Public bug reported: I play Call of Duty Black Ops 2 Zombies on steam using default proton settings. No special proton settings. I play Far Cry 3 on steam with the glorious eggroll custom proton. Using kernel 7.0.0-14 Zombies gives me a brief freeze frame almost like somebody hit a pause button that is making it hard to play. Using kernel 7.0.0-14 Far Cry 3 occasionally gives me audio that sounds like a cd player skipping or something. If I run zombies in window mode, and btop running next to it, I can observe that the freeze corresponds to a drop in CPU usage. Some times it goes from maybe 20 percent and then freezes and drops to 2 percent. If I enable "X3D turbo mode" in my computer bios the freeze seems to go away, but I only have 8 CPUS now. If I go back to kernel 7.0.0-13, the freeze problem also goes away. This makes me think its a bug in the kernel but I don't know it could be a bug in something else. Sorry I have never debugged a linux kernel before. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: linux-image-7.0.0-14-generic 7.0.0-14.14 ProcVersionSignature: Ubuntu 7.0.0-14.14-generic 7.0.0 Uname: Linux 7.0.0-14-generic x86_64 ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC2: ryan 4501 F.... wireplumber /dev/snd/controlC1: ryan 4501 F.... wireplumber /dev/snd/controlC0: ryan 4501 F.... wireplumber /dev/snd/seq: ryan 4417 F.... pipewire CasperMD5CheckMismatches: ./boot/grub/i386-pc/eltorito.img CasperMD5CheckResult: fail CurrentDesktop: ubuntu:GNOME Date: Tue Apr 21 06:44:25 2026 InstallationDate: Installed on 2026-03-30 (22 days ago) InstallationMedia: Ubuntu 26.04 "Resolute Raccoon" - Daily amd64 (20260325) IwDevWlp15s0Link: Not connected. MachineType: Gigabyte Technology Co., Ltd. X870E AORUS PRO ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcFB: 0 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-7.0.0-14-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 03/11/2026 dmi.bios.release: 5.41 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: F12a dmi.board.asset.tag: Default string dmi.board.name: X870E AORUS PRO dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrF12a:bd03/11/2026:br5.41:svnGigabyteTechnologyCo.,Ltd.:pnX870EAORUSPRO:pvrDefaultstring-CF-WCP-ADO:rvnGigabyteTechnologyCo.,Ltd.:rnX870EAORUSPRO:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring:pfaX870EMB: dmi.product.family: X870E MB dmi.product.name: X870E AORUS PRO dmi.product.sku: Default string dmi.product.version: Default string-CF-WCP-ADO dmi.sys.vendor: Gigabyte Technology Co., Ltd. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug resolute wayland-session -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2149792 Title: games stuttering/freezing in kernel 7.0.0-14 Status in linux package in Ubuntu: New Bug description: I play Call of Duty Black Ops 2 Zombies on steam using default proton settings. No special proton settings. I play Far Cry 3 on steam with the glorious eggroll custom proton. Using kernel 7.0.0-14 Zombies gives me a brief freeze frame almost like somebody hit a pause button that is making it hard to play. Using kernel 7.0.0-14 Far Cry 3 occasionally gives me audio that sounds like a cd player skipping or something. If I run zombies in window mode, and btop running next to it, I can observe that the freeze corresponds to a drop in CPU usage. Some times it goes from maybe 20 percent and then freezes and drops to 2 percent. If I enable "X3D turbo mode" in my computer bios the freeze seems to go away, but I only have 8 CPUS now. If I go back to kernel 7.0.0-13, the freeze problem also goes away. This makes me think its a bug in the kernel but I don't know it could be a bug in something else. Sorry I have never debugged a linux kernel before. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: linux-image-7.0.0-14-generic 7.0.0-14.14 ProcVersionSignature: Ubuntu 7.0.0-14.14-generic 7.0.0 Uname: Linux 7.0.0-14-generic x86_64 ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC2: ryan 4501 F.... wireplumber /dev/snd/controlC1: ryan 4501 F.... wireplumber /dev/snd/controlC0: ryan 4501 F.... wireplumber /dev/snd/seq: ryan 4417 F.... pipewire CasperMD5CheckMismatches: ./boot/grub/i386-pc/eltorito.img CasperMD5CheckResult: fail CurrentDesktop: ubuntu:GNOME Date: Tue Apr 21 06:44:25 2026 InstallationDate: Installed on 2026-03-30 (22 days ago) InstallationMedia: Ubuntu 26.04 "Resolute Raccoon" - Daily amd64 (20260325) IwDevWlp15s0Link: Not connected. MachineType: Gigabyte Technology Co., Ltd. X870E AORUS PRO ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcFB: 0 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-7.0.0-14-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 03/11/2026 dmi.bios.release: 5.41 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: F12a dmi.board.asset.tag: Default string dmi.board.name: X870E AORUS PRO dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrF12a:bd03/11/2026:br5.41:svnGigabyteTechnologyCo.,Ltd.:pnX870EAORUSPRO:pvrDefaultstring-CF-WCP-ADO:rvnGigabyteTechnologyCo.,Ltd.:rnX870EAORUSPRO:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring:pfaX870EMB: dmi.product.family: X870E MB dmi.product.name: X870E AORUS PRO dmi.product.sku: Default string dmi.product.version: Default string-CF-WCP-ADO dmi.sys.vendor: Gigabyte Technology Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2149792/+subscriptions
вторник
[Bug 2149808] Re: Qualcomm X1E: Speaker overdrive causes hardware protection shutdown
** Description changed: + [ Impact ] + On Qualcomm X1 SoCs the Linux upstream audio support is currently lacking active speaker protection support in the DSP or software. Since 26.04. all the upstream changes have landed to enable audio/speakers by default on some devices using this SoC (Thinkpad T14s). Unfortunately the current default does not seem to be safe to use. Playing music and turning the speaker up to 100% causes a hardware safety mechanism to trigger and shut down the speakers entirely until the next reboot. Such a safety mechanism is not guaranteed and on some devices the impact might even be worse. The previous SoC generation fixed this by limiting the volume in the Linux kernel driver, see https://github.com/torvalds/linux/commit/c481016bb4f8a9c059c39ac06e7b65e233a61f6a I believe the same should be done for the X1 family. A patch to do that is available on the linux-arm-msm mailing list https://patchwork.kernel.org/project/linux-arm- msm/patch/20260421-x1e80100-audio-limit-v1-1-98bac8cee2ee@canonical.com/ + + [ Test Plan ] + + The bug is trivial to reproduce (buy I don't recommend trying if you + value your hardware) by playing audio and slowly increasing the system + volume until the speakers stop working. + + With the fix applied, it should be possible to go to 100% volume without + breaking the speakers. + + [ Where problems could occur ] + + This only affects machines based on this specific soc, of which only few + have firmware and alsa config upstream to work out of the box. On those + devices there is a small risk that our patch could break something in + the audio driver but the impact would be low and broken audio is not a + major regression since this is the first release where it would work out + the box. ** Also affects: linux (Ubuntu Resolute) Importance: Undecided Status: New -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2149808 Title: Qualcomm X1E: Speaker overdrive causes hardware protection shutdown Status in linux package in Ubuntu: New Status in linux source package in Resolute: New Bug description: [ Impact ] On Qualcomm X1 SoCs the Linux upstream audio support is currently lacking active speaker protection support in the DSP or software. Since 26.04. all the upstream changes have landed to enable audio/speakers by default on some devices using this SoC (Thinkpad T14s). Unfortunately the current default does not seem to be safe to use. Playing music and turning the speaker up to 100% causes a hardware safety mechanism to trigger and shut down the speakers entirely until the next reboot. Such a safety mechanism is not guaranteed and on some devices the impact might even be worse. The previous SoC generation fixed this by limiting the volume in the Linux kernel driver, see https://github.com/torvalds/linux/commit/c481016bb4f8a9c059c39ac06e7b65e233a61f6a I believe the same should be done for the X1 family. A patch to do that is available on the linux-arm-msm mailing list https://patchwork.kernel.org/project/linux-arm- msm/patch/20260421-x1e80100-audio- limit-v1-1-98bac8cee2ee@canonical.com/ [ Test Plan ] The bug is trivial to reproduce (buy I don't recommend trying if you value your hardware) by playing audio and slowly increasing the system volume until the speakers stop working. With the fix applied, it should be possible to go to 100% volume without breaking the speakers. [ Where problems could occur ] This only affects machines based on this specific soc, of which only few have firmware and alsa config upstream to work out of the box. On those devices there is a small risk that our patch could break something in the audio driver but the impact would be low and broken audio is not a major regression since this is the first release where it would work out the box. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2149808/+subscriptions
[Bug 2149792] Re: games stuttering/freezing in kernel 7.0.0-14
** Description changed: I play Call of Duty Black Ops 2 Zombies on steam using default proton settings. No special proton settings. I play Far Cry 3 on steam with the glorious eggroll custom proton. Using kernel 7.0.0-14 Zombies gives me a brief freeze frame almost like somebody hit a pause button that is making it hard to play. Using kernel 7.0.0-14 Far Cry 3 occasionally gives me audio that sounds like a cd player skipping or something. If I run zombies in window mode, and btop running next to it, I can observe that the freeze corresponds to a drop in CPU usage. Some times it goes from maybe 20 percent and then freezes and drops to 2 percent. If I enable "X3D turbo mode" in my computer bios the freeze seems to go away, but I only have 8 CPUS now. If I go back to kernel 7.0.0-13, the freeze problem also goes away. This makes me think its a bug in the kernel but I don't know it could be a bug in something else. Sorry I have never debugged a linux kernel before. - I realize my open source friends maybe don't have those steam games to - test. So I decided to try SuperTuxKart. + I realize my friends maybe don't have those steam games to test. So I + decided to try SuperTuxKart. sudo apt install supertuxkart Sure enough after playing for a bit, I got a stutter where the CPU usage dropped. That game doesn't use very much CPU power so it dropped from like 0.2 percent to 0.0 percent. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: linux-image-7.0.0-14-generic 7.0.0-14.14 ProcVersionSignature: Ubuntu 7.0.0-14.14-generic 7.0.0 Uname: Linux 7.0.0-14-generic x86_64 ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC2: ryan 4501 F.... wireplumber /dev/snd/controlC1: ryan 4501 F.... wireplumber /dev/snd/controlC0: ryan 4501 F.... wireplumber /dev/snd/seq: ryan 4417 F.... pipewire CasperMD5CheckMismatches: ./boot/grub/i386-pc/eltorito.img CasperMD5CheckResult: fail CurrentDesktop: ubuntu:GNOME Date: Tue Apr 21 06:44:25 2026 InstallationDate: Installed on 2026-03-30 (22 days ago) InstallationMedia: Ubuntu 26.04 "Resolute Raccoon" - Daily amd64 (20260325) IwDevWlp15s0Link: Not connected. MachineType: Gigabyte Technology Co., Ltd. X870E AORUS PRO ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcFB: 0 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-7.0.0-14-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 03/11/2026 dmi.bios.release: 5.41 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: F12a dmi.board.asset.tag: Default string dmi.board.name: X870E AORUS PRO dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrF12a:bd03/11/2026:br5.41:svnGigabyteTechnologyCo.,Ltd.:pnX870EAORUSPRO:pvrDefaultstring-CF-WCP-ADO:rvnGigabyteTechnologyCo.,Ltd.:rnX870EAORUSPRO:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring:pfaX870EMB: dmi.product.family: X870E MB dmi.product.name: X870E AORUS PRO dmi.product.sku: Default string dmi.product.version: Default string-CF-WCP-ADO dmi.sys.vendor: Gigabyte Technology Co., Ltd. -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2149792 Title: games stuttering/freezing in kernel 7.0.0-14 Status in linux package in Ubuntu: New Bug description: I play Call of Duty Black Ops 2 Zombies on steam using default proton settings. No special proton settings. I play Far Cry 3 on steam with the glorious eggroll custom proton. Using kernel 7.0.0-14 Zombies gives me a brief freeze frame almost like somebody hit a pause button that is making it hard to play. Using kernel 7.0.0-14 Far Cry 3 occasionally gives me audio that sounds like a cd player skipping or something. If I run zombies in window mode, and btop running next to it, I can observe that the freeze corresponds to a drop in CPU usage. Some times it goes from maybe 20 percent and then freezes and drops to 2 percent. If I enable "X3D turbo mode" in my computer bios the freeze seems to go away, but I only have 8 CPUS now. If I go back to kernel 7.0.0-13, the freeze problem also goes away. This makes me think its a bug in the kernel but I don't know it could be a bug in something else. Sorry I have never debugged a linux kernel before. I realize my friends maybe don't have those steam games to test. So I decided to try SuperTuxKart. sudo apt install supertuxkart Sure enough after playing for a bit, I got a stutter where the CPU usage dropped. That game doesn't use very much CPU power so it dropped from like 0.2 percent to 0.0 percent. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: linux-image-7.0.0-14-generic 7.0.0-14.14 ProcVersionSignature: Ubuntu 7.0.0-14.14-generic 7.0.0 Uname: Linux 7.0.0-14-generic x86_64 ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC2: ryan 4501 F.... wireplumber /dev/snd/controlC1: ryan 4501 F.... wireplumber /dev/snd/controlC0: ryan 4501 F.... wireplumber /dev/snd/seq: ryan 4417 F.... pipewire CasperMD5CheckMismatches: ./boot/grub/i386-pc/eltorito.img CasperMD5CheckResult: fail CurrentDesktop: ubuntu:GNOME Date: Tue Apr 21 06:44:25 2026 InstallationDate: Installed on 2026-03-30 (22 days ago) InstallationMedia: Ubuntu 26.04 "Resolute Raccoon" - Daily amd64 (20260325) IwDevWlp15s0Link: Not connected. MachineType: Gigabyte Technology Co., Ltd. X870E AORUS PRO ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> ProcFB: 0 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-7.0.0-14-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro quiet splash crashkernel=2G-4G:320M,4G-32G:512M,32G-64G:1024M,64G-128G:2048M,128G-:4096M PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 03/11/2026 dmi.bios.release: 5.41 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: F12a dmi.board.asset.tag: Default string dmi.board.name: X870E AORUS PRO dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrF12a:bd03/11/2026:br5.41:svnGigabyteTechnologyCo.,Ltd.:pnX870EAORUSPRO:pvrDefaultstring-CF-WCP-ADO:rvnGigabyteTechnologyCo.,Ltd.:rnX870EAORUSPRO:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring:pfaX870EMB: dmi.product.family: X870E MB dmi.product.name: X870E AORUS PRO dmi.product.sku: Default string dmi.product.version: Default string-CF-WCP-ADO dmi.sys.vendor: Gigabyte Technology Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2149792/+subscriptions
[Bug 2148686] Re: FrameworkDesktop: System randomly hangs / freezes after using Chrome (Youtube or Screen-Sharing)
Next time the freeze happens, please reboot and then run: journalctl -b-1 > prevboot.txt and attach the resulting text file here. ** No longer affects: xserver-xorg-video-amdgpu (Ubuntu) -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2148686 Title: FrameworkDesktop: System randomly hangs / freezes after using Chrome (Youtube or Screen-Sharing) Status in linux package in Ubuntu: New Bug description: Quite recently (last week) my system started to hang/freeze randomly when using Chrome and browsing youtube or when having a Video Call. The system either hangs completely or stops working and blanking the displays. Sometimes it recovers from this state. The usage pattern is always the same * Chrome * Video Quite interestingly during gaming via Steam I did not experience any hang/freeze. It seems to be related to Video handling in Chrome. > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 25.10 Release: 25.10 Codename: questing Hardware: Framework Desktop _AMD Ryzen AI Max 300 Series Processor: AMD RYZEN AI MAX+ 395 w/ Radeon™ 8060S × 32 dmesg gives plenty of information pointing to amdgpu: [ 3536.625642] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3536.625654] amdgpu 0000:c2:00.0: amdgpu: Failed to power gate VPE! [ 3536.625658] [drm:amdgpu_dpm_enable_vpe [amdgpu]] *ERROR* Dpm disable vpe failed, ret = -62. [ 3541.439018] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3541.439025] amdgpu 0000:c2:00.0: amdgpu: Failed to power gate VCN instance 1! [ 3541.439027] [drm:amdgpu_dpm_enable_vcn [amdgpu]] *ERROR* Dpm disable uvd failed, ret = -62. [ 3544.902422] amdgpu 0000:c2:00.0: amdgpu: Dumping IP State [ 3549.702445] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3549.702453] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3554.505681] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3554.505693] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3559.308523] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3559.308535] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3564.111256] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3564.111268] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3564.111361] amdgpu 0000:c2:00.0: amdgpu: Dumping IP State Completed [ 3564.111451] amdgpu 0000:c2:00.0: amdgpu: [drm] AMDGPU device coredump file has been created [ 3564.111458] amdgpu 0000:c2:00.0: amdgpu: [drm] Check your /sys/class/drm/card1/device/devcoredump/data [ 3564.111461] amdgpu 0000:c2:00.0: amdgpu: ring sdma0 timeout, signaled seq=74533, emitted seq=74537 [ 3564.111465] amdgpu 0000:c2:00.0: amdgpu: GPU reset begin! [ 3568.703656] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3568.703665] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3687.240764] INFO: task kworker/16:1:46905 blocked for more than 122 seconds. [ 3687.240765] Tainted: G W L 6.17.0-22-generic #22-Ubuntu [ 3687.240765] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3687.240766] task:kworker/16:1 state:D stack:0 pid:46905 tgid:46905 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 3687.240767] Workqueue: events amdgpu_tlb_fence_work [amdgpu] [ 3687.240846] Call Trace: [ 3687.240847] <TASK> [ 3687.240847] __schedule+0x2ed/0x7c0 [ 3687.240848] ? __pick_eevdf+0x150/0x280 [ 3687.240851] schedule+0x27/0x90 [ 3687.240852] schedule_timeout+0xcf/0x110 [ 3687.240853] dma_fence_default_wait+0x1be/0x240 [ 3687.240855] ? __pfx_dma_fence_default_wait_cb+0x10/0x10 [ 3687.240856] dma_fence_wait_timeout+0x13a/0x170 [ 3687.240857] amdgpu_tlb_fence_work+0x2d/0x110 [amdgpu] [ 3687.240941] process_one_work+0x18b/0x370 [ 3687.240942] worker_thread+0x317/0x450 [ 3687.240943] ? __pfx_worker_thread+0x10/0x10 [ 3687.240944] kthread+0x108/0x220 [ 3687.240945] ? __pfx_kthread+0x10/0x10 [ 3687.240946] ret_from_fork+0x131/0x150 [ 3687.240947] ? __pfx_kthread+0x10/0x10 [ 3687.240948] ret_from_fork_asm+0x1a/0x30 [ 3687.240949] </TASK> [ 3710.568331] amdgpu 0000:c2:00.0: amdgpu: MES failed to respond to msg=REMOVE_QUEUE [ 3710.568342] amdgpu 0000:c2:00.0: amdgpu: failed to unmap legacy queue [ 3710.784931] [drm:gfx_v11_0_cp_gfx_enable.isra.0 [amdgpu]] *ERROR* failed to halt cp gfx ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: xserver-xorg-video-amdgpu (not installed) ProcVersionSignature: Ubuntu 6.17.0-22.22-generic 6.17.13 Uname: Linux 6.17.0-22-generic x86_64 ApportVersion: 2.33.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Apr 17 17:49:22 2026 InstallationDate: Installed on 2025-10-10 (189 days ago) InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Release amd64 (20251007) SourcePackage: xserver-xorg-video-amdgpu UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148686/+subscriptions
[Bug 2148686] Re: FrameworkDesktop: System randomly hangs / freezes after using Chrome (Youtube or Screen-Sharing)
Not super happy to add the full journal log because of the information it contains. I have removed / replaced some of the more sensitive / private information but still the relevant information is available. ** Attachment added: "journal log of last/previous boot" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148686/+attachment/5963696/+files/prevboot_scrubbed.txt -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2148686 Title: FrameworkDesktop: System randomly hangs / freezes after using Chrome (Youtube or Screen-Sharing) Status in linux package in Ubuntu: New Bug description: Quite recently (last week) my system started to hang/freeze randomly when using Chrome and browsing youtube or when having a Video Call. The system either hangs completely or stops working and blanking the displays. Sometimes it recovers from this state. The usage pattern is always the same * Chrome * Video Quite interestingly during gaming via Steam I did not experience any hang/freeze. It seems to be related to Video handling in Chrome. > lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 25.10 Release: 25.10 Codename: questing Hardware: Framework Desktop _AMD Ryzen AI Max 300 Series Processor: AMD RYZEN AI MAX+ 395 w/ Radeon™ 8060S × 32 dmesg gives plenty of information pointing to amdgpu: [ 3536.625642] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3536.625654] amdgpu 0000:c2:00.0: amdgpu: Failed to power gate VPE! [ 3536.625658] [drm:amdgpu_dpm_enable_vpe [amdgpu]] *ERROR* Dpm disable vpe failed, ret = -62. [ 3541.439018] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3541.439025] amdgpu 0000:c2:00.0: amdgpu: Failed to power gate VCN instance 1! [ 3541.439027] [drm:amdgpu_dpm_enable_vcn [amdgpu]] *ERROR* Dpm disable uvd failed, ret = -62. [ 3544.902422] amdgpu 0000:c2:00.0: amdgpu: Dumping IP State [ 3549.702445] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3549.702453] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3554.505681] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3554.505693] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3559.308523] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3559.308535] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3564.111256] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3564.111268] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3564.111361] amdgpu 0000:c2:00.0: amdgpu: Dumping IP State Completed [ 3564.111451] amdgpu 0000:c2:00.0: amdgpu: [drm] AMDGPU device coredump file has been created [ 3564.111458] amdgpu 0000:c2:00.0: amdgpu: [drm] Check your /sys/class/drm/card1/device/devcoredump/data [ 3564.111461] amdgpu 0000:c2:00.0: amdgpu: ring sdma0 timeout, signaled seq=74533, emitted seq=74537 [ 3564.111465] amdgpu 0000:c2:00.0: amdgpu: GPU reset begin! [ 3568.703656] amdgpu 0000:c2:00.0: amdgpu: SMU: I'm not done with your previous command: SMN_C2PMSG_66:0x00000032 SMN_C2PMSG_82:0x00000000 [ 3568.703665] amdgpu 0000:c2:00.0: amdgpu: Failed to disable gfxoff! [ 3687.240764] INFO: task kworker/16:1:46905 blocked for more than 122 seconds. [ 3687.240765] Tainted: G W L 6.17.0-22-generic #22-Ubuntu [ 3687.240765] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3687.240766] task:kworker/16:1 state:D stack:0 pid:46905 tgid:46905 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 3687.240767] Workqueue: events amdgpu_tlb_fence_work [amdgpu] [ 3687.240846] Call Trace: [ 3687.240847] <TASK> [ 3687.240847] __schedule+0x2ed/0x7c0 [ 3687.240848] ? __pick_eevdf+0x150/0x280 [ 3687.240851] schedule+0x27/0x90 [ 3687.240852] schedule_timeout+0xcf/0x110 [ 3687.240853] dma_fence_default_wait+0x1be/0x240 [ 3687.240855] ? __pfx_dma_fence_default_wait_cb+0x10/0x10 [ 3687.240856] dma_fence_wait_timeout+0x13a/0x170 [ 3687.240857] amdgpu_tlb_fence_work+0x2d/0x110 [amdgpu] [ 3687.240941] process_one_work+0x18b/0x370 [ 3687.240942] worker_thread+0x317/0x450 [ 3687.240943] ? __pfx_worker_thread+0x10/0x10 [ 3687.240944] kthread+0x108/0x220 [ 3687.240945] ? __pfx_kthread+0x10/0x10 [ 3687.240946] ret_from_fork+0x131/0x150 [ 3687.240947] ? __pfx_kthread+0x10/0x10 [ 3687.240948] ret_from_fork_asm+0x1a/0x30 [ 3687.240949] </TASK> [ 3710.568331] amdgpu 0000:c2:00.0: amdgpu: MES failed to respond to msg=REMOVE_QUEUE [ 3710.568342] amdgpu 0000:c2:00.0: amdgpu: failed to unmap legacy queue [ 3710.784931] [drm:gfx_v11_0_cp_gfx_enable.isra.0 [amdgpu]] *ERROR* failed to halt cp gfx ProblemType: Bug DistroRelease: Ubuntu 25.10 Package: xserver-xorg-video-amdgpu (not installed) ProcVersionSignature: Ubuntu 6.17.0-22.22-generic 6.17.13 Uname: Linux 6.17.0-22-generic x86_64 ApportVersion: 2.33.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Apr 17 17:49:22 2026 InstallationDate: Installed on 2025-10-10 (189 days ago) InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Release amd64 (20251007) SourcePackage: xserver-xorg-video-amdgpu UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148686/+subscriptions
[Bug 2143870] Re: Enable TI new AMP TAS2783A for modern HP platform
Verified linux-oem-6.17/6.17.0-1019.19 with linux- firmware/20250901.git993ff19b-0ubuntu1.11 on CAMEXI-PV-SKU2 Verified linux-oem-6.17/6.17.0-1019.19 with linux- firmware/20240318.git3b128b60-0ubuntu2.27 on CAMEXI-PV-SKU2 the "aplay -l" shows **** List of PLAYBACK Hardware Devices **** card 0: sofsoundwire [sof-soundwire], device 0: Jack Out (*) [] Subdevices: 1/1 Subdevice #0: subdevice #0 card 0: sofsoundwire [sof-soundwire], device 5: HDMI1 (*) [] Subdevices: 1/1 Subdevice #0: subdevice #0 card 0: sofsoundwire [sof-soundwire], device 6: HDMI2 (*) [] Subdevices: 1/1 Subdevice #0: subdevice #0 card 0: sofsoundwire [sof-soundwire], device 7: HDMI3 (*) [] Subdevices: 1/1 Subdevice #0: subdevice #0 card 0: sofsoundwire [sof-soundwire], device 31: Deepbuffer Jack Out (*) [] Subdevices: 1/1 Subdevice #0: subdevice #0 ** Tags removed: verification-needed-noble-linux-oem-6.17 ** Tags added: verification-done-noble verification-done-noble-linux-oem-6.17 verification-done-questing -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2143870 Title: Enable TI new AMP TAS2783A for modern HP platform Status in HWE Next: New Status in linux package in Ubuntu: Fix Released Status in linux-firmware package in Ubuntu: Fix Released Status in linux-oem-6.17 package in Ubuntu: New Status in linux source package in Noble: Invalid Status in linux-firmware source package in Noble: Fix Committed Status in linux-oem-6.17 source package in Noble: Fix Committed Status in linux source package in Questing: Invalid Status in linux-firmware source package in Questing: Fix Committed Status in linux-oem-6.17 source package in Questing: Invalid Status in linux source package in Resolute: Fix Released Status in linux-firmware source package in Resolute: Fix Released Status in linux-oem-6.17 source package in Resolute: New Bug description: SRU Justification: [Impact] New HP platform with CirrusLogic codec + TI TA2783A amplifier will have no basic audio functions w/o TAS2783A Driver Support. ================ Linux Kernel ======================== [Fix] Backport new TAS2783A drivers of the following ASoC: tas2783A: fw loading for devices without pci bus ASoC: tas2783A: read slave properties from acpi table ASoC: tas2783A: use acpi initialisation table ASoc: tas2783A: acpi match for 4 channel for mtl ASoc: tas2783A: fw name based on system details ASoC: tas2783A: fix error log for calibration data ASoC: tas2783A: update default init writes ASoC: tas2783A: use custom firmware ASoC: tas2783A: sdw_utils: support ch 3 & 4 <=============== linux-firmware ======================== [Fix] Backport the patch firmware from TI 4e83a67a5637 ASoC: tas2783: Add Firmware files for tas2783A [Test Case] 1. Boot up the machine of new HP platform with TI TAS2783A amplifier 2. Open settings->Sound->Output Device and make sure it's not Dummy audio devices 3. Click test icon for basic audio output functions 4. Use `arecord` to record and play the recorded audio file with `aplay` for basic speaker/microphone functions. [Where problems could occur] It adds the support for new TAS2783A amplifier for particular HP SSIDs. No regression expected at the current stage. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/2143870/+subscriptions
Re: [Bug 2146485] Re: IdeaPad Slim 5 16AKP10 (83HY): intermittent keyboard keystroke drops at i8042 kernel driver level
Have you had any other symptoms? I have now had two instances where the system totally froze and I can trace it to the same EC as the other issue. -- Advanced Applications Rod Barnes On Wed, Apr 15, 2026 at 11:42 AM Rod Barnes <advappsw@gmail.com> wrote: > I just had it happen again. I tried a USB keyboard and it does not > manifest this issue. evtest showed clearly that the USB keyboard is > working with no skipping but the internal keyboard is definitely skipping. > > -- > Advanced Applications > Rod Barnes > > > On Fri, Apr 10, 2026 at 1:22 PM Rod Barnes <advappsw@gmail.com> wrote: > >> Good to know; thank you. I suspected a USB keyboard would with fine since >> it uses a completely different set of hardware. >> >> My tests indicate it is the Embedded Controller (the EC, which emulates a >> i8042 chip for keyboard) that is the issue. I think the solution is a an >> upgrade to the EC firmware or maybe just the emulation layer. >> >> I've but had it happen again yet but once it does, I'll confirm with my >> USB keyboard and expect the same results as you. >> >> -- >> Advanced Applications >> Rod Barnes >> >> On Fri, Apr 10, 2026, 1:01 PM Cuchet Léo <2146485@bugs.launchpad.net> >> wrote: >> >>> Hello, >>> >>> I did not mention, I already tried a USB keyboard, and it works >>> flawlessly. >>> >>> The problem, in my case, applies only to the internal keyboard. >>> >>> Right now I am writing a repair request to Lenovo, and see if they know >>> about the problem, if it can be software or if it needs repair. >>> >>> I'll try to give you an update when possible. >>> >>> -- >>> You received this bug notification because you are subscribed to the bug >>> report. >>> https://bugs.launchpad.net/bugs/2146485 >>> >>> Title: >>> IdeaPad Slim 5 16AKP10 (83HY): intermittent keyboard keystroke drops >>> at i8042 kernel driver level >>> >>> Status in linux package in Ubuntu: >>> Confirmed >>> >>> Bug description: >>> On a Lenovo IdeaPad Slim 5 16AKP10 (model 83HY), the built-in keyboard >>> intermittently begins dropping keystrokes after a variable uptime >>> (sometimes hours, sometimes days). The issue clears on reboot and does >>> not persist across power cycles. >>> >>> Hardware: >>> System: Lenovo IdeaPad Slim 5 16AKP10 (83HY) >>> BIOS: R0CN22WW >>> OS: Linux Mint 22.3 >>> Kernel: 6.17.0-14-generic and 6.17.0-19-generic (issue present on both) >>> >>> Diagnosis: >>> evtest confirms keystroke drops are occurring at the kernel input >>> driver level, not in X11 or the compositor >>> >>> dmesg shows no i8042 errors during affected sessions >>> >>> /proc/interrupts shows normal i8042 interrupt counts during the >>> problem >>> >>> Memory, swap, CPU load, and thermals are all normal during affected >>> sessions >>> >>> The i8042 module is built-in and cannot be reloaded to recover without >>> a full reboot >>> >>> Boot parameter i8042.nopnp (added based on kernel warning at boot: >>> "PS/2 appears to have AUX port disabled, if this is incorrect please >>> boot with i8042.nopnp") improved perceived keyboard latency but did >>> not prevent recurrence of drops >>> >>> TLP 1.6.1 is installed and manages power; forcing USB autosuspend to >>> "on" during an affected session did not resolve the issue >>> >>> $ cat /proc/interrupts | grep i8042 >>> 1: 0 28512 0 0 0 >>> 0 0 0 0 0 0 0 >>> 0 0 0 0 IR-IO-APIC 1-edge i8042 >>> >>> Kernel boot messages: >>> i8042: PNP detection disabled >>> serio: i8042 KBD port at 0x60,0x64 irq 1 >>> input: AT Translated Set 2 keyboard as >>> /devices/platform/i8042/serio0/input/input2 >>> Current kernel cmdline: >>> quiet splash kvm.enable_virt_at_load=0 i8042.nopnp >>> >>> Expected behavior: Keyboard input should be reliable throughout a >>> session without requiring a reboot to restore normal function. >>> >>> Workaround: Reboot restores normal keyboard function until the issue >>> recurs. >>> >>> Possibly significant point: I am a fast typist but I experience this >>> even when typing very slowly. >>> >>> Attached archive contains: >>> $ cat /proc/version_signature > ~/version.log >>> $ sudo lspci -vnvn > ~/lspci-vnvn.log >>> $ sudo dmesg > ~/dmesg.log >>> $ cat /proc/interrupts > ~/interrupts.log >>> >>> To manage notifications about this bug go to: >>> >>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2146485/+subscriptions >>> >>> >> >> -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2146485 Title: IdeaPad Slim 5 16AKP10 (83HY): intermittent keyboard keystroke drops at i8042 kernel driver level Status in linux package in Ubuntu: Confirmed Bug description: On a Lenovo IdeaPad Slim 5 16AKP10 (model 83HY), the built-in keyboard intermittently begins dropping keystrokes after a variable uptime (sometimes hours, sometimes days). The issue clears on reboot and does not persist across power cycles. Hardware: System: Lenovo IdeaPad Slim 5 16AKP10 (83HY) BIOS: R0CN22WW OS: Linux Mint 22.3 Kernel: 6.17.0-14-generic and 6.17.0-19-generic (issue present on both) Diagnosis: evtest confirms keystroke drops are occurring at the kernel input driver level, not in X11 or the compositor dmesg shows no i8042 errors during affected sessions /proc/interrupts shows normal i8042 interrupt counts during the problem Memory, swap, CPU load, and thermals are all normal during affected sessions The i8042 module is built-in and cannot be reloaded to recover without a full reboot Boot parameter i8042.nopnp (added based on kernel warning at boot: "PS/2 appears to have AUX port disabled, if this is incorrect please boot with i8042.nopnp") improved perceived keyboard latency but did not prevent recurrence of drops TLP 1.6.1 is installed and manages power; forcing USB autosuspend to "on" during an affected session did not resolve the issue $ cat /proc/interrupts | grep i8042 1: 0 28512 0 0 0 0 0 0 0 0 0 0 0 0 0 0 IR-IO-APIC 1-edge i8042 Kernel boot messages: i8042: PNP detection disabled serio: i8042 KBD port at 0x60,0x64 irq 1 input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input2 Current kernel cmdline: quiet splash kvm.enable_virt_at_load=0 i8042.nopnp Expected behavior: Keyboard input should be reliable throughout a session without requiring a reboot to restore normal function. Workaround: Reboot restores normal keyboard function until the issue recurs. Possibly significant point: I am a fast typist but I experience this even when typing very slowly. Attached archive contains: $ cat /proc/version_signature > ~/version.log $ sudo lspci -vnvn > ~/lspci-vnvn.log $ sudo dmesg > ~/dmesg.log $ cat /proc/interrupts > ~/interrupts.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2146485/+subscriptions
[Bug 2148630] Re: Brightness control does not work at all on ROG Zephyrus G14 GA403WP laptop
** Also affects: linux (Ubuntu Resolute) Importance: Undecided Status: New -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2148630 Title: Brightness control does not work at all on ROG Zephyrus G14 GA403WP laptop Status in linux package in Ubuntu: New Status in linux source package in Resolute: New Bug description: I am not sure if this is the right package to raise this bug on. The brightness control for the built in display on this laptop does not work at all, booted into the Resolute daily live distro. Ubuntu 26.04 "Resolute Raccoon" - Daily amd64 (20260415) Happy to pull logs once I can work out which package is actually responsible for display control. This is an OLED so it's pretty critical for dimming to work. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: gnome-control-center 1:50.0-0ubuntu4 ProcVersionSignature: Ubuntu 7.0.0-13.13-generic 7.0.0-rc7 Uname: Linux 7.0.0-13-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: pass CasperVersion: 26.04.2 CloudArchitecture: x86_64 CloudID: nocloud CloudName: unknown CloudPlatform: nocloud CloudSubPlatform: seed-dir (/var/lib/cloud/seed/nocloud) CurrentDesktop: ubuntu:GNOME Date: Fri Apr 17 01:20:53 2026 LiveMediaBuild: Ubuntu 26.04 "Resolute Raccoon" - Daily amd64 (20260415) ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: gnome-control-center UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148630/+subscriptions
[Bug 2148773] Re: Broken run-parts invocation in kernel maintainer scripts
** Tags added: kernel-daily-bug -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2148773 Title: Broken run-parts invocation in kernel maintainer scripts Status in linux package in Ubuntu: New Bug description: **Title:** `linux-image-unsigned-7.0.0-070000-generic` (and siblings) ship maintainer scripts that call `run-parts` with two directory arguments, which `debianutils` rejects — every `dpkg` phase that runs the scripts fails. **Target:** Ubuntu Mainline Kernel PPA / `kernel.ubuntu.com/mainline` **Affected build:** `v7.0` / `7.0.0-070000.202604122140` **Severity:** High — package is uninstallable on stock Ubuntu 24.04 (and any system with `debianutils >= 5.x`). --- ## 1. Summary The maintainer scripts (`preinst`, `postinst`, `postrm`, `prerm`) in the v7.0 mainline kernel `.deb`s invoke `run-parts` with **two** directory arguments: ```sh run-parts --report --exit-on-error --arg=$version --arg=$image_path \ /etc/kernel/<phase>.d /usr/share/kernel/<phase>.d ``` `run-parts(8)` from `debianutils` accepts **exactly one** directory operand. With two, it aborts: ``` run-parts: missing operand Try 'run-parts --help' for more information. ``` exit status `1`. This breaks every `dpkg` phase in which the scripts run: install (`preinst`), configure (`postinst` triggers), upgrade, and removal. ## 2. Affected packages Inspection of all four `.deb`s from `v7.0`: | Package | Buggy maintainer scripts | |----------------------------------------------|--------------------------------------------------------------------| | `linux-image-unsigned-7.0.0-070000-generic` | `preinst`, `postinst` (inside heredoc for trigger file), `postrm`, `prerm` | | `linux-modules-7.0.0-070000-generic` | `postinst` (inside heredoc) | | `linux-headers-7.0.0-070000-generic` | `postinst` (uses `header_postinst.d` dirs) | | `linux-headers-7.0.0-070000` (arch: all) | clean | ## 3. Reproduction On a fresh Ubuntu 24.04 host: ```sh wget https://kernel.ubuntu.com/mainline/v7.0/amd64/linux-image-unsigned-7.0.0-070000-generic_7.0.0-070000.202604122140_amd64.deb wget https://kernel.ubuntu.com/mainline/v7.0/amd64/linux-modules-7.0.0-070000-generic_7.0.0-070000.202604122140_amd64.deb sudo dpkg -i linux-modules-*.deb linux-image-unsigned-*.deb ``` Observed: ``` Setting up linux-image-unsigned-7.0.0-070000-generic (7.0.0-070000.202604122140) ... run-parts: missing operand Try 'run-parts --help' for more information. dpkg: error processing package linux-image-unsigned-7.0.0-070000-generic (--configure): installed linux-image-unsigned-7.0.0-070000-generic package post-installation script subprocess returned error exit status 1 ``` Direct `run-parts` reproducer (Ubuntu 24.04, `debianutils 5.17`): ```sh mkdir -p /tmp/a /tmp/b run-parts --report /tmp/a # exit 0 run-parts --report /tmp/a /tmp/b # exit 1: missing operand ``` Result: the kernel package is left in `iHR` / `install reinstreq half- installed` state, `update-initramfs` never runs, no GRUB entry is generated. `/boot/vmlinuz-7.0.0-070000-generic` is present, `/boot/initrd.img-7.0.0-070000-generic` is missing, and the system cannot boot the new kernel. ## 4. Root cause The buggy pattern (from `linux-image-unsigned-*` `preinst`): ```sh if [ -d /etc/kernel/preinst.d ] || [ -d /usr/share/kernel/preinst.d ]; then DEB_MAINT_PARAMS="$*" run-parts --report --exit-on-error --arg=$version \ --arg=$image_path /etc/kernel/preinst.d /usr/share/kernel/preinst.d fi ``` The `||` in the guard ensures the call fires as soon as *either* directory exists, and the call itself passes *both* directories as positional arguments. This violates `run-parts`' single-directory contract and has always done so; the script is broken regardless of which directories are present. The same shape occurs in `postinst` (wrapped in a heredoc that produces the trigger script `/usr/lib/linux/triggers/$version`, which is later executed via `sh "$trigger"` during trigger processing), `postrm`, and `prerm`, with the corresponding `*.d` paths. ## 5. Suggested fix Replace each two-directory `run-parts` invocation with a loop that calls `run-parts` once per directory. For the direct-invocation variant: ```diff -if [ -d /etc/kernel/preinst.d ] || [ -d /usr/share/kernel/preinst.d ]; then - DEB_MAINT_PARAMS="$*" run-parts --report --exit-on-error --arg=$version \ - --arg=$image_path /etc/kernel/preinst.d /usr/share/kernel/preinst.d -fi +for dir in /etc/kernel/preinst.d /usr/share/kernel/preinst.d; do + if [ -d "$dir" ]; then + DEB_MAINT_PARAMS="$*" run-parts --report --exit-on-error \ + --arg="$version" --arg="$image_path" "$dir" + fi +done ``` For the heredoc-embedded variant in `postinst` (image & modules packages), the loop must go *inside* the heredoc so that the generated trigger file iterates at trigger-processing time. `$dir` must be escaped (`\$dir`) to defer expansion; `$version` / `$image_path` / `$*` should continue to expand at heredoc-write time: ```diff if [ -d /etc/kernel/postinst.d ] || [ -d /usr/share/kernel/postinst.d ]; then mkdir -p /usr/lib/linux/triggers cat - >/usr/lib/linux/triggers/$version <<EOF -DEB_MAINT_PARAMS="$*" run-parts --report --exit-on-error --arg=$version \ - --arg=$image_path /etc/kernel/postinst.d /usr/share/kernel/postinst.d +for dir in /etc/kernel/postinst.d /usr/share/kernel/postinst.d; do + if [ -d "\$dir" ]; then + DEB_MAINT_PARAMS="$*" run-parts --report --exit-on-error \\ + --arg=$version --arg=$image_path "\$dir" + fi +done EOF dpkg-trigger --no-await linux-update-$version fi ``` Apply the equivalent change to `postrm`, `prerm`, and to the `postinst` of `linux-modules-*` and `linux-headers-*-generic`. An alternative fix — collapsing to a single invocation — does **not** work, because `run-parts` does not support multiple directories even in recent `debianutils` releases. ## 6. Workaround (for users) 1. Extract the three affected `.deb`s with `dpkg-deb -R`. 2. Patch `preinst` / `postinst` / `postrm` / `prerm` as shown above. 3. Repack with `dpkg-deb --root-owner-group -b <dir> <file>.deb` — produces `root:root`-owned archive contents without requiring `fakeroot`. 4. `sudo dpkg -i` the three patched `.deb`s plus the unaffected `linux-headers-*_all.deb`. This procedure was used to successfully install 7.0.0-070000-generic on an Ubuntu 24.04 host. Post-install: initramfs was generated, GRUB entry was added, reboot succeeds, `uname -r` reports `7.0.0-070000-generic`. ## 7. Environment where reproduced - Ubuntu 24.04 LTS - `debianutils 5.17` (source of `run-parts`) - `dpkg 1.22.x` - x86_64 / UEFI / GRUB 2.12 - Previous working kernel: `6.8.0-110-generic` Same `run-parts` semantics are documented in the `debianutils` upstream manpage at least since 2006; the constraint is not new. ## 8. References - `run-parts(8)` — debianutils - Source of the bug: maintainer scripts generated by the mainline build of v7.0 at `kernel.ubuntu.com/mainline/v7.0/` - This pattern likely regressed from an earlier, correct template that either looped over the directories or only referenced `/etc/kernel/<phase>.d`. Scripts in older mainline builds (e.g. v6.x) should be diffed against v7.0 to locate the introducing change. --- *Reported from a downstream reproduction during kernel upgrade of a QEMU golden image. Full reproduction log and patched artifacts available on request.* To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2148773/+subscriptions
понедельник
[Bug 2149767] [NEW] SUNRPC: System wide grep leads to NULL pointer deference in sysfs reads
Public bug reported: BugLink: https://bugs.launchpad.net/bugs/2149767 [Impact] An unprivileged user doing a simple system wide grep can cause a NULL pointer dereference and oops in the SUNRPC subsystem, leading to a local Denial Of Service. A user doing a grep such as $ grep -R "something" / will eventually make its way to /sys/kernel/sunrpc/, where it can hit a race where ->sock in SUNRPC can be set to NULL, like if a network was going down and up again, or a nfs server was being restarted, leading to the following oops. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 SMP NOPTI CPU: 2 PID: 4933 Comm: grep Not tainted 5.15.0-176-generic #186-Ubuntu RIP: 0010:kernel_getsockname+0x6/0x20 Code: 00 00 00 00 0f 1f 44 00 00 55 48 8b 47 20 48 8b 40 60 48 89 e5 ff d0 0f 1f 00 5d c3 cc cc cc cc 0f 1f 40 00 0f 1f 44 00 00 55 <48> 8b 47 20 31 d2 48 8b 40 38 48 89 e5 ff d0 0f 1f 00 5d c3 cc cc Call Trace: <TASK> ? xs_sock_getport+0x2b/0x70 [sunrpc] ? kvmalloc_node+0x28/0xa0 ? memcg_slab_post_alloc_hook+0x19e/0x210 get_srcport+0x15/0x20 [sunrpc] rpc_sysfs_xprt_info_show+0x110/0x130 [sunrpc] kobj_attr_show+0xf/0x30 sysfs_kf_seq_show+0xa2/0x100 kernfs_seq_show+0x24/0x30 seq_read_iter+0x121/0x4b0 ? _copy_to_user+0x20/0x30 ? cp_new_stat+0x152/0x180 kernfs_fop_read_iter+0x30/0x40 new_sync_read+0x10a/0x190 vfs_read+0x106/0x1a0 ksys_read+0x67/0xf0 __x64_sys_read+0x19/0x20 x64_sys_call+0x1dba/0x1fa0 do_syscall_64+0x56/0xb0 ? do_syscall_64+0x63/0xb0 ? do_syscall_64+0x63/0xb0 ? arch_exit_to_user_mode_prepare.constprop.0+0x1e/0xc0 ? syscall_exit_to_user_mode+0x41/0x80 ? do_syscall_64+0x63/0xb0 entry_SYSCALL_64_after_hwframe+0x6c/0xd6 A workaround is to exclude /sys from your grep or find commands. [Fix] The fix is to ensure that SUNRPC holds the ->recv_mutex during sysfs reads. This makes sure that ->sock cannot be modified by an external change, e.g. a nfs server being restarted. The fix, and their dependencies and fixes are: commit 17f09d3f619a7ad2d2b021b4e5246f08225b1b0f Author: Anna Schumaker <Anna.Schumaker@Netapp.com> Date: Thu Oct 28 15:17:41 2021 -0400 Subject: SUNRPC: Check if the xprt is connected before handling sysfs reads commit b49ea673e119f59c71645e2f65b3ccad857c90ee Author: NeilBrown <neil@brown.name> Date: Mon Jan 17 16:36:53 2022 +1100 Subject: SUNRPC: lock against ->sock changing during sysfs read commit 421ab1be43bd015ffe744f4ea25df4f19d1ce6fe Author: Trond Myklebust <trond.myklebust@hammerspace.com> Date: Fri Mar 25 10:37:31 2022 -0400 Subject: SUNRPC: Do not dereference non-socket transports in sysfs These landed during 5.16-rc1 and 5.18-rc1. [Testcase] Create a fresh jammy VM. Create a NFS share: $ sudo apt install nfs-kernel-server $ sudo mkdir -p /mnt/nfs_share $ sudo chown nobody:nogroup /mnt/nfs_share $ sudo chmod 777 /mnt/nfs_share $ sudo vim /etc/exports /mnt/nfs_share 192.168.1.0/24(rw,sync,no_subtree_check) $ sudo exportfs -a $ sudo systemctl restart nfs-kernel-server Set up a loop where we grep the SUNRPC sysfs interface, causing a read to happen, and some of these reads will happen when the ->recv_mutex is not held. $ while true; do grep -Rr . /sys/kernel/sunrpc/xprt-switches/; done Set up a loop where we mount and unmount the nfs share. This triggers the SUNRPC transport to disconnect or change states. $ sudo -s # while true; do mount -t nfs 192.168.122.126:/mnt/nfs_share /mnt/test umount /mnt/test done Wait a few seconds and the kernel will oops with a null pointer dereference. There is a test kernel available in the following PPA: https://launchpad.net/~mruffell/+archive/ubuntu/sf434838-test If you install the test kernel, you can keep running the loops forever without any kernel oops. [Where problems can occur] We are changing how SUNRPC protects sysfs reads, ensuring we take a mutex to protect the socket transport from changing due to external factors. Taking the mutex might take time, and slow down sysfs read operations, or cause deadlocks in other places in SUNRPC if not done correctly. The patch "SUNRPC: Do not dereference non-socket transports in sysfs" is quite a refactor, but the risk to RDMA users not having the patch is higher than carrying the patch. If a regression were to occur, users could likely work around the issue by not using system wide grep or find commands that parse sysfs entries. [Other info] This is known as CVE-2022-48816. https://ubuntu.com/security/CVE-2022-48816 https://nvd.nist.gov/vuln/detail/cve-2022-48816 ** Affects: linux (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: linux (Ubuntu Jammy) Importance: Undecided Status: In Progress ** Tags: sts ** Description changed: - BugLink: https://bugs.launchpad.net/bugs/ + BugLink: https://bugs.launchpad.net/bugs/2149767 [Impact] An unprivileged user doing a simple system wide grep can cause a NULL pointer - dereference and oops in the SUNRPC subsystem, leading to a local Denial Of + dereference and oops in the SUNRPC subsystem, leading to a local Denial Of Service. A user doing a grep such as $ grep -R "something" / will eventually make its way to /sys/kernel/sunrpc/, where it can hit a race where ->sock in SUNRPC can be set to NULL, like if a network was going down and up again, or a nfs server was being restarted, leading to the following oops. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page - PGD 0 P4D 0 + PGD 0 P4D 0 Oops: 0000 SMP NOPTI CPU: 2 PID: 4933 Comm: grep Not tainted 5.15.0-176-generic #186-Ubuntu RIP: 0010:kernel_getsockname+0x6/0x20 Code: 00 00 00 00 0f 1f 44 00 00 55 48 8b 47 20 48 8b 40 60 48 89 e5 ff d0 0f 1f 00 5d c3 cc cc cc cc 0f 1f 40 00 0f 1f 44 00 00 55 <48> 8b 47 20 31 d2 48 8b 40 38 48 89 e5 ff d0 0f 1f 00 5d c3 cc cc Call Trace: - <TASK> - ? xs_sock_getport+0x2b/0x70 [sunrpc] - ? kvmalloc_node+0x28/0xa0 - ? memcg_slab_post_alloc_hook+0x19e/0x210 - get_srcport+0x15/0x20 [sunrpc] - rpc_sysfs_xprt_info_show+0x110/0x130 [sunrpc] - kobj_attr_show+0xf/0x30 - sysfs_kf_seq_show+0xa2/0x100 - kernfs_seq_show+0x24/0x30 - seq_read_iter+0x121/0x4b0 - ? _copy_to_user+0x20/0x30 - ? cp_new_stat+0x152/0x180 - kernfs_fop_read_iter+0x30/0x40 - new_sync_read+0x10a/0x190 - vfs_read+0x106/0x1a0 - ksys_read+0x67/0xf0 - __x64_sys_read+0x19/0x20 - x64_sys_call+0x1dba/0x1fa0 - do_syscall_64+0x56/0xb0 - ? do_syscall_64+0x63/0xb0 - ? do_syscall_64+0x63/0xb0 - ? arch_exit_to_user_mode_prepare.constprop.0+0x1e/0xc0 - ? syscall_exit_to_user_mode+0x41/0x80 - ? do_syscall_64+0x63/0xb0 - entry_SYSCALL_64_after_hwframe+0x6c/0xd6 + <TASK> + ? xs_sock_getport+0x2b/0x70 [sunrpc] + ? kvmalloc_node+0x28/0xa0 + ? memcg_slab_post_alloc_hook+0x19e/0x210 + get_srcport+0x15/0x20 [sunrpc] + rpc_sysfs_xprt_info_show+0x110/0x130 [sunrpc] + kobj_attr_show+0xf/0x30 + sysfs_kf_seq_show+0xa2/0x100 + kernfs_seq_show+0x24/0x30 + seq_read_iter+0x121/0x4b0 + ? _copy_to_user+0x20/0x30 + ? cp_new_stat+0x152/0x180 + kernfs_fop_read_iter+0x30/0x40 + new_sync_read+0x10a/0x190 + vfs_read+0x106/0x1a0 + ksys_read+0x67/0xf0 + __x64_sys_read+0x19/0x20 + x64_sys_call+0x1dba/0x1fa0 + do_syscall_64+0x56/0xb0 + ? do_syscall_64+0x63/0xb0 + ? do_syscall_64+0x63/0xb0 + ? arch_exit_to_user_mode_prepare.constprop.0+0x1e/0xc0 + ? syscall_exit_to_user_mode+0x41/0x80 + ? do_syscall_64+0x63/0xb0 + entry_SYSCALL_64_after_hwframe+0x6c/0xd6 A workaround is to exclude /sys from your grep or find commands. [Fix] The fix is to ensure that SUNRPC holds the ->recv_mutex during sysfs reads. This makes sure that ->sock cannot be modified by an external change, e.g. a nfs server being restarted. The fix, and their dependencies and fixes are: commit 17f09d3f619a7ad2d2b021b4e5246f08225b1b0f Author: Anna Schumaker <Anna.Schumaker@Netapp.com> Date: Thu Oct 28 15:17:41 2021 -0400 Subject: SUNRPC: Check if the xprt is connected before handling sysfs reads commit b49ea673e119f59c71645e2f65b3ccad857c90ee Author: NeilBrown <neil@brown.name> Date: Mon Jan 17 16:36:53 2022 +1100 Subject: SUNRPC: lock against ->sock changing during sysfs read commit 421ab1be43bd015ffe744f4ea25df4f19d1ce6fe Author: Trond Myklebust <trond.myklebust@hammerspace.com> Date: Fri Mar 25 10:37:31 2022 -0400 Subject: SUNRPC: Do not dereference non-socket transports in sysfs These landed during 5.16-rc1 and 5.18-rc1. [Testcase] Create a fresh jammy VM. Create a NFS share: $ sudo apt install nfs-kernel-server $ sudo mkdir -p /mnt/nfs_share $ sudo chown nobody:nogroup /mnt/nfs_share $ sudo chmod 777 /mnt/nfs_share $ sudo vim /etc/exports /mnt/nfs_share 192.168.1.0/24(rw,sync,no_subtree_check) $ sudo exportfs -a $ sudo systemctl restart nfs-kernel-server Set up a loop where we grep the SUNRPC sysfs interface, causing a read to happen, and some of these reads will happen when the ->recv_mutex is not held. $ while true; do - grep -Rr . /sys/kernel/sunrpc/xprt-switches/; + grep -Rr . /sys/kernel/sunrpc/xprt-switches/; done Set up a loop where we mount and unmount the nfs share. This triggers the SUNRPC transport to disconnect or change states. $ sudo -s # while true; do - mount -t nfs 192.168.122.126:/mnt/nfs_share /mnt/test - umount /mnt/test + mount -t nfs 192.168.122.126:/mnt/nfs_share /mnt/test + umount /mnt/test done Wait a few seconds and the kernel will oops with a null pointer dereference. There is a test kernel available in the following PPA: https://launchpad.net/~mruffell/+archive/ubuntu/sf434838-test If you install the test kernel, you can keep running the loops forever without any kernel oops. [Where problems can occur] We are changing how SUNRPC protects sysfs reads, ensuring we take a mutex to protect the socket transport from changing due to external factors. Taking the mutex might take time, and slow down sysfs read operations, or cause deadlocks in other places in SUNRPC if not done correctly. The patch "SUNRPC: Do not dereference non-socket transports in sysfs" is quite a refactor, but the risk to RDMA users not having the patch is higher than carrying the patch. If a regression were to occur, users could likely work around the issue by not using system wide grep or find commands that parse sysfs entries. [Other info] This is known as CVE-2022-48816. https://ubuntu.com/security/CVE-2022-48816 https://nvd.nist.gov/vuln/detail/cve-2022-48816 ** Also affects: linux (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: New => Fix Released ** Changed in: linux (Ubuntu Jammy) Status: New => In Progress ** Tags added: sts -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2149767 Title: SUNRPC: System wide grep leads to NULL pointer deference in sysfs reads Status in linux package in Ubuntu: Fix Released Status in linux source package in Jammy: In Progress Bug description: BugLink: https://bugs.launchpad.net/bugs/2149767 [Impact] An unprivileged user doing a simple system wide grep can cause a NULL pointer dereference and oops in the SUNRPC subsystem, leading to a local Denial Of Service. A user doing a grep such as $ grep -R "something" / will eventually make its way to /sys/kernel/sunrpc/, where it can hit a race where ->sock in SUNRPC can be set to NULL, like if a network was going down and up again, or a nfs server was being restarted, leading to the following oops. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 SMP NOPTI CPU: 2 PID: 4933 Comm: grep Not tainted 5.15.0-176-generic #186-Ubuntu RIP: 0010:kernel_getsockname+0x6/0x20 Code: 00 00 00 00 0f 1f 44 00 00 55 48 8b 47 20 48 8b 40 60 48 89 e5 ff d0 0f 1f 00 5d c3 cc cc cc cc 0f 1f 40 00 0f 1f 44 00 00 55 <48> 8b 47 20 31 d2 48 8b 40 38 48 89 e5 ff d0 0f 1f 00 5d c3 cc cc Call Trace: <TASK> ? xs_sock_getport+0x2b/0x70 [sunrpc] ? kvmalloc_node+0x28/0xa0 ? memcg_slab_post_alloc_hook+0x19e/0x210 get_srcport+0x15/0x20 [sunrpc] rpc_sysfs_xprt_info_show+0x110/0x130 [sunrpc] kobj_attr_show+0xf/0x30 sysfs_kf_seq_show+0xa2/0x100 kernfs_seq_show+0x24/0x30 seq_read_iter+0x121/0x4b0 ? _copy_to_user+0x20/0x30 ? cp_new_stat+0x152/0x180 kernfs_fop_read_iter+0x30/0x40 new_sync_read+0x10a/0x190 vfs_read+0x106/0x1a0 ksys_read+0x67/0xf0 __x64_sys_read+0x19/0x20 x64_sys_call+0x1dba/0x1fa0 do_syscall_64+0x56/0xb0 ? do_syscall_64+0x63/0xb0 ? do_syscall_64+0x63/0xb0 ? arch_exit_to_user_mode_prepare.constprop.0+0x1e/0xc0 ? syscall_exit_to_user_mode+0x41/0x80 ? do_syscall_64+0x63/0xb0 entry_SYSCALL_64_after_hwframe+0x6c/0xd6 A workaround is to exclude /sys from your grep or find commands. [Fix] The fix is to ensure that SUNRPC holds the ->recv_mutex during sysfs reads. This makes sure that ->sock cannot be modified by an external change, e.g. a nfs server being restarted. The fix, and their dependencies and fixes are: commit 17f09d3f619a7ad2d2b021b4e5246f08225b1b0f Author: Anna Schumaker <Anna.Schumaker@Netapp.com> Date: Thu Oct 28 15:17:41 2021 -0400 Subject: SUNRPC: Check if the xprt is connected before handling sysfs reads commit b49ea673e119f59c71645e2f65b3ccad857c90ee Author: NeilBrown <neil@brown.name> Date: Mon Jan 17 16:36:53 2022 +1100 Subject: SUNRPC: lock against ->sock changing during sysfs read commit 421ab1be43bd015ffe744f4ea25df4f19d1ce6fe Author: Trond Myklebust <trond.myklebust@hammerspace.com> Date: Fri Mar 25 10:37:31 2022 -0400 Subject: SUNRPC: Do not dereference non-socket transports in sysfs These landed during 5.16-rc1 and 5.18-rc1. [Testcase] Create a fresh jammy VM. Create a NFS share: $ sudo apt install nfs-kernel-server $ sudo mkdir -p /mnt/nfs_share $ sudo chown nobody:nogroup /mnt/nfs_share $ sudo chmod 777 /mnt/nfs_share $ sudo vim /etc/exports /mnt/nfs_share 192.168.1.0/24(rw,sync,no_subtree_check) $ sudo exportfs -a $ sudo systemctl restart nfs-kernel-server Set up a loop where we grep the SUNRPC sysfs interface, causing a read to happen, and some of these reads will happen when the ->recv_mutex is not held. $ while true; do grep -Rr . /sys/kernel/sunrpc/xprt-switches/; done Set up a loop where we mount and unmount the nfs share. This triggers the SUNRPC transport to disconnect or change states. $ sudo -s # while true; do mount -t nfs 192.168.122.126:/mnt/nfs_share /mnt/test umount /mnt/test done Wait a few seconds and the kernel will oops with a null pointer dereference. There is a test kernel available in the following PPA: https://launchpad.net/~mruffell/+archive/ubuntu/sf434838-test If you install the test kernel, you can keep running the loops forever without any kernel oops. [Where problems can occur] We are changing how SUNRPC protects sysfs reads, ensuring we take a mutex to protect the socket transport from changing due to external factors. Taking the mutex might take time, and slow down sysfs read operations, or cause deadlocks in other places in SUNRPC if not done correctly. The patch "SUNRPC: Do not dereference non-socket transports in sysfs" is quite a refactor, but the risk to RDMA users not having the patch is higher than carrying the patch. If a regression were to occur, users could likely work around the issue by not using system wide grep or find commands that parse sysfs entries. [Other info] This is known as CVE-2022-48816. https://ubuntu.com/security/CVE-2022-48816 https://nvd.nist.gov/vuln/detail/cve-2022-48816 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2149767/+subscriptions
[Bug 2142250] Re: Questing update: upstream stable patchset 2026-03-04
This broke amdxdna. https://bugs.launchpad.net/ubuntu/+source/linux-oem-6.17/+bug/2149766 -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2142250 Title: Questing update: upstream stable patchset 2026-03-04 Status in linux package in Ubuntu: Invalid Status in linux source package in Questing: Fix Released Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2026-03-04 Ported from the following upstream stable releases: v6.18.2, v6.12.64, v6.18.3 from git://git.kernel.org/ bpf: Fix sleepable context for async callbacks bpf: extract generic helper from process_timer_func() bpf: Fix handling maps with no BTF and non-constant offsets for the bpf_wq irqchip: Drop leftover brackets irqchip: Pass platform device to platform drivers bpf: Do not let BPF test infra emit invalid GSO types to stack arm64: dts: exynos: gs101: fix clock module unit reg sizes ice: move service task start out of ice_init_pf() ice: move ice_init_interrupt_scheme() prior ice_init_pf() ice: ice_init_pf: destroy mutexes and xarrays on memory alloc failure ice: move udp_tunnel_nic and misc IRQ setup into ice_init_pf() ice: move ice_init_pf() out of ice_init_dev() ice: extract ice_init_dev() from ice_init() ice: move ice_deinit_dev() to the end of deinit paths ice: remove duplicate call to ice_deinit_hw() on error paths arm64: dts: qcom: lemans: Add missing quirk for HS only USB controller tools/nolibc: x86: fix section mismatch caused by asm "mem*" functions arm64: dts: ti: k3-j784s4: Fix I2C pinmux pull configuration wifi: ath12k: enforce vdev limit in ath12k_mac_vdev_create() ARM: dts: am33xx: Add missing serial console speed arm64: tegra: Add pinctrl definitions for pcie-ep nodes md: init bioset in mddev_init fs/ntfs3: Initialize allocated memory before use scsi: qla2xxx: Clear cmds after chip reset arm64: mm: Move KPTI helpers to mmu.c arm64/mm: Allow __create_pgd_mapping() to propagate pgtable_alloc() errors pwm: Simplify printf to emit chip->npwm in $debugfs/pwm pwm: Use %u to printf unsigned int pwm_chip::npwm and pwm_chip::id soc/tegra: fuse: speedo-tegra210: Update speedo IDs iio: core: add missing mutex_destroy in iio_dev_release() iio: core: Clean up device correctly on iio_device_alloc() failure iommu/vt-d: Set INTEL_IOMMU_FLOPPY_WA depend on BLK_DEV_FD of/fdt: Fix the len check in early_init_dt_check_for_elfcorehdr() of/fdt: Fix the len check in early_init_dt_check_for_usable_mem_range() rtla/tests: Extend action tests to 5s rtla: Fix -a overriding -t argument btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() iomap: allocate s_dio_done_wq for async reads as well RDMA/irdma: Remove doorbell elision logic selftests/landlock: Fix makefile header list net: vxlan: prevent NULL deref in vxlan_xmit_one landlock: Fix handling of disconnected directories exfat: fix refcount leak in exfat_find io_uring/kbuf: use READ_ONCE() for userspace-mapped memory ALSA: wavefront: Clear substream pointers on close btrfs: do not skip logging new dentries when logging a new name btrfs: fix a potential path leak in print_data_reloc_error() bpf, arm64: Do not audit capability check in do_jit() btrfs: fix memory leak of fs_devices in degraded seed device path shmem: fix recovery on rename failures iomap: adjust read range correctly for non-block-aligned positions iomap: account for unaligned end offsets when truncating read range scripts/faddr2line: Fix "Argument list too long" error perf/x86/amd: Check event before enable to avoid GPF sched/deadline: only set free_cpus for online runqueues sched/fair: Revert max_newidle_lb_cost bump x86/ptrace: Always inline trivial accessors ACPICA: Avoid walking the Namespace if start_node is NULL ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only cpufreq: dt-platdev: Add JH7110S SOC to the allowlist ACPI: fan: Workaround for 64-bit firmware bug cpufreq: s5pv210: fix refcount leak cpuidle: menu: Use residency threshold in polling state override decisions livepatch: Match old_sympos 0 and 1 in klp_find_func() fs/ntfs3: Support timestamps prior to epoch kbuild: Use objtree for module signing key path ntfs: set dummy blocksize to read boot_block when mounting hfsplus: fix volume corruption issue for generic/070 hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create hfsplus: Verify inode mode when loading from disk hfsplus: fix volume corruption issue for generic/073 fs/ntfs3: check for shutdown in fsync wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU wifi: cfg80211: stop radar detection in cfg80211_leave() wifi: cfg80211: use cfg80211_leave() in iftype change wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet btrfs: scrub: always update btrfs_scrub_progress::last_physical gfs2: fix remote evict for read-only filesystems gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" smb/server: fix return value of smb2_ioctl() ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency ksmbd: vfs: fix race on m_flags in vfs_cache Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT net: fec: ERR007885 Workaround for XDP TX path netrom: Fix memory leak in nr_sendmsg() net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() mlxsw: spectrum_router: Fix possible neighbour reference count leak mlxsw: spectrum_router: Fix neighbour use-after-free mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats bnxt_en: Fix XDP_TX path net: openvswitch: fix middle attribute validation in push_nsh() action broadcom: b44: prevent uninitialized value usage netfilter: nf_conncount: fix leaked ct in error paths ipvs: fix ipv4 null-ptr-deref in route error path caif: fix integer underflow in cffrml_receive() net/sched: ets: Remove drr class from the active list if it changes to strict nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() netfilter: nf_nat: remove bogus direction check netfilter: nf_tables: remove redundant chain validation on register store selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel iommufd/selftest: Make it clearer to gcc that the access is not out of bounds iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED ethtool: Avoid overflowing userspace buffer on stats query net/mlx5: fw reset, clear reset requested on drain_fw_reset net/mlx5: Drain firmware reset in shutdown callback net/mlx5: fw_tracer, Validate format string parameters net/mlx5: fw_tracer, Handle escaped percent properly net/mlx5: Serialize firmware reset with devlink net/handshake: duplicate handshake cancellations leak socket net: enetc: do not transmit redirected XDP frames when the link is down net: hns3: using the num_tqps in the vf driver to apply for resources net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx net: hns3: add VLAN id validation before using hwmon: (dell-smm) Limit fan multiplier to avoid overflow hwmon: (ibmpex) fix use-after-free in high/low store hwmon: (tmp401) fix overflow caused by default conversion rate value drm/me/gsc: mei interrupt top half should be in irq disabled context drm/xe: Restore engine registers before restarting schedulers after GT reset MIPS: Fix a reference leak bug in ip22_check_gio() drm/panel: sony-td4353-jdi: Enable prepare_prev_first x86/xen: Fix sparse warning in enlighten_pv.c arm64: kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder spi: cadence-quadspi: Fix clock disable on probe failure path block: rnbd-clt: Fix leaked ID in init_dev() drm/xe: Limit num_syncs to prevent oversized allocations drm/xe/oa: Limit num_syncs to prevent oversized allocations hwmon: (ltc4282): Fix reset_history file permissions ksmbd: skip lock-range check on equal size to avoid size==0 underflow ksmbd: Fix refcount leak when invalid session is found on session lookup ksmbd: fix buffer validation by including null terminator size in EA length HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen Input: ti_am335x_tsc - fix off-by-one error in wire_order validation Input: lkkbd - disable pending work before freeing device Input: alps - fix use-after-free bugs caused by dev3_register_work Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails can: gs_usb: gs_can_open(): fix error handling soc/tegra: fuse: Do not register SoC device on ACPI boot ACPI: PCC: Fix race condition by removing static qualifier ACPI: CPPC: Fix missing PCC check for guaranteed_perf spi: fsl-cpm: Check length parity before switching to 16 bit mode mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures ALSA: vxpocket: Fix resource leak in vxpocket_probe error path ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path ALSA: usb-mixer: us16x08: validate meter packet indices ASoC: ak4458: remove the reset operation in probe and remove nfsd: fix memory leak in nfsd_create_serv error paths ipmi: Fix the race between __scan_channels() and deliver_response() ipmi: Fix __scan_channels() failing to rescan channels scsi: ufs: host: mediatek: Fix shutdown/suspend race condition firmware: imx: scu-irq: Init workqueue before request mbox channel ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx scsi: smartpqi: Add support for Hurray Data new controller PCI device clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 powerpc/addnote: Fix overflow on 32-bit builds scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive scsi: qla2xxx: Use reinit_completion on mbx_intr_comp fuse: Always flush the page cache before FOPEN_DIRECT_IO write fuse: Invalidate the page cache after FOPEN_DIRECT_IO write via_wdt: fix critical boot hang due to unnamed resource allocation reset: fix BIT macro reference exfat: fix remount failure in different process environments exfat: zero out post-EOF page cache on file extension usbip: Fix locking bug in RT-enabled kernels usb: typec: ucsi: Handle incorrect num_connectors capability iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains usb: xhci: limit run_graceperiod for only usb 3.0 devices usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. serial: sprd: Return -EPROBE_DEFER when uart clock is not ready libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware nvme-fc: don't hold rport lock when putting ctrl nvme-fabrics: add ENOKEY to no retry criteria for authentication failures MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits scsi: scsi_debug: Fix atomic write enable module param description block: rnbd-clt: Fix signedness bug in init_dev() vhost/vsock: improve RCU read sections around vhost_vsock_get() cifs: Fix memory and information leak in smb3_reconfigure() KEYS: trusted: Fix a memory leak in tpm2_load_cmd io_uring: fix filename leak in __io_openat_prep() x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems mmc: sdhci-msm: Avoid early clock doubling during HS400 transition perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit s390/dasd: Fix gendisk parent after copy pair swap wifi: mt76: Fix DTS power-limits on little endian systems block: rate-limit capacity change info log floppy: fix for PAGE_SIZE != 4KB kallsyms: Fix wrong "big" kernel symbol type read from procfs fs/ntfs3: fix mount failure for sparse runs in run_unpack() ktest.pl: Fix uninitialized var in config-bisect.pl tpm: Cap the number of PCR banks ext4: fix string copying in parse_apply_sb_mount_options() ext4: xattr: fix null pointer deref in ext4_raw_inode() ext4: clear i_state_flags when alloc inode ext4: fix incorrect group number assertion in mb_check_buddy ext4: align max orphan file size with e2fsprogs limit jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key jbd2: use a weaker annotation in journal handling media: v4l2-mem2mem: Fix outdated documentation selftests: mptcp: pm: ensure unknown flags are ignored mptcp: schedule rtx timer only after pushing data mptcp: avoid deadlock on fallback while reinjecting usb: usb-storage: Maintain minimal modifications to the bcdDevice range. media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() media: pvrusb2: Fix incorrect variable used in trace message phy: broadcom: bcm63xx-usbh: fix section mismatches usb: ohci-nxp: fix device leak on probe failure usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() USB: lpc32xx_udc: Fix error handling in probe usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal usb: phy: isp1301: fix non-OF device reference imbalance usb: gadget: lpc32xx_udc: fix clock imbalance in error path usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe usb: dwc3: keep susphy enabled during exit to avoid controller faults usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() char: applicom: fix NULL pointer dereference in ac_ioctl intel_th: Fix error handling in intel_th_output_open mei: gsc: add dependency on Xe driver serial: sh-sci: Check that the DMA cookie is valid cpuidle: governors: teo: Drop misguided target residency check cpufreq: nforce2: fix reference count leak in nforce2 scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" scsi: aic94xx: fix use-after-free in device removal path NFSD: use correct reservation type in nfsd4_scsi_fence_client scsi: target: Reset t_task_cdb pointer in error case scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error f2fs: ensure node page reads complete before f2fs_put_super() finishes f2fs: fix to avoid potential deadlock f2fs: fix to avoid updating zero-sized extent in extent cache f2fs: invalidate dentry cache on failed whiteout creation f2fs: fix age extent cache insertion skip on counter overflow f2fs: fix uninitialized one_time_gc in victim_sel_policy f2fs: fix return value of f2fs_recover_fsync_data() tools/testing/nvdimm: Use per-DIMM device handle KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot media: vidtv: initialize local pointers upon transfer of memory ownership ocfs2: fix kernel BUG in ocfs2_find_victim_chain KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver scs: fix a wrong parameter in __scs_magic parisc: Do not reprogram affinitiy on ASP chip libceph: make decode_pool() more resilient against corrupted osdmaps powerpc: Add reloc_offset() to font bitmap pointer used for bootx_printf() KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits xfs: fix a memory leak in xfs_buf_item_init() xfs: fix stupid compiler warning xfs: fix a UAF problem in xattr repair tracing: Do not register unsupported perf events PM: runtime: Do not clear needs_force_resume with enabled runtime PM r8169: fix RTL8117 Wake-on-Lan in DASH mode net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write fsnotify: do not generate ACCESS/MODIFY events on child for special files net/handshake: restore destructor on submit failure NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap NFSD: NFSv4 file creation neglects setting ACL nfsd: Mark variable __maybe_unused to avoid W=1 build break svcrdma: return 0 on success from svc_rdma_copy_inline_range svcrdma: use rc_pageoff for memcpy byte offset SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf powerpc/kexec: Enable SMT before waking offline CPUs btrfs: don't log conflicting inode if it's a dir moved in the current transaction s390/ipl: Clear SBP flag when bootprog is set gpio: regmap: Fix memleak in error path in gpio_regmap_register() io_uring/poll: correctly handle io_poll_add() return value on update io_uring: fix min_wait wakeups for SQPOLL drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() drm/amd/display: Fix scratch registers offsets for DCN35 drm/amd/display: Fix scratch registers offsets for DCN351 drm/displayid: pass iter to drm_find_displayid_extension() ALSA: wavefront: Use guard() for spin locks pinctrl: renesas: rzg2l: Fix ISEL restore on resume arm64: Revamp HCR_EL2.E2H RES1 detection dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets crypto: af_alg - zero initialize memory allocated via sock_kmalloc crypto: caam - Add check for kcalloc() in test_len() amba: tegra-ahb: Fix device leak on SMMU enable virtio: vdpa: Fix reference count leak in octep_sriov_enable() tracing: Fix fixed array of synthetic event soc: samsung: exynos-pmu: fix device leak on regmap lookup soc: qcom: pbs: fix device leak on lookup soc: qcom: ocmem: fix device leak on lookup soc: apple: mailbox: fix device leak on lookup soc: amlogic: canvas: fix device leak on lookup rpmsg: glink: fix rpmsg device leak platform/x86: intel: chtwc_int33fe: don't dereference swnode args i2c: amd-mp2: fix reference leak in MP2 PCI device interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes hwmon: (max16065) Use local variable to avoid TOCTOU hwmon: (max6697) fix regmap leak on probe failure hwmon: (w83791d) Convert macros to functions to avoid TOCTOU hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 x86/msi: Make irq_retrigger() functional for posted MSI iommu/mediatek: fix use-after-free on probe deferral fuse: fix readahead reclaim deadlock wifi: rtw88: limit indirect IO under powered off for RTL8822CS wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() wifi: mac80211: do not use old MBSSID elements i40e: fix scheduling in set_rx_mode i40e: validate ring_len parameter against hardware-specific values iavf: fix off-by-one issues in iavf_config_rss_reg() idpf: reduce mbx_task schedule delay to 300us crypto: seqiv - Do not use req->iv after crypto_aead_encrypt Bluetooth: btusb: revert use of devm_kzalloc in btusb net: mdio: aspeed: add dummy read to avoid read-after-write issue net: openvswitch: Avoid needlessly taking the RTNL on vport destroy ip6_gre: make ip6gre_header() robust platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names platform/x86: msi-laptop: add missing sysfs_remove_group() platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic team: fix check for port enabled in team_queue_override_port_prio_changed() net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() amd-xgbe: reset retries and mode on RX adapt failures net: usb: rtl8150: fix memory leak on usb_submit_urb() failure selftests: net: fix "buffer overflow detected" for tap.c smc91x: fix broken irq-context in PREEMPT_RT genalloc.h: fix htmldocs warning firewire: nosy: Fix dma_free_coherent() size net: dsa: b53: skip multicast entries for fdb_dump() kbuild: fix compilation of dtb specified on command-line without make rule net: usb: asix: validate PHY address before use net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct vfio/pds: Fix memory leak in pds_vfio_dirty_enable() platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" net: stmmac: fix the crash issue for zero copy XDP_TX action ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() ipv4: Fix reference count leak when using error routes with nexthop objects net: rose: fix invalid array index in rose_kill_by_device() ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT RDMA/irdma: avoid invalid read in irdma_net_event RDMA/efa: Remove possible negative shift RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() RDMA/core: always drop device refcount in ib_del_sub_device_and_put() RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send RDMA/bnxt_re: Fix to use correct page size for PDE table md: Fix static checker warning in analyze_sbs md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() ksmbd: Fix memory leak in get_file_all_info() RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation RDMA/bnxt_re: fix dma_free_coherent() pointer blk-mq: skip CPU offline notify on unmapped hctx selftests/ftrace: traceonoff_triggers: strip off names ntfs: Do not overwrite uptodate pages ASoC: codecs: wcd939x: fix regmap leak on probe failure ASoC: stm32: sai: fix device leak on probe ASoC: stm32: sai: fix clk prepare imbalance on probe failure ASoC: stm32: sai: fix OF node leak on probe ASoC: codecs: lpass-tx-macro: fix SM6115 support ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr ASoC: qcom: q6asm-dai: perform correct state check before closing ASoC: qcom: q6adm: the the copp device only during last instance ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. iommu/amd: Fix pci_segment memleak in alloc_pci_segment() iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() iommu/apple-dart: fix device leak on of_xlate() iommu/exynos: fix device leak on of_xlate() iommu/ipmmu-vmsa: fix device leak on of_xlate() iommu/mediatek-v1: fix device leak on probe_device() iommu/mediatek-v1: fix device leaks on probe() iommu/mediatek: fix device leak on of_xlate() iommu/omap: fix device leaks on probe_device() iommu/qcom: fix device leak on of_xlate() iommu/sun50i: fix device leak on of_xlate() iommu/tegra: fix device leak on probe_device() iommu: disable SVA when CONFIG_X86 is set HID: logitech-dj: Remove duplicate error logging fgraph: Initialize ftrace_ops->private for function graph ops fgraph: Check ftrace_pids_enabled on registration for early filtering PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator powerpc, mm: Fix mprotect on book3s 32-bit powerpc/64s/slb: Fix SLB multihit issue during SLB preload leds: leds-cros_ec: Skip LEDs without color components leds: leds-lp50xx: Allow LED 0 to be added to module bank leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs leds: leds-lp50xx: Enable chip before any communication block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs clk: samsung: exynos-clkout: Assign .num before accessing .hws mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup mfd: max77620: Fix potential IRQ chip conflict when probing two devices media: rc: st_rc: Fix reset control resource leak media: verisilicon: Fix CPU stalls on G2 bus error mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips parisc: entry.S: fix space adjustment on interruption for 64-bit userspace parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() firmware: stratix10-svc: Add mutex in stratix10 memory management dm-ebs: Mark full buffer dirty even on partial write dm-bufio: align write boundary on physical block size fbdev: gbefb: fix to use physical address instead of dma address fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing fbdev: tcx.c fix mem_map to correct smem_start offset media: cec: Fix debugfs leak on bus_register() failure media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() media: platform: mtk-mdp3: fix device leaks at probe media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled media: samsung: exynos4-is: fix potential ABBA deadlock on init media: TDA1997x: Remove redundant cancel_delayed_work in probe media: verisilicon: Protect G2 HEVC decoder against invalid DPB index media: videobuf2: Fix device reference leak in vb2_dc_alloc error path media: vpif_capture: fix section mismatch media: vpif_display: fix section mismatch media: amphion: Cancel message work before releasing the VPU core media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe media: i2c: adv7842: Remove redundant cancel_delayed_work in probe media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() LoongArch: Add new PCI ID for pci_fixup_vgadev() LoongArch: Correct the calculation logic of thread_count LoongArch: Fix build errors for CONFIG_RANDSTRUCT LoongArch: Use __pmd()/__pte() for swap entry conversions LoongArch: Use unsigned long for _end and _text mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() mm/damon/tests/core-kunit: handle memory failure from damon_test_target() mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() pmdomain: imx: Fix reference count leak in imx_gpc_probe() compiler_types.h: add "auto" as a macro for "__auto_type" mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN kasan: refactor pcpu kasan vmalloc unpoison kasan: unpoison vms[area] addresses with a common tag lockd: fix vfs_test_lock() calls idr: fix idr_alloc() returning an ID out of range mm/page_owner: fix memory leak in page_owner_stack_fops->release() x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo tools/mm/page_owner_sort: fix timestamp comparison for stable sorting samples/ftrace: Adjust LoongArch register restore order in direct calls RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly RDMA/cm: Fix leaking the multicast GID table reference e1000: fix OOB in e1000_tbi_should_accept() fjes: Add missing iounmap in fjes_hw_init() LoongArch: Refactor register restoration in ftrace_common_return LoongArch: BPF: Zero-extend bpf_tail_call() index LoongArch: BPF: Sign extend kfunc call arguments nfsd: Drop the client reference in client_states_open() net: usb: sr9700: fix incorrect command used to write single register net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers drm/buddy: Optimize free block management with RB tree drm/buddy: Separate clear and dirty free block trees drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() drm/mediatek: Fix probe resource leaks drm/mediatek: Fix probe memory leak drm/mediatek: Fix probe device leaks drm/amdkfd: Trap handler support for expert scheduling mode drm/i915: Fix format string truncation warning drm/ttm: Avoid NULL pointer deref for evicted BOs drm/mgag200: Fix big-endian support drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table drm/xe/oa: Disallow 0 OA property values drm/xe: Adjust long-running workload timeslices to reasonable values drm/xe: Use usleep_range for accurate long-running workload timeslicing drm/xe: Drop preempt-fences when destroying imported dma-bufs. drm/msm/dpu: Add missing NULL pointer check for pingpong interface drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb drm/imagination: Disallow exporting of PM/FW protected objects lib/crypto: riscv/chacha: Avoid s0/fp register gfs2: fix freeze error handling btrfs: don't rewrite ret from inode_permission sched/eevdf: Fix min_vruntime vs avg_vruntime erofs: fix unexpected EIO under memory pressure sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks jbd2: fix the inconsistency between checksum and data in memory for journal sb xhci: dbgtty: fix device unregister: fixup f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() f2fs: use global inline_xattr_slab instead of per-sb slab cache f2fs: fix to avoid updating compression context during writeback serial: core: Restore sysfs fwnode information mptcp: pm: ignore unknown endpoint flags mm/ksm: fix exec/fork inheritance support for prctl svcrdma: bound check rq_pages index in inline path ARM: dts: microchip: sama7g5: fix uart fifo size to 32 tpm2-sessions: Fix out of range indexing in name_size tpm2-sessions: Fix tpm2_read_public range checks sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() drm/displayid: add quirk to ignore DisplayID checksum errors serial: xilinx_uartps: fix rs485 delay_rts_after_send f2fs: add timeout in f2fs_enable_checkpoint() f2fs: dump more information for f2fs_{enable,disable}_checkpoint() f2fs: fix to propagate error from f2fs_enable_checkpoint() gpiolib: acpi: Add quirk for Dell Precision 7780 serial: core: Fix serial device initialization x86/microcode/AMD: Select which microcode patch to load media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio gve: defer interrupt enabling until NAPI registration ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode block: handle zone management operations completions ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width PCI: brcmstb: Fix disabling L0s capability powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages media: mediatek: vcodec: Use spinlock for context list protection lock media: amphion: Make some vpu_v4l2 functions static media: amphion: Remove vpu_vb_is_codecconfig vfio/pci: Disable qword access to the PCI ROM bar mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() bpf: Fix truncated dmabuf iterator reads bpf: Fix verifier assumptions of bpf_d_path's output buffer btrfs: fix changeset leak on mmap write after failure to reserve metadata scripts: kdoc_parser.py: warn about Python version only once crypto: ccp - Add support for PCI device 0x115A hfsplus: fix volume corruption issue for generic/101 Bluetooth: btusb: add new custom firmwares net/mlx5: make enable_mpesw idempotent net: phy: realtek: eliminate priv->phycr2 variable net: phy: realtek: eliminate has_phycr2 variable net: phy: realtek: allow CLKOUT to be disabled on RTL8211F(D)(I)-VD-CG net: phy: realtek: eliminate priv->phycr1 variable net: phy: realtek: create rtl8211f_config_phy_eee() helper net: phy: RTL8211FVD: Restore disabling of PHY-mode EEE net: ti: icssg-prueth: add PTP_1588_CLOCK_OPTIONAL dependency selftests: net: Fix build warnings selftests: net: tfo: Fix build warning inet: frags: avoid theoretical race in ip_frag_reinit() inet: frags: add inet_frag_queue_flush() inet: frags: flush pending skbs in fqdir_pre_exit() selftests: netfilter: prefer xfail in case race wasn't triggered can: j1939: make j1939_sk_bind() fail if device is no longer registered net/mlx5e: Use ip6_dst_lookup instead of ipv6_dst_lookup_flow for MAC init net/mlx5e: Trigger neighbor resolution for unresolved destinations drm/tests: hdmi: Handle drm_kunit_helper_enable_crtc_connector() returning EDEADLK drm/tests: Handle EDEADLK in drm_test_check_valid_clones() drm/tests: Handle EDEADLK in set_up_atomic_state() selftests: ublk: fix overflow in ublk_queue_auto_zc_fallback() block: unify elevator tags and type xarrays into struct elv_change_ctx block: move elevator tags into struct elevator_resources block: introduce alloc_sched_data and free_sched_data elevator methods block: use {alloc|free}_sched data methods block: fix race between wbt_enable_default and IO submission spi: microchip: rename driver file and internal identifiers UBUNTU: [Config] Remove CONFIG_SPI_MICROCHIP_CORE spi: mpfs: Fix an error handling path in mpfs_spi_probe() drm/xe: Fix freq kobject leak on sysfs_create_files failure drm/xe: Apply Wa_14020316580 in xe_gt_idle_enable_pg() drm/xe: Increase TDF timeout drm/amdgpu: fix a job->pasid access race in gpu recovery io_uring: fix nr_segs calculation in io_import_kbuf ublk: add parameter `struct io_uring_cmd *` to ublk_prep_auto_buf_reg() ublk: add `union ublk_io_buf` with improved naming ublk: refactor auto buffer register in ublk_dispatch_req() ublk: fix deadlock when reading partition table drm/xe/oa: Always set OAG_OAGLBCTXCTRL_COUNTER_RESUME amd/iommu: Preserve domain ids inside the kdump kernel arm64: dts: mediatek: Apply mt8395-radxa DT overlay at build time Input: apple_z2 - fix reading incorrect reports after exiting sleep Input: xpad - add support for CRKD Guitars platform/x86: intel_pmc_ipc: fix ACPI buffer memory leak x86/mm/tlb/trace: Export the TLB_REMOTE_WRONG_CPU enum in <trace/events/tlb.h> ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master mode ASoC: SDCA: support Q7.8 volume format ASoC: ops: fix snd_soc_get_volsw for sx controls um: init cpu_tasks[] earlier scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI usb: xhci: Don't unchain link TRBs on quirky HCs platform/x86: wmi-gamezone: Add Legion Go 2 Quirks hwmon: (emc2305) fix device node refcount leak in error path hwmon: (emc2305) fix double put in emc2305_probe_childs_from_dt drm/msm/a6xx: move preempt_prepare_postamble after error check ublk: add helpers to check ublk_device flags ublk: clean up user copy references on ublk server exit rust/drm/gem: Fix missing header in `Object` rustdoc rust: dma: add helpers for architectures without CONFIG_HAS_DMA samples: rust: fix endianness issue in rust_driver_pci rust: io: define ResourceSize as resource_size_t rust: io: move ResourceSize to top-level io module rust: io: add typedef for phys_addr_t clk: keystone: syscon-clk: fix regmap leak on probe failure printk: Avoid scheduling irq_work on suspend sched_ext: Fix the memleak for sch->helper objects sched_ext: Fix bypass depth leak on scx_enable() failure dt-bindings: clock: mmcc-sdm660: Add missing MDSS reset phy: exynos5-usbdrd: fix clock prepare imbalance efi: Add missing static initializer for efi_mm::cpus_allowed_lock crypto: scatterwalk - Fix memcpy_sglist() to always succeed printk: Allow printk_trigger_flush() to flush all types printk: Avoid irq_work for printk_deferred() on suspend block: Remove queue freezing from several sysfs store callbacks mm/huge_memory: add pmd folio to ds_queue in do_huge_zero_wp_pmd() crash: let architecture decide crash memory export to iomem_resource usb: typec: ucsi: huawei-gaokin: add DRM dependency f2fs: clean up w/ get_left_section_blocks() f2fs: fix to not account invalid blocks in get_left_section_blocks() media: iris: Add sanity check for stop streaming KVM: selftests: Forcefully override ARCH from x86_64 to x86 KVM: Fix last_boosted_vcpu index assignment bug KVM: TDX: Explicitly set user-return MSRs that *may* be clobbered by the TDX-Module KVM: x86: Apply runtime updates to current CPUID during KVM_SET_CPUID{,2} KVM: selftests: Add missing "break" in rseq_test's param parsing xfs: fix the zoned RT growfs check for zone alignment xfs: validate that zoned RT devices are zone aligned arm64/gcs: Flush the GCS locking state on exec ALSA: hda/realtek: Add Asus quirk for TAS amplifiers NFSD: Clear TIME_DELEG in the suppattr_exclcreat bitmap cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated gpio: loongson: Switch 2K2000/3000 GPIO to BYTE_CTRL_MODE crypto: arm64/ghash - Fix incorrect output from ghash-neon zloop: fail zone append operations that are targeting full zones zloop: make the write pointer of full zones invalid vfio: Fix ksize arg while copying user struct in vfio_df_ioctl_bind_iommufd() rtla/timerlat_bpf: Stop tracing on user latency pwm: rzg2l-gpt: Allow checking period_tick cache value only if sibling channel is enabled lib/crypto: riscv: Depend on RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS UBUNTU: [Config] Disable accelerated crypto for riscv64 by default io_uring/rsrc: fix lost entries after cloned range ARM: dts: microchip: sama7d65: fix uart fifo size to 32 fuse: fix io-uring list corruption for terminated non-committed requests fuse: missing copy_finish in fuse-over-io-uring argument copies ice: add missing ice_deinit_hw() in devlink reinit path arp: do not assume dev_hard_header() does not change skb->head firmware: imx: scu-irq: Set mu_resource_id before get handle tpm: Compare HMAC values in constant time keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal intel_th: fix device leak on output open() UBUNTU: Upstream stable to v6.18.2, v6.12.64, v6.18.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2142250/+subscriptions