Public bug reported: == Summary == When Docker containers are running with bridge networking, the kernel's skbuff slab caches (skbuff_small_head + skbuff_head_cache) grow unboundedly until all RAM is exhausted, triggering the OOM killer and crashing the session. The memory is classified as SUnreclaim (unreclaimable) and is NOT freed by session logout — only by stopping the Docker containers. == Reproduction == 1. Start Docker containers using bridge networking (e.g. DDEV local dev stack: Traefik router + web server + MySQL + Redis) 2. Monitor: watch -n 5 'grep SUnreclaim /proc/meminfo' 3. SUnreclaim grows at ~2-3 GB/min, reaching 28+ GB within minutes 4. OOM killer fires; desktop session crashes == Evidence from kernel OOM dump == Unreclaimable slab at time of crash: skbuff_small_head 21,873,103 KB (~20.8 GB) skbuff_head_cache 7,954,404 KB (~7.6 GB) Total slab_unreclaimable: ~29.6 GB The values grow continuously across multiple OOM events and survive user session restarts (kernel-level leak). Stopping the containers: SUnreclaim drops from ~28 GB back to ~450 MB. == Loaded modules == br_netfilter, nf_conntrack, xt_conntrack, xt_MASQUERADE == Workaround == sudo sysctl -w net.bridge.bridge-nf-call-iptables=0 sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=0 (disabling netfilter on the bridge slows/stops the leak) == Kernel == Linux 7.0.0-15-generic #15-Ubuntu SMP PREEMPT_DYNAMIC Ubuntu 26.04 LTS (Resolute) ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Attachment added: "skbuff-oom-report.txt" https://bugs.launchpad.net/bugs/2151248/+attachment/5968267/+files/skbuff-oom-report.txt -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2151248 Title: skbuff slab memory leak (~28GB) when Docker bridge networking (br_netfilter) is active Status in linux package in Ubuntu: New Bug description: == Summary == When Docker containers are running with bridge networking, the kernel's skbuff slab caches (skbuff_small_head + skbuff_head_cache) grow unboundedly until all RAM is exhausted, triggering the OOM killer and crashing the session. The memory is classified as SUnreclaim (unreclaimable) and is NOT freed by session logout — only by stopping the Docker containers. == Reproduction == 1. Start Docker containers using bridge networking (e.g. DDEV local dev stack: Traefik router + web server + MySQL + Redis) 2. Monitor: watch -n 5 'grep SUnreclaim /proc/meminfo' 3. SUnreclaim grows at ~2-3 GB/min, reaching 28+ GB within minutes 4. OOM killer fires; desktop session crashes == Evidence from kernel OOM dump == Unreclaimable slab at time of crash: skbuff_small_head 21,873,103 KB (~20.8 GB) skbuff_head_cache 7,954,404 KB (~7.6 GB) Total slab_unreclaimable: ~29.6 GB The values grow continuously across multiple OOM events and survive user session restarts (kernel-level leak). Stopping the containers: SUnreclaim drops from ~28 GB back to ~450 MB. == Loaded modules == br_netfilter, nf_conntrack, xt_conntrack, xt_MASQUERADE == Workaround == sudo sysctl -w net.bridge.bridge-nf-call-iptables=0 sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=0 (disabling netfilter on the bridge slows/stops the leak) == Kernel == Linux 7.0.0-15-generic #15-Ubuntu SMP PREEMPT_DYNAMIC Ubuntu 26.04 LTS (Resolute) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2151248/+subscriptions
вторник
[Bug 1975650] Re: Nvidia kernel driver stops loading after kernel update (needs manual reinstallation)
Affected: Ubuntu 24.04, kernel upgrade from 6.17.0-20-generic → 6.17.0-23-generic, driver nvidia-570 (pre-built modules) What happened: A routine kernel upgrade silently removed linux-modules- nvidia-570-6.17.0-20-generic with no replacement installed for the new kernel. On reboot, the system fell back to simpledrm — no multi-monitor support, capped at 1280x1024. No warning was shown during the upgrade. Evidence from dpkg.log (timestamps show the removal happened at 13:02:45 during the kernel upgrade, before the next boot): 2026-05-05 13:02:45 status installed linux-modules-nvidia-570-6.17.0-20-generic 2026-05-05 13:02:46 remove linux-modules-nvidia-570-6.17.0-20-generic Syslog on next boot confirmed simpledrm fallback: gnome-shell: Added device '/dev/dri/card0' (simpledrm) using atomic mode setting. Fix: Manually installing nvidia-driver-580 (which uses DKMS instead of pre-built modules) resolved the issue. Ask: The upgrade process should either pull in pre-built modules for the new kernel, or automatically fall back to installing the DKMS variant. Silently degrading to simpledrm with no user-facing warning is the core problem Additional context: Ubuntu Software Updater had been showing "Not all updates can be installed" (partial upgrade state) for an extended period prior to this kernel upgrade. The unresolved dependency conflict may have contributed to the nvidia-570 module removal not being handled correctly during the upgrade. -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/1975650 Title: Nvidia kernel driver stops loading after kernel update (needs manual reinstallation) Status in linux package in Ubuntu: Confirmed Status in nvidia-graphics-drivers-510 package in Ubuntu: Confirmed Status in nvidia-graphics-drivers-525 package in Ubuntu: Confirmed Status in nvidia-graphics-drivers-535 package in Ubuntu: Confirmed Status in nvidia-graphics-drivers-550 package in Ubuntu: Confirmed Bug description: I often have to forcibly power down my PC because of this bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1970808. Well, the most recent time I did that, when the computer restarted, the resolution is stuck on 1024x768 even though I am on a 1920x1080 monitor. I restarted my PC again and it is still stuck on the low resolution. This Ask Ubuntu answer (https://askubuntu.com/a/1167437/1589552) did allow me to force my resolution to 1920x1080, but a few things still seemed off: - The display settings page in the Gnome settings app still showed my display as "unknown display" and did not have any options for changing the resolution. - A WebGL-based application I use for work was very slow compared to normal. I reverted the change to my Grub config and now I'm back to 1024x768. I have an Nvidia GTX 1060 connected to a 1920x1080 monitor via HDMI. Let me know of any other information I can provide that would be helpful. Also let me know if there is a workaround other than reinstalling the OS. Edit: I have a Windows dual boot on this PC, with Windows installed on a separate SSD. I booted into Windows and everything seems completely fine. This provides further evidence that this is a software issue, not a hardware one. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: xorg 1:7.7+23ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-33.34-generic 5.15.30 Uname: Linux 5.15.0-33-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log' CasperMD5CheckResult: pass CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Tue May 24 20:14:55 2022 DistUpgraded: Fresh install DistroCodename: jammy DistroVariant: ubuntu ExtraDebuggingInterest: Yes GraphicsCard: NVIDIA Corporation GP106 [GeForce GTX 1060 3GB] [10de:1c02] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Micro-Star International Co., Ltd. [MSI] GP106 [GeForce GTX 1060 3GB] [1462:3287] InstallationDate: Installed on 2022-04-23 (31 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419) MachineType: Gigabyte Technology Co., Ltd. B450M DS3H ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/usr/bin/zsh ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-33-generic root=UUID=c4ac1391-7d4e-4282-94ba-fbae3c4c044c ro quiet splash vt.handoff=7 SourcePackage: xorg Symptom: display UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 01/25/2019 dmi.bios.release: 5.13 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: F4 dmi.board.asset.tag: Default string dmi.board.name: B450M DS3H-CF dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF4:bd01/25/2019:br5.13:svnGigabyteTechnologyCo.,Ltd.:pnB450MDS3H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnB450MDS3H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring: dmi.product.family: Default string dmi.product.name: B450M DS3H dmi.product.sku: Default string dmi.product.version: Default string dmi.sys.vendor: Gigabyte Technology Co., Ltd. version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.110-1ubuntu1 version.libgl1-mesa-dri: libgl1-mesa-dri 22.0.1-1ubuntu2 version.libgl1-mesa-glx: libgl1-mesa-glx N/A version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2build3 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20210115-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-2build1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1975650/+subscriptions
[Bug 2143100] Re: Got black screen after clicked logout button
This bug is awaiting verification that the linux- riscv-6.17/6.17.0-28.28.1~24.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux- riscv-6.17' to 'verification-done-noble-linux-riscv-6.17'. If the problem still exists, change the tag 'verification-needed-noble-linux- riscv-6.17' to 'verification-failed-noble-linux-riscv-6.17'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-noble-linux-riscv-6.17-v2 verification-needed-noble-linux-riscv-6.17 -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2143100 Title: Got black screen after clicked logout button Status in HWE Next: New Status in linux package in Ubuntu: Fix Released Status in linux-oem-6.17 package in Ubuntu: Invalid Status in linux source package in Noble: Invalid Status in linux-oem-6.17 source package in Noble: Fix Released Status in linux source package in Questing: In Progress Status in linux-oem-6.17 source package in Questing: Invalid Status in linux source package in Resolute: Fix Released Status in linux-oem-6.17 source package in Resolute: Invalid Bug description: [Impact] HP and Dell systems with Intel Panther Lake-H (PTL-H) CPU and eDP panel configured for Panel Replay suffer a permanent black screen after logout from the desktop. Only a hard reboot restores the display. [Fix] Fix the intel_alpm_disable() function in drivers/gpu/drm/i915/display/intel_alpm.c: 1. Remove the PORT_ALPM_CTL write from intel_alpm_disable() — this register must only be written before link training, not during disable. 2. Stop clearing ALPM_CTL_ALPM_AUX_LESS_ENABLE in intel_alpm_disable() — this bit is about mode switching (AUX-Less vs AUX-Wake), not ALPM enable/disable. The fix is in linux-next as of 2026-02-27: 008304c9ae75c772d3460040de56e12112cdf5e6 drm/i915/alpm: ALPM disable fixes In mainline b7.0-rc2 eb4a7139e9737 drm/i915/alpm: ALPM disable fixes Patchwork: https://patchwork.freedesktop.org/patch/704253/ [Test Plan] Requires a system with Intel integrated graphics and an eDP panel that supports Panel Replay (typically recent Intel platforms with Panel Replay-capable eDP displays). Click logout button from the top-right menu and then the GDM shows up. [Where problems could occur] The change modifies the ALPM disable path in the Intel i915 display driver, which is exercised whenever PSR2 or Panel Replay is active on eDP panels. If the removal of the PORT_ALPM_CTL write is incorrect (i.e., if some hardware requires it to be cleared at disable time), ALPM may fail to disable properly, leaving the link in a low-power state that prevents display from recovering. This would manifest as a black screen or display not coming back after suspend/resume. Similarly, if removing the ALPM_CTL_ALPM_AUX_LESS_ENABLE clear has unintended side effects on some panel configurations, the ALPM mode (AUX-Less vs AUX-Wake) could be stuck in the wrong state, causing link training failures or display flicker on affected eDP panels. The fix is reviewed by Intel display maintainers (Reviewed-by: Michał Grzelak), reducing regression risk, but panels with non-standard ALPM implementations may behave differently. [Other Info] Remaining open issue: a ~20-second GDM login delay after logout (unrelated to ALPM) is tracked upstream at https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/7497 and is outside the scope of this SRU. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/2143100/+subscriptions
[Bug 2149770] Re: ALSA: hda/tas2781 Audio Fix for the front-right speacker
This bug is awaiting verification that the linux-oem-6.17/6.17.0-1021.21 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-oem-6.17' to 'verification-done- noble-linux-oem-6.17'. If the problem still exists, change the tag 'verification-needed-noble-linux-oem-6.17' to 'verification-failed- noble-linux-oem-6.17'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-noble-linux-oem-6.17-v2 verification-needed-noble-linux-oem-6.17 -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2149770 Title: ALSA: hda/tas2781 Audio Fix for the front-right speacker Status in HWE Next: New Status in linux package in Ubuntu: In Progress Status in linux-oem-6.17 package in Ubuntu: Invalid Status in linux source package in Noble: Invalid Status in linux-oem-6.17 source package in Noble: Fix Committed Status in linux source package in Resolute: In Progress Status in linux-oem-6.17 source package in Resolute: Invalid Bug description: [Impact] Audio is still wrong on some HP systems with TAS2781 SPI audio. LP#2141639 fixed the earlier case where the front-right speaker had no audio because firmware download was skipped during SPI probe. That fix is already in linux-oem-6.17. But the same TAS2781 SPI path still has problems on other HP systems. After the earlier fix, the right speaker may work but sound is still abnormal, unclear, or lower than the left speaker. This hits multiple HP systems and shows 100% repro with: $ speaker-test -c 2 -l 1 -t wav The issue is in TAS2781 SPI calibration and firmware handling, not only the old reset check from LP#2141639. [Fix] Backport the upstream TAS2781 follow-up fixes needed for HP SPI systems. The branch contains these 7 commits: - dcc0899e6b8e9 ASoC: tas2781: Put three different calibrated data solution into the same data structure upstream: 55137f5a68b5e888504ad36d07221cd749bb8956 upstream version: v7.0 - 9dfa6c7d268c8 ALSA: hda/tas2781: A workaround solution to lower-vol issue among lower calibrated-impedance micro-speaker on TAS2781 upstream: 05ac3846ffe53fc63e454eb195ce8a6bab7a6a88 upstream version: v7.0 - 1550e33f1018b ASoC: tas2781: Add null check for calibration data upstream: a437601a0a1383260222223440a95dd4322eb7fa upstream version: v7.0 - 44024094a8751 PM: runtime: Add auto-cleanup macros for "resume and get" operations upstream: 9a0abc39450a3123fd52533a662fbd37e0d1508c upstream version: v6.18 - 03c1a0855d20b ALSA: hda/tas2781: Clean up runtime PM with guard() upstream: 4a91da4afc7db944d17234e4ecc164df8252b23b upstream version: v7.0 - e17bde0ac6f53 ALSA: hda/tas2781: Add tas2781hda::catlogid init upstream: e4808c60b1b1548631041c7db60da06b7d3a3662 upstream version: v7.0 - 94b777bf01bad ALSA: hda/tas2781: Fix sound abnormal issue on some SPI device upstream: 055e3fcc66caee8ae470c98e06120b494c95525b upstream version: not tagged yet in this tree, merged in linux-next These patches extend the earlier LP#2141639 fix. They initialize the SPI TAS2781 path correctly for HP systems, fix catalog/chip setup, use the right bulk read path for SPI calibration data, add missing safety checks, and include the calibration update used to avoid low or unclear right-speaker output. Together they address the remaining TAS2781 SPI issues seen on HP systems after LP#2141639. [Test Plan] On an affected HP system with TAS2781 SPI audio: 1. Boot the patched kernel. 2. Run: $ speaker-test -c 2 -l 1 -t wav 3. Listen to left and right speakers separately. 4. Check kernel log for TAS2781 errors: $ dmesg | grep -i tas2781 Without these patches: - the old LP#2141639 fix may restore audio on some systems only - on other systems the right speaker may still sound unclear, abnormal, or lower than the left one With these patches: - both speakers produce audio - the right speaker no longer shows the abnormal SPI calibration behavior reported in STELLA-3075 - no new TAS2781 firmware or calibration errors show up in dmesg [Where problems could occur] These changes touch the TAS2781 HDA/SPI path, TAS2781 calibration handling, and runtime PM helpers. If the SPI calibration path is wrong, HP systems with TAS2781 could still get bad speaker balance, distorted output, or no audio on one channel. If the chipid or catlogid setup is wrong, firmware or calibration data may not be loaded correctly for SPI devices. If the runtime PM related changes are wrong, audio init or resume could fail and the codec may not be available after boot or resume. Regression would show up as TAS2781 probe failures, missing firmware/calibration behavior, no sound from one speaker, or lower/unclear output from one side. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/2149770/+subscriptions
[Bug 2151236] Re: Thunderbolt/USB3 port failing in Resolute
Hmmm...intresting(?) that this shows up as a "new high-speed USB device". If I plug this into a USB-A port on the same system using a USB-A/USB-C convertor (it's an SSD in a UGReen enclosure) it shows up as a "SuperSpeed Plus Gen 2x1 USB device", which is what I'd expect (and it also shows up as this when plugged into USB-C/Thunderbolt ports on other systems). -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2151236 Title: Thunderbolt/USB3 port failing in Resolute Status in linux package in Ubuntu: New Bug description: I have a USB-C connector for Thunderbolt/USB3 on my laptop. If I plug in an external USB3 drive nothing happens. (Nothing in dmesg and it doesn't show up under removable Drives in Dolphin). If I then type lspci then one of two things happens a) the drive becomes visible to the system, and can be mounted, or b) the lspci command takes a long time, and there is a kernel bug report in dmesg (attached here) Once the drive is visible it can be mounted and seems to work fine. But if I then unmount it, unplug it and plug it back in again the kernel bug reports seem to happen on every lspci run. This system dual-boots MS Windows, and the port behaves OK there. I also think that it was OK on Questing. ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: linux-image-7.0.0-15-generic 7.0.0-15.15 ProcVersionSignature: Ubuntu 7.0.0-15.15-generic 7.0.0 Uname: Linux 7.0.0-15-generic x86_64 ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: gml4410 2282 F.... pipewire gml4410 2286 F.... wireplumber /dev/snd/pcmC0D0p: gml4410 2282 F...m pipewire /dev/snd/seq: gml4410 2282 F.... pipewire CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Tue May 5 19:55:15 2026 InstallationDate: Installed on 2026-04-26 (9 days ago) InstallationMedia: Kubuntu 26.04 "Resolute Raccoon" - Release amd64 (20260423) MachineType: PC Specialist LTD N150CU ProcFB: 0 i915drmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-7.0.0-15-generic root=UUID=2394548e-aa9d-4521-b07d-12b7f18cedae ro quiet splash PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/15/2019 dmi.bios.release: 7.7 dmi.bios.vendor: INSYDE Corp. dmi.bios.version: 1.07.07TPCS2 dmi.board.asset.tag: Tag 12345 dmi.board.name: N151CU dmi.board.vendor: CLEVO dmi.board.version: Not Applicable dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: Notebook dmi.chassis.version: N/A dmi.ec.firmware.release: 7.7 dmi.modalias: dmi:bvnINSYDECorp.:bvr1.07.07TPCS2:bd11/15/2019:br7.7:efr7.7:svnPCSpecialistLTD:pnN150CU:pvrNotApplicable:rvnCLEVO:rnN151CU:rvrNotApplicable:cvnNotebook:ct10:cvrN/A:skuNotApplicable:pfaNotApplicable: dmi.product.family: Not Applicable dmi.product.name: N150CU dmi.product.sku: Not Applicable dmi.product.version: Not Applicable dmi.sys.vendor: PC Specialist LTD To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2151236/+subscriptions
[Bug 2147065] Re: Compile error due to nonexistent struct member with CONFIG_PCI_EPF_TEST
This bug is awaiting verification that the linux-raspi- realtime/6.8.0-2044.45 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-raspi-realtime' to 'verification-done-noble-linux-raspi-realtime'. If the problem still exists, change the tag 'verification-needed-noble-linux-raspi-realtime' to 'verification-failed-noble-linux-raspi-realtime'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-noble-linux-raspi-realtime-v2 verification-needed-noble-linux-raspi-realtime -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2147065 Title: Compile error due to nonexistent struct member with CONFIG_PCI_EPF_TEST Status in linux package in Ubuntu: New Bug description: [ Impact ] The noble 6.8 kernel fails to build when CONFIG_PCI_EPF_TEST is enabled, with the following error: ``` CC [M] drivers/pci/endpoint/functions/pci-epf-test.o drivers/pci/endpoint/functions/pci-epf-test.c: In function 'pci_epf_test_alloc_space': drivers/pci/endpoint/functions/pci-epf-test.c:863:33: error: 'const struct pci_epc_features' has no member named 'bar' 863 | if (epc_features->bar[bar].type == BAR_FIXED) | ^~ drivers/pci/endpoint/functions/pci-epf-test.c:863:52: error: 'BAR_FIXED' undeclared (first use in this function) 863 | if (epc_features->bar[bar].type == BAR_FIXED) | ^~~~~~~~~ drivers/pci/endpoint/functions/pci-epf-test.c:863:52: note: each undeclared identifier is reported only once for each function it appears in drivers/pci/endpoint/functions/pci-epf-test.c:864:53: error: 'const struct pci_epc_features' has no member named 'bar' 864 | test_reg_size = epc_features->bar[bar].fixed_size; | ^~ make[8]: *** [scripts/Makefile.build:243: drivers/pci/endpoint/functions/pci-epf-test.o] Error 1 make[7]: *** [scripts/Makefile.build:481: drivers/pci/endpoint/functions] Error 2 make[6]: *** [scripts/Makefile.build:481: drivers/pci/endpoint] Error 2 ``` This is due to the inclusion of the linux-6.12.y upstream stable commit: e741dabcc52b ("PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs") without including the dependent (non-stable) commit: e01c9797c0eb ("PCI: endpoint: Clean up hardware description for BARs") The 6.12 commit does not fix any issues that have been observed with the 6.8 noble kernel, so it should be reverted. After doing so, the kernel compiles when the config is enabled. [ Test Plan ] 1. Apply the revert. 2. Enable CONFIG_PCI_EPF_TEST in the generic 6.8 kernel 3. Compile the kernel. The compilation should succeed with the revert. [ Where problems could occur ] Since this config is disabled in Ubuntu by default, it has not been tested in the past. Even though it compiles with this fix, that does not guarantee correct behaviour in the features that the config enables. For example, reverting this commit means the feature will definitely not work with controllers with too-small fixed BAR sizes, as that is what the commit fixes upstream. If it is needed, a full backport of the commit and its dependents will be necessary. [ Other Info ] For context, this issue was found because the noble:linux-nvidia-tegra kernel needs to enable PCI_EPF_TEST, so more issues may be found once that gets further testing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2147065/+subscriptions
[Bug 2150810] Re: Kernel panic when switching to sleep mode
*** This bug is a duplicate of bug 2149963 *** https://bugs.launchpad.net/bugs/2149963 ** This bug has been marked a duplicate of bug 2149963 kernel 7.0.0-14 hangs on s2idle resume with nvidia-open on RTX 50-series (Blackwell); 6.17.0-22 works on same hw -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2150810 Title: Kernel panic when switching to sleep mode Status in linux package in Ubuntu: New Bug description: avril 30 10:16:53 me-nitroanv1541 kernel: jump_label: Fatal kernel bug, unexpected op at nvkms_kthread_q_callback+0x8e/0x1a0 [nvidia_modeset] [0000000083807b73] (e9 9b 00 00 00 != 0f 1f 44 00 00)) size:5 type:1 avril 30 10:16:53 me-nitroanv1541 kernel: fbcon: Taking over console avril 30 10:16:55 me-nitroanv1541 kernel: ------------[ cut here ]------------ avril 30 10:16:55 me-nitroanv1541 kernel: kernel BUG at arch/x86/kernel/jump_label.c:73! avril 30 10:16:55 me-nitroanv1541 kernel: Oops: invalid opcode: 0000 [#1] SMP NOPTI avril 30 10:16:55 me-nitroanv1541 kernel: CPU: 8 UID: 0 PID: 7208 Comm: systemd-sleep Tainted: P W OE 7.0.0-15-generic #15-Ubuntu PREEMPT(lazy) avril 30 10:16:55 me-nitroanv1541 kernel: Tainted: [P]=PROPRIETARY_MODULE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE avril 30 10:16:55 me-nitroanv1541 kernel: Hardware name: Acer Nitro ANV15-41/Sportage_RBH, BIOS V1.20 10/23/2025 avril 30 10:16:55 me-nitroanv1541 kernel: RIP: 0010:__jump_label_patch.cold+0x24/0x26 avril 30 10:16:55 me-nitroanv1541 kernel: Code: f8 e9 44 f7 19 00 48 c7 c3 b8 89 e5 8c 41 56 45 89 e1 49 89 d8 4c 89 e9 4c 89 ea 4c 89 ee 48 c7 c7 58 9e 8d 8b e8 64 90 01 00 <0f> 0b 0f b6 f0 48 c7 c7 20 02 45 8c 88 45 f7 e8 10 9f bc> avril 30 10:16:55 me-nitroanv1541 kernel: RSP: 0018:ffffccc14362f930 EFLAGS: 00010246 avril 30 10:16:55 me-nitroanv1541 kernel: RAX: 00000000000000a8 RBX: ffffffff8b2068ca RCX: 0000000000000000 avril 30 10:16:55 me-nitroanv1541 kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 avril 30 10:16:55 me-nitroanv1541 kernel: RBP: ffffccc14362f960 R08: 0000000000000000 R09: 0000000000000000 avril 30 10:16:55 me-nitroanv1541 kernel: R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005 avril 30 10:16:55 me-nitroanv1541 kernel: R13: ffffffffc42a29ae R14: 0000000000000001 R15: 0000000000000000 avril 30 10:16:55 me-nitroanv1541 kernel: FS: 000070880def8c80(0000) GS:ffff8c4961a00000(0000) knlGS:0000000000000000 avril 30 10:16:55 me-nitroanv1541 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 avril 30 10:16:55 me-nitroanv1541 kernel: CR2: 00005d99faecd7e0 CR3: 000000014600f000 CR4: 0000000000f50ef0 avril 30 10:16:55 me-nitroanv1541 kernel: PKRU: 55555554 avril 30 10:16:55 me-nitroanv1541 kernel: Call Trace: avril 30 10:16:55 me-nitroanv1541 kernel: <TASK> avril 30 10:16:55 me-nitroanv1541 kernel: arch_jump_label_transform_queue+0x37/0x90 avril 30 10:16:55 me-nitroanv1541 kernel: __jump_label_update+0x47/0x100 avril 30 10:16:55 me-nitroanv1541 kernel: jump_label_update+0x5c/0x110 avril 30 10:16:55 me-nitroanv1541 kernel: static_key_slow_inc_cpuslocked+0x53/0xa0 avril 30 10:16:55 me-nitroanv1541 kernel: static_key_slow_inc+0x1f/0x40 avril 30 10:16:55 me-nitroanv1541 kernel: freeze_processes+0xd1/0xe0 avril 30 10:16:55 me-nitroanv1541 kernel: enter_state+0xe0/0x610 avril 30 10:16:55 me-nitroanv1541 kernel: pm_suspend+0x49/0x90 avril 30 10:16:55 me-nitroanv1541 kernel: state_store+0x2e/0x60 avril 30 10:16:55 me-nitroanv1541 kernel: kobj_attr_store+0x12/0x40 avril 30 10:16:55 me-nitroanv1541 kernel: sysfs_kf_write+0x74/0x90 avril 30 10:16:55 me-nitroanv1541 kernel: kernfs_fop_write_iter+0x161/0x210 avril 30 10:16:55 me-nitroanv1541 kernel: vfs_write+0x25b/0x490 avril 30 10:16:55 me-nitroanv1541 kernel: ksys_write+0x71/0xf0 avril 30 10:16:55 me-nitroanv1541 kernel: __x64_sys_write+0x19/0x30 avril 30 10:16:55 me-nitroanv1541 kernel: x64_sys_call+0x22f/0x2390 avril 30 10:16:55 me-nitroanv1541 kernel: do_syscall_64+0x115/0x5a0 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? mod_memcg_lruvec_state+0x101/0x2f0 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? lruvec_stat_mod_folio+0x8d/0x100 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? set_ptes.isra.0+0x3b/0x90 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? do_anonymous_page+0x105/0x4d0 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? handle_pte_fault+0x1cb/0x1f0 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? __handle_mm_fault+0x493/0x720 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? count_memcg_events+0x103/0x250 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? handle_mm_fault+0x1c0/0x2e0 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? arch_exit_to_user_mode_prepare.isra.0+0xd/0x100 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? irqentry_exit+0x97/0x5a0 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: ? exc_page_fault+0x94/0x1e0 avril 30 10:16:55 me-nitroanv1541 kernel: ? srso_alias_return_thunk+0x5/0xfbef5 avril 30 10:16:55 me-nitroanv1541 kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e avril 30 10:16:55 me-nitroanv1541 kernel: RIP: 0033:0x70880d6a06c6 avril 30 10:16:55 me-nitroanv1541 kernel: Code: 47 ba 04 00 00 00 48 8b 05 3f 17 17 00 64 89 10 48 c7 c2 ff ff ff ff c9 48 89 d0 c3 0f 1f 84 00 00 00 00 00 48 8b 45 10 0f 05 <48> 89 c2 48 3d 00 f0 ff ff 77 0f c9 48 89 d0 c3 66 2e 0f> avril 30 10:16:55 me-nitroanv1541 kernel: RSP: 002b:00007ffd4123cff0 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 avril 30 10:16:55 me-nitroanv1541 kernel: RAX: ffffffffffffffda RBX: 00005d99faec2010 RCX: 000070880d6a06c6 avril 30 10:16:55 me-nitroanv1541 kernel: RDX: 0000000000000004 RSI: 00005d99faecc7d0 RDI: 0000000000000007 avril 30 10:16:55 me-nitroanv1541 kernel: RBP: 00007ffd4123d000 R08: 0000000000000000 R09: 0000000000000000 ProblemType: Bug DistroRelease: Ubuntu 26.04 Package: linux-image-7.0.0-15-generic 7.0.0-15.15 ProcVersionSignature: Ubuntu 7.0.0-15.15-generic 7.0.0 Uname: Linux 7.0.0-15-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.34.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Sat May 2 11:21:30 2026 InstallationDate: Installed on 2026-02-21 (70 days ago) InstallationMedia: Kubuntu 25.10 "Questing Quokka" - Release amd64 (20251007) MachineType: Acer Nitro ANV15-41 ProcFB: 0 amdgpudrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-7.0.0-15-generic root=UUID=e096f49c-87d5-4449-aa79-8ba7b874e5c7 ro quiet splash acpi_mask_gpe=0x6F PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. SourcePackage: linux UpgradeStatus: Upgraded to resolute on 2026-04-29 (2 days ago) dmi.bios.date: 10/23/2025 dmi.bios.release: 1.20 dmi.bios.vendor: INSYDE Corp. dmi.bios.version: V1.20 dmi.board.asset.tag: Base Board Asset Tag dmi.board.name: Sportage_RBH dmi.board.vendor: RB dmi.board.version: V1.20 dmi.chassis.type: 10 dmi.chassis.vendor: Acer dmi.chassis.version: Chassis Version dmi.ec.firmware.release: 1.10 dmi.modalias: dmi:bvnINSYDECorp.:bvrV1.20:bd10/23/2025:br1.20:efr1.10:svnAcer:pnNitroANV15-41:pvrV1.20:rvnRB:rnSportage_RBH:rvrV1.20:cvnAcer:ct10:cvrChassisVersion:sku0000000000000000:pfaAcerNitroV15: dmi.product.family: Acer Nitro V 15 dmi.product.name: Nitro ANV15-41 dmi.product.sku: 0000000000000000 dmi.product.version: V1.20 dmi.sys.vendor: Acer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2150810/+subscriptions
понедельник
[Bug 2150809] [NEW] Noble update: upstream stable patchset 2026-05-01
Public bug reported: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2026-05-01 Ported from the following upstream stable releases: v6.6.128, v6.12.75 from git://git.kernel.org/ RDMA/siw: Fix potential NULL pointer dereference in header processing RDMA/umad: Reject negative data_len in ib_umad_write auxdisplay: arm-charlcd: fix release_mem_region() size hfsplus: return error when node already exists in hfs_bnode_create rcu: s/boost_kthread_mutex/kthread_mutex rcu/exp: Move expedited kthread worker creation functions above rcutree_prepare_cpu() rcu: Refactor expedited handling check in rcu_read_unlock_special() rcu: Remove local_irq_save/restore() in rcu_preempt_deferred_qs_handler() rcu: Fix rcu_read_unlock() deadloop due to softirq audit: move the compat_xxx_class[] extern declarations to audit_arch.h i3c: Move device name assignment after i3c_bus_init fs: add <linux/init_task.h> for 'init_fs' i3c: master: Update hot-join flag only on success gfs2: Retries missing in gfs2_{rename,exchange} gfs2: Fix use-after-free in iomap inline data write path i3c: dw: Initialize spinlock to avoid upsetting lockdep tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure tpm: st33zp24: Fix missing cleanup on get_burstcount() error btrfs: qgroup: return correct error when deleting qgroup relation item btrfs: fix block_group_tree dirty_list corruption smb: client: fix potential UAF and double free in smb2_open_file() xen/virtio: Don't use grant-dma-ops when running as Dom0 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() io_uring/sync: validate passed in offset cpuidle: menu: Cleanup after loadavg removal cpuidle: governors: menu: Always check timers with tick stopped md/raid10: fix any_working flag handling in raid10_sync_request iomap: fix submission side handling of completion side errors ublk: Validate SQE128 flag before accessing the cmd x86/xen: make some functions static Partial revert "x86/xen: fix balloon target initialization for PVH dom0" PM: wakeup: Handle empty list in wakeup_sources_walk_start() perf: arm_spe: Properly set hw.state on failures PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races s390/cio: Fix device lifecycle handling in css_alloc_subchannel() crypto: qat - fix warning on adf_pfvf_pf_proto.c selftests/bpf: veristat: fix printing order in output_stats() libbpf: Fix OOB read in btf_dump_get_bitfield_value ARM: VDSO: Patch out __vdso_clock_getres() if unavailable crypto: cavium - fix dma_free_coherent() size crypto: octeontx - fix dma_free_coherent() size crypto: hisilicon/zip - adjust the way to obtain the req in the callback function crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable hrtimer: Fix trace oddity bpf, sockmap: Fix incorrect copied_seq calculation bpf, sockmap: Fix FIONREAD for sockmap crypto: hisilicon/trng - modifying the order of header files crypto: hisilicon/trng - support tfms sharing the device bpf: Fix bpf_xdp_store_bytes proto for read-only arg scsi: efct: Use IRQF_ONESHOT and default primary handler EDAC/altera: Remove IRQF_ONESHOT mfd: wm8350-core: Use IRQF_ONESHOT sched/rt: Skip currently executing CPU in rto_next_cpu() pstore/ram: fix buffer overflow in persistent_ram_save_old() soc: qcom: smem: handle ENOMEM error during probe EDAC/i5000: Fix snprintf() size calculation in calculate_dimm_size() EDAC/i5400: Fix snprintf() limit calculation in calculate_dimm_size() arm64: dts: tqma8mpql-mba8mpxl: Fix HDMI CEC pad control settings clk: qcom: Return correct error code in qcom_cc_probe_by_index() arm64: dts: qcom: sdm630: fix gpu_speed_bin size arm64: dts: qcom: sdm845-oneplus: Don't mark ts supply boot-on ARM: dts: allwinner: sun5i-a13-utoo-p66: delete "power-gpios" property powerpc/uaccess: Move barrier_nospec() out of allow_read_{from/write}_user() soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling ARM: dts: lpc32xx: Set motor PWM #pwm-cells property value to 3 cells arm: dts: lpc32xx: add clocks property to Motor Control PWM device tree node arm64: dts: amlogic: axg: assign the MMC signal clocks arm64: dts: amlogic: gx: assign the MMC signal clocks arm64: dts: amlogic: g12: assign the MMC B and C signal clocks arm64: dts: amlogic: g12: assign the MMC A signal clock arm64: dts: qcom: sdm845-db845c: drop CS from SPIO0 arm64: dts: qcom: sdm845-db845c: specify power for WiFi CH1 arm64: dts: qcom: sm6115: Add CX_MEM/DBGC GPU regions workqueue: Factor out assign_rescuer_work() workqueue: Only assign rescuer work when really needed workqueue: Process rescuer work items one-by-one using a cursor smack: /smack/doi must be > 0 smack: /smack/doi: accept previously used values ASoC: nau8821: Consistently clear interrupts before unmasking ASoC: nau8821: Avoid unnecessary blocking in IRQ handler ASoC: nau8821: Fixup nau8821_enable_jack_detect() drm/amdgpu: Use explicit VCN instance 0 in SR-IOV init drm/msm/disp/dpu: add merge3d support for sc7280 regulator: core: move supply check earlier in set_machine_constraints() HID: playstation: Add missing check for input_ff_create_memless drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x media: ccs: Accommodate C-PHY into the calculation drm/msm/a2xx: fix pixel shader start on A225 platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev media: uvcvideo: Fix allocation for small frame sizes platform/chrome: cros_ec_lightbar: Fix response size initialization spi: tools: Add include folder to .gitignore Revert "hwmon: (ibmpex) fix use-after-free in high/low store" PCI: mediatek: Fix IRQ domain leak when MSI allocation fails Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors PCI/PM: Avoid redundant delays on D3hot->D3cold PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails Documentation: tracing: Add ring-buffer mapping docs: fix WARNING document not included in any toctree Documentation: trace: Refactor toctree Documentation: tracing: Add PCI tracepoint documentation PCI: Do not attempt to set ExtTag for VFs PCI/portdrv: Fix potential resource leak quota: fix livelock between quotactl and freeze_super net: mctp-i2c: fix duplicate reception of old data mctp i2c: initialise event handler read bytes wifi: cfg80211: stop NAN and P2P in cfg80211_leave netfilter: nf_tables: reset table validation state on abort netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH netfilter: nf_conncount: increase the connection clean up limit to 64 netfilter: nft_compat: add more restrictions on netlink attributes netfilter: nf_conncount: fix tracking of connections from localhost module: add helper function for reading module_buildid() kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup() PCI: Mark 3ware-9650SA Root Port Extended Tags as broken iommu/vt-d: Flush cache for PASID table before using it dm: use bio_clone_blkg_association nfsd: never defer requests during idmap lookup fat: avoid parent link count underflow in rmdir tcp: tcp_tx_timestamp() must look at the rtx queue wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() PCI: Initialize RCB from pci_configure_device() PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros PCI: Add defines for bridge window indexing PCI/ACPI: Restrict program_hpx_type2() to AER bits ipc: don't audit capability check in ipc_permissions() ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit() of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() mptcp: fix receive space timestamp initialization octeontx2-af: Fix PF driver crash with kexec kernel booting bonding: only set speed/duplex to unknown, if getting speed failed inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP nfc: hci: shdlc: Stop timers and work before freeing context netfilter: nft_set_hash: fix get operation on big endian netfilter: nft_counter: fix reset of counters on 32bit archs netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] net: hns3: fix double free issue for tx spare buffer procfs: fix missing RCU protection when reading real_parent in do_task_stat() smb: client: correct value for smbd_max_fragmented_recv_size net: atm: fix crash due to unvalidated vcc pointer in sigd_send() net: sunhme: Fix sbus regression net: Add skb_dstref_steal and skb_dstref_restore net: Switch to skb_dstref_steal/skb_dstref_restore for ip_route_input callers xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path serial: caif: fix use-after-free in caif_serial ldisc_close() octeon_ep: disable per ring interrupts octeon_ep: ensure dbell BADDR updation ionic: Rate limit unknown xcvr type messages octeontx2-pf: Unregister devlink on probe failure RDMA/rtrs: server: remove dead code IB/cache: update gid cache on client reregister event RDMA/hns: Fix WQ_MEM_RECLAIM warning RDMA/hns: Notify ULP of remaining soft-WCs during reset power: supply: ab8500: Fix use-after-free in power_supply_changed() power: supply: act8945a: Fix use-after-free in power_supply_changed() power: supply: bq256xx: Fix use-after-free in power_supply_changed() power: supply: bq25980: Fix use-after-free in power_supply_changed() power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() power: supply: goldfish: Fix use-after-free in power_supply_changed() power: supply: rt9455: Fix use-after-free in power_supply_changed() power: supply: sbs-battery: Fix use-after-free in power_supply_changed() power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write power: supply: bq27xxx: fix wrong errno when bus ops are unsupported power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() RDMA/rtrs-srv: fix SG mapping RDMA/rxe: Fix double free in rxe_srq_from_init tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper crypto: ccp - Add an S4 restore flow crypto: ccp - Factor out ring destroy handling to a helper crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send RDMA/rxe: Fix race condition in QP timer handlers svcrdma: Increase the per-transport rw_ctx count svcrdma: Reduce the number of rdma_rw contexts per-QP RDMA/core: add rdma_rw_max_sge() helper for SQ sizing cxl: Fix premature commit_end increment on decoder commit failure mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() mtd: spinand: Fix kernel doc power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer RDMA/uverbs: Add __GFP_NOWARN to ib_uverbs_unmarshall_recv() kmalloc pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() scsi: ufs: host: mediatek: Require CONFIG_PM scsi: csiostor: Fix dereference of null pointer rn nvdimm: virtio_pmem: serialize flush requests fs/nfs: Fix readdir slow-start regression tracing: Properly process error handling in event_hist_trigger_parse() tracing: Remove duplicate ENABLE_EVENT_STR and DISABLE_EVENT_STR macros fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs clk: qcom: rcg2: compute 2d using duty fraction directly clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-sdx75: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-qdu1000: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc clk: qcom: gcc-ipq5018: flag sleep clock as critical clk: Move clk_{save,restore}_context() to COMMON_CLK section clk: qcom: dispcc-sdm845: Enable parents for pixel clocks clk: qcom: gfx3d: add parent to parent request map clk: mediatek: Fix error handling in runtime PM setup dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX dma: dma-axi-dmac: fix SW cyclic transfers staging: greybus: lights: avoid NULL deref serial: imx: change SERIAL_IMX_CONSOLE to bool serial: SH_SCI: improve "DMA support" prompt mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms iio: pressure: mprls0025pa: fix scan_type struct watchdog: starfive-wdt: Fix PM reference leak in probe error path coresight: etm3x: Fix cpulocked warning on cpuhp Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure mfd: simple-mfd-i2c: Add MAX77705 support mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA mfd: simple-mfd-i2c: Add SpacemiT P1 support mfd: simple-mfd-i2c: Keep compatible strings in alphabetical order mfd: simple-mfd-i2c: Add Delta TN48M CPLD support UBUNTU: [Config] Disable new Delta TN48M CPLD support by default drivers: iio: mpu3050: use dev_err_probe for regulator request usb: bdc: fix sleep during atomic pinctrl: equilibrium: Fix device node reference leak in pinbank_init() ovl: Fix uninit-value in ovl_fill_real iio: sca3000: Fix a resource leak in sca3000_probe() pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition pinctrl: single: fix refcount leak in pcs_add_gpio_func() leds: qcom-lpg: Check the return value of regmap_bulk_write() backlight: qcom-wled: Support ovp values for PMI8994 backlight: qcom-wled: Change PM8950 WLED configurations dmaengine: fsl-edma: don't explicitly disable clocks in .remove() io_uring/cancel: de-unionize file and user_data in struct io_cancel_data fs/ntfs3: prevent infinite loops caused by the next valid being the same fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check kbuild: Add objtool to top-level clean target selftests/memfd: delete unused declarations selftests/memfd: use IPC semaphore instead of SIGSTOP/SIGCONT ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO cpuidle: Skip governor when only one idle state is available selftests: mlxsw: tc_restrictions: Fix test failure with new iproute2 net: sparx5/lan969x: fix DWRR cost max to match hardware register width net: mscc: ocelot: extract ocelot_xmit_timestamp() helper net: mscc: ocelot: split xmit into FDMA and register injection paths net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ipv6: Fix out-of-bound access in fib6_add_rt2node(). net: sparx5/lan969x: fix PTP clock max_adj value net: usb: catc: enable basic endpoint checking xen-netback: reject zero-queue configuration from guest net/rds: rds_sendmsg should not discard payload_len net: bridge: mcast: always update mdb_n_entries for vlan contexts selftests: forwarding: vxlan_bridge_1d: fix test failure with br_netfilter enabled selftests: forwarding: vxlan_bridge_1d_ipv6: fix test failure with br_netfilter enabled netfilter: nf_conntrack_h323: don't pass uninitialised l3num value net: remove WARN_ON_ONCE when accessing forward path array netfilter: nf_tables: fix use-after-free in nf_tables_addchain() ipv6: fix a race in ip6_sock_set_v6only() bpftool: Fix truncated netlink dumps ping: annotate data-races in ping_lookup() macvlan: observe an RCU grace period in macvlan_common_newlink() error path icmp: move icmp_global.credit and icmp_global.stamp to per netns storage icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns icmp: prevent possible overflow in icmp_global_allow() cache: add __cacheline_group_{begin, end}_aligned() (+ couple more) inet: move icmp_global_{credit,stamp} to a separate cache line octeontx2-af: Fix default entries mcam entry action bonding: alb: fix UAF in rlb_arp_recv during bond up/down net/mlx5: Fix multiport device check over light SFs apparmor: fix NULL sock in aa_sock_file_perm apparmor: return -ENOMEM in unpack_perms_table upon alloc failure apparmor: fix rlimit for posix cpu timers apparmor: remove apply_modes_to_perms from label_match apparmor: make label_match return a consistent value apparmor: fix invalid deref of rawdata when export_binary is unset apparmor: fix aa_label to return state from compount and component match drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() drm/amdgpu: Fix memory leak in amdgpu_ras_init() drm/i915/acpi: free _DSM package when no connectors ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init drm/amdkfd: fix debug watchpoints for logical devices drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname() spi: wpcm-fiu: Fix uninitialized res spi: wpcm-fiu: Simplify with dev_err_probe() spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n efi: Fix reservation of unaccepted memory table btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found x86/hyperv: Fix error pointer dereference ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk drm/amd/display: Use same max plane scaling limits for all 64 bpp formats MIPS: Work around LLVM bug when gp is used as global register variable ext4: don't cache extent during splitting extent ext4: fix memory leak in ext4_ext_shift_extents() ext4: use optimized mballoc scanning regardless of inode format ata: pata_ftide010: Fix some DMA timings ata: libata-scsi: refactor ata_scsi_translate() SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path ASoC: dt-bindings: asahi-kasei,ak4458: Fix the supply names ASoC: dt-bindings: asahi-kasei,ak5558: Fix the supply names perf test stat: Update test expectations and events perf test stat tests: Fix for virtualized machines perf unwind-libdw: Fix invalid reference counts perf callchain: Fix srcline printing with inlines libsubcmd: Fix null intersection case in exclude_cmds() libperf: Don't remove -g when EXTRA_CFLAGS are used libperf build: Always place libperf includes first rtc: interface: Alarm race handling should not discard preceding error audit: add fchmodat2() to change attributes class hfsplus: fix volume corruption issue for generic/498 fs/buffer: add alert in try_to_free_buffers() for folios without buffers audit: add missing syscalls to read class hfsplus: pretend special inodes as regular files i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() minix: Add required sanity checking to minix_check_superblock() btrfs: handle user interrupt properly in btrfs_trim_fs() smb: client: add proper locking around ses->iface_last_update gfs2: fiemap page fault fix smb: client: prevent races in ->query_interfaces() tools/power cpupower: Reset errno before strtoull() s390/purgatory: Add -Wno-default-const-init-unsafe to KBUILD_CFLAGS perf/arm-cmn: Support CMN-600AE arm64: Add support for TSV110 Spectre-BHB mitigation rnbd-srv: Zero the rsp buffer before using it x86/xen/pvh: Enable PAE mode for 32-bit guest only when CONFIG_X86_PAE is set EFI/CPER: don't dump the entire memory region APEI/GHES: ensure that won't go past CPER allocated record EFI/CPER: don't go past the ARM processor CPER record buffer ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP md-cluster: fix NULL pointer dereference in process_metadata_update cpufreq: dt-platdev: Block the driver from probing on more QC platforms s390/perf: Disable register readout on sampling events perf/cxlpmu: Replace IRQF_ONESHOT with IRQF_NO_THREAD xenbus: Use .freeze/.thaw to handle xenbus devices blk-mq-debugfs: add missing debugfs_mutex in blk_mq_debugfs_register_hctxs() sparc: Synchronize user stack on fork and clone sparc: don't reference obsolete termio struct for TC* constants bpf: verifier improvement in 32bit shift sign extension pattern clocksource/drivers/sh_tmu: Always leave device running after probe clocksource/drivers/timer-integrator-ap: Add missing Kconfig dependency on OF PCI/MSI: Unmap MSI-X region on error crypto: hisilicon/qm - move the barrier before writing to the mailbox register mailbox: bcm-ferxrm-mailbox: Use default primary handler char: tpm: cr50: Remove IRQF_ONESHOT pstore: ram_core: fix incorrect success return when vmap() fails arm64: tegra: smaug: Add usb-role-switch support parisc: Prevent interrupts during reboot drm/display/dp_mst: Add protection against 0 vcpi spi-geni-qcom: initialize mode related registers to 0 spi-geni-qcom: use xfer->bits_per_word for can_dma() media: dvb-core: dmxdevfilter must always flush bufs spi: stm32: fix Overrun issue at < 8bpw drm/v3d: Set DMA segment size to avoid debug warnings media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes media: omap3isp: isppreview: always clamp in preview_try_format() media: omap3isp: set initial format media: mediatek: vcodec: Don't try to decode 422/444 VP9 drm/amdgpu: add support for HDP IP version 6.1.1 drm/amdgpu: avoid a warning in timedout job handler HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug spi: spi-mem: Limit octal DTR constraints to octal DTR situations media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START media: adv7180: fix frame interval in progressive mode media: pvrusb2: fix URB leak in pvr2_send_request_ex media: solo6x10: Check for out of bounds chip_id media: cx25821: Fix a resource leak in cx25821_dev_setup() media: v4l2-async: Fix error handling on steps after finding a match drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() drm: Account property blob allocations to memcg hyper-v: Mark inner union in hv_kvp_exchg_msg_value as packed virt: vbox: uapi: Mark inner unions in packed structs as packed drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release media: rkisp1: Fix filter mode register configuration HID: multitouch: add eGalaxTouch EXC3188 support HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro gpio: aspeed-sgpio: Change the macro to support deferred probe ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE hwmon: (f71882fg) Add F81968 support ASoC: es8328: Add error unwind in resume modpost: Amend ppc64 save/restfpr symnames for -Os build ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio jfs: Add missing set_freezable() for freezable kthread jfs: nlink overflow in jfs_rename wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H dm: replace -EEXIST with -EBUSY dm: remove fake timeout to avoid leak request iommu/arm-smmu-v3: Improve CMDQ lock fairness and efficiency wifi: libertas: fix WARNING in usb_tx_block iommu/amd: move wait_on_sem() out of spinlock wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 wifi: ath12k: fix preferred hardware mode calculation ipv6: annotate data-races in ip6_multipath_hash_{policy,fields}() ipv6: exthdrs: annotate data-race over multiple sysctl ext4: mark group add fast-commit ineligible ext4: move ext4_percpu_param_init() before ext4_mb_init() ext4: mark group extend fast-commit ineligible netfilter: nf_conntrack: Add allow_clash to generic protocol handler netfilter: xt_tcpmss: check remaining length before reading optlen openrisc: define arch-specific version of nop() net: usb: r8152: fix transmit queue timeout wifi: iwlwifi: mvm: check the validity of noa_len net/rds: No shortcut out of RDS_CONN_ERROR gro: change the BUG_ON() in gro_pull_from_frag0() ipv4: igmp: annotate data-races around idev->mr_maxdelay net: hns3: extend HCLGE_FD_AD_QID to 11 bits wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() ipv4: fib: Annotate access to struct fib_alias.fa_state. Bluetooth: hci_conn: Set link_policy on incoming ACL connections Bluetooth: hci_conn: use mod_delayed_work for active mode timeout Bluetooth: btusb: Add new VID/PID for RTL8852CE Bluetooth: btusb: Add device ID for Realtek RTL8761BU octeontx2-af: Workaround SQM/PSE stalls by disabling sticky wifi: rtw89: pci: restore LDO setting after device resume wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() net: usb: sr9700: remove code to drive nonexistent multicast filter vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 net/rds: Clear reconnect pending bit PCI: Mark ASM1164 SATA controller to avoid bus reset PCI: Fix pci_slot_lock () device locking PCI: Enable ACS after configuring IOMMU for OF platforms PCI: Add ACS quirk for Qualcomm Hamoa & Glymur PCI: Mark Nvidia GB10 to avoid bus reset myri10ge: avoid uninitialized variable use nfc: nxp-nci: remove interrupt trigger type RDMA/rtrs-clt: For conn rejection use actual err number ata: libata: avoid long timeouts on hot-unplugged SATA DAS hisi_acc_vfio_pci: update status after RAS error scsi: buslogic: Reduce stack usage vhost: fix caching attributes of MMIO regions by setting them explicitly tracing: Fix false sharing in hwlat get_sample() remoteproc: imx_dsp_rproc: Skip RP_MBOX_SUSPEND_SYSTEM when mailbox TX channel is uninitialized mailbox: pcc: Remove spurious IRQF_ONESHOT usage mailbox: imx: Skip the suspend flag for i.MX7ULP mailbox: sprd: mask interrupts that are not handled remoteproc: mediatek: Break lock dependency to `prepare_lock` mailbox: sprd: clear delivery flag before handling TX done clk: microchip: core: correct return value on *_get_parent() m68k: nommu: fix memmove() with differently aligned src and dest for 68000 soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure serial: 8250_dw: handle clock enable errors in runtime_resume usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs fpga: of-fpga-region: Fail if any bridge is missing dmaengine: sun6i: Choose appropriate burst length under maxburst dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 staging: rtl8723bs: fix memory leak on failure path serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done fix it87_wdt early reboot by reporting running timer binder: don't use %pK through printk watchdog: imx7ulp_wdt: handle the nowayout option phy: mvebu-cp110-utmi: fix dr_mode property read from dts phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature Revert "mfd: da9052-spi: Change read-mask to write-mask" iio: Use IRQF_NO_THREAD iio: magnetometer: Remove IRQF_ONESHOT MIPS: Loongson: Make cpumask_of_node() robust against NUMA_NO_NODE fs: ntfs3: check return value of indx_find to avoid infinite loop fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST fs/ntfs3: drop preallocated clusters for sparse and compressed files fs/ntfs3: avoid calling run_get_entry() when run == NULL in ntfs_read_run_nb_ra() ceph: supply snapshot context in ceph_uninline_data() libceph: define and enforce CEPH_MAX_KEY_LEN thermal: int340x: Fix sysfs group leak on DLVR registration failure include: uapi: netfilter_bridge.h: Cover for musl libc ARM: 9467/1: mm: Don't use %pK through printk drm/amd/display: Avoid updating surface with the same surface under MPO drm/amdgpu: Adjust usleep_range in fence wait ALSA: usb-audio: Update the number of packets properly at receiving drm/amdgpu: Add HAINAN clock adjustment drm/radeon: Add HAINAN clock adjustment ALSA: usb-audio: Add sanity check for OOB writes at silencing btrfs: replace BUG() with error handling in __btrfs_balance() drm/amd/display: Remove conditional for shaper 3DLUT power-on rtc: zynqmp: correct frequency value ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm: skip templates check for packet offload tunnel mode ipmi: ipmb: initialise event handler read bytes xfrm: always flush state and policy upon NETDEV_UNREGISTER event net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode net: usb: lan78xx: scan all MDIO addresses on LAN7801 net: ixp4xx_eth: convert to ndo_hwtstamp_get() and ndo_hwtstamp_set() net: ethernet: xscale: Check for PTP support properly wifi: cfg80211: wext: fix IGTK key ID off-by-one Remove WARN_ALL_UNSEEDED_RANDOM kernel config option UBUNTU: [Config] Remove WARN_ALL_UNSEEDED_RANDOM Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ Bluetooth: hci_qca: Cleanup on all setup failures Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ tipc: fix duplicate publication key in tipc_service_insert_publ() RDMA/core: Fix stale RoCE GIDs during netdev events at registration net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets RDMA/efa: Fix typo in efa_alloc_mr() net: usb: pegasus: enable basic endpoint checking RDMA/umem: Fix double dma_buf_unpin in failure path net/mlx5: DR, Fix circular locking dependency in dump net/mlx5: Fix missing devlink lock in SRIOV enable error path net: consume xmit errors of GSO frames dpaa2-switch: validate num_ifs to prevent out-of-bounds write netfilter: nf_conntrack_h323: fix OOB read in decode_choice() rpmsg: core: fix race in driver_override_show() and use core helper clk: renesas: rzg2l: Fix intin variable size clk: renesas: rzg2l: Select correct div round macro ASoC: SOF: ipc4-control: If there is no data do not send bytes update ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data ASoC: SOF: ipc4-control: Keep the payload size up to date fpga: dfl: use subsys_initcall to allow built-in drivers to be added dm-verity: correctly handle dm_bufio_client_create() failure media: mediatek: encoder: Fix uninitialized scalar variable issue media: mtk-mdp: Fix error handling in probe function media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() media: verisilicon: AV1: Fix enable cdef computation media: verisilicon: AV1: Fix tx mode bit setting ARM: omap2: Fix reference count leaks in omap_control_init() KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding arm64: Disable branch profiling for all arm64 code HID: hid-pl: handle probe errors HID: magicmouse: Do not crash on missing msc->input HID: prodikeys: Check presence of pm->input_ep82 HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() arm64: dts: apple: t8112-j473: Keep the HDMI port powered on media: verisilicon: AV1: Set IDR flag for intra_only frame type media: radio-keene: fix memory leak in error path media: cx88: Add missing unmap in snd_cx88_hw_params() media: cx23885: Add missing unmap in snd_cx23885_hw_params() media: cx25821: Add missing unmap in snd_cx25821_hw_params() media: i2c/tw9903: Fix potential memory leak in tw9903_probe() media: i2c/tw9906: Fix potential memory leak in tw9906_probe() media: i2c: ov01a10: Fix the horizontal flip control media: i2c: ov01a10: Fix reported pixel-rate value media: i2c: ov01a10: Fix analogue gain range media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls media: i2c: ov01a10: Fix test-pattern disabling media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() media: ccs: Avoid possible division by zero media: i2c: ov5647: Initialize subdev before controls media: i2c: ov5647: Correct pixel array offset media: i2c: ov5647: Correct minimum VBLANK value media: i2c: ov5647: Sensor should report RAW color space media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode media: i2c: ov5647: use our own mutex for the ctrl lock dm-integrity: fix a typo in the code for write/discard race dm: clear cloned request bio pointer when last clone bio completes soc: ti: k3-socinfo: Fix regmap leak on probe failure soc: ti: pruss: Fix double free in pruss_clk_mux_setup() KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation clk: clk-apple-nco: Add "apple,t8103-nco" compatible media: i2c: ov01a10: Fix digital gain range clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() s390/pci: Handle futile config accesses of disabled devices directly dm-integrity: fix recalculation in bitmap mode dm-unstripe: fix mapping bug when there are multiple targets in a table arm64: dts: rockchip: Do not enable hdmi_sound node on Pinebook Pro media: venus: vdec: fix error state assignment for zero bytesused media: venus: vdec: restrict EOS addr quirk to IRIS2 only drm: of: drm_of_panel_bridge_remove(): fix device_node leak mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations selftests/mm/charge_reserved_hugetlb: drop mount size for hugetlbfs xfs: mark data structures corrupt on EIO and ENODATA media: verisilicon: AV1: Fix tile info buffer size iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode mfd: core: Add locking around 'mfd_of_node_list' xfs: delete attr leaf freemap entries when empty xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs: fix remote xattr valuelblk check KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions md/bitmap: fix GPF in write_page caused by resize race nfsd: fix return error code for nfsd_map_name_to_[ug]id nvmem: Drop OF node reference on nvmem_add_one_cell() failure usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN bus: fsl-mc: fix an error handling in fsl_mc_device_add() dm mpath: make pg_init_delay_msecs settable tools: Fix bitfield dependency failure powerpc/smp: Add check for kcalloc() failure in parse_thread_groups() iio: gyro: itg3200: Fix unchecked return value in read_raw mm/highmem: fix __kmap_to_page() build error rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() ocfs2: fix reflink preserve cleanup issue kexec: derive purgatory entry from symbol Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" PCI/IOV: Fix race between SR-IOV enable/disable and hotplug arm64: Fix non-atomic __READ_ONCE() with CONFIG_LTO=y btrfs: continue trimming remaining devices on failure remoteproc: imx_rproc: Fix invalid loaded resource table detection perf/arm-cmn: Reject unsupported hardware configurations scsi: ufs: core: Flush exception handling work when RPM level is zero usb: dwc3: gadget: Move vbus draw to workqueue context usb: dwc2: fix resume failure if dr_mode is host mtd: rawnand: pl353: Fix software ECC support tipc: fix RCU dereference race in tipc_aead_users_dec() drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() net: cpsw_new: Fix unnecessary netdev unregistration in cpsw_probe() error path PCI: Fix pci_slot_trylock() error handling parisc: kernel: replace kfree() with put_device() in create_tree_node() staging: rtl8723bs: fix null dereference in find_network cifs: Fix locking usage for tcon fields MIPS: rb532: Fix MMIO UART resource registration ceph: supply snapshot context in ceph_zero_partial_object() LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE LoongArch: Prefer top-down allocation after arch_mem_init() LoongArch: Guard percpu handler under !CONFIG_PREEMPT_RT LoongArch: Disable instrumentation for setup_ptwalker() net: ethernet: marvell: skge: remove incorrect conflicting PCI ID net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() octeontx2-af: CGX: fix bitmap leaks net: macb: Fix tx/rx malfunction after phy link down and up tracing: Fix to set write permission to per-cpu buffer_size_kb io_uring/filetable: clamp alloc_hint to the configured alloc range net: intel: fix PCI device ID conflict between i40e and ipw2200 atm: fore200e: fix use-after-free in tasklets during device removal ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() fbcon: check return value of con2fb_acquire_newinfo() fbdev: vt8500lcdfb: fix missing dma_free_coherent() fbdev: of: display_timing: fix refcount leak in of_get_display_timings() fbdev: ffb: fix corrupted video output on Sun FFB1 fbcon: Remove struct fbcon_display.inverse cifs: some missing initializations on replay ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() x86/kexec: Copy ACPI root pointer address from config table arm64: Force the use of CNTVCT_EL0 in __delay() net: nfc: nci: Fix parameter validation for packet data tracing: Fix checking of freed trace_event_file for hist files tracing: Wake up poll waiters for hist files when removing an event NTB: ntb_transport: Fix too small buffer for debugfs_name drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros arm64: Fix sampling the "stable" virtual counter in preemptible section gfs2: Fix slab-use-after-free in qd_put io_uring: use release-acquire ordering for IORING_SETUP_R_DISABLED thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature OPP: Return correct value in dev_pm_opp_get_level cpufreq: scmi: Fix device_node reference leak in scmi_cpu_domain_id() perf/x86/core: Do not set bit width for unavailable counters genirq: Set IRQF_COND_ONESHOT in devm_request_irq(). platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() media: pci: mg4b: Use IRQF_NO_THREAD firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET arm64: dts: qcom: msm8994-octagon: Fix Analog Devices vendor prefix of AD7147 arm64: dts: mediatek: mt8183-jacuzzi-pico6: Fix typo in pinmux node arm64: dts: qcom: qrb4210-rb2: Fix UART3 wakeup IRQ storm arm64: dts: qcom: x1e: bus is 40-bits (fix 64GB models) media: chips-media: wave5: Fix memory leak on codec_info allocation failure drm/amd: Drop "amdgpu kernel modesetting enabled" message drm/amdkfd: Fix signal_eviction_fence() bool return value drm/xe: Unregister drm device on probe error HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients wifi: cfg80211: Fix use_for flag update on BSS refresh PCI: Check parent for NULL in of_pci_bus_release_domain_nr() netfilter: nfnetlink_queue: optimize verdict lookup with hash table netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation netfilter: nft_set_rbtree: fix bogus EEXIST with NLM_F_CREATE with null interval power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() RDMA/mlx5: Fix UMR hang in LAG error state unload IB/mlx5: Fix port speed query for representors platform/x86/amd/pmf: Prevent TEE errors after hibernate crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler clk: qcom: gcc-sm8650: Use floor ops for SDCC RCGs clk: qcom: gcc-sm4450: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-x1e80100: Update the SDCC RCGs to use shared_floor_ops dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue iio: pressure: mprls0025pa: fix interrupt flag objpool: fix the overestimation of object pooling metadata size ipvs: do not keep dest_dst if dev is going down net/mlx5e: Use unsigned for mlx5e_get_max_num_channels AppArmor: Allow apparmor to handle unaligned dfa tables apparmor: Fix & Optimize table creation from possibly unaligned memory apparmor: avoid per-cpu hold underflow in aa_get_buffer drm/amd/display: Fix out-of-bounds stream encoder index v3 btrfs: use the correct type to initialize block reserve for delayed refs Drivers: hv: vmbus: Use kthread for vmbus interrupts on PREEMPT_RT i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init APEI/GHES: ARM processor Error: don't go past allocated memory ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] powercap: intel_rapl: Add PL4 support for Ice Lake alpha: fix user-space corruption during memory compaction ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) ACPI: battery: fix incorrect charging status when current is zero perf/x86/msr: Add Airmont NP perf/x86/cstate: Add Airmont NP bpf: Recognize special arithmetic shift in the verifier firmware: arm_ffa: Unmap Rx/Tx buffers on init failure gpu/panel-edp: add AUO panel entry for B140HAN06.4 drm/amdgpu: fix NULL pointer issue buffer funcs ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET media: chips-media: wave5: Fix conditional in start_streaming media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder drm/amd/display: Fix dsc eDP issue drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() media: mt9m114: Avoid a reset low spike during probe() media: mt9m114: Return -EPROBE_DEFER if no endpoint is found ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk PCI: Add Intel Nova Lake audio Device ID drm/amd/display: Disable FEC when powering down encoders drm/amd/display: avoid dig reg access timeout on usb4 link training fail hwmon: (dell-smm) Add support for Dell OptiPlex 7080 HID: logitech-hidpp: Add support for Logitech K980 ASoC: SOF: Intel: hda: Fix NULL pointer dereference spi: geni-qcom: Fix abort sequence execution for serial engine errors ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx wifi: rtw89: 8922a: set random mac if efuse contains zeroes wifi: rtw89: ser: enable error IMR after recovering from L1 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() wifi: rtw89: mac: correct page number for CSI response wifi: ath11k: Fix failure to connect to a 6 GHz AP ipv6: annotate data-races over sysctl.flowlabel_reflect ext4: use reserved metadata blocks when splitting extent on endio Bluetooth: btusb: Add support for MediaTek7920 0489:e158 net: sfp: add quirk for Lantech 8330-265D PCI/AER: Clear stale errors on reporting agents upon probe scsi: ufs: mediatek: Fix page faults in ufs_mtk_clk_scale() trace event riscv: vector: init vector context with proper vlenb HID: i2c-hid: Add FocalTech FT8112 9p/xen: protect xen_9pfs_front_free against concurrent calls soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list most: remove usage of the deprecated ida_simple_xx() API most: core: fix resource leak in most_register_interface error paths usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() serial: 8250: 8250_omap.c: Add support for handling UART error conditions mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 drm/amd/display: Fix writeback on DCN 3.2+ drm/amd/display: Fix system resume lag issue drm/amd/display: bypass post csc for additional color spaces in dal spi: spidev: fix lock inversion between spi_lock and buf_lock Bluetooth: L2CAP: Avoid -Wflex-array-member-not-at-end warnings Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short kcm: fix zero-frag skb in frag_list on partial sendmsg error net/mlx5: E-switch, Clear legacy flag when moving to switchdev net/mlx5e: Separate address related variables to be in struct net/mlx5e: Support routed networks during IPsec MACs initialization net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query drm/tests: shmem: Swap names of export tests KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR media: amphion: Drop min_queued_buffers assignment media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() media: ccs: Fix setting initial sub-device state platform/x86: ISST: Add missing write block check bus: omap-ocp2scp: fix OF populate on driver rebind media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop drm/buddy: Prevent BUG_ON by validating rounded allocation xfs: remove xfs_attr_leaf_hasname mfd: qcom-pm8xxx: Fix OF populate on driver rebind mfd: omap-usb-host: Fix OF populate on driver rebind xfs: fix the xattr scrub to detect freemap/entries array collisions pinctrl: intel: Add code name documentation xfs: check for deleted cursors when revalidating two btrees vhost: move vdpa group bound check to vhost_vdpa clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841 mm/slab: use unsigned long for orig_size to ensure proper metadata align drm/amd/display: Increase DCN35 SR enter/exit latency drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify mm: numa_memblks: Identify the accurate NUMA ID of CFMW drm/amdgpu: keep vga memory on MacBooks with switchable graphics most: core: fix leak on early registration failure Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req UBUNTU: Upstream stable to v6.6.128, v6.12.75 ** Affects: linux (Ubuntu) Importance: Undecided Status: Invalid ** Affects: linux (Ubuntu Noble) Importance: Medium Assignee: Noah Wager (nwager) Status: In Progress ** Tags: kernel-stable-tracking-bug ** Changed in: linux (Ubuntu) Status: New => Confirmed ** Also affects: linux (Ubuntu Noble) Importance: Undecided Status: New ** Changed in: linux (Ubuntu) Status: Confirmed => Invalid ** Changed in: linux (Ubuntu Noble) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Noble) Status: New => In Progress ** Changed in: linux (Ubuntu Noble) Assignee: (unassigned) => Noah Wager (nwager) ** Description changed: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2026-05-01 + + Ported from the following upstream stable releases: + v6.6.128, v6.12.75 + from git://git.kernel.org/ + + RDMA/siw: Fix potential NULL pointer dereference in header processing + RDMA/umad: Reject negative data_len in ib_umad_write + auxdisplay: arm-charlcd: fix release_mem_region() size + hfsplus: return error when node already exists in hfs_bnode_create + rcu: s/boost_kthread_mutex/kthread_mutex + rcu/exp: Move expedited kthread worker creation functions above rcutree_prepare_cpu() + rcu: Refactor expedited handling check in rcu_read_unlock_special() + rcu: Remove local_irq_save/restore() in rcu_preempt_deferred_qs_handler() + rcu: Fix rcu_read_unlock() deadloop due to softirq + audit: move the compat_xxx_class[] extern declarations to audit_arch.h + i3c: Move device name assignment after i3c_bus_init + fs: add <linux/init_task.h> for 'init_fs' + i3c: master: Update hot-join flag only on success + gfs2: Retries missing in gfs2_{rename,exchange} + gfs2: Fix use-after-free in iomap inline data write path + i3c: dw: Initialize spinlock to avoid upsetting lockdep + tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure + tpm: st33zp24: Fix missing cleanup on get_burstcount() error + btrfs: qgroup: return correct error when deleting qgroup relation item + btrfs: fix block_group_tree dirty_list corruption + smb: client: fix potential UAF and double free in smb2_open_file() + xen/virtio: Don't use grant-dma-ops when running as Dom0 + ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() + io_uring/sync: validate passed in offset + cpuidle: menu: Cleanup after loadavg removal + cpuidle: governors: menu: Always check timers with tick stopped + md/raid10: fix any_working flag handling in raid10_sync_request + iomap: fix submission side handling of completion side errors + ublk: Validate SQE128 flag before accessing the cmd + x86/xen: make some functions static + Partial revert "x86/xen: fix balloon target initialization for PVH dom0" + PM: wakeup: Handle empty list in wakeup_sources_walk_start() + perf: arm_spe: Properly set hw.state on failures + PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races + s390/cio: Fix device lifecycle handling in css_alloc_subchannel() + crypto: qat - fix warning on adf_pfvf_pf_proto.c + selftests/bpf: veristat: fix printing order in output_stats() + libbpf: Fix OOB read in btf_dump_get_bitfield_value + ARM: VDSO: Patch out __vdso_clock_getres() if unavailable + crypto: cavium - fix dma_free_coherent() size + crypto: octeontx - fix dma_free_coherent() size + crypto: hisilicon/zip - adjust the way to obtain the req in the callback function + crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable + hrtimer: Fix trace oddity + bpf, sockmap: Fix incorrect copied_seq calculation + bpf, sockmap: Fix FIONREAD for sockmap + crypto: hisilicon/trng - modifying the order of header files + crypto: hisilicon/trng - support tfms sharing the device + bpf: Fix bpf_xdp_store_bytes proto for read-only arg + scsi: efct: Use IRQF_ONESHOT and default primary handler + EDAC/altera: Remove IRQF_ONESHOT + mfd: wm8350-core: Use IRQF_ONESHOT + sched/rt: Skip currently executing CPU in rto_next_cpu() + pstore/ram: fix buffer overflow in persistent_ram_save_old() + soc: qcom: smem: handle ENOMEM error during probe + EDAC/i5000: Fix snprintf() size calculation in calculate_dimm_size() + EDAC/i5400: Fix snprintf() limit calculation in calculate_dimm_size() + arm64: dts: tqma8mpql-mba8mpxl: Fix HDMI CEC pad control settings + clk: qcom: Return correct error code in qcom_cc_probe_by_index() + arm64: dts: qcom: sdm630: fix gpu_speed_bin size + arm64: dts: qcom: sdm845-oneplus: Don't mark ts supply boot-on + ARM: dts: allwinner: sun5i-a13-utoo-p66: delete "power-gpios" property + powerpc/uaccess: Move barrier_nospec() out of allow_read_{from/write}_user() + soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe + soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() + powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling + ARM: dts: lpc32xx: Set motor PWM #pwm-cells property value to 3 cells + arm: dts: lpc32xx: add clocks property to Motor Control PWM device tree node + arm64: dts: amlogic: axg: assign the MMC signal clocks + arm64: dts: amlogic: gx: assign the MMC signal clocks + arm64: dts: amlogic: g12: assign the MMC B and C signal clocks + arm64: dts: amlogic: g12: assign the MMC A signal clock + arm64: dts: qcom: sdm845-db845c: drop CS from SPIO0 + arm64: dts: qcom: sdm845-db845c: specify power for WiFi CH1 + arm64: dts: qcom: sm6115: Add CX_MEM/DBGC GPU regions + workqueue: Factor out assign_rescuer_work() + workqueue: Only assign rescuer work when really needed + workqueue: Process rescuer work items one-by-one using a cursor + smack: /smack/doi must be > 0 + smack: /smack/doi: accept previously used values + ASoC: nau8821: Consistently clear interrupts before unmasking + ASoC: nau8821: Avoid unnecessary blocking in IRQ handler + ASoC: nau8821: Fixup nau8821_enable_jack_detect() + drm/amdgpu: Use explicit VCN instance 0 in SR-IOV init + drm/msm/disp/dpu: add merge3d support for sc7280 + regulator: core: move supply check earlier in set_machine_constraints() + HID: playstation: Add missing check for input_ff_create_memless + drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x + media: ccs: Accommodate C-PHY into the calculation + drm/msm/a2xx: fix pixel shader start on A225 + platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev + media: uvcvideo: Fix allocation for small frame sizes + platform/chrome: cros_ec_lightbar: Fix response size initialization + spi: tools: Add include folder to .gitignore + Revert "hwmon: (ibmpex) fix use-after-free in high/low store" + PCI: mediatek: Fix IRQ domain leak when MSI allocation fails + Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors + PCI/PM: Avoid redundant delays on D3hot->D3cold + PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails + Documentation: tracing: Add ring-buffer mapping + docs: fix WARNING document not included in any toctree + Documentation: trace: Refactor toctree + Documentation: tracing: Add PCI tracepoint documentation + PCI: Do not attempt to set ExtTag for VFs + PCI/portdrv: Fix potential resource leak + quota: fix livelock between quotactl and freeze_super + net: mctp-i2c: fix duplicate reception of old data + mctp i2c: initialise event handler read bytes + wifi: cfg80211: stop NAN and P2P in cfg80211_leave + netfilter: nf_tables: reset table validation state on abort + netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH + netfilter: nf_conncount: increase the connection clean up limit to 64 + netfilter: nft_compat: add more restrictions on netlink attributes + netfilter: nf_conncount: fix tracking of connections from localhost + module: add helper function for reading module_buildid() + kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup() + PCI: Mark 3ware-9650SA Root Port Extended Tags as broken + iommu/vt-d: Flush cache for PASID table before using it + dm: use bio_clone_blkg_association + nfsd: never defer requests during idmap lookup + fat: avoid parent link count underflow in rmdir + tcp: tcp_tx_timestamp() must look at the rtx queue + wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() + PCI: Initialize RCB from pci_configure_device() + PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros + PCI: Add defines for bridge window indexing + PCI/ACPI: Restrict program_hpx_type2() to AER bits + ipc: don't audit capability check in ipc_permissions() + ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit() + of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() + mptcp: fix receive space timestamp initialization + octeontx2-af: Fix PF driver crash with kexec kernel booting + bonding: only set speed/duplex to unknown, if getting speed failed + inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP + nfc: hci: shdlc: Stop timers and work before freeing context + netfilter: nft_set_hash: fix get operation on big endian + netfilter: nft_counter: fix reset of counters on 32bit archs + netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets + PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] + net: hns3: fix double free issue for tx spare buffer + procfs: fix missing RCU protection when reading real_parent in do_task_stat() + smb: client: correct value for smbd_max_fragmented_recv_size + net: atm: fix crash due to unvalidated vcc pointer in sigd_send() + net: sunhme: Fix sbus regression + net: Add skb_dstref_steal and skb_dstref_restore + net: Switch to skb_dstref_steal/skb_dstref_restore for ip_route_input callers + xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path + serial: caif: fix use-after-free in caif_serial ldisc_close() + octeon_ep: disable per ring interrupts + octeon_ep: ensure dbell BADDR updation + ionic: Rate limit unknown xcvr type messages + octeontx2-pf: Unregister devlink on probe failure + RDMA/rtrs: server: remove dead code + IB/cache: update gid cache on client reregister event + RDMA/hns: Fix WQ_MEM_RECLAIM warning + RDMA/hns: Notify ULP of remaining soft-WCs during reset + power: supply: ab8500: Fix use-after-free in power_supply_changed() + power: supply: act8945a: Fix use-after-free in power_supply_changed() + power: supply: bq256xx: Fix use-after-free in power_supply_changed() + power: supply: bq25980: Fix use-after-free in power_supply_changed() + power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() + power: supply: goldfish: Fix use-after-free in power_supply_changed() + power: supply: rt9455: Fix use-after-free in power_supply_changed() + power: supply: sbs-battery: Fix use-after-free in power_supply_changed() + power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write + power: supply: bq27xxx: fix wrong errno when bus ops are unsupported + power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() + RDMA/rtrs-srv: fix SG mapping + RDMA/rxe: Fix double free in rxe_srq_from_init + tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() + mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper + crypto: ccp - Add an S4 restore flow + crypto: ccp - Factor out ring destroy handling to a helper + crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails + mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() + RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send + RDMA/rxe: Fix race condition in QP timer handlers + svcrdma: Increase the per-transport rw_ctx count + svcrdma: Reduce the number of rdma_rw contexts per-QP + RDMA/core: add rdma_rw_max_sge() helper for SQ sizing + cxl: Fix premature commit_end increment on decoder commit failure + mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() + mtd: spinand: Fix kernel doc + power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer + RDMA/uverbs: Add __GFP_NOWARN to ib_uverbs_unmarshall_recv() kmalloc + pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN + scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() + scsi: ufs: host: mediatek: Require CONFIG_PM + scsi: csiostor: Fix dereference of null pointer rn + nvdimm: virtio_pmem: serialize flush requests + fs/nfs: Fix readdir slow-start regression + tracing: Properly process error handling in event_hist_trigger_parse() + tracing: Remove duplicate ENABLE_EVENT_STR and DISABLE_EVENT_STR macros + fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() + fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() + clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs + clk: qcom: rcg2: compute 2d using duty fraction directly + clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs + clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops + clk: qcom: gcc-sdx75: Update the SDCC RCGs to use shared_floor_ops + clk: qcom: gcc-qdu1000: Update the SDCC RCGs to use shared_floor_ops + clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc + clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc + clk: qcom: gcc-ipq5018: flag sleep clock as critical + clk: Move clk_{save,restore}_context() to COMMON_CLK section + clk: qcom: dispcc-sdm845: Enable parents for pixel clocks + clk: qcom: gfx3d: add parent to parent request map + clk: mediatek: Fix error handling in runtime PM setup + dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX + dma: dma-axi-dmac: fix SW cyclic transfers + staging: greybus: lights: avoid NULL deref + serial: imx: change SERIAL_IMX_CONSOLE to bool + serial: SH_SCI: improve "DMA support" prompt + mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms + iio: pressure: mprls0025pa: fix scan_type struct + watchdog: starfive-wdt: Fix PM reference leak in probe error path + coresight: etm3x: Fix cpulocked warning on cpuhp + Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" + mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure + mfd: simple-mfd-i2c: Add MAX77705 support + mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA + mfd: simple-mfd-i2c: Add SpacemiT P1 support + mfd: simple-mfd-i2c: Keep compatible strings in alphabetical order + mfd: simple-mfd-i2c: Add Delta TN48M CPLD support + UBUNTU: [Config] Disable new Delta TN48M CPLD support by default + drivers: iio: mpu3050: use dev_err_probe for regulator request + usb: bdc: fix sleep during atomic + pinctrl: equilibrium: Fix device node reference leak in pinbank_init() + ovl: Fix uninit-value in ovl_fill_real + iio: sca3000: Fix a resource leak in sca3000_probe() + pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition + pinctrl: single: fix refcount leak in pcs_add_gpio_func() + leds: qcom-lpg: Check the return value of regmap_bulk_write() + backlight: qcom-wled: Support ovp values for PMI8994 + backlight: qcom-wled: Change PM8950 WLED configurations + dmaengine: fsl-edma: don't explicitly disable clocks in .remove() + io_uring/cancel: de-unionize file and user_data in struct io_cancel_data + fs/ntfs3: prevent infinite loops caused by the next valid being the same + fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot + ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs + powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check + kbuild: Add objtool to top-level clean target + selftests/memfd: delete unused declarations + selftests/memfd: use IPC semaphore instead of SIGSTOP/SIGCONT + ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO + cpuidle: Skip governor when only one idle state is available + selftests: mlxsw: tc_restrictions: Fix test failure with new iproute2 + net: sparx5/lan969x: fix DWRR cost max to match hardware register width + net: mscc: ocelot: extract ocelot_xmit_timestamp() helper + net: mscc: ocelot: split xmit into FDMA and register injection paths + net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() + ipv6: Fix out-of-bound access in fib6_add_rt2node(). + net: sparx5/lan969x: fix PTP clock max_adj value + net: usb: catc: enable basic endpoint checking + xen-netback: reject zero-queue configuration from guest + net/rds: rds_sendmsg should not discard payload_len + net: bridge: mcast: always update mdb_n_entries for vlan contexts + selftests: forwarding: vxlan_bridge_1d: fix test failure with br_netfilter enabled + selftests: forwarding: vxlan_bridge_1d_ipv6: fix test failure with br_netfilter enabled + netfilter: nf_conntrack_h323: don't pass uninitialised l3num value + net: remove WARN_ON_ONCE when accessing forward path array + netfilter: nf_tables: fix use-after-free in nf_tables_addchain() + ipv6: fix a race in ip6_sock_set_v6only() + bpftool: Fix truncated netlink dumps + ping: annotate data-races in ping_lookup() + macvlan: observe an RCU grace period in macvlan_common_newlink() error path + icmp: move icmp_global.credit and icmp_global.stamp to per netns storage + icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns + icmp: prevent possible overflow in icmp_global_allow() + cache: add __cacheline_group_{begin, end}_aligned() (+ couple more) + inet: move icmp_global_{credit,stamp} to a separate cache line + octeontx2-af: Fix default entries mcam entry action + bonding: alb: fix UAF in rlb_arp_recv during bond up/down + net/mlx5: Fix multiport device check over light SFs + apparmor: fix NULL sock in aa_sock_file_perm + apparmor: return -ENOMEM in unpack_perms_table upon alloc failure + apparmor: fix rlimit for posix cpu timers + apparmor: remove apply_modes_to_perms from label_match + apparmor: make label_match return a consistent value + apparmor: fix invalid deref of rawdata when export_binary is unset + apparmor: fix aa_label to return state from compount and component match + drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() + drm/amdgpu: Fix memory leak in amdgpu_ras_init() + drm/i915/acpi: free _DSM package when no connectors + ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init + drm/amdkfd: fix debug watchpoints for logical devices + drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 + spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname() + spi: wpcm-fiu: Fix uninitialized res + spi: wpcm-fiu: Simplify with dev_err_probe() + spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() + s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n + efi: Fix reservation of unaccepted memory table + btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found + x86/hyperv: Fix error pointer dereference + ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk + drm/amd/display: Use same max plane scaling limits for all 64 bpp formats + MIPS: Work around LLVM bug when gp is used as global register variable + ext4: don't cache extent during splitting extent + ext4: fix memory leak in ext4_ext_shift_extents() + ext4: use optimized mballoc scanning regardless of inode format + ata: pata_ftide010: Fix some DMA timings + ata: libata-scsi: refactor ata_scsi_translate() + SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths + SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path + ASoC: dt-bindings: asahi-kasei,ak4458: Fix the supply names + ASoC: dt-bindings: asahi-kasei,ak5558: Fix the supply names + perf test stat: Update test expectations and events + perf test stat tests: Fix for virtualized machines + perf unwind-libdw: Fix invalid reference counts + perf callchain: Fix srcline printing with inlines + libsubcmd: Fix null intersection case in exclude_cmds() + libperf: Don't remove -g when EXTRA_CFLAGS are used + libperf build: Always place libperf includes first + rtc: interface: Alarm race handling should not discard preceding error + audit: add fchmodat2() to change attributes class + hfsplus: fix volume corruption issue for generic/498 + fs/buffer: add alert in try_to_free_buffers() for folios without buffers + audit: add missing syscalls to read class + hfsplus: pretend special inodes as regular files + i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() + minix: Add required sanity checking to minix_check_superblock() + btrfs: handle user interrupt properly in btrfs_trim_fs() + smb: client: add proper locking around ses->iface_last_update + gfs2: fiemap page fault fix + smb: client: prevent races in ->query_interfaces() + tools/power cpupower: Reset errno before strtoull() + s390/purgatory: Add -Wno-default-const-init-unsafe to KBUILD_CFLAGS + perf/arm-cmn: Support CMN-600AE + arm64: Add support for TSV110 Spectre-BHB mitigation + rnbd-srv: Zero the rsp buffer before using it + x86/xen/pvh: Enable PAE mode for 32-bit guest only when CONFIG_X86_PAE is set + EFI/CPER: don't dump the entire memory region + APEI/GHES: ensure that won't go past CPER allocated record + EFI/CPER: don't go past the ARM processor CPER record buffer + ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() + ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP + md-cluster: fix NULL pointer dereference in process_metadata_update + cpufreq: dt-platdev: Block the driver from probing on more QC platforms + s390/perf: Disable register readout on sampling events + perf/cxlpmu: Replace IRQF_ONESHOT with IRQF_NO_THREAD + xenbus: Use .freeze/.thaw to handle xenbus devices + blk-mq-debugfs: add missing debugfs_mutex in blk_mq_debugfs_register_hctxs() + sparc: Synchronize user stack on fork and clone + sparc: don't reference obsolete termio struct for TC* constants + bpf: verifier improvement in 32bit shift sign extension pattern + clocksource/drivers/sh_tmu: Always leave device running after probe + clocksource/drivers/timer-integrator-ap: Add missing Kconfig dependency on OF + PCI/MSI: Unmap MSI-X region on error + crypto: hisilicon/qm - move the barrier before writing to the mailbox register + mailbox: bcm-ferxrm-mailbox: Use default primary handler + char: tpm: cr50: Remove IRQF_ONESHOT + pstore: ram_core: fix incorrect success return when vmap() fails + arm64: tegra: smaug: Add usb-role-switch support + parisc: Prevent interrupts during reboot + drm/display/dp_mst: Add protection against 0 vcpi + spi-geni-qcom: initialize mode related registers to 0 + spi-geni-qcom: use xfer->bits_per_word for can_dma() + media: dvb-core: dmxdevfilter must always flush bufs + spi: stm32: fix Overrun issue at < 8bpw + drm/v3d: Set DMA segment size to avoid debug warnings + media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes + media: omap3isp: isppreview: always clamp in preview_try_format() + media: omap3isp: set initial format + media: mediatek: vcodec: Don't try to decode 422/444 VP9 + drm/amdgpu: add support for HDP IP version 6.1.1 + drm/amdgpu: avoid a warning in timedout job handler + HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards + ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask + ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug + spi: spi-mem: Limit octal DTR constraints to octal DTR situations + media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START + media: adv7180: fix frame interval in progressive mode + media: pvrusb2: fix URB leak in pvr2_send_request_ex + media: solo6x10: Check for out of bounds chip_id + media: cx25821: Fix a resource leak in cx25821_dev_setup() + media: v4l2-async: Fix error handling on steps after finding a match + drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() + drm: Account property blob allocations to memcg + hyper-v: Mark inner union in hv_kvp_exchg_msg_value as packed + virt: vbox: uapi: Mark inner unions in packed structs as packed + drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback + drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts + drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release + media: rkisp1: Fix filter mode register configuration + HID: multitouch: add eGalaxTouch EXC3188 support + HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK + ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro + gpio: aspeed-sgpio: Change the macro to support deferred probe + ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio + spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end + ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() + hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE + hwmon: (f71882fg) Add F81968 support + ASoC: es8328: Add error unwind in resume + modpost: Amend ppc64 save/restfpr symnames for -Os build + ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio + jfs: Add missing set_freezable() for freezable kthread + jfs: nlink overflow in jfs_rename + wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero + wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() + wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H + dm: replace -EEXIST with -EBUSY + dm: remove fake timeout to avoid leak request + iommu/arm-smmu-v3: Improve CMDQ lock fairness and efficiency + wifi: libertas: fix WARNING in usb_tx_block + iommu/amd: move wait_on_sem() out of spinlock + wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode + PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port + wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 + wifi: ath12k: fix preferred hardware mode calculation + ipv6: annotate data-races in ip6_multipath_hash_{policy,fields}() + ipv6: exthdrs: annotate data-race over multiple sysctl + ext4: mark group add fast-commit ineligible + ext4: move ext4_percpu_param_init() before ext4_mb_init() + ext4: mark group extend fast-commit ineligible + netfilter: nf_conntrack: Add allow_clash to generic protocol handler + netfilter: xt_tcpmss: check remaining length before reading optlen + openrisc: define arch-specific version of nop() + net: usb: r8152: fix transmit queue timeout + wifi: iwlwifi: mvm: check the validity of noa_len + net/rds: No shortcut out of RDS_CONN_ERROR + gro: change the BUG_ON() in gro_pull_from_frag0() + ipv4: igmp: annotate data-races around idev->mr_maxdelay + net: hns3: extend HCLGE_FD_AD_QID to 11 bits + wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() + wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() + ipv4: fib: Annotate access to struct fib_alias.fa_state. + Bluetooth: hci_conn: Set link_policy on incoming ACL connections + Bluetooth: hci_conn: use mod_delayed_work for active mode timeout + Bluetooth: btusb: Add new VID/PID for RTL8852CE + Bluetooth: btusb: Add device ID for Realtek RTL8761BU + octeontx2-af: Workaround SQM/PSE stalls by disabling sticky + wifi: rtw89: pci: restore LDO setting after device resume + wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() + net: usb: sr9700: remove code to drive nonexistent multicast filter + vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 + net/rds: Clear reconnect pending bit + PCI: Mark ASM1164 SATA controller to avoid bus reset + PCI: Fix pci_slot_lock () device locking + PCI: Enable ACS after configuring IOMMU for OF platforms + PCI: Add ACS quirk for Qualcomm Hamoa & Glymur + PCI: Mark Nvidia GB10 to avoid bus reset + myri10ge: avoid uninitialized variable use + nfc: nxp-nci: remove interrupt trigger type + RDMA/rtrs-clt: For conn rejection use actual err number + ata: libata: avoid long timeouts on hot-unplugged SATA DAS + hisi_acc_vfio_pci: update status after RAS error + scsi: buslogic: Reduce stack usage + vhost: fix caching attributes of MMIO regions by setting them explicitly + tracing: Fix false sharing in hwlat get_sample() + remoteproc: imx_dsp_rproc: Skip RP_MBOX_SUSPEND_SYSTEM when mailbox TX channel is uninitialized + mailbox: pcc: Remove spurious IRQF_ONESHOT usage + mailbox: imx: Skip the suspend flag for i.MX7ULP + mailbox: sprd: mask interrupts that are not handled + remoteproc: mediatek: Break lock dependency to `prepare_lock` + mailbox: sprd: clear delivery flag before handling TX done + clk: microchip: core: correct return value on *_get_parent() + m68k: nommu: fix memmove() with differently aligned src and dest for 68000 + soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) + staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure + serial: 8250_dw: handle clock enable errors in runtime_resume + usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs + fpga: of-fpga-region: Fail if any bridge is missing + dmaengine: sun6i: Choose appropriate burst length under maxburst + dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings + misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() + misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 + staging: rtl8723bs: fix memory leak on failure path + serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done + fix it87_wdt early reboot by reporting running timer + binder: don't use %pK through printk + watchdog: imx7ulp_wdt: handle the nowayout option + phy: mvebu-cp110-utmi: fix dr_mode property read from dts + phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature + Revert "mfd: da9052-spi: Change read-mask to write-mask" + iio: Use IRQF_NO_THREAD + iio: magnetometer: Remove IRQF_ONESHOT + MIPS: Loongson: Make cpumask_of_node() robust against NUMA_NO_NODE + fs: ntfs3: check return value of indx_find to avoid infinite loop + fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata + fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST + fs/ntfs3: drop preallocated clusters for sparse and compressed files + fs/ntfs3: avoid calling run_get_entry() when run == NULL in ntfs_read_run_nb_ra() + ceph: supply snapshot context in ceph_uninline_data() + libceph: define and enforce CEPH_MAX_KEY_LEN + thermal: int340x: Fix sysfs group leak on DLVR registration failure + include: uapi: netfilter_bridge.h: Cover for musl libc + ARM: 9467/1: mm: Don't use %pK through printk + drm/amd/display: Avoid updating surface with the same surface under MPO + drm/amdgpu: Adjust usleep_range in fence wait + ALSA: usb-audio: Update the number of packets properly at receiving + drm/amdgpu: Add HAINAN clock adjustment + drm/radeon: Add HAINAN clock adjustment + ALSA: usb-audio: Add sanity check for OOB writes at silencing + btrfs: replace BUG() with error handling in __btrfs_balance() + drm/amd/display: Remove conditional for shaper 3DLUT power-on + rtc: zynqmp: correct frequency value + ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access + ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut + xfrm6: fix uninitialized saddr in xfrm6_get_saddr() + xfrm: skip templates check for packet offload tunnel mode + ipmi: ipmb: initialise event handler read bytes + xfrm: always flush state and policy upon NETDEV_UNREGISTER event + net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode + net: usb: lan78xx: scan all MDIO addresses on LAN7801 + net: ixp4xx_eth: convert to ndo_hwtstamp_get() and ndo_hwtstamp_set() + net: ethernet: xscale: Check for PTP support properly + wifi: cfg80211: wext: fix IGTK key ID off-by-one + Remove WARN_ALL_UNSEEDED_RANDOM kernel config option + UBUNTU: [Config] Remove WARN_ALL_UNSEEDED_RANDOM + Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ + Bluetooth: hci_qca: Cleanup on all setup failures + Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ + Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ + Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ + tipc: fix duplicate publication key in tipc_service_insert_publ() + RDMA/core: Fix stale RoCE GIDs during netdev events at registration + net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets + RDMA/efa: Fix typo in efa_alloc_mr() + net: usb: pegasus: enable basic endpoint checking + RDMA/umem: Fix double dma_buf_unpin in failure path + net/mlx5: DR, Fix circular locking dependency in dump + net/mlx5: Fix missing devlink lock in SRIOV enable error path + net: consume xmit errors of GSO frames + dpaa2-switch: validate num_ifs to prevent out-of-bounds write + netfilter: nf_conntrack_h323: fix OOB read in decode_choice() + rpmsg: core: fix race in driver_override_show() and use core helper + clk: renesas: rzg2l: Fix intin variable size + clk: renesas: rzg2l: Select correct div round macro + ASoC: SOF: ipc4-control: If there is no data do not send bytes update + ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls + ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data + ASoC: SOF: ipc4-control: Keep the payload size up to date + fpga: dfl: use subsys_initcall to allow built-in drivers to be added + dm-verity: correctly handle dm_bufio_client_create() failure + media: mediatek: encoder: Fix uninitialized scalar variable issue + media: mtk-mdp: Fix error handling in probe function + media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() + media: verisilicon: AV1: Fix enable cdef computation + media: verisilicon: AV1: Fix tx mode bit setting + ARM: omap2: Fix reference count leaks in omap_control_init() + KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding + arm64: Disable branch profiling for all arm64 code + HID: hid-pl: handle probe errors + HID: magicmouse: Do not crash on missing msc->input + HID: prodikeys: Check presence of pm->input_ep82 + HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() + arm64: dts: apple: t8112-j473: Keep the HDMI port powered on + media: verisilicon: AV1: Set IDR flag for intra_only frame type + media: radio-keene: fix memory leak in error path + media: cx88: Add missing unmap in snd_cx88_hw_params() + media: cx23885: Add missing unmap in snd_cx23885_hw_params() + media: cx25821: Add missing unmap in snd_cx25821_hw_params() + media: i2c/tw9903: Fix potential memory leak in tw9903_probe() + media: i2c/tw9906: Fix potential memory leak in tw9906_probe() + media: i2c: ov01a10: Fix the horizontal flip control + media: i2c: ov01a10: Fix reported pixel-rate value + media: i2c: ov01a10: Fix analogue gain range + media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls + media: i2c: ov01a10: Fix test-pattern disabling + media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() + media: ccs: Avoid possible division by zero + media: i2c: ov5647: Initialize subdev before controls + media: i2c: ov5647: Correct pixel array offset + media: i2c: ov5647: Correct minimum VBLANK value + media: i2c: ov5647: Sensor should report RAW color space + media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode + media: i2c: ov5647: use our own mutex for the ctrl lock + dm-integrity: fix a typo in the code for write/discard race + dm: clear cloned request bio pointer when last clone bio completes + soc: ti: k3-socinfo: Fix regmap leak on probe failure + soc: ti: pruss: Fix double free in pruss_clk_mux_setup() + KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation + clk: clk-apple-nco: Add "apple,t8103-nco" compatible + media: i2c: ov01a10: Fix digital gain range + clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() + s390/pci: Handle futile config accesses of disabled devices directly + dm-integrity: fix recalculation in bitmap mode + dm-unstripe: fix mapping bug when there are multiple targets in a table + arm64: dts: rockchip: Do not enable hdmi_sound node on Pinebook Pro + media: venus: vdec: fix error state assignment for zero bytesused + media: venus: vdec: restrict EOS addr quirk to IRIS2 only + drm: of: drm_of_panel_bridge_remove(): fix device_node leak + mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations + selftests/mm/charge_reserved_hugetlb: drop mount size for hugetlbfs + xfs: mark data structures corrupt on EIO and ENODATA + media: verisilicon: AV1: Fix tile info buffer size + iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode + mfd: core: Add locking around 'mfd_of_node_list' + xfs: delete attr leaf freemap entries when empty + xfs: fix freemap adjustments when adding xattrs to leaf blocks + xfs: fix remote xattr valuelblk check + KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() + PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions + md/bitmap: fix GPF in write_page caused by resize race + nfsd: fix return error code for nfsd_map_name_to_[ug]id + nvmem: Drop OF node reference on nvmem_add_one_cell() failure + usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN + bus: fsl-mc: fix an error handling in fsl_mc_device_add() + dm mpath: make pg_init_delay_msecs settable + tools: Fix bitfield dependency failure + powerpc/smp: Add check for kcalloc() failure in parse_thread_groups() + iio: gyro: itg3200: Fix unchecked return value in read_raw + mm/highmem: fix __kmap_to_page() build error + rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() + ocfs2: fix reflink preserve cleanup issue + kexec: derive purgatory entry from symbol + Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" + PCI/IOV: Fix race between SR-IOV enable/disable and hotplug + arm64: Fix non-atomic __READ_ONCE() with CONFIG_LTO=y + btrfs: continue trimming remaining devices on failure + remoteproc: imx_rproc: Fix invalid loaded resource table detection + perf/arm-cmn: Reject unsupported hardware configurations + scsi: ufs: core: Flush exception handling work when RPM level is zero + usb: dwc3: gadget: Move vbus draw to workqueue context + usb: dwc2: fix resume failure if dr_mode is host + mtd: rawnand: pl353: Fix software ECC support + tipc: fix RCU dereference race in tipc_aead_users_dec() + drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() + net: cpsw_new: Fix unnecessary netdev unregistration in cpsw_probe() error path + PCI: Fix pci_slot_trylock() error handling + parisc: kernel: replace kfree() with put_device() in create_tree_node() + staging: rtl8723bs: fix null dereference in find_network + cifs: Fix locking usage for tcon fields + MIPS: rb532: Fix MMIO UART resource registration + ceph: supply snapshot context in ceph_zero_partial_object() + LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE + LoongArch: Prefer top-down allocation after arch_mem_init() + LoongArch: Guard percpu handler under !CONFIG_PREEMPT_RT + LoongArch: Disable instrumentation for setup_ptwalker() + net: ethernet: marvell: skge: remove incorrect conflicting PCI ID + net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() + octeontx2-af: CGX: fix bitmap leaks + net: macb: Fix tx/rx malfunction after phy link down and up + tracing: Fix to set write permission to per-cpu buffer_size_kb + io_uring/filetable: clamp alloc_hint to the configured alloc range + net: intel: fix PCI device ID conflict between i40e and ipw2200 + atm: fore200e: fix use-after-free in tasklets during device removal + ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() + fbcon: check return value of con2fb_acquire_newinfo() + fbdev: vt8500lcdfb: fix missing dma_free_coherent() + fbdev: of: display_timing: fix refcount leak in of_get_display_timings() + fbdev: ffb: fix corrupted video output on Sun FFB1 + fbcon: Remove struct fbcon_display.inverse + cifs: some missing initializations on replay + ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR + net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle + net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() + x86/kexec: Copy ACPI root pointer address from config table + arm64: Force the use of CNTVCT_EL0 in __delay() + net: nfc: nci: Fix parameter validation for packet data + tracing: Fix checking of freed trace_event_file for hist files + tracing: Wake up poll waiters for hist files when removing an event + NTB: ntb_transport: Fix too small buffer for debugfs_name + drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros + arm64: Fix sampling the "stable" virtual counter in preemptible section + gfs2: Fix slab-use-after-free in qd_put + io_uring: use release-acquire ordering for IORING_SETUP_R_DISABLED + thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature + OPP: Return correct value in dev_pm_opp_get_level + cpufreq: scmi: Fix device_node reference leak in scmi_cpu_domain_id() + perf/x86/core: Do not set bit width for unavailable counters + genirq: Set IRQF_COND_ONESHOT in devm_request_irq(). + platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() + media: pci: mg4b: Use IRQF_NO_THREAD + firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET + arm64: dts: qcom: msm8994-octagon: Fix Analog Devices vendor prefix of AD7147 + arm64: dts: mediatek: mt8183-jacuzzi-pico6: Fix typo in pinmux node + arm64: dts: qcom: qrb4210-rb2: Fix UART3 wakeup IRQ storm + arm64: dts: qcom: x1e: bus is 40-bits (fix 64GB models) + media: chips-media: wave5: Fix memory leak on codec_info allocation failure + drm/amd: Drop "amdgpu kernel modesetting enabled" message + drm/amdkfd: Fix signal_eviction_fence() bool return value + drm/xe: Unregister drm device on probe error + HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients + wifi: cfg80211: Fix use_for flag update on BSS refresh + PCI: Check parent for NULL in of_pci_bus_release_domain_nr() + netfilter: nfnetlink_queue: optimize verdict lookup with hash table + netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation + netfilter: nft_set_rbtree: fix bogus EEXIST with NLM_F_CREATE with null interval + power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() + power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() + RDMA/mlx5: Fix UMR hang in LAG error state unload + IB/mlx5: Fix port speed query for representors + platform/x86/amd/pmf: Prevent TEE errors after hibernate + crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails + power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler + clk: qcom: gcc-sm8650: Use floor ops for SDCC RCGs + clk: qcom: gcc-sm4450: Update the SDCC RCGs to use shared_floor_ops + clk: qcom: gcc-x1e80100: Update the SDCC RCGs to use shared_floor_ops + dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue + iio: pressure: mprls0025pa: fix interrupt flag + objpool: fix the overestimation of object pooling metadata size + ipvs: do not keep dest_dst if dev is going down + net/mlx5e: Use unsigned for mlx5e_get_max_num_channels + AppArmor: Allow apparmor to handle unaligned dfa tables + apparmor: Fix & Optimize table creation from possibly unaligned memory + apparmor: avoid per-cpu hold underflow in aa_get_buffer + drm/amd/display: Fix out-of-bounds stream encoder index v3 + btrfs: use the correct type to initialize block reserve for delayed refs + Drivers: hv: vmbus: Use kthread for vmbus interrupts on PREEMPT_RT + i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init + APEI/GHES: ARM processor Error: don't go past allocated memory + ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] + powercap: intel_rapl: Add PL4 support for Ice Lake + alpha: fix user-space corruption during memory compaction + ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) + ACPI: battery: fix incorrect charging status when current is zero + perf/x86/msr: Add Airmont NP + perf/x86/cstate: Add Airmont NP + bpf: Recognize special arithmetic shift in the verifier + firmware: arm_ffa: Unmap Rx/Tx buffers on init failure + gpu/panel-edp: add AUO panel entry for B140HAN06.4 + drm/amdgpu: fix NULL pointer issue buffer funcs + ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET + media: chips-media: wave5: Fix conditional in start_streaming + media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder + drm/amd/display: Fix dsc eDP issue + drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() + media: mt9m114: Avoid a reset low spike during probe() + media: mt9m114: Return -EPROBE_DEFER if no endpoint is found + ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk + PCI: Add Intel Nova Lake audio Device ID + drm/amd/display: Disable FEC when powering down encoders + drm/amd/display: avoid dig reg access timeout on usb4 link training fail + hwmon: (dell-smm) Add support for Dell OptiPlex 7080 + HID: logitech-hidpp: Add support for Logitech K980 + ASoC: SOF: Intel: hda: Fix NULL pointer dereference + spi: geni-qcom: Fix abort sequence execution for serial engine errors + ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx + wifi: rtw89: 8922a: set random mac if efuse contains zeroes + wifi: rtw89: ser: enable error IMR after recovering from L1 + wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() + wifi: rtw89: mac: correct page number for CSI response + wifi: ath11k: Fix failure to connect to a 6 GHz AP + ipv6: annotate data-races over sysctl.flowlabel_reflect + ext4: use reserved metadata blocks when splitting extent on endio + Bluetooth: btusb: Add support for MediaTek7920 0489:e158 + net: sfp: add quirk for Lantech 8330-265D + PCI/AER: Clear stale errors on reporting agents upon probe + scsi: ufs: mediatek: Fix page faults in ufs_mtk_clk_scale() trace event + riscv: vector: init vector context with proper vlenb + HID: i2c-hid: Add FocalTech FT8112 + 9p/xen: protect xen_9pfs_front_free against concurrent calls + soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list + most: remove usage of the deprecated ida_simple_xx() API + most: core: fix resource leak in most_register_interface error paths + usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() + serial: 8250: 8250_omap.c: Add support for handling UART error conditions + mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs + ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 + drm/amd/display: Fix writeback on DCN 3.2+ + drm/amd/display: Fix system resume lag issue + drm/amd/display: bypass post csc for additional color spaces in dal + spi: spidev: fix lock inversion between spi_lock and buf_lock + Bluetooth: L2CAP: Avoid -Wflex-array-member-not-at-end warnings + Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short + kcm: fix zero-frag skb in frag_list on partial sendmsg error + net/mlx5: E-switch, Clear legacy flag when moving to switchdev + net/mlx5e: Separate address related variables to be in struct + net/mlx5e: Support routed networks during IPsec MACs initialization + net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query + drm/tests: shmem: Swap names of export tests + KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR + media: amphion: Drop min_queued_buffers assignment + media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() + media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() + media: ccs: Fix setting initial sub-device state + platform/x86: ISST: Add missing write block check + bus: omap-ocp2scp: fix OF populate on driver rebind + media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop + drm/buddy: Prevent BUG_ON by validating rounded allocation + xfs: remove xfs_attr_leaf_hasname + mfd: qcom-pm8xxx: Fix OF populate on driver rebind + mfd: omap-usb-host: Fix OF populate on driver rebind + xfs: fix the xattr scrub to detect freemap/entries array collisions + pinctrl: intel: Add code name documentation + xfs: check for deleted cursors when revalidating two btrees + vhost: move vdpa group bound check to vhost_vdpa + clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841 + mm/slab: use unsigned long for orig_size to ensure proper metadata align + drm/amd/display: Increase DCN35 SR enter/exit latency + drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify + mm: numa_memblks: Identify the accurate NUMA ID of CFMW + drm/amdgpu: keep vga memory on MacBooks with switchable graphics + most: core: fix leak on early registration failure + Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req + UBUNTU: Upstream stable to v6.6.128, v6.12.75 -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2150809 Title: Noble update: upstream stable patchset 2026-05-01 Status in linux package in Ubuntu: Invalid Status in linux source package in Noble: In Progress Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The following upstream stable patches should be included in the Ubuntu kernel: upstream stable patchset 2026-05-01 Ported from the following upstream stable releases: v6.6.128, v6.12.75 from git://git.kernel.org/ RDMA/siw: Fix potential NULL pointer dereference in header processing RDMA/umad: Reject negative data_len in ib_umad_write auxdisplay: arm-charlcd: fix release_mem_region() size hfsplus: return error when node already exists in hfs_bnode_create rcu: s/boost_kthread_mutex/kthread_mutex rcu/exp: Move expedited kthread worker creation functions above rcutree_prepare_cpu() rcu: Refactor expedited handling check in rcu_read_unlock_special() rcu: Remove local_irq_save/restore() in rcu_preempt_deferred_qs_handler() rcu: Fix rcu_read_unlock() deadloop due to softirq audit: move the compat_xxx_class[] extern declarations to audit_arch.h i3c: Move device name assignment after i3c_bus_init fs: add <linux/init_task.h> for 'init_fs' i3c: master: Update hot-join flag only on success gfs2: Retries missing in gfs2_{rename,exchange} gfs2: Fix use-after-free in iomap inline data write path i3c: dw: Initialize spinlock to avoid upsetting lockdep tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure tpm: st33zp24: Fix missing cleanup on get_burstcount() error btrfs: qgroup: return correct error when deleting qgroup relation item btrfs: fix block_group_tree dirty_list corruption smb: client: fix potential UAF and double free in smb2_open_file() xen/virtio: Don't use grant-dma-ops when running as Dom0 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() io_uring/sync: validate passed in offset cpuidle: menu: Cleanup after loadavg removal cpuidle: governors: menu: Always check timers with tick stopped md/raid10: fix any_working flag handling in raid10_sync_request iomap: fix submission side handling of completion side errors ublk: Validate SQE128 flag before accessing the cmd x86/xen: make some functions static Partial revert "x86/xen: fix balloon target initialization for PVH dom0" PM: wakeup: Handle empty list in wakeup_sources_walk_start() perf: arm_spe: Properly set hw.state on failures PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races s390/cio: Fix device lifecycle handling in css_alloc_subchannel() crypto: qat - fix warning on adf_pfvf_pf_proto.c selftests/bpf: veristat: fix printing order in output_stats() libbpf: Fix OOB read in btf_dump_get_bitfield_value ARM: VDSO: Patch out __vdso_clock_getres() if unavailable crypto: cavium - fix dma_free_coherent() size crypto: octeontx - fix dma_free_coherent() size crypto: hisilicon/zip - adjust the way to obtain the req in the callback function crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable hrtimer: Fix trace oddity bpf, sockmap: Fix incorrect copied_seq calculation bpf, sockmap: Fix FIONREAD for sockmap crypto: hisilicon/trng - modifying the order of header files crypto: hisilicon/trng - support tfms sharing the device bpf: Fix bpf_xdp_store_bytes proto for read-only arg scsi: efct: Use IRQF_ONESHOT and default primary handler EDAC/altera: Remove IRQF_ONESHOT mfd: wm8350-core: Use IRQF_ONESHOT sched/rt: Skip currently executing CPU in rto_next_cpu() pstore/ram: fix buffer overflow in persistent_ram_save_old() soc: qcom: smem: handle ENOMEM error during probe EDAC/i5000: Fix snprintf() size calculation in calculate_dimm_size() EDAC/i5400: Fix snprintf() limit calculation in calculate_dimm_size() arm64: dts: tqma8mpql-mba8mpxl: Fix HDMI CEC pad control settings clk: qcom: Return correct error code in qcom_cc_probe_by_index() arm64: dts: qcom: sdm630: fix gpu_speed_bin size arm64: dts: qcom: sdm845-oneplus: Don't mark ts supply boot-on ARM: dts: allwinner: sun5i-a13-utoo-p66: delete "power-gpios" property powerpc/uaccess: Move barrier_nospec() out of allow_read_{from/write}_user() soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling ARM: dts: lpc32xx: Set motor PWM #pwm-cells property value to 3 cells arm: dts: lpc32xx: add clocks property to Motor Control PWM device tree node arm64: dts: amlogic: axg: assign the MMC signal clocks arm64: dts: amlogic: gx: assign the MMC signal clocks arm64: dts: amlogic: g12: assign the MMC B and C signal clocks arm64: dts: amlogic: g12: assign the MMC A signal clock arm64: dts: qcom: sdm845-db845c: drop CS from SPIO0 arm64: dts: qcom: sdm845-db845c: specify power for WiFi CH1 arm64: dts: qcom: sm6115: Add CX_MEM/DBGC GPU regions workqueue: Factor out assign_rescuer_work() workqueue: Only assign rescuer work when really needed workqueue: Process rescuer work items one-by-one using a cursor smack: /smack/doi must be > 0 smack: /smack/doi: accept previously used values ASoC: nau8821: Consistently clear interrupts before unmasking ASoC: nau8821: Avoid unnecessary blocking in IRQ handler ASoC: nau8821: Fixup nau8821_enable_jack_detect() drm/amdgpu: Use explicit VCN instance 0 in SR-IOV init drm/msm/disp/dpu: add merge3d support for sc7280 regulator: core: move supply check earlier in set_machine_constraints() HID: playstation: Add missing check for input_ff_create_memless drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x media: ccs: Accommodate C-PHY into the calculation drm/msm/a2xx: fix pixel shader start on A225 platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev media: uvcvideo: Fix allocation for small frame sizes platform/chrome: cros_ec_lightbar: Fix response size initialization spi: tools: Add include folder to .gitignore Revert "hwmon: (ibmpex) fix use-after-free in high/low store" PCI: mediatek: Fix IRQ domain leak when MSI allocation fails Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors PCI/PM: Avoid redundant delays on D3hot->D3cold PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails Documentation: tracing: Add ring-buffer mapping docs: fix WARNING document not included in any toctree Documentation: trace: Refactor toctree Documentation: tracing: Add PCI tracepoint documentation PCI: Do not attempt to set ExtTag for VFs PCI/portdrv: Fix potential resource leak quota: fix livelock between quotactl and freeze_super net: mctp-i2c: fix duplicate reception of old data mctp i2c: initialise event handler read bytes wifi: cfg80211: stop NAN and P2P in cfg80211_leave netfilter: nf_tables: reset table validation state on abort netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH netfilter: nf_conncount: increase the connection clean up limit to 64 netfilter: nft_compat: add more restrictions on netlink attributes netfilter: nf_conncount: fix tracking of connections from localhost module: add helper function for reading module_buildid() kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup() PCI: Mark 3ware-9650SA Root Port Extended Tags as broken iommu/vt-d: Flush cache for PASID table before using it dm: use bio_clone_blkg_association nfsd: never defer requests during idmap lookup fat: avoid parent link count underflow in rmdir tcp: tcp_tx_timestamp() must look at the rtx queue wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() PCI: Initialize RCB from pci_configure_device() PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros PCI: Add defines for bridge window indexing PCI/ACPI: Restrict program_hpx_type2() to AER bits ipc: don't audit capability check in ipc_permissions() ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit() of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy() mptcp: fix receive space timestamp initialization octeontx2-af: Fix PF driver crash with kexec kernel booting bonding: only set speed/duplex to unknown, if getting speed failed inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP nfc: hci: shdlc: Stop timers and work before freeing context netfilter: nft_set_hash: fix get operation on big endian netfilter: nft_counter: fix reset of counters on 32bit archs netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] net: hns3: fix double free issue for tx spare buffer procfs: fix missing RCU protection when reading real_parent in do_task_stat() smb: client: correct value for smbd_max_fragmented_recv_size net: atm: fix crash due to unvalidated vcc pointer in sigd_send() net: sunhme: Fix sbus regression net: Add skb_dstref_steal and skb_dstref_restore net: Switch to skb_dstref_steal/skb_dstref_restore for ip_route_input callers xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path serial: caif: fix use-after-free in caif_serial ldisc_close() octeon_ep: disable per ring interrupts octeon_ep: ensure dbell BADDR updation ionic: Rate limit unknown xcvr type messages octeontx2-pf: Unregister devlink on probe failure RDMA/rtrs: server: remove dead code IB/cache: update gid cache on client reregister event RDMA/hns: Fix WQ_MEM_RECLAIM warning RDMA/hns: Notify ULP of remaining soft-WCs during reset power: supply: ab8500: Fix use-after-free in power_supply_changed() power: supply: act8945a: Fix use-after-free in power_supply_changed() power: supply: bq256xx: Fix use-after-free in power_supply_changed() power: supply: bq25980: Fix use-after-free in power_supply_changed() power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() power: supply: goldfish: Fix use-after-free in power_supply_changed() power: supply: rt9455: Fix use-after-free in power_supply_changed() power: supply: sbs-battery: Fix use-after-free in power_supply_changed() power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write power: supply: bq27xxx: fix wrong errno when bus ops are unsupported power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() RDMA/rtrs-srv: fix SG mapping RDMA/rxe: Fix double free in rxe_srq_from_init tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper crypto: ccp - Add an S4 restore flow crypto: ccp - Factor out ring destroy handling to a helper crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send RDMA/rxe: Fix race condition in QP timer handlers svcrdma: Increase the per-transport rw_ctx count svcrdma: Reduce the number of rdma_rw contexts per-QP RDMA/core: add rdma_rw_max_sge() helper for SQ sizing cxl: Fix premature commit_end increment on decoder commit failure mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() mtd: spinand: Fix kernel doc power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer RDMA/uverbs: Add __GFP_NOWARN to ib_uverbs_unmarshall_recv() kmalloc pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() scsi: ufs: host: mediatek: Require CONFIG_PM scsi: csiostor: Fix dereference of null pointer rn nvdimm: virtio_pmem: serialize flush requests fs/nfs: Fix readdir slow-start regression tracing: Properly process error handling in event_hist_trigger_parse() tracing: Remove duplicate ENABLE_EVENT_STR and DISABLE_EVENT_STR macros fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings() fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs clk: qcom: rcg2: compute 2d using duty fraction directly clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-sdx75: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-qdu1000: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc clk: qcom: gcc-ipq5018: flag sleep clock as critical clk: Move clk_{save,restore}_context() to COMMON_CLK section clk: qcom: dispcc-sdm845: Enable parents for pixel clocks clk: qcom: gfx3d: add parent to parent request map clk: mediatek: Fix error handling in runtime PM setup dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX dma: dma-axi-dmac: fix SW cyclic transfers staging: greybus: lights: avoid NULL deref serial: imx: change SERIAL_IMX_CONSOLE to bool serial: SH_SCI: improve "DMA support" prompt mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms iio: pressure: mprls0025pa: fix scan_type struct watchdog: starfive-wdt: Fix PM reference leak in probe error path coresight: etm3x: Fix cpulocked warning on cpuhp Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms" mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure mfd: simple-mfd-i2c: Add MAX77705 support mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA mfd: simple-mfd-i2c: Add SpacemiT P1 support mfd: simple-mfd-i2c: Keep compatible strings in alphabetical order mfd: simple-mfd-i2c: Add Delta TN48M CPLD support UBUNTU: [Config] Disable new Delta TN48M CPLD support by default drivers: iio: mpu3050: use dev_err_probe for regulator request usb: bdc: fix sleep during atomic pinctrl: equilibrium: Fix device node reference leak in pinbank_init() ovl: Fix uninit-value in ovl_fill_real iio: sca3000: Fix a resource leak in sca3000_probe() pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition pinctrl: single: fix refcount leak in pcs_add_gpio_func() leds: qcom-lpg: Check the return value of regmap_bulk_write() backlight: qcom-wled: Support ovp values for PMI8994 backlight: qcom-wled: Change PM8950 WLED configurations dmaengine: fsl-edma: don't explicitly disable clocks in .remove() io_uring/cancel: de-unionize file and user_data in struct io_cancel_data fs/ntfs3: prevent infinite loops caused by the next valid being the same fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check kbuild: Add objtool to top-level clean target selftests/memfd: delete unused declarations selftests/memfd: use IPC semaphore instead of SIGSTOP/SIGCONT ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO cpuidle: Skip governor when only one idle state is available selftests: mlxsw: tc_restrictions: Fix test failure with new iproute2 net: sparx5/lan969x: fix DWRR cost max to match hardware register width net: mscc: ocelot: extract ocelot_xmit_timestamp() helper net: mscc: ocelot: split xmit into FDMA and register injection paths net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ipv6: Fix out-of-bound access in fib6_add_rt2node(). net: sparx5/lan969x: fix PTP clock max_adj value net: usb: catc: enable basic endpoint checking xen-netback: reject zero-queue configuration from guest net/rds: rds_sendmsg should not discard payload_len net: bridge: mcast: always update mdb_n_entries for vlan contexts selftests: forwarding: vxlan_bridge_1d: fix test failure with br_netfilter enabled selftests: forwarding: vxlan_bridge_1d_ipv6: fix test failure with br_netfilter enabled netfilter: nf_conntrack_h323: don't pass uninitialised l3num value net: remove WARN_ON_ONCE when accessing forward path array netfilter: nf_tables: fix use-after-free in nf_tables_addchain() ipv6: fix a race in ip6_sock_set_v6only() bpftool: Fix truncated netlink dumps ping: annotate data-races in ping_lookup() macvlan: observe an RCU grace period in macvlan_common_newlink() error path icmp: move icmp_global.credit and icmp_global.stamp to per netns storage icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns icmp: prevent possible overflow in icmp_global_allow() cache: add __cacheline_group_{begin, end}_aligned() (+ couple more) inet: move icmp_global_{credit,stamp} to a separate cache line octeontx2-af: Fix default entries mcam entry action bonding: alb: fix UAF in rlb_arp_recv during bond up/down net/mlx5: Fix multiport device check over light SFs apparmor: fix NULL sock in aa_sock_file_perm apparmor: return -ENOMEM in unpack_perms_table upon alloc failure apparmor: fix rlimit for posix cpu timers apparmor: remove apply_modes_to_perms from label_match apparmor: make label_match return a consistent value apparmor: fix invalid deref of rawdata when export_binary is unset apparmor: fix aa_label to return state from compount and component match drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() drm/amdgpu: Fix memory leak in amdgpu_ras_init() drm/i915/acpi: free _DSM package when no connectors ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init drm/amdkfd: fix debug watchpoints for logical devices drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname() spi: wpcm-fiu: Fix uninitialized res spi: wpcm-fiu: Simplify with dev_err_probe() spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n efi: Fix reservation of unaccepted memory table btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found x86/hyperv: Fix error pointer dereference ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk drm/amd/display: Use same max plane scaling limits for all 64 bpp formats MIPS: Work around LLVM bug when gp is used as global register variable ext4: don't cache extent during splitting extent ext4: fix memory leak in ext4_ext_shift_extents() ext4: use optimized mballoc scanning regardless of inode format ata: pata_ftide010: Fix some DMA timings ata: libata-scsi: refactor ata_scsi_translate() SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path ASoC: dt-bindings: asahi-kasei,ak4458: Fix the supply names ASoC: dt-bindings: asahi-kasei,ak5558: Fix the supply names perf test stat: Update test expectations and events perf test stat tests: Fix for virtualized machines perf unwind-libdw: Fix invalid reference counts perf callchain: Fix srcline printing with inlines libsubcmd: Fix null intersection case in exclude_cmds() libperf: Don't remove -g when EXTRA_CFLAGS are used libperf build: Always place libperf includes first rtc: interface: Alarm race handling should not discard preceding error audit: add fchmodat2() to change attributes class hfsplus: fix volume corruption issue for generic/498 fs/buffer: add alert in try_to_free_buffers() for folios without buffers audit: add missing syscalls to read class hfsplus: pretend special inodes as regular files i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() minix: Add required sanity checking to minix_check_superblock() btrfs: handle user interrupt properly in btrfs_trim_fs() smb: client: add proper locking around ses->iface_last_update gfs2: fiemap page fault fix smb: client: prevent races in ->query_interfaces() tools/power cpupower: Reset errno before strtoull() s390/purgatory: Add -Wno-default-const-init-unsafe to KBUILD_CFLAGS perf/arm-cmn: Support CMN-600AE arm64: Add support for TSV110 Spectre-BHB mitigation rnbd-srv: Zero the rsp buffer before using it x86/xen/pvh: Enable PAE mode for 32-bit guest only when CONFIG_X86_PAE is set EFI/CPER: don't dump the entire memory region APEI/GHES: ensure that won't go past CPER allocated record EFI/CPER: don't go past the ARM processor CPER record buffer ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP md-cluster: fix NULL pointer dereference in process_metadata_update cpufreq: dt-platdev: Block the driver from probing on more QC platforms s390/perf: Disable register readout on sampling events perf/cxlpmu: Replace IRQF_ONESHOT with IRQF_NO_THREAD xenbus: Use .freeze/.thaw to handle xenbus devices blk-mq-debugfs: add missing debugfs_mutex in blk_mq_debugfs_register_hctxs() sparc: Synchronize user stack on fork and clone sparc: don't reference obsolete termio struct for TC* constants bpf: verifier improvement in 32bit shift sign extension pattern clocksource/drivers/sh_tmu: Always leave device running after probe clocksource/drivers/timer-integrator-ap: Add missing Kconfig dependency on OF PCI/MSI: Unmap MSI-X region on error crypto: hisilicon/qm - move the barrier before writing to the mailbox register mailbox: bcm-ferxrm-mailbox: Use default primary handler char: tpm: cr50: Remove IRQF_ONESHOT pstore: ram_core: fix incorrect success return when vmap() fails arm64: tegra: smaug: Add usb-role-switch support parisc: Prevent interrupts during reboot drm/display/dp_mst: Add protection against 0 vcpi spi-geni-qcom: initialize mode related registers to 0 spi-geni-qcom: use xfer->bits_per_word for can_dma() media: dvb-core: dmxdevfilter must always flush bufs spi: stm32: fix Overrun issue at < 8bpw drm/v3d: Set DMA segment size to avoid debug warnings media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes media: omap3isp: isppreview: always clamp in preview_try_format() media: omap3isp: set initial format media: mediatek: vcodec: Don't try to decode 422/444 VP9 drm/amdgpu: add support for HDP IP version 6.1.1 drm/amdgpu: avoid a warning in timedout job handler HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug spi: spi-mem: Limit octal DTR constraints to octal DTR situations media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START media: adv7180: fix frame interval in progressive mode media: pvrusb2: fix URB leak in pvr2_send_request_ex media: solo6x10: Check for out of bounds chip_id media: cx25821: Fix a resource leak in cx25821_dev_setup() media: v4l2-async: Fix error handling on steps after finding a match drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() drm: Account property blob allocations to memcg hyper-v: Mark inner union in hv_kvp_exchg_msg_value as packed virt: vbox: uapi: Mark inner unions in packed structs as packed drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release media: rkisp1: Fix filter mode register configuration HID: multitouch: add eGalaxTouch EXC3188 support HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro gpio: aspeed-sgpio: Change the macro to support deferred probe ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE hwmon: (f71882fg) Add F81968 support ASoC: es8328: Add error unwind in resume modpost: Amend ppc64 save/restfpr symnames for -Os build ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio jfs: Add missing set_freezable() for freezable kthread jfs: nlink overflow in jfs_rename wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H dm: replace -EEXIST with -EBUSY dm: remove fake timeout to avoid leak request iommu/arm-smmu-v3: Improve CMDQ lock fairness and efficiency wifi: libertas: fix WARNING in usb_tx_block iommu/amd: move wait_on_sem() out of spinlock wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 wifi: ath12k: fix preferred hardware mode calculation ipv6: annotate data-races in ip6_multipath_hash_{policy,fields}() ipv6: exthdrs: annotate data-race over multiple sysctl ext4: mark group add fast-commit ineligible ext4: move ext4_percpu_param_init() before ext4_mb_init() ext4: mark group extend fast-commit ineligible netfilter: nf_conntrack: Add allow_clash to generic protocol handler netfilter: xt_tcpmss: check remaining length before reading optlen openrisc: define arch-specific version of nop() net: usb: r8152: fix transmit queue timeout wifi: iwlwifi: mvm: check the validity of noa_len net/rds: No shortcut out of RDS_CONN_ERROR gro: change the BUG_ON() in gro_pull_from_frag0() ipv4: igmp: annotate data-races around idev->mr_maxdelay net: hns3: extend HCLGE_FD_AD_QID to 11 bits wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() ipv4: fib: Annotate access to struct fib_alias.fa_state. Bluetooth: hci_conn: Set link_policy on incoming ACL connections Bluetooth: hci_conn: use mod_delayed_work for active mode timeout Bluetooth: btusb: Add new VID/PID for RTL8852CE Bluetooth: btusb: Add device ID for Realtek RTL8761BU octeontx2-af: Workaround SQM/PSE stalls by disabling sticky wifi: rtw89: pci: restore LDO setting after device resume wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() net: usb: sr9700: remove code to drive nonexistent multicast filter vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 net/rds: Clear reconnect pending bit PCI: Mark ASM1164 SATA controller to avoid bus reset PCI: Fix pci_slot_lock () device locking PCI: Enable ACS after configuring IOMMU for OF platforms PCI: Add ACS quirk for Qualcomm Hamoa & Glymur PCI: Mark Nvidia GB10 to avoid bus reset myri10ge: avoid uninitialized variable use nfc: nxp-nci: remove interrupt trigger type RDMA/rtrs-clt: For conn rejection use actual err number ata: libata: avoid long timeouts on hot-unplugged SATA DAS hisi_acc_vfio_pci: update status after RAS error scsi: buslogic: Reduce stack usage vhost: fix caching attributes of MMIO regions by setting them explicitly tracing: Fix false sharing in hwlat get_sample() remoteproc: imx_dsp_rproc: Skip RP_MBOX_SUSPEND_SYSTEM when mailbox TX channel is uninitialized mailbox: pcc: Remove spurious IRQF_ONESHOT usage mailbox: imx: Skip the suspend flag for i.MX7ULP mailbox: sprd: mask interrupts that are not handled remoteproc: mediatek: Break lock dependency to `prepare_lock` mailbox: sprd: clear delivery flag before handling TX done clk: microchip: core: correct return value on *_get_parent() m68k: nommu: fix memmove() with differently aligned src and dest for 68000 soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure serial: 8250_dw: handle clock enable errors in runtime_resume usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs fpga: of-fpga-region: Fail if any bridge is missing dmaengine: sun6i: Choose appropriate burst length under maxburst dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 staging: rtl8723bs: fix memory leak on failure path serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done fix it87_wdt early reboot by reporting running timer binder: don't use %pK through printk watchdog: imx7ulp_wdt: handle the nowayout option phy: mvebu-cp110-utmi: fix dr_mode property read from dts phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature Revert "mfd: da9052-spi: Change read-mask to write-mask" iio: Use IRQF_NO_THREAD iio: magnetometer: Remove IRQF_ONESHOT MIPS: Loongson: Make cpumask_of_node() robust against NUMA_NO_NODE fs: ntfs3: check return value of indx_find to avoid infinite loop fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST fs/ntfs3: drop preallocated clusters for sparse and compressed files fs/ntfs3: avoid calling run_get_entry() when run == NULL in ntfs_read_run_nb_ra() ceph: supply snapshot context in ceph_uninline_data() libceph: define and enforce CEPH_MAX_KEY_LEN thermal: int340x: Fix sysfs group leak on DLVR registration failure include: uapi: netfilter_bridge.h: Cover for musl libc ARM: 9467/1: mm: Don't use %pK through printk drm/amd/display: Avoid updating surface with the same surface under MPO drm/amdgpu: Adjust usleep_range in fence wait ALSA: usb-audio: Update the number of packets properly at receiving drm/amdgpu: Add HAINAN clock adjustment drm/radeon: Add HAINAN clock adjustment ALSA: usb-audio: Add sanity check for OOB writes at silencing btrfs: replace BUG() with error handling in __btrfs_balance() drm/amd/display: Remove conditional for shaper 3DLUT power-on rtc: zynqmp: correct frequency value ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm: skip templates check for packet offload tunnel mode ipmi: ipmb: initialise event handler read bytes xfrm: always flush state and policy upon NETDEV_UNREGISTER event net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode net: usb: lan78xx: scan all MDIO addresses on LAN7801 net: ixp4xx_eth: convert to ndo_hwtstamp_get() and ndo_hwtstamp_set() net: ethernet: xscale: Check for PTP support properly wifi: cfg80211: wext: fix IGTK key ID off-by-one Remove WARN_ALL_UNSEEDED_RANDOM kernel config option UBUNTU: [Config] Remove WARN_ALL_UNSEEDED_RANDOM Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ Bluetooth: hci_qca: Cleanup on all setup failures Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ tipc: fix duplicate publication key in tipc_service_insert_publ() RDMA/core: Fix stale RoCE GIDs during netdev events at registration net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets RDMA/efa: Fix typo in efa_alloc_mr() net: usb: pegasus: enable basic endpoint checking RDMA/umem: Fix double dma_buf_unpin in failure path net/mlx5: DR, Fix circular locking dependency in dump net/mlx5: Fix missing devlink lock in SRIOV enable error path net: consume xmit errors of GSO frames dpaa2-switch: validate num_ifs to prevent out-of-bounds write netfilter: nf_conntrack_h323: fix OOB read in decode_choice() rpmsg: core: fix race in driver_override_show() and use core helper clk: renesas: rzg2l: Fix intin variable size clk: renesas: rzg2l: Select correct div round macro ASoC: SOF: ipc4-control: If there is no data do not send bytes update ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data ASoC: SOF: ipc4-control: Keep the payload size up to date fpga: dfl: use subsys_initcall to allow built-in drivers to be added dm-verity: correctly handle dm_bufio_client_create() failure media: mediatek: encoder: Fix uninitialized scalar variable issue media: mtk-mdp: Fix error handling in probe function media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() media: verisilicon: AV1: Fix enable cdef computation media: verisilicon: AV1: Fix tx mode bit setting ARM: omap2: Fix reference count leaks in omap_control_init() KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding arm64: Disable branch profiling for all arm64 code HID: hid-pl: handle probe errors HID: magicmouse: Do not crash on missing msc->input HID: prodikeys: Check presence of pm->input_ep82 HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() arm64: dts: apple: t8112-j473: Keep the HDMI port powered on media: verisilicon: AV1: Set IDR flag for intra_only frame type media: radio-keene: fix memory leak in error path media: cx88: Add missing unmap in snd_cx88_hw_params() media: cx23885: Add missing unmap in snd_cx23885_hw_params() media: cx25821: Add missing unmap in snd_cx25821_hw_params() media: i2c/tw9903: Fix potential memory leak in tw9903_probe() media: i2c/tw9906: Fix potential memory leak in tw9906_probe() media: i2c: ov01a10: Fix the horizontal flip control media: i2c: ov01a10: Fix reported pixel-rate value media: i2c: ov01a10: Fix analogue gain range media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls media: i2c: ov01a10: Fix test-pattern disabling media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() media: ccs: Avoid possible division by zero media: i2c: ov5647: Initialize subdev before controls media: i2c: ov5647: Correct pixel array offset media: i2c: ov5647: Correct minimum VBLANK value media: i2c: ov5647: Sensor should report RAW color space media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode media: i2c: ov5647: use our own mutex for the ctrl lock dm-integrity: fix a typo in the code for write/discard race dm: clear cloned request bio pointer when last clone bio completes soc: ti: k3-socinfo: Fix regmap leak on probe failure soc: ti: pruss: Fix double free in pruss_clk_mux_setup() KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation clk: clk-apple-nco: Add "apple,t8103-nco" compatible media: i2c: ov01a10: Fix digital gain range clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() s390/pci: Handle futile config accesses of disabled devices directly dm-integrity: fix recalculation in bitmap mode dm-unstripe: fix mapping bug when there are multiple targets in a table arm64: dts: rockchip: Do not enable hdmi_sound node on Pinebook Pro media: venus: vdec: fix error state assignment for zero bytesused media: venus: vdec: restrict EOS addr quirk to IRIS2 only drm: of: drm_of_panel_bridge_remove(): fix device_node leak mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations selftests/mm/charge_reserved_hugetlb: drop mount size for hugetlbfs xfs: mark data structures corrupt on EIO and ENODATA media: verisilicon: AV1: Fix tile info buffer size iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode mfd: core: Add locking around 'mfd_of_node_list' xfs: delete attr leaf freemap entries when empty xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs: fix remote xattr valuelblk check KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions md/bitmap: fix GPF in write_page caused by resize race nfsd: fix return error code for nfsd_map_name_to_[ug]id nvmem: Drop OF node reference on nvmem_add_one_cell() failure usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN bus: fsl-mc: fix an error handling in fsl_mc_device_add() dm mpath: make pg_init_delay_msecs settable tools: Fix bitfield dependency failure powerpc/smp: Add check for kcalloc() failure in parse_thread_groups() iio: gyro: itg3200: Fix unchecked return value in read_raw mm/highmem: fix __kmap_to_page() build error rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() ocfs2: fix reflink preserve cleanup issue kexec: derive purgatory entry from symbol Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" PCI/IOV: Fix race between SR-IOV enable/disable and hotplug arm64: Fix non-atomic __READ_ONCE() with CONFIG_LTO=y btrfs: continue trimming remaining devices on failure remoteproc: imx_rproc: Fix invalid loaded resource table detection perf/arm-cmn: Reject unsupported hardware configurations scsi: ufs: core: Flush exception handling work when RPM level is zero usb: dwc3: gadget: Move vbus draw to workqueue context usb: dwc2: fix resume failure if dr_mode is host mtd: rawnand: pl353: Fix software ECC support tipc: fix RCU dereference race in tipc_aead_users_dec() drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() net: cpsw_new: Fix unnecessary netdev unregistration in cpsw_probe() error path PCI: Fix pci_slot_trylock() error handling parisc: kernel: replace kfree() with put_device() in create_tree_node() staging: rtl8723bs: fix null dereference in find_network cifs: Fix locking usage for tcon fields MIPS: rb532: Fix MMIO UART resource registration ceph: supply snapshot context in ceph_zero_partial_object() LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE LoongArch: Prefer top-down allocation after arch_mem_init() LoongArch: Guard percpu handler under !CONFIG_PREEMPT_RT LoongArch: Disable instrumentation for setup_ptwalker() net: ethernet: marvell: skge: remove incorrect conflicting PCI ID net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() octeontx2-af: CGX: fix bitmap leaks net: macb: Fix tx/rx malfunction after phy link down and up tracing: Fix to set write permission to per-cpu buffer_size_kb io_uring/filetable: clamp alloc_hint to the configured alloc range net: intel: fix PCI device ID conflict between i40e and ipw2200 atm: fore200e: fix use-after-free in tasklets during device removal ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() fbcon: check return value of con2fb_acquire_newinfo() fbdev: vt8500lcdfb: fix missing dma_free_coherent() fbdev: of: display_timing: fix refcount leak in of_get_display_timings() fbdev: ffb: fix corrupted video output on Sun FFB1 fbcon: Remove struct fbcon_display.inverse cifs: some missing initializations on replay ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() x86/kexec: Copy ACPI root pointer address from config table arm64: Force the use of CNTVCT_EL0 in __delay() net: nfc: nci: Fix parameter validation for packet data tracing: Fix checking of freed trace_event_file for hist files tracing: Wake up poll waiters for hist files when removing an event NTB: ntb_transport: Fix too small buffer for debugfs_name drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros arm64: Fix sampling the "stable" virtual counter in preemptible section gfs2: Fix slab-use-after-free in qd_put io_uring: use release-acquire ordering for IORING_SETUP_R_DISABLED thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature OPP: Return correct value in dev_pm_opp_get_level cpufreq: scmi: Fix device_node reference leak in scmi_cpu_domain_id() perf/x86/core: Do not set bit width for unavailable counters genirq: Set IRQF_COND_ONESHOT in devm_request_irq(). platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() media: pci: mg4b: Use IRQF_NO_THREAD firmware: arm_ffa: Correct 32-bit response handling in NOTIFICATION_INFO_GET arm64: dts: qcom: msm8994-octagon: Fix Analog Devices vendor prefix of AD7147 arm64: dts: mediatek: mt8183-jacuzzi-pico6: Fix typo in pinmux node arm64: dts: qcom: qrb4210-rb2: Fix UART3 wakeup IRQ storm arm64: dts: qcom: x1e: bus is 40-bits (fix 64GB models) media: chips-media: wave5: Fix memory leak on codec_info allocation failure drm/amd: Drop "amdgpu kernel modesetting enabled" message drm/amdkfd: Fix signal_eviction_fence() bool return value drm/xe: Unregister drm device on probe error HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients wifi: cfg80211: Fix use_for flag update on BSS refresh PCI: Check parent for NULL in of_pci_bus_release_domain_nr() netfilter: nfnetlink_queue: optimize verdict lookup with hash table netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation netfilter: nft_set_rbtree: fix bogus EEXIST with NLM_F_CREATE with null interval power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() power: supply: pm8916_lbc: Fix use-after-free in power_supply_changed() RDMA/mlx5: Fix UMR hang in LAG error state unload IB/mlx5: Fix port speed query for representors platform/x86/amd/pmf: Prevent TEE errors after hibernate crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler clk: qcom: gcc-sm8650: Use floor ops for SDCC RCGs clk: qcom: gcc-sm4450: Update the SDCC RCGs to use shared_floor_ops clk: qcom: gcc-x1e80100: Update the SDCC RCGs to use shared_floor_ops dma: dma-axi-dmac: fix HW scatter-gather not looking at the queue iio: pressure: mprls0025pa: fix interrupt flag objpool: fix the overestimation of object pooling metadata size ipvs: do not keep dest_dst if dev is going down net/mlx5e: Use unsigned for mlx5e_get_max_num_channels AppArmor: Allow apparmor to handle unaligned dfa tables apparmor: Fix & Optimize table creation from possibly unaligned memory apparmor: avoid per-cpu hold underflow in aa_get_buffer drm/amd/display: Fix out-of-bounds stream encoder index v3 btrfs: use the correct type to initialize block reserve for delayed refs Drivers: hv: vmbus: Use kthread for vmbus interrupts on PREEMPT_RT i3c: mipi-i3c-hci: Reset RING_OPERATION1 fields during init APEI/GHES: ARM processor Error: don't go past allocated memory ACPI: resource: Add JWIPC JVC9100 to irq1_level_low_skip_override[] powercap: intel_rapl: Add PL4 support for Ice Lake alpha: fix user-space corruption during memory compaction ACPI: x86: s2idle: Invoke Microsoft _DSM Function 9 (Turn On Display) ACPI: battery: fix incorrect charging status when current is zero perf/x86/msr: Add Airmont NP perf/x86/cstate: Add Airmont NP bpf: Recognize special arithmetic shift in the verifier firmware: arm_ffa: Unmap Rx/Tx buffers on init failure gpu/panel-edp: add AUO panel entry for B140HAN06.4 drm/amdgpu: fix NULL pointer issue buffer funcs ASoC: SOF: ipc4: Support for sending payload along with LARGE_CONFIG_GET media: chips-media: wave5: Fix conditional in start_streaming media: chips-media: wave5: Process ready frames when CMD_STOP sent to Encoder drm/amd/display: Fix dsc eDP issue drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() media: mt9m114: Avoid a reset low spike during probe() media: mt9m114: Return -EPROBE_DEFER if no endpoint is found ALSA: hda/realtek: add HP Victus 16-e0xxx mute LED quirk PCI: Add Intel Nova Lake audio Device ID drm/amd/display: Disable FEC when powering down encoders drm/amd/display: avoid dig reg access timeout on usb4 link training fail hwmon: (dell-smm) Add support for Dell OptiPlex 7080 HID: logitech-hidpp: Add support for Logitech K980 ASoC: SOF: Intel: hda: Fix NULL pointer dereference spi: geni-qcom: Fix abort sequence execution for serial engine errors ALSA: hda/realtek - Enable mute LEDs on HP ENVY x360 15-es0xxx wifi: rtw89: 8922a: set random mac if efuse contains zeroes wifi: rtw89: ser: enable error IMR after recovering from L1 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() wifi: rtw89: mac: correct page number for CSI response wifi: ath11k: Fix failure to connect to a 6 GHz AP ipv6: annotate data-races over sysctl.flowlabel_reflect ext4: use reserved metadata blocks when splitting extent on endio Bluetooth: btusb: Add support for MediaTek7920 0489:e158 net: sfp: add quirk for Lantech 8330-265D PCI/AER: Clear stale errors on reporting agents upon probe scsi: ufs: mediatek: Fix page faults in ufs_mtk_clk_scale() trace event riscv: vector: init vector context with proper vlenb HID: i2c-hid: Add FocalTech FT8112 9p/xen: protect xen_9pfs_front_free against concurrent calls soundwire: intel_auxdevice: add cs42l45 codec to wake_capable_list most: remove usage of the deprecated ida_simple_xx() API most: core: fix resource leak in most_register_interface error paths usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() serial: 8250: 8250_omap.c: Add support for handling UART error conditions mfd: intel-lpss: Add Intel Nova Lake-S PCI IDs ACPI: x86: Force enabling of PWM2 on the Yogabook YB1-X90 drm/amd/display: Fix writeback on DCN 3.2+ drm/amd/display: Fix system resume lag issue drm/amd/display: bypass post csc for additional color spaces in dal spi: spidev: fix lock inversion between spi_lock and buf_lock Bluetooth: L2CAP: Avoid -Wflex-array-member-not-at-end warnings Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short kcm: fix zero-frag skb in frag_list on partial sendmsg error net/mlx5: E-switch, Clear legacy flag when moving to switchdev net/mlx5e: Separate address related variables to be in struct net/mlx5e: Support routed networks during IPsec MACs initialization net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query drm/tests: shmem: Swap names of export tests KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR media: amphion: Drop min_queued_buffers assignment media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() media: i2c: ov01a10: Fix passing stream instead of pad to v4l2_subdev_state_get_format() media: ccs: Fix setting initial sub-device state platform/x86: ISST: Add missing write block check bus: omap-ocp2scp: fix OF populate on driver rebind media: stm32: dcmipp: bytecap: clear all interrupts upon stream stop drm/buddy: Prevent BUG_ON by validating rounded allocation xfs: remove xfs_attr_leaf_hasname mfd: qcom-pm8xxx: Fix OF populate on driver rebind mfd: omap-usb-host: Fix OF populate on driver rebind xfs: fix the xattr scrub to detect freemap/entries array collisions pinctrl: intel: Add code name documentation xfs: check for deleted cursors when revalidating two btrees vhost: move vdpa group bound check to vhost_vdpa clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841 mm/slab: use unsigned long for orig_size to ensure proper metadata align drm/amd/display: Increase DCN35 SR enter/exit latency drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify mm: numa_memblks: Identify the accurate NUMA ID of CFMW drm/amdgpu: keep vga memory on MacBooks with switchable graphics most: core: fix leak on early registration failure Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req UBUNTU: Upstream stable to v6.6.128, v6.12.75 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2150809/+subscriptions