fix incorrect options show of original mount_opt and extend mount_opt2
    - nfc: fix memory leak of se_io context in nfc_genl_se_io
    - net/sched: transition act_pedit to rcu and percpu stats
    - net/sched: act_pedit: fix action bind logic
    - net/sched: act_mpls: fix action bind logic
    - net/sched: act_sample: fix action bind logic
    - net: dsa: seville: ignore mscc-miim read errors from Lynx PCS
    - net: dsa: felix: fix internal MDIO controller resource length
    - ARM: dts: spear320-hmi: correct STMPE GPIO compatible
    - tcp: tcp_check_req() can be called from process context
    - vc_screen: modify vcs_size() handling in vcs_read()
    - spi: tegra210-quad: Fix iterator outside loop
    - rtc: sun6i: Always export the internal oscillator
    - genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()
    - scsi: ipr: Work around fortify-string warning
    - scsi: mpi3mr: Fix an issue found by KASAN
    - scsi: mpi3mr: Use number of bits to manage bitmap sizes
    - rtc: allow rtc_read_alarm without read_alarm callback
    - io_uring: fix size calculation when registering buf ring
    - loop: loop_set_status_from_info() check before assignment
    - ASoC: adau7118: don't disable regulators on device unbind
    - ASoC: apple: mca: Fix final status read on SERDES reset
    - ASoC: apple: mca: Fix SERDES reset sequence
    - ASoC: apple: mca: Improve handling of unavailable DMA channels
    - nvme: bring back auto-removal of deleted namespaces during sequential scan
    - nvme-tcp: don't access released socket during error recovery
    - nvme-fabrics: show well known discovery name
    - ASoC: zl38060 add gpiolib dependency
    - ASoC: mediatek: mt8195: add missing initialization
    - thermal: intel: quark_dts: fix error pointer dereference
    - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it
    - tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
    - kernel/printk/index.c: fix memory leak with using debugfs_lookup()
    - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
    - bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC
      support
    - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak
    - IB/hfi1: Update RMT size calculation
    - iommu/amd: Fix error handling for pdev_pri_ats_enable()
    - PCI/ACPI: Account for _S0W of the target bridge in acpi_pci_bridge_d3()
    - media: uvcvideo: Remove format descriptions
    - media: uvcvideo: Handle cameras with invalid descriptors
    - media: uvcvideo: Handle errors from calls to usb_string
    - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
    - media: uvcvideo: Silence memcpy() run-time false positive warnings
    - USB: fix memory leak with using debugfs_lookup()
    - cacheinfo: Fix shared_cpu_map to handle shared caches at different levels
    - staging: emxx_udc: Add checks for dma_alloc_coherent()
    - tty: fix out-of-bounds access in tty_driver_lookup_tty()
    - tty: serial: fsl_lpuart: disable the CTS when send break signal
    - serial: sc16is7xx: setup GPIO controller later in probe
    - mei: bus-fixup:upon error print return values of send and receive
    - tools/iio/iio_utils:fix memory leak
    - bus: mhi: ep: Fix the debug message for MHI_PKT_TYPE_RESET_CHAN_CMD cmd
    - iio: accel: mma9551_core: Prevent uninitialized variable in
      mma9551_read_status_word()
    - iio: accel: mma9551_core: Prevent uninitialized variable in
      mma9551_read_config_word()
    - media: uvcvideo: Add GUID for BGRA/X 8:8:8:8
    - soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe()
    - PCI: loongson: Prevent LS7A MRRS increases
    - staging: pi433: fix memory leak with using debugfs_lookup()
    - USB: dwc3: fix memory leak with using debugfs_lookup()
    - USB: chipidea: fix memory leak with using debugfs_lookup()
    - USB: ULPI: fix memory leak with using debugfs_lookup()
    - USB: uhci: fix memory leak with using debugfs_lookup()
    - USB: sl811: fix memory leak with using debugfs_lookup()
    - USB: fotg210: fix memory leak with using debugfs_lookup()
    - USB: isp116x: fix memory leak with using debugfs_lookup()
    - USB: isp1362: fix memory leak with using debugfs_lookup()
    - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup()
    - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup()
    - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer
      math
    - USB: ene_usb6250: Allocate enough memory for full object
    - usb: uvc: Enumerate valid values for color matching
    - usb: gadget: uvc: Make bSourceID read/write
    - PCI: Align extra resources for hotplug bridges properly
    - PCI: Take other bus devices into account when distributing resources
    - PCI: Distribute available resources for root buses, too
    - tty: pcn_uart: fix memory leak with using debugfs_lookup()
    - misc: vmw_balloon: fix memory leak with using debugfs_lookup()
    - drivers: base: component: fix memory leak with using debugfs_lookup()
    - drivers: base: dd: fix memory leak with using debugfs_lookup()
    - kernel/fail_function: fix memory leak with using debugfs_lookup()
    - PCI: loongson: Add more devices that need MRRS quirk
    - PCI: Add ACS quirk for Wangxun NICs
    - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
    - phy: rockchip-typec: Fix unsigned comparison with less than zero
    - RDMA/cma: Distinguish between sockaddr_in and sockaddr_in6 by size
    - iommu: Attach device group to old domain in error path
    - soundwire: cadence: Remove wasted space in response_buf
    - soundwire: cadence: Drain the RX FIFO after an IO timeout
    - net: tls: avoid hanging tasks on the tx_lock
    - x86/resctl: fix scheduler confusion with 'current'
    - vDPA/ifcvf: decouple hw features manipulators from the adapter
    - vDPA/ifcvf: decouple config space ops from the adapter
    - vDPA/ifcvf: alloc the mgmt_dev before the adapter
    - vDPA/ifcvf: decouple vq IRQ releasers from the adapter
    - vDPA/ifcvf: decouple config IRQ releaser from the adapter
    - vDPA/ifcvf: decouple vq irq requester from the adapter
    - vDPA/ifcvf: decouple config/dev IRQ requester and vectors allocator from the
      adapter
    - vDPA/ifcvf: ifcvf_request_irq works on ifcvf_hw
    - vDPA/ifcvf: manage ifcvf_hw in the mgmt_dev
    - vDPA/ifcvf: allocate the adapter in dev_add()
    - drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state()
    - drm/display/dp_mst: Fix down/up message handling after sink disconnect
    - drm/display/dp_mst: Fix down message handling after a packet reception error
    - drm/display/dp_mst: Fix payload addition on a disconnected sink
    - drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs
    - drm/i915: Fix system suspend without fbdev being initialized
    - media: uvcvideo: Fix race condition with usb_kill_urb
    - io_uring: fix two assignments in if conditions
    - io_uring/poll: allow some retries for poll triggering spuriously
    - arm64: efi: Make efi_rt_lock a raw_spinlock
    - arm64: mte: Fix/clarify the PG_mte_tagged semantics
    - arm64: Reset KASAN tag in copy_highpage with HW tags only
    - usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails
    - Linux 6.1.18
    - upstream stable to v6.1.18
    - [Config] Update annotations after merging 6.1.18

* Jammy update: v6.1.17 upstream stable release (LP: #2011405)
    - Revert "blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and
      blkcg_deactivate_policy()"
    - Revert "blk-cgroup: dropping parent refcount after pd_free_fn() is done"
    - Linux 6.1.17
    - upstream stable to v6.1.17

* Jammy update: v6.1.16 upstream stable release (LP: #2011407)
    - HID: asus: use spinlock to protect concurrent accesses
    - HID: asus: use spinlock to safely schedule workers
    - powerpc/mm: Rearrange if-else block to avoid clang warning
    - ata: ahci: Revert "ata: ahci: Add Tiger Lake UP{3,4} AHCI controller"
    - ARM: OMAP2+: Fix memory leak in realtime_counter_init()
    - arm64: dts: qcom: qcs404: use symbol names for PCIe resets
    - arm64: dts: qcom: msm8996-tone: Fix USB taking 6 minutes to wake up
    - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k
    - arm64: dts: qcom: sm6350: Fix up the ramoops node
    - arm64: dts: qcom: sm6125: Reorder HSUSB PHY clocks to match bindings
    - arm64: dts: qcom: sm6125-seine: Clean up gpio-keys (volume down)
    - arm64: dts: imx8m: Align SoC unique ID node unit address
    - ARM: zynq: Fix refcount leak in zynq_early_slcr_init
    - arm64: dts: mediatek: mt8195: Add power domain to U3PHY1 T-PHY
    - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description
    - arm64: dts: mediatek: mt8192: Fix systimer 13 MHz clock description
    - arm64: dts: mediatek: mt8195: Fix systimer 13 MHz clock description
    - arm64: dts: mediatek: mt8186: Fix systimer 13 MHz clock description
    - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name
    - x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC
    - arm64: dts: qcom: sc7180: correct SPMI bus address cells
    - arm64: dts: qcom: sc7280: correct SPMI bus address cells
    - arm64: dts: qcom: sc8280xp: correct SPMI bus address cells
    - arm64: dts: qcom: sc8280xp: Vote for CX in USB controllers
    - arm64: dts: meson-gxl: jethub-j80: Fix WiFi MAC address node
    - arm64: dts: meson-gxl: jethub-j80: Fix Bluetooth MAC node name
    - arm64: dts: meson-axg: jethub-j1xx: Fix MAC address node names
    - arm64: dts: meson-gx: Fix Ethernet MAC address unit name
    - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
    - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
    - cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*
    - arm64: dts: ti: k3-am62: Enable SPI nodes at the board level
    - arm64: dts: ti: k3-am62-main: Fix clocks for McSPI
    - arm64: tegra: Fix duplicate regulator on Jetson TX1
    - arm64: dts: msm8992-bullhead: add memory hole region
    - arm64: dts: qcom: msm8992-bullhead: Fix cont_splash_mem size
    - arm64: dts: qcom: msm8992-bullhead: Disable dfps_data_mem
    - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names
    - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY
    - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY
    - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges
    - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node
    - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names
    - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
    - ARM: OMAP1: call platform_device_put() in error case in
      omap1_dm_timer_init()
    - arm64: dts: mediatek: mt8192: Mark scp_adsp clock as broken
    - ARM: bcm2835_defconfig: Enable the framebuffer
    - ARM: s3c: fix s3c64xx_set_timer_source prototype
    - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range
    - ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
    - ARM: imx: Call ida_simple_remove() for ida_simple_get
    - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
    - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
    - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
    - arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix supply name of USB
      controller node
    - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names
      property
    - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
    - arm64: dts: amlogic: meson-gxl-s905w-jethome-jethub-j80: fix invalid rtc
      node name
    - arm64: dts: amlogic: meson-axg-jethome-jethub-j1xx: fix invalid rtc node
      name
    - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node
      name
    - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name
    - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names
    - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name
    - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
    - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip
    - locking/rwsem: Disable preemption in all down_read*() and up_read() code
      paths
    - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
    - arm64: dts: meson: radxa-zero: allow usb otg mode
    - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
    - ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
    - ublk_drv: remove nr_aborted_queues from ublk_device
    - ublk_drv: don't probe partitions if the ubq daemon isn't trusted
    - ARM: dts: imx7s: correct iomuxc gpr mux controller cells
    - sbitmap: remove redundant check in __sbitmap_queue_get_batch
    - sbitmap: Use single per-bitmap counting to wake up queued tags
    - sbitmap: correct wake_batch recalculation to avoid potential IO hung
    - arm64: dts: mt8195: Fix CPU map for single-cluster SoC
    - arm64: dts: mt8192: Fix CPU map for single-cluster SoC
    - arm64: dts: mt8186: Fix CPU map for single-cluster SoC
    - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
    - arm64: dts: mediatek: mt8186: Fix watchdog compatible
    - arm64: dts: mediatek: mt8195: Fix watchdog compatible
    - arm64: dts: mediatek: mt7986: Fix watchdog compatible
    - ARM: dts: stm32: Update part number NVMEM description on stm32mp131
    - blk-mq: avoid sleep in blk_mq_alloc_request_hctx
    - blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
    - blk-mq: wait on correct sbitmap_queue in blk_mq_mark_tag_wait
    - blk-mq: Fix potential io hung for shared sbitmap per tagset
    - blk-mq: correct stale comment of .get_budget
    - arm64: dts: qcom: msm8996: support using GPLL0 as kryocc input
    - arm64: dts: qcom: msm8996 switch from RPM_SMD_BB_CLK1 to RPM_SMD_XO_CLK_SRC
    - arm64: dts: qcom: sm8350: drop incorrect cells from serial
    - arm64: dts: qcom: sm8450: drop incorrect cells from serial
    - arm64: dts: qcom: msm8992-lg-bullhead: Correct memory overlaps with the SMEM
      and MPSS memory regions
    - arm64: dts: qcom: msm8953: correct TLMM gpio-ranges
    - arm64: dts: qcom: msm8992-*: Fix up comments
    - arm64: dts: qcom: msm8992-lg-bullhead: Enable regulators
    - s390/dasd: Fix potential memleak in dasd_eckd_init()
    - sched/rt: pick_next_rt_entity(): check list_entry
    - perf/x86/intel/ds: Fix the conversion from TSC to perf time
    - x86/perf/zhaoxin: Add stepping check for ZXC
    - KEYS: asymmetric: Fix ECDSA use via keyctl uapi
    - block: ublk: check IO buffer based on flag need_get_data
    - arm64: dts: qcom: pmk8350: Specify PBS register for PON
    - arm64: dts: qcom: pmk8350: Use the correct PON compatible
    - erofs: relinquish volume with mutex held
    - block: sync mixed merged request's failfast with 1st bio's
    - block: Fix io statistics for cgroup in throttle path
    - block: bio-integrity: Copy flags when bio_integrity_payload is cloned
    - block: use proper return value from bio_failfast()
    - wifi: mt76: mt7915: add missing of_node_put()
    - wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host
    - wifi: mt76: mt7915: check return value before accessing free_block_num
    - wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr()
    - wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read()
    - wifi: mt76: fix coverity uninit_use_in_call in
      mt76_connac2_reverse_frag0_hdr_trans()
    - wifi: rsi: Fix memory leak in rsi_coex_attach()
    - wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: rtlwifi: rtl8723be: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: iwlegacy: common: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: fix memory leak in lbs_init_adapter()
    - wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: rtw89: 8852c: rfk: correct DACK setting
    - wifi: rtw89: 8852c: rfk: correct DPK settings
    - wifi: rtlwifi: Fix global-out-of-bounds bug in
      _rtl8812ae_phy_set_txpower_limit()
    - libbpf: Fix btf__align_of() by taking into account field offsets
    - wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
    - wifi: ipw2200: fix memory leak in ipw_wdev_init()
    - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
    - wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
    - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
    - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
    - wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
    - wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
    - libbpf: Fix invalid return address register in s390
    - crypto: x86/ghash - fix unaligned access in ghash_setkey()
    - ACPICA: Drop port I/O validation for some regions
    - genirq: Fix the return type of kstat_cpu_irqs_sum()
    - rcu-tasks: Improve comments explaining tasks_rcu_exit_srcu purpose
    - rcu-tasks: Remove preemption disablement around srcu_read_[un]lock() calls
    - rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()
    - lib/mpi: Fix buffer overrun when SG is too long
    - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2
    - platform/chrome: cros_ec_typec: Update port DP VDO
    - ACPICA: nsrepair: handle cases without a return value correctly
    - selftests/xsk: print correct payload for packet dump
    - selftests/xsk: print correct error codes when exiting
    - arm64/cpufeature: Fix field sign for DIT hwcap detection
    - kselftest/arm64: Fix syscall-abi for systems without 128 bit SME
    - workqueue: Protects wq_unbound_cpumask with wq_pool_attach_mutex
    - s390/early: fix sclp_early_sccb variable lifetime
    - s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue()
    - x86/signal: Fix the value returned by strict_sas_size()
    - thermal/drivers/tsens: Drop msm8976-specific defines
    - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
    - thermal/drivers/tsens: fix slope values for msm8939
    - thermal/drivers/tsens: limit num_sensors to 9 for msm8939
    - wifi: rtw89: fix potential leak in rtw89_append_probe_req_ie()
    - wifi: rtw89: Add missing check for alloc_workqueue
    - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
    - wifi: orinoco: check return value of hermes_write_wordrec()
    - thermal/drivers/imx_sc_thermal: Drop empty platform remove function
    - thermal/drivers/imx_sc_thermal: Fix the loop condition
    - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback
      function
    - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
    - wifi: ath9k: Fix potential stack-out-of-bounds write in
      ath9k_wmi_rsp_callback()
    - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
    - wifi: cfg80211: Fix extended KCK key length check in
      nl80211_set_rekey_data()
    - ACPI: battery: Fix missing NUL-termination with large strings
    - selftests/bpf: Fix build errors if CONFIG_NF_CONNTRACK=m
    - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename
    - crypto: essiv - Handle EBUSY correctly
    - crypto: seqiv - Handle EBUSY correctly
    - powercap: fix possible name leak in powercap_register_zone()
    - x86/microcode: Add a parameter to microcode_check() to store CPU
      capabilities
    - x86/microcode: Check CPU capabilities after late microcode update correctly
    - x86/microcode: Adjust late loading result reporting message
    - selftests/bpf: Use consistent build-id type for liburandom_read.so
    - selftests/bpf: Fix vmtest static compilation error
    - crypto: xts - Handle EBUSY correctly
    - leds: led-class: Add missing put_device() to led_put()
    - s390/bpf: Add expoline to tail calls
    - wifi: iwlwifi: mei: fix compilation errors in rfkill()
    - kselftest/arm64: Fix enumeration of systems without 128 bit SME
    - can: rcar_canfd: Fix R-Car V3U GAFLCFG field accesses
    - selftests/bpf: Initialize tc in xdp_synproxy
    - crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware
    - bpftool: profile online CPUs instead of possible
    - wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after
      init_work
    - wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit
    - wifi: mt76: mt7915: fix WED TxS reporting
    - wifi: mt76: add memory barrier to SDIO queue kick
    - net/mlx5: Enhance debug print in page allocation failure
    - irqchip: Fix refcount leak in platform_irqchip_probe
    - irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
    - irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
    - irqchip/ti-sci: Fix refcount leak in ti_sci_intr_irq_domain_probe
    - s390/mem_detect: fix detect_memory() error handling
    - s390/vmem: fix empty page tables cleanup under KASAN
    - s390/boot: cleanup decompressor header files
    - s390/mem_detect: rely on diag260() if sclp_early_get_memsize() fails
    - s390/boot: fix mem_detect extended area allocation
    - net: add sock_init_data_uid()
    - tun: tun_chr_open(): correctly initialize socket uid
    - tap: tap_open(): correctly initialize socket uid
    - OPP: fix error checking in opp_migrate_dentry()
    - cpufreq: davinci: Fix clk use after free
    - Bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds
    - Bluetooth: L2CAP: Fix potential user-after-free
    - Bluetooth: hci_qca: get wakeup status from serdev device handle
    - net: ipa: generic command param fix
    - s390: vfio-ap: tighten the NIB validity check
    - s390/ap: fix status returned by ap_aqic()
    - s390/ap: fix status returned by ap_qact()
    - libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
    - xen/grant-dma-iommu: Implement a dummy probe_device() callback
    - rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
    - crypto: rsa-pkcs1pad - Use akcipher_request_complete
    - m68k: /proc/hardware should depend on PROC_FS
    - RISC-V: time: initialize hrtimer based broadcast clock event device
    - clocksource/drivers/riscv: Patch riscv_clock_next_event() jump before first
      use
    - wifi: iwl3945: Add missing check for create_singlethread_workqueue
    - wifi: iwl4965: Add missing check for create_singlethread_workqueue()
    - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
    - selftests/bpf: Fix out-of-srctree build
    - ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models
    - ACPI: resource: Do IRQ override on all TongFang GMxRGxx
    - crypto: octeontx2 - Fix objects shared between several modules
    - crypto: crypto4xx - Call dma_unmap_page when done
    - wifi: mac80211: move color collision detection report in a delayed work
    - wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
    - wifi: mac80211: fix non-MLO station association
    - wifi: mac80211: Don't translate MLD addresses for multicast
    - wifi: mac80211: avoid u32_encode_bits() warning
    - wifi: mac80211: fix off-by-one link setting
    - tools/lib/thermal: Fix thermal_sampling_exit()
    - thermal/drivers/hisi: Drop second sensor hi3660
    - selftests/bpf: Fix map_kptr test.
    - wifi: mac80211: pass 'sta' to ieee80211_rx_data_set_sta()
    - bpf: Zeroing allocated object from slab in bpf memory allocator
    - selftests/bpf: Fix xdp_do_redirect on s390x
    - can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a
      bus error
    - can: esd_usb: Make use of can_change_state() and relocate checking skb for
      NULL
    - xsk: check IFF_UP earlier in Tx path
    - LoongArch, bpf: Use 4 instructions for function address in JIT
    - bpf: Fix global subprog context argument resolution logic
    - irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
    - irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
    - net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()
    - net/smc: fix application data exception
    - selftests/net: Interpret UDP_GRO cmsg data as an int value
    - l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
    - net: bcmgenet: fix MoCA LED control
    - net: lan966x: Fix possible deadlock inside PTP
    - net/mlx4_en: Introduce flexible array to silence overflow warning
    - selftest: fib_tests: Always cleanup before exit
    - sefltests: netdevsim: wait for devlink instance after netns removal
    - drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
    - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
    - drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec
    - drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC
    - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
    - drm/bridge: megachips: Fix error handling in i2c_register_driver()
    - drm/vkms: Fix memory leak in vkms_init()
    - drm/vkms: Fix null-ptr-deref in vkms_release()
    - drm/vc4: dpi: Fix format mapping for RGB565
    - drm: tidss: Fix pixel format definition
    - gpu: ipu-v3: common: Add of_node_put() for reference returned by
      of_graph_get_port_by_id()
    - drm/vc4: drop all currently held locks if deadlock happens
    - hwmon: (ftsteutates) Fix scaling of measurements
    - drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init()
    - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
    - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins
    - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
    - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
    - drm/vc4: hvs: Set AXI panic modes
    - drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4
    - drm/vc4: hvs: Correct interrupt masking bit assignment for HVS5
    - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5
    - drm/vc4: hdmi: Correct interlaced timings again
    - drm/msm: clean event_thread->worker in case of an error
    - drm/panel-edp: fix name for IVO product id 854b
    - scsi: qla2xxx: Fix exchange oversubscription
    - scsi: qla2xxx: Fix exchange oversubscription for management commands
    - scsi: qla2xxx: edif: Fix clang warning
    - ASoC: fsl_sai: initialize is_dsp_mode flag
    - drm/bridge: tc358767: Set default CLRSIPO count
    - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
    - ALSA: hda/ca0132: minor fix for allocation size
    - drm/amdgpu: Use the sched from entity for amdgpu_cs trace
    - drm/msm/gem: Add check for kmalloc
    - drm/msm/dpu: Disallow unallocated resources to be returned
    - drm/bridge: lt9611: fix sleep mode setup
    - drm/bridge: lt9611: fix HPD reenablement
    - drm/bridge: lt9611: fix polarity programming
    - drm/bridge: lt9611: fix programming of video modes
    - drm/bridge: lt9611: fix clock calculation
    - drm/bridge: lt9611: pass a pointer to the of node
    - regulator: tps65219: use IS_ERR() to detect an error pointer
    - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
    - drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags
    - drm/msm/dsi: Allow 2 CTRLs on v2.5.0
    - scsi: ufs: exynos: Fix DMA alignment for PAGE_SIZE != 4096
    - drm/msm/dpu: sc7180: add missing WB2 clock control
    - drm/msm: use strscpy instead of strncpy
    - drm/msm/dpu: Add check for cstate
    - drm/msm/dpu: Add check for pstates
    - drm/msm/mdp5: Add check for kzalloc
    - habanalabs: bugs fixes in timestamps buff alloc
    - pinctrl: bcm2835: Remove of_node_put() in bcm2835_of_gpio_ranges_fallback()
    - pinctrl: mediatek: Initialize variable pullen and pullup to zero
    - pinctrl: mediatek: Initialize variable *buf to zero
    - gpu: host1x: Fix mask for syncpoint increment register
    - gpu: host1x: Don't skip assigning syncpoints to channels
    - drm/tegra: firewall: Check for is_addr_reg existence in IMM check
    - pinctrl: renesas: rzg2l: Fix configuring the GPIO pins as interrupts
    - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update()
    - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd
    - drm/mediatek: Use NULL instead of 0 for NULL pointer
    - drm/mediatek: Drop unbalanced obj unref
    - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
    - drm/mediatek: Clean dangling pointer on bind error path
    - ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
    - dt-bindings: display: mediatek: Fix the fallback for mediatek,mt8186-disp-
      ccorr
    - gpio: vf610: connect GPIO label to dev name
    - ASoC: topology: Properly access value coming from topology file
    - spi: dw_bt1: fix MUX_MMIO dependencies
    - ASoC: mchp-spdifrx: fix controls which rely on rsr register
    - ASoC: mchp-spdifrx: fix return value in case completion times out
    - ASoC: mchp-spdifrx: fix controls that works with completion mechanism
    - ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove()
    - dm: improve shrinker debug names
    - regmap: apply reg_base and reg_downshift for single register ops
    - ASoC: rsnd: fixup #endif position
    - ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params()
    - ASoC: dt-bindings: meson: fix gx-card codec node regex
    - regulator: tps65219: use generic set_bypass()
    - hwmon: (asus-ec-sensors) add missing mutex path
    - hwmon: (ltc2945) Handle error case in ltc2945_value_store
    - ALSA: hda: Fix the control element identification for multiple codecs
    - drm/amdgpu: fix enum odm_combine_mode mismatch
    - scsi: mpt3sas: Fix a memory leak
    - scsi: aic94xx: Add missing check for dma_map_single()
    - HID: multitouch: Add quirks for flipped axes
    - HID: retain initial quirks set up when creating HID devices
    - ASoC: qcom: q6apm-lpass-dai: unprepare stream if its already prepared
    - ASoC: qcom: q6apm-dai: fix race condition while updating the position
      pointer
    - ASoC: qcom: q6apm-dai: Add SNDRV_PCM_INFO_BATCH flag
    - ASoC: codecs: lpass: register mclk after runtime pm
    - ASoC: codecs: lpass: fix incorrect mclk rate
    - drm/amd/display: don't call dc_interrupt_set() for disabled crtcs
    - HID: logitech-hidpp: Hard-code HID++ 1.0 fast scroll support
    - spi: bcm63xx-hsspi: Fix multi-bit mode setting
    - hwmon: (mlxreg-fan) Return zero speed for broken fan
    - ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
    - dm: remove flush_scheduled_work() during local_exit()
    - nfs4trace: fix state manager flag printing
    - NFS: fix disabling of swap
    - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one()
    - ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared
    - HID: bigben: use spinlock to protect concurrent accesses
    - HID: bigben_worker() remove unneeded check on report_field
    - HID: bigben: use spinlock to safely schedule workers
    - hid: bigben_probe(): validate report count
    - ALSA: hda/hdmi: Register with vga_switcheroo on Dual GPU Macbooks
    - drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt()
    - NFSD: enhance inter-server copy cleanup
    - NFSD: fix leaked reference count of nfsd4_ssc_umount_item
    - nfsd: fix race to check ls_layouts
    - nfsd: clean up potential nfsd_file refcount leaks in COPY codepath
    - NFSD: fix problems with cleanup on errors in nfsd4_copy
    - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open
    - nfsd: don't fsync nfsd_files on last close
    - NFSD: copy the whole verifier in nfsd_copy_write_verifier
    - cifs: Fix lost destroy smbd connection when MR allocate failed
    - cifs: Fix warning and UAF when destroy the MR list
    - cifs: use tcon allocation functions even for dummy tcon
    - gfs2: jdata writepage fix
    - perf llvm: Fix inadvertent file creation
    - leds: led-core: Fix refcount leak in of_led_get()
    - leds: is31fl319x: Wrap mutex_destroy() for devm_add_action_or_rest()
    - leds: simatic-ipc-leds-gpio: Make sure we have the GPIO providing driver
    - tools/tracing/rtla: osnoise_hist: use total duration for average calculation
    - perf inject: Use perf_data__read() for auxtrace
    - perf intel-pt: Do not try to queue auxtrace data on pipe
    - perf test bpf: Skip test if kernel-debuginfo is not present
    - perf tools: Fix auto-complete on aarch64
    - sparc: allow PM configs for sparc32 COMPILE_TEST
    - selftests: find echo binary to use -ne options
    - selftests: use printf instead of echo -ne
    - perf record: Fix segfault with --overwrite and --max-size
    - printf: fix errname.c list
    - perf tests stat_all_metrics: Change true workload to sleep workload for
      system wide check
    - objtool: add UACCESS exceptions for __tsan_volatile_read/write
    - mfd: cs5535: Don't build on UML
    - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
    - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
    - RDMA/erdma: Fix refcount leak in erdma_mmap
    - dmaengine: HISI_DMA should depend on ARCH_HISI
    - RDMA/hns: Fix refcount leak in hns_roce_mmap
    - iio: light: tsl2563: Do not hardcode interrupt trigger type
    - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe()
    - i2c: designware: fix i2c_dw_clk_rate() return size to be u32
    - soundwire: cadence: Don't overflow the command FIFOs
    - driver core: fix potential null-ptr-deref in device_add()
    - kobject: modify kobject_get_path() to take a const *
    - kobject: Fix slab-out-of-bounds in fill_kobj_path()
    - alpha/boot/tools/objstrip: fix the check for ELF header
    - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
    - media: uvcvideo: Implement mask for V4L2_CTRL_TYPE_MENU
    - media: uvcvideo: Refactor uvc_ctrl_mappings_uvcXX
    - media: uvcvideo: Refactor power_line_frequency_controls_limited
    - coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR
    - coresight: cti: Prevent negative values of enable count
    - coresight: cti: Add PM runtime call in enable_store
    - usb: typec: intel_pmc_mux: Don't leak the ACPI device reference count
    - PCI/IOV: Enlarge virtfn sysfs name buffer
    - PCI: switchtec: Return -EFAULT for copy_to_user() errors
    - PCI: endpoint: pci-epf-vntb: Clean up kernel_doc warning
    - PCI: endpoint: pci-epf-vntb: Add epf_ntb_mw_bar_clear() num_mws kernel-doc
    - hwtracing: hisi_ptt: Only add the supported devices to the filters list
    - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown()
    - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown()
    - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init()
    - Revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in
      set_protocol"
    - eeprom: idt_89hpesx: Fix error handling in idt_init()
    - applicom: Fix PCI device refcount leak in applicom_init()
    - firmware: stratix10-svc: add missing gen_pool_destroy() in
      stratix10_svc_drv_probe()
    - firmware: stratix10-svc: fix error handle while alloc/add device failed
    - VMCI: check context->notify_page after call to get_user_pages_fast() to
      avoid GPF
    - mei: pxp: Use correct macros to initialize uuid_le
    - misc/mei/hdcp: Use correct macros to initialize uuid_le
    - misc: fastrpc: Fix an error handling path in fastrpc_rpmsg_probe()
    - driver core: fix resource leak in device_add()
    - driver core: location: Free struct acpi_pld_info *pld before return false
    - drivers: base: transport_class: fix possible memory leak
    - drivers: base: transport_class: fix resource leak when
      transport_add_device() fails
    - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle
    - fotg210-udc: Add missing completion handler
    - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers
    - fpga: microchip-spi: move SPI I/O buffers out of stack
    - fpga: microchip-spi: rewrite status polling in a time measurable way
    - usb: early: xhci-dbc: Fix a potential out-of-bound memory access
    - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case
    - RDMA/cxgb4: add null-ptr-check after ip_dev_find()
    - usb: musb: mediatek: don't unregister something that wasn't registered
    - usb: gadget: configfs: Restrict symlink creation is UDC already binded
    - phy: mediatek: remove temporary variable @mask_
    - PCI: mt7621: Delay phy ports initialization
    - iommu: dart: Add suspend/resume support
    - iommu: dart: Support >64 stream IDs
    - iommu/dart: Fix apple_dart_device_group for PCI groups
    - iommu/vt-d: Set No Execute Enable bit in PASID table entry
    - power: supply: remove faulty cooling logic
    - RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish()
    - usb: max-3421: Fix setting of I/O pins
    - RDMA/irdma: Cap MSIX used to online CPUs + 1
    - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
    - tty: serial: imx: Handle RS485 DE signal active high
    - tty: serial: imx: disable Ageing Timer interrupt request irq
    - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links
    - driver core: fw_devlink: Don't purge child fwnode's consumer links
    - driver core: fw_devlink: Allow marking a fwnode link as being part of a
      cycle
    - driver core: fw_devlink: Consolidate device link flag computation
    - driver core: fw_devlink: Improve check for fwnode with no device/driver
    - driver core: fw_devlink: Make cycle detection more robust
    - mtd: mtdpart: Don't create platform device that'll never probe
    - usb: host: fsl-mph-dr-of: reuse device_set_of_node_from_dev
    - dmaengine: dw-edma: Fix readq_ch() return value truncation
    - PCI: Fix dropping valid root bus resources with .end = zero
    - phy: rockchip-typec: fix tcphy_get_mode error case
    - PCI: qcom: Fix host-init error handling
    - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()
    - iommu: Fix error unwind in iommu_group_alloc()
    - iommu/amd: Do not identity map v2 capable device when snp is enabled
    - dmaengine: sf-pdma: pdma_desc memory leak fix
    - dmaengine: dw-axi-dmac: Do not dereference NULL structure
    - dmaengine: ptdma: check for null desc before calling pt_cmd_callback
    - iommu/vt-d: Fix error handling in sva enable/disable paths
    - iommu/vt-d: Allow to use flush-queue when first level is default
    - RDMA/rxe: cleanup some error handling in rxe_verbs.c
    - RDMA/rxe: Fix missing memory barriers in rxe_queue.h
    - IB/hfi1: Fix math bugs in hfi1_can_pin_pages()
    - IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
    - Revert "remoteproc: qcom_q6v5_mss: map/unmap metadata region before/after
      use"
    - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers
    - media: ti: cal: fix possible memory leak in cal_ctx_create()
    - media: platform: ti: Add missing check for devm_regulator_get
    - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in
      imx7_csi_init()
    - powerpc: Remove linker flag from KBUILD_AFLAGS
    - s390/vdso: Drop '-shared' from KBUILD_CFLAGS_64
    - builddeb: clean generated package content
    - media: max9286: Fix memleak in max9286_v4l2_register()
    - media: ov2740: Fix memleak in ov2740_init_controls()
    - media: ov5675: Fix memleak in ov5675_init_controls()
    - media: ov5640: Fix soft reset sequence and timings
    - media: ov5640: Handle delays when no reset_gpio set
    - media: mc: Get media_device directly from pad
    - media: i2c: ov772x: Fix memleak in ov772x_probe()
    - media: i2c: imx219: Split common registers from mode tables
    - media: i2c: imx219: Fix binning for RAW8 capture
    - media: platform: mtk-mdp3: Fix return value check in mdp_probe()
    - media: camss: csiphy-3ph: avoid undefined behavior
    - media: platform: mtk-mdp3: remove unused VIDEO_MEDIATEK_VPU config
    - media: platform: mtk-mdp3: fix Kconfig dependencies
    - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data
    - media: v4l2-jpeg: ignore the unknown APP14 marker
    - media: hantro: Fix JPEG encoder ENUM_FRMSIZE on RK3399
    - media: imx-jpeg: Apply clk_bulk api instead of operating specific clk
    - media: amphion: correct the unspecified color space
    - media: drivers/media/v4l2-core/v4l2-h264 : add detection of null pointers
    - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
    - media: atomisp: Only set default_run_mode on first open of a stream/asd
    - media: i2c: ov7670: 0 instead of -EINVAL was returned
    - media: usb: siano: Fix use after free bugs caused by do_submit_urb
    - media: saa7134: Use video_unregister_device for radio_dev
    - rpmsg: glink: Avoid infinite loop on intent for missing channel
    - rpmsg: glink: Release driver_override
    - ARM: OMAP2+: omap4-common: Fix refcount leak bug
    - arm64: dts: qcom: msm8996: Add additional A2NoC clocks
    - udf: Define EFSCORRUPTED error code
    - context_tracking: Fix noinstr vs KASAN
    - exit: Detect and fix irq disabled state in oops
    - ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
    - fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected
    - blk-iocost: fix divide by 0 error in calc_lcoefs()
    - blk-cgroup: dropping parent refcount after pd_free_fn() is done
    - blk-cgroup: synchronize pd_free_fn() from blkg_free_workfn() and
      blkcg_deactivate_policy()
    - trace/blktrace: fix memory leak with using debugfs_lookup()
    - btrfs: scrub: improve tree block error reporting
    - arm64: zynqmp: Enable hs termination flag for USB dwc3 controller
    - cpuidle, intel_idle: Fix CPUIDLE_FLAG_INIT_XSTATE
    - x86/fpu: Don't set TIF_NEED_FPU_LOAD for PF_IO_WORKER threads
    - cpuidle: drivers: firmware: psci: Dont instrument suspend code
    - cpuidle: lib/bug: Disable rcu_is_watching() during WARN/BUG
    - perf/x86/intel/uncore: Add Meteor Lake support
    - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
    - wifi: ath11k: fix monitor mode bringup crash
    - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
    - rcu: Make RCU_LOCKDEP_WARN() avoid early lockdep checks
    - rcu: Suppress smp_processor_id() complaint in
      synchronize_rcu_expedited_wait()
    - srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
    - rcu-tasks: Make rude RCU-Tasks work well with CPU hotplug
    - rcu-tasks: Handle queue-shrink/callback-enqueue race condition
    - wifi: ath11k: debugfs: fix to work with multiple PCI devices
    - thermal: intel: Fix unsigned comparison with less than zero
    - timers: Prevent union confusion from unexpected restart_syscall()
    - x86/bugs: Reset speculation control settings on init
    - bpftool: Always disable stack protection for BPF objects
    - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-
      of-bounds
    - wifi: mt7601u: fix an integer underflow
    - inet: fix fast path in __inet_hash_connect()
    - ice: restrict PTP HW clock freq adjustments to 100, 000, 000 PPB
    - ice: add missing checks for PF vsi type
    - ACPI: Don't build ACPICA with '-Os'
    - bpf, docs: Fix modulo zero, division by zero, overflow, and underflow
    - thermal: intel: intel_pch: Add support for Wellsburg PCH
    - clocksource: Suspend the watchdog temporarily when high read latency
      detected
    - crypto: hisilicon: Wipe entire pool on error
    - net: bcmgenet: Add a check for oversized packets
    - m68k: Check syscall_trace_enter() return code
    - s390/mm,ptdump: avoid Kasan vs Memcpy Real markers swapping
    - netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj()
    - can: isotp: check CAN address family in isotp_bind()
    - gcc-plugins: drop -std=gnu++11 to fix GCC 13 build
    - tools/power/x86/intel-speed-select: Add Emerald Rapid quirk
    - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
    - ACPI: video: Fix Lenovo Ideapad Z570 DMI match
    - net/mlx5: fw_tracer: Fix debug print
    - coda: Avoid partial allocation of sig_inputArgs
    - uaccess: Add minimum bounds check on kernel buffer size
    - s390/idle: mark arch_cpu_idle() noinstr
    - time/debug: Fix memory leak with using debugfs_lookup()
    - PM: domains: fix memory leak with using debugfs_lookup()
    - PM: EM: fix memory leak with using debugfs_lookup()
    - Bluetooth: Fix issue with Actions Semi ATS2851 based devices
    - Bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921
    - Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
    - wifi: rtw89: debug: avoid invalid access on RTW89_DBG_SEL_MAC_30
    - hv_netvsc: Check status in SEND_RNDIS_PKT completion message
    - s390/kfence: fix page fault reporting
    - devlink: Fix TP_STRUCT_entry in trace of devlink health report
    - scm: add user copy checks to put_cmsg()
    - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F
    - drm: panel-orientation-quirks: Add quirk for DynaBook K50
    - drm/amd/display: Reduce expected sdp bandwidth for dcn321
    - drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h
      write
    - drm/amd/display: Fix potential null-deref in dm_resume
    - drm/omap: dsi: Fix excessive stack usage
    - HID: Add Mapping for System Microphone Mute
    - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
    - drm/amd/display: Defer DIG FIFO disable after VID stream enable
    - drm/radeon: free iio for atombios when driver shutdown
    - drm/amd: Avoid BUG() for case of SRIOV missing IP version
    - drm/amdkfd: Page aligned memory reserve size
    - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write
    - Revert "fbcon: don't lose the console font across generic->chip driver
      switch"
    - drm/amd: Avoid ASSERT for some message failures
    - drm: amd: display: Fix memory leakage
    - drm/amd/display: fix mapping to non-allocated address
    - HID: uclogic: Add frame type quirk
    - HID: uclogic: Add battery quirk
    - HID: uclogic: Add support for XP-PEN Deco Pro SW
    - HID: uclogic: Add support for XP-PEN Deco Pro MW
    - drm/msm/dsi: Add missing check for alloc_ordered_workqueue
    - drm: rcar-du: Add quirk for H3 ES1.x pclk workaround
    - drm: rcar-du: Fix setting a reserved bit in DPLLCR
    - drm/drm_print: correct format problem
    - drm/amd/display: Set hvm_enabled flag for S/G mode
    - habanalabs: extend fatal messages to contain PCI info
    - habanalabs: fix bug in timestamps registration code
    - docs/scripts/gdb: add necessary make scripts_gdb step
    - drm/msm/dpu: Add DSC hardware blocks to register snapshot
    - ASoC: soc-compress: Reposition and add pcm_mutex
    - ASoC: kirkwood: Iterate over array indexes instead of using pointer math
    - regulator: max77802: Bounds check regulator id against opmode
    - regulator: s5m8767: Bounds check id indexing into arrays
    - Revert "drm/amdgpu: TA unload messages are not actually sent to psp when
      amdgpu is uninstalled"
    - drm/amd/display: fix FCLK pstate change underflow
    - gfs2: Improve gfs2_make_fs_rw error handling
    - hwmon: (coretemp) Simplify platform device handling
    - hwmon: (nct6775) Directly call ASUS ACPI WMI method
    - hwmon: (nct6775) B650/B660/X670 ASUS boards support
    - pinctrl: at91: use devm_kasprintf() to avoid potential leaks
    - drm/amd/display: Do not commit pipe when updating DRR
    - scsi: snic: Fix memory leak with using debugfs_lookup()
    - scsi: ufs: core: Fix device management cmd timeout flow
    - HID: logitech-hidpp: Don't restart communication if not necessary
    - drm/amd/display: Enable P-state validation checks for DCN314
    - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5
    - drm/amd/display: Disable HUBP/DPP PG on DCN314 for now
    - dm thin: add cond_resched() to various workqueue loops
    - dm cache: add cond_resched() to various workqueue loops
    - nfsd: zero out pointers after putting nfsd_files on COPY setup error
    - nfsd: don't hand out delegation on setuid files being opened for write
    - cifs: prevent data race in smb2_reconnect()
    - drm/shmem-helper: Revert accidental non-GPL export
    - driver core: fw_devlink: Avoid spurious error message
    - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
    - scsi: mpt3sas: Remove usage of dma_get_required_mask() API
    - firmware: coreboot: framebuffer: Ignore reserved pixel color bits
    - block: don't allow multiple bios for IOCB_NOWAIT issue
    - block: clear bio->bi_bdev when putting a bio back in the cache
    - block: be a bit more careful in checking for NULL bdev while polling
    - rtc: pm8xxx: fix set-alarm race
    - ipmi: ipmb: Fix the MODULE_PARM_DESC associated to 'retry_time_ms'
    - ipmi:ssif: resend_msg() cannot fail
    - ipmi_ssif: Rename idle state and check
    - io_uring: Replace 0-length array with flexible array
    - io_uring: use user visible tail in io_uring_poll()
    - io_uring: handle TIF_NOTIFY_RESUME when checking for task_work
    - io_uring: add a conditional reschedule to the IOPOLL cancelation loop
    - io_uring: add reschedule point to handle_tw_list()
    - io_uring/rsrc: disallow multi-source reg buffers
    - io_uring: remove MSG_NOSIGNAL from recvmsg
    - io_uring: fix fget leak when fs don't support nowait buffered read
    - s390/extmem: return correct segment type in __segment_load()
    - s390: discard .interp section
    - s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
    - s390/kprobes: fix current_kprobe never cleared after kprobes reenter
    - KVM: s390: disable migration mode when dirty tracking is disabled
    - cifs: Fix uninitialized memory read in smb3_qfs_tcon()
    - cifs: Fix uninitialized memory reads for oparms.mode
    - cifs: fix mount on old smb servers
    - cifs: introduce cifs_io_parms in smb2_async_writev()
    - cifs: split out smb3_use_rdma_offload() helper
    - cifs: don't try to use rdma offload on encrypted connections
    - cifs: Check the lease context if we actually got a lease
    - cifs: return a single-use cfid if we did not get a lease
    - scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization
    - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()
    - scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi
    - btrfs: hold block group refcount during async discard
    - locking/rwsem: Prevent non-first waiter from spinning in down_write()
      slowpath
    - ksmbd: fix wrong data area length for smb2 lock request
    - ksmbd: do not allow the actual frame length to be smaller than the rfc1002
      length
    - ksmbd: fix possible memory leak in smb2_lock()
    - torture: Fix hang during kthread shutdown phase
    - ARM: dts: exynos: correct HDMI phy compatible in Exynos4
    - io_uring: mark task TASK_RUNNING before handling resume/task work
    - hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
    - fs: hfsplus: fix UAF issue in hfsplus_put_super
    - exfat: fix reporting fs error when reading dir beyond EOF
    - exfat: fix unexpected EOF while reading dir
    - exfat: redefine DIR_DELETED as the bad cluster number
    - exfat: fix inode->i_blocks for non-512 byte sector size device
    - fs: dlm: don't set stop rx flag after node reset
    - fs: dlm: move sending fin message into state change handling
    - fs: dlm: send FIN ack back in right cases
    - f2fs: fix information leak in f2fs_move_inline_dirents()
    - f2fs: retry to update the inode page given data corruption
    - f2fs: fix cgroup writeback accounting with fs-layer encryption
    - f2fs: fix kernel crash due to null io->bio
    - ocfs2: fix defrag path triggering jbd2 ASSERT
    - ocfs2: fix non-auto defrag path not working issue
    - fs/cramfs/inode.c: initialize file_ra_state
    - selftests/landlock: Skip overlayfs tests when not supported
    - selftests/landlock: Test ptrace as much as possible with Yama
    - udf: Truncate added extents on failed expansion
    - udf: Do not bother merging very long extents
    - udf: Do not update file length for failed writes to inline files
    - udf: Preserve link count of system files
    - udf: Detect system inodes linked into directory hierarchy
    - udf: Fix file corruption when appending just after end of preallocated
      extent
    - md: don't update recovery_cp when curr_resync is ACTIVE
    - RDMA/siw: Fix user page pinning accounting
    - KVM: Destroy target device if coalesced MMIO unregistration fails
    - KVM: VMX: Fix crash due to uninitialized current_vmcs
    - KVM: Register /dev/kvm as the _very_ last thing during initialization
    - KVM: x86: Purge "highest ISR" cache when updating APICv state
    - KVM: x86: Blindly get current x2APIC reg value on "nodecode write" traps
    - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID "change" if APIC is disabled
    - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID
    - KVM: SVM: Flush the "current" TLB when activating AVIC
    - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target
    - KVM: SVM: Don't put/load AVIC when setting virtual APIC mode
    - KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI
    - KVM: x86: Inject #GP on x2APIC WRMSR that sets reserved bits 63:32
    - KVM: SVM: Fix potential overflow in SEV's send|receive_update_data()
    - KVM: SVM: hyper-v: placate modpost section mismatch error
    - selftests: x86: Fix incorrect kernel headers search path
    - x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
    - x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
    - x86/reboot: Disable virtualization in an emergency if SVM is supported
    - x86/reboot: Disable SVM, not just VMX, when stopping CPUs
    - x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
    - x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe
      range
    - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
    - x86/microcode/AMD: Add a @cpu parameter to the reloading functions
    - x86/microcode/AMD: Fix mixed steppings support
    - x86/speculation: Allow enabling STIBP with legacy IBRS
    - Documentation/hw-vuln: Document the interaction between IBRS and STIBP
    - virt/sev-guest: Return -EIO if certificate buffer is not large enough
    - brd: mark as nowait compatible
    - brd: return 0/-error from brd_insert_page()
    - brd: check for REQ_NOWAIT and set correct page allocation mask
    - ima: fix error handling logic when file measurement failed
    - ima: Align ima_file_mmap() parameters with mmap_file LSM hook
    - selftests/powerpc: Fix incorrect kernel headers search path
    - selftests/ftrace: Fix eprobe syntax test case to check filter support
    - selftests: sched: Fix incorrect kernel headers search path
    - selftests: core: Fix incorrect kernel headers search path
    - selftests: pid_namespace: Fix incorrect kernel headers search path
    - selftests: arm64: Fix incorrect kernel headers search path
    - selftests: clone3: Fix incorrect kernel headers search path
    - selftests: pidfd: Fix incorrect kernel headers search path
    - selftests: membarrier: Fix incorrect kernel headers search path
    - selftests: kcmp: Fix incorrect kernel headers search path
    - selftests: media_tests: Fix incorrect kernel headers search path
    - selftests: gpio: Fix incorrect kernel headers search path
    - selftests: filesystems: Fix incorrect kernel headers search path
    - selftests: user_events: Fix incorrect kernel headers search path
    - selftests: ptp: Fix incorrect kernel headers search path
    - selftests: sync: Fix incorrect kernel headers search path
    - selftests: rseq: Fix incorrect kernel headers search path
    - selftests: move_mount_set_group: Fix incorrect kernel headers search path
    - selftests: mount_setattr: Fix incorrect kernel headers search path
    - selftests: perf_events: Fix incorrect kernel headers search path
    - selftests: ipc: Fix incorrect kernel headers search path
    - selftests: futex: Fix incorrect kernel headers search path
    - selftests: drivers: Fix incorrect kernel headers search path
    - selftests: dmabuf-heaps: Fix incorrect kernel headers search path
    - selftests: vm: Fix incorrect kernel headers search path
    - selftests: seccomp: Fix incorrect kernel headers search path
    - irqdomain: Fix association race
    - irqdomain: Fix disassociation race
    - irqdomain: Look for existing mapping only once
    - irqdomain: Drop bogus fwspec-mapping error handling
    - irqdomain: Refactor __irq_domain_alloc_irqs()
    - irqdomain: Fix mapping-creation race
    - irqdomain: Fix domain registration race
    - crypto: qat - fix out-of-bounds read
    - mm/damon/paddr: fix missing folio_put()
    - ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
    - ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
    - jbd2: fix data missing when reusing bh which is ready to be checkpointed
    - ext4: optimize ea_inode block expansion
    - ext4: refuse to create ea block when umounted
    - cxl/pmem: Fix nvdimm registration races
    - mtd: spi-nor: sfdp: Fix index value for SCCR dwords
    - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
    - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
    - dm: send just one event on resize, not two
    - dm: add cond_resched() to dm_wq_work()
    - dm: add cond_resched() to dm_wq_requeue_work()
    - wifi: rtw88: use RTW_FLAG_POWERON flag to prevent to power on/off twice
    - wifi: rtl8xxxu: Use a longer retry limit of 48
    - wifi: ath11k: allow system suspend to survive ath11k
    - wifi: cfg80211: Fix use after free for wext
    - wifi: cfg80211: Set SSID if it is not already set
    - cpuidle: add ARCH_SUSPEND_POSSIBLE dependencies
    - qede: fix interrupt coalescing configuration
    - thermal: intel: powerclamp: Fix cur_state for multi package system
    - dm flakey: fix logic when corrupting a bio
    - dm cache: free background tracker's queued work in btracker_destroy
    - dm flakey: don't corrupt the zero page
    - dm flakey: fix a bug with 32-bit highmem systems
    - hwmon: (peci/cputemp) Fix off-by-one in coretemp_label allocation
    - hwmon: (nct6775) Fix incorrect parenthesization in nct6775_write_fan_div()
    - ARM: dts: qcom: sdx65: Add Qcom SMMU-500 as the fallback for IOMMU node
    - ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node
    - ARM: dts: exynos: correct TMU phandle in Exynos4210
    - ARM: dts: exynos: correct TMU phandle in Exynos4
    - ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
    - ARM: dts: exynos: correct TMU phandle in Exynos5250
    - ARM: dts: exynos: correct TMU phandle in Odroid XU
    - ARM: dts: exynos: correct TMU phandle in Odroid HC1
    - arm64: mm: hugetlb: Disable HUGETLB_PAGE_OPTIMIZE_VMEMMAP
    - fuse: add inode/permission checks to fileattr_get/fileattr_set
    - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
    - ceph: update the time stamps and try to drop the suid/sgid
    - regulator: core: Use ktime_get_boottime() to determine how long a regulator
      was off
    - panic: fix the panic_print NMI backtrace setting
    - mm/hwpoison: convert TTU_IGNORE_HWPOISON to TTU_HWPOISON
    - alpha: fix FEN fault handling
    - dax/kmem: Fix leak of memory-hotplug resources
    - mips: fix syscall_get_nr
    - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
    - remoteproc/mtk_scp: Move clk ops outside send_lock
    - docs: gdbmacros: print newest record
    - mm: memcontrol: deprecate charge moving
    - mm/thp: check and bail out if page in deferred queue already
    - ktest.pl: Give back console on Ctrt^C on monitor
    - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list
    - ktest.pl: Fix missing "end_monitor" when machine check fails
    - ktest.pl: Add RUN_TIMEOUT option with default unlimited
    - memory tier: release the new_memtier in find_create_memory_tier()
    - ring-buffer: Handle race between rb_move_tail and rb_check_pages
    - tools/bootconfig: fix single & used for logical condition
    - tracing/eprobe: Fix to add filter on eprobe description in README file
    - iommu/amd: Add a length limitation for the ivrs_acpihid command-line
      parameter
    - iommu/amd: Improve page fault error reporting
    - scsi: aacraid: Allocate cmd_priv with scsicmd
    - scsi: qla2xxx: Fix link failure in NPIV environment
    - scsi: qla2xxx: Check if port is online before sending ELS
    - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
    - scsi: qla2xxx: Remove unintended flag clearing
    - scsi: qla2xxx: Fix erroneous link down
    - scsi: qla2xxx: Remove increment of interface err cnt
    - scsi: ses: Don't attach if enclosure has no components
    - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
    - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
    - scsi: ses: Fix possible desc_ptr out-of-bounds accesses
    - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
    - RISC-V: add a spin_shadow_stack declaration
    - riscv: Avoid enabling interrupts in die()
    - riscv: mm: fix regression due to update_mmu_cache change
    - riscv: jump_label: Fixup unaligned arch_static_branch function
    - riscv, mm: Perform BPF exhandler fixup on page fault
    - riscv: ftrace: Remove wasted nops for !RISCV_ISA_C
    - riscv: ftrace: Reduce the detour code size to half
    - MIPS: DTS: CI20: fix otg power gpio
    - PCI/PM: Observe reset delay irrespective of bridge_d3
    - PCI: Unify delay handling for reset and resume
    - PCI: hotplug: Allow marking devices as disconnected during bind/unbind
    - PCI: Avoid FLR for AMD FCH AHCI adapters
    - PCI/DPC: Await readiness of secondary bus after reset
    - bus: mhi: ep: Only send -ENOTCONN status if client driver is available
    - bus: mhi: ep: Move chan->lock to the start of processing queued ch ring
    - bus: mhi: ep: Save channel state locally during suspend and resume
    - iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode
    - iommu/vt-d: Fix PASID directory pointer coherency
    - vfio/type1: exclude mdevs from VFIO_UPDATE_VADDR
    - vfio/type1: prevent underflow of locked_vm via exec()
    - vfio/type1: track locked_vm per dma
    - vfio/type1: restore locked_vm
    - drm/amd: Fix initialization for nbio 7.5.1
    - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
    - drm/radeon: Fix eDP for single-display iMac11,2
    - drm/i915: Don't use stolen memory for ring buffers with LLC
    - drm/i915: Don't use BAR mappings for ring buffers with LLC
    - drm/gud: Fix UBSAN warning
    - drm/edid: fix AVI infoframe aspect ratio handling
    - drm/edid: fix parsing of 3D modes from HDMI VSDB
    - qede: avoid uninitialized entries in coal_entry array
    - brd: use radix_tree_maybe_preload instead of radix_tree_preload
    - sbitmap: Advance the queue index before waking up a queue
    - wait: Return number of exclusive waiters awaken
    - sbitmap: Try each queue to wake up at least one waiter
    - kbuild: Port silent mode detection to future gnu make.
    - net: avoid double iput when sock_alloc_file fails
    - Linux 6.1.16
    - upstream stable to v6.1.16
    - [Config] Update annotations after merging 6.1.16

* Jammy update: v6.1.15 upstream stable release (LP: #2011402)
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: reduce thermal limits on rk3399-pinephone-pro
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - arm64: dts: rockchip: add missing #interrupt-cells to rk356x pcie2x1
    - arm64: dts: rockchip: fix probe of analog sound card on rock-3a
    - HID: elecom: add support for TrackBall 056E:011C
    - HID: Ignore battery for Elan touchscreen on Asus TP420IA
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - pinctrl: amd: Fix debug output for debounce time
    - btrfs: send: limit number of clones and allocated memory size
    - arm64: dts: rockchip: align rk3399 DMC OPP table with bindings
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - powerpc: Don't select ARCH_WANTS_NO_INSTR
    - ASoC: SOF: amd: Fix for handling spurious interrupts from DSP
    - ARM: dts: stihxxx-b2120: fix polarity of reset line of tsin0 port
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - ASoC: codecs: es8326: Fix DTS properties reading
    - HID: Ignore battery for ELAN touchscreen 29DF on HP
    - selftests: ocelot: tc_flower_chains: make test_vlan_ingress_modify() more
      comprehensive
    - x86/cpu: Add Lunar Lake M
    - PM: sleep: Avoid using pr_cont() in the tasks freezing code
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - drm/amd/display: Move DCN314 DOMAIN power control to DMCUB
    - drm/amd/display: Fix race condition in DPIA AUX transfer
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - usb: gadget: u_serial: Add null pointer check in gserial_resume
    - arm64: dts: uniphier: Fix property name in PXs3 USB node
    - usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO
    - drm/amd/display: Properly reuse completion structure
    - attr: add in_group_or_capable()
    - fs: move should_remove_suid()
    - attr: add setattr_should_drop_sgid()
    - attr: use consistent sgid stripping checks
    - fs: use consistent setgid checks in is_sxid()
    - scripts/tags.sh: fix incompatibility with PCRE2
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file
    - Linux 6.1.15
    - upstream stable to v6.1.15

* Fix selftests/ftracetests/Meta-selftests (LP: #2006453)
    - selftests/ftrace: Fix bash specific "==" operator

* vmd may fail to create sysfs entry while `pci_rescan_bus()` called in some
    other drivers like wwan (LP: #2011389)
    - PCI: vmd: guard device addition and removal

* Fix E-star testing failure with RTK 8852BE  (LP: #2012019)
    - wifi: rtw89: release RX standby timer of beamformee CSI to save power
    - wifi: rtw89: 8852be: enable CLKREQ of PCI capability

* mt7921: add support of MTFG table (LP: #2009642)
    - wifi: mt76: mt7921: add support to update fw capability with MTFG table

* Fail to output sound to external monitor which connects via docking station
    (LP: #2009024)
    - [Config] Enable CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM

* Fix NVME storage with RAID ON disappeared under Dell factory WINPE
    environment (LP: #2011768)
    - SAUCE: PCI: vmd: Reset VMD config register between soft reboots

* Miscellaneous Ubuntu changes
    - [Config] Update annotations after merging 6.1.21

-- Timo Aaltonen <timo.aaltonen@canonical.com>  Fri, 31 Mar 2023 10:59:30 +0300

Changed in linux-oem-6.1 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-08:

#10

This bug is awaiting verification that the linux-hwe-6.2/6.2.0-23.23~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-hwe-6.2 verification-needed-jammy
removed: verification-done-jammy

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-06-09:

#11

This bug is awaiting verification that the linux-nvidia-6.2/6.2.0-1003.3~22.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-6.2

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-06-15:

#12

Download full text (72.7 KiB)

This bug was fixed in the package linux - 6.2.0-23.23

---------------
linux (6.2.0-23.23) lunar; urgency=medium

* lunar/linux: 6.2.0-23.23 -proposed tracker (LP: #2019845)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - debian/dkms-versions -- update from kernel-versions (main/2023.05.15)

* Fix flicker display problem on some panels which support PSR2 (LP: #2002968)
- drm/i915/psr: Add continuous full frame bit together with single

  * Kernel 6.1 bumped the disk consumption on default images by 15%
    (LP: #2015867)
    - [Packaging] introduce a separate linux-lib-rust package

  * Update I915 PSR calculation on Linux 6.2 (LP: #2018655)
    - drm/i915: Fix fast wake AUX sync len
    - drm/i915: Explain the magic numbers for AUX SYNC/precharge length

  * Computer with Intel Atom CPU will not boot with Kernel 6.2.0-20
    (LP: #2017444)
    - [Config]: Disable CONFIG_INTEL_ATOMISP

  * udev fails to make prctl() syscall with apparmor=0 (as used by maas by
    default) (LP: #2016908)
    - SAUCE: (no-up) Stacking v38: Fix prctl() syscall with apparmor=0

* CVE-2023-32233
- netfilter: nf_tables: deactivate anonymous set from preparation phase

* CVE-2023-2612
- SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()

* CVE-2023-31436
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

* CVE-2023-1380
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

* 5.19 not reporting cgroups v1 blkio.throttle.io_serviced (LP: #2016186)
- SAUCE: blk-throttle: Fix io statistics for cgroup v1

  * LSM stacking and AppArmor for 6.2: additional fixes (LP: #2017903)
    - SAUCE: (no-up) apparmor: fix policy_compat perms remap for file dfa
    - SAUCE: (no-up) apparmor: fix profile verification and enable it
    - SAUCE: (no-up) apparmor: fix: add missing failure check in
      compute_xmatch_perms
    - SAUCE: (no-up) apparmor: fix: kzalloc perms tables for shared dfas

This bug was fixed in the package linux - 6.2.0-23.23

---------------
linux (6.2.0-23.23) lunar; urgency=medium

* lunar/linux: 6.2.0-23.23 -proposed tracker (LP: #2019845)

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
    - debian/dkms-versions -- update from kernel-versions (main/2023.05.15)

* Fix flicker display problem on some panels which support PSR2 (LP: #2002968)
    - drm/i915/psr: Add continuous full frame bit together with single

* Kernel 6.1 bumped the disk consumption on default images by 15%
    (LP: #2015867)
    - [Packaging] introduce a separate linux-lib-rust package

* Update I915 PSR calculation on Linux 6.2 (LP: #2018655)
    - drm/i915: Fix fast wake AUX sync len
    - drm/i915: Explain the magic numbers for AUX SYNC/precharge length

* Computer with Intel Atom CPU will  not boot with Kernel 6.2.0-20
    (LP: #2017444)
    - [Config]: Disable CONFIG_INTEL_ATOMISP

* udev fails to make prctl() syscall with apparmor=0 (as used by maas by
    default) (LP: #2016908)
    - SAUCE: (no-up) Stacking v38: Fix prctl() syscall with apparmor=0

* CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase

* CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()

* CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

* CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

* 5.19 not reporting cgroups v1 blkio.throttle.io_serviced  (LP: #2016186)
    - SAUCE: blk-throttle: Fix io statistics for cgroup v1

* Lunar update: v6.2.12 upstream stable release (LP: #2017219)
    - Revert "pinctrl: amd: Disable and mask interrupts on resume"
    - drm/amd/display: Pass the right info to drm_dp_remove_payload
    - drm/i915: Workaround ICL CSC_MODE sticky arming
    - ALSA: emu10k1: fix capture interrupt handler unlinking
    - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
    - ALSA: i2c/cs8427: fix iec958 mixer control deactivation
    - ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
    - ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
    - ALSA: firewire-tascam: add missing unwind goto in
      snd_tscm_stream_start_duplex()
    - ALSA: emu10k1: don't create old pass-through playback device on Audigy
    - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
    - ALSA: hda/hdmi: disable KAE for Intel DG2
    - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
    - Bluetooth: Fix race condition in hidp_session_thread
    - bluetooth: btbcm: Fix logic error in forming the board name.
    - Bluetooth: Free potentially unfreed SCO connection
    - Bluetooth: hci_conn: Fix possible UAF
    - btrfs: restore the thread_pool= behavior in remount for the end I/O
      workqueues
    - btrfs: fix fast csum implementation detection
    - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
    - mtdblock: tolerate corrected bit-flips
    - mtd: rawnand: meson: fix bitmask for length in command word
    - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
    - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min
    - KVM: arm64: PMU: Restore the guest's EL0 event counting after migration
    - fbcon: Fix error paths in set_con2fb_map
    - fbcon: set_con2fb_map needs to set con2fb_map!
    - drm/i915/dsi: fix DSS CTL register offsets for TGL+
    - io_uring: complete request via task work in case of DEFER_TASKRUN
    - clk: sprd: set max_register according to mapping range
    - RDMA/irdma: Do not generate SW completions for NOPs
    - RDMA/irdma: Fix memory leak of PBLE objects
    - RDMA/irdma: Increase iWARP CM default rexmit count
    - RDMA/irdma: Add ipv4 check to irdma_find_listener()
    - IB/mlx5: Add support for 400G_8X lane speed
    - RDMA/erdma: Fix some typos
    - RDMA/erdma: Update default EQ depth to 4096 and max_send_wr to 8192
    - RDMA/erdma: Inline mtt entries into WQE if supported
    - RDMA/erdma: Defer probing if netdevice can not be found
    - clk: rs9: Fix suspend/resume
    - RDMA/cma: Allow UD qp_type to join multicast only
    - bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp
    - LoongArch, bpf: Fix jit to skip speculation barrier opcode
    - dmaengine: apple-admac: Handle 'global' interrupt flags
    - dmaengine: apple-admac: Set src_addr_widths capability
    - dmaengine: apple-admac: Fix 'current_tx' not getting freed
    - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race
      condition
    - bpf, arm64: Fixed a BTI error on returning to patched function
    - KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV2/3 to protected VMs
    - niu: Fix missing unwind goto in niu_alloc_channels()
    - tcp: restrict net.ipv4.tcp_app_win
    - bonding: fix ns validation on backup slaves
    - iavf: refactor VLAN filter states
    - iavf: remove active_cvlans and active_svlans bitmaps
    - net: openvswitch: fix race on port output
    - Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure
    - Bluetooth: Fix printing errors if LE Connection times out
    - Bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt
    - Bluetooth: Set ISO Data Path on broadcast sink
    - drm/nouveau/fb: add missing sysmen flush callbacks
    - drm/armada: Fix a potential double free in an error handling path
    - qlcnic: check pci_reset_function result
    - smc: Fix use-after-free in tcp_write_timer_handler().
    - net: wwan: iosm: Fix error handling path in ipc_pcie_probe()
    - cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
    - rtnetlink: Restore RTM_NEW/DELLINK notification behavior
    - net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
    - sctp: fix a potential overflow in sctp_ifwdtsn_skip
    - RDMA/core: Fix GID entry ref leak when create_ah fails
    - selftests: openvswitch: adjust datapath NL message declaration
    - udp6: fix potential access to stale information
    - selftests: add the missing CONFIG_IP_SCTP in net config
    - net: macb: fix a memory corruption in extended buffer descriptor mode
    - skbuff: Fix a race between coalescing and releasing SKBs
    - ARM: 9290/1: uaccess: Fix KASAN false-positives
    - ARM: dts: qcom: apq8026-lg-lenok: add missing reserved memory
    - arm64: dts: qcom: sa8540p-ride: correct name of remoteproc_nsp0 firmware
    - power: supply: rk817: Fix unsigned comparison with less than zero
    - power: supply: cros_usbpd: reclassify "default case!" as debug
    - power: supply: axp288_fuel_gauge: Added check for negative values
    - selftests/bpf: Fix progs/find_vma_fail1.c build error.
    - wifi: mwifiex: mark OF related data as maybe unused
    - i2c: imx-lpi2c: clean rx/tx buffers upon new message
    - i2c: hisi: Avoid redundant interrupts
    - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
    - block: ublk_drv: mark device as LIVE before adding disk
    - ACPI: video: Add backlight=native DMI quirk for Acer Aspire 3830TG
    - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
    - hwmon: (peci/cputemp) Fix miscalculated DTS for SKX
    - hwmon: (xgene) Fix ioremap and memremap leak
    - verify_pefile: relax wrapper length check
    - asymmetric_keys: log on fatal failures in PE/pkcs7
    - nvme: send Identify with CNS 06h only to I/O controllers
    - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling
    - wifi: iwlwifi: mvm: protect TXQ list manipulation
    - drm/amdgpu: add mes resume when do gfx post soft reset
    - drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs
    - drm/amdgpu/gfx: set cg flags to enter/exit safe mode
    - ACPI: resource: Add Medion S17413 to IRQ override quirk
    - tracing: Add trace_array_puts() to write into instance
    - tracing: Have tracing_snapshot_instance_cond() write errors to the
      appropriate instance
    - maple_tree: fix write memory barrier of nodes once dead for RCU mode
    - ksmbd: avoid out of bounds access in decode_preauth_ctxt()
    - riscv: add icache flush for nommu sigreturn trampoline
    - HID: intel-ish-hid: Fix kernel panic during warm reset
    - net: sfp: initialize sfp->i2c_block_size at sfp allocation
    - net: phy: nxp-c45-tja11xx: add remove callback
    - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow
    - scsi: ses: Handle enclosure with just a primary component gracefully
    - thermal: intel: Avoid updating unsupported THERM_STATUS_CLEAR mask bits
    - drm/amd/pm: correct the pcie link state check for SMU13
    - PCI: Fix use-after-free in pci_bus_release_domain_nr()
    - PCI/MSI: Provide missing stub for pci_msix_can_alloc_dyn()
    - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
    - cgroup: fix display of forceidle time at root
    - cgroup/cpuset: Fix partition root's cpuset.cpus update bug
    - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
    - cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
    - cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
    - drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings
    - drm/amd/pm: correct SMU13.0.7 max shader clock reporting
    - mptcp: use mptcp_schedule_work instead of open-coding it
    - mptcp: stricter state check in mptcp_worker
    - mptcp: fix NULL pointer dereference on fastopen early fallback
    - selftests: mptcp: userspace pm: uniform verify events
    - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
    - ubi: Fix deadlock caused by recursively holding work_sem
    - i2c: mchp-pci1xxxx: Update Timing registers
    - powerpc/papr_scm: Update the NUMA distance table for the target node
    - sched/fair: Fix imbalance overflow
    - x86/rtc: Remove __init for runtime functions
    - i2c: ocores: generate stop condition after timeout in polling mode
    - cifs: fix negotiate context parsing
    - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD
    - Linux 6.2.12

* RFC: virtio and virtio-scsi should be built in (LP: #1685291)
    - [Config] Mark CONFIG_SCSI_VIRTIO built-in

* Dell: Enable speaker mute hotkey LED indicator (LP: #2015972)
    - platform/x86: dell-laptop: Register ctl-led for speaker-mute

* Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions

* Lost display on built-in monitor after suspend (LP: #2001599)
    - drm/i915: Generalize the PPS vlv_pipe_check() stuff
    - drm/i915: Try to use the correct power sequencer intiially on bxt/glk
    - drm/i915: Extend dual PPS handlind for ICP+
    - drm/i915: Reject unusable power sequencers
    - drm/i915: Print the PPS registers using consistent format
    - drm/i915: Fix whitespace
    - drm/i915: Improve PPS debugs

* [SRU][Jammy] CONFIG_PCI_MESON is not enabled (LP: #2007745)
    - [Config] arm64: Enable PCI_MESON module

* sched: cpumask: improve on cpumask_local_spread() locality (LP: #2008824)
    - lib/find: introduce find_nth_and_andnot_bit
    - cpumask: introduce cpumask_nth_and_andnot
    - sched: add sched_numa_find_nth_cpu()
    - cpumask: improve on cpumask_local_spread() locality
    - lib/cpumask: reorganize cpumask_local_spread() logic
    - sched/topology: Introduce sched_numa_hop_mask()
    - sched/topology: Introduce for_each_numa_hop_mask()
    - net/mlx5e: Improve remote NUMA preferences used for the IRQ affinity hints
    - lib/cpumask: update comment for cpumask_local_spread()
    - sched/topology: fix KASAN warning in hop_cmp()

* Fix E-star testing failure with RTK 8852BE  (LP: #2012019)
    - wifi: rtw89: 8852be: enable CLKREQ of PCI capability
    - wifi: rtw89: release RX standby timer of beamformee CSI to save power

* vmd may fail to create sysfs entry while `pci_rescan_bus()` called in some
    other drivers like wwan (LP: #2011389)
    - SAUCE: PCI: vmd: guard device addition and removal

* Lunar update: v6.2.11 upstream stable release (LP: #2016879)
    - dm cache: Add some documentation to dm-cache-background-tracker.h
    - dm integrity: Remove bi_sector that's only used by commented debug code
    - dm: change "unsigned" to "unsigned int"
    - dm: fix improper splitting for abnormal bios
    - drm/i915: Move the DSB setup/cleaup into the color code
    - drm/i915: Add a .color_post_update() hook
    - gpio: GPIO_REGMAP: select REGMAP instead of depending on it
    - Drivers: vmbus: Check for channel allocation before looking up relids
    - ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data()
    - pwm: hibvt: Explicitly set .polarity in .get_state()
    - pwm: cros-ec: Explicitly set .polarity in .get_state()
    - pwm: iqs620a: Explicitly set .polarity in .get_state()
    - pwm: sprd: Explicitly set .polarity in .get_state()
    - pwm: meson: Explicitly set .polarity in .get_state()
    - ASoC: codecs: lpass: fix the order or clks turn off during suspend
    - KVM: s390: pv: fix external interruption loop not always detected
    - wifi: mac80211: fix the size calculation of ieee80211_ie_len_eht_cap()
    - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded
      sta
    - net: qrtr: Fix a refcount bug in qrtr_recvmsg()
    - net: phylink: add phylink_expects_phy() method
    - net: stmmac: check if MAC needs to attach to a PHY
    - net: stmmac: remove redundant fixup to support fixed-link mode
    - wifi: brcmfmac: Fix SDIO suspend/resume regression
    - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
    - nfsd: call op_release, even when op_func returns an error
    - icmp: guard against too small mtu
    - ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement
    - net: don't let netpoll invoke NAPI if in xmit context
    - net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit
    - net: ethernet: mtk_eth_soc: fix remaining throughput regression
    - sctp: check send stream number after wait_for_sndbuf
    - drm/i915/huc: Cancel HuC delayed load timer on reset.
    - net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT
    - ipv6: Fix an uninit variable access bug in __ip6_make_skb()
    - platform/x86: think-lmi: Fix memory leak when showing current settings
    - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI
      strings
    - platform/x86: think-lmi: Clean up display of current_value on Thinkstation
    - gpio: davinci: Do not clear the bank intr enable bit in save_context
    - gpio: davinci: Add irq chip flag to skip set wake
    - net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe
    - net: stmmac: fix up RX flow hash indirection table when setting channels
    - sunrpc: only free unix grouplist after RCU settles
    - NFSD: callback request does not use correct credential for AUTH_SYS
    - ice: fix wrong fallback logic for FDIR
    - ice: Reset FDIR counter in FDIR init stage
    - raw: use net_hash_mix() in hash function
    - raw: Fix NULL deref in raw_get_next().
    - ping: Fix potentail NULL deref for /proc/net/icmp.
    - ethtool: reset #lanes when lanes is omitted
    - netlink: annotate lockless accesses to nlk->max_recvmsg_len
    - gve: Secure enough bytes in the first TX desc for all TCP pkts
    - arm64: compat: Work around uninitialized variable warning
    - net: stmmac: check fwnode for phy device before scanning for phy
    - cxl/pci: Fix CDAT retrieval on big endian
    - cxl/pci: Handle truncated CDAT header
    - cxl/pci: Handle truncated CDAT entries
    - cxl/pci: Handle excessive CDAT length
    - PCI/DOE: Silence WARN splat with CONFIG_DEBUG_OBJECTS=y
    - PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y
    - Revert "usb: xhci-pci: Set PROBE_PREFER_ASYNCHRONOUS"
    - usb: xhci: tegra: fix sleep in atomic call
    - xhci: Free the command allocated for setting LPM if we return early
    - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu
    - usb: cdnsp: Fixes error: uninitialized symbol 'len'
    - usb: dwc3: pci: add support for the Intel Meteor Lake-S
    - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
    - usb: typec: altmodes/displayport: Fix configure initial pin assignment
    - USB: serial: option: add Telit FE990 compositions
    - USB: serial: option: add Quectel RM500U-CN modem
    - drivers: iio: adc: ltc2497: fix LSB shift
    - iio: adis16480: select CONFIG_CRC32
    - iio: adc: qcom-spmi-adc5: Fix the channel name
    - iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
    - iio: dac: cio-dac: Fix max DAC write value check for 12-bit
    - iio: adc: max11410: fix read_poll_timeout() usage
    - iio: accel: kionix-kx022a: Get the timestamp from the driver's private data
      in the trigger_handler
    - iio: buffer: correctly return bytes written in output buffers
    - iio: buffer: make sure O_NONBLOCK is respected
    - iio: light: cm32181: Unregister second I2C client if present
    - iio: light: vcnl4000: Fix WARN_ON on uninitialized lock
    - tty: serial: sh-sci: Fix transmit end interrupt handler
    - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
    - tty: serial: fsl_lpuart: avoid checking for transfer complete when
      UARTCTRL_SBK is asserted in lpuart32_tx_empty
    - tty: serial: fsl_lpuart: fix crash in lpuart_uport_is_active
    - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
    - nilfs2: fix sysfs interface lifetime
    - fsdax: dedupe should compare the min of two iters' length
    - fsdax: unshare: zero destination if srcmap is HOLE or UNWRITTEN
    - fsdax: force clear dirty mark if CoW
    - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
    - serial: 8250: Prevent starting up DMA Rx on THRI interrupt
    - ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN
    - ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr
    - ALSA: hda/realtek: Add quirk for Clevo X370SNW
    - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
    - x86/acpi/boot: Correct acpi_is_processor_usable() check
    - x86/ACPI/boot: Use FADT version to check support for online capable
    - KVM: x86: Clear "has_error_code", not "error_code", for RM exception
      injection
    - KVM: nVMX: Do not report error code when synthesizing VM-Exit from Real Mode
    - KVM: SVM: Flush Hyper-V TLB when required
    - mm: kfence: fix PG_slab and memcg_data clearing
    - mm: kfence: fix handling discontiguous page
    - coresight: etm4x: Do not access TRCIDR1 for identification
    - coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
    - counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
    - counter: 104-quad-8: Fix Synapse action reported for Index signals
    - blk-mq: directly poll requests
    - ftrace: Mark get_lock_parent_ip() __always_inline
    - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct()
    - fs: drop peer group ids under namespace lock
    - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access
    - can: isotp: fix race between isotp_sendsmg() and isotp_release()
    - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events
    - can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL
      infos
    - ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()
    - ACPI: video: Make acpi_backlight=video work independent from GPU driver
    - ACPI: video: Add acpi_backlight=video quirk for Apple iMac14,1 and iMac14,2
    - ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530
    - net: stmmac: Add queue reset into stmmac_xdp_open() function
    - tracing/synthetic: Fix races on freeing last_cmd
    - tracing/timerlat: Notify new max thread latency
    - tracing/osnoise: Fix notify new tracing_max_latency
    - tracing: Free error logs of tracing instances
    - iommufd: Check for uptr overflow
    - iommufd: Fix unpinning of pages when an access is present
    - iommufd: Do not corrupt the pfn list when doing batch carry
    - ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots()
    - ASoC: SOF: avoid a NULL dereference with unsupported widgets
    - iio: adc: ad7791: fix IRQ flags
    - io_uring: fix return value when removing provided buffers
    - io_uring: fix memory leak when removing provided buffers
    - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
    - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
    - nvme: fix discard support without oncs
    - cifs: sanitize paths in cifs_update_super_prepath.
    - block: ublk: make sure that block size is set correctly
    - block: don't set GD_NEED_PART_SCAN if scan partition failed
    - perf: Optimize perf_pmu_migrate_context()
    - perf/core: Fix the same task check in perf_event_set_output
    - tracing/synthetic: Make lastcmd_mutex static
    - zsmalloc: document freeable stats
    - mm: vmalloc: avoid warn_alloc noise caused by fatal signal
    - wifi: mt76: mt7921: fix fw used for offload check for mt7922
    - wifi: mt76: ignore key disable commands
    - ublk: read any SQE values upfront
    - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
    - drm/nouveau/disp: Support more modes by checking with lower bpc
    - drm/i915: Fix context runtime accounting
    - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
    - ring-buffer: Fix race while reader and writer are on the same page
    - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
    - mm/hugetlb: fix uffd wr-protection for CoW optimization path
    - maple_tree: fix get wrong data_end in mtree_lookup_walk()
    - maple_tree: fix a potential concurrency bug in RCU mode
    - drm/amd/display: Clear MST topology if it fails to resume
    - drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
    - drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
    - drm/bridge: lt9611: Fix PLL being unable to lock
    - mm: take a page reference when removing device exclusive entries
    - maple_tree: remove GFP_ZERO from kmem_cache_alloc() and
      kmem_cache_alloc_bulk()
    - maple_tree: fix potential rcu issue
    - maple_tree: reduce user error potential
    - maple_tree: fix handle of invalidated state in mas_wr_store_setup()
    - maple_tree: fix mas_prev() and mas_find() state handling
    - maple_tree: be more cautious about dead nodes
    - maple_tree: refine ma_state init from mas_start()
    - maple_tree: detect dead nodes in mas_start()
    - maple_tree: fix freeing of nodes in rcu mode
    - maple_tree: remove extra smp_wmb() from mas_dead_leaves()
    - maple_tree: add smp_rmb() to dead node detection
    - maple_tree: add RCU lock checking to rcu callback functions
    - mm: enable maple tree RCU mode by default.
    - Linux 6.2.11

* Lunar update: v6.2.10 upstream stable release (LP: #2016878)
    - thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers
    - cifs: update ip_addr for ses only for primary chan setup
    - cifs: prevent data race in cifs_reconnect_tcon()
    - cifs: avoid race conditions with parallel reconnects
    - zonefs: Reorganize code
    - zonefs: Simplify IO error handling
    - zonefs: Reduce struct zonefs_inode_info size
    - zonefs: Separate zone information from inode information
    - zonefs: Fix error message in zonefs_file_dio_append()
    - btrfs: rename BTRFS_FS_NO_OVERCOMMIT to BTRFS_FS_ACTIVE_ZONE_TRACKING
    - btrfs: zoned: count fresh BG region as zone unusable
    - btrfs: zoned: drop space_info->active_total_bytes
    - fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
    - cifs: fix missing unload_nls() in smb2_reconnect()
    - xfrm: Zero padding when dumping algos and encap
    - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
    - ASoC: Intel: avs: max98357a: Explicitly define codec format
    - ASoC: Intel: avs: da7219: Explicitly define codec format
    - ASoC: Intel: avs: rt5682: Explicitly define codec format
    - ASoC: Intel: avs: ssm4567: Remove nau8825 bits
    - ASoC: Intel: avs: nau8825: Adjust clock control
    - lib: zstd: Backport fix for in-place decompression
    - zstd: Fix definition of assert()
    - ACPI: video: Add backlight=native DMI quirk for Dell Vostro 15 3535
    - ACPI: x86: Introduce an acpi_quirk_skip_gpio_event_handlers() helper
    - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 7 B1-750
    - ACPI: x86: Add skip i2c clients quirk for Lenovo Yoga Book X90
    - ASoC: SOF: ipc3: Check for upper size limit for the received message
    - ASoC: SOF: ipc4-topology: Fix incorrect sample rate print unit
    - ASoC: SOF: Intel: pci-tng: revert invalid bar size setting
    - ASoC: SOF: Intel: hda-dsp: harden D0i3 programming sequence
    - ASoC: SOF: Intel: hda-ctrl: re-add sleep after entering and exiting reset
    - ASoC: SOF: IPC4: update gain ipc msg definition to align with fw
    - ASoC: hdmi-codec: only startup/shutdown on supported streams
    - wifi: mac80211: check basic rates validity
    - md: avoid signed overflow in slot_store()
    - x86/PVH: obtain VGA console info in Dom0
    - drm/amdkfd: Fix BO offset for multi-VMA page migration
    - drm/amdkfd: fix a potential double free in pqm_create_queue
    - drm/amdgpu/vcn: custom video info caps for sriov
    - drm/amdkfd: fix potential kgd_mem UAFs
    - drm/amd/display: Fix HDCP failing to enable after suspend
    - net: hsr: Don't log netdev_err message on unknown prp dst node
    - ALSA: asihpi: check pao in control_message()
    - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
    - fbdev: tgafb: Fix potential divide by zero
    - ACPI: tools: pfrut: Check if the input of level and type is in the right
      numeric range
    - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
    - nvme-pci: fixing memory leak in probe teardown path
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM620
    - drm/amdkfd: Fixed kfd_process cleanup on module exit.
    - net/mlx5e: Lower maximum allowed MTU in XSK to match XDP prerequisites
    - fbdev: nvidia: Fix potential divide by zero
    - fbdev: intelfb: Fix potential divide by zero
    - fbdev: lxfb: Fix potential divide by zero
    - fbdev: au1200fb: Fix potential divide by zero
    - tools/power turbostat: Fix /dev/cpu_dma_latency warnings
    - tools/power turbostat: fix decoding of HWP_STATUS
    - tracing: Fix wrong return in kprobe_event_gen_test.c
    - btrfs: fix uninitialized variable warning in btrfs_update_block_group
    - btrfs: use temporary variable for space_info in btrfs_update_block_group
    - mtd: rawnand: meson: initialize struct with zeroes
    - mtd: nand: mxic-ecc: Fix mxic_ecc_data_xfer_wait_for_completion() when irq
      is used
    - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
    - riscv/kvm: Fix VM hang in case of timer delta being zero.
    - mips: bmips: BCM6358: disable RAC flush for TP1
    - ALSA: usb-audio: Fix recursive locking at XRUN during syncing
    - PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
    - platform/x86: think-lmi: add missing type attribute
    - platform/x86: think-lmi: use correct possible_values delimiters
    - platform/x86: think-lmi: only display possible_values if available
    - platform/x86: think-lmi: Add possible_values for ThinkStation
    - platform/surface: aggregator: Add missing fwnode_handle_put()
    - mtd: rawnand: meson: invalidate cache on polling ECC bit
    - SUNRPC: fix shutdown of NFS TCP client socket
    - sfc: ef10: don't overwrite offload features at NIC reset
    - scsi: megaraid_sas: Fix crash after a double completion
    - scsi: mpt3sas: Don't print sense pool info twice
    - net: dsa: realtek: fix out-of-bounds access
    - ptp_qoriq: fix memory leak in probe()
    - net: dsa: microchip: ksz8: fix ksz8_fdb_dump()
    - net: dsa: microchip: ksz8: fix ksz8_fdb_dump() to extract all 1024 entries
    - net: dsa: microchip: ksz8: fix offset for the timestamp filed
    - net: dsa: microchip: ksz8: ksz8_fdb_dump: avoid extracting ghost entry from
      empty dynamic MAC table.
    - net: dsa: microchip: ksz8863_smi: fix bulk access
    - net: dsa: microchip: ksz8: fix MDB configuration with non-zero VID
    - r8169: fix RTL8168H and RTL8107E rx crc error
    - regulator: Handle deferred clk
    - net/net_failover: fix txq exceeding warning
    - net: stmmac: don't reject VLANs when IFF_PROMISC is set
    - drm/i915/pmu: Use functions common with sysfs to read actual freq
    - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state
    - drm/i915/perf: Drop wakeref on GuC RC error
    - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix
    - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
    - s390/vfio-ap: fix memory leak in vfio_ap device driver
    - ACPI: bus: Rework system-level device notification handling
    - loop: LOOP_CONFIGURE: send uevents for partitions
    - net: mvpp2: classifier flow fix fragmentation flags
    - net: mvpp2: parser fix QinQ
    - net: mvpp2: parser fix PPPoE
    - smsc911x: avoid PHY being resumed when interface is not up
    - ice: Fix ice_cfg_rdma_fltr() to only update relevant fields
    - ice: add profile conflict check for AVF FDIR
    - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg()
    - net: ethernet: mtk_eth_soc: fix tx throughput regression with direct 1G
      links
    - ALSA: ymfpci: Create card with device-managed snd_devm_card_new()
    - ALSA: ymfpci: Fix BUG_ON in probe function
    - net: wwan: iosm: fixes 7560 modem crash
    - drm/nouveau/kms: Fix backlight registration
    - net: ipa: compute DMA pool size properly
    - bnx2x: use the right build_skb() helper
    - i40e: fix registers dump after run ethtool adapter self test
    - bnxt_en: Fix reporting of test result in ethtool selftest
    - bnxt_en: Fix typo in PCI id to device description string mapping
    - bnxt_en: Add missing 200G link speed reporting
    - net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
    - net: dsa: sync unicast and multicast addresses for VLAN filters too
    - net: ethernet: mtk_eth_soc: fix flow block refcounting logic
    - net: ethernet: mtk_eth_soc: fix L2 offloading with DSA untag offload
    - net: ethernet: mtk_eth_soc: add missing ppe cache flush when deleting a flow
    - pinctrl: ocelot: Fix alt mode for ocelot
    - Input: xpad - fix incorrectly applied patch for MAP_PROFILE_BUTTON
    - iommu/vt-d: Allow zero SAGAW if second-stage not supported
    - Revert "venus: firmware: Correct non-pix start and end addresses"
    - Input: i8042 - add TUXEDO devices to i8042 quirk tables for partial fix
    - Input: alps - fix compatibility with -funsigned-char
    - Input: focaltech - use explicitly signed char type
    - cifs: prevent infinite recursion in CIFSGetDFSRefer()
    - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
    - Input: i8042 - add quirk for Fujitsu Lifebook A574/H
    - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
    - btrfs: fix deadlock when aborting transaction during relocation with scrub
    - btrfs: fix race between quota disable and quota assign ioctls
    - btrfs: scan device in non-exclusive mode
    - btrfs: ignore fiemap path cache when there are multiple paths for a node
    - zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space
    - io_uring/poll: clear single/double poll flags on poll arming
    - io_uring/rsrc: fix rogue rsrc node grabbing
    - io_uring: fix poll/netmsg alloc caches
    - vmxnet3: use gro callback when UPT is enabled
    - zonefs: Always invalidate last cached page on append write
    - dm: fix __send_duplicate_bios() to always allow for splitting IO
    - can: j1939: prevent deadlock by moving j1939_sk_errqueue()
    - xen/netback: don't do grant copy across page boundary
    - net: phy: dp83869: fix default value for tx-/rx-internal-delay
    - modpost: Fix processing of CRCs on 32-bit build machines
    - pinctrl: amd: Disable and mask interrupts on resume
    - pinctrl: at91-pio4: fix domain name assignment
    - platform/x86: ideapad-laptop: Stop sending KEY_TOUCHPAD_TOGGLE
    - thermal: intel: int340x: processor_thermal: Fix additional deadlock
    - powerpc: Don't try to copy PPR for task with NULL pt_regs
    - powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not
      enabled
    - powerpc/64s: Fix __pte_needs_flush() false positive warning
    - NFSv4: Fix hangs when recovering open state after a server reboot
    - ALSA: hda/conexant: Partial revert of a quirk for Lenovo
    - ALSA: usb-audio: Fix regression on detection of Roland VS-100
    - ALSA: hda/realtek: Add quirks for some Clevo laptops
    - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
    - xtensa: fix KASAN report for show_stack
    - rcu: Fix rcu_torture_read ftrace event
    - dt-bindings: mtd: jedec,spi-nor: Document CPOL/CPHA support
    - s390/uaccess: add missing earlyclobber annotations to __clear_user()
    - s390: reintroduce expoline dependence to scripts
    - drm/etnaviv: fix reference leak when mmaping imported buffer
    - drm/amdgpu: allow more APUs to do mode2 reset when go to S4
    - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
    - drm/amd/display: Take FEC Overhead into Timeslot Calculation
    - drm/i915/gem: Flush lmem contents after construction
    - drm/i915/dpt: Treat the DPT BO as a framebuffer
    - drm/i915: Disable DC states for all commits
    - drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
    - drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on
      skl/glk
    - KVM: arm64: PMU: Fix GET_ONE_REG for vPMC regs to return the current value
    - KVM: arm64: PMU: Don't save PMCR_EL0.{C,P} for the vCPU
    - KVM: arm64: Retry fault if vma_lookup() results become invalid
    - KVM: arm64: Disable interrupts while walking userspace PTs
    - KVM: arm64: Check for kvm_vma_mte_allowed in the critical section
    - usb: ucsi: Fix ucsi->connector race
    - libbpf: Fix BTF-to-C converter's padding logic
    - selftests/bpf: Add few corner cases to test padding handling of btf_dump
    - libbpf: Fix btf_dump's packed struct determination
    - drm/amdkfd: Get prange->offset after svm_range_vram_node_new
    - hsr: ratelimit only when errors are printed
    - x86/PVH: avoid 32-bit build warning when obtaining VGA console info
    - Revert "cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*"
    - Linux 6.2.10

* Lunar update: v6.2.9 upstream stable release (LP: #2016877)
    - interconnect: qcom: osm-l3: fix icc_onecell_data allocation
    - interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function
    - interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT
    - perf/core: Fix perf_output_begin parameter is incorrectly invoked in
      perf_event_bpf_output
    - perf: fix perf_event_context->time
    - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr
    - drm/amd/display: fix k1 k2 divider programming for phantom streams
    - drm/amd/display: Remove OTG DIV register write for Virtual signals.
    - drm/amd/display: Fix DP MST sinks removal issue
    - arm64: dts: freescale: imx8-ss-lsio: Fix flexspi clock order
    - arm64: dts: qcom: sc8280xp: Add label property to vadc channel nodes
    - arm64: dts: qcom: sm6375: Add missing power-domain-named to CDSP
    - arm64: dts: qcom: sm8450: correct WSA2 assigned clocks
    - arm64: dts: qcom: sm8450: Mark UFS controller as cache coherent
    - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race
      condition
    - power: supply: da9150: Fix use after free bug in da9150_charger_remove due
      to race condition
    - wifi: mt76: do not run mt76_unregister_device() on unregistered hw
    - wifi: mt76: connac: do not check WED status for non-mmio devices
    - efi: earlycon: Reprobe after parsing config tables
    - arm64: dts: imx8dxl-evk: Disable hibernation mode of AR8031 for EQOS
    - arm64: dts: imx8dxl-evk: Fix eqos phy reset gpio
    - ARM: dts: imx6sll: e70k02: fix usbotg1 pinctrl
    - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl
    - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
    - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes
    - arm64: dts: imx93: add missing #address-cells and #size-cells to i2c nodes
    - NFS: Fix /proc/PID/io read_bytes for buffered reads
    - xsk: Add missing overflow check in xdp_umem_reg
    - iavf: fix inverted Rx hash condition leading to disabled hash
    - iavf: fix non-tunneled IPv6 UDP packet type and hashing
    - iavf: do not track VLAN 0 filters
    - intel/igbvf: free irq on the error path in igbvf_request_msix()
    - igbvf: Regard vf reset nack as success
    - igc: fix the validation logic for taprio's gate list
    - i2c: imx-lpi2c: check only for enabled interrupt flags
    - i2c: mxs: ensure that DMA buffers are safe for DMA
    - i2c: hisi: Only use the completion interrupt to finish the transfer
    - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
    - nfsd: don't replace page in rq_pages if it's a continuation of last page
    - net: dsa: b53: mmap: fix device tree support
    - net: usb: smsc95xx: Limit packet length to skb->len
    - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
    - xirc2ps_cs: Fix use after free bug in xirc2ps_detach
    - net: phy: Ensure state transitions are processed from phy_stop()
    - net: mdio: fix owner field for mdio buses registered using device-tree
    - net: mdio: fix owner field for mdio buses registered using ACPI
    - net: stmmac: Fix for mismatched host/device DMA address width
    - thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function
    - mlxsw: core_thermal: Fix fan speed in maximum cooling state
    - drm/i915/fbdev: lock the fbdev obj before vma pin
    - drm/i915/mtl: Disable MC6 for MTL A step
    - drm/i915/guc: Rename GuC register state capture node to be more obvious
    - drm/i915/guc: Fix missing ecodes
    - drm/i915/gt: perform uc late init after probe error injection
    - drm/i915: Fix format for perf_limit_reasons
    - drm/i915: Update vblank timestamping stuff on seamless M/N change
    - net: dsa: report rx_bytes unadjusted for ETH_HLEN
    - net: qcom/emac: Fix use after free bug in emac_remove due to race condition
    - net: usb: lan78xx: Limit packet length to skb->len
    - net/ps3_gelic_net: Fix RX sk_buff length
    - net/ps3_gelic_net: Use dma_mapping_error
    - octeontx2-vf: Add missing free for alloc_percpu
    - bootconfig: Fix testcase to increase max node
    - keys: Do not cache key in task struct if key is requested from kernel thread
    - ice: check if VF exists before mode check
    - iavf: fix hang on reboot with ice
    - i40e: fix flow director packet filter programming
    - bpf: Adjust insufficient default bpf_jit_limit
    - net/mlx5e: Set uplink rep as NETNS_LOCAL
    - net/mlx5e: Block entering switchdev mode with ns inconsistency
    - net/mlx5: Fix steering rules cleanup
    - net/mlx5e: Overcome slow response for first macsec ASO WQE
    - net/mlx5: Read the TC mapping of all priorities on ETS query
    - net/mlx5: E-Switch, Fix an Oops in error handling code
    - net: dsa: tag_brcm: legacy: fix daisy-chained switches
    - atm: idt77252: fix kmemleak when rmmod idt77252
    - erspan: do not use skb_mac_header() in ndo_start_xmit()
    - net: mscc: ocelot: fix stats region batching
    - net/sonic: use dma_mapping_error() for error check
    - nvme-tcp: fix nvme_tcp_term_pdu to match spec
    - mlxsw: spectrum_fid: Fix incorrect local port type
    - hvc/xen: prevent concurrent accesses to the shared ring
    - ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA
    - ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES
    - ksmbd: fix possible refcount leak in smb2_open()
    - Bluetooth: hci_sync: Resume adv with no RPA when active scan
    - Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet
    - Bluetooth: btusb: Remove detection of ISO packets over bulk
    - Bluetooth: ISO: fix timestamped HCI ISO data packet parsing
    - Bluetooth: Remove "Power-on" check from Mesh feature
    - gve: Cache link_speed value from device
    - net: asix: fix modprobe "sysfs: cannot create duplicate filename"
    - net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup()
    - net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup()
    - net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case
    - net: mdio: thunder: Add missing fwnode_handle_put()
    - efi/libstub: Use relocated version of kernel's struct screen_info
    - drm/amd/display: Set dcn32 caps.seamless_odm
    - Bluetooth: btqcomsmd: Fix command timeout after setting BD address
    - Bluetooth: L2CAP: Fix responding with wrong PDU type
    - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished
      work
    - Bluetooth: mgmt: Fix MGMT add advmon with RSSI command
    - Bluetooth: HCI: Fix global-out-of-bounds
    - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl
    - entry: Fix noinstr warning in __enter_from_user_mode()
    - perf/x86/amd/core: Always clear status for idx
    - entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up
    - hwmon: fix potential sensor registration fail if of_node is missing
    - hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
    - scsi: qla2xxx: Synchronize the IOCB count to be in order
    - scsi: qla2xxx: Perform lockless command completion in abort path
    - smb3: lower default deferred close timeout to address perf regression
    - smb3: fix unusable share after force unmount failure
    - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
    - thunderbolt: Use scale field when allocating USB3 bandwidth
    - thunderbolt: Call tb_check_quirks() after initializing adapters
    - thunderbolt: Add quirk to disable CLx
    - thunderbolt: Fix memory leak in margining
    - thunderbolt: Disable interrupt auto clear for rings
    - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access
    - thunderbolt: Use const qualifier for `ring_interrupt_index`
    - thunderbolt: Rename shadowed variables bit to interrupt_bit and
      auto_clear_bit
    - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
    - ASoC: Intel: sof_rt5682: Add quirk for Rex board with mx98360a amplifier
    - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43)
    - ACPI: x86: Drop quirk for HP Elitebook
    - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable
    - riscv: Bump COMMAND_LINE_SIZE value to 1024
    - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update()
    - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
    - ca8210: fix mac_len negative array access
    - HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse
    - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
    - m68k: mm: Fix systems with memory at end of 32-bit address space
    - m68k: Only force 030 bus error if PC not in exception table
    - selftests/bpf: check that modifier resolves after pointer
    - cpumask: fix incorrect cpumask scanning result checks
    - scsi: target: iscsi: Fix an error message in iscsi_check_key()
    - scsi: qla2xxx: Add option to disable FC2 Target support
    - scsi: hisi_sas: Check devm_add_action() return value
    - scsi: ufs: core: Add soft dependency on governor_simpleondemand
    - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
    - scsi: lpfc: Avoid usage of list iterator variable after loop
    - scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled
    - scsi: mpi3mr: Wait for diagnostic save during controller init
    - scsi: mpi3mr: NVMe command size greater than 8K fails
    - scsi: mpi3mr: Bad drive in topology results kernel crash
    - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
    - platform/x86: int3472: Add GPIOs to Surface Go 3 Board data
    - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
    - net: usb: qmi_wwan: add Telit 0x1080 composition
    - drm/amd/display: Update clock table to include highest clock setting
    - sh: sanitize the flags on sigreturn
    - drm/amdgpu: Fix call trace warning and hang when removing amdgpu device
    - drm/amd: Fix initialization mistake for NBIO 7.3.0
    - net/sched: act_mirred: better wording on protection against excessive stack
      growth
    - act_mirred: use the backlog for nested calls to mirred ingress
    - cifs: lock chan_lock outside match_session
    - cifs: append path to open_enter trace event
    - cifs: do not poll server interfaces too regularly
    - cifs: empty interface list when server doesn't support query interfaces
    - cifs: dump pending mids for all channels in DebugData
    - cifs: print session id while listing open files
    - cifs: fix dentry lookups in directory handle cache
    - x86/mm: Do not shuffle CPU entry areas without KASLR
    - x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf()
    - selftests/x86/amx: Add a ptrace test
    - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
    - usb: misc: onboard-hub: add support for Microchip USB2517 USB 2.0 hub
    - usb: dwc2: fix a race, don't power off/on phy for dual-role mode
    - usb: dwc2: drd: fix inconsistent mode if role-switch-default-mode="host"
    - usb: dwc2: fix a devres leak in hw_enable upon suspend resume
    - block/io_uring: pass in issue_flags for uring_cmd task_work handling
    - usb: gadget: u_audio: don't let userspace block driver unbind
    - btrfs: zoned: fix btrfs_can_activate_zone() to support DUP profile
    - Bluetooth: Fix race condition in hci_cmd_sync_clear
    - efi: sysfb_efi: Fix DMI quirks not working for simpledrm
    - mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP
    - efi/libstub: zboot: Mark zboot EFI application as NX compatible
    - arm64: efi: Set NX compat flag in PE/COFF header
    - fscrypt: destroy keyring after security_sb_delete()
    - fsverity: Remove WQ_UNBOUND from fsverity read workqueue
    - lockd: set file_lock start and end when decoding nlm4 testargs
    - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name
    - igb: revert rtnl_lock() that causes deadlock
    - dm thin: fix deadlock when swapping to thin device
    - usb: typec: tcpm: fix create duplicate source-capabilities file
    - usb: typec: tcpm: fix warning when handle discover_identity message
    - usb: cdns3: Fix issue with using incorrect PCI device function
    - usb: cdnsp: Fixes issue with redundant Status Stage
    - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver
    - usb: chipdea: core: fix return -EINVAL if request role is the same with
      current role
    - usb: chipidea: core: fix possible concurrent when switch role
    - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC
    - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
    - usb: ucsi_acpi: Increase the command completion timeout
    - mm: kfence: fix using kfence_metadata without initialization in
      show_object()
    - kfence: avoid passing -g for test
    - io_uring/net: avoid sending -ECONNABORTED on repeated connection requests
    - io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get()
    - Revert "kasan: drop skip_kasan_poison variable in free_pages_prepare"
    - kcsan: avoid passing -g for test
    - test_maple_tree: add more testing for mas_empty_area()
    - maple_tree: fix mas_skip_node() end slot detection
    - ksmbd: fix wrong signingkey creation when encryption is AES256
    - ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION
    - ksmbd: don't terminate inactive sessions after a few seconds
    - ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect
    - ksmbd: return unsupported error on smb1 mount
    - wifi: mac80211: fix qos on mesh interfaces
    - wifi: mac80211: Serialize ieee80211_handle_wake_tx_queue()
    - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
    - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
    - drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk
    - drm/meson: fix missing component unbind on bind errors
    - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi
    - drm/i915/active: Fix missing debug object activation
    - drm/i915: Preserve crtc_state->inherited during state clearing
    - drm/amdgpu: skip ASIC reset for APUs when go to S4
    - drm/amdgpu: reposition the gpu reset checking for reuse
    - riscv: mm: Fix incorrect ASID argument when flushing TLB
    - riscv: Handle zicsr/zifencei issues between clang and binutils
    - tee: amdtee: fix race condition in amdtee_open_session
    - firmware: arm_scmi: Fix device node validation for mailbox transport
    - arm64: dts: qcom: sc8280xp-x13s: mark s11b regulator as always-on
    - arm64: dts: qcom: sc7280: Mark PCIe controller as cache coherent
    - arm64: dts: qcom: sm8150: Fix the iommu mask used for PCIe controllers
    - soc: qcom: llcc: Fix slice configuration values for SC8280XP
    - mm/ksm: fix race with VMA iteration and mm_struct teardown
    - bus: imx-weim: fix branch condition evaluates to a garbage value
    - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
    - dm stats: check for and propagate alloc_percpu failure
    - dm crypt: add cond_resched() to dmcrypt_write()
    - dm crypt: avoid accessing uninitialized tasklet
    - sched/fair: sanitize vruntime of entity being placed
    - sched/fair: Sanitize vruntime of entity being migrated
    - Linux 6.2.9
    - [Config] ppc64: updateconfigs following v6.2.9 stable updates

* Lunar update: v6.2.8 upstream stable release (LP: #2016876)
    - xfrm: Allow transport-mode states with AF_UNSPEC selector
    - drm/virtio: Pass correct device to dma_sync_sgtable_for_device()
    - drm/msm/gem: Prevent blocking within shrinker loop
    - drm/panfrost: Don't sync rpm suspension after mmu flushing
    - fbdev: chipsfb: Fix error codes in chipsfb_pci_init()
    - cifs: Move the in_send statistic to __smb_send_rqst()
    - drm/meson: fix 1px pink line on GXM when scaling video overlay
    - clk: HI655X: select REGMAP instead of depending on it
    - selftests: amd-pstate: fix TEST_FILES
    - ASoC: SOF: Intel: MTL: Fix the device description
    - ASoC: SOF: Intel: HDA: Fix device description
    - ASoC: SOF: Intel: SKL: Fix device description
    - ASOC: SOF: Intel: pci-tgl: Fix device description
    - ASoC: SOF: ipc4-topology: set dmic dai index from copier
    - docs: Correct missing "d_" prefix for dentry_operations member
      d_weak_revalidate
    - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
    - scsi: mpi3mr: Fix throttle_groups memory leak
    - scsi: mpi3mr: Fix config page DMA memory leak
    - scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()
    - scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
    - scsi: mpi3mr: Return proper values for failures in firmware init path
    - scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
    - scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt
    - scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()
    - ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
    - netfilter: nft_nat: correct length for loading protocol registers
    - netfilter: nft_masq: correct length for loading protocol registers
    - netfilter: nft_redir: correct length for loading protocol registers
    - netfilter: nft_redir: correct value of inet type `.maxattrs`
    - scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD
    - scsi: core: Fix a procfs host directory removal regression
    - ftrace,kcfi: Define ftrace_stub_graph conditionally
    - tcp: tcp_make_synack() can be called from process context
    - vdpa/mlx5: should not activate virtq object when suspended
    - wifi: nl80211: fix NULL-ptr deref in offchan check
    - wifi: cfg80211: fix MLO connection ownership
    - selftests: fix LLVM build for i386 and x86_64
    - nfc: pn533: initialize struct pn533_out_arg properly
    - ipvlan: Make skb->skb_iif track skb->dev for l3s mode
    - i40e: Fix kernel crash during reboot when adapter is in recovery mode
    - vhost-vdpa: free iommu domain after last use during cleanup
    - vdpa_sim: not reset state in vdpasim_queue_ready
    - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
    - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
    - bnxt_en: reset PHC frequency in free-running mode
    - net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
    - qed/qed_dev: guard against a possible division by zero
    - net: dsa: mt7530: remove now incorrect comment regarding port 5
    - net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used
    - block: do not reverse request order when flushing plug list
    - loop: Fix use-after-free issues
    - blk-mq: fix "bad unlock balance detected" on q->srcu in
      __blk_mq_run_dispatch_ops
    - net: tunnels: annotate lockless accesses to dev->needed_headroom
    - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
    - tcp: Fix bind() conflict check for dual-stack wildcard address.
    - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
    - mlxsw: spectrum: Fix incorrect parsing depth after reload
    - net/smc: fix deadlock triggered by cancel_delayed_work_syn()
    - net: usb: smsc75xx: Limit packet length to skb->len
    - net: ethernet: mtk_eth_soc: reset PCS state
    - net: ethernet: mtk_eth_soc: only write values if needed
    - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
    - powerpc/mm: Fix false detection of read faults
    - block: null_blk: Fix handling of fake timeout request
    - nvme: fix handling single range discard request
    - nvmet: avoid potential UAF in nvmet_req_complete()
    - block: sunvdc: add check for mdesc_grab() returning NULL
    - block: count 'ios' and 'sectors' when io is done for bio-based device
    - net/mlx5e: Fix macsec ASO context alignment
    - net/mlx5e: Don't cache tunnel offloads capability
    - net/mlx5: Fix setting ec_function bit in MANAGE_PAGES
    - net/mlx5: Disable eswitch before waiting for VF pages
    - net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
    - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs
      internal port
    - net/mlx5e: Fix cleanup null-ptr deref on encap lock
    - net/mlx5: Set BREAK_FW_WAIT flag first when removing driver
    - veth: Fix use after free in XDP_REDIRECT
    - ice: xsk: disable txq irq before flushing hw
    - net: dsa: don't error out when drivers return ETH_DATA_LEN in
      .port_max_mtu()
    - net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
    - ravb: avoid PHY being resumed when interface is not up
    - sh_eth: avoid PHY being resumed when interface is not up
    - ipv4: Fix incorrect table ID in IOCTL path
    - net: usb: smsc75xx: Move packet length check to prevent kernel panic in
      skb_pull
    - net: atlantic: Fix crash when XDP is enabled but no program is loaded
    - net/iucv: Fix size of interrupt data
    - i825xx: sni_82596: use eth_hw_addr_set()
    - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
    - net: dsa: microchip: fix RGMII delay configuration on
      KSZ8765/KSZ8794/KSZ8795
    - ethernet: sun: add check for the mdesc_grab()
    - net: renesas: rswitch: Rename rings in struct rswitch_gwca_queue
    - net: renesas: rswitch: Fix the output value of quote from rswitch_rx()
    - bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
    - bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
    - hwmon: (adt7475) Display smoothing attributes in correct order
    - hwmon: (adt7475) Fix masking of hysteresis registers
    - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race
      condition
    - hwmon: (ina3221) return prober error code
    - hwmon: (ucd90320) Add minimum delay between bus accesses
    - hwmon: tmp512: drop of_match_ptr for ID table
    - kconfig: Update config changed flag before calling callback
    - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
    - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip
    - media: m5mols: fix off-by-one loop termination error
    - ext4: update s_journal_inum if it changes after journal replay
    - ext4: fix task hung in ext4_xattr_delete_inode
    - drm/amdkfd: Fix an illegal memory access
    - net/9p: fix bug in client create for .L
    - LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
    - sh: intc: Avoid spurious sizeof-pointer-div warning
    - drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
    - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
    - ext4: fix possible double unlock when moving a directory
    - Revert "tty: serial: fsl_lpuart: adjust SERIAL_FSL_LPUART_CONSOLE config
      dependency"
    - tty: serial: fsl_lpuart: fix race on RX DMA shutdown
    - tty: serial: fsl_lpuart: skip waiting for transmission complete when
      UARTCTRL_SBK is asserted
    - serial: 8250_em: Fix UART port type
    - serial: 8250_fsl: fix handle_irq locking
    - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
    - firmware: xilinx: don't make a sleepable memory allocation from an atomic
      context
    - memory: tegra: fix interconnect registration race
    - memory: tegra20-emc: fix interconnect registration race
    - memory: tegra124-emc: fix interconnect registration race
    - memory: tegra30-emc: fix interconnect registration race
    - drm/ttm: Fix a NULL pointer dereference
    - s390/ipl: add missing intersection check to ipl_report handling
    - interconnect: fix icc_provider_del() error handling
    - interconnect: fix provider registration API
    - interconnect: imx: fix registration race
    - interconnect: fix mem leak when freeing nodes
    - interconnect: qcom: osm-l3: fix registration race
    - interconnect: qcom: rpm: fix probe child-node error handling
    - interconnect: qcom: rpm: fix registration race
    - interconnect: qcom: rpmh: fix probe child-node error handling
    - interconnect: qcom: rpmh: fix registration race
    - interconnect: qcom: msm8974: fix registration race
    - interconnect: exynos: fix node leak in probe PM QoS error path
    - interconnect: exynos: fix registration race
    - md: select BLOCK_LEGACY_AUTOLOAD
    - cifs: generate signkey for the channel that's reconnecting
    - tracing: Make splice_read available again
    - tracing: Do not let histogram values have some modifiers
    - tracing: Check field value in hist_field_name()
    - tracing: Make tracepoint lockdep check actually test something
    - cifs: Fix smb2_set_path_size()
    - cifs: set DFS root session in cifs_get_smb_ses()
    - cifs: fix use-after-free bug in refresh_cache_worker()
    - cifs: return DFS root session id in DebugData
    - cifs: use DFS root session instead of tcon ses
    - KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask
    - KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs
    - ALSA: hda: intel-dsp-config: add MTL PCI id
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
    - Revert "riscv: mm: notify remote harts about mmu cache updates"
    - riscv: asid: Fixup stale TLB entry cause application crash
    - drm/edid: fix info leak when failing to get panel id
    - drm/shmem-helper: Remove another errant put in error path
    - drm/sun4i: fix missing component unbind on bind errors
    - drm/i915/active: Fix misuse of non-idle barriers as fence trackers
    - drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
    - drm/amdgpu: Don't resume IOMMU after incomplete init
    - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
    - drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes
    - drm/amd/pm: bump SMU 13.0.4 driver_if header version
    - drm/amd/display: Do not set DRR on pipe Commit
    - drm/amd/display: disconnect MPCC only on OTG change
    - drm/amd/display: Write to correct dirty_rect
    - mptcp: fix possible deadlock in subflow_error_report
    - mptcp: refactor passive socket initialization
    - mptcp: use the workqueue to destroy unaccepted sockets
    - mptcp: fix UaF in listener shutdown
    - mptcp: add ro_after_init for tcp{,v6}_prot_override
    - mptcp: avoid setting TCP_CLOSE state twice
    - mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
    - ftrace: Fix invalid address access in lookup_rec() when index is 0
    - ocfs2: fix data corruption after failed write
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000
    - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
    - vp_vdpa: fix the crash in hot unplug with vp_vdpa
    - mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
    - mm: teach mincore_hugetlb about pte markers
    - powerpc/64: Set default CPU in Kconfig
    - powerpc/boot: Don't always pass -mcpu=powerpc when building 32-bit uImage
    - mmc: sdhci_am654: lower power-on failed message severity
    - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
    - trace/hwlat: Do not wipe the contents of per-cpu thread data
    - trace/hwlat: Do not start per-cpu thread if it is already running
    - ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent
    - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
    - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release()
    - RISC-V: mm: Support huge page in vmalloc_fault()
    - io_uring/msg_ring: let target know allocated index
    - cpuidle: psci: Iterate backwards over list in psci_pd_remove()
    - ASoC: Intel: soc-acpi: fix copy-paste issue in topology names
    - ASoC: qcom: q6prm: fix incorrect clk_root passed to ADSP
    - x86/mce: Make sure logged MCEs are processed after sysfs update
    - x86/mm: Fix use of uninitialized buffer in sme_enable()
    - x86/resctrl: Clear staged_config[] before and after it is used
    - powerpc: Pass correct CPU reference to assembler
    - virt/coco/sev-guest: Check SEV_SNP attribute at probe time
    - virt/coco/sev-guest: Simplify extended guest request handling
    - virt/coco/sev-guest: Remove the disable_vmpck label in
      handle_guest_request()
    - virt/coco/sev-guest: Carve out the request issuing logic into a helper
    - virt/coco/sev-guest: Do some code style cleanups
    - virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case
    - virt/coco/sev-guest: Add throttling awareness
    - perf: Fix check before add_event_to_groups() in perf_group_detach()
    - powerpc: Disable CPU unknown by CLANG when CC_IS_CLANG
    - powerpc/64: Replace -mcpu=e500mc64 by -mcpu=e5500
    - Linux 6.2.8
    - [Config] ppc64: updateconfigs following v6.2.8 stable updates

* Lunar update: v6.2.8 upstream stable release (LP: #2016876) //
    CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4

* Lunar update: v6.2.7 upstream stable release (LP: #2016875)
    - fs: prevent out-of-bounds array speculation when closing a file descriptor
    - btrfs: fix unnecessary increment of read error stat on write error
    - btrfs: fix percent calculation for bg reclaim message
    - btrfs: fix block group item corruption after inserting new block group
    - io_uring/uring_cmd: ensure that device supports IOPOLL
    - erofs: fix wrong kunmap when using LZMA on HIGHMEM platforms
    - perf inject: Fix --buildid-all not to eat up MMAP2
    - fork: allow CLONE_NEWTIME in clone3 flags
    - RISC-V: Stop emitting attributes
    - thermal: intel: int340x: processor_thermal: Fix deadlock
    - x86/CPU/AMD: Disable XSAVES on AMD family 0x17
    - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15
    - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21
    - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv
    - drm/display: Don't block HDR_OUTPUT_METADATA on unknown EOTF
    - drm/connector: print max_requested_bpc in state debugfs
    - drm/msm/adreno: fix runtime PM imbalance at unbind
    - staging: rtl8723bs: Fix key-store index handling
    - staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()
    - ext4: fix cgroup writeback accounting with fs-layer encryption
    - ext4: fix RENAME_WHITEOUT handling for inline directories
    - ext4: fix another off-by-one fsmap error on 1k block filesystems
    - ext4: move where set the MAY_INLINE_DATA flag is set
    - ext4: fix WARNING in ext4_update_inline_data
    - ext4: zero i_disksize when initializing the bootloader inode
    - HID: core: Provide new max_buffer_size attribute to over-ride the default
    - HID: uhid: Over-ride the default maximum data buffer value with our own
    - nfc: change order inside nfc_se_io error path
    - KVM: VMX: Reset eVMCS controls in VP assist page during hardware disabling
    - KVM: VMX: Don't bother disabling eVMCS static key on module exit
    - KVM: x86: Move guts of kvm_arch_init() to standalone helper
    - KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace
    - udf: Fix off-by-one error when discarding preallocation
    - bus: mhi: ep: Power up/down MHI stack during MHI RESET
    - bus: mhi: ep: Change state_lock to mutex
    - drm/i915: Introduce intel_panel_init_alloc()
    - drm/i915: Do panel VBT init early if the VBT declares an explicit panel type
    - drm/i915: Populate encoder->devdata for DSI on icl+
    - block: Revert "block: Do not reread partition table on exclusively open
      device"
    - block: fix scan partition for exclusively open device again
    - riscv: Add header include guards to insn.h
    - scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
    - ext4: Fix possible corruption when moving a directory
    - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype
    - drm/nouveau/fb/gp102-: cache scrubber binary on first load
    - drm/msm: Fix potential invalid ptr free
    - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register
    - drm/msm/a5xx: fix highest bank bit for a530
    - drm/msm/a5xx: fix the emptyness check in the preempt code
    - drm/msm/a5xx: fix context faults during ring switch
    - bgmac: fix *initial* chip reset to support BCM5358
    - nfc: fdp: add null check of devm_kmalloc_array in
      fdp_nci_i2c_read_device_properties
    - powerpc: dts: t1040rdb: fix compatible string for Rev A boards
    - tls: rx: fix return value for async crypto
    - drm/msm/dpu: disable features unsupported by QCM2290
    - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
    - net: lan966x: Fix port police support using tc-matchall
    - selftests: nft_nat: ensuring the listening side is up before starting the
      client
    - netfilter: nft_last: copy content when cloning expression
    - netfilter: nft_quota: copy content when cloning expression
    - net: tls: fix possible race condition between do_tls_getsockopt_conf() and
      do_tls_setsockopt_conf()
    - net: use indirect calls helpers for sk_exit_memory_pressure()
    - perf stat: Fix counting when initial delay configured
    - net: lan78xx: fix accessing the LAN7800's internal phy specific registers
      from the MAC driver
    - net: caif: Fix use-after-free in cfusbl_device_notify()
    - ice: copy last block omitted in ice_get_module_eeprom()
    - nfp: fix incorrectly set csum flag for nfd3 path
    - nfp: fix esp-tx-csum-offload doesn't take effect
    - bpf, sockmap: Fix an infinite loop error when len is 0 in
      tcp_bpf_recvmsg_parser()
    - drm/msm/dpu: fix len of sc7180 ctl blocks
    - drm/msm/dpu: fix sm6115 and qcm2290 mixer width limits
    - drm/msm/dpu: correct sm8250 and sm8350 scaler
    - drm/msm/dpu: correct sm6115 scaler
    - drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK
    - drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks
    - drm/msm/disp/dpu: fix sc7280_pp base offset
    - drm/msm/dpu: clear DSPP reservations in rm release
    - net: stmmac: add to set device wake up flag when stmmac init phy
    - net: phylib: get rid of unnecessary locking
    - bnxt_en: Avoid order-5 memory allocation for TPA data
    - netfilter: ctnetlink: revert to dumping mark regardless of event type
    - netfilter: tproxy: fix deadlock due to missing BH disable
    - m68k: mm: Move initrd phys_to_virt handling after paging_init()
    - btrfs: fix extent map logging bit not cleared for split maps after dropping
      range
    - bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES
    - btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
    - net: phy: smsc: fix link up detection in forced irq mode
    - net: ethernet: mtk_eth_soc: fix RX data corruption issue
    - net: tls: fix device-offloaded sendpage straddling records
    - scsi: megaraid_sas: Update max supported LD IDs to 240
    - scsi: sd: Fix wrong zone_write_granularity value during revalidate
    - netfilter: conntrack: adopt safer max chain length
    - platform/x86: dell-ddv: Return error if buffer is empty
    - platform/x86: dell-ddv: Fix temperature scaling
    - platform: mellanox: select REGMAP instead of depending on it
    - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
    - block: fix wrong mode for blkdev_put() from disk_scan_partitions()
    - NFSD: Protect against filesystem freezing
    - ice: Fix DSCP PFC TLV creation
    - ethernet: ice: avoid gcc-9 integer overflow warning
    - net/smc: fix fallback failed while sendmsg with fastopen
    - octeontx2-af: Unlock contexts in the queue context cache in case of fault
      detection
    - SUNRPC: Fix a server shutdown leak
    - net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC
    - af_unix: fix struct pid leaks in OOB support
    - erofs: Revert "erofs: fix kvcalloc() misuse with __GFP_NOFAIL"
    - riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
    - RISC-V: Don't check text_mutex during stop_machine
    - drm/amdgpu: fix return value check in kfd
    - ext4: Fix deadlock during directory rename
    - RISC-V: take text_mutex during alternative patching
    - drm/amdgpu/soc21: don't expose AV1 if VCN0 is harvested
    - drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4
    - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
    - tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
    - MIPS: Fix a compilation issue
    - powerpc/64: Don't recurse irq replay
    - powerpc/iommu: fix memory leak with using debugfs_lookup()
    - clk: renesas: rcar-gen3: Disable R-Car H3 ES1.*
    - powerpc: Remove __kernel_text_address() in show_instructions()
    - powerpc/bpf/32: Only set a stack frame when necessary
    - powerpc/64: Fix task_cpu in early boot when booting non-zero cpuid
    - powerpc/64: Move paca allocation to early_setup()
    - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation
    - alpha: fix R_ALPHA_LITERAL reloc for large modules
    - macintosh: windfarm: Use unsigned type for 1-bit bitfields
    - PCI: Add SolidRun vendor ID
    - scripts: handle BrokenPipeError for python scripts
    - media: ov5640: Fix analogue gain control
    - media: rc: gpio-ir-recv: add remove function
    - drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60
    - drm/amd/display: adjust MALL size available for DCN32 and DCN321
    - filelocks: use mount idmapping for setlease permission check
    - Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES"
    - RISC-V: fix taking the text_mutex twice during sifive errata patching
    - UML: define RUNTIME_DISCARD_EXIT
    - Linux 6.2.7

* Miscellaneous Ubuntu changes
    - [Packaging] Move final-checks script to debian/scripts/checks
    - [Packaging] checks/final-checks: Honor 'do_skip_checks'
    - [Packaging] Drop wireguard DKMS
    - [Packaging] Remove update-version-dkms
    - [Packaging] debian/rules: Add DKMS info to 'printenv' output

* Miscellaneous upstream changes
    - Revert "Revert "mm: kfence: apply kmemleak_ignore_phys on early allocated
      pool""

linux (6.2.0-21.21) lunar; urgency=medium

* lunar/linux: 6.2.0-21.21 -proposed tracker (LP: #2016249)

* efivarfs:efivarfs.sh in ubuntu_kernel_selftests crash L-6.2 ARM64 node
    dazzle (rcu_preempt detected stalls) (LP: #2015741)
    - efi/libstub: smbios: Use length member instead of record struct size
    - arm64: efi: Use SMBIOS processor version to key off Ampere quirk
    - efi/libstub: smbios: Drop unused 'recsize' parameter

* Miscellaneous Ubuntu changes
    - SAUCE: selftests/bpf: ignore pointer types check with clang
    - SAUCE: selftests/bpf: avoid conflicting data types in profiler.inc.h
    - [Packaging] get rid of unnecessary artifacts in linux-headers

* Miscellaneous upstream changes
    - Revert "UBUNTU: SAUCE: Revert "efi: random: refresh non-volatile random seed
      when RNG is initialized""
    - Revert "UBUNTU: SAUCE: Revert "efi: random: fix NULL-deref when refreshing
      seed""

-- Roxana Nicolescu <roxana.nicolescu@canonical.com>  Wed, 17 May 2023 16:44:59 +0200

Changed in linux (Ubuntu Lunar):
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-06-22:

#13

This bug was fixed in the package linux - 6.3.0-7.7

---------------
linux (6.3.0-7.7) mantic; urgency=medium

* mantic/linux: 6.3.0-7.7 -proposed tracker (LP: #2023297)

* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/master)

-- Paolo Pisati <email address hidden> Thu, 08 Jun 2023 16:44:41 +0200

Changed in linux (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-07-19:

#14

This bug is awaiting verification that the linux-azure/6.2.0-1009.9 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-lunar' to 'verification-done-lunar'. If the problem still exists, change the tag 'verification-needed-lunar' to 'verification-failed-lunar'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-lunar-linux-azure verification-needed-lunar

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

vmd may fail to create sysfs entry while `pci_rescan_bus()` called in some other drivers like wwan

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package