Ubuntu
linux package

LXD fan bridge causes blocked tasks

Bug #2064176 reported by Wesley Hershberger on 2024-04-29

This bug affects 3 people

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Undecided	Unassigned
Jammy	Fix Released	Medium	Aleksandr Mikhalitsyn
Noble	Fix Released	Medium	Aleksandr Mikhalitsyn
Oracular	Fix Released	Medium	Aleksandr Mikhalitsyn

Bug Description

SRU Justification:

[Impact]

User can trigger a host crash on Jammy/Noble by launching
a container which uses Ubuntu FAN network in LXD.

[Fix]

A first proposed patch fixes RCU locking by releasing rcu_read_lock
on the skb discard codepath.

Second patch just use a proper way (dev_core_stats_tx_dropped_inc() function)
to increase netdev's tx_dropped statistic value.

[Test Plan]

As provided by Max Asnaashari:

# Install LXD from channel latest/stable
snap install lxd --channel latest/stable

# Configure LXD
lxd init --auto

# Create a FAN network
lxc network create lxdfan0 bridge.mode=fan ipv4.nat=true

# Launch a container using the FAN network
lxc launch ubuntu-minimal:22.04 c1 --network lxdfan0

# Try to interact with LXD
lxc ls

[Where problems could occur]

Change is local and only related to Ubuntu FAN code. I would not expect
any problems with this patchset.

Hi, cross posting this from https://github.com/canonical/lxd/issues/12161

I've got a lxd cluster running across 3 VMs using the fan bridge. I'm using a dev revision of LXD based on 6413a948. Creating a container causes the trace in the attached syslog snippet; this causes the container creation process to hang indefinitely. ssh logins, `lxc shell cluster1`, and `ps -aux` also hang.

Apr 29 17:15:01 cluster1 kernel: [ 161.250951] ------------[ cut here ]------------
Apr 29 17:15:01 cluster1 kernel: [ 161.250957] Voluntary context switch within RCU read-side critical section!
Apr 29 17:15:01 cluster1 kernel: [ 161.250990] WARNING: CPU: 2 PID: 510 at kernel/rcu/tree_plugin.h:320 rcu_note_context_switch+0x2a7/0x2f0
Apr 29 17:15:01 cluster1 kernel: [ 161.251003] Modules linked in: nft_masq nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 vxlan ip6_udp_tunnel udp_tunnel dummy br
idge stp llc zfs(PO) spl(O) nf_tables libcrc32c nfnetlink vhost_vsock vhost vhost_iotlb binfmt_misc nls_iso8859_1 intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass crct10dif
_pclmul crc32_pclmul virtio_gpu polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 virtio_dma_buf aesni_intel vmw_vsock_virtio_transport 9pnet_virtio xhci_
pci drm_shmem_helper i2c_i801 ahci 9pnet vmw_vsock_virtio_transport_common xhci_pci_renesas drm_kms_helper libahci crypto_simd joydev virtio_input cryptd lpc_ich virtiofs i2c_smbus
vsock psmouse input_leds mac_hid serio_raw rapl qemu_fw_cfg vmgenid nfsd dm_multipath auth_rpcgss scsi_dh_rdac nfs_acl lockd scsi_dh_emc scsi_dh_alua grace sch_fq_codel drm sunrpc
efi_pstore virtio_rng ip_tables x_tables autofs4
Apr 29 17:15:01 cluster1 kernel: [ 161.251085] CPU: 2 PID: 510 Comm: nmbd Tainted: P O 6.5.0-28-generic #29~22.04.1-Ubuntu
Apr 29 17:15:01 cluster1 kernel: [ 161.251089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)/LXD, BIOS unknown 2/2/2022
Apr 29 17:15:01 cluster1 kernel: [ 161.251091] RIP: 0010:rcu_note_context_switch+0x2a7/0x2f0
Apr 29 17:15:01 cluster1 kernel: [ 161.251095] Code: 08 f0 83 44 24 fc 00 48 89 de 4c 89 f7 e8 d1 af ff ff e9 1e fe ff ff 48 c7 c7 d0 60 56 88 c6 05 e6 27 40 02 01 e8 79 b2 f2 ff
<0f> 0b e9 bd fd ff ff a9 ff ff ff 7f 0f 84 75 fe ff ff 65 48 8b 3c
Apr 29 17:15:01 cluster1 kernel: [ 161.251098] RSP: 0018:ffffb9cbc11dbbc8 EFLAGS: 00010046
Apr 29 17:15:01 cluster1 kernel: [ 161.251101] RAX: 0000000000000000 RBX: ffff941ef7cb3f80 RCX: 0000000000000000
Apr 29 17:15:01 cluster1 kernel: [ 161.251103] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
Apr 29 17:15:01 cluster1 kernel: [ 161.251104] RBP: ffffb9cbc11dbbe8 R08: 0000000000000000 R09: 0000000000000000
Apr 29 17:15:01 cluster1 kernel: [ 161.251106] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
Apr 29 17:15:01 cluster1 kernel: [ 161.251111] R13: ffff941d893e9980 R14: 0000000000000000 R15: ffff941d80ad7a80
Apr 29 17:15:01 cluster1 kernel: [ 161.251113] FS: 00007c7dcbdb8a00(0000) GS:ffff941ef7c80000(0000) knlGS:0000000000000000
Apr 29 17:15:01 cluster1 kernel: [ 161.251115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Apr 29 17:15:01 cluster1 kernel: [ 161.251117] CR2: 00005a30877ae488 CR3: 0000000105888003 CR4: 0000000000170ee0
Apr 29 17:15:01 cluster1 kernel: [ 161.251122] Call Trace:
Apr 29 17:15:01 cluster1 kernel: [ 161.251128] <TASK>
Apr 29 17:15:01 cluster1 kernel: [ 161.251133] ? show_regs+0x6d/0x80
Apr 29 17:15:01 cluster1 kernel: [ 161.251145] ? __warn+0x89/0x160
Apr 29 17:15:01 cluster1 kernel: [ 161.251152] ? rcu_note_context_switch+0x2a7/0x2f0
Apr 29 17:15:01 cluster1 kernel: [ 161.251155] ? report_bug+0x17e/0x1b0
Apr 29 17:15:01 cluster1 kernel: [ 161.251172] ? handle_bug+0x46/0x90
Apr 29 17:15:01 cluster1 kernel: [ 161.251187] ? exc_invalid_op+0x18/0x80
Apr 29 17:15:01 cluster1 kernel: [ 161.251190] ? asm_exc_invalid_op+0x1b/0x20
Apr 29 17:15:01 cluster1 kernel: [ 161.251202] ? rcu_note_context_switch+0x2a7/0x2f0
Apr 29 17:15:01 cluster1 kernel: [ 161.251205] ? rcu_note_context_switch+0x2a7/0x2f0
Apr 29 17:15:01 cluster1 kernel: [ 161.251208] __schedule+0xcc/0x750
Apr 29 17:15:01 cluster1 kernel: [ 161.251218] schedule+0x63/0x110
Apr 29 17:15:01 cluster1 kernel: [ 161.251222] schedule_hrtimeout_range_clock+0xbc/0x130
Apr 29 17:15:01 cluster1 kernel: [ 161.251238] ? __pfx_hrtimer_wakeup+0x10/0x10
Apr 29 17:15:01 cluster1 kernel: [ 161.251245] schedule_hrtimeout_range+0x13/0x30
Apr 29 17:15:01 cluster1 kernel: [ 161.251248] ep_poll+0x33f/0x390
Apr 29 17:15:01 cluster1 kernel: [ 161.251254] ? __pfx_ep_autoremove_wake_function+0x10/0x10
Apr 29 17:15:01 cluster1 kernel: [ 161.251257] do_epoll_wait+0xdb/0x100
Apr 29 17:15:01 cluster1 kernel: [ 161.251259] __x64_sys_epoll_wait+0x6f/0x110
Apr 29 17:15:01 cluster1 kernel: [ 161.251265] do_syscall_64+0x5b/0x90
Apr 29 17:15:01 cluster1 kernel: [ 161.251270] ? do_epoll_ctl+0x3cb/0x860
Apr 29 17:15:01 cluster1 kernel: [ 161.251273] ? __task_pid_nr_ns+0x6c/0xc0
Apr 29 17:15:01 cluster1 kernel: [ 161.251279] ? exit_to_user_mode_prepare+0x30/0xb0
Apr 29 17:15:01 cluster1 kernel: [ 161.251284] ? syscall_exit_to_user_mode+0x37/0x60
Apr 29 17:15:01 cluster1 kernel: [ 161.251286] ? do_syscall_64+0x67/0x90
Apr 29 17:15:01 cluster1 kernel: [ 161.251288] ? syscall_exit_to_user_mode+0x37/0x60
Apr 29 17:15:01 cluster1 kernel: [ 161.251300] ? do_syscall_64+0x67/0x90
Apr 29 17:15:01 cluster1 kernel: [ 161.251304] ? syscall_exit_to_user_mode+0x37/0x60
Apr 29 17:15:01 cluster1 kernel: [ 161.251306] ? do_syscall_64+0x67/0x90
Apr 29 17:15:01 cluster1 kernel: [ 161.251309] ? do_syscall_64+0x67/0x90
Apr 29 17:15:01 cluster1 kernel: [ 161.251313] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Apr 29 17:15:01 cluster1 kernel: [ 161.251316] RIP: 0033:0x7c7dcf325dea
Apr 29 17:15:01 cluster1 kernel: [ 161.251333] Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 e8 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e c3 0f 1f 44 00 00 48 83 ec 28 89 54 24 18
Apr 29 17:15:01 cluster1 kernel: [ 161.251335] RSP: 002b:00007ffdde5e0278 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8
Apr 29 17:15:01 cluster1 kernel: [ 161.251338] RAX: ffffffffffffffda RBX: 00005a30877a2ea0 RCX: 00007c7dcf325dea
Apr 29 17:15:01 cluster1 kernel: [ 161.251340] RDX: 0000000000000001 RSI: 00007ffdde5e02ac RDI: 0000000000000005
Apr 29 17:15:01 cluster1 kernel: [ 161.251341] RBP: 00005a3087794590 R08: 00000000000f423f R09: 00007ffdde5e0357
Apr 29 17:15:01 cluster1 kernel: [ 161.251343] R10: 00000000000003e8 R11: 0000000000000246 R12: 00005a30877a2f30
Apr 29 17:15:01 cluster1 kernel: [ 161.251345] R13: 00000000000003e8 R14: 0000000000000090 R15: 000000000000000a
Apr 29 17:15:01 cluster1 kernel: [ 161.251348] </TASK>
Apr 29 17:15:01 cluster1 kernel: [ 161.251349] ---[ end trace 0000000000000000 ]---

See original description

Tags:

CVE References

Revision history for this message

Wesley Hershberger (whershberger) wrote on 2024-04-29:

syslog Edit (71.5 KiB, text/html)

Revision history for this message

Wesley Hershberger (whershberger) wrote on 2024-04-29:

apport.linux-image-6.5.0-28-generic._9l2i4n1.apport Edit (5.0 KiB, text/plain)

Revision history for this message

Simon Déziel (sdeziel) wrote on 2024-09-03 (last edit on 2024-09-03):

This was also reproduced Noble's 6.8 kernel as seen in https://github.com/canonical/lxd/issues/14025

Revision history for this message

Aleksandr Mikhalitsyn (mihalicyn) wrote on 2024-09-06:

0001-UBUNTU-SAUCE-fan-release-rcu_read_lock-on-skb-discar.patch Edit (1.1 KiB, text/plain)

https://lists.ubuntu.com/archives/kernel-team/2024-September/153510.html

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-09-06:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status:	New → Confirmed

Ubuntu Foundations Team Bug Bot (crichton) on 2024-09-07

tags:

added: patch

Aleksandr Mikhalitsyn (mihalicyn) on 2024-09-09

description:

updated

Revision history for this message

Aleksandr Mikhalitsyn (mihalicyn) wrote on 2024-09-09:

v2 submitted https://lists.ubuntu.com/archives/kernel-team/2024-September/153551.html

Revision history for this message

Aleksandr Mikhalitsyn (mihalicyn) wrote on 2024-09-27:

patch for Jammy https://lists.ubuntu.com/archives/kernel-team/2024-September/154056.html

Aleksandr Mikhalitsyn (mihalicyn) on 2024-09-30

Changed in linux (Ubuntu):
status:	Confirmed → In Progress

Roxana Nicolescu (roxanan) on 2024-10-07

Changed in linux (Ubuntu Jammy):
status:	New → Fix Committed

Revision history for this message

Roxana Nicolescu (roxanan) wrote on 2024-10-07:

Please make sure to add the target series in the bug next time.

Changed in linux (Ubuntu Noble):
status:	New → Fix Committed
Changed in linux (Ubuntu):
status:	In Progress → Invalid
Changed in linux (Ubuntu Jammy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Noble):
importance:	Undecided → Medium
Changed in linux (Ubuntu Jammy):
assignee:	nobody → Aleksandr Mikhalitsyn (mihalicyn)
Changed in linux (Ubuntu Noble):
assignee:	nobody → Aleksandr Mikhalitsyn (mihalicyn)

Revision history for this message

Aleksandr Mikhalitsyn (mihalicyn) wrote on 2024-10-11:

I don't think that I have permissions for that ;-)

R (rkuiperskyline) on 2024-10-12

Changed in linux (Ubuntu Noble):
status:	Fix Committed → Fix Released

Simone Pelosi (pelpsi) on 2024-10-15

Changed in linux (Ubuntu Noble):
status:	Fix Released → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-11-18:

#10

This bug is awaiting verification that the linux/5.15.0-127.137 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux' to 'verification-done-jammy-linux'. If the problem still exists, change the tag 'verification-needed-jammy-linux' to 'verification-failed-jammy-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-v2 verification-needed-jammy-linux

Aleksandr Mikhalitsyn (mihalicyn) on 2024-11-19

tags:

added: verification-done-jammy-linux
removed: verification-needed-jammy-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-11-20:

#11

This bug is awaiting verification that the linux/6.8.0-50.51 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux' to 'verification-done-noble-linux'. If the problem still exists, change the tag 'verification-needed-noble-linux' to 'verification-failed-noble-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-v2 verification-needed-noble-linux

Revision history for this message

Mehmet Basaran (mehmetbasaran) wrote on 2024-11-21:

#12

The same issue existed in oracular kernel. The patch that was applied to noble is also applied to oracular cleanly.

Changed in linux (Ubuntu Oracular):
status:	New → Fix Committed
importance:	Undecided → Medium
assignee:	nobody → Aleksandr Mikhalitsyn (mihalicyn)

Aleksandr Mikhalitsyn (mihalicyn) on 2024-11-21

tags:

added: verification-done-noble-linux
removed: verification-needed-noble-linux

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-11-26:

#13

This bug is awaiting verification that the linux/6.11.0-12.13 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-oracular-linux' to 'verification-done-oracular-linux'. If the problem still exists, change the tag 'verification-needed-oracular-linux' to 'verification-failed-oracular-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-oracular-linux-v2 verification-needed-oracular-linux

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-12-10:

#14

Download full text (143.6 KiB)

This bug was fixed in the package linux - 6.8.0-50.51

---------------
linux (6.8.0-50.51) noble; urgency=medium

* noble/linux: 6.8.0-50.51 -proposed tracker (LP: #2086301)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2024.10.28)

This bug was fixed in the package linux - 6.8.0-50.51

---------------
linux (6.8.0-50.51) noble; urgency=medium

* noble/linux: 6.8.0-50.51 -proposed tracker (LP: #2086301)

* Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2024.10.28)

* Noble update: upstream stable patchset 2024-10-31 (LP: #2086138)
    - device property: Add cleanup.h based fwnode_handle_put() scope based
      cleanup.
    - device property: Introduce device_for_each_child_node_scoped()
    - iio: adc: ad7124: Switch from of specific to fwnode based property handling
    - ksmbd: override fsids for share path check
    - ksmbd: override fsids for smb2_query_info()
    - usbnet: ipheth: remove extraneous rx URB length check
    - usbnet: ipheth: drop RX URBs with no payload
    - usbnet: ipheth: do not stop RX on failing RX callback
    - usbnet: ipheth: fix carrier detection in modes 1 and 4
    - net: ethernet: use ip_hdrlen() instead of bit shift
    - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
    - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
    - net: phy: vitesse: repair vsc73xx autonegotiation
    - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
    - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
    - net: hns3: use correct release function during uninitialization
    - btrfs: update target inode's ctime on unlink
    - Input: ads7846 - ratelimit the spi_sync error message
    - Input: synaptics - enable SMBus for HP Elitebook 840 G2
    - HID: multitouch: Add support for GT7868Q
    - scripts: kconfig: merge_config: config files: add a trailing newline
    - platform/surface: aggregator_registry: Add Support for Surface Pro 10
    - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3
    - drm/msm/adreno: Fix error return if missing firmware-name
    - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
    - smb/server: fix return value of smb2_open()
    - NFSv4: Fix clearing of layout segments in layoutreturn
    - NFS: Avoid unnecessary rescanning of the per-server delegation list
    - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
    - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
    - mptcp: pm: Fix uaf in __timer_delete_sync
    - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on
      RK3399 Puma
    - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
      Puma
    - minmax: reduce min/max macro expansion in atomisp driver
    - net: tighten bad gso csum offset check in virtio_net_hdr
    - dm-integrity: fix a race condition when accessing recalc_sector
    - x86/hyperv: fix kexec crash due to VP assist page corruption
    - mm: avoid leaving partial pfn mappings around in error case
    - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
    - drm/amd/display: Disable error correction if it's not supported
    - drm/amd/display: Fix FEC_READY write on DP LT
    - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
    - cxl/core: Fix incorrect vendor debug UUID define
    - selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected()
    - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >=
      1.2
    - ice: Fix lldp packets dropping after changing the number of channels
    - ice: fix accounting for filters shared by multiple VSIs
    - ice: fix VSI lists confusion when adding VLANs
    - igb: Always call igb_xdp_ring_update_tail() under Tx lock
    - net/mlx5: Update the list of the PCI supported devices
    - net/mlx5e: Add missing link modes to ptys2ethtool_map
    - net/mlx5e: Add missing link mode to ptys2ext_ethtool_map
    - net/mlx5: Explicitly set scheduling element and TSAR type
    - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
    - net/mlx5: Correct TASR typo into TSAR
    - net/mlx5: Verify support for scheduling element and TSAR type
    - net/mlx5: Fix bridge mode operations when there are no VFs
    - fou: fix initialization of grc
    - octeontx2-af: Modify SMQ flush sequence to drop packets
    - net: ftgmac100: Enable TX interrupt to avoid TX timeout
    - selftests: net: csum: Fix checksums for packets with non-zero padding
    - netfilter: nft_socket: fix sk refcount leaks
    - net: dsa: felix: ignore pending status of TAS module when it's disabled
    - net: dpaa: Pad packets to ETH_ZLEN
    - tracing/osnoise: Fix build when timerlat is not enabled
    - spi: nxp-fspi: fix the KASAN report out-of-bounds bug
    - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl
    - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
    - drm/nouveau/fb: restore init() for ramgp102
    - drm/amdgpu/atomfirmware: Silence UBSAN warning
    - drm/amd/amdgpu: apply command submission parser for JPEG v1
    - spi: geni-qcom: Undo runtime PM changes at driver exit time
    - spi: geni-qcom: Fix incorrect free_irq() sequence
    - drm/i915/guc: prevent a possible int overflow in wq offsets
    - ASoC: codecs: avoid possible garbage value in peb2466_reg_read()
    - cifs: Fix signature miscalculation
    - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
    - ASoC: meson: axg-card: fix 'use-after-free'
    - drm/mediatek: Set sensible cursor width/height values to fix crash
    - Input: edt-ft5x06 - add support for FocalTech FT5452 and FT8719
    - Input: edt-ft5x06 - add support for FocalTech FT8201
    - cgroup/cpuset: Eliminate unncessary sched domains rebuilds in hotplug
    - spi: zynqmp-gqspi: Scale timeout by data size
    - drm/xe: use devm instead of drmm for managed bo
    - net: libwx: fix number of Rx and Tx descriptors
    - clocksource: hyper-v: Use lapic timer in a TDX VM without paravisor
    - bcachefs: Fix bch2_extents_match() false positive
    - bcachefs: Don't delete open files in online fsck
    - firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
    - riscv: dts: starfive: jh7110-common: Fix lower rate of CPUfreq by setting
      PLL0 rate to 1.5GHz
    - cxl: Restore XOR'd position bits during address translation
    - netlink: specs: mptcp: fix port endianness
    - drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
    - drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
    - drm/amd/amdgpu: apply command submission parser for JPEG v2+
    - drm/xe/client: fix deadlock in show_meminfo()
    - drm/xe/client: remove bogus rcu list usage
    - drm/xe/client: add missing bo locking in show_meminfo()
    - tracing/kprobes: Fix build error when find_module() is not available
    - drm/xe/display: fix compat IS_DISPLAY_STEP() range end
    - Upstream stable to v6.6.52, v6.10.11

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849)
    - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE
    - KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing
    - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
      devices
    - ALSA: hda/realtek: add patch for internal mic in Lenovo V145
    - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
    - ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
    - ata: libata: Fix memory leak for error path in ata_host_alloc()
    - irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
    - x86/kaslr: Expose and use the end of the physical memory address space
    - nvme-pci: Add sleep quirk for Samsung 990 Evo
    - rust: types: Make Opaque::get const
    - rust: macros: provide correct provenance when constructing THIS_MODULE
    - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
    - Bluetooth: MGMT: Ignore keys being loaded with invalid type
    - mmc: core: apply SD quirks earlier during probe
    - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
    - mmc: sdhci-of-aspeed: fix module autoloading
    - mmc: cqhci: Fix checking of CQHCI_HALT state
    - fuse: update stats for pages in dropped aux writeback list
    - fuse: use unsigned type for getxattr/listxattr size truncation
    - fuse: fix memory leak in fuse_create_open
    - clk: starfive: jh7110-sys: Add notifier for PLL0 clock
    - clk: qcom: clk-alpha-pll: Fix the pll post div mask
    - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
    - kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y
    - tracing: Avoid possible softlockup in tracing_iter_reset()
    - tracing/timerlat: Add interface_lock around clearing of kthread in
      stop_kthread()
    - net: mctp-serial: Fix missing escapes on transmit
    - x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
    - x86/apic: Make x2apic_disable() work correctly
    - drm/i915: Do not attempt to load the GSC multiple times
    - ALSA: control: Apply sanity check of input values for user elements
    - ALSA: hda: Add input value sanity checks to HDMI channel map controls
    - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he()
    - smack: unix sockets: fix accept()ed socket label
    - bpf, verifier: Correct tail_call_reachable for bpf prog
    - accel/habanalabs/gaudi2: unsecure edma max outstanding register
    - irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
    - af_unix: Remove put_pid()/put_cred() in copy_peercred().
    - x86/kmsan: Fix hook for unaligned accesses
    - iommu: sun50i: clear bypass register
    - netfilter: nf_conncount: fix wrong variable type
    - fs/ntfs3: One more reason to mark inode bad
    - riscv: kprobes: Use patch_text_nosync() for insn slots
    - media: vivid: fix wrong sizeimage value for mplane
    - leds: spi-byte: Call of_node_put() on error path
    - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
    - usb: uas: set host status byte on data completion error
    - drm/amd/display: Check HDCP returned status
    - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
    - media: vivid: don't set HDMI TX controls if there are no HDMI outputs
    - vfio/spapr: Always clear TCEs before unsetting the window
    - ice: Check all ice_vsi_rebuild() errors in function
    - Input: ili210x - use kvmalloc() to allocate buffer for firmware update
    - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
    - pcmcia: Use resource_size function on resource object
    - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
    - can: m_can: Release irq on error in m_can_open
    - can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD
      mode
    - rust: kbuild: fix export of bss symbols
    - cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
    - igb: Fix not clearing TimeSync interrupts for 82580
    - platform/x86: dell-smbios: Fix error path in dell_smbios_init()
    - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
    - can: kvaser_pciefd: Skip redundant NULL pointer check in ISR
    - can: kvaser_pciefd: Remove unnecessary comment
    - can: kvaser_pciefd: Rename board_irq to pci_irq
    - can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR
    - can: kvaser_pciefd: Use a single write when releasing RX buffers
    - Bluetooth: qca: If memdump doesn't work, re-enable IBS
    - Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once
    - Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT
    - igc: Unlock on error in igc_io_resume()
    - ice: do not bring the VSI up, if it was down before the XDP setup
    - usbnet: modern method to get random MAC
    - bpf, net: Fix a potential race in do_sock_getsockopt()
    - bareudp: Fix device stats updates.
    - r8152: fix the firmware doesn't work
    - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
    - net: dsa: vsc73xx: fix possible subblocks range of CAPT block
    - selftests: net: enable bind tests
    - firmware: cs_dsp: Don't allow writes to read-only controls
    - phy: zynqmp: Take the phy mutex in xlate
    - ASoC: topology: Properly initialize soc_enum values
    - dm init: Handle minors larger than 255
    - iommu/vt-d: Handle volatile descriptor status read
    - cgroup: Protect css->cgroup write under css_set_lock
    - devres: Initialize an uninitialized struct member
    - virtio_ring: fix KMSAN error for premapped mode
    - crypto: qat - fix unintentional re-enabling of error interrupts
    - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially
      broken alignment
    - libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
    - drm/amdgpu: Set no_hw_access when VF request full GPU fails
    - ext4: fix possible tid_t sequence overflows
    - jbd2: avoid mount failed when commit block is partial submitted
    - dma-mapping: benchmark: Don't starve others when doing the test
    - drm/amdgpu: reject gang submit on reserved VMIDs
    - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
    - fs/ntfs3: Check more cases when directory is corrupted
    - btrfs: replace BUG_ON with ASSERT in walk_down_proc()
    - cxl/region: Verify target positions using the ordered target list
    - riscv: set trap vector earlier
    - tcp: Don't drop SYN+ACK for simultaneous connect().
    - net: dpaa: avoid on-stack arrays of NR_CPUS elements
    - LoongArch: Use correct API to map cmdline in relocate_kernel()
    - regmap: maple: work around gcc-14.1 false-positive warning
    - vfs: Fix potential circular locking through setxattr() and removexattr()
    - i3c: master: svc: resend target address when get NACK
    - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated
    - btrfs: initialize location to fix -Wmaybe-uninitialized in
      btrfs_lookup_dentry()
    - s390/vmlinux.lds.S: Move ro_after_init section behind rodata section
    - usbnet: ipheth: race between ipheth_close and error handling
    - spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register
    - ata: pata_macio: Use WARN instead of BUG
    - NFSv4: Add missing rescheduling points in
      nfs_client_return_marked_delegations
    - ACPI: CPPC: Add helper to get the highest performance value
    - cpufreq: amd-pstate: Enable amd-pstate preferred core support
    - cpufreq: amd-pstate: fix the highest frequency issue which limits
      performance
    - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
    - iio: buffer-dmaengine: fix releasing dma channel on error
    - iio: fix scale application in iio_convert_raw_to_processed_unlocked
    - iio: adc: ad7124: fix config comparison
    - iio: adc: ad7606: remove frstdata check for serial mode
    - iio: adc: ad7124: fix chip ID mismatch
    - usb: dwc3: core: update LC timer as per USB Spec V3.2
    - usb: cdns2: Fix controller reset issue
    - usb: dwc3: Avoid waking up gadget during startxfer
    - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
    - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
    - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
    - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
    - clocksource/drivers/timer-of: Remove percpu irq related code
    - uprobes: Use kzalloc to allocate xol area
    - Revert "mm: skip CMA pages when they are not available"
    - workqueue: wq_watchdog_touch is always called with valid CPU
    - workqueue: Improve scalability of workqueue watchdog touch
    - ACPI: processor: Return an error if acpi_processor_get_info() fails in
      processor_add()
    - ACPI: processor: Fix memory leaks in error paths of processor_add()
    - arm64: acpi: Move get_cpu_for_acpi_id() to a header
    - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate
      function
    - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum
    - can: mcp251xfd: clarify the meaning of timestamp
    - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
    - drm/amd: Add gfx12 swizzle mode defs
    - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
    - ata: libata-scsi: Remove redundant sense_buffer memsets
    - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf
    - crypto: starfive - Align rsa input data to 32-bit
    - crypto: starfive - Fix nent assignment in rsa dec
    - clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
    - powerpc/64e: remove unused IBM HTW code
    - powerpc/64e: split out nohash Book3E 64-bit code
    - powerpc/64e: Define mmu_pte_psize static
    - powerpc/vdso: Don't discard rela sections
    - ASoC: tegra: Fix CBB error during probe()
    - nvme-pci: allocate tagset on reset if necessary
    - ASoc: SOF: topology: Clear SOF link platform name upon unload
    - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
    - clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
    - clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time
    - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
    - drm/i915/fence: Mark debug_fence_free() with __maybe_unused
    - gpio: rockchip: fix OF node leak in probe()
    - gpio: modepin: Enable module autoloading
    - riscv: Fix toolchain vector detection
    - riscv: Do not restrict memory size because of linear mapping on nommu
    - membarrier: riscv: Add full memory barrier in switch_mm()
    - [Config] updateconfigs for ARCH_HAS_MEMBARRIER_CALLBACKS
    - x86/mm: Fix PTI for i386 some more
    - btrfs: fix race between direct IO write and fsync when using same fd
    - spi: spi-fsl-lpspi: Fix off-by-one in prescale max
    - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx
    - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15
      X1504VAP
    - fuse: clear PG_uptodate when using a stolen page
    - riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code
    - parisc: Delay write-protection until mark_rodata_ro() call
    - pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now
    - maple_tree: remove rcu_read_lock() from mt_validate()
    - Revert "wifi: ath11k: restore country code during resume"
    - btrfs: qgroup: don't use extent changeset when not needed
    - btrfs: zoned: handle broken write pointer on zones
    - drm/xe/gsc: Do not attempt to load the GSC multiple times
    - drm/amdgpu: always allocate cleared VRAM for GEM allocations
    - drm/amd/display: Lock DC and exit IPS when changing backlight
    - ALSA: hda/realtek: extend quirks for Clevo V5[46]0
    - cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition
    - virt: sev-guest: Mark driver struct with __refdata to prevent section
      mismatch
    - media: b2c2: flexcop-usb: fix flexcop_usb_memory_req
    - gve: Add adminq mutex lock
    - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware
    - drm/amdgpu: add missing error handling in function
      amdgpu_gmc_flush_gpu_tlb_pasid
    - crypto: qat - initialize user_input.lock for rate_limiting
    - locking: Add rwsem_assert_held() and rwsem_assert_held_write()
    - fs: don't copy to userspace under namespace semaphore
    - fs: relax permissions for statmount()
    - seccomp: release task filters when the task exits
    - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported
    - can: m_can: Remove m_can_rx_peripheral indirection
    - can: m_can: Do not cancel timer from within timer
    - mm: Provide a means of invalidation without using launder_folio
    - cifs: Fix copy offload to flush destination region
    - hwmon: ltc2991: fix register bits defines
    - scripts: fix gfp-translate after ___GFP_*_BITS conversion to an enum
    - ptp: ocp: convert serial ports to array
    - ptp: ocp: adjust sysfs entries to expose tty information
    - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset
    - ice: remove ICE_CFG_BUSY locking from AF_XDP code
    - net: xilinx: axienet: Fix race in axienet_stop
    - iommu/vt-d: Remove control over Execute-Requested requests
    - block: don't call bio_uninit from bio_endio
    - tracing/kprobes: Add symbol counting check when module loads
    - perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated
    - PCI: qcom: Override NO_SNOOP attribute for SA8775P RC
    - staging: vchiq_core: Bubble up wait_event_interruptible() return value
    - watchdog: imx7ulp_wdt: keep already running watchdog enabled
    - btrfs: slightly loosen the requirement for qgroup removal
    - drm/amdgpu: add PSP RAS address query command
    - drm/amdgpu: add mutex to protect ras shared memory
    - s390/boot: Do not assume the decompressor range is reserved
    - drm/amdgpu: Fix two reset triggered in a row
    - drm/amdgpu: Add reset_context flag for host FLR
    - drm/amdgpu: Fix amdgpu_device_reset_sriov retry logic
    - fs: only copy to userspace on success in listmount()
    - iio: adc: ad7124: fix DT configuration parsing
    - nvmem: u-boot-env: error if NVMEM device is too small
    - mm: zswap: rename is_zswap_enabled() to zswap_is_enabled()
    - mm/memcontrol: respect zswap.writeback setting from parent cg too
    - path: add cleanup helper
    - fs: simplify error handling
    - fs: relax permissions for listmount()
    - hid: bpf: add BPF_JIT dependency
    - net/mlx5e: SHAMPO, Use KSMs instead of KLMs
    - net/mlx5e: SHAMPO, Fix page leak
    - drm/xe/xe2: Add workaround 14021402888
    - drm/xe/xe2lpg: Extend workaround 14021402888
    - clk: qcom: gcc-x1e80100: Fix USB 0 and 1 PHY GDSC pwrsts flags
    - clk: qcom: gcc-x1e80100: Don't use parking clk_ops for QUPs
    - nouveau: fix the fwsec sb verification register.
    - riscv: Add tracepoints for SBI calls and returns
    - riscv: Improve sbi_ecall() code generation by reordering arguments
    - riscv: Fix RISCV_ALTERNATIVE_EARLY
    - cifs: Fix zero_point init on inode initialisation
    - nvme: rename nvme_sc_to_pr_err to nvme_status_to_pr_err
    - nvme: fix status magic numbers
    - nvme: rename CDR/MORE/DNR to NVME_STATUS_*
    - nvmet: Identify-Active Namespace ID List command should reject invalid nsid
    - drm/i915/display: Add mechanism to use sink model when applying quirk
    - drm/i915/display: Increase Fast Wake Sync length as a quirk
    - LoongArch: Use accessors to page table entries instead of direct dereference
    - Upstream stable to v6.6.51, v6.10.10

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46823
    - kunit/overflow: Fix UB in overflow_allocation_test

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46834
    - ethtool: fail closed if we can't get max channel used in indirection tables

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46751
    - btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46753
    - btrfs: handle errors from btrfs_dec_ref() properly

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46841
    - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
      walk_down_proc()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46754
    - bpf: Remove tst_run from lwt_seg6local_prog_ops.

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46824
    - iommufd: Require drivers to supply the cache_invalidate_user ops

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46842
    - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46766
    - ice: move netif_queue_set_napi to rtnl-protected sections

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46772
    - drm/amd/display: Check denominator crb_pipes before used

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46774
    - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46775
    - drm/amd/display: Validate function returns

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46778
    - drm/amd/display: Check UnboundedRequestEnabled's value

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46779
    - drm/imagination: Free pvr_vm_gpuva after unlink

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46792
    - riscv: misaligned: Restrict user access to kernel memory

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46793
    - ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46735
    - ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46737
    - nvmet-tcp: fix kernel crash if commands allocation fails

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46822
    - arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46713
    - perf/aux: Fix AUX buffer serialization

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46739
    - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46740
    - binder: fix UAF caused by offsets overwrite

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46741
    - misc: fastrpc: Fix double free of 'buf' in error path

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-47663
    - staging: iio: frequency: ad9834: Validate frequency parameter value

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46832
    - MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-47668
    - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46744
    - Squashfs: sanity check symbolic link size

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46745
    - Input: uinput - reject requests with unreasonable number of slots

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46746
    - HID: amd_sfh: free driver_data after destroying hid device

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-47664
    - spi: hisi-kunpeng: Add verification for the max_frequency provided by the
      firmware

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-47665
    - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46749
    - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46750
    - PCI: Add missing bridge lock to pci_bus_lock()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46752
    - btrfs: replace BUG_ON() with error handling at update_ref_for_cow()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46840
    - btrfs: clean up our handling of refs == 0 in snapshot delete

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46755
    - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-47666
    - scsi: pm80xx: Set phy->enable_completion only when we wait for it

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46843
    - scsi: ufs: core: Remove SCSI host only if added

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46760
    - wifi: rtw88: usb: schedule rx work after everything is set up

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46761
    - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46844
    - um: line: always fill *error_out in setup_one_line()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46762
    - xen: privcmd: Fix possible access to a freed kirqfd instance

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46763
    - fou: Fix null-ptr-deref in GRO.

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46765
    - ice: protect XDP configuration with a mutex

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46767
    - net: phy: Fix missing of_node_put() for leds

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46768
    - hwmon: (hp-wmi-sensors) Check if WMI event data exists

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46770
    - ice: Add netif_device_attach/detach into PF reset flow

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46771
    - can: bcm: Remove proc entry when dev is unregistered.

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46773
    - drm/amd/display: Check denominator pbn_div before used

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-47667
    - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46835
    - drm/amdgpu: Fix smatch static checker warning

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46776
    - drm/amd/display: Run DC_LOG_DC after checking link->link_enc

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46836
    - usb: gadget: aspeed_udc: validate endpoint index for ast udc

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46777
    - udf: Avoid excessive partition lengths

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46825
    - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46826
    - ELF: fix kernel.randomize_va_space double read

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46827
    - wifi: ath12k: fix firmware crash due to invalid peer nss

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-47669
    - nilfs2: fix state management in error path of log writing function

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46780
    - nilfs2: protect references to superblock parameters exposed in sysfs

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46781
    - nilfs2: fix missing cleanup on rollforward recovery error

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46828
    - sched: sch_cake: fix bulk flow accounting logic for host fairness

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46782
    - ila: call nf_unregister_net_hooks() sooner

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46783
    - tcp_bpf: fix return value of tcp_bpf_sendmsg()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46784
    - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46785
    - eventfs: Use list_del_rcu() for SRCU protected list variable

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46786
    - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46787
    - userfaultfd: fix checks for huge PMDs

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46838
    - userfaultfd: don't BUG_ON() if khugepaged yanks our page table

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46845
    - tracing/timerlat: Only clear timer if a kthread exists

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46788
    - tracing/osnoise: Use a cpumask to know what threads are kthreads

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46846
    - spi: rockchip: Resolve unbalanced runtime PM / system PM handling

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46847
    - mm: vmalloc: ensure vmap_block is initialised before adding to queue

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46791
    - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46829
    - rtmutex: Drop rt_mutex::wait_lock before scheduling

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46848
    - perf/x86/intel: Limit the period on Haswell

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46794
    - x86/tdx: Fix data leak in mmio_read()

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46795
    - ksmbd: unset the binding mark of a reused connection

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46797
    - powerpc/qspinlock: Fix deadlock in MCS queue

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46830
    - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46798
    - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

* Noble update: upstream stable patchset 2024-10-29 (LP: #2085849) //
    CVE-2024-46831
    - net: microchip: vcap: Fix use-after-free error in kunit test

* Navi24 RX6300 light up issue on 6.8 kernel (LP: #2084513)
    - drm/amd/display: Ensure populate uclk in bb construction

* Noble update: upstream stable patchset 2024-10-18 (LP: #2084941)
    - drm/fb-helper: Don't schedule_work() to flush frame buffer during panic()
    - drm: panel-orientation-quirks: Add quirk for OrangePi Neo
    - scsi: ufs: core: Check LSDBS cap when !mcq
    - scsi: ufs: core: Bypass quick recovery if force reset is needed
    - btrfs: tree-checker: validate dref root and objectid
    - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
    - ALSA: hda/conexant: Mute speakers at suspend / shutdown
    - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception
    - ALSA: ump: Explicitly reset RPN with Null RPN
    - ALSA: seq: ump: Use the common RPN/bank conversion context
    - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception
    - ALSA: seq: ump: Explicitly reset RPN with Null RPN
    - net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule
    - ASoC: amd: yc: Support mic on HP 14-em0002la
    - spi: hisi-kunpeng: Add validation for the minimum value of speed_hz
    - i2c: Fix conditional for substituting empty ACPI functions
    - dma-debug: avoid deadlock between dma debug vs printk and netconsole
    - net: usb: qmi_wwan: add MeiG Smart SRM825L
    - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
    - ASoC: codecs: ES8326: button detect issue
    - selftests: mptcp: userspace pm create id 0 subflow
    - selftests: mptcp: dump userspace addrs list
    - selftests: mptcp: userspace pm get addr tests
    - selftests: mptcp: declare event macros in mptcp_lib
    - selftests: mptcp: join: cannot rm sf if closed
    - selftests: mptcp: add explicit test case for remove/readd
    - selftests: mptcp: join: check re-using ID of unused ADD_ADDR
    - selftests: mptcp: join: check re-adding init endp with != id
    - selftests: mptcp: add mptcp_lib_events helper
    - selftests: mptcp: join: validate event numbers
    - selftests: mptcp: join: check re-re-adding ID 0 signal
    - selftests: mptcp: join: test for flush/re-add endpoints
    - selftests: mptcp: join: disable get and dump addr checks
    - selftests: mptcp: join: stop transfer when check is done (part 2.2)
    - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
    - drm/amd/display: Assign linear_pitch_alignment even for VM
    - drm/amdgpu: fix overflowed array index read warning
    - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
    - drm/amd/pm: fix uninitialized variable warning
    - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
    - drm/amd/pm: fix warning using uninitialized value of max_vid_step
    - drm/amd/pm: Fix negative array index read
    - drm/amd/pm: fix the Out-of-bounds read warning
    - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
    - drm/amdgpu: avoid reading vf2pf info size from FB
    - drm/amd/display: Check gpio_id before used as array index
    - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
    - drm/amd/display: Check index for aux_rd_interval before using
    - drm/amd/display: Add array index check for hdcp ddc access
    - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
    - drm/amd/display: Check msg_id before processing transcation
    - drm/amd/display: Fix Coverity INTERGER_OVERFLOW within
      construct_integrated_info
    - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
      dal_gpio_service_create
    - drm/amd/display: Spinlock before reading event
    - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within
      decide_fallback_link_setting_max_bw_policy
    - drm/amd/display: Ensure index calculation will not overflow
    - drm/amd/display: Skip inactive planes within
      ModeSupportAndSystemConfiguration
    - drm/amd/display: Fix index may exceed array range within
      fpu_update_bw_bounding_box
    - drm/amd/amdgpu: Check tbo resource pointer
    - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
    - drm/amdgpu/pm: Fix uninitialized variable warning for smu10
    - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
    - drm/amdgpu: Fix the uninitialized variable warning
    - drm/amdkfd: Check debug trap enable before write dbg_ev_file
    - drm/amdkfd: Reconcile the definition and use of oem_id in struct
      kfd_topology_device
    - apparmor: fix possible NULL pointer dereference
    - wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem()
    - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem()
    - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy
      SOCs
    - drm/amdgpu: Fix the warning division or modulo by zero
    - drm/amdgpu: fix dereference after null check
    - drm/amdgpu: fix the waring dereferencing hive
    - drm/amd/pm: check specific index for aldebaran
    - drm/amd/pm: check specific index for smu13
    - drm/amdgpu: the warning dereferencing obj for nbio_v7_4
    - drm/amd/pm: check negtive return for table entries
    - wifi: rtw89: ser: avoid multiple deinit on same CAM
    - drm/kfd: Correct pinned buffer handling at kfd restore and validate process
    - drm/amdgpu: update type of buf size to u32 for eeprom functions
    - wifi: iwlwifi: remove fw_running op
    - cpufreq: scmi: Avoid overflow of target_freq in fast switch
    - PCI: al: Check IORESOURCE_BUS existence during probe
    - wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD
    - hwspinlock: Introduce hwspin_lock_bust()
    - soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host()
    - RDMA/efa: Properly handle unexpected AQ completions
    - ionic: fix potential irq name truncation
    - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode.
    - rcu/nocb: Remove buggy bypass lock contention mitigation
    - media: v4l2-cci: Always assign *val
    - usbip: Don't submit special requests twice
    - usb: typec: ucsi: Fix null pointer dereference in trace
    - fsnotify: clear PARENT_WATCHED flags lazily
    - net: remove NULL-pointer net parameter in ip_metrics_convert
    - drm/amdgu: fix Unintentional integer overflow for mall size
    - regmap: spi: Fix potential off-by-one when calculating reserved size
    - smack: tcp: ipv4, fix incorrect labeling
    - platform/chrome: cros_ec_lpc: MEC access can use an AML mutex
    - net/mlx5e: SHAMPO, Fix incorrect page release
    - drm/meson: plane: Add error handling
    - crypto: stm32/cryp - call finalize with bh disabled
    - gfs2: Revert "Add quota_change type"
    - drm/bridge: tc358767: Check if fully initialized before signalling HPD event
      via IRQ
    - dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking
      callbacks
    - dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
    - hwmon: (k10temp) Check return value of amd_smn_read()
    - wifi: cfg80211: make hash table duplicates more survivable
    - f2fs: fix to do sanity check on blocks for inline_data inode
    - driver: iio: add missing checks on iio_info's callback access
    - block: remove the blk_flush_integrity call in blk_integrity_unregister
    - drm/amdgpu: add skip_hw_access checks for sriov
    - drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb
    - drm/amdgpu: add lock in kfd_process_dequeue_from_device
    - drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay
    - drm/amd/display: added NULL check at start of dc_validate_stream
    - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
    - drm/amd/display: use preferred link settings for dp signal only
    - drm/amd/display: Check BIOS images before it is used
    - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
    - media: uvcvideo: Enforce alignment of frame and interval
    - virtio_net: Fix napi_skb_cache_put warning
    - i2c: Use IS_REACHABLE() for substituting empty ACPI functions
    - btrfs: factor out stripe length calculation into a helper
    - btrfs: scrub: update last_physical after scrubbing one stripe
    - btrfs: fix qgroup reserve leaks in cow_file_range
    - virtio-net: check feature before configuring the vq coalescing command
    - drm/amd/display: Handle the case which quad_part is equal 0
    - drm/amdgpu: Handle sg size limit for contiguous allocation
    - drm/amd/pm: fix uninitialized variable warning for smu_v13
    - drm/amdgpu: fix uninitialized scalar variable warning
    - drm/amd/display: Ensure array index tg_inst won't be -1
    - drm/amd/display: handle invalid connector indices
    - drm/amd/display: Increase MAX_LINKS by 2
    - drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
      max_links
    - drm/amd/display: Fix incorrect size calculation for loop
    - drm/amd/display: Use kcalloc() instead of kzalloc()
    - drm/amd/display: Add missing NULL pointer check within
      dpcd_extend_address_range
    - drm/amd/display: Release state memory if amdgpu_dm_create_color_properties
      fail
    - drm/amd/display: Check link_index before accessing dc->links[]
    - drm/amd/display: Add otg_master NULL check within
      resource_log_pipe_topology_update
    - drm/amd/display: Release clck_src memory if clk_src_construct fails
    - drm/amd/display: Fix writeback job lock evasion within dm_crtc_high_irq
    - drm/xe: Demote CCS_MODE info to debug only
    - drm/drm-bridge: Drop conditionals around of_node pointers
    - drm/amdgpu: fix uninitialized variable warning for amdgpu_xgmi
    - drm/amdgpu: fix uninitialized variable warning for jpeg_v4
    - drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl
    - wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850()
    - drm/amdgpu/pm: Check input value for power profile setting on smu11, smu13
      and smu14
    - drm/xe: Fix the warning conditions
    - drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35
    - wifi: cfg80211: restrict operation during radar detection
    - remoteproc: qcom_q6v5_pas: Add hwspinlock bust on stop
    - tcp: annotate data-races around tw->tw_ts_recent and tw->tw_ts_recent_stamp
    - drm/xe: Don't overmap identity VRAM mapping
    - net: tcp/dccp: prepare for tw_timer un-pinning
    - drm/xe: Ensure caller uses sole domain for xe_force_wake_assert_held
    - drm/xe: Check valid domain is passed in xe_force_wake_ref
    - thermal: trip: Use READ_ONCE() for lockless access to trip properties
    - drm/xe: Add GuC state asserts to deregister_exec_queue
    - drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating()
    - drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
    - drm/amd/display: Disable DMCUB timeout for DCN35
    - drm/amd/display: Avoid overflow from uint32_t to uint8_t
    - pinctrl: core: reset gpio_device in loop in pinctrl_pins_show()
    - Upstream stable to v6.6.50, v6.10.9

* CVE-2024-46747
    - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

* CVE-2024-46725
    - drm/amdgpu: Fix out-of-bounds write warning

* CVE-2024-46724
    - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

* [SRU] Fix AST DP output after resume (LP: #2083022)
    - drm/ast: Inline drm_simple_encoder_init()
    - drm/ast: Implement atomic enable/disable for encoders
    - drm/ast: Program mode for AST DP in atomic_mode_set
    - drm/ast: Move mode-setting code into mode_set_nofb CRTC helper
    - drm/ast: Handle primary-plane format setup in atomic_update
    - drm/ast: Remove gamma LUT updates from DPMS code
    - drm/ast: Only set VGA SCREEN_DISABLE bit in CRTC code
    - drm/ast: Inline ast_crtc_dpms() into callers
    - drm/ast: Use drm_atomic_helper_commit_tail() helper

* UBSAN array-index-out-of-bounds reported with N-6.8 on P9 node baltar
    (LP: #2078038)
    - scripts/kernel-doc: reindent
    - compiler_types: add Endianness-dependent __counted_by_{le, be}
    - scsi: aacraid: union aac_init: Replace 1-element array with flexible array
    - scsi: aacraid: struct aac_ciss_phys_luns_resp: Replace 1-element array with
      flexible array
    - scsi: aacraid: Rearrange order of struct aac_srb_unit
    - scsi: aacraid: struct {user, }sgmap{, 64, raw}: Replace 1-element arrays
      with flexible arrays

* r8169: transmit queue 0 timed out error when re-plugging the Ethernet cable
    (LP: #2084526)
    - r8169: disable ALDPS per default for RTL8125

* [SRU] cpufreq: intel_pstate: Support Emerald Rapids OOB mode (LP: #2084834)
    - cpufreq: intel_pstate: Support Emerald Rapids OOB mode

* CVE-2024-46723
    - drm/amdgpu: fix ucode out-of-bounds read warning

* CVE-2024-46743
    - of/irq: Prevent device address out-of-bounds read in interrupt map walk

* CVE-2024-46757
    - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

* [SRU] Ubuntu 24.04 - GPU cannot be installed with DL380a Gen12 (2P, SRF-SP)
    (LP: #2081079)
    - perf/x86/uncore: Save the unit control address of all units
    - perf/x86/uncore: Support per PMU cpumask
    - perf/x86/uncore: Retrieve the unit ID from the unit control RB tree
    - perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units
    - perf/x86/uncore: Apply the unit control RB tree to MSR uncore units
    - perf/x86/uncore: Apply the unit control RB tree to PCI uncore units
    - perf/x86/uncore: Cleanup unused unit structure
    - perf/x86/intel/uncore: Support HBM and CXL PMON counters

* Noble update: upstream stable patchset 2024-10-11 (LP: #2084225)
    - ALSA: seq: Skip event type filtering for UMP events
    - LoongArch: Remove the unused dma-direct.h
    - btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
    - btrfs: run delayed iputs when flushing delalloc
    - smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
    - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins
    - pinctrl: single: fix potential NULL dereference in pcs_get_function()
    - wifi: wfx: repair open network AP mode
    - wifi: mwifiex: duplicate static structs used in driver instances
    - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
    - mptcp: close subflow when receiving TCP+FIN
    - mptcp: sched: check both backup in retrans
    - mptcp: pm: reuse ID 0 after delete and re-add
    - mptcp: pm: skip connecting to already established sf
    - mptcp: pm: reset MPC endp ID when re-added
    - mptcp: pm: send ACK on an active subflow
    - mptcp: pm: do not remove already closed subflows
    - mptcp: pm: fix ID 0 endp usage after multiple re-creations
    - mptcp: pm: ADD_ADDR 0 is not a new address
    - selftests: mptcp: join: check removing ID 0 endpoint
    - selftests: mptcp: join: no extra msg if no counter
    - selftests: mptcp: join: check re-re-adding ID 0 endp
    - drm/amdgpu/swsmu: always force a state reprogram on init
    - drm/vmwgfx: Fix prime with external buffers
    - usb: typec: fix up incorrectly backported "usb: typec: tcpm: unregister
      existing source caps before re-registration"
    - ASoC: amd: acp: fix module autoloading
    - ASoC: SOF: amd: Fix for acp init sequence
    - pinctrl: mediatek: common-v2: Fix broken bias-disable for
      PULL_PU_PD_RSEL_TYPE
    - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev
      register
    - ovl: pass string to ovl_parse_layer()
    - ovl: fix wrong lowerdir number check for parameter Opt_lowerdir
    - ovl: ovl_parse_param_lowerdir: Add missed '\n' for pr_err
    - mm: Fix missing folio invalidation calls during truncation
    - cifs: Fix FALLOC_FL_PUNCH_HOLE support
    - selinux,smack: don't bypass permissions check in inode_setsecctx hook
    - iommufd: Do not allow creating areas without READ or WRITE
    - phy: fsl-imx8mq-usb: fix tuning parameter name
    - dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA
    - dmaengine: dw-edma: Do not enable watermark interrupts for HDMA
    - phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume
    - dmaengine: dw: Add peripheral bus width verification
    - dmaengine: dw: Add memory bus width verification
    - Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test
    - Bluetooth: btnxpuart: Handle FW Download Abort scenario
    - Bluetooth: btnxpuart: Fix random crash seen while removing driver
    - Bluetooth: hci_core: Fix not handling hibernation actions
    - iommu: Do not return 0 from map_pages if it doesn't do anything
    - netfilter: nf_tables: restore IP sanity checks for netdev/egress
    - wifi: iwlwifi: fw: fix wgds rev 3 exact size
    - ethtool: check device is present when getting link settings
    - netfilter: nf_tables_ipv6: consider network offset in netdev/egress
      validation
    - selftests: forwarding: no_forwarding: Down ports on cleanup
    - selftests: forwarding: local_termination: Down ports on cleanup
    - bonding: implement xdo_dev_state_free and call it after deletion
    - bonding: extract the use of real_device into local variable
    - bonding: change ipsec_lock from spin lock to mutex
    - gtp: fix a potential NULL pointer dereference
    - sctp: fix association labeling in the duplicate COOKIE-ECHO case
    - drm/amd/display: avoid using null object of framebuffer
    - net: busy-poll: use ktime_get_ns() instead of local_clock()
    - nfc: pn533: Add poll mod list filling check
    - soc: qcom: cmd-db: Map shared memory as WC, not WB
    - soc: qcom: pmic_glink: Actually communicate when remote goes down
    - soc: qcom: pmic_glink: Fix race during initialization
    - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
    - scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress
    - USB: serial: option: add MeiG Smart SRM825L
    - ARM: dts: imx6dl-yapp43: Increase LED current to match the yapp4 HW design
    - usb: dwc3: omap: add missing depopulate in probe error path
    - usb: dwc3: core: Prevent USB core invalid event buffer address access
    - usb: dwc3: st: fix probed platform device ref count on probe error path
    - usb: dwc3: st: add missing depopulate in probe error path
    - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
      remove_power_attributes()
    - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function
    - usb: cdnsp: fix for Link TRB with TC
    - ARM: dts: omap3-n900: correct the accelerometer orientation
    - arm64: dts: imx8mp-beacon-kit: Fix Stereo Audio on WM8962
    - arm64: dts: imx93: add nvmem property for fec1
    - arm64: dts: imx93: add nvmem property for eqos
    - arm64: dts: imx93: update default value for snps,clk-csr
    - arm64: dts: freescale: imx93-tqma9352: fix CMA alloc-ranges
    - arm64: dts: freescale: imx93-tqma9352-mba93xxla: fix typo
    - scsi: aacraid: Fix double-free on probe failure
    - apparmor: fix policy_unpack_test on big endian systems
    - mptcp: pr_debug: add missing \n at the end
    - mptcp: make pm_remove_addrs_and_subflows static
    - mptcp: pm: fix RM_ADDR ID for the initial subflow
    - mptcp: avoid duplicated SUB_CLOSED events
    - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict
    - drm/vmwgfx: Prevent unmapping active read buffers
    - drm/vmwgfx: Disable coherent dumb buffers without 3d
    - firmware/sysfb: Set firmware-framebuffer parent device
    - firmware/sysfb: Create firmware device only for enabled PCI devices
    - video/aperture: optionally match the device in sysfb_disable()
    - drm/xe: Prepare display for D3Cold
    - drm/xe/display: Make display suspend/resume work on discrete
    - drm/xe/vm: Simplify if condition
    - drm/xe/exec_queue: Rename xe_exec_queue::compute to xe_exec_queue::lr
    - drm/xe: prevent UAF around preempt fence
    - pinctrl: qcom: x1e80100: Update PDC hwirq map
    - ASoC: SOF: amd: move iram-dram fence register programming sequence
    - nfsd: ensure that nfsd4_fattr_args.context is zeroed out
    - backing-file: convert to using fops->splice_write
    - pinctrl: qcom: x1e80100: Fix special pin offsets
    - afs: Fix post-setattr file edit to do truncation correctly
    - netfs: Fix netfs_release_folio() to say no if folio dirty
    - netfs: Fix missing iterator reset on retry of short read
    - dmaengine: ti: omap-dma: Initialize sglen after allocation
    - pktgen: use cpus_read_lock() in pg_net_init()
    - net_sched: sch_fq: fix incorrect behavior for small weights
    - tcp: fix forever orphan socket caused by tcp_abort
    - drm/xe/hwmon: Fix WRITE_I1 param from u32 to u16
    - usb: typec: fsa4480: Relax CHIP_ID check
    - firmware: qcom: scm: Mark get_wq_ctx() as atomic call
    - usb: gadget: uvc: queue pump work in uvcg_video_enable()
    - usb: dwc3: xilinx: add missing depopulate in probe error path
    - usb: typec: ucsi: Move unregister out of atomic section
    - firmware: microchip: fix incorrect error report of programming:timeout on
      success
    - Upstream stable to v6.6.49, v6.10.8

* Fix blank screen on external display after reconnecting the USB type-C
    (LP: #2081786) // Noble update: upstream stable patchset 2024-10-11
    (LP: #2084225)
    - drm/i915/display: add intel_display -> drm_device backpointer
    - drm/i915/display: add generic to_intel_display() macro
    - drm/i915/dp_mst: Fix MST state after a sink reset

* Noble update: upstream stable patchset 2024-10-09 (LP: #2084005)
    - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
    - tty: atmel_serial: use the correct RTS flag.
    - Revert "ACPI: EC: Evaluate orphan _REG under EC device"
    - Revert "misc: fastrpc: Restrict untrusted app to attach to privileged PD"
    - Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
    - selinux: revert our use of vma_is_initial_heap()
    - fuse: Initialize beyond-EOF page contents before setting uptodate
    - char: xillybus: Don't destroy workqueue from work item running on it
    - char: xillybus: Refine workqueue handling
    - char: xillybus: Check USB endpoints when probing device
    - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
    - ALSA: usb-audio: Support Yamaha P-125 quirk entry
    - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
    - thunderbolt: Mark XDomain as unplugged when router is removed
    - ALSA: hda/tas2781: fix wrong calibrated data order
    - s390/dasd: fix error recovery leading to data corruption on ESE devices
    - KVM: s390: fix validity interception issue when gisa is switched off
    - riscv: change XIP's kernel_map.size to be size of the entire kernel
    - i2c: tegra: Do not mark ACPI devices as irq safe
    - ACPICA: Add a depth argument to acpi_execute_reg_methods()
    - ACPI: EC: Evaluate _REG outside the EC scope more carefully
    - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to
      NUMA_NO_NODE
    - dm resume: don't return EINVAL when signalled
    - dm persistent data: fix memory allocation failure
    - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64()
    - s390/cio: rename bitmap_size() -> idset_bitmap_size()
    - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits()
    - bitmap: introduce generic optimized bitmap_size()
    - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
    - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
    - rtla/osnoise: Prevent NULL dereference in error handling
    - net: mana: Fix RX buf alloc_size alignment and atomic op panic
    - net: mana: Fix doorbell out of order violation and avoid unnecessary
      doorbell rings
    - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
    - selinux: fix potential counting error in avc_add_xperms_decision()
    - selinux: add the processing of the failure of avc_add_xperms_decision()
    - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
    - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type
    - btrfs: zoned: properly take lock to read/update block group's zoned
      variables
    - btrfs: tree-checker: add dev extent item checks
    - drm/amdgpu: Actually check flags for all context ops.
    - memcg_write_event_control(): fix a user-triggerable oops
    - drm/amdgpu/jpeg2: properly set atomics vmid field
    - drm/amdgpu/jpeg4: properly set atomics vmid field
    - s390/uv: Panic for set and remove shared access UVC errors
    - bpf: Fix updating attached freplace prog in prog_array map
    - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer
    - igc: Fix qbv_config_change_errors logics
    - igc: Fix reset adapter logics when tx mode change
    - net/mlx5e: Take state lock during tx timeout reporter
    - net/mlx5e: Correctly report errors for ethtool rx flows
    - net: axienet: Fix register defines comment description
    - net: dsa: vsc73xx: pass value in phy_write operation
    - net: dsa: vsc73xx: use read_poll_timeout instead delay loop
    - net: dsa: vsc73xx: check busy flag in MDIO operations
    - net: ethernet: mtk_wed: fix use-after-free panic in
      mtk_wed_setup_tc_block_cb()
    - mlxbf_gige: disable RX filters until RX path initialized
    - mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size
    - tcp: Update window clamping condition
    - netfilter: allow ipv6 fragments to arrive on different devices
    - netfilter: flowtable: initialise extack before use
    - netfilter: nf_queue: drop packets with cloned unconfirmed conntracks
    - netfilter: nf_tables: Audit log dump reset after the fact
    - netfilter: nf_tables: Introduce nf_tables_getobj_single
    - netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
    - vsock: fix recursive ->recvmsg calls
    - selftests: net: lib: ignore possible errors
    - selftests: net: lib: kill PIDs before del netns
    - net: hns3: fix wrong use of semaphore up
    - net: hns3: use the user's cfg after reset
    - net: hns3: fix a deadlock problem when config TC during resetting
    - gpio: mlxbf3: Support shutdown() function
    - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7
    - rust: work around `bindgen` 0.69.0 issue
    - rust: suppress error messages from CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT
    - rust: fix the default format for CONFIG_{RUSTC,BINDGEN}_VERSION_TEXT
    - cpu/SMT: Enable SMT only if a core is online
    - powerpc/topology: Check if a core is online
    - arm64: Fix KASAN random tag seed initialization
    - block: Fix lockdep warning in blk_mq_mark_tag_wait
    - wifi: ath12k: Add missing qmi_txn_cancel() calls
    - quota: Remove BUG_ON from dqget()
    - riscv: blacklist assembly symbols for kprobe
    - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
    - media: pci: cx23885: check cx23885_vdev_init() return
    - fs: binfmt_elf_efpic: don't use missing interpreter's properties
    - scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list()
    - media: drivers/media/dvb-core: copy user arrays safely
    - wifi: iwlwifi: mvm: avoid garbage iPN
    - net/sun3_82586: Avoid reading past buffer in debug output
    - drm/lima: set gp bus_stop bit before hard reset
    - gpio: sysfs: extend the critical section for unregistering sysfs devices
    - hrtimer: Select housekeeping CPU during migration
    - virtiofs: forbid newlines in tags
    - accel/habanalabs: fix debugfs files permissions
    - clocksource/drivers/arm_global_timer: Guard against division by zero
    - tick: Move got_idle_tick away from common flags
    - netlink: hold nlk->cb_mutex longer in __netlink_dump_start()
    - md: clean up invalid BUG_ON in md_ioctl
    - x86: Increase brk randomness entropy for 64-bit systems
    - memory: stm32-fmc2-ebi: check regmap_read return value
    - parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367
    - rxrpc: Don't pick values out of the wire header when setting up security
    - f2fs: stop checkpoint when get a out-of-bounds segment
    - powerpc/boot: Handle allocation failure in simple_realloc()
    - powerpc/boot: Only free if realloc() succeeds
    - btrfs: delayed-inode: drop pointless BUG_ON in __btrfs_remove_delayed_item()
    - btrfs: defrag: change BUG_ON to assertion in btrfs_defrag_leaves()
    - btrfs: change BUG_ON to assertion when checking for delayed_node root
    - btrfs: push errors up from add_async_extent()
    - btrfs: handle invalid root reference found in may_destroy_subvol()
    - btrfs: send: handle unexpected data in header buffer in begin_cmd()
    - btrfs: send: handle unexpected inode in header process_recorded_refs()
    - btrfs: change BUG_ON to assertion in tree_move_down()
    - btrfs: delete pointless BUG_ON check on quota root in
      btrfs_qgroup_account_extent()
    - f2fs: fix to do sanity check in update_sit_entry
    - usb: gadget: fsl: Increase size of name buffer for endpoints
    - nvme: clear caller pointer on identify failure
    - Bluetooth: bnep: Fix out-of-bound access
    - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
    - rtc: nct3018y: fix possible NULL dereference
    - net: hns3: add checking for vf id of mailbox
    - nvmet-tcp: do not continue for invalid icreq
    - NFS: avoid infinite loop in pnfs_update_layout.
    - openrisc: Call setup_memory() earlier in the init sequence
    - s390/iucv: fix receive buffer virtual vs physical address confusion
    - irqchip/renesas-rzg2l: Do not set TIEN and TINT source at the same time
    - platform/x86: lg-laptop: fix %s null argument warning
    - usb: dwc3: core: Skip setting event buffers for host only controllers
    - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc
    - ext4: set the type of max_zeroout to unsigned int to avoid overflow
    - nvmet-rdma: fix possible bad dereference when freeing rsps
    - selftests/bpf: Fix a few tests for GCC related warnings.
    - Revert "bpf, sockmap: Prevent lock inversion deadlock in map delete elem"
    - nvme: use srcu for iterating namespace list
    - drm/amdgpu: fix dereference null return value for the function
      amdgpu_vm_pt_parent
    - hrtimer: Prevent queuing of hrtimer without a function callback
    - nvme: fix namespace removal list
    - gtp: pull network headers in gtp_dev_xmit()
    - riscv: entry: always initialize regs->a0 to -ENOSYS
    - smb3: fix lock breakage for cached writes
    - dm suspend: return -ERESTARTSYS instead of -EINTR
    - selftests: memfd_secret: don't build memfd_secret test on unsupported arches
    - mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order
      fallback to order 0
    - btrfs: send: allow cloning non-aligned extent if it ends at i_size
    - drm/amd/amdgpu: command submission parser for JPEG
    - platform/surface: aggregator: Fix warning when controller is destroyed in
      probe
    - ALSA: hda/tas2781: Use correct endian conversion
    - Bluetooth: hci_core: Fix LE quote calculation
    - Bluetooth: SMP: Fix assumption of Central always being Initiator
    - net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and
      register injection
    - net: mscc: ocelot: fix QoS class for injected packets with "ocelot-8021q"
    - net: mscc: ocelot: serialize access to the injection/extraction groups
    - tc-testing: don't access non-existent variable on exception
    - selftests: udpgro: report error when receive failed
    - tcp/dccp: bypass empty buckets in inet_twsk_purge()
    - tcp/dccp: do not care about families in inet_twsk_purge()
    - tcp: prevent concurrent execution of tcp_sk_exit_batch
    - net: mctp: test: Use correct skb for route input check
    - kcm: Serialise kcm_sendmsg() for the same socket.
    - netfilter: nft_counter: Disable BH in nft_counter_offload_stats().
    - netfilter: nft_counter: Synchronize nft_counter_reset() against reader.
    - ip6_tunnel: Fix broken GRO
    - bonding: fix bond_ipsec_offload_ok return type
    - bonding: fix null pointer deref in bond_ipsec_offload_ok
    - bonding: fix xfrm real_dev null pointer dereference
    - bonding: fix xfrm state handling when clearing active slave
    - ice: fix page reuse when PAGE_SIZE is over 8k
    - ice: fix ICE_LAST_OFFSET formula
    - ice: fix truesize operations for PAGE_SIZE >= 8192
    - dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp()
    - igb: cope with large MAX_SKB_FRAGS
    - net: dsa: mv88e6xxx: Fix out-of-bound access
    - udp: fix receiving fraglist GSO packets
    - ipv6: fix possible UAF in ip6_finish_output2()
    - ipv6: prevent possible UAF in ip6_xmit()
    - bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
    - netfilter: flowtable: validate vlan header
    - octeontx2-af: Fix CPT AF register offset calculation
    - net: xilinx: axienet: Always disable promiscuous mode
    - net: xilinx: axienet: Fix dangling multicast addresses
    - net: ovs: fix ovs_drop_reasons error
    - drm/msm/dpu: don't play tricks with debug macros
    - drm/msm/dp: fix the max supported bpp logic
    - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions
    - drm/msm/dpu: capture snapshot on the first commit_done timeout
    - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()
    - drm/msm/dp: reset the link phy params before link training
    - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
    - drm/msm/dpu: take plane rotation into account for wide planes
    - drm/msm: fix the highest_bank_bit for sc7180
    - mmc: mmc_test: Fix NULL dereference on allocation failure
    - Bluetooth: MGMT: Add error handling to pair_device()
    - scsi: core: Fix the return value of scsi_logical_block_count()
    - ksmbd: the buffer of smb2 query dir response has at least 1 byte
    - drm/amdgpu: Validate TA binary size
    - net: dsa: microchip: fix PTP config failure when using multiple ports
    - MIPS: Loongson64: Set timer mode in cpu-probe
    - HID: wacom: Defer calculation of resolution until resolution_code is known
    - Input: i8042 - add forcenorestore quirk to leave controller untouched even
      on s3
    - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk
      combination
    - cxgb4: add forgotten u64 ivlan cast before shift
    - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
    - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail
    - mmc: dw_mmc: allow biu and ciu clocks to defer
    - smb3: fix broken cached reads when posix locks
    - pmdomain: imx: scu-pd: Remove duplicated clocks
    - pmdomain: imx: wait SSAR when i.MX93 power domain on
    - nouveau/firmware: use dma non-coherent allocator
    - mptcp: pm: re-using ID of unused removed ADD_ADDR
    - mptcp: pm: re-using ID of unused removed subflows
    - mptcp: pm: re-using ID of unused flushed subflows
    - mptcp: pm: remove mptcp_pm_remove_subflow()
    - mptcp: pm: only mark 'subflow' endp as available
    - mptcp: pm: only decrement add_addr_accepted for MPJ req
    - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR
    - mptcp: pm: only in-kernel cannot have entries with ID 0
    - mptcp: pm: fullmesh: select the right ID later
    - mptcp: pm: avoid possible UaF when selecting endp
    - selftests: mptcp: join: validate fullmesh endp on 1st sf
    - selftests: mptcp: join: restrict fullmesh endp on 1st sf
    - selftests: mptcp: join: check re-using ID of closed subflow
    - tcp: do not export tcp_twsk_purge()
    - drm/msm/mdss: specify cfg bandwidth for SDM670
    - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels
    - igc: Fix qbv tx latency by setting gtxoffset
    - ALSA: timer: Relax start tick time check for slave timer elements
    - bpf: Fix a kernel verifier crash in stacksafe()
    - selftests/bpf: Add a test to verify previous stacksafe() fix
    - Revert "s390/dasd: Establish DMA alignment"
    - Input: MT - limit max slots
    - tools: move alignment-related macros to new <linux/align.h>
    - Revert "serial: 8250_omap: Set the console genpd always on if no console
      suspend"
    - usb: misc: ljca: Add Lunar Lake ljca GPIO HID to ljca_gpio_hids[]
    - usb: xhci: Check for xhci->interrupters being allocated in
      xhci_mem_clearup()
    - vfs: Don't evict inode under the inode lru traversing context
    - tracing: Return from tracing_buffers_read() if the file has been closed
    - mm: fix endless reclaim on machines with unaccepted memory
    - fs/netfs/fscache_cookie: add missing "n_accesses" check
    - mm/numa: no task_numa_fault() call if PMD is changed
    - mm/numa: no task_numa_fault() call if PTE is changed
    - btrfs: check delayed refs when we're checking if a ref exists
    - drm/amd/display: Adjust cursor position
    - drm/amd/display: fix s2idle entry for DCN3.5+
    - drm/amd/display: Enable otg synchronization logic for DCN321
    - drm/amd/display: fix cursor offset on rotation 180
    - netfs: Fault in smaller chunks for non-large folio mappings
    - libfs: fix infinite directory reads for offset dir
    - kallsyms: Avoid weak references for kallsyms symbols
    - kbuild: avoid unneeded kallsyms step 3
    - kbuild: refactor variables in scripts/link-vmlinux.sh
    - kbuild: remove PROVIDE() for kallsyms symbols
    - kallsyms: get rid of code for absolute kallsyms
    - [Config] Remove CONFIG_KALLSYMS_BASE_RELATIVE
    - kallsyms: Do not cleanup .llvm.<hash> suffix before sorting symbols
    - bpf: Replace deprecated strncpy with strscpy
    - kallsyms: replace deprecated strncpy with strscpy
    - kallsyms: rework symbol lookup return codes
    - kallsyms: Match symbols exactly with CONFIG_LTO_CLANG
    - drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`
    - drm/amd/display: Don't register panel_power_savings on OLED panels
    - wifi: ath12k: use 128 bytes aligned iova in transmit path for WCN7850
    - kbuild: merge temporary vmlinux for BTF and kallsyms
    - kbuild: avoid scripts/kallsyms parsing /dev/null
    - Bluetooth: HCI: Invert LE State quirk to be opt-out rather then opt-in
    - net/mlx5: Fix IPsec RoCE MPV trace call
    - selftests: udpgro: no need to load xdp for gro
    - ice: use internal pf id instead of function number
    - drm/msm/dpu: limit QCM2290 to RGB formats only
    - drm/msm/dpu: relax YUV requirements
    - spi: spi-cadence-quadspi: Fix OSPI NOR failures during system resume
    - drm/xe/display: stop calling domains_driver_remove twice
    - drm/xe: Fix opregion leak
    - drm/xe/mmio: move mmio_fini over to devm
    - drm/xe: reset mmio mappings with devm
    - drm/xe: Fix tile fini sequence
    - drm/xe: Fix missing workqueue destroy in xe_gt_pagefault
    - drm/xe: Free job before xe_exec_queue_put
    - thermal/debugfs: Fix the NULL vs IS_ERR() confusion in debugfs_create_dir()
    - nvme: move stopping keep-alive into nvme_uninit_ctrl()
    - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1
    - s390/ap: Refine AP bus bindings complete processing
    - net: ngbe: Fix phy mode set to external phy
    - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace()
    - cgroup/cpuset: fix panic caused by partcmd_update
    - cgroup/cpuset: Clear effective_xcpus on cpus_allowed clearing only if
      cpus.exclusive not set
    - of: Introduce for_each_*_child_of_node_scoped() to automate of_node_put()
      handling
    - thermal: of: Fix OF node leak in thermal_of_trips_init() error path
    - thermal: of: Fix OF node leak in thermal_of_zone_register()
    - thermal: of: Fix OF node leak in of_thermal_zone_find() error paths
    - Upstream stable to v6.6.48, v6.10.7

* Unable to list directories using CIFS on 6.8 kernel (LP: #2082423) // Noble
    update: upstream stable patchset 2024-10-09 (LP: #2084005)
    - smb: client: ignore unhandled reparse tags

* CVE-2024-46759
    - hwmon: (adc128d818) Fix underflows seen when writing limit attributes

* CVE-2024-46758
    - hwmon: (lm95234) Fix underflows seen when writing limit attributes

* CVE-2024-46756
    - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

* CVE-2024-46738
    - VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

* CVE-2024-46722
    - drm/amdgpu: fix mc_data out-of-bounds read warning

* LXD fan bridge causes blocked tasks (LP: #2064176)
    - SAUCE: fan: release rcu_read_lock on skb discard path
    - SAUCE: fan: fix racy device stat update

* x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range (LP: #2081863)
    - x86/CPU/AMD: Add models 0x60-0x6f to the Zen5 range

* UBSAN: array-index-out-of-bounds in module mt76 (LP: #2081785)
    - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc

* The system hangs after resume with thunderbolt monitor(AMD GPU [1002:1900])
    (LP: #2083182)
    - SAUCE: drm/amd/display: Fix system hang while resume with TBT monitor

* [SRU] GPU: support additional device ids for DG2 driver (LP: #2083701)
    - drm/i915: Add new PCI IDs to DG2 platform in driver

* [SRU]Intel Arrow Lake IBECC feature backport request for ubuntu 22.04.5 and
    24.04.1 server (LP: #2077861)
    - EDAC/igen6: Add Intel Arrow Lake-U/H SoCs support

* Noble update: upstream stable patchset 2024-10-07 (LP: #2083794)
    - ASoC: topology: Clean up route loading
    - ASoC: topology: Fix route memory corruption
    - LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h
    - sunrpc: don't change ->sv_stats if it doesn't exist
    - nfsd: stop setting ->pg_stats for unused stats
    - sunrpc: pass in the sv_stats struct through svc_create_pooled
    - sunrpc: remove ->pg_stats from svc_program
    - nfsd: remove nfsd_stats, make th_cnt a global counter
    - nfsd: make svc_stat per-network namespace instead of global
    - mm: gup: stop abusing try_grab_folio
    - nvme/pci: Add APST quirk for Lenovo N60z laptop
    - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity
    - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails
    - quota: Detect loops in quota tree
    - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
    - fs: Annotate struct file_handle with __counted_by() and use struct_size()
    - mISDN: fix MISDN_TIME_STAMP handling
    - mm/page_table_check: support userfault wr-protect entries
    - bpf, net: Use DEV_STAT_INC()
    - f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
    - f2fs: fix to cover read extent cache access with lock
    - fou: remove warn in gue_gro_receive on unsupported protocol
    - jfs: fix null ptr deref in dtInsertEntry
    - jfs: Fix shift-out-of-bounds in dbDiscardAG
    - fs/ntfs3: Do copy_to_user out of run_lock
    - ALSA: usb: Fix UBSAN warning in parse_audio_unit()
    - binfmt_flat: Fix corruption when not offsetting data start
    - mm/debug_vm_pgtable: drop RANDOM_ORVALUE trick
    - KVM: arm64: Don't defer TLB invalidation when zapping table entries
    - KVM: arm64: Don't pass a TLBI level hint when zapping table entries
    - drm/amd/display: Defer handling mst up request in resume
    - drm/amd/display: Guard cursor idle reallow by DC debug option
    - drm/amd/display: Separate setting and programming of cursor
    - drm/amd/display: Prevent IPX From Link Detect and Set Mode
    - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value
    - platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled
    - platform/x86: ideapad-laptop: introduce a generic notification chain
    - platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc
    - platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands
    - drm/amd/display: Solve mst monitors blank out problem after resume
    - drm/amdgpu/display: Fix null pointer dereference in
      dc_stream_program_cursor_position
    - Upstream stable to v6.6.47, v6.10.6

* Noble update: upstream stable patchset 2024-10-04 (LP: #2083656)
    - irqchip/mbigen: Fix mbigen node address layout
    - platform/x86/intel/ifs: Initialize union ifs_status to zero
    - jump_label: Fix the fix, brown paper bags galore
    - x86/mm: Fix pti_clone_pgtable() alignment assumption
    - x86/mm: Fix pti_clone_entry_text() for i386
    - smb: client: move most of reparse point handling code to common file
    - smb: client: set correct d_type for reparse DFS/DFSR and mount point
    - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support
    - sctp: Fix null-ptr-deref in reuseport_add_sock().
    - net: usb: qmi_wwan: fix memory leak for not ip packets
    - net: bridge: mcast: wait for previous gc cycles when removing port
    - net: linkwatch: use system_unbound_wq
    - ice: Fix reset handler
    - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
    - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv
      monitor
    - net/smc: add the max value of fallback reason count
    - net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
    - l2tp: fix lockdep splat
    - net: bcmgenet: Properly overlay PHY and MAC Wake-on-LAN capabilities
    - net: fec: Stop PPS on driver remove
    - gpio: prevent potential speculation leaks in gpio_device_get_desc()
    - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu
    - rcutorture: Fix rcu_torture_fwd_cb_cr() data race
    - md: do not delete safemode_timer in mddev_suspend
    - md/raid5: avoid BUG_ON() while continue reshape after reassembling
    - block: change rq_integrity_vec to respect the iterator
    - rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation
    - clocksource/drivers/sh_cmt: Address race condition for clock events
    - ACPI: battery: create alarm sysfs attribute atomically
    - ACPI: SBS: manage alarm sysfs attribute through psy core
    - xen: privcmd: Switch from mutex to spinlock for irqfds
    - wifi: nl80211: disallow setting special AP channel widths
    - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup()
    - net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
    - selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT
    - af_unix: Don't retry after unix_state_lock_nested() in
      unix_stream_connect().
    - PCI: Add Edimax Vendor ID to pci_ids.h
    - udf: prevent integer overflow in udf_bitmap_free_blocks()
    - wifi: nl80211: don't give key data to userspace
    - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index
      erratum
    - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of
      mcp2518fd
    - net: stmmac: qcom-ethqos: enable SGMII loopback during DMA reset on
      sa8775p-ride-r3
    - btrfs: do not clear page dirty inside extent_write_locked_range()
    - btrfs: fix invalid mapping of extent xarray state
    - btrfs: fix bitmap leak when loading free space cache on duplicate entry
    - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver
      unloading
    - drm/amd/display: Add delay to improve LTTPR UHBR interop
    - drm/amdgpu: fix potential resource leak warning
    - drm/amdgpu/pm: Fix the param type of set_power_profile_mode
    - drm/amdgpu/pm: Fix the null pointer dereference for smu7
    - drm/amdgpu: Fix the null pointer dereference to ras_manager
    - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
    - drm/admgpu: fix dereferencing null pointer context
    - drm/amdgpu: Add lock around VF RLCG interface
    - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
    - media: amphion: Remove lock in s_ctrl callback
    - drm/amd/display: Add null checker before passing variables
    - media: uvcvideo: Ignore empty TS packets
    - media: uvcvideo: Fix the bandwdith quirk on USB 3.x
    - media: xc2028: avoid use-after-free in load_firmware_cb()
    - ext4: fix uninitialized variable in ext4_inlinedir_to_tree
    - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
    - s390/sclp: Prevent release of buffer in I/O
    - SUNRPC: Fix a race to wake a sync task
    - profiling: remove profile=sleep support
    - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
    - irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to
      'raw_spinlock_t'
    - irqchip/loongarch-cpu: Fix return value of lpic_gsi_to_irq()
    - sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime
    - net: drop bad gso csum_start and offset in virtio_net_hdr
    - arm64: Add Neoverse-V2 part
    - arm64: barrier: Restore spec_bar() macro
    - arm64: cputype: Add Cortex-X4 definitions
    - arm64: cputype: Add Neoverse-V3 definitions
    - arm64: errata: Add workaround for Arm errata 3194386 and 3312417
    - arm64: cputype: Add Cortex-X3 definitions
    - arm64: cputype: Add Cortex-A720 definitions
    - arm64: cputype: Add Cortex-X925 definitions
    - arm64: errata: Unify speculative SSBS errata logic
    - [Config] Set ARM64_ERRATUM_3194386=y
    - arm64: errata: Expand speculative SSBS workaround
    - arm64: cputype: Add Cortex-X1C definitions
    - arm64: cputype: Add Cortex-A725 definitions
    - arm64: errata: Expand speculative SSBS workaround (again)
    - i2c: smbus: Improve handling of stuck alerts
    - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
    - ASoC: codecs: wsa881x: Correct Soundwire ports mask
    - ASoC: codecs: wsa883x: parse port-mapping information
    - ASoC: codecs: wsa883x: Correct Soundwire ports mask
    - ASoC: codecs: wsa884x: parse port-mapping information
    - ASoC: codecs: wsa884x: Correct Soundwire ports mask
    - ASoC: sti: add missing probe entry for player and reader
    - spi: spidev: Add missing spi_device_id for bh2228fv
    - ASoC: SOF: Remove libraries from topology lookups
    - i2c: smbus: Send alert notifications to all devices if source not found
    - bpf: kprobe: remove unused declaring of bpf_kprobe_override
    - kprobes: Fix to check symbol prefixes correctly
    - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume
    - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
    - spi: spi-fsl-lpspi: Fix scldiv calculation
    - ALSA: usb-audio: Re-add ScratchAmp quirk entries
    - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
    - cifs: cifs_inval_name_dfs_link_error: correct the check for fullpath
    - module: warn about excessively long module waits
    - module: make waiting for a concurrent module loader interruptible
    - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
    - drm/amd/display: Skip Recompute DSC Params if no Stream on Link
    - drm/amdgpu: Forward soft recovery errors to userspace
    - drm/i915/gem: Adjust vma offset for framebuffer mmap offset
    - drm/client: fix null pointer dereference in drm_client_modeset_probe
    - ALSA: line6: Fix racy access to midibuf
    - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
    - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks
    - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
    - usb: vhci-hcd: Do not drop references before new references are gained
    - USB: serial: debug: do not echo input by default
    - usb: gadget: core: Check for unset descriptor
    - usb: gadget: midi2: Fix the response for FB info with block 0xff
    - usb: gadget: u_serial: Set start_delayed during suspend
    - usb: gadget: u_audio: Check return codes from usb_ep_enable and
      config_ep_by_speed.
    - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES
    - scsi: ufs: core: Do not set link to OFF state while waking up from
      hibernation
    - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
    - tick/broadcast: Move per CPU pointer access into the atomic section
    - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
    - ntp: Clamp maxerror and esterror to operating range
    - clocksource: Scale the watchdog read retries automatically
    - clocksource: Fix brown-bag boolean thinko in cs_watchdog_read()
    - driver core: Fix uevent_show() vs driver detach race
    - tracefs: Fix inode allocation
    - tracefs: Use generic inode RCU for synchronizing freeing
    - ntp: Safeguard against time_constant overflow
    - timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex()
    - serial: core: check uartclk for zero to avoid divide by zero
    - memcg: protect concurrent access to mem_cgroup_idr
    - parisc: fix unaligned accesses in BPF
    - parisc: fix a possible DMA corruption
    - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx
    - kcov: properly check for softirq context
    - irqchip/xilinx: Fix shift out of bounds
    - genirq/irqdesc: Honor caller provided affinity in alloc_desc()
    - LoongArch: Enable general EFI poweroff method
    - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up
    - power: supply: axp288_charger: Fix constant_charge_voltage writes
    - power: supply: axp288_charger: Round constant_charge_voltage writes down
    - tracing: Fix overflow in get_free_elt()
    - padata: Fix possible divide-by-0 panic in padata_mt_helper()
    - smb3: fix setting SecurityFlags when encryption is required
    - eventfs: Don't return NULL in eventfs_create_dir()
    - eventfs: Use SRCU for freeing eventfs_inodes
    - selftests: mm: add s390 to ARCH check
    - btrfs: avoid using fixed char array size for tree names
    - x86/paravirt: Fix incorrect virt spinlock setting on bare metal
    - x86/mtrr: Check if fixed MTRRs exist before saving them
    - sched/smt: Introduce sched_smt_present_inc/dec() helper
    - sched/smt: Fix unbalance sched_smt_present dec/inc
    - sched/core: Introduce sched_set_rq_on/offline() helper
    - sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate()
    - drm/bridge: analogix_dp: properly handle zero sized AUX transactions
    - drm/dp_mst: Skip CSN if topology probing is not done yet
    - drm/lima: Mark simple_ondemand governor as softdep
    - drm/mgag200: Set DDC timeout in milliseconds
    - drm/mgag200: Bind I2C lifetime to DRM device
    - drm/radeon: Remove __counted_by from StateArray.states[]
    - mptcp: fully established after ADD_ADDR echo on MPJ
    - mptcp: pm: deny endp with signal + subflow + port
    - block: use the right type for stub rq_integrity_vec()
    - btrfs: fix corruption after buffer fault in during direct IO append write
    - tools headers arm64: Sync arm64's cputype.h with the kernel sources
    - mm/hugetlb: fix potential race in __update_and_free_hugetlb_folio()
    - xfs: fix log recovery buffer allocation for the legacy h_size fixup
    - mptcp: pm: reduce indentation blocks
    - mptcp: pm: don't try to create sf if alloc failed
    - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set
    - selftests: mptcp: join: ability to invert ADD_ADDR check
    - selftests: mptcp: join: test both signal & subflow
    - Revert "selftests: mptcp: simult flows: mark 'unbalanced' tests as flaky"
    - btrfs: fix double inode unlock for direct IO sync writes
    - perf/x86/intel/cstate: Switch to new Intel CPU model defines
    - perf/x86/intel/cstate: Add Arrowlake support
    - perf/x86/intel/cstate: Add Lunarlake support
    - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest
    - platform/x86: intel-vbtn: Protect ACPI notify handler against recursion
    - perf/x86/amd: Use try_cmpxchg() in events/amd/{un,}core.c
    - perf/x86/intel: Support the PEBS event mask
    - perf/x86: Support counter mask
    - perf/x86: Fix smp_processor_id()-in-preemptible warnings
    - virtio-net: unbreak vq resizing when coalescing is not negotiated
    - net: dsa: microchip: Fix Wake-on-LAN check to not return an error
    - net: dsa: microchip: disable EEE for KSZ8567/KSZ9567/KSZ9896/KSZ9897.
    - regmap: kunit: Use a KUnit action to call regmap_exit()
    - regmap: kunit: Replace a kmalloc/kfree() pair with KUnit-managed alloc
    - regmap: kunit: Fix memory leaks in gen_regmap() and gen_raw_regmap()
    - debugobjects: Annotate racy debug variables
    - nvme: apple: fix device reference counting
    - cpufreq: amd-pstate: Allow users to write 'default' EPP string
    - cpufreq: amd-pstate: auto-load pstate driver by default
    - soc: qcom: icc-bwmon: Allow for interrupts to be shared across instances
    - ACPI: resource: Skip IRQ override on Asus Vivobook Pro N6506MU
    - ACPI: resource: Skip IRQ override on Asus Vivobook Pro N6506MJ
    - thermal: intel: hfi: Give HFI instances package scope
    - wifi: ath12k: fix race due to setting ATH12K_FLAG_EXT_IRQ_ENABLED too early
    - wifi: rtlwifi: handle return value of usb init TX/RX
    - wifi: rtw89: pci: fix RX tag race condition resulting in wrong RX length
    - wifi: mac80211: fix NULL dereference at band check in starting tx ba session
    - bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory
      accesses
    - mlxsw: pci: Lock configuration space of upstream bridge during reset
    - btrfs: do not BUG_ON() when freeing tree block after error
    - btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info()
    - btrfs: fix data race when accessing the last_trans field of a root
    - drm/xe/preempt_fence: enlarge the fence critical section
    - drm/amd/display: Handle HPD_IRQ for internal link
    - drm/amd/amdkfd: Fix a resource leak in svm_range_validate_and_map()
    - drm/xe/xe_guc_submit: Fix exec queue stop race condition
    - drm/amd/display: Add null checks for 'stream' and 'plane' before
      dereferencing
    - drm/amd/display: Wake DMCUB before sending a command for replay feature
    - drm/amd/display: reduce ODM slice count to initial new dc state only when
      needed
    - of: Add cleanup.h based auto release via __free(device_node) markings
    - media: i2c: ov5647: replacing of_node_put with __free(device_node)
    - drm/amd/display: Fix null pointer deref in dcn20_resource.c
    - ext4: sanity check for NULL pointer after ext4_force_shutdown
    - mm, slub: do not call do_slab_free for kfence object
    - ASoC: cs35l56: Revert support for dual-ownership of ASP registers
    - drm/atomic: allow no-op FB_ID updates for async flips
    - drm/amd/display: Replace dm_execute_dmub_cmd with
      dc_wake_and_execute_dmub_cmd
    - drm/xe/rtp: Fix off-by-one when processing rules
    - drm/xe: Use dma_fence_chain_free in chain fence unused as a sync
    - drm/xe/hwmon: Fix PL1 disable flow in xe_hwmon_power_max_write
    - drm/xe: Move lrc snapshot capturing to xe_lrc.c
    - drm/xe: Minor cleanup in LRC handling
    - drm/test: fix the gem shmem test to map the sg table.
    - usb: typec: pd: no opencoding of FIELD_GET
    - usb: typec: fsa4480: Check if the chip is really there
    - PM: runtime: Simplify pm_runtime_get_if_active() usage
    - scsi: ufs: core: Fix deadlock during RTC update
    - serial: sc16is7xx: fix invalid FIFO access with special register set
    - tracing: Have format file honor EVENT_FILE_FL_FREED
    - mm: list_lru: fix UAF for memory cgroup
    - net/tcp: Disable TCP-AO static key after RCU grace period
    - Revert "drm/amd/display: Handle HPD_IRQ for internal link"
    - idpf: fix memleak in vport interrupt configuration
    - drm/amd/display: Add null check in resource_log_pipe_topology_update
    - Upstream stable to v6.6.46, v6.10.5

* Noble update: upstream stable patchset 2024-10-02 (LP: #2083488)
    - sysctl: allow change system v ipc sysctls inside ipc namespace
    - sysctl: allow to change limits for posix messages queues
    - sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)
    - ext4: factor out a common helper to query extent map
    - ext4: check the extent status again before inserting delalloc block
    - leds: trigger: Store brightness set by led_trigger_event()
    - leds: trigger: Call synchronize_rcu() before calling trig->activate()
    - KVM: VMX: Move posted interrupt descriptor out of VMX code
    - fbdev/vesafb: Replace references to global screen_info by local pointer
    - video: Add helpers for decoding screen_info
    - [Config] Update CONFIG_SCREEN_INFO
    - video: Provide screen_info_get_pci_dev() to find screen_info's PCI device
    - firmware/sysfb: Update screen_info for relocated EFI framebuffers
    - mm: page_alloc: control latency caused by zone PCP draining
    - mm/page_alloc: fix pcp->count race between drain_pages_zone() vs
      __rmqueue_pcplist()
    - f2fs: fix to avoid use SSR allocate when do defragment
    - f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid
    - dmaengine: fsl-edma: add address for channel mux register in fsl_edma_chan
    - dmaengine: fsl-edma: add i.MX8ULP edma support
    - perf: imx_perf: fix counter start and config sequence
    - MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a
    - MIPS: dts: loongson: Fix liointc IRQ polarity
    - MIPS: dts: loongson: Fix ls2k1000-rtc interrupt
    - ARM: 9406/1: Fix callchain_trace() return value
    - HID: amd_sfh: Move sensor discovery before HID device initialization
    - perf tool: fix dereferencing NULL al->maps
    - drm/nouveau: prime: fix refcount underflow
    - drm/vmwgfx: Fix overlay when using Screen Targets
    - drm/vmwgfx: Trigger a modeset when the screen moves
    - sched: act_ct: take care of padding in struct zones_ht_key
    - wifi: cfg80211: fix reporting failed MLO links status with
      cfg80211_connect_done
    - net: phy: realtek: add support for RTL8366S Gigabit PHY
    - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode
    - Bluetooth: btintel: Fail setup on error
    - Bluetooth: hci_sync: Fix suspending with wrong filter policy
    - tcp: annotate data-races around tp->window_clamp
    - tcp: Adjust clamping window for applications specifying SO_RCVBUF
    - net: axienet: start napi before enabling Rx/Tx
    - rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in
      rtnl_dellink().
    - i915/perf: Remove code to update PWR_CLK_STATE for gen12
    - ice: respect netif readiness in AF_XDP ZC related ndo's
    - ice: don't busy wait for Rx queue disable in ice_qp_dis()
    - ice: replace synchronize_rcu with synchronize_net
    - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog
    - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro
    - net: mvpp2: Don't re-use loop iterator
    - net: phy: micrel: Fix the KSZ9131 MDI-X status issue
    - ALSA: hda: Conditionally use snooping for AMD HDMI
    - netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
    - netfilter: iptables: Fix potential null-ptr-deref in
      ip6table_nat_table_init().
    - net/mlx5: Always drain health in shutdown callback
    - net/mlx5: Fix error handling in irq_pool_request_irq
    - net/mlx5: Lag, don't use the hardcoded value of the first port
    - net/mlx5: Fix missing lock on sync reset reload
    - net/mlx5e: Require mlx5 tc classifier action support for IPsec prio
      capability
    - net/mlx5e: Fix CT entry update leaks of modify header context
    - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys
    - igc: Fix double reset adapter triggered from a single taprio cmd
    - ipv6: fix ndisc_is_useropt() handling for PIO
    - perf: riscv: Fix selecting counters in legacy mode
    - riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
    - riscv: Fix linear mapping checks for non-contiguous memory regions
    - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs
    - rust: SHADOW_CALL_STACK is incompatible with Rust
    - platform/chrome: cros_ec_proto: Lock device when updating MKBP version
    - HID: wacom: Modify pen IDs
    - btrfs: zoned: fix zone_unusable accounting on making block group read-write
      again
    - btrfs: do not subtract delalloc from avail bytes
    - protect the fetch of ->fd[fd] in do_dup2() from mispredictions
    - mptcp: sched: check both directions for backup
    - ALSA: usb-audio: Correct surround channels in UAC1 channel map
    - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
    - ALSA: seq: ump: Optimize conversions from SysEx to UMP
    - Revert "ALSA: firewire-lib: obsolete workqueue for period update"
    - Revert "ALSA: firewire-lib: operate for period elapse event in process
      context"
    - drm/vmwgfx: Fix a deadlock in dma buf fence polling
    - drm/virtio: Fix type of dma-fence context variable
    - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()
    - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
    - r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
    - mptcp: fix user-space PM announced address accounting
    - mptcp: distinguish rcv vs sent backup flag in requests
    - mptcp: fix NL PM announced address accounting
    - mptcp: mib: count MPJ with backup flag
    - mptcp: fix bad RCVPRUNED mib accounting
    - mptcp: pm: only set request_bkup flag when sending MP_PRIO
    - mptcp: fix duplicate data handling
    - selftests: mptcp: always close input's FD if opened
    - selftests: mptcp: join: validate backup in MPJ
    - selftests: mptcp: join: check backup support in signal endp
    - mm/huge_memory: mark racy access onhuge_anon_orders_always
    - mm: fix khugepaged activation policy
    - x86/cpu/vfm: Add/initialize x86_vfm field to struct cpuinfo_x86
    - perf/x86/intel: Switch to new Intel CPU model defines
    - perf/x86/intel: Add a distinct name for Granite Rapids
    - drm/gpuvm: fix missing dependency to DRM_EXEC
    - netlink: specs: correct the spec of ethtool
    - ethtool: rss: echo the context number back
    - wifi: cfg80211: correct S1G beacon length calculation
    - ethtool: fix setting key and resetting indir at once
    - ice: modify error handling when setting XSK pool in ndo_bpf
    - ice: toggle netif_carrier when setting up XSK pool
    - ice: improve updating ice_{t,r}x_ring::xsk_pool
    - ice: xsk: fix txq interrupt mapping
    - drm/atomic: Allow userspace to use explicit sync with atomic async flips
    - drm/atomic: Allow userspace to use damage clips with async flips
    - riscv/purgatory: align riscv_kernel_entry
    - perf arch events: Fix duplicate RISC-V SBI firmware event name
    - RISC-V: Enable the IPI before workqueue_online_cpu()
    - ceph: force sending a cap update msg back to MDS for revoke op
    - drm/vmwgfx: Remove unused code
    - drm/vmwgfx: Fix handling of dumb buffers
    - drm/v3d: Prevent out of bounds access in performance query extensions
    - drm/v3d: Fix potential memory leak in the timestamp extension
    - drm/v3d: Fix potential memory leak in the performance extension
    - drm/v3d: Validate passed in drm syncobj handles in the timestamp extension
    - drm/v3d: Validate passed in drm syncobj handles in the performance extension
    - nouveau: set placement to original placement on uvmm validate.
    - wifi: ath12k: fix soft lockup on suspend
    - mptcp: pm: fix backup support in signal endpoints
    - selftests: mptcp: fix error path
    - Upstream stable to v6.6.45, v6.10.4

* [SRU] Fix AST DP output after resume (LP: #2083022) // Noble update:
    upstream stable patchset 2024-10-02 (LP: #2083488)
    - drm/ast: astdp: Wake up during connector status detection
    - drm/ast: Fix black screen after resume

* [SRU]Fail to locate the LED of NVME disk behind  Intel VMD (LP: #2077287) //
    Noble update: upstream stable patchset 2024-10-02 (LP: #2083488)
    - PCI: pciehp: Retain Power Indicator bits for userspace indicators

* Noble update: upstream stable patchset 2024-09-30 (LP: #2083196)
    - powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC
    - spi: spi-microchip-core: Fix the number of chip selects supported
    - spi: atmel-quadspi: Add missing check for clk_prepare
    - EDAC, i10nm: make skx_common.o a separate module
    - rcu/tasks: Fix stale task snaphot for Tasks Trace
    - platform/chrome: cros_ec_debugfs: fix wrong EC message version
    - ubd: refactor the interrupt handler
    - ubd: untagle discard vs write zeroes not support handling
    - block: initialize integrity buffer to zero before writing it to media
    - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS
    - hfsplus: fix to avoid false alarm of circular locking
    - x86/of: Return consistent error type from x86_of_pci_irq_enable()
    - x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
    - x86/pci/xen: Fix PCIBIOS_* return code handling
    - x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
    - cgroup/cpuset: Prevent UAF in proc_cpuset_show()
    - hwmon: (adt7475) Fix default duty on fan is disabled
    - block: Call .limit_depth() after .hctx has been set
    - block/mq-deadline: Fix the tag reservation code
    - md: Don't wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl
    - pwm: stm32: Always do lazy disabling
    - nvmet-auth: fix nvmet_auth hash error handling
    - drm/meson: fix canvas release in bind function
    - pwm: atmel-tcb: Fix race condition and convert to guards
    - hwmon: (max6697) Fix underflow when writing limit attributes
    - hwmon: (max6697) Fix swapped temp{1,8} critical alarms
    - arm64: dts: qcom: sc8180x: Correct PCIe slave ports
    - arm64: dts: qcom: sc8180x: add power-domain to UFS PHY
    - arm64: dts: qcom: sdm845: add power-domain to UFS PHY
    - arm64: dts: qcom: sm6115: add power-domain to UFS PHY
    - arm64: dts: qcom: sm6350: add power-domain to UFS PHY
    - arm64: dts: qcom: sm8250: add power-domain to UFS PHY
    - arm64: dts: qcom: sm8350: add power-domain to UFS PHY
    - arm64: dts: qcom: sm8450: add power-domain to UFS PHY
    - arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY
    - arm64: dts: qcom: sdm850-lenovo-yoga-c630: fix IPA firmware path
    - arm64: dts: qcom: msm8998: enable adreno_smmu by default
    - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init
    - soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data()
      callers
    - arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s
    - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s
    - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s
    - arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s
    - arm64: dts: qcom: msm8996: specify UFS core_clk frequencies
    - arm64: dts: qcom: sa8775p: mark ethernet devices as DMA-coherent
    - soc: xilinx: rename cpu_number1 to dummy_cpu_number
    - ARM: dts: sunxi: remove duplicated entries in makefile
    - ARM: dts: stm32: Add arm,no-tick-in-suspend to STM32MP15xx STGEN timer
    - arm64: dts: qcom: qrb4210-rb2: make L9A always-on
    - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe()
    - OPP: ti: Fix ti_opp_supply_probe wrong return values
    - memory: fsl_ifc: Make FSL_IFC config visible and selectable
    - arm64: dts: ti: k3-am62x: Drop McASP AFIFOs
    - arm64: dts: ti: k3-am625-beagleplay: Drop McASP AFIFOs
    - arm64: dts: ti: k3-am62-verdin: Drop McASP AFIFOs
    - arm64: dts: qcom: qdu1000: Add secure qfprom node
    - soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
    - soc: qcom: pdr: protect locator_addr with the main mutex
    - soc: qcom: pdr: fix parsing of domains lists
    - arm64: dts: rockchip: Increase VOP clk rate on RK3328
    - arm64: dts: amlogic: sm1: fix spdif compatibles
    - ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode
    - ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset
    - ARM: dts: imx6qdl-kontron-samx6i: fix board reset
    - ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects
    - ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity
    - arm64: dts: mediatek: mt8195: Fix GPU thermal zone name for SVS
    - arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property
    - arm64: dts: mediatek: mt8192-asurada: Add off-on-delay-us for
      pp3300_mipibrdg
    - arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux
    - arm64: dts: mediatek: mt8183-kukui: Fix the value of `dlg,jack-det-rate`
      mismatch
    - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625
    - arm64: dts: amlogic: gx: correct hdmi clocks
    - arm64: dts: amlogic: add power domain to hdmitx
    - arm64: dts: amlogic: setup hdmi system clock
    - arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a
    - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc
    - arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10
    - arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ
    - arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ
    - arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ
    - arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ
    - arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ
    - arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ
    - m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
    - arm64: dts: imx8mp: Fix pgc_mlmix location
    - arm64: dts: imx8mp: add HDMI power-domains
    - arm64: dts: imx8mp: Fix pgc vpu locations
    - x86/xen: Convert comma to semicolon
    - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu
    - arm64: dts: rockchip: fix regulator name for Lunzn Fastrhino R6xS
    - arm64: dts: rockchip: fix usb regulator for Lunzn Fastrhino R6xS
    - arm64: dts: rockchip: fix pmu_io supply for Lunzn Fastrhino R6xS
    - arm64: dts: rockchip: remove unused usb2 nodes for Lunzn Fastrhino R6xS
    - arm64: dts: rockchip: disable display subsystem for Lunzn Fastrhino R6xS
    - arm64: dts: rockchip: fixes PHY reset for Lunzn Fastrhino R68S
    - arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property
    - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC
      systems
    - m68k: cmpxchg: Fix return value for default case in __arch_xchg()
    - ARM: spitz: fix GPIO assignment for backlight
    - vmlinux.lds.h: catch .bss..L* sections into BSS")
    - firmware: turris-mox-rwtm: Do not complete if there are no waiters
    - firmware: turris-mox-rwtm: Fix checking return value of
      wait_for_completion_timeout()
    - firmware: turris-mox-rwtm: Initialize completion before mailbox
    - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
    - wifi: ath12k: Correct 6 GHz frequency value in rx status
    - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure
    - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer
    - selftests/bpf: Fix prog numbers in test_sockmap
    - net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
    - wifi: ath12k: change DMA direction while mapping reinjected packets
    - wifi: ath12k: fix invalid memory access while processing fragmented packets
    - wifi: ath12k: fix firmware crash during reo reinject
    - wifi: ath11k: fix wrong definition of CE ring's base address
    - wifi: ath12k: fix wrong definition of CE ring's base address
    - tcp: add tcp_done_with_error() helper
    - tcp: fix race in tcp_write_err()
    - tcp: fix races in tcp_v[46]_err()
    - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when
      CONFIG_ARCH_NO_SG_CHAIN is defined
    - selftests/bpf: Check length of recv in test_sockmap
    - udf: Fix lock ordering in udf_evict_inode()
    - lib: objagg: Fix general protection fault
    - mlxsw: spectrum_acl_erp: Fix object nesting warning
    - mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors
    - perf/x86: Serialize set_attr_rdpmc()
    - jump_label: Fix concurrency issues in static_key_slow_dec()
    - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers
    - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
    - wifi: cfg80211: handle 2x996 RU allocation in
      cfg80211_calculate_bitrate_he()
    - udf: Fix bogus checksum computation in udf_rename()
    - net: fec: Refactor: #define magic constants
    - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
    - libbpf: Checking the btf_type kind when fixing variable offsets
    - xfrm: Fix unregister netdevice hang on hardware offload.
    - ipvs: Avoid unnecessary calls to skb_is_gso_sctp
    - netfilter: nf_tables: rise cap on SELinux secmark context
    - wifi: rtw89: 8852b: fix definition of KIP register number
    - wifi: rtl8xxxu: 8188f: Limit TX power index
    - xfrm: Export symbol xfrm_dev_state_delete.
    - bpftool: Mount bpffs when pinmaps path not under the bpffs
    - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation
    - perf: Fix perf_aux_size() for greater-than 32-bit size
    - perf: Prevent passing zero nr_pages to rb_alloc_aux()
    - perf: Fix default aux_watermark calculation
    - perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake
    - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
    - xfrm: fix netdev reference count imbalance
    - xfrm: call xfrm_dev_policy_delete when kill policy
    - wifi: virt_wifi: avoid reporting connection success with wrong SSID
    - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey
    - wifi: virt_wifi: don't use strlen() in const context
    - locking/rwsem: Add __always_inline annotation to __down_write_common() and
      inlined callers
    - selftests/bpf: Close fd in error path in drop_on_reuseport
    - selftests/bpf: Null checks for links in bpf_tcp_ca
    - selftests/bpf: Close obj in error path in xdp_adjust_tail
    - selftests/resctrl: Convert perror() to ksft_perror() or ksft_print_msg()
    - selftests/resctrl: Fix closing IMC fds on error and open-code R+W instead of
      loops
    - bpf: annotate BTF show functions with __printf
    - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
    - bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o
    - bpf: Fix null pointer dereference in resolve_prog_type() for
      BPF_PROG_TYPE_EXT
    - selftests: forwarding: devlink_lib: Wait for udev events after reloading
    - Bluetooth: hci_bcm4377: Use correct unit for timeouts
    - Bluetooth: btintel: Refactor btintel_set_ppag()
    - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors
    - xdp: fix invalid wait context of page_pool_destroy()
    - net: bridge: mst: Check vlan state for egress decision
    - drm/rockchip: vop2: Fix the port mux of VP2
    - drm/arm/komeda: Fix komeda probe failing if there are no links in the
      secondary pipeline
    - drm/amdkfd: Fix CU Masking for GFX 9.4.3
    - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq()
    - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq()
    - drm/amd/pm: Fix aldebaran pcie speed reporting
    - drm/amdgpu: Fix memory range calculation
    - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit
    - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1
    - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on()
      better
    - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before
      regulators
    - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare()
    - drm/bridge: Fixed a DP link training bug
    - drm/bridge: it6505: fix hibernate to resume no display issue
    - media: pci: ivtv: Add check for DMA map result
    - media: imon: Fix race getting ictx->lock
    - media: i2c: Fix imx412 exposure control
    - media: v4l: async: Fix NULL pointer dereference in adding ancillary links
    - s390/mm: Convert make_page_secure to use a folio
    - s390/mm: Convert gmap_make_secure to use a folio
    - s390/uv: Don't call folio_wait_writeback() without a folio reference
    - media: mediatek: vcodec: Handle invalid decoder vsi
    - x86/shstk: Make return uprobe work with shadow stack
    - ipmi: ssif_bmc: prevent integer overflow on 32bit systems
    - saa7134: Unchecked i2c_transfer function result fixed
    - media: i2c: imx219: fix msr access command sequence
    - media: uvcvideo: Disable autosuspend for Insta360 Link
    - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922
    - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920
    - media: uvcvideo: Override default flags
    - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe()
    - drm: zynqmp_kms: Fix AUX bus not getting unregistered
    - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2
    - media: rcar-csi2: Disable runtime_pm in probe error
    - media: rcar-csi2: Cleanup subdevice in remove()
    - media: renesas: vsp1: Fix _irqsave and _irq mix
    - media: renesas: vsp1: Store RPF partition configuration per RPF instance
    - drm/mediatek: Add missing plane settings when async update
    - drm/mediatek: Use 8-bit alpha in ETHDR
    - drm/mediatek: Fix XRGB setting error in OVL
    - drm/mediatek: Fix XRGB setting error in Mixer
    - drm/mediatek: Fix destination alpha error in OVL
    - drm/mediatek: Turn off the layers with zero width or height
    - drm/mediatek: Add OVL compatible name for MT8195
    - media: imx-jpeg: Drop initial source change event if capture has been setup
    - leds: trigger: Unregister sysfs attributes before calling deactivate()
    - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC
    - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op
    - perf test: Make test_arm_callgraph_fp.sh more robust
    - perf pmus: Fixes always false when compare duplicates aliases
    - perf report: Fix condition in sort__sym_cmp()
    - drm/etnaviv: fix DMA direction handling for cached RW buffers
    - drm/qxl: Add check for drm_cvt_mode
    - Revert "leds: led-core: Fix refcount leak in of_led_get()"
    - drm/mediatek: Remove less-than-zero comparison of an unsigned value
    - ext4: fix infinite loop when replaying fast_commit
    - drm/mediatek/dp: switch to ->edid_read callback
    - drm/mediatek/dp: Fix spurious kfree()
    - media: venus: flush all buffers in output plane streamoff
    - perf intel-pt: Fix aux_watermark calculation for 64-bit size
    - perf intel-pt: Fix exclude_guest setting
    - mfd: rsmu: Split core code into separate module
    - mfd: omap-usb-tll: Use struct_size to allocate tll
    - xprtrdma: Fix rpcrdma_reqs_reset()
    - SUNRPC: avoid soft lockup when transmitting UDP to reachable server.
    - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
    - ext4: don't track ranges in fast_commit if inode has inlined data
    - ext4: avoid writing unitialized memory to disk in EA inodes
    - leds: flash: leds-qcom-flash: Test the correct variable in init
    - sparc64: Fix incorrect function signature and add prototype for
      prom_cif_init
    - SUNRPC: Fixup gss_status tracepoint error output
    - iio: Fix the sorting functionality in iio_gts_build_avail_time_table
    - PCI: Fix resource double counting on remove & rescan
    - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode()
    - PCI: keystone: Don't enable BAR 0 for AM654x
    - PCI: keystone: Fix NULL pointer dereference in case of DT error in
      ks_pcie_setup_rc_app_regs()
    - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
    - scsi: ufs: mcq: Fix missing argument 'hba' in MCQ_OPR_OFFSET_n
    - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock
    - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs
    - iio: frequency: adrf6780: rm clk provider include
    - coresight: Fix ref leak when of_coresight_parse_endpoint() fails
    - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE
    - ASoc: tas2781: Enable RCA-based playback without DSP firmware download
    - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers
    - usb: typec-mux: nb7vpq904m: unregister typec switch on probe error and
      remove
    - RDMA/cache: Release GID table even if leak is detected
    - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable
    - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags
    - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags
    - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable
    - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's
    - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID
    - Input: qt1050 - handle CHIP_ID reading error
    - RDMA/mlx4: Fix truncated output warning in mad.c
    - RDMA/mlx4: Fix truncated output warning in alias_GUID.c
    - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled
    - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
    - ASoC: qcom: Adjust issues in case of DT error in
      asoc_qcom_lpass_cpu_platform_probe()
    - scsi: lpfc: Fix a possible null pointer dereference
    - hwrng: core - Fix wrong quality calculation at hw rng registration
    - powerpc/prom: Add CPU info to hardware description string later
    - ASoC: max98088: Check for clk_prepare_enable() error
    - mtd: make mtd_test.c a separate module
    - RDMA/device: Return error earlier if port in not valid
    - Input: elan_i2c - do not leave interrupt disabled on suspend failure
    - ASoC: amd: Adjust error handling in case of absent codec device
    - PCI: endpoint: Clean up error handling in vpci_scan_bus()
    - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup()
    - vhost/vsock: always initialize seqpacket_allow
    - net: missing check virtio
    - nvmem: rockchip-otp: set add_legacy_fixed_of_cells config option
    - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param()
    - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error
    - clk: qcom: Park shared RCGs upon registration
    - clk: en7523: fix rate divider for slic and spi clocks
    - MIPS: Octeron: remove source file executable bit
    - PCI: qcom-ep: Disable resources unconditionally during PERST# assert
    - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot
    - powerpc/xmon: Fix disassembly CPU feature checks
    - macintosh/therm_windtunnel: fix module unload.
    - RDMA/hns: Check atomic wr length
    - RDMA/hns: Fix unmatch exception handling when init eq table fails
    - RDMA/hns: Fix missing pagesize and alignment check in FRMR
    - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0
    - RDMA/hns: Fix undifined behavior caused by invalid max_sge
    - RDMA/hns: Fix insufficient extend DB for VFs.
    - iommu/vt-d: Fix identity map bounds in si_domain_init()
    - RDMA/core: Remove NULL check before dev_{put, hold}
    - RDMA: Fix netdev tracker in ib_device_set_netdev
    - bnxt_re: Fix imm_data endianness
    - netfilter: ctnetlink: use helper function to calculate expect ID
    - netfilter: nf_set_pipapo: fix initial map fill
    - ipvs: properly dereference pe in ip_vs_add_service
    - gve: Fix XDP TX completion handling when counters overflow
    - net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
    - ipv4: Fix incorrect TOS in route get reply
    - ipv4: Fix incorrect TOS in fibmatch route get reply
    - net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports
    - net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports
    - fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT
    - fs/ntfs3: Fix transform resident to nonresident for compressed files
    - fs/ntfs3: Deny getting attr data block in compressed frame
    - fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting
    - fs/ntfs3: Fix getting file type
    - fs/ntfs3: Add missing .dirty_folio in address_space_operations
    - pinctrl: rockchip: update rk3308 iomux routes
    - pinctrl: core: fix possible memory leak when pinctrl_enable() fails
    - pinctrl: single: fix possible memory leak when pinctrl_enable() fails
    - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable()
      fails
    - pinctrl: freescale: mxs: Fix refcount of child
    - fs/ntfs3: Replace inode_trylock with inode_lock
    - fs/ntfs3: Correct undo if ntfs_create_inode failed
    - fs/ntfs3: Drop stray '\' (backslash) in formatting string
    - fs/ntfs3: Fix field-spanning write in INDEX_HDR
    - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix
    - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes
    - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes
    - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes
    - pinctrl: renesas: r8a779g0: Fix IRQ suffixes
    - pinctrl: renesas: r8a779g0: FIX PWM suffixes
    - pinctrl: renesas: r8a779g0: Fix TCLK suffixes
    - pinctrl: renesas: r8a779g0: Fix TPU suffixes
    - fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP
    - fs/proc/task_mmu.c: add_to_pagemap: remove useless parameter addr
    - fs/proc/task_mmu: don't indicate PM_MMAP_EXCLUSIVE without PM_PRESENT
    - fs/proc/task_mmu: properly detect PM_MMAP_EXCLUSIVE per page of PMD-mapped
      THPs
    - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
    - rtc: interface: Add RTC offset to alarm after fix-up
    - fs/ntfs3: Fix the format of the "nocase" mount option
    - fs/ntfs3: Missed error return
    - fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP
    - powerpc/8xx: fix size given to set_huge_pte_at()
    - s390/dasd: fix error checks in dasd_copy_pair_store()
    - sbitmap: use READ_ONCE to access map->word
    - sbitmap: fix io hung due to race on sbitmap_word::cleared
    - LoongArch: Check TIF_LOAD_WATCH to enable user space watchpoint
    - landlock: Don't lose track of restrictions on cred_transfer
    - hugetlb: force allocating surplus hugepages on mempolicy allowed nodes
    - mm/hugetlb: fix possible recursive locking detected warning
    - mm/mglru: fix div-by-zero in vmpressure_calc_level()
    - mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
    - mm/mglru: fix overshooting shrinker memory
    - x86/efistub: Avoid returning EFI_SUCCESS on error
    - x86/efistub: Revert to heap allocated boot_params for PE entrypoint
    - exfat: fix potential deadlock on __exfat_get_dentry_set
    - dt-bindings: thermal: correct thermal zone node name limit
    - tick/broadcast: Make takeover of broadcast hrtimer reliable
    - net: netconsole: Disable target before netpoll cleanup
    - af_packet: Handle outgoing VLAN packets without hardware offloading
    - btrfs: fix extent map use-after-free when adding pages to compressed bio
    - kernel: rerun task_work while freezing in get_signal()
    - ipv4: fix source address selection with route leak
    - ipv6: take care of scope when choosing the src addr
    - NFSD: Support write delegations in LAYOUTGET
    - sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE
      tasks
    - fuse: verify {g,u}id mount options correctly
    - ata: libata-scsi: Fix offsets for the fixed format sense data
    - char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
    - media: venus: fix use after free in vdec_close
    - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1
    - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
    - ext2: Verify bitmap and itable block numbers before using them
    - io_uring/io-wq: limit retrying worker initialisation
    - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
    - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
    - scsi: qla2xxx: Fix optrom version displayed in FDMI
    - drm/amd/display: Check for NULL pointer
    - apparmor: use kvfree_sensitive to free data->data
    - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error
      path
    - cifs: fix reconnect with SMB1 UNIX Extensions
    - cifs: mount with "unix" mount option for SMB1 incorrectly handled
    - task_work: s/task_work_cancel()/task_work_cancel_func()/
    - task_work: Introduce task_work_cancel() again
    - udf: Avoid using corrupted block bitmap buffer
    - m68k: amiga: Turn off Warp1260 interrupts during boot
    - ext4: check dot and dotdot of dx_root before making dir indexed
    - ext4: make sure the first directory block is not a hole
    - io_uring: tighten task exit cancellations
    - trace/pid_list: Change gfp flags in pid_list_fill_irq()
    - selftests/landlock: Add cred_transfer test
    - wifi: mwifiex: Fix interface type change
    - wifi: rtw88: usb: Fix disconnection after beacon loss
    - drivers: soc: xilinx: check return status of get_api_version()
    - leds: ss4200: Convert PCIBIOS_* return codes to errnos
    - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties()
    - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()
    - jbd2: make jbd2_journal_get_max_txn_bufs() internal
    - jbd2: precompute number of transaction descriptor blocks
    - jbd2: avoid infinite transaction commit loop
    - media: uvcvideo: Fix integer overflow calculating timestamp
    - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked()
    - KVM: nVMX: Request immediate exit iff pending nested event needs injection
    - ALSA: ump: Don't update FB name for static blocks
    - ALSA: ump: Force 1 Group for MIDI1 FBs
    - ALSA: usb-audio: Fix microphone sound on HD webcam.
    - ALSA: usb-audio: Move HD Webcam quirk to the right place
    - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera
    - tools/memory-model: Fix bug in lock.cat
    - hwrng: amd - Convert PCIBIOS_* return codes to errnos
    - parisc: Fix warning at drivers/pci/msi/msi.h:121
    - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
    - PCI: dw-rockchip: Fix initial PERST# GPIO value
    - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
    - PCI: loongson: Enable MSI in LS7A Root Complex
    - binder: fix hang of unregistered readers
    - hostfs: fix dev_t handling
    - efi/libstub: Zero initialize heap allocated struct screen_info
    - fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed
    - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
    - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value
    - f2fs: fix to force buffered IO on inline_data inode
    - f2fs: fix to don't dirty inode for readonly filesystem
    - f2fs: fix return value of f2fs_convert_inline_inode()
    - f2fs: use meta inode for GC of atomic file
    - f2fs: use meta inode for GC of COW file
    - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
    - ubi: eba: properly rollback inside self_check_eba
    - block: fix deadlock between sd_remove & sd_release
    - mm: fix old/young bit handling in the faulting path
    - decompress_bunzip2: fix rare decompression failure
    - kbuild: Fix '-S -c' in x86 stack protector scripts
    - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare
    - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2
    - kobject_uevent: Fix OOB access within zap_modalias_env()
    - gve: Fix an edge case for TSO skb validity check
    - ice: Add a per-VF limit on number of FDIR filters
    - devres: Fix devm_krealloc() wasting memory
    - devres: Fix memory leakage caused by driver API devm_free_percpu()
    - irqdomain: Fixed unbalanced fwnode get and put
    - irqchip/imx-irqsteer: Handle runtime power management correctly
    - mm/numa_balancing: teach mpol_to_str about the balancing mode
    - rtc: cmos: Fix return value of nvmem callbacks
    - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE
      state
    - scsi: qla2xxx: During vport delete send async logout explicitly
    - scsi: qla2xxx: Unable to act on RSCN for port online
    - scsi: qla2xxx: Fix for possible memory corruption
    - scsi: qla2xxx: Use QP lock to search for bsg
    - scsi: qla2xxx: Reduce fabric scan duplicate code
    - scsi: qla2xxx: Fix flash read failure
    - scsi: qla2xxx: Complete command early within lock
    - scsi: qla2xxx: validate nvme_local_port correctly
    - perf: Fix event leak upon exit
    - perf: Fix event leak upon exec and file release
    - perf stat: Fix the hard-coded metrics calculation on the hybrid
    - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR
    - perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake
    - perf/x86/intel/pt: Fix topa_entry base length
    - perf/x86/intel/pt: Fix a topa_entry base address calculation
    - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8
    - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
    - drm/udl: Remove DRM_CONNECTOR_POLL_HPD
    - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume
    - drm/amdgpu: reset vm state machine after gpu reset(vram lost)
    - drm/amd/amdgpu: Fix uninitialized variable warnings
    - drm/i915/dp: Reset intel_dp->link_trained before retraining the link
    - drm/i915/dp: Don't switch the LTTPR mode on an active link
    - rtc: isl1208: Fix return value of nvmem callbacks
    - rtc: abx80x: Fix return value of nvmem callback on read
    - watchdog/perf: properly initialize the turbo mode timestamp and rearm
      counter
    - platform: mips: cpu_hwmon: Disable driver on unsupported hardware
    - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
    - selftests/sigaltstack: Fix ppc64 GCC build
    - dm-verity: fix dm_is_verity_target() when dm-verity is builtin
    - rbd: don't assume rbd_is_lock_owner() for exclusive mappings
    - remoteproc: stm32_rproc: Fix mailbox interrupts queuing
    - remoteproc: imx_rproc: Skip over memory region when node value is NULL
    - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init
    - MIPS: dts: loongson: Add ISA node
    - MIPS: ip30: ip30-console: Add missing include
    - MIPS: dts: loongson: Fix GMAC phy node
    - MIPS: Loongson64: env: Hook up Loongsson-2K
    - MIPS: Loongson64: Remove memory node for builtin-dtb
    - MIPS: Loongson64: reset: Prioritise firmware service
    - MIPS: Loongson64: Test register availability before use
    - drm/etnaviv: don't block scheduler when GPU is still active
    - drm/panfrost: Mark simple_ondemand governor as softdep
    - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait
    - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings
    - lib/build_OID_registry: don't mention the full path of the script in output
    - video: logo: Drop full path of the input filename in generated file
    - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables
    - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
    - minmax: scsi: fix mis-use of 'clamp()' in sr.c
    - mm/mglru: fix ineffective protection calculation
    - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal
    - f2fs: fix to truncate preallocated blocks in f2fs_file_open()
    - kdb: address -Wformat-security warnings
    - kdb: Use the passed prompt in kdb_position_cursor()
    - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels
    - phy: cadence-torrent: Check return value on register read
    - phy: zynqmp: Enable reference clock correctly
    - um: time-travel: fix time-travel-start option
    - um: time-travel: fix signal blocking race/hang
    - f2fs: fix start segno of large section
    - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get()
    - watchdog: rzg2l_wdt: Check return status of pm_runtime_put()
    - f2fs: fix to update user block counts in block_operations()
    - kbuild: avoid build error when single DTB is turned into composite DTB
    - selftests/bpf: fexit_sleep: Fix stack allocation for arm64
    - libbpf: Fix no-args func prototype BTF dumping syntax
    - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash
    - dma: fix call order in dmam_free_coherent
    - bpf, events: Use prog to emit ksymbol event for main program
    - tools/resolve_btfids: Fix comparison of distinct pointer types warning in
      resolve_btfids
    - MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
    - ipv4: Fix incorrect source address in Record Route option
    - net: bonding: correctly annotate RCU in bond_should_notify_peers()
    - ice: Fix recipe read procedure
    - netfilter: nft_set_pipapo_avx2: disable softinterrupts
    - net: stmmac: Correct byte order of perfect_match
    - net: nexthop: Initialize all fields in dumped nexthops
    - bpf: Fix a segment issue when downgrading gso_size
    - apparmor: Fix null pointer deref when receiving skb during sock creation
    - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
    - lirc: rc_dev_get_from_fd(): fix file leak
    - auxdisplay: ht16k33: Drop reference after LED registration
    - ASoC: SOF: imx8m: Fix DSP control regmap retrieval
    - spi: microchip-core: fix the issues in the isr
    - spi: microchip-core: defer asserting chip select until just before write to
      TX FIFO
    - spi: microchip-core: only disable SPI controller when register value change
      requires it
    - spi: microchip-core: fix init function not setting the master and motorola
      modes
    - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
    - nvme-pci: Fix the instructions for disabling power management
    - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform
    - spi: spidev: add correct compatible for Rohm BH2228FV
    - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable
    - ASoC: TAS2781: Fix tasdev_load_calibrated_data()
    - ceph: fix incorrect kmalloc size of pagevec mempool
    - s390/pci: Refactor arch_setup_msi_irqs()
    - s390/pci: Allow allocation of more than 1 MSI interrupt
    - s390/cpum_cf: Fix endless loop in CF_DIAG event stop
    - iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
    - io_uring: fix io_match_task must_hold
    - nvme-pci: add missing condition check for existence of mapped data
    - fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT
    - md/raid0: don't free conf on raid0_run failure
    - md/raid1: don't free conf on raid0_run failure
    - io_uring: Fix probe of disabled operations
    - cgroup/cpuset: Optimize isolated partition only generate_sched_domains()
      calls
    - cgroup/cpuset: Fix remote root partition creation problem
    - x86/syscall: Mark exit[_group] syscall handlers __noreturn
    - perf: arm_pmuv3: Avoid assigning fixed cycle counter with threshold
    - md/raid5: recheck if reshape has finished with device_lock held
    - hwmon: (ltc2991) re-order conditions to fix off by one bug
    - arm64: smp: Fix missing IPI statistics
    - arm64: dts: qcom: sc7280: Remove CTS/RTS configuration
    - ARM: dts: qcom: msm8226-microsoft-common: Enable smbb explicitly
    - OPP: Fix missing cleanup on error in _opp_attach_genpd()
    - arm64: dts: qcom: sc8280xp-*: Remove thermal zone polling delays
    - arm64: dts: ti: k3-am62-main: Fix the reg-range for main_pktdma
    - arm64: dts: ti: k3-am62a-main: Fix the reg-range for main_pktdma
    - arm64: dts: ti: k3-am62p-main: Fix the reg-range for main_pktdma
    - arm64: dts: ti: k3-am62a7: Drop McASP AFIFOs
    - arm64: dts: ti: k3-am62p5: Drop McASP AFIFOs
    - arm64: dts: ti: k3-am62p5-sk: Fix pinmux for McASP1 TX
    - arm64: dts: qcom: sc7180-trogdor: Disable pwmleds node where unused
    - arm64: dts: mediatek: mt8192: Fix GPU thermal zone name for SVS
    - arm64: dts: mediatek: mt8183-pico6: Fix wake-on-X event node names
    - arm64: dts: renesas: r9a08g045: Add missing hypervisor virtual timer IRQ
    - cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons
    - wifi: mac80211: cancel multi-link reconf work on disconnect
    - wifi: ath11k: refactor setting country code logic
    - wifi: ath11k: restore country code during resume
    - net: ethernet: cortina: Restore TSO support
    - tcp: fix races in tcp_abort()
    - hns3: avoid linking objects into multiple modules
    - sched/core: Move preempt_model_*() helpers from sched.h to preempt.h
    - sched/core: Drop spinlocks on contention iff kernel is preemptible
    - net: dsa: ksz_common: Allow only up to two HSR HW offloaded ports for
      KSZ9477
    - libbpf: Skip base btf sanity checks
    - wifi: mac80211: add ieee80211_tdls_sta_link_id()
    - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant()
    - wifi: ath12k: advertise driver capabilities for MBSSID and EMA
    - riscv, bpf: Fix out-of-bounds issue when preparing trampoline image
    - perf/x86/amd/uncore: Avoid PMU registration if counters are unavailable
    - perf/x86/amd/uncore: Fix DF and UMC domain identification
    - NFSD: Fix nfsdcld warning
    - net: page_pool: fix warning code
    - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
    - Bluetooth: hci_event: Set QoS encryption from BIGInfo report
    - Bluetooth: hci_core, hci_sync: cleanup struct discovery_state
    - Bluetooth: Fix usage of __hci_cmd_sync_status
    - tcp: Don't access uninit tcp_rsk(req)->ao_keyid in
      tcp_create_openreq_child().
    - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators
    - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare()
    - drm/amd/display: Move 'struct scaler_data' off stack
    - media: i2c: hi846: Fix V4L2_SUBDEV_FORMAT_TRY get_selection()
    - drm/msm/dpu: fix encoder irq wait skip
    - drm/msm/dpu: drop duplicate drm formats from wb2_formats arrays
    - drm/msm/dp: fix runtime_pm handling in dp_wait_hpd_asserted
    - perf maps: Switch from rbtree to lazily sorted array for addresses
    - perf maps: Fix use after free in __maps__fixup_overlap_and_insert
    - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll
    - drm/i915/psr: Print Panel Replay status instead of frame lock status
    - drm/mediatek: Set DRM mode configs accordingly
    - drm/msm/dsi: set video mode widebus enable bit when widebus is enabled
    - tools/perf: Fix the string match for "/tmp/perf-$PID.map" files in dso__load
    - drm/amd/display: Add null check before access structs
    - nfs: pass explicit offset/count to trace events
    - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in
      pci_epf_test_core_init()
    - PCI: tegra194: Set EP alignment restriction for inbound ATU
    - riscv: smp: fail booting up smp if inconsistent vlen is detected
    - clk: meson: s4: fix fixed_pll_dco clock
    - clk: meson: s4: fix pwm_j_div parent clock
    - usb: typec-mux: ptn36502: unregister typec switch on probe error and remove
    - mtd: spi-nor: winbond: fix w25q128 regression
    - iommufd/selftest: Fix dirty bitmap tests with u8 bitmaps
    - iommufd/selftest: Fix iommufd_test_dirty() to handle <u8 bitmaps
    - iommufd/selftest: Add tests for <= u8 bitmap sizes
    - iommufd/selftest: Fix tests to use MOCK_PAGE_SIZE based buffer sizes
    - iommufd/iova_bitmap: Check iova_bitmap_done() after set ahead
    - clk: qcom: gcc-x1e80100: Fix halt_check for all pipe clocks
    - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
    - kvm: s390: Reject memory region operations for ucontrol VMs
    - eeprom: ee1004: Call i2c_new_scanned_device to instantiate thermal sensor
    - clk: qcom: gcc-x1e80100: Set parent rate for USB3 sec and tert PHY pipe clks
    - workqueue: Introduce from_work() helper for cleaner callback declarations
    - RDMA/hns: Fix mbx timing out before CMD execution is completed
    - crypto: mxs-dcp - Ensure payload is zero when using key slot
    - RDMA/mana_ib: Enable RoCE on port 1
    - RDMA/mana_ib: set node_guid
    - rtc: tps6594: Fix memleak in probe
    - selftests/damon/access_memory: use user-defined region size
    - md-cluster: fix hanging issue while a new disk adding
    - power: supply: ab8500: Fix error handling when calling
      iio_read_channel_processed()
    - power: supply: ingenic: Fix some error handling paths in
      ingenic_battery_get_property()
    - remoteproc: mediatek: Don't attempt to remap l1tcm memory if missing
    - remoteproc: k3-r5: Fix IPC-only mode detection
    - mailbox: imx: fix TXDB_V2 channel race condition
    - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after
      devm_pm_runtime_enable()
    - mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit
      machines
    - mm/huge_memory: avoid PMD-size page cache if needed
    - thermal/drivers/broadcom: Fix race between removal and clock disable
    - workqueue: Always queue work items to the newest PWQ for order workqueues
    - ipv6: fix source address selection with route leak
    - drm/xe: Use write-back caching mode for system memory on DGFX
    - md/raid5: fix spares errors about rcu usage
    - media: stm32: dcmipp: correct error handling in dcmipp_create_subdevs
    - tpm_tis_spi: add missing attpm20p SPI device ID entry
    - sysctl: always initialize i_uid/i_gid
    - media: i2c: Kconfig: Fix missing firmware upload config select
    - genirq: Set IRQF_COND_ONESHOT in request_irq()
    - cpufreq: qcom-nvmem: fix memory leaks in probe error paths
    - leds: triggers: Flush pending brightness before activating trigger
    - media: i2c: alvium: Move V4L2_CID_GAIN to V4L2_CID_ANALOG_GAIN
    - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector
    - KVM: nVMX: Check for pending posted interrupts when looking for nested
      events
    - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models
    - fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes
    - drm/fbdev-dma: Fix framebuffer mode for big endian devices
    - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL
    - dmaengine: fsl-edma: clean up unused "fsl,imx8qm-adma" compatible string
    - dmaengine: fsl-edma: change the memory access from local into remote mode in
      i.MX 8QM
    - clk: samsung: fix getting Exynos4 fin_pll rate from external clocks
    - bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone
    - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin
      format
    - arch: um: rust: Use the generated target.json again
    - f2fs: fix null reference error when checking end of zone
    - selftests: forwarding: skip if kernel not support setting bridge fdb
      learning limit
    - xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len
    - drm/xe/exec: Fix minor bug related to xe_sync_entry_cleanup
    - thermal: trip: Split thermal_zone_device_set_mode()
    - apparmor: unpack transition table if dfa is not present
    - i3c: mipi-i3c-hci: Fix number of DAT/DCT entries for HCI versions < 1.1
    - selinux,smack: remove the capability checks in the removexattr hooks
    - selftests/bpf: DENYLIST.aarch64: Skip fexit_sleep again
    - nilfs2: handle inconsistent state in nilfs_btnode_create_block()
    - Upstream stable to v6.6.44, v6.10.3

* Noble update: upstream stable patchset 2024-09-30 (LP: #2083196) //
    CVE-2024-42284
    - tipc: Return non-zero value from tipc_udp_addr2str() on error

* CVE-2024-44987
    - ipv6: prevent UAF in ip6_send_skb()

* CVE-2024-42301
    - dev/parport: fix the array out-of-bounds risk

* CVE-2024-44998
    - atm: idt77252: prevent use after free in dequeue_rx()

-- Mehmet Basaran <mehmet.basaran@canonical.com>  Sat, 09 Nov 2024 18:54:16 +0300

Changed in linux (Ubuntu Noble):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-12-12:

#15

Download full text (3.4 KiB)

This bug was fixed in the package linux - 6.11.0-12.13

---------------
linux (6.11.0-12.13) oracular; urgency=medium

* oracular/linux: 6.11.0-12.13 -proposed tracker (LP: #2089269)

  * LXD fan bridge causes blocked tasks (LP: #2064176)
    - SAUCE: fan: release rcu_read_lock on skb discard path
    - SAUCE: fan: fix racy device stat update

* OVTI08F4:00: number of CSI2 data lanes 2 is not supported (LP: #2084059)
- SAUCE: media: ipu-bridge: Add support for additional link frequencies

* [Oracular] Allow overriding Rust tools (LP: #2084693)
- [Packaging] Allow rust overrides

  * Intel(R) PRO/1000 I219 ethernet adapter [8086:550c] may block entrance of
    modern standby (LP: #2081130)
    - platform/x86: intel/pmc: Ignore all LTRs during suspend
    - e1000e: change I219 (19) devices to ADP
    - x86/apic: Always explicitly disarm TSC-deadline timer

  * Need driver support for Realtek RTL8126A rev.b 5Gbps ethernet [10ec:8126]
    (LP: #2079017)
    - r8169: add support for RTL8126A rev.b
    - r8169: add missing MODULE_FIRMWARE entry for RTL8126A rev.b

* Missing device ID for amd_atl driver for AMD Strix platform (LP: #2083292)
- SAUCE: x86/amd_nb: Add new PCI ID for AMD family 1Ah model 20h

* Lack of UART boot output on rb3gen2 even with earlycon (LP: #2083559)
- [Config] move qcom clk and serial options as builtin

  * r8169: transmit queue 0 timed out error when re-plugging the Ethernet cable
    (LP: #2084526)
    - r8169: disable ALDPS per default for RTL8125

  * Dell Alienware sysytem reports errors of dell_wmi_sysman and dell_smbios in
    demsg (LP: #2084808)
    - platform/x86: dell-sysman: add support for alienware products

* Add Intel Arrow Lake-H LPSS PCI IDs (LP: #2083905)
- mfd: intel-lpss: Add Intel Arrow Lake-H LPSS PCI IDs

* rtw89: reset IDMEM mode to prevent download firmware failure (LP: #2077396)
- wifi: rtw89: 885xb: reset IDMEM mode to prevent download firmware failure

* Missing Bluetooth device IDs for new Mediatek MT7920/MT7925 (LP: #2078878)
- SAUCE: Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925

* rtw89: Support hardware rfkill (LP: #2077384)
- wifi: rtw89: add support for hardware rfkill

  * [SRU] uncore: Add ARL and LNL support on 6.11 (LP: #2081810)
    - perf/x86/intel/uncore: Add Arrow Lake support
    - perf/x86/intel/uncore: Factor out common MMIO init and ops functions
    - perf/x86/intel/uncore: Add Lunar Lake support
    - perf/x86/intel/uncore: Add LNL uncore iMC freerunning support
    - perf/x86/intel/uncore: Use D0:F0 as a default device

* Support Qualcomm WCN7851 Dual Bluetooth Adapter 0489:E0F3 (LP: #2081796)
- SAUCE: Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x

  * The system hangs after resume with thunderbolt monitor(AMD GPU [1002:1900])
    (LP: #2083182)
    - SAUCE: drm/amd/display: Fix system hang while resume with TBT monitor

* UBSAN: array-index-out-of-bounds in module mt76 (LP: #2081785)
- wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc

  * Missing devices nodes for AMD Instinct MI300 card when installed along with
    integrated display (LP: #2078773)
    -...

This bug was fixed in the package linux - 6.11.0-12.13

---------------
linux (6.11.0-12.13) oracular; urgency=medium

* oracular/linux: 6.11.0-12.13 -proposed tracker (LP: #2089269)

* LXD fan bridge causes blocked tasks (LP: #2064176)
    - SAUCE: fan: release rcu_read_lock on skb discard path
    - SAUCE: fan: fix racy device stat update

* OVTI08F4:00: number of CSI2 data lanes 2 is not supported (LP: #2084059)
    - SAUCE: media: ipu-bridge: Add support for additional link frequencies

* [Oracular] Allow overriding Rust tools (LP: #2084693)
    - [Packaging] Allow rust overrides

* Missing device ID for amd_atl driver for AMD Strix platform (LP: #2083292)
    - SAUCE: x86/amd_nb: Add new PCI ID for AMD family 1Ah model 20h

* Lack of UART boot output on rb3gen2 even with earlycon (LP: #2083559)
    - [Config] move qcom clk and serial options as builtin

* r8169: transmit queue 0 timed out error when re-plugging the Ethernet cable
    (LP: #2084526)
    - r8169: disable ALDPS per default for RTL8125

* Dell Alienware sysytem reports errors of dell_wmi_sysman and dell_smbios in
    demsg (LP: #2084808)
    - platform/x86: dell-sysman: add support for alienware products

* Add Intel Arrow Lake-H LPSS PCI IDs (LP: #2083905)
    - mfd: intel-lpss: Add Intel Arrow Lake-H LPSS PCI IDs

* rtw89: reset IDMEM mode to prevent download firmware failure (LP: #2077396)
    - wifi: rtw89: 885xb: reset IDMEM mode to prevent download firmware failure

* Missing Bluetooth device IDs for new Mediatek MT7920/MT7925 (LP: #2078878)
    - SAUCE: Bluetooth: btusb: Add USB HW IDs for MT7920/MT7925

* rtw89: Support hardware rfkill (LP: #2077384)
    - wifi: rtw89: add support for hardware rfkill

* Support Qualcomm WCN7851 Dual Bluetooth Adapter 0489:E0F3 (LP: #2081796)
    - SAUCE: Bluetooth: btusb: Add one more ID 0x0489:0xe0f3 for Qualcomm WCN785x

* The system hangs after resume with thunderbolt monitor(AMD GPU [1002:1900])
    (LP: #2083182)
    - SAUCE: drm/amd/display: Fix system hang while resume with TBT monitor

* UBSAN: array-index-out-of-bounds in module mt76 (LP: #2081785)
    - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc

* Missing devices nodes for AMD Instinct MI300 card when installed along with
    integrated display (LP: #2078773)
    - drm: Use XArray instead of IDR for minors
    - accel: Use XArray instead of IDR for minors
    - drm: Expand max DRM device number to full MINORBITS

-- Mehmet Basaran <mehmet.basaran@canonical.com>  Thu, 21 Nov 2024 21:01:08 +0300

Changed in linux (Ubuntu Oracular):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2024-12-12:

#16

This bug is awaiting verification that the linux-lowlatency-hwe-6.11/6.11.0-1007.7~24.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-lowlatency-hwe-6.11' to 'verification-done-noble-linux-lowlatency-hwe-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-lowlatency-hwe-6.11' to 'verification-failed-noble-linux-lowlatency-hwe-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-lowlatency-hwe-6.11-v2 verification-needed-noble-linux-lowlatency-hwe-6.11

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-12-16:

#17

Download full text (43.9 KiB)

This bug was fixed in the package linux - 5.15.0-127.137

---------------
linux (5.15.0-127.137) jammy; urgency=medium

* jammy/linux: 5.15.0-127.137 -proposed tracker (LP: #2086357)

This bug was fixed in the package linux - 5.15.0-127.137

---------------
linux (5.15.0-127.137) jammy; urgency=medium

* jammy/linux: 5.15.0-127.137 -proposed tracker (LP: #2086357)

* Jammy update: v5.15.168 upstream stable release (LP: #2086242)
    - parisc: Fix 64-bit userspace syscall path
    - parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
    - of/irq: Support #msi-cells=<0> in of_msi_get_domain
    - drm: omapdrm: Add missing check for alloc_ordered_workqueue
    - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
    - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
    - mm: krealloc: consider spare memory for __GFP_ZERO
    - ocfs2: fix the la space leak when unmounting an ocfs2 volume
    - ocfs2: fix uninit-value in ocfs2_get_block()
    - ocfs2: reserve space for inline xattr before attaching reflink tree
    - ocfs2: cancel dqi_sync_work before freeing oinfo
    - ocfs2: remove unreasonable unlock in ocfs2_read_blocks
    - ocfs2: fix null-ptr-deref when journal load failed.
    - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
    - usbnet: ipheth: fix carrier detection in modes 1 and 4
    - net: ethernet: use ip_hdrlen() instead of bit shift
    - net: phy: vitesse: repair vsc73xx autonegotiation
    - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
    - btrfs: update target inode's ctime on unlink
    - Input: ads7846 - ratelimit the spi_sync error message
    - Input: synaptics - enable SMBus for HP Elitebook 840 G2
    - HID: multitouch: Add support for GT7868Q
    - scripts: kconfig: merge_config: config files: add a trailing newline
    - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3
    - drm/msm/adreno: Fix error return if missing firmware-name
    - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
    - NFSv4: Fix clearing of layout segments in layoutreturn
    - NFS: Avoid unnecessary rescanning of the per-server delegation list
    - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
    - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
    - mptcp: pm: Fix uaf in __timer_delete_sync
    - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
      Puma
    - minmax: reduce min/max macro expansion in atomisp driver
    - net: tighten bad gso csum offset check in virtio_net_hdr
    - mm: avoid leaving partial pfn mappings around in error case
    - fs/ntfs3: Use kvfree to free memory allocated by kvmalloc
    - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
    - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
    - selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected()
    - hwmon: (pmbus) Introduce and use write_byte_data callback
    - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >=
      1.2
    - ice: fix accounting for filters shared by multiple VSIs
    - igb: Always call igb_xdp_ring_update_tail() under Tx lock
    - net/mlx5e: Add missing link modes to ptys2ethtool_map
    - net/mlx5: Explicitly set scheduling element and TSAR type
    - net/mlx5: Add support to create match definer
    - net/mlx5: Add IFC bits and enums for flow meter
    - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
    - fou: fix initialization of grc
    - octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush
    - octeontx2-af: Modify SMQ flush sequence to drop packets
    - net: ftgmac100: Enable TX interrupt to avoid TX timeout
    - netfilter: nft_socket: fix sk refcount leaks
    - net: dpaa: Pad packets to ETH_ZLEN
    - spi: nxp-fspi: fix the KASAN report out-of-bounds bug
    - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
    - ASoC: meson: axg-card: fix 'use-after-free'
    - ASoC: allow module autoloading for table db1200_pids
    - ALSA: hda/realtek - Fixed ALC256 headphone no sound
    - ALSA: hda/realtek - FIxed ALC285 headphone no sound
    - scsi: lpfc: Fix overflow build issue
    - pinctrl: at91: make it work with current gpiolib
    - microblaze: don't treat zero reserved memory regions as error
    - net: ftgmac100: Ensure tx descriptor updates are visible
    - wifi: iwlwifi: lower message level for FW buffer destination
    - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
    - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
    - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
    - wifi: iwlwifi: clear trans->state earlier upon error
    - ASoC: intel: fix module autoloading
    - ASoC: tda7419: fix module autoloading
    - spi: spidev: Add an entry for elgin,jg10309-01
    - drm: komeda: Fix an issue related to normalized zpos
    - spi: bcm63xx: Enable module autoloading
    - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency
    - spi: spidev: Add missing spi_device_id for jg10309-01
    - ocfs2: add bounds checking to ocfs2_xattr_find_entry()
    - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
    - cgroup: Make operations on the cgroup root_list RCU safe
    - Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"
    - gpio: prevent potential speculation leaks in gpio_device_get_desc()
    - gpiolib: cdev: Ignore reconfiguration without direction
    - cgroup: Move rcu_head up near the top of cgroup_root
    - USB: serial: pl2303: add device id for Macrosilicon MS3020
    - USB: usbtmc: prevent kernel-usb-infoleak
    - EDAC/synopsys: Add support for version 3 of the Synopsys EDAC DDR
    - EDAC/synopsys: Use the correct register to disable the error interrupt on v3
      hw
    - EDAC/synopsys: Re-enable the error interrupts on v3 hw
    - EDAC/synopsys: Fix ECC status and IRQ control race condition
    - EDAC/synopsys: Fix error injection on Zynq UltraScale+
    - wifi: rtw88: always wait for both firmware loading attempts
    - crypto: xor - fix template benchmarking
    - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe()
    - wifi: ath9k: fix parameter check in ath9k_init_debug()
    - wifi: ath9k: Remove error checks when creating debugfs entries
    - net: stmmac: dwmac-loongson: Init ref and PTP clocks rate
    - wifi: rtw88: remove CPT execution branch never used
    - fs: explicitly unregister per-superblock BDIs
    - mount: warn only once about timestamp range expiration
    - fs/namespace: fnic: Switch to use %ptTd
    - mount: handle OOM on mnt_warn_timestamp_expiry
    - wifi: iwlwifi: mvm: increase the time between ranging measurements
    - padata: Honor the caller's alignment in case of chunk_size 0
    - can: j1939: use correct function name in comment
    - ACPI: CPPC: Fix MASK_VAL() usage
    - netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire
    - netfilter: nf_tables: reject element expiration with no timeout
    - netfilter: nf_tables: reject expiration higher than timeout
    - netfilter: nf_tables: remove annotation to access set timeout while holding
      lock
    - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately
    - x86/sgx: Fix deadlock in SGX NUMA node search
    - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan()
    - wifi: mt76: mt7915: fix rx filter setting for bfee functionality
    - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors
    - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
    - wifi: wilc1000: fix potential RCU dereference issue in
      wilc_parse_join_bss_param
    - sock_map: Add a cond_resched() in sock_hash_free()
    - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
    - can: m_can: m_can_close(): stop clocks after device has been shut down
    - Bluetooth: btusb: Fix not handling ZPL/short-transfer
    - bareudp: Pull inner IP header in bareudp_udp_encap_recv().
    - net: geneve: support IPv4/IPv6 as inner protocol
    - geneve: Fix incorrect inner network header offset when innerprotoinherit is
      set
    - bareudp: Pull inner IP header on xmit.
    - net: enetc: Use IRQF_NO_AUTOEN flag in request_irq()
    - r8169: disable ALDPS per default for RTL8125
    - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
    - net: tipc: avoid possible garbage value
    - block, bfq: fix possible UAF for bfqq->bic with merge chain
    - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()
    - block, bfq: don't break merge chain in bfq_split_bfqq()
    - block: print symbolic error name instead of error code
    - block: fix potential invalid pointer dereference in blk_add_partition
    - spi: ppc4xx: handle irq_of_parse_and_map() errors
    - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
    - arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes
    - ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks
    - ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property
    - ARM: versatile: fix OF node leak in CPUs prepare
    - reset: berlin: fix OF node leak in probe() error path
    - reset: k210: fix OF node leak in probe() error path
    - clocksource/drivers/qcom: Add missing iounmap() on errors in
      msm_dt_timer_init()
    - m68k: Fix kernel_clone_args.flags in m68k_clone()
    - hwmon: (max16065) Fix overflows seen when writing limits
    - i2c: Add i2c_get_match_data()
    - hwmon: (max16065) Remove use of i2c_match_id()
    - hwmon: (max16065) Fix alarm attributes
    - mtd: slram: insert break after errors in parsing the map
    - hwmon: (ntc_thermistor) fix module autoloading
    - power: supply: axp20x_battery: Remove design from min and max voltage
    - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense
    - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe()
    - mtd: powernv: Add check devm_kasprintf() returned value
    - pmdomain: core: Harden inter-column space in debug summary
    - drm/stm: Fix an error handling path in stm_drm_platform_probe()
    - drm/amd/display: Add null check for set_output_gamma in
      dcn30_set_output_transfer_func
    - drm/amdgpu: Replace one-element array with flexible-array member
    - drm/amdgpu: properly handle vbios fake edid sizing
    - drm/radeon: Replace one-element array with flexible-array member
    - drm/radeon: properly handle vbios fake edid sizing
    - scsi: NCR5380: Add SCp members to struct NCR5380_cmd
    - scsi: NCR5380: Check for phase match during PDMA fixup
    - drm/rockchip: vop: Allow 4096px width scaling
    - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode
    - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
    - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid()
    - scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()
    - jfs: fix out-of-bounds in dbNextAG() and diAlloc()
    - drm/mediatek: Use spin_lock_irqsave() for CRTC event lock
    - powerpc/32: Remove the 'nobats' kernel parameter
    - powerpc/32: Remove 'noltlbs' kernel parameter
    - powerpc/8xx: Fix initial memory mapping
    - powerpc/8xx: Fix kernel vs user address comparison
    - drm/msm: Fix incorrect file name output in adreno_request_fw()
    - drm/msm/a5xx: disable preemption in submits by default
    - drm/msm/a5xx: properly clear preemption records on resume
    - drm/msm/a5xx: fix races in preemption evaluation stage
    - drm/msm: Drop priv->lastctx
    - drm/msm/a5xx: workaround early ring-buffer emptiness check
    - ipmi: docs: don't advertise deprecated sysfs entries
    - drm/msm: fix %s null argument error
    - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind()
    - xen: use correct end address of kernel for conflict checking
    - xen/swiotlb: add alignment check for dma buffers
    - tpm: Clean up TPM space after command failure
    - selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
    - selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc
    - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c
    - selftests/bpf: Fix compiling kfree_skb.c with musl-libc
    - selftests/bpf: Fix compiling flow_dissector.c with musl-libc
    - selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
    - selftests/bpf: Fix compiling core_reloc.c with musl-libc
    - selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc
    - selftests/bpf: Fix error compiling test_lru_map.c
    - selftests/bpf: Fix C++ compile error from missing _Bool type
    - xz: cleanup CRC32 edits from 2018
    - kthread: fix task state in kthread worker if being frozen
    - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard
    - smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso
    - ext4: avoid buffer_head leak in ext4_mark_inode_used()
    - ext4: avoid potential buffer_head leak in __ext4_new_inode()
    - ext4: avoid negative min_clusters in find_group_orlov()
    - ext4: return error on ext4_find_inline_entry
    - ext4: avoid OOB when system.data xattr changes underneath the filesystem
    - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
    - nilfs2: determine empty node blocks as corrupted
    - nilfs2: fix potential oob read in nilfs_btree_check_delete()
    - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
    - perf mem: Free the allocated sort string, fixing a leak
    - perf sched timehist: Fix missing free of session in perf_sched__timehist()
    - perf sched timehist: Fixed timestamp error when unable to confirm event
      sched_in time
    - perf time-utils: Fix 32-bit nsec parsing
    - clk: imx: imx8mp: fix clock tree update of TF-A managed clocks
    - clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk
    - clk: imx: imx8qxp: Parent should be initialized earlier than the clock
    - remoteproc: imx_rproc: Correct ddr alias for i.MX8M
    - remoteproc: imx_rproc: Initialize workqueue earlier
    - clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228
    - Input: ilitek_ts_i2c - avoid wrong input subsystem sync
    - Input: ilitek_ts_i2c - add report id message validation
    - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
    - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
    - PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
    - PCI: xilinx-nwl: Fix register misspelling
    - PCI: xilinx-nwl: Clean up clock on probe failure/removal
    - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
    - pinctrl: single: fix missing error code in pcs_probe()
    - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer
    - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds
    - clk: ti: dra7-atl: Fix leak of of_nodes
    - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
    - nfsd: fix refcount leak when file is unhashed after being found
    - pinctrl: mvebu: Use devm_platform_get_and_ioremap_resource()
    - pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function
    - IB/core: Fix ib_cache_setup_one error flow cleanup
    - watchdog: imx_sc_wdt: Don't disable WDT in suspend
    - RDMA/hns: Don't modify rq next block addr in HIP09 QPC
    - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range()
    - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
    - RDMA/hns: Remove unused abnormal interrupt of type RAS
    - RDMA/hns: Fix the wrong type of return value of the interrupt handler
    - RDMA/hns: Refactor the abnormal interrupt handler function
    - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler
    - RDMA/hns: Optimize hem allocation performance
    - riscv: Fix fp alignment bug in perf_callchain_user()
    - RDMA/cxgb4: Added NULL check for lookup_atid
    - RDMA/irdma: fix error message in irdma_modify_qp_roce()
    - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
    - ntb_perf: Fix printk format
    - nfsd: call cache_put if xdr_reserve_space returns NULL
    - nfsd: return -EINVAL when namelen is 0
    - f2fs: fix typo
    - f2fs: fix to update i_ctime in __f2fs_setxattr()
    - f2fs: remove unneeded check condition in __f2fs_setxattr()
    - f2fs: reduce expensive checkpoint trigger frequency
    - f2fs: optimize error handling in redirty_blocks
    - f2fs: fix to wait page writeback before setting gcing flag
    - f2fs: introduce F2FS_IPU_HONOR_OPU_WRITE ipu policy
    - f2fs: clean up w/ dotdot_name
    - f2fs: get rid of online repaire on corrupted directory
    - spi: lpspi: Silence error message upon deferred probe
    - spi: lpspi: release requested DMA channels
    - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
    - iio: adc: ad7606: fix oversampling gpio array
    - iio: adc: ad7606: fix standby gpio state to match the documentation
    - coresight: tmc: sg: Do not leak sg_table
    - interconnect: qcom: sm8250: Enable sync_state
    - vdpa: Add eventfd for the vdpa callback
    - vhost_vdpa: assign irq bypass producer token correctly
    - Revert "dm: requeue IO if mapping table not yet available"
    - net: axienet: Clean up device used for DMA calls
    - net: axienet: Clean up DMA start/stop and error handling
    - net: axienet: don't set IRQ timer when IRQ delay not used
    - net: axienet: implement NAPI and GRO receive
    - net: axienet: reduce default RX interrupt threshold to 1
    - net: axienet: add coalesce timer ethtool configuration
    - net: axienet: Be more careful about updating tx_bd_tail
    - net: axienet: Use NAPI for TX completion path
    - net: axienet: Switch to 64-bit RX/TX statistics
    - net: xilinx: axienet: Fix packet counting
    - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
    - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race
      Condition
    - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL
    - tcp: check skb is non-NULL in tcp_rto_delta_us()
    - net: qrtr: Update packets cloning when broadcasting
    - bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
    - netfilter: nf_tables: Keep deleted flowtable hooks until after RCU
    - netfilter: ctnetlink: compile ctnetlink_label_size with
      CONFIG_NF_CONNTRACK_EVENTS
    - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
    - Input: goodix - use the new soc_intel_is_byt() helper
    - powercap: RAPL: fix invalid initialization for pl4_supported field
    - x86/mm: Switch to new Intel CPU model defines
    - vfio/pci: fix potential memory leak in vfio_intx_enable()
    - selinux,smack: don't bypass permissions check in inode_setsecctx hook
    - Remove *.orig pattern from .gitignore
    - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler
    - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error
    - soc: versatile: integrator: fix OF node leak in probe() error path
    - Revert "media: tuners: fix error return code of
      hybrid_tuner_request_state()"
    - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table
    - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table
    - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line
    - drm/amd/display: Round calculated vtotal
    - drm/amd/display: Validate backlight caps are sane
    - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
    - scsi: mac_scsi: Refactor polling loop
    - scsi: mac_scsi: Disallow bus errors during PDMA send
    - usbnet: fix cyclical race on disconnect with work queue
    - USB: appledisplay: close race between probe and completion handler
    - USB: misc: cypress_cy7c63: check for short transfer
    - USB: class: CDC-ACM: fix race between get_serial and set_serial
    - usb: cdnsp: Fix incorrect usb_request status
    - usb: dwc2: drd: fix clock gating on USB role switch
    - bus: integrator-lm: fix OF node leak in probe()
    - firmware_loader: Block path traversal
    - tty: rp2: Fix reset with non forgiving PCIe host bridges
    - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.
    - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure
    - drbd: Fix atomicity violation in drbd_uuid_set_bm()
    - drbd: Add NULL check for net_conf to prevent dereference in state validation
    - ACPI: sysfs: validate return type of _STR method
    - ACPI: resource: Add another DMI match for the TongFang GMxXGxx
    - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
    - perf/x86/intel/pt: Fix sampling synchronization
    - wifi: rtw88: 8822c: Fix reported RX band width
    - wifi: mt76: mt7615: check devm_kasprintf() returned value
    - debugobjects: Fix conditions in fill_pool()
    - f2fs: prevent possible int overflow in dir_block_index()
    - f2fs: avoid potential int overflow in sanity_check_area_boundary()
    - hwrng: mtk - Use devm_pm_runtime_enable
    - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init
    - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume
    - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency
    - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity
    - vfs: fix race between evice_inodes() and find_inode()&iput()
    - fs: Fix file_set_fowner LSM hook inconsistencies
    - nfs: fix memory leak in error path of nfs4_do_reclaim
    - EDAC/igen6: Fix conversion of system address to physical memory address
    - padata: use integer wrap around to prevent deadlock on seq_nr overflow
    - soc: versatile: realview: fix memory leak during device remove
    - soc: versatile: realview: fix soc_dev leak during device remove
    - usb: yurex: Replace snprintf() with the safer scnprintf() variant
    - USB: misc: yurex: fix race between read and write
    - xhci: fix event ring segment table related masks and variables in header
    - xhci: remove xhci_test_trb_in_td_math early development check
    - xhci: Refactor interrupter code for initial multi interrupter support.
    - xhci: Preserve RsvdP bits in ERSTBA register correctly
    - xhci: Add a quirk for writing ERST in high-low order
    - usb: xhci: fix loss of data on Cadence xHC
    - pps: remove usage of the deprecated ida_simple_xx() API
    - pps: add an error check in parport_attach
    - x86/idtentry: Incorporate definitions/declarations of the FRED entries
    - x86/entry: Remove unwanted instrumentation in common_interrupt()
    - bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0
    - lockdep: fix deadlock issue between lockdep and rcu
    - mm: only enforce minimum stack gap size if it's sensible
    - i2c: aspeed: Update the stop sw state when the bus recovery occurs
    - i2c: isch: Add missed 'else'
    - usb: yurex: Fix inconsistent locking bug in yurex_read()
    - spi: lpspi: Simplify some error message
    - static_call: Handle module init failure correctly in
      static_call_del_module()
    - static_call: Replace pointless WARN_ON() in static_call_module_notify()
    - mailbox: rockchip: fix a typo in module autoloading
    - mailbox: bcm2835: Fix timeout during suspend mode
    - ceph: remove the incorrect Fw reference check when dirtying pages
    - ieee802154: Fix build error
    - net/mlx5: Fix error path in multi-packet WQE transmit
    - net/mlx5: Added cond_resched() to crdump collection
    - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
    - netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
    - net: ieee802154: mcr20a: Use IRQF_NO_AUTOEN flag in request_irq()
    - netfilter: nf_tables: prevent nf_skb_duplicated corruption
    - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
    - net: ethernet: lantiq_etop: fix memory disclosure
    - net: avoid potential underflow in qdisc_pkt_len_init() with UFO
    - net: add more sanity checks to qdisc_pkt_len_init()
    - stmmac_pci: Fix underflow size in stmmac_rx
    - net: stmmac: Disable automatic FCS/Pad stripping
    - net: stmmac: dwmac4: extend timeout for VLAN Tag register busy bit check
    - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit
    - ppp: do not assume bh is held in ppp_channel_bridge_input()
    - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
    - i2c: xiic: Fix broken locking on tx_msg
    - i2c: xiic: Switch from waitqueue to completion
    - i2c: xiic: Fix RX IRQ busy check
    - i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
    - i2c: xiic: improve error message when transfer fails to start
    - i2c: xiic: Try re-initialization on bus busy timeout
    - media: usbtv: Remove useless locks in usbtv_video_free()
    - ALSA: mixer_oss: Remove some incorrect kfree_const() usages
    - ALSA: hda/realtek: Fix the push button function for the ALC257
    - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
    - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m
    - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
    - f2fs: Require FMODE_WRITE for atomic write ioctls
    - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()
    - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
    - ice: Adjust over allocation of memory in ice_sched_add_root_node() and
      ice_sched_add_node()
    - net/xen-netback: prevent UAF in xenvif_flush_hash()
    - net: hisilicon: hip04: fix OF node leak in probe()
    - net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info()
    - net: hisilicon: hns_mdio: fix OF node leak in probe()
    - ACPI: PAD: fix crash in exit_round_robin()
    - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
    - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
    - net: sched: consistently use rcu_replace_pointer() in taprio_change()
    - blk_iocost: fix more out of bound shifts
    - nvme-pci: qdepth 1 quirk
    - wifi: ath11k: fix array out-of-bound access in SoC stats
    - wifi: rtw88: select WANT_DEV_COREDUMP
    - ACPI: EC: Do not release locks during operation region accesses
    - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
      acpi_db_convert_to_package()
    - tipc: guard against string buffer overrun
    - net: mvpp2: Increase size of queue_name buffer
    - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR).
    - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
    - net: atlantic: Avoid warning about potential string truncation
    - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process
    - ACPICA: iasl: handle empty connection_node
    - proc: add config & param to block forcing mem writes
    - [Config] updateconfigs to select PROC_MEM_ALWAYS_FORCE
    - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker
    - wifi: mwifiex: Fix memcpy() field-spanning write warning in
      mwifiex_cmd_802_11_scan_ext()
    - nfp: Use IRQF_NO_AUTOEN flag in request_irq()
    - signal: Replace BUG_ON()s
    - ALSA: usb-audio: Add input value sanity checks for standard types
    - x86/ioapic: Handle allocation failures gracefully
    - ALSA: usb-audio: Define macros for quirk table entries
    - ALSA: usb-audio: Add logitech Audio profile quirk
    - tools/x86/kcpuid: Protect against faulty "max subleaf" values
    - ALSA: asihpi: Fix potential OOB array access
    - ALSA: hdsp: Break infinite MIDI input flush loop
    - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments()
    - fbdev: pxafb: Fix possible use after free in pxafb_task()
    - rcuscale: Provide clear error when async specified without primitives
    - iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux
    - power: reset: brcmstb: Do not go into infinite loop if reset fails
    - iommu/vt-d: Always reserve a domain ID for identity setup
    - iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count
    - drm/amd/display: Add null check for top_pipe_to_program in
      commit_planes_for_stream
    - ata: sata_sil: Rename sil_blacklist to sil_quirks
    - drm/amd/display: Check null pointers before using dc->clk_mgr
    - jfs: UBSAN: shift-out-of-bounds in dbFindBits
    - jfs: Fix uaf in dbFreeBits
    - jfs: check if leafidx greater than num leaves per dmap tree
    - scsi: smartpqi: correct stream detection
    - jfs: Fix uninit-value access of new_ea in ea_buffer
    - drm/amdgpu: add raven1 gfxoff quirk
    - drm/amdgpu: enable gfxoff quirk on HP 705G4
    - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio
    - platform/x86: touchscreen_dmi: add nanote-next quirk
    - drm/amd/display: Check stream before comparing them
    - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format
      translation
    - drm/amd/display: Fix index out of bounds in degamma hardware format
      translation
    - drm/amd/display: Fix index out of bounds in DCN30 color transformation
    - drm/amd/display: Initialize get_bytes_per_element's default to 1
    - drm/printer: Allow NULL data in devcoredump printer
    - scsi: aacraid: Rearrange order of struct aac_srb_unit
    - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode()
    - drm/amd/pm: ensure the fw_info is not null before using it
    - of/irq: Refer to actual buffer size in of_irq_parse_one()
    - ext4: ext4_search_dir should return a proper error
    - ext4: avoid use-after-free in ext4_ext_show_leaf()
    - ext4: fix i_data_sem unlock order in ext4_ind_migrate()
    - blk-integrity: use sysfs_emit
    - blk-integrity: convert to struct device_attribute
    - blk-integrity: register sysfs attributes on struct device
    - usb: typec: tcpm: Check for port partner validity before consuming it
    - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled
    - spi: s3c64xx: fix timeout counters in flush_fifo
    - selftests: breakpoints: use remaining time to check if suspend succeed
    - selftests: vDSO: fix vDSO name for powerpc
    - selftests: vDSO: fix vdso_config for powerpc
    - selftests: vDSO: fix vDSO symbols lookup for powerpc64
    - selftests/mm: fix charge_reserved_hugetlb.sh test
    - selftests: vDSO: fix ELF hash table entry size for s390x
    - selftests: vDSO: fix vdso_config for s390
    - platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
    - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
    - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq()
    - i2c: xiic: Wait for TX empty to avoid missed TX NAKs
    - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
    - spi: bcm63xx: Fix module autoloading
    - power: supply: hwmon: Fix missing temp1_max_alarm attribute
    - perf/core: Fix small negative period being ignored
    - parisc: Fix itlb miss handler for 64-bit programs
    - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
    - ALSA: core: add isascii() check to card ID generator
    - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
    - ALSA: usb-audio: Add native DSD support for Luxman D-08u
    - ALSA: line6: add hw monitor volume control to POD HD500X
    - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
    - ext4: no need to continue when the number of entries is 1
    - ext4: correct encrypted dentry name hash when not casefolded
    - ext4: fix slab-use-after-free in ext4_split_extent_at()
    - ext4: propagate errors from ext4_find_extent() in ext4_insert_range()
    - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space()
    - ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
    - ext4: aovid use-after-free in ext4_ext_insert_extent()
    - ext4: fix double brelse() the buffer of the extents path
    - ext4: update orig_path in ext4_find_extent()
    - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit()
    - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list()
    - ext4: fix fast commit inode enqueueing during a full journal commit
    - ext4: use handle to mark fc as ineligible in __track_dentry_update()
    - ext4: mark fc as ineligible using an handle in ext4_xattr_set()
    - riscv: define ILLEGAL_POINTER_VALUE for 64bit
    - exfat: fix memory leak in exfat_load_bitmap()
    - perf hist: Update hist symbol when updating maps
    - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds
    - nfsd: map the EBADMSG to nfserr_io to avoid warning
    - NFSD: Fix NFSv4's PUTPUBFH operation
    - aoe: fix the potential use-after-free problem in more places
    - clk: rockchip: fix error for unknown clocks
    - clk: qcom: dispcc-sm8250: use CLK_SET_RATE_PARENT for branch clocks
    - media: sun4i_csi: Implement link validate for sun4i_csi subdev
    - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags
    - clk: qcom: clk-rpmh: Fix overflow in BCM vote
    - clk: qcom: gcc-sm8150: De-register gcc_cpuss_ahb_clk_src
    - media: venus: fix use after free bug in venus_remove due to race condition
    - clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()
    - clk: qcom: gcc-sc8180x: Fix the sdcc2 and sdcc4 clocks freq table
    - iio: magnetometer: ak8975: Fix reading for ak099xx sensors
    - tomoyo: fallback to realpath if symlink's pathname does not exist
    - net: stmmac: Fix zero-division error when disabling tc cbs
    - rtc: at91sam9: fix OF node leak in probe() error path
    - Input: adp5589-keys - fix NULL pointer dereference
    - Input: adp5589-keys - fix adp5589_gpio_get_value()
    - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[]
    - ACPI: resource: Add Asus ExpertBook B2502CVA to
      irq1_level_low_skip_override[]
    - btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
    - btrfs: wait for fixup workers before stopping cleaner kthread during umount
    - gpio: davinci: fix lazy disable
    - tracing/hwlat: Fix a race during cpuhp processing
    - tracing/timerlat: Fix a race during cpuhp processing
    - close_range(): fix the logics in descriptor table trimming
    - drm/sched: Add locking to drm_sched_entity_modify_sched
    - drm/amd/display: Fix system hang while resume with TBT monitor
    - kconfig: qconf: fix buffer overflow in debug links
    - device property: Add fwnode_iomap()
    - device property: Add fwnode_irq_get_byname
    - i2c: smbus: Use device_*() functions instead of of_*()
    - i2c: create debugfs entry per adapter
    - i2c: core: Lock address during client device instantiation
    - i2c: xiic: Use devm_clk_get_enabled()
    - i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled
    - spi: bcm63xx: Fix missing pm_runtime_disable()
    - ext4: properly sync file size update after O_SYNC direct IO
    - ext4: dax: fix overflowing extents beyond inode size when partially writing
    - arm64: Add Cortex-715 CPU part definition
    - arm64: cputype: Add Neoverse-N3 definitions
    - arm64: errata: Expand speculative SSBS workaround once more
    - uprobes: fix kernel info leak via "[uprobes]" vma
    - drm/amd/display: Allow backlight to go below
      `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT`
    - build-id: require program headers to be right after ELF header
    - lib/buildid: harden build ID parsing logic
    - drm/rockchip: define gamma registers for RK3399
    - drm/rockchip: support gamma control on RK3399
    - drm/rockchip: vop: clear DMA stop bit on RK3066
    - media: i2c: imx335: Enable regulator supplies
    - media: imx335: Fix reset-gpio handling
    - dt-bindings: clock: qcom: Add missing UFS QREF clocks
    - dt-bindings: clock: qcom: Add GPLL9 support on gcc-sc8180x
    - r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
    - r8169: add tally counter fields added with RTL8125
    - clk: qcom: gcc-sc8180x: Add GPLL9 support
    - ACPI: battery: Simplify battery hook locking
    - ACPI: battery: Fix possible crash when unregistering a battery hook
    - Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of
      bindings"
    - ext4: fix inode tree inconsistency caused by ENOMEM
    - 9p: add missing locking around taking dentry fid list
    - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
    - perf report: Fix segfault when 'sym' sort key is not used
    - ALSA: usb-audio: Fix possible NULL pointer dereference in
      snd_usb_pcm_has_fixed_rate()
    - unicode: Don't special case ignorable code points
    - net: ethernet: cortina: Drop TSO support
    - tracing: Remove precision vsnprintf() check from print event
    - drm/crtc: fix uninitialized variable use even harder
    - tracing: Have saved_cmdlines arrays all in one allocation
    - selftests/net: give more time to udpgro bg processes to complete startup
    - selftests/net: synchronize udpgro tests' tx and rx connection
    - selftests: net: Remove executable bits from library scripts
    - fs/ntfs3: Refactor enum_rstbl to suppress static checker
    - virtio_console: fix misc probe bugs
    - Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
    - bpf: Check percpu map value size first
    - s390/facility: Disable compile time optimization for decompressor code
    - s390/mm: Add cond_resched() to cmm_alloc/free_pages()
    - bpf, x64: Fix a jit convergence issue
    - ext4: don't set SB_RDONLY after filesystem errors
    - ext4: nested locking for xattr inode
    - s390/cpum_sf: Remove WARN_ON_ONCE statements
    - ktest.pl: Avoid false positives with grub2 skip regex
    - RDMA/mad: Improve handling of timed out WRs of mad agent
    - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
    - RDMA/rtrs-srv: Avoid null pointer deref during path establishment
    - clk: bcm: bcm53573: fix OF node leak in init
    - PCI: Add ACS quirk for Qualcomm SA8775P
    - i2c: i801: Use a different adapter-name for IDF adapters
    - PCI: Mark Creative Labs EMU20k2 INTx masking as broken
    - ntb: ntb_hw_switchtec: Fix use after free vulnerability in
      switchtec_ntb_remove due to race condition
    - media: videobuf2-core: clear memory related fields in
      __vb2_plane_dmabuf_put()
    - remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table
    - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
    - usb: chipidea: udc: enable suspend interrupt after usb reset
    - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the
      Crashkernel Scenario
    - comedi: ni_routing: tools: Check when the file could not be opened
    - virtio_pmem: Check device status before requesting flush
    - tools/iio: Add memory allocation failure check for trigger_name
    - driver core: bus: Return -EIO instead of 0 when show/store invalid bus
      attribute
    - drm/amd/display: Check null pointer before dereferencing se
    - fbdev: sisfb: Fix strbuf array overflow
    - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
    - NFSD: Mark filecache "down" if init fails
    - ice: fix VLAN replay after reset
    - SUNRPC: Fix integer overflow in decode_rc_list()
    - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
    - net: phy: dp83869: fix memory corruption when enabling fiber
    - tcp: fix to allow timestamp undo if no retransmits were sent
    - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe
    - netfilter: br_netfilter: fix panic with metadata_dst skb
    - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
    - net: phy: bcm84881: Fix some error handling paths
    - thermal: int340x: processor_thermal: Set feature mask before
      proc_thermal_add
    - thermal: intel: int340x: processor: Fix warning during module unload
    - net: dsa: b53: fix jumbo frame mtu check
    - net: dsa: b53: fix max MTU for 1g switches
    - net: dsa: b53: fix max MTU for BCM5325/BCM5365
    - net: dsa: b53: allow lower MTUs on BCM5325/5365
    - net: dsa: b53: fix jumbo frames on 10/100 ports
    - gpio: aspeed: Add the flush write to ensure the write complete.
    - gpio: aspeed: Use devm_clk api to manage clock source
    - ice: Fix netif_is_ice() in Safe Mode
    - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
    - igb: Do not bring the device up after non-fatal error
    - net/sched: accept TCA_STAB only for root qdisc
    - net: ibm: emac: mal: fix wrong goto
    - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start
    - netfilter: xtables: avoid NFPROTO_UNSPEC where needed
    - net: Add l3mdev index to flow struct and avoid oif reset for port devices
    - netfilter: rpfilter/fib: Populate flowic_l3mdev field
    - netfilter: rpfilter/fib: Set ->flowic_uid correctly for user namespaces.
    - netfilter: fib: check correct rtable in vrf setups
    - net: rtnetlink: add msg kind names
    - rtnetlink: Add bulk registration helpers for rtnetlink message handlers.
    - mctp: Handle error of rtnl_register_module().
    - ppp: fix ppp_async_encode() illegal access
    - slip: make slhc_remember() more robust against malicious packets
    - RDMA/hns: Fix UAF for cq async event
    - x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported
    - hwmon: (tmp513) Add missing dependency on REGMAP_I2C
    - hwmon: (adm9240) Add missing dependency on REGMAP_I2C
    - hwmon: (adt7470) Add missing dependency on REGMAP_I2C
    - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
    - resource: fix region_intersects() vs add_memory_driver_managed()
    - HID: plantronics: Workaround for an unexcepted opposite volume key
    - Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant"
    - usb: dwc3: core: Stop processing of pending events if controller is halted
    - usb: xhci: Fix problem with xhci resume from suspend
    - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip
    - hid: intel-ish-hid: Fix uninitialized variable 'rv' in
      ish_fw_xfer_direct_dma
    - drm/v3d: Stop the active perfmon before being destroyed
    - net: explicitly clear the sk pointer, when pf->create fails
    - net: Fix an unsafe loop on the list
    - net: dsa: lan9303: ensure chip reset and wait for READY status
    - mptcp: pm: do not remove closing subflows
    - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
    - kthread: unpark only parked kthread
    - block, bfq: fix uaf for accessing waker_bfqq after splitting
    - i2c: smbus: Check for parent device before dereference
    - net: geneve: add missing netlink policy and size for
      IFLA_GENEVE_INNER_PROTO_INHERIT
    - xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup
    - net: Handle l3mdev in ip_tunnel_init_flow
    - net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev
    - net: vrf: determine the dst using the original ifindex for multicast
    - netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
    - ext4: fix warning in ext4_dio_write_end_io()
    - net: axienet: start napi before enabling Rx/Tx
    - selftests: net: more strict check in net_helper
    - net: xilinx: axienet: Schedule NAPI in two steps
    - Linux 5.15.168

* CVE-2024-36968
    - Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

* CVE-2024-35904
    - selinux: avoid dereference of garbage after mount failure

* IOMMU warnings on AMD systems after booting into kdump kernel
    (LP: #2080378)
    - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
    - iommu/amd: Fix compile warning in init code

* CVE-2024-42156
    - s390/pkey: Wipe copies of clear-key structures on failure

* CVE-2024-44942
    - f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC

* CVE-2024-38538
    - net: bridge: xmit: make sure we have at least eth header len bytes

* CVE-2024-42158
    - s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings

* CVE-2024-38667
    - riscv: prevent pt_regs corruption for secondary idle threads

* CVE-2024-44940
    - fou: remove warn in gue_gro_receive on unsupported protocol

* CVE-2024-42079
    - gfs2: Fix NULL pointer dereference in gfs2_log_flush

* CVE-2024-35951
    - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()

* LXD fan bridge causes blocked tasks (LP: #2064176)
    - SAUCE: fan: release rcu_read_lock on skb discard path

* CVE-2023-52532
    - net: mana: Fix TX CQE error handling

* CVE-2023-52621
    - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

* CVE-2024-26947
    - ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses

* CVE-2023-52639
    - KVM: s390: vsie: fix race during shadow creation

-- Mehmet Basaran <mehmet.basaran@canonical.com>  Fri, 08 Nov 2024 16:48:16 +0300

Changed in linux (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-01-07:

#18

This bug is awaiting verification that the linux-mtk/5.15.0-1036.43 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-done-jammy-linux-mtk'. If the problem still exists, change the tag 'verification-needed-jammy-linux-mtk' to 'verification-failed-jammy-linux-mtk'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-mtk-v2 verification-needed-jammy-linux-mtk

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-01-09:

#19

This bug is awaiting verification that the linux-realtime-6.11/6.11.0-1003.3~24.04.2 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-realtime-6.11' to 'verification-done-noble-linux-realtime-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-realtime-6.11' to 'verification-failed-noble-linux-realtime-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-realtime-6.11-v2 verification-needed-noble-linux-realtime-6.11

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-01-17:

#20

This bug is awaiting verification that the linux-nvidia-tegra-igx/5.15.0-1020.20 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-done-jammy-linux-nvidia-tegra-igx'. If the problem still exists, change the tag 'verification-needed-jammy-linux-nvidia-tegra-igx' to 'verification-failed-jammy-linux-nvidia-tegra-igx'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-jammy-linux-nvidia-tegra-igx-v2 verification-needed-jammy-linux-nvidia-tegra-igx

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-01-22:

#21

This bug is awaiting verification that the linux-nvidia-6.11/6.11.0-1003.3 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-nvidia-6.11' to 'verification-done-noble-linux-nvidia-6.11'. If the problem still exists, change the tag 'verification-needed-noble-linux-nvidia-6.11' to 'verification-failed-noble-linux-nvidia-6.11'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: kernel-spammed-noble-linux-nvidia-6.11-v2 verification-needed-noble-linux-nvidia-6.11

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2025-02-06:

#22

This bug is awaiting verification that the linux-nvidia-tegra-5.15/5.15.0-1032.32~20.04.1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-done-focal-linux-nvidia-tegra-5.15'. If the problem still exists, change the tag 'verification-needed-focal-linux-nvidia-tegra-5.15' to 'verification-failed-focal-linux-nvidia-tegra-5.15'.