Kernel SRU Workflow

focal/linux-azure-5.15: 5.15.0-1034.41~20.04.1 -proposed tracker

Series promote-signing-to-proposed
Bug #2004308

Bug #2004308 reported by Stefan Bader on 2023-01-31

This bug affects 1 person

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Fix Released	Medium	Tim Gardner
Boot-testing	Fix Released	Medium	Unassigned
Certification-testing	Invalid	Medium	Unassigned
New-review	Fix Released	Medium	Andy Whitcroft
Prepare-package	Fix Released	Medium	Tim Gardner
Prepare-package-generate	Fix Released	Medium	Tim Gardner
Prepare-package-lrg	Fix Released	Medium	Tim Gardner
Prepare-package-lrm	Fix Released	Medium	Tim Gardner
Prepare-package-lrs	Fix Released	Medium	Tim Gardner
Prepare-package-meta	Fix Released	Medium	Tim Gardner
Prepare-package-signed	Fix Released	Medium	Tim Gardner
Promote-signing-to-proposed	Invalid	Medium	Unassigned
Promote-to-proposed	Fix Released	Medium	Ubuntu Stable Release Updates Team
Promote-to-security	Fix Released	Medium	Andy Whitcroft
Promote-to-updates	Fix Released	Medium	Andy Whitcroft
Regression-testing	Fix Released	Medium	Canonical Kernel Team
Security-signoff	Fix Released	Medium	Steve Beattie
Sru-review	Fix Released	Medium	Andy Whitcroft
Stakeholder-signoff	Fix Released	Medium	linux-azure stakeholder signoff
Verification-testing	Fix Released	Medium	Canonical Kernel Team
canonical-signing-jobs
Task00	Fix Released	Medium	Andy Whitcroft
linux-azure-5.15 (Ubuntu)
Focal	Fix Released	Medium	Unassigned

Bug Description

This bug will contain status and test results related to a kernel source (or snap) as stated in the title.

For an explanation of the tasks and the associated workflow see:
https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

-- swm properties --
built:
  from: 545128bf5586488b
  route-entry: 1
delta:
  promote-to-proposed: [lrs, main, signed, meta, lrm, lrg, generate]
  promote-to-security: []
  promote-to-updates: [lrs, lrm, main, meta, signed]
flag:
  boot-testing-requested: true
  bugs-spammed: true
  proposed-announcement-sent: true
  proposed-testing-requested: true
  stream-from-cycle: true
issue: KSRU-6426
kernel-stable-master-bug: 2004309
packages:
  generate: linux-generate-azure-5.15
  lrg: linux-restricted-generate-azure-5.15
  lrm: linux-restricted-modules-azure-5.15
  lrs: linux-restricted-signatures-azure-5.15
  main: linux-azure-5.15
  meta: linux-meta-azure-5.15
  signed: linux-signed-azure-5.15
phase: Complete
phase-changed: Thursday, 02. March 2023 20:33 UTC
reason: {}
synthetic:
  :promote-to-as-proposed: Fix Released
trackers:
  focal/linux-azure-fde-5.15: bug 2004307, bug 2008492
variant: debs
versions:
  lrm: 5.15.0-1034.41~20.04.1
  main: 5.15.0-1034.41~20.04.1
  meta: 5.15.0.1034.41~20.04.24
  signed: 5.15.0-1034.41~20.04.1
~~:
  clamps:
    new-review: 545128bf5586488b
    promote-to-proposed: 545128bf5586488b
    self: 5.15.0-1034.41~20.04.1
    sru-review: 545128bf5586488b

See original description

Tags:

CVE References

Stefan Bader (smb) on 2023-01-31

tags:	added: kernel-release-tracking-bug-live
description:	updated
tags:	added: kernel-sru-cycle-2023.01.30-1
description:	updated
tags:	added: kernel-sru-backport-of-2004309
Changed in kernel-sru-workflow:
status:	New → Confirmed
importance:	Undecided → Medium

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-01-31

Changed in linux-azure-5.15 (Ubuntu Focal):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	Confirmed → Triaged
description:	updated
Changed in kernel-sru-workflow:
status:	Triaged → In Progress

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-01-31

tags:	added: kernel-jira-issue-ksru-6426
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-03

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-10

description:

updated

Tim Gardner (timg-tpi) on 2023-02-11

summary:

- focal/linux-azure-5.15: <version to be filled> -proposed tracker
+ focal/linux-azure-5.15: 5.15.0-1034.41~20.04.1 -proposed tracker

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Andy Whitcroft (apw) on 2023-02-11

tags:

added: kernel-signing-bot

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:	updated
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-11

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-12

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-13

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-14

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-15

description:

updated

Revision history for this message

Tim Gardner (timg-tpi) wrote on 2023-02-16:

ADT: Ignoring some automated test oddities. Tagging as passed.

tags:

added: automated-testing-passed

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-16

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-22

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-24

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-26

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-26

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-26

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-26

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-02-28

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-01

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-01

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-01

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-03-02:

Download full text (157.5 KiB)

This bug was fixed in the package linux-azure-5.15 - 5.15.0-1034.41~20.04.1

---------------
linux-azure-5.15 (5.15.0-1034.41~20.04.1) focal; urgency=medium

* focal/linux-azure-5.15: 5.15.0-1034.41~20.04.1 -proposed tracker
(LP: #2004308)

[ Ubuntu: 5.15.0-1034.41 ]

This bug was fixed in the package linux-azure-5.15 - 5.15.0-1034.41~20.04.1

---------------
linux-azure-5.15 (5.15.0-1034.41~20.04.1) focal; urgency=medium

* focal/linux-azure-5.15: 5.15.0-1034.41~20.04.1 -proposed tracker
    (LP: #2004308)

[ Ubuntu: 5.15.0-1034.41 ]

* jammy/linux-azure: 5.15.0-1034.41 -proposed tracker (LP: #2004309)
  * Jammy update: v5.15.81 upstream stable release (LP: #2003130)
    - [Config] azure: Update configs after rebase
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2023.01.30)
  * Azure: mana: Fix IRQ name - add PCI and queue number (LP: #2004604)
    - net: mana: Fix IRQ name - add PCI and queue number
  * jammy/linux: 5.15.0-66.73 -proposed tracker (LP: #2004636)
  * CVE-2023-0461
    - SAUCE: Fix inet_csk_listen_start after CVE-2023-0461
  * jammy/linux: 5.15.0-65.72 -proposed tracker (LP: #2004344)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2023.01.30)
  * NFS: client permission error after adding user to permissible group
    (LP: #2003053)
    - NFS: Clear the file access cache upon login
    - NFS: Judge the file access cache's timestamp in rcu path
    - NFS: Fix up a sparse warning
  * Fix W6400 hang after resume of S3 stress (LP: #2000299)
    - drm/amd/display: Manually adjust strobe for DCN303
  * Rear Audio port sometimes has no audio output after reboot(Cirrus Logic)
    (LP: #1998905)
    - ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock.
  * CVE-2022-20369
    - NFSD: fix use-after-free in __nfs42_ssc_open()
  * CVE-2023-0461
    - net/ulp: prevent ULP without clone op from entering the LISTEN status
    - net/ulp: use consistent error code when blocking ULP
  * CVE-2023-0179
    - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
  * Jammy update: v5.15.85 upstream stable release (LP: #2003139)
    - udf: Discard preallocation before extending file with a hole
    - udf: Fix preallocation discarding at indirect extent boundary
    - udf: Do not bother looking for prealloc extents if i_lenExtents matches
      i_size
    - udf: Fix extending file within last block
    - usb: gadget: uvc: Prevent buffer overflow in setup handler
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: cp210x: add Kamstrup RF sniffer PIDs
    - USB: serial: f81232: fix division by zero on line-speed change
    - USB: serial: f81534: fix division by zero on line-speed change
    - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N
    - igb: Initialize mailbox message for VF reset
    - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system
      for Raptor Lake
    - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk
    - selftests: net: Use "grep -E" instead of "egrep"
    - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
    - Linux 5.15.85
  * Jammy update: v5.15.84 upstream stable release (LP: #2003137)
    - x86/vdso: Conditionally export __vdso_sgx_enter_enclave()
    - vfs: fix copy_file_range() averts filesystem freeze protection
    - ASoC: fsl_micfil: explicitly clear software reset bit
    - ASoC: fsl_micfil: explicitly clear CHnF flags
    - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
    - libbpf: Use page size as max_entries when probing ring buffer map
    - pinctrl: meditatek: Startup with the IRQs disabled
    - can: sja1000: fix size of OCR_MODE_MASK define
    - can: mcba_usb: Fix termination command argument
    - net: fec: don't reset irq coalesce settings to defaults on "ip link up"
    - ASoC: cs42l51: Correct PGA Volume minimum value
    - perf: Fix perf_pending_task() UaF
    - nvme-pci: clear the prp2 field when not used
    - ASoC: ops: Correct bounds check for second channel on SX controls
    - net: fec: properly guard irq coalesce setup
    - Linux 5.15.84
  * Jammy update: v5.15.83 upstream stable release (LP: #2003134)
    - clk: generalize devm_clk_get() a bit
    - clk: Provide new devm_clk helpers for prepared and enabled clocks
    - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse()
    - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4
      series
    - arm: dts: rockchip: fix node name for hym8563 rtc
    - arm: dts: rockchip: remove clock-frequency from rtc
    - ARM: dts: rockchip: fix ir-receiver node names
    - arm64: dts: rockchip: fix ir-receiver node names
    - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
    - fs: use acquire ordering in __fget_light()
    - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
    - ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
    - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register
    - spi: mediatek: Fix DEVAPC Violation at KO Remove
    - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
    - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine
      transitions
    - 9p/fd: Use P9_HDRSZ for header size
    - regulator: slg51000: Wait after asserting CS pin
    - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
    - selftests/net: Find nettest in current directory
    - btrfs: send: avoid unaligned encoded writes when attempting to clone range
    - ASoC: soc-pcm: Add NULL check in BE reparenting
    - regulator: twl6030: fix get status of twl6032 regulators
    - fbcon: Use kzalloc() in fbcon_prepare_logo()
    - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
    - 9p/xen: check logical size for buffer size
    - net: usb: qmi_wwan: add u-blox 0x1342 composition
    - mm/khugepaged: take the right locks for page table retraction
    - mm/khugepaged: fix GUP-fast interaction by sending IPI
    - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
    - rtc: mc146818-lib: extract mc146818_avoid_UIP
    - rtc: cmos: avoid UIP when writing alarm time
    - rtc: cmos: avoid UIP when reading alarm time
    - cifs: fix use-after-free caused by invalid pointer `hostname`
    - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read()
    - xen/netback: do some code cleanup
    - xen/netback: don't call kfree_skb() with interrupts disabled
    - media: videobuf2-core: take mmap_lock in vb2_get_unmapped_area()
    - soundwire: intel: Initialize clock stop timeout
    - media: v4l2-dv-timings.c: fix too strict blanking sanity checks
    - memcg: fix possible use-after-free in memcg_write_event_control()
    - mm/gup: fix gup_pud_range() for dax
    - Bluetooth: btusb: Add debug message for CSR controllers
    - Bluetooth: Fix crash when replugging CSR fake controllers
    - net: mana: Fix race on per-CQ variable napi work_done
    - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
    - drm/vmwgfx: Don't use screen objects when SEV is active
    - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend
    - drm/shmem-helper: Remove errant put in error path
    - drm/shmem-helper: Avoid vm_open error paths
    - net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
    - HID: usbhid: Add ALWAYS_POLL quirk for some mice
    - HID: hid-lg4ff: Add check for empty lbuf
    - HID: core: fix shift-out-of-bounds in hid_report_raw_event
    - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10
    - can: af_can: fix NULL pointer dereference in can_rcv_filter
    - clk: Fix pointer casting to prevent oops in devm_clk_release()
    - gpiolib: improve coding style for local variables
    - gpiolib: check the 'ngpios' property in core gpiolib code
    - gpiolib: fix memory leak in gpiochip_setup_dev()
    - netfilter: nft_set_pipapo: Actually validate intervals in fields after the
      first one
    - drm/vmwgfx: Fix race issue calling pin_user_pages
    - ieee802154: cc2520: Fix error return code in cc2520_hw_init()
    - ca8210: Fix crash by zero initializing data
    - netfilter: ctnetlink: fix compilation warning after data race fixes in ct
      mark
    - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
    - gpio: amd8111: Fix PCI device reference count leak
    - e1000e: Fix TX dispatch condition
    - igb: Allocate MSI-X vector when testing
    - net: broadcom: Add PTP_1588_CLOCK_OPTIONAL dependency for BCMGENET under
      ARCH_BCM2835
    - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
    - af_unix: Get user_ns from in_skb in unix_diag_get_exact().
    - vmxnet3: correctly report encapsulated LRO packet
    - vmxnet3: use correct intrConf reference when using extended queues
    - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
    - Bluetooth: Fix not cleanup led when bt_init fails
    - net: dsa: ksz: Check return value
    - net: dsa: hellcreek: Check return value
    - net: dsa: sja1105: Check return value
    - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
    - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
    - net: encx24j600: Add parentheses to fix precedence
    - net: encx24j600: Fix invalid logic in reading of MISTAT register
    - net: mdiobus: fwnode_mdiobus_register_phy() rework error handling
    - net: mdiobus: fix double put fwnode in the error path
    - octeontx2-pf: Fix potential memory leak in otx2_init_tc()
    - xen-netfront: Fix NULL sring after live migration
    - net: mvneta: Prevent out of bounds read in mvneta_config_rss()
    - i40e: Fix not setting default xps_cpus after reset
    - i40e: Fix for VF MAC address 0
    - i40e: Disallow ip4 and ip6 l4_4_bytes
    - NFC: nci: Bounds check struct nfc_target arrays
    - nvme initialize core quirks before calling nvme_init_subsystem
    - gpio/rockchip: fix refcount leak in rockchip_gpiolib_register()
    - net: stmmac: fix "snps,axi-config" node property parsing
    - ip_gre: do not report erspan version on GRE interface
    - net: microchip: sparx5: Fix missing destroy_workqueue of mact_queue
    - net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
    - net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
    - net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
    - net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
    - tipc: Fix potential OOB in tipc_link_proto_rcv()
    - ipv4: Fix incorrect route flushing when source address is deleted
    - ipv4: Fix incorrect route flushing when table ID 0 is used
    - net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
    - tipc: call tipc_lxc_xmit without holding node_read_lock
    - ethernet: aeroflex: fix potential skb leak in greth_init_rings()
    - dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and
      dpaa2_switch_acl_entry_remove()
    - net: phy: mxl-gpy: fix version reporting
    - net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
    - ipv6: avoid use-after-free in ip6_fragment()
    - net: thunderbolt: fix memory leak in tbnet_open()
    - net: mvneta: Fix an out of bounds check
    - macsec: add missing attribute validation for offload
    - s390/qeth: fix various format strings
    - s390/qeth: fix use-after-free in hsci
    - can: esd_usb: Allow REC and TEC to return to zero
    - block: move CONFIG_BLOCK guard to top Makefile
    - io_uring: move to separate directory
    - io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
    - Linux 5.15.83
  * 5.15.0-58.64 breaks xen bridge networking (pvh domU) (LP: #2002889) // Jammy
    update: v5.15.83 upstream stable release (LP: #2003134)
    - xen/netback: fix build warning
  * Jammy update: v5.15.82 upstream stable release (LP: #2003132)
    - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
    - drm/i915: Create a dummy object for gen6 ppgtt
    - drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
    - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
    - btrfs: sink iterator parameter to btrfs_ioctl_logical_to_ino
    - btrfs: free btrfs_path before copying inodes to userspace
    - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
    - btrfs: move QUOTA_ENABLED check to rescan_should_stop from
      btrfs_qgroup_rescan_worker
    - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
    - drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code
    - drm/amdgpu: update drm_display_info correctly when the edid is read
    - drm/amdgpu: Partially revert "drm/amdgpu: update drm_display_info correctly
      when the edid is read"
    - iio: health: afe4403: Fix oob read in afe4403_read_raw
    - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
    - iio: light: rpr0521: add missing Kconfig dependencies
    - bpf, perf: Use subprog name when reporting subprog ksymbol
    - scripts/faddr2line: Fix regression in name resolution on ppc64le
    - ARM: at91: rm9200: fix usb device clock id
    - libbpf: Handle size overflow for ringbuf mmap
    - hwmon: (ltc2947) fix temperature scaling
    - hwmon: (ina3221) Fix shunt sum critical calculation
    - hwmon: (i5500_temp) fix missing pci_disable_device()
    - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
    - bpf: Do not copy spin lock field from user in bpf_selem_alloc
    - nvmem: rmem: Fix return value check in rmem_read()
    - of: property: decrement node refcount in of_fwnode_get_reference_args()
    - ixgbevf: Fix resource leak in ixgbevf_init_module()
    - i40e: Fix error handling in i40e_init_module()
    - fm10k: Fix error handling in fm10k_init_module()
    - iavf: remove redundant ret variable
    - iavf: Fix error handling in iavf_init_module()
    - e100: Fix possible use after free in e100_xmit_prepare
    - net/mlx5: DR, Fix uninitialized var warning
    - net/mlx5: Fix uninitialized variable bug in outlen_write()
    - net/mlx5e: Fix use-after-free when reverting termination table
    - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
    - can: cc770: cc770_isa_probe(): add missing free_cc770dev()
    - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev()
    - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods
    - can: m_can: Add check for devm_clk_get
    - qlcnic: fix sleep-in-atomic-context bugs caused by msleep
    - aquantia: Do not purge addresses when setting the number of rings
    - wifi: cfg80211: fix buffer overflow in elem comparison
    - wifi: cfg80211: don't allow multi-BSSID in S1G
    - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
    - net: phy: fix null-ptr-deref while probe() failed
    - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe()
    - net: net_netdev: Fix error handling in ntb_netdev_init_module()
    - net/9p: Fix a potential socket leak in p9_socket_open
    - net: ethernet: nixge: fix NULL dereference
    - net: wwan: iosm: fix kernel test robot reported error
    - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type
    - dsa: lan9303: Correct stat name
    - tipc: re-fetch skb cb after tipc_msg_validate
    - net: hsr: Fix potential use-after-free
    - net: mdiobus: fix unbalanced node reference count
    - afs: Fix fileserver probe RTT handling
    - net: tun: Fix use-after-free in tun_detach()
    - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
    - sctp: fix memory leak in sctp_stream_outq_migrate()
    - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
    - hwmon: (coretemp) Check for null before removing sysfs attrs
    - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
    - riscv: vdso: fix section overlapping under some conditions
    - riscv: mm: Proper page permissions after initmem free
    - ALSA: dice: fix regression for Lexicon I-ONIX FW810S
    - error-injection: Add prompt for function error injection
    - tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
    - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
    - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
    - pinctrl: intel: Save and restore pins in "direct IRQ" mode
    - v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
    - net: stmmac: Set MAC's flow control register to reflect current settings
    - mmc: mmc_test: Fix removal of debugfs file
    - mmc: core: Fix ambiguous TRIM and DISCARD arg
    - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
    - mmc: sdhci-sprd: Fix no reset data and command after voltage switch
    - mmc: sdhci: Fix voltage switch delay
    - drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame
    - drm/amdgpu: enable Vangogh VCN indirect sram mode
    - drm/i915: Fix negative value passed as remaining time
    - drm/i915: Never return 0 if not all requests retired
    - tracing/osnoise: Fix duration type
    - tracing: Fix race where histograms can be called before the event
    - tracing: Free buffers when a used dynamic event is removed
    - io_uring: update res mask in io_poll_check_events
    - io_uring: fix tw losing poll events
    - io_uring: cmpxchg for poll arm refs release
    - io_uring: make poll refs more robust
    - io_uring/poll: fix poll_refs race with cancelation
    - KVM: x86/mmu: Fix race condition in direct_page_fault
    - ASoC: ops: Fix bounds check for _sx controls
    - pinctrl: single: Fix potential division by zero
    - riscv: Sync efi page table's kernel mappings before switching
    - riscv: fix race when vmap stack overflow
    - riscv: kexec: Fixup irq controller broken in kexec crash path
    - nvme: fix SRCU protection of nvme_ns_head list
    - iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
    - iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
    - mm: __isolate_lru_page_prepare() in isolate_migratepages_block()
    - mm: migrate: fix THP's mapcount on isolation
    - parisc: Increase FRAME_WARN to 2048 bytes on parisc
    - Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is
      enabled
    - selftests: net: add delete nexthop route warning test
    - selftests: net: fix nexthop warning cleanup double ip typo
    - ipv4: Handle attempt to delete multipath route when fib_info contains an nh
      reference
    - ipv4: Fix route deletion when nexthop info is not specified
    - serial: stm32: Factor out GPIO RTS toggling into separate function
    - serial: stm32: Use TC interrupt to deassert GPIO RTS in RS485 mode
    - serial: stm32: Deassert Transmit Enable on ->rs485_config()
    - i2c: npcm7xx: Fix error handling in npcm_i2c_init()
    - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
    - ACPI: HMAT: remove unnecessary variable initialization
    - ACPI: HMAT: Fix initiator registration for single-initiator systems
    - Revert "clocksource/drivers/riscv: Events are stopped during CPU suspend"
    - char: tpm: Protect tpm_pm_suspend with locks
    - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
    - ipc/sem: Fix dangling sem_array access in semtimedop race
    - Linux 5.15.82
  * Jammy update: v5.15.81 upstream stable release (LP: #2003130)
    - ASoC: fsl_sai: use local device pointer
    - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N
    - serial: Add rs485_supported to uart_port
    - serial: fsl_lpuart: Fill in rs485_supported
    - tty: serial: fsl_lpuart: don't break the on-going transfer when global reset
    - sctp: remove the unnecessary sinfo_stream check in sctp_prsctp_prune_unsent
    - sctp: clear out_curr if all frag chunks of current msg are pruned
    - cifs: introduce new helper for cifs_reconnect()
    - cifs: split out dfs code from cifs_reconnect()
    - cifs: support nested dfs links over reconnect
    - cifs: Fix connections leak when tlink setup failed
    - ata: libata-scsi: simplify __ata_scsi_queuecmd()
    - ata: libata-core: do not issue non-internal commands once EH is pending
    - drm/display: Don't assume dual mode adaptors support i2c sub-addressing
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Micron Nitro
    - nvme-pci: disable namespace identifiers for the MAXIO MAP1001
    - nvme-pci: disable write zeroes on various Kingston SSD
    - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV7000
    - iio: ms5611: Simplify IO callback parameters
    - iio: pressure: ms5611: fixed value compensation bug
    - ceph: do not update snapshot context when there is no new snapshot
    - ceph: avoid putting the realm twice when decoding snaps fails
    - x86/sgx: Create utility to validate user provided offset and length
    - x86/sgx: Add overflow check in sgx_validate_offset_length()
    - binder: validate alloc->mm in ->mmap() handler
    - ceph: Use kcalloc for allocating multiple elements
    - ceph: fix NULL pointer dereference for req->r_session
    - wifi: mac80211: fix memory free error when registering wiphy fail
    - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
    - riscv: dts: sifive unleashed: Add PWM controlled LEDs
    - audit: fix undefined behavior in bit shift for AUDIT_BIT
    - wifi: airo: do not assign -1 to unsigned char
    - wifi: mac80211: Fix ack frame idr leak when mesh has no route
    - wifi: ath11k: Fix QCN9074 firmware boot on x86
    - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
    - selftests/bpf: Add verifier test for release_reference()
    - Revert "net: macsec: report real_dev features when HW offloading is enabled"
    - platform/x86: ideapad-laptop: Disable touchpad_switch
    - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1
    - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
    - platform/x86/intel/hid: Add some ACPI device IDs
    - scsi: ibmvfc: Avoid path failures during live migration
    - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
    - drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
    - block, bfq: fix null pointer dereference in bfq_bio_bfqg()
    - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
    - nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
    - Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10
      properly""
    - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
    - RISC-V: vdso: Do not add missing symbols to version section in linker script
    - MIPS: pic32: treat port as signed integer
    - xfrm: fix "disable_policy" on ipv4 early demux
    - xfrm: replay: Fix ESN wrap around for GSO
    - af_key: Fix send_acquire race with pfkey_register
    - ARM: dts: am335x-pcm-953: Define fixed regulators in root node
    - ASoC: hdac_hda: fix hda pcm buffer overflow issue
    - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
    - ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
    - x86/hyperv: Restore VP assist page after cpu offlining/onlining
    - scsi: storvsc: Fix handling of srb_status and capacity change events
    - ASoC: max98373: Add checks for devm_kcalloc
    - regulator: core: fix kobject release warning and memory leak in
      regulator_register()
    - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
    - regulator: core: fix UAF in destroy_regulator()
    - bus: sunxi-rsb: Remove the shutdown callback
    - bus: sunxi-rsb: Support atomic transfers
    - tee: optee: fix possible memory leak in optee_register_device()
    - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
    - selftests: mptcp: more stable simult_flows tests
    - selftests: mptcp: fix mibit vs mbit mix up
    - net: liquidio: simplify if expression
    - rxrpc: Allow list of in-use local UDP endpoints to be viewed in /proc
    - rxrpc: Use refcount_t rather than atomic_t
    - rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-
      CAN-15975]
    - net: dsa: sja1105: disallow C45 transactions on the BASE-TX MDIO bus
    - nfc/nci: fix race with opening and closing
    - net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
    - 9p/fd: fix issue of list_del corruption in p9_fd_cancel()
    - netfilter: conntrack: Fix data-races around ct mark
    - netfilter: nf_tables: do not set up extensions for end interval
    - iavf: Fix a crash during reset task
    - iavf: Do not restart Tx queues after reset task failure
    - iavf: Fix race condition between iavf_shutdown and iavf_remove
    - ARM: mxs: fix memory leak in mxs_machine_init()
    - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
    - net: ethernet: mtk_eth_soc: fix error handling in mtk_open()
    - net/mlx4: Check retval of mlx4_bitmap_init
    - net: mvpp2: fix possible invalid pointer dereference
    - net/qla3xxx: fix potential memleak in ql3xxx_send()
    - octeontx2-af: debugsfs: fix pci device refcount leak
    - net: pch_gbe: fix pci device refcount leak while module exiting
    - nfp: fill splittable of devlink_port_attrs correctly
    - nfp: add port from netdev validation for EEPROM access
    - macsec: Fix invalid error code set
    - Drivers: hv: vmbus: fix double free in the error path of
      vmbus_add_channel_work()
    - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
    - netfilter: ipset: regression in ip_set_hash_ip.c
    - net/mlx5: Do not query pci info while pci disabled
    - net/mlx5: Fix FW tracer timestamp calculation
    - net/mlx5: Fix handling of entry refcount when command is not issued to FW
    - tipc: set con sock in tipc_conn_alloc
    - tipc: add an extra conn_get in tipc_conn_alloc
    - tipc: check skb_linearize() return value in tipc_disc_rcv()
    - xfrm: Fix oops in __xfrm_state_delete()
    - xfrm: Fix ignored return value in xfrm6_init()
    - net: wwan: iosm: use ACPI_FREE() but not kfree() in ipc_pcie_read_bios_cfg()
    - sfc: fix potential memleak in __ef100_hard_start_xmit()
    - net: sparx5: fix error handling in sparx5_port_open()
    - net: sched: allow act_ct to be built without NF_NAT
    - NFC: nci: fix memory leak in nci_rx_data_packet()
    - regulator: twl6030: re-add TWL6032_SUBCLASS
    - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
    - dma-buf: fix racing conflict of dma_heap_add()
    - netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface
    - netfilter: flowtable_offload: add missing locking
    - fs: do not update freeing inode i_io_list
    - dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
    - ipv4: Fix error return code in fib_table_insert()
    - arcnet: fix potential memory leak in com20020_probe()
    - s390/dasd: fix no record found for raw_track_access
    - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
    - nfc: st-nci: fix memory leaks in EVT_TRANSACTION
    - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION
    - net: enetc: manage ENETC_F_QBV in priv->active_offloads only when enabled
    - net: enetc: cache accesses to &priv->si->hw
    - net: enetc: preserve TX ring priority across reconfiguration
    - octeontx2-pf: Add check for devm_kcalloc
    - octeontx2-af: Fix reference count issue in rvu_sdp_init()
    - net: thunderx: Fix the ACPI memory leak
    - s390/crashdump: fix TOD programmable field size
    - lib/vdso: use "grep -E" instead of "egrep"
    - [Config] updateconfigs for CC_HAS_ASM_GOTO_TIED_OUTPUT
    - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
    - nios2: add FORCE for vmlinuz.gz
    - mmc: sdhci-brcmstb: Re-organize flags
    - mmc: sdhci-brcmstb: Enable Clock Gating to save power
    - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
    - KVM: arm64: pkvm: Fixup boot mode to reflect that the kernel resumes from
      EL1
    - usb: dwc3: exynos: Fix remove() function
    - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
    - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1
    - ext4: fix use-after-free in ext4_ext_shift_extents
    - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
    - iio: light: apds9960: fix wrong register for gesture gain
    - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
    - bus: ixp4xx: Don't touch bit 7 on IXP42x
    - usb: dwc3: gadget: conditionally remove requests
    - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable
    - usb: dwc3: gadget: Clear ep descriptor last
    - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
    - gcov: clang: fix the buffer overflow issue
    - mm: vmscan: fix extreme overreclaim and swap floods
    - KVM: x86: nSVM: leave nested mode on vCPU free
    - KVM: x86: forcibly leave nested mode on vCPU reset
    - KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in
      use
    - KVM: x86: add kvm_leave_nested
    - KVM: x86: remove exit_int_info warning in svm_handle_exit
    - x86/tsx: Add a feature bit for TSX control MSR support
    - x86/pm: Add enumeration check before spec MSRs save/restore setup
    - x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
    - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
    - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
    - tools: iio: iio_generic_buffer: Fix read size
    - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
    - Input: goodix - try resetting the controller when no config is set
    - Input: soc_button_array - add use_low_level_irq module parameter
    - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[]
    - Input: i8042 - apply probe defer to more ASUS ZenBook models
    - ASoC: stm32: dfsdm: manage cb buffers cleanup
    - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
    - xen/platform-pci: add missing free_irq() in error path
    - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
    - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
    - drm/amdgpu: disable BACO support on more cards
    - zonefs: fix zone report size in __zonefs_io_error()
    - platform/x86: hp-wmi: Ignore Smart Experience App event
    - platform/x86: ideapad-laptop: Fix interrupt storm on fn-lock toggle on some
      Yoga laptops
    - [Config] updateconfigs for INET_TABLE_PERTURB_ORDER
    - tcp: configurable source port perturb table size
    - net: usb: qmi_wwan: add Telit 0x103a composition
    - scsi: iscsi: Fix possible memory leak when device_register() failed
    - gpu: host1x: Avoid trying to use GART on Tegra20
    - dm integrity: flush the journal on suspend
    - dm integrity: clear the journal on suspend
    - fuse: lock inode unconditionally in fuse_fallocate()
    - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
    - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
    - wifi: wilc1000: validate number of channels
    - genirq/msi: Shutdown managed interrupts with unsatifiable affinities
    - genirq: Always limit the affinity to online CPUs
    - irqchip/gic-v3: Always trust the managed affinity provided by the core code
    - genirq: Take the proposed affinity at face value if force==true
    - btrfs: free btrfs_path before copying root refs to userspace
    - btrfs: free btrfs_path before copying fspath to userspace
    - btrfs: free btrfs_path before copying subvol info to userspace
    - btrfs: zoned: fix missing endianness conversion in sb_write_pointer
    - btrfs: use kvcalloc in btrfs_get_dev_zone_info
    - btrfs: sysfs: normalize the error handling branch in btrfs_init_sysfs()
    - drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
    - drm/amd/display: No display after resume from WB/CB
    - drm/amdgpu: Enable Aldebaran devices to report CU Occupancy
    - drm/amdgpu: always register an MMU notifier for userptr
    - cifs: fix missed refcounting of ipc tcon
    - Linux 5.15.81
  * Jammy update: v5.15.80 upstream stable release (LP: #2003122)
    - mm: hwpoison: refactor refcount check handling
    - mm: hwpoison: handle non-anonymous THP correctly
    - mm: shmem: don't truncate page if memory failure happens
    - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in
      wm5102_probe"
    - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in
      wm5110_probe"
    - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in
      wm8997_probe"
    - ASoC: mt6660: Keep the pm_runtime enables before component stuff in
      mt6660_i2c_probe
    - ASoC: rt1019: Fix the TDM settings
    - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
    - spi: intel: Fix the offset to get the 64K erase opcode
    - ASoC: codecs: jz4725b: add missed Line In power control bit
    - ASoC: codecs: jz4725b: fix reported volume for Master ctl
    - ASoC: codecs: jz4725b: use right control for Capture Volume
    - ASoC: codecs: jz4725b: fix capture selector naming
    - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15
    - selftests/futex: fix build for clang
    - selftests/intel_pstate: fix build for ARCH=x86_64
    - ASoC: rt1308-sdw: add the default value of some registers
    - drm/amd/display: Remove wrong pipe control lock
    - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[]
    - RDMA/efa: Add EFA 0xefa2 PCI ID
    - btrfs: raid56: properly handle the error when unable to find the missing
      stripe
    - NFSv4: Retry LOCK on OLD_STATEID during delegation return
    - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable
    - firmware: arm_scmi: Cleanup the core driver removal callback
    - i2c: tegra: Allocate DMA memory for DMA engine
    - i2c: i801: add lis3lv02d's I2C address for Vostro 5568
    - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
    - btrfs: remove pointless and double ulist frees in error paths of qgroup
      tests
    - x86/cpu: Add several Intel server CPU model numbers
    - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" ->
      "Route"
    - mtd: spi-nor: intel-spi: Disable write protection only if asked
    - spi: intel: Use correct mask for flash and protected regions
    - KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet
    - hugetlbfs: don't delete error page from pagecache
    - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed
    - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed
    - spi: stm32: Print summary 'callbacks suppressed' message
    - ARM: dts: at91: sama7g5: fix signal name of pin PB2
    - ASoC: core: Fix use-after-free in snd_soc_exit()
    - ASoC: tas2770: Fix set_tdm_slot in case of single slot
    - ASoC: tas2764: Fix set_tdm_slot in case of single slot
    - ARM: at91: pm: avoid soft resetting AC DLL
    - serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl()
    - serial: 8250_omap: remove wait loop from Errata i202 workaround
    - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove()
    - serial: 8250: omap: Flush PM QOS work on remove
    - serial: imx: Add missing .thaw_noirq hook
    - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
    - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
    - ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
    - pinctrl: rockchip: list all pins in a possible mux route for PX30
    - scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
    - block: sed-opal: kmalloc the cmd/resp buffers
    - bpf: Fix memory leaks in __check_func_call
    - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
    - siox: fix possible memory leak in siox_device_add()
    - parport_pc: Avoid FIFO port location truncation
    - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
    - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms
    - drm/panel: simple: set bpc field for logic technologies displays
    - drm/drv: Fix potential memory leak in drm_dev_init()
    - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
    - arm64: dts: imx8mm: Fix NAND controller size-cells
    - arm64: dts: imx8mn: Fix NAND controller size-cells
    - ata: libata-transport: fix double ata_host_put() in ata_tport_add()
    - ata: libata-transport: fix error handling in ata_tport_add()
    - ata: libata-transport: fix error handling in ata_tlink_add()
    - ata: libata-transport: fix error handling in ata_tdev_add()
    - nfp: change eeprom length to max length enumerators
    - MIPS: fix duplicate definitions for exported symbols
    - MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
    - bpf: Initialize same number of free nodes for each pcpu_freelist
    - net: bgmac: Drop free_netdev() from bgmac_enet_remove()
    - mISDN: fix possible memory leak in mISDN_dsp_element_register()
    - net: hinic: Fix error handling in hinic_module_init()
    - net: stmmac: ensure tx function is not running in stmmac_xdp_release()
    - soc: imx8m: Enable OCOTP clock before reading the register
    - net: liquidio: release resources when liquidio driver open failed
    - mISDN: fix misuse of put_device() in mISDN_register_device()
    - net: macvlan: Use built-in RCU list checking
    - net: caif: fix double disconnect client in chnl_net_open()
    - bnxt_en: Remove debugfs when pci_register_driver failed
    - net: mhi: Fix memory leak in mhi_net_dellink()
    - net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims
    - xen/pcpu: fix possible memory leak in register_pcpu()
    - net: ionic: Fix error handling in ionic_init_module()
    - net: ena: Fix error handling in ena_init()
    - net: hns3: fix setting incorrect phy link ksettings for firmware in
      resetting process
    - bridge: switchdev: Fix memory leaks when changing VLAN protocol
    - drbd: use after free in drbd_create_device()
    - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when
      virtualized
    - platform/surface: aggregator: Do not check for repeated unsequenced packets
    - cifs: add check for returning value of SMB2_close_init
    - net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in
      ag71xx_open()
    - net/x25: Fix skb leak in x25_lapb_receive_frame()
    - cifs: Fix wrong return value checking when GETFLAGS
    - net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init()
      and sparx5_start()
    - net: thunderbolt: Fix error handling in tbnet_init()
    - cifs: add check for returning value of SMB2_set_info_init
    - ftrace: Fix the possible incorrect kernel message
    - ftrace: Optimize the allocation for mcount entries
    - ftrace: Fix null pointer dereference in ftrace_add_mod()
    - ring_buffer: Do not deactivate non-existant pages
    - tracing: Fix memory leak in tracing_read_pipe()
    - tracing/ring-buffer: Have polling block on watermark
    - tracing: Fix memory leak in test_gen_synth_cmd() and
      test_empty_synth_event()
    - tracing: Fix wild-memory-access in register_synth_event()
    - tracing: Fix race where eprobes can be called before the event
    - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in
      kprobe_event_gen_test_exit()
    - tracing: kprobe: Fix potential null-ptr-deref on trace_array in
      kprobe_event_gen_test_exit()
    - drm/amd/display: Add HUBP surface flip interrupt handler
    - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
    - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
    - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360
    - Revert "usb: dwc3: disable USB core PHY management"
    - slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y &&
      CONFIG_QCOM_RPROC_COMMON=m
    - slimbus: stream: correct presence rate frequencies
    - speakup: fix a segfault caused by switching consoles
    - USB: bcma: Make GPIO explicitly optional
    - USB: serial: option: add Sierra Wireless EM9191
    - USB: serial: option: remove old LARA-R6 PID
    - USB: serial: option: add u-blox LARA-R6 00B modem
    - USB: serial: option: add u-blox LARA-L6 modem
    - USB: serial: option: add Fibocom FM160 0x0111 composition
    - usb: add NO_LPM quirk for Realforce 87U Keyboard
    - usb: chipidea: fix deadlock in ci_otg_del_timer
    - usb: cdns3: host: fix endless superspeed hub port reset
    - usb: typec: mux: Enter safe mode only when pins need to be reconfigured
    - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
    - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
    - iio: adc: mp2629: fix wrong comparison of channel
    - iio: adc: mp2629: fix potential array out of bound access
    - iio: pressure: ms5611: changed hardcoded SPI speed to value limited
    - dm ioctl: fix misbehavior if list_versions races with module loading
    - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
    - serial: 8250: Flush DMA Rx on RLSI
    - serial: 8250_lpss: Configure DMA also w/o DMA filter
    - Input: iforce - invert valid length check when fetching device IDs
    - maccess: Fix writing offset in case of fault in
      strncpy_from_kernel_nofault()
    - net: phy: marvell: add sleep time after enabling the loopback bit
    - scsi: zfcp: Fix double free of FSF request when qdio send fails
    - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries
    - iommu/vt-d: Set SRE bit only when hardware has SRS cap
    - firmware: coreboot: Register bus in module init
    - mmc: core: properly select voltage range without power cycle
    - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce
      timeout
    - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
    - docs: update mediator contact information in CoC doc
    - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
    - perf/x86/intel/pt: Fix sampling using single range output
    - nvme: restrict management ioctls to admin
    - nvme: ensure subsystem reset is single threaded
    - serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake
    - perf: Improve missing SIGTRAP checking
    - ring-buffer: Include dropped pages in counting dirty patches
    - tracing: Fix warning on variable 'struct trace_array'
    - net: use struct_group to copy ip/ipv6 header addresses
    - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
    - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
    - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
    - Input: i8042 - fix leaking of platform device on module removal
    - macvlan: enforce a consistent minimal mtu
    - tcp: cdg: allow tcp_cdg_release() to be called multiple times
    - kcm: avoid potential race in kcm_tx_work
    - kcm: close race conditions on sk_receive_queue
    - 9p: trans_fd/p9_conn_cancel: drop client lock earlier
    - gfs2: Check sb_bsize_shift after reading superblock
    - gfs2: Switch from strlcpy to strscpy
    - 9p/trans_fd: always use O_NONBLOCK read/write
    - wifi: wext: use flex array destination for memcpy()
    - mm: fs: initialize fsdata passed to write_begin/write_end interface
    - net/9p: use a dedicated spinlock for trans_fd
    - ntfs: fix use-after-free in ntfs_attr_find()
    - ntfs: fix out-of-bounds read in ntfs_attr_find()
    - ntfs: check overflow when iterating ATTR_RECORDs
    - Linux 5.15.80
  * CVE-2022-4139
    - drm/i915: fix TLB invalidation for Gen12 video and compute engines
  * Jammy update: v5.15.79 upstream stable release (LP: #2001570)
    - fuse: fix readdir cache race
    - drm/amdkfd: avoid recursive lock in migrations back to RAM
    - drm/amdkfd: handle CPU fault on COW mapping
    - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
    - hwspinlock: qcom: correct MMIO max register for newer SoCs
    - phy: stm32: fix an error code in probe
    - wifi: cfg80211: silence a sparse RCU warning
    - wifi: cfg80211: fix memory leak in query_regdb_file()
    - soundwire: qcom: reinit broadcast completion
    - soundwire: qcom: check for outanding writes before doing a read
    - bpf, verifier: Fix memory leak in array reallocation for stack state
    - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
    - wifi: mac80211: Set TWT Information Frame Disabled bit as 1
    - bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without
      FILE
    - HID: hyperv: fix possible memory leak in mousevsc_probe()
    - bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues
    - bpf: Fix sockmap calling sleepable function in teardown path
    - bpf, sock_map: Move cancel_work_sync() out of sock lock
    - bpf: Add helper macro bpf_for_each_reg_in_vstate
    - bpf: Fix wrong reg type conversion in release_reference()
    - net: gso: fix panic on frag_list with mixed head alloc types
    - macsec: delete new rxsc when offload fails
    - macsec: fix secy->n_rx_sc accounting
    - macsec: fix detection of RXSCs when toggling offloading
    - macsec: clear encryption keys from the stack after setting up offload
    - octeontx2-pf: Use hardware register for CQE count
    - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT]
    - net: tun: Fix memory leaks of napi_get_frags
    - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
    - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
    - net: fman: Unregister ethernet device on removal
    - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
    - phy: ralink: mt7621-pci: add sentinel to quirks table
    - KVM: s390: pv: don't allow userspace to set the clock under PV
    - net: lapbether: fix issue of dev reference count leakage in
      lapbeth_device_event()
    - hamradio: fix issue of dev reference count leakage in bpq_device_event()
    - net: wwan: iosm: fix memory leak in ipc_wwan_dellink
    - net: wwan: mhi: fix memory leak in mhi_mbim_dellink
    - drm/vc4: Fix missing platform_unregister_drivers() call in
      vc4_drm_register()
    - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
    - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
    - can: af_can: fix NULL pointer dereference in can_rx_register()
    - net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable()
    - net: broadcom: Fix BCMGENET Kconfig
    - tipc: fix the msg->req tlv len check in
      tipc_nl_compat_name_table_dump_header
    - dmaengine: pxa_dma: use platform_get_irq_optional
    - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
    - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
    - net: lapbether: fix issue of invalid opcode in lapbeth_open()
    - drivers: net: xgene: disable napi when register irq failed in
      xgene_enet_open()
    - perf stat: Fix printing os->prefix in CSV metrics output
    - perf tools: Add the include/perf/ directory to .gitignore
    - netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg()
    - netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
    - net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init()
    - net: nixge: disable napi when enable interrupts failed in nixge_open()
    - net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg
    - net/mlx5: Bridge, verify LAG state when adding bond to bridge
    - net/mlx5: Allow async trigger completion execution on single CPU systems
    - net/mlx5e: E-Switch, Fix comparing termination table instance
    - net: cpsw: disable napi in cpsw_ndo_open()
    - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
    - stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S
    - stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz
    - mctp: Fix an error handling path in mctp_init()
    - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in
      cxgb4vf_open()
    - stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting
    - stmmac: dwmac-loongson: fix missing pci_disable_device() in
      loongson_dwmac_probe()
    - stmmac: dwmac-loongson: fix missing of_node_put() while module exiting
    - net: phy: mscc: macsec: clear encryption keys when freeing a flow
    - net: atlantic: macsec: clear encryption keys from the stack
    - ethernet: s2io: disable napi when start nic failed in s2io_card_up()
    - net: mv643xx_eth: disable napi when init rxq or txq failed in
      mv643xx_eth_open()
    - ethernet: tundra: free irq when alloc ring failed in tsi108_open()
    - net: macvlan: fix memory leaks of macvlan_common_newlink
    - riscv: process: fix kernel info leakage
    - riscv: vdso: fix build with llvm
    - riscv: fix reserved memory setup
    - arm64: efi: Fix handling of misaligned runtime regions and drop warning
    - MIPS: jump_label: Fix compat branch range check
    - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
    - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
    - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
    - ALSA: hda/hdmi - enable runtime pm for more AMD display audio
    - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
    - ALSA: hda: fix potential memleak in 'add_widget_node'
    - ALSA: hda/realtek: Add Positivo C6300 model quirk
    - ALSA: usb-audio: Yet more regression for for the delayed card registration
    - ALSA: usb-audio: Add quirk entry for M-Audio Micro
    - ALSA: usb-audio: Add DSD support for Accuphase DAC-60
    - vmlinux.lds.h: Fix placement of '.data..decrypted' section
    - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
    - nilfs2: fix deadlock in nilfs_count_free_blocks()
    - nilfs2: fix use-after-free bug of ns_writer on remount
    - drm/i915/dmabuf: fix sg_table handling in map_dma_buf
    - drm/amdgpu: disable BACO on special BEIGE_GOBY card
    - btrfs: fix match incorrectly in dev_args_match_device
    - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
    - btrfs: zoned: initialize device's zone info for seeding
    - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
    - udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
    - mm/damon/dbgfs: check if rm_contexts input is for a real context
    - mm/memremap.c: map FS_DAX device memory as decrypted
    - mm/shmem: use page_mapping() to detect page cache for uffd continue
    - can: j1939: j1939_send_one(): fix missing CAN header initialization
    - cert host tools: Stop complaining about deprecated OpenSSL functions
    - dmaengine: at_hdmac: Fix at_lli struct definition
    - dmaengine: at_hdmac: Don't start transactions at tx_submit level
    - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
    - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
    - dmaengine: at_hdmac: Do not call the complete callback on
      device_terminate_all
    - dmaengine: at_hdmac: Protect atchan->status with the channel lock
    - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
    - dmaengine: at_hdmac: Fix concurrency over descriptor
    - dmaengine: at_hdmac: Free the memset buf without holding the chan lock
    - dmaengine: at_hdmac: Fix concurrency over the active list
    - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
    - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
    - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
    - dmaengine: at_hdmac: Fix impossible condition
    - dmaengine: at_hdmac: Check return code of dma_async_device_register
    - marvell: octeontx2: build error: unknown type name 'u64'
    - drm/amdkfd: Migrate in CPU page fault use current mm
    - net: tun: call napi_schedule_prep() to ensure we own a napi
    - x86/cpu: Restore AMD's DE_CFG MSR after resume
    - Linux 5.15.79
  * CVE-2022-47520
    - wifi: wilc1000: validate pairwise and authentication suite offsets
  * CVE-2022-3545
    - nfp: fix use-after-free in area_cache_get()

linux-azure-5.15 (5.15.0-1033.40~20.04.1) focal; urgency=medium

* focal/linux-azure-5.15: 5.15.0-1033.40~20.04.1 -proposed tracker
    (LP: #2003489)

[ Ubuntu: 5.15.0-1033.40 ]

* jammy/linux-azure: 5.15.0-1033.40 -proposed tracker (LP: #2003426)
  * jammy/linux: 5.15.0-60.66 -proposed tracker (LP: #2003450)
  * Revoke & rotate to new signing key (LP: #2002812)
    - [Packaging] Revoke and rotate to new signing key

linux-azure-5.15 (5.15.0-1032.39~20.04.1) focal; urgency=medium

* focal/linux-azure-5.15: 5.15.0-1032.39~20.04.1 -proposed tracker
    (LP: #2001762)

[ Ubuntu: 5.15.0-1032.39 ]

* jammy/linux-azure: 5.15.0-1032.39 -proposed tracker (LP: #2001763)
  * Jammy update: v5.15.75 upstream stable release (LP: #1996825) // Jammy
    update: v5.15.76 upstream stable release (LP: #1997113)
    - [Config] azure: Update after rebase
  * Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2023.01.02)
  * Azure: Jammy fio test hangs, swiotlb buffers exhausted (LP: #1998838)
    - Revert "UBUNTU: SAUCE: scsi: storvsc: Fix swiotlb bounce buffer leak in
      confidential VM"
    - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
  * jammy/linux: 5.15.0-59.65 -proposed tracker (LP: #2001801)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * CVE-2022-47940
    - ksmbd: validate length in smb2_write()
  * Fix iosm: WWAN cannot build the connection (DW5823e) (LP: #1998115)
    - net: wwan: iosm: fix driver not working with INTEL_IOMMU disabled
    - [Config] CONFIG_IOSM update annotations on arm64 armhf ppc64el s390x
  * support for same series backports versioning numbers (LP: #1993563)
    - [Packaging] sameport -- add support for sameport versioning
  * [DEP-8] Run ADT regression suite for lowlatency kernels Jammy and later
    (LP: #1999528)
    - [DEP-8] Fix regression suite to run on lowlatency
  * Micron NVME storage failure [1344,5407] (LP: #1998883)
    - nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
  * Jammy update: v5.15.78 upstream stable release (LP: #1998843)
    - scsi: lpfc: Rework MIB Rx Monitor debug info logic
    - serial: ar933x: Deassert Transmit Enable on ->rs485_config()
    - KVM: x86: Trace re-injected exceptions
    - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)
    - drm/amd/display: explicitly disable psr_feature_enable appropriately
    - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
    - HID: playstation: add initial DualSense Edge controller support
    - KVM: x86: Protect the unused bits in MSR exiting flags
    - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
    - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER
    - RDMA/cma: Use output interface for net_dev check
    - IB/hfi1: Correctly move list in sc_disable()
    - RDMA/hns: Remove magic number
    - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx()
    - RDMA/hns: Disable local invalidate operation
    - NFSv4: Fix a potential state reclaim deadlock
    - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
    - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
    - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
    - NFSv4.2: Fixup CLONE dest file size for zero-length count
    - nfs4: Fix kmemleak when allocate slot failed
    - net: dsa: Fix possible memory leaks in dsa_loop_init()
    - RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
    - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
    - net: dsa: fall back to default tagger if we can't load the one from DT
    - nfc: fdp: Fix potential memory leak in fdp_nci_send()
    - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
    - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
    - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
    - net: fec: fix improper use of NETDEV_TX_BUSY
    - ata: pata_legacy: fix pdc20230_set_piomode()
    - net: sched: Fix use after free in red_enqueue()
    - net: tun: fix bugs for oversize packet when napi frags enabled
    - netfilter: nf_tables: netlink notifier might race to release objects
    - netfilter: nf_tables: release flow rule object from commit path
    - ipvs: use explicitly signed chars
    - ipvs: fix WARNING in __ip_vs_cleanup_batch()
    - ipvs: fix WARNING in ip_vs_app_net_cleanup()
    - rose: Fix NULL pointer dereference in rose_send_frame()
    - mISDN: fix possible memory leak in mISDN_register_device()
    - isdn: mISDN: netjet: fix wrong check of device registration
    - btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
    - btrfs: fix inode list leak during backref walking at find_parent_nodes()
    - btrfs: fix ulist leaks in error paths of qgroup self tests
    - netfilter: ipset: enforce documented limit to prevent allocating huge memory
    - Bluetooth: virtio_bt: Use skb_put to set length
    - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
    - Bluetooth: L2CAP: Fix memory leak in vhci_write
    - net: mdio: fix undefined behavior in bit shift for __mdiobus_register
    - ibmvnic: Free rwi on reset success
    - stmmac: dwmac-loongson: fix invalid mdio_node
    - net/smc: Fix possible leaked pernet namespace in smc_init()
    - net, neigh: Fix null-ptr-deref in neigh_table_clear()
    - ipv6: fix WARNING in ip6_route_net_exit_late()
    - vsock: fix possible infinite sleep in vsock_connectible_wait_data()
    - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag
    - drm/msm/hdmi: fix IRQ lifetime
    - video/fbdev/stifb: Implement the stifb_fillrect() function
    - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
    - mtd: parsers: bcm47xxpart: print correct offset on read error
    - mtd: parsers: bcm47xxpart: Fix halfblock reads
    - s390/uaccess: add missing EX_TABLE entries to __clear_user()
    - s390/cio: fix out-of-bounds access on cio_ignore free
    - media: rkisp1: Don't pass the quantization to rkisp1_csm_config()
    - media: rkisp1: Initialize color space on resizer sink and source pads
    - media: rkisp1: Use correct macro for gradient registers
    - media: rkisp1: Zero v4l2_subdev_format fields in when validating links
    - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
    - media: dvb-frontends/drxk: initialize err to 0
    - media: meson: vdec: fix possible refcount leak in vdec_probe()
    - media: v4l: subdev: Fail graciously when getting try data for NULL state
    - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
    - scsi: core: Restrict legal sdev_state transitions via sysfs
    - HID: saitek: add madcatz variant of MMO7 mouse device ID
    - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case
    - i2c: xiic: Add platform module alias
    - efi/tpm: Pass correct address to memblock_reserve
    - clk: qcom: Update the force mem core bit for GPU clocks
    - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
    - arm64: dts: imx8: correct clock order
    - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers
    - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers
    - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers
    - block: Fix possible memory leak for rq_wb on add_disk failure
    - firmware: arm_scmi: Suppress the driver's bind attributes
    - firmware: arm_scmi: Make Rx chan_setup fail on memory errors
    - firmware: arm_scmi: Fix devres allocation device in virtio transport
    - arm64: dts: juno: Add thermal critical trip points
    - i2c: piix4: Fix adapter not be removed in piix4_remove()
    - Bluetooth: L2CAP: Fix attempting to access uninitialized memory
    - block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
    - af_unix: Fix memory leaks of the whole sk due to OOB skb.
    - fscrypt: stop using keyrings subsystem for fscrypt_master_key
    - fscrypt: fix keyring memory leak on mount failure
    - btrfs: fix lost file sync on direct IO write with nowait and dsync iocb
    - btrfs: fix tree mod log mishandling of reallocated nodes
    - btrfs: fix type of parameter generation in btrfs_get_dentry
    - ftrace: Fix use-after-free for dynamic ftrace_ops
    - tcp/udp: Make early_demux back namespacified.
    - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd()
    - kprobe: reverse kp->flags when arm_kprobe failed
    - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
    - tools/nolibc/string: Fix memcmp() implementation
    - tracing/histogram: Update document for KEYS_MAX size
    - capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
    - fuse: add file_modified() to fallocate
    - efi: random: reduce seed size to 32 bytes
    - efi: random: Use 'ACPI reclaim' memory for random seed
    - arm64: entry: avoid kprobe recursion
    - perf/x86/intel: Fix pebs event constraints for ICL
    - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
    - perf/x86/intel: Fix pebs event constraints for SPR
    - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
    - parisc: Export iosapic_serial_irq() symbol for serial port driver
    - parisc: Avoid printing the hardware path twice
    - ext4: fix warning in 'ext4_da_release_space'
    - ext4: fix BUG_ON() when directory entry has invalid rec_len
    - x86/syscall: Include asm/ptrace.h in syscall_wrapper header
    - KVM: x86: Mask off reserved bits in CPUID.80000006H
    - KVM: x86: Mask off reserved bits in CPUID.8000001AH
    - KVM: x86: Mask off reserved bits in CPUID.80000008H
    - KVM: x86: Mask off reserved bits in CPUID.80000001H
    - KVM: x86: Mask off reserved bits in CPUID.8000001FH
    - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable
    - KVM: arm64: Fix bad dereference on MTE-enabled systems
    - KVM: x86: emulator: em_sysexit should update ctxt->mode
    - KVM: x86: emulator: introduce emulator_recalc_and_set_mode
    - KVM: x86: emulator: update the emulation mode after rsm
    - KVM: x86: emulator: update the emulation mode after CR0 write
    - tee: Fix tee_shm_register() for kernel TEE drivers
    - ext4,f2fs: fix readahead of verity data
    - cifs: fix regression in very old smb1 mounts
    - drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach
    - drm/rockchip: dsi: Force synchronous probe
    - drm/i915/sdvo: Filter out invalid outputs more sensibly
    - drm/i915/sdvo: Setup DDC fully before output init
    - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
    - Linux 5.15.78
  * Fix AMD-PState driver for Genoa CPU (LP: #1998106)
    - Documentation: amd-pstate: add tracer tool introduction
    - Documentation: amd-pstate: grammar and sentence structure updates
    - Documentation: amd-pstate: Add unit test introduction
    - cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at
      init
    - cpufreq: amd-pstate: change amd-pstate driver to be built-in type
    - cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection
    - Documentation: amd-pstate: add driver working mode introduction
    - Documentation: add amd-pstate kernel command line options
  * Mediatek WLAN RZ616(MT7922) SAR table control (LP: #1997200)
    - mt76: mt7921: add .set_sar_specs support
    - mt76: add 6 GHz band support in mt76_sar_freq_ranges
    - mt76: mt7921: introduce ACPI SAR support
    - mt76: connac: add support for limiting to maximum regulatory Tx power
    - mt76: move sar utilities to mt76-core module
    - mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in
      mt7921_config
    - mt76: mt7921: introduce ACPI SAR config in tx power
    - wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
  * [22.04/Jammy] Replace SAUCE AMD DP tunneling patch by upstream version
    (LP: #1989944)
    - Revert "UBUNTU: SAUCE: thunderbolt: Add DP out resource when DP tunnel is
      discovered."
    - thunderbolt: Add DP OUT resource when DP tunnel is discovered
  * Jammy update: v5.15.77 upstream stable release (LP: #1997981)
    - NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
    - NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
    - can: j1939: transport: j1939_session_skb_drop_old():
      spin_unlock_irqrestore() before kfree_skb()
    - can: kvaser_usb: Fix possible completions during init_completion
    - ALSA: Use del_timer_sync() before freeing timer
    - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600
    - ALSA: au88x0: use explicitly signed char
    - ALSA: rme9652: use explicitly signed char
    - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
    - usb: gadget: uvc: fix sg handling in error case
    - usb: gadget: uvc: fix sg handling during video encode
    - usb: dwc3: gadget: Stop processing more requests on IMI
    - usb: dwc3: gadget: Don't set IMI for no_interrupt
    - usb: bdc: change state when port disconnected
    - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96
      controller
    - mtd: rawnand: marvell: Use correct logic for nand-keep-config
    - xhci: Add quirk to reset host back to default state at shutdown
    - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices
    - xhci: Remove device endpoints from bandwidth list when freeing the device
    - tools: iio: iio_utils: fix digit calculation
    - iio: light: tsl2583: Fix module unloading
    - iio: temperature: ltc2983: allocate iio channels once
    - iio: adxl372: Fix unsafe buffer attributes
    - fbdev: smscufx: Fix several use-after-free bugs
    - cpufreq: intel_pstate: Read all MSRs on the target CPU
    - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
    - fs/binfmt_elf: Fix memory leak in load_elf_binary()
    - exec: Copy oldsighand->action under spin-lock
    - mac802154: Fix LQI recording
    - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds
    - drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume
    - drm/msm/dsi: fix memory corruption with too many bridges
    - drm/msm/hdmi: fix memory corruption with too many bridges
    - drm/msm/dp: fix IRQ lifetime
    - coresight: cti: Fix hang in cti_disable_hw()
    - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
    - mmc: core: Fix kernel panic when remove non-standard SDIO card
    - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
    - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus
    - counter: microchip-tcb-capture: Handle Signal1 read and Synapse
    - kernfs: fix use-after-free in __kernfs_remove
    - pinctrl: Ingenic: JZ4755 bug fixes
    - ARC: mm: fix leakage of memory allocated for PTE
    - perf auxtrace: Fix address filter symbol name match for modules
    - s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
    - s390/pci: add missing EX_TABLE entries to
      __pcistg_mio_inuser()/__pcilg_mio_inuser()
    - Revert "scsi: lpfc: Resolve some cleanup issues following SLI path
      refactoring"
    - Revert "scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()"
    - Revert "scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()"
    - Revert "scsi: lpfc: SLI path split: Refactor SCSI paths"
    - Revert "scsi: lpfc: SLI path split: Refactor fast and slow paths to native
      SLI4"
    - Revert "scsi: lpfc: SLI path split: Refactor lpfc_iocbq"
    - mmc: block: Remove error check of hw_reset on reset
    - ethtool: eeprom: fix null-deref on genl_info in dump
    - net: ieee802154: fix error return code in dgram_bind()
    - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
    - media: atomisp: prevent integer overflow in sh_css_set_black_frame()
    - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
    - KVM: selftests: Fix number of pages for memory slot in
      memslot_modification_stress_test
    - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
    - perf: Fix missing SIGTRAPs
    - sched/core: Fix comparison in sched_group_cookie_match()
    - arc: iounmap() arg is volatile
    - mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe()
    - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
    - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
    - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap()
    - tipc: fix a null-ptr-deref in tipc_topsrv_accept
    - net: netsec: fix error handling in netsec_register_mdio()
    - net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg()
    - net: hinic: fix memory leak when reading function table
    - net: hinic: fix the issue of CMDQ memory leaks
    - net: hinic: fix the issue of double release MBOX callback of VF
    - net: macb: Specify PHY PM management done by MAC
    - nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
    - x86/unwind/orc: Fix unreliable stack dump with gcov
    - amd-xgbe: fix the SFP compliance codes check for DAC cables
    - amd-xgbe: add the bit rate quirk for Molex cables
    - drm/i915/dp: Reset frl trained flag before restarting FRL training
    - atlantic: fix deadlock at aq_nic_stop
    - kcm: annotate data-races around kcm->rx_psock
    - kcm: annotate data-races around kcm->rx_wait
    - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
    - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
    - tcp: minor optimization in tcp_add_backlog()
    - tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
    - tcp: fix indefinite deferral of RTO with SACK reneging
    - net-memcg: avoid stalls when under memory pressure
    - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
    - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error
      path
    - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error
      path
    - PM: hibernate: Allow hybrid sleep to work with s2idle
    - media: vivid: s_fbuf: add more sanity checks
    - media: vivid: dev->bitmap_cap wasn't freed in all cases
    - media: v4l2-dv-timings: add sanity checks for blanking values
    - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
    - media: vivid: set num_in/outputs to 0 if not supported
    - perf vendor events power10: Fix hv-24x7 metric events
    - ipv6: ensure sane device mtu in tunnels
    - i40e: Fix ethtool rx-flow-hash setting for X722
    - i40e: Fix VF hang when reset is triggered on another VF
    - i40e: Fix flow-type by setting GL_HASH_INSET registers
    - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
    - PM: domains: Fix handling of unavailable/disabled idle states
    - perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics
    - net: fec: limit register access on i.MX6UL
    - net: ethernet: ave: Fix MAC to be in charge of PHY PM
    - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
    - ALSA: aoa: Fix I2S device accounting
    - openvswitch: switch from WARN to pr_warn
    - net: ehea: fix possible memory leak in ehea_register_port()
    - net: bcmsysport: Indicate MAC is in charge of PHY PM
    - nh: fix scope used to find saddr when adding non gw nh
    - net: broadcom: bcm4908enet: remove redundant variable bytes
    - net: broadcom: bcm4908_enet: update TX stats after actual transmission
    - netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir
      failed
    - net/mlx5e: Do not increment ESN when updating IPsec ESN state
    - net/mlx5e: Extend SKB room check to include PTP-SQ
    - net/mlx5: Fix possible use-after-free in async command interface
    - net/mlx5: Print more info on pci error handlers
    - net/mlx5: Update fw fatal reporter state on PCI handlers successful recover
    - net/mlx5: Fix crash during sync firmware reset
    - net: do not sense pfmemalloc status in skb_append_pagefrags()
    - kcm: do not sense pfmemalloc status in kcm_sendpage()
    - net: enetc: survive memory pressure without crashing
    - arm64: Add AMPERE1 to the Spectre-BHB affected list
    - scsi: sd: Revert "scsi: sd: Remove a local variable"
    - can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L
    - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global
      FIFO receive
    - serial: core: move RS485 configuration tasks from drivers into core
    - serial: Deassert Transmit Enable on probe in driver-specific way
    - Linux 5.15.77
  * RCU stalls (LP: #1991951)
    - [Config] Harmonize RCU_CPU_STALL_TIMEOUT
  * Jammy update: v5.15.76 upstream stable release (LP: #1997113)
    - r8152: add PID for the Lenovo OneLink+ Dock
    - arm64/mm: Consolidate TCR_EL1 fields
    - usb: gadget: uvc: consistently use define for headerlen
    - usb: gadget: uvc: use on returned header len in video_encode_isoc_sg
    - usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer
    - usb: gadget: uvc: giveback vb2 buffer on req complete
    - usb: gadget: uvc: improve sg exit condition
    - [Config] updateconfigs for ARM64_ERRATUM_1742098
    - arm64: errata: Remove AES hwcap for COMPAT tasks
    - perf/x86/intel/pt: Relax address filter validation
    - btrfs: enhance unsupported compat RO flags handling
    - ocfs2: clear dinode links count in case of error
    - ocfs2: fix BUG when iput after ocfs2_mknod fails
    - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
    - cpufreq: qcom: fix writes in read-only memory region
    - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
    - x86/microcode/AMD: Apply the patch early on every logical thread
    - hwmon/coretemp: Handle large core ID value
    - ata: ahci-imx: Fix MODULE_ALIAS
    - x86/resctrl: Fix min_cbm_bits for AMD
    - cpufreq: qcom: fix memory leak in error path
    - drm/amdgpu: fix sdma doorbell init ordering on APUs
    - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
    - kvm: Add support for arch compat vm ioctls
    - KVM: arm64: vgic: Fix exit condition in scan_its_table()
    - media: ipu3-imgu: Fix NULL pointer dereference in active selection access
    - media: mceusb: set timeout to at least timeout provided
    - media: venus: dec: Handle the case where find_format fails
    - x86/topology: Fix multiple packages shown on a single-package system
    - x86/topology: Fix duplicated core ID within a package
    - btrfs: fix processing of delayed data refs during backref walking
    - btrfs: fix processing of delayed tree block refs during backref walking
    - drm/vc4: Add module dependency on hdmi-codec
    - ACPI: extlog: Handle multiple records
    - tipc: Fix recognition of trial period
    - tipc: fix an information leak in tipc_topsrv_kern_subscr
    - i40e: Fix DMA mappings leak
    - HID: magicmouse: Do not set BTN_MOUSE on double report
    - sfc: Change VF mac via PF as first preference if available.
    - net/atm: fix proc_mpc_write incorrect return value
    - net: phy: dp83867: Extend RX strap quirk for SGMII mode
    - net: phylink: add mac_managed_pm in phylink_config structure
    - scsi: lpfc: Fix memory leak in lpfc_create_port()
    - udp: Update reuse->has_conns under reuseport_lock.
    - cifs: Fix xid leak in cifs_create()
    - cifs: Fix xid leak in cifs_copy_file_range()
    - cifs: Fix xid leak in cifs_flock()
    - cifs: Fix xid leak in cifs_ses_add_channel()
    - dm: remove unnecessary assignment statement in alloc_dev()
    - net: hsr: avoid possible NULL deref in skb_clone()
    - ionic: catch NULL pointer issue on reconfig
    - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements
    - nvme-hwmon: consistently ignore errors from nvme_hwmon_init
    - nvme-hwmon: kmalloc the NVME SMART log buffer
    - nvmet: fix workqueue MEM_RECLAIM flushing dependency
    - net: sched: cake: fix null pointer access issue when cake_init() fails
    - net: sched: delete duplicate cleanup of backlog and qlen
    - net: sched: sfb: fix null pointer access issue when sfb_init() fails
    - sfc: include vport_id in filter spec hash and equal()
    - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()
    - net: hns: fix possible memory leak in hnae_ae_register()
    - net: sched: fix race condition in qdisc_graft()
    - net: phy: dp83822: disable MDI crossover status change interrupt
    - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check()
    - iommu/vt-d: Clean up si_domain in the init_dmars() error path
    - fs: dlm: fix invalid derefence of sb_lvbptr
    - arm64: mte: move register initialization to C
    - ksmbd: handle smb2 query dir request for OutputBufferLength that is too
      small
    - ksmbd: fix incorrect handling of iterate_dir
    - tracing: Simplify conditional compilation code in tracing_set_tracer()
    - tracing: Do not free snapshot if tracer is on cmdline
    - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
    - perf: Skip and warn on unknown format 'configN' attrs
    - ACPI: video: Force backlight native for more TongFang devices
    - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB
    - Makefile.debug: re-enable debug info for .S files
    - mmc: core: Add SD card quirk for broken discard
    - mm: /proc/pid/smaps_rollup: fix no vma's null-deref
    - Linux 5.15.76
  * UBSAN: array-index-out-of-bounds in
    /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41
    (LP: #1970074) // Jammy update: v5.15.76 upstream stable release
    (LP: #1997113)
    - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
  * Jammy update: v5.15.75 upstream stable release (LP: #1996825)
    - Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
    - ALSA: oss: Fix potential deadlock at unregistration
    - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
    - ALSA: usb-audio: Fix potential memory leaks
    - ALSA: usb-audio: Fix NULL dererence at error path
    - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
    - ALSA: hda/realtek: Correct pin configs for ASUS G533Z
    - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
    - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys
    - mtd: rawnand: atmel: Unmap streaming DMA mappings
    - io_uring/net: don't update msg_name if not provided
    - hv_netvsc: Fix race between VF offering and VF association message from host
    - cifs: destage dirty pages before re-reading them for cache=none
    - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
    - iio: dac: ad5593r: Fix i2c read protocol requirements
    - iio: ltc2497: Fix reading conversion results
    - iio: adc: ad7923: fix channel readings for some variants
    - iio: pressure: dps310: Refactor startup procedure
    - iio: pressure: dps310: Reset chip after timeout
    - xhci: dbc: Fix memory leak in xhci_alloc_dbc()
    - usb: add quirks for Lenovo OneLink+ Dock
    - can: kvaser_usb: Fix use of uninitialized completion
    - can: kvaser_usb_leaf: Fix overread with an invalid command
    - can: kvaser_usb_leaf: Fix TX queue out of sync after restart
    - can: kvaser_usb_leaf: Fix CAN state after restart
    - mmc: sdhci-sprd: Fix minimum clock limit
    - i2c: designware: Fix handling of real but unexpected device interrupts
    - fs: dlm: fix race between test_bit() and queue_work()
    - fs: dlm: handle -EBUSY first in lock arg validation
    - HID: multitouch: Add memory barriers
    - quota: Check next/prev free block number after reading from quota file
    - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure
    - ASoC: wcd9335: fix order of Slimbus unprepare/disable
    - ASoC: wcd934x: fix order of Slimbus unprepare/disable
    - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
    - net: thunderbolt: Enable DMA paths only after rings are enabled
    - regulator: qcom_rpm: Fix circular deferral regression
    - arm64: topology: move store_cpu_topology() to shared code
    - riscv: topology: fix default topology reporting
    - RISC-V: Make port I/O string accessors actually work
    - parisc: fbdev/stifb: Align graphics memory size to 4MB
    - riscv: Make VM_WRITE imply VM_READ
    - riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
    - riscv: Pass -mno-relax only on lld < 15.0.0
    - UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
    - nvmem: core: Fix memleak in nvmem_register()
    - nvme-multipath: fix possible hang in live ns resize with ANA access
    - nvme-pci: set min_align_mask before calculating max_hw_sectors
    - dmaengine: mxs: use platform_driver_register
    - drm/virtio: Check whether transferred 2D BO is shmem
    - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error
    - drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb()
    - drm/udl: Restore display mode on resume
    - [Config] updateconfigs for ARM64_ERRATUM_2441007
    - arm64: errata: Add Cortex-A55 to the repeat tlbi list
    - mm/damon: validate if the pmd entry is present before accessing
    - mm/mmap: undo ->mmap() when arch_validate_flags() fails
    - xen/gntdev: Prevent leaking grants
    - xen/gntdev: Accommodate VMA splitting
    - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
    - serial: 8250: Let drivers request full 16550A feature probing
    - serial: 8250: Request full 16550A feature probing for OxSemi PCIe devices
    - powercap: intel_rapl: Use standard Energy Unit for SPR Dram RAPL domain
    - powerpc/boot: Explicitly disable usage of SPE instructions
    - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure
    - slimbus: qcom-ngd: cleanup in probe error path
    - scsi: qedf: Populate sysfs attributes for vport
    - gpio: rockchip: request GPIO mux to pinctrl when setting direction
    - pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
    - fbdev: smscufx: Fix use-after-free in ufx_ops_open()
    - ksmbd: fix endless loop when encryption for response fails
    - ksmbd: Fix wrong return value and message length check in smb2_ioctl()
    - ksmbd: Fix user namespace mapping
    - fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
    - btrfs: fix race between quota enable and quota rescan ioctl
    - btrfs: set generation before calling btrfs_clean_tree_block in
      btrfs_init_new_buffer
    - f2fs: complete checkpoints during remount
    - f2fs: flush pending checkpoints when freezing super
    - f2fs: increase the limit for reserve_root
    - f2fs: fix to do sanity check on destination blkaddr during recovery
    - f2fs: fix to do sanity check on summary info
    - hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
    - hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
    - jbd2: wake up journal waiters in FIFO order, not LIFO
    - jbd2: fix potential buffer head reference count leak
    - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
    - jbd2: add miss release buffer head in fc_do_one_pass()
    - ext4: avoid crash when inline data creation follows DIO write
    - ext4: fix null-ptr-deref in ext4_write_info
    - ext4: make ext4_lazyinit_thread freezable
    - ext4: fix check for block being out of directory size
    - ext4: don't increase iversion counter for ea_inodes
    - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate
    - ext4: place buffer head allocation before handle start
    - ext4: fix dir corruption when ext4_dx_add_entry() fails
    - ext4: fix miss release buffer head in ext4_fc_write_inode
    - ext4: fix potential memory leak in ext4_fc_record_modified_inode()
    - ext4: fix potential memory leak in ext4_fc_record_regions()
    - ext4: update 'state->fc_regions_size' after successful memory allocation
    - livepatch: fix race between fork and KLP transition
    - ftrace: Properly unset FTRACE_HASH_FL_MOD
    - ring-buffer: Allow splice to read previous partially read pages
    - ring-buffer: Have the shortest_full queue be the shortest not longest
    - ring-buffer: Check pending waiters when doing wake ups as well
    - ring-buffer: Add ring_buffer_wake_waiters()
    - ring-buffer: Fix race between reset page and reading page
    - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t
    - tracing: Wake up ring buffer waiters on closing of the file
    - tracing: Wake up waiters when tracing is disabled
    - tracing: Add ioctl() to force ring buffer waiters to wake up
    - tracing: Move duplicate code of trace_kprobe/eprobe.c into header
    - tracing: Add "(fault)" name injection to kernel probes
    - tracing: Fix reading strings from synthetic events
    - thunderbolt: Explicitly enable lane adapter hotplug events at startup
    - efi: libstub: drop pointless get_memory_map() call
    - media: cedrus: Set the platform driver data earlier
    - media: cedrus: Fix endless loop in cedrus_h265_skip_bits()
    - blk-wbt: call rq_qos_add() after wb_normal is initialized
    - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
    - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
    - KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings to vmcs02
    - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS
    - staging: greybus: audio_helper: remove unused and wrong debugfs usage
    - drm/nouveau/kms/nv140-: Disable interlacing
    - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
    - drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
    - drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
    - drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier
    - drm/amd/display: Fix vblank refcount in vrr transition
    - smb3: must initialize two ACL struct fields to zero
    - selinux: use "grep -E" instead of "egrep"
    - ima: fix blocking of security.ima xattrs of unsupported algorithms
    - userfaultfd: open userfaultfds with O_RDONLY
    - ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
    - thermal: cpufreq_cooling: Check the policy first in
      cpufreq_cooling_register()
    - sh: machvec: Use char[] for section boundaries
    - MIPS: SGI-IP27: Free some unused memory
    - MIPS: SGI-IP27: Fix platform-device leak in bridge_platform_create()
    - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
    - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
    - objtool: Preserve special st_shndx indexes in elf_update_symbol
    - nfsd: Fix a memory leak in an error handling path
    - NFSD: Fix handling of oversized NFSv4 COMPOUND requests
    - wifi: rtlwifi: 8192de: correct checking of IQK reload
    - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
    - leds: lm3601x: Don't use mutex after it was destroyed
    - bpf: Fix reference state management for synchronous callbacks
    - wifi: mac80211: allow bw change during channel switch in mesh
    - bpftool: Fix a wrong type cast in btf_dumper_int
    - spi: mt7621: Fix an error message in mt7621_spi_probe()
    - x86/resctrl: Fix to restore to original value when re-enabling hardware
      prefetch register
    - xsk: Fix backpressure mechanism on Tx
    - bpf: Disable preemption when increasing per-cpu map_locked
    - bpf: Propagate error from htab_lock_bucket() to userspace
    - bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy
    - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
    - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
    - wifi: rtw88: add missing destroy_workqueue() on error path in
      rtw_core_init()
    - selftests/xsk: Avoid use-after-free on ctx
    - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
    - spi: qup: add missing clk_disable_unprepare on error in
      spi_qup_pm_resume_runtime()
    - wifi: rtl8xxxu: Fix skb misuse in TX queue selection
    - spi: meson-spicc: do not rely on busy flag in pow2 clk ops
    - bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
    - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
    - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
    - wifi: mt76: sdio: fix transmitting packet hangs
    - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in
      mt7615_sta_set_decap_offload
    - wifi: mt76: mt7915: do not check state before configuring implicit beamform
    - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release
    - net: fs_enet: Fix wrong check in do_pd_setup
    - bpf: Ensure correct locking around vulnerable function find_vpid()
    - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
    - netfilter: conntrack: fix the gc rescheduling delay
    - netfilter: conntrack: revisit the gc initial rescheduling bias
    - wifi: ath11k: fix number of VHT beamformee spatial streams
    - x86/microcode/AMD: Track patch allocation size explicitly
    - x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
    - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
    - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
    - skmsg: Schedule psock work if the cached skb exists on the psock
    - i2c: mlxbf: support lock mechanism
    - Bluetooth: hci_core: Fix not handling link timeouts propertly
    - xfrm: Reinject transport-mode packets through workqueue
    - netfilter: nft_fib: Fix for rpath check with VRF devices
    - spi: s3c64xx: Fix large transfers with DMA
    - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
    - vhost/vsock: Use kvmalloc/kvfree for larger packets.
    - eth: alx: take rtnl_lock on resume
    - sctp: handle the error returned from sctp_auth_asoc_init_active_key
    - tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
    - spi: Ensure that sg_table won't be used after being freed
    - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888
      controller
    - net: rds: don't hold sock lock when cancelling work from
      rds_tcp_reset_callbacks()
    - bnx2x: fix potential memory leak in bnx2x_tpa_stop()
    - net: wwan: iosm: Call mutex_init before locking it
    - net/ieee802154: reject zero-sized raw_sendmsg()
    - once: add DO_ONCE_SLOW() for sleepable contexts
    - net: mvpp2: fix mvpp2 debugfs leak
    - drm: bridge: adv7511: fix CEC power down control register offset
    - drm: bridge: adv7511: unregister cec i2c device after cec adapter
    - drm/bridge: Avoid uninitialized variable warning
    - drm/mipi-dsi: Detach devices when removing the host
    - drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
    - drm/bridge: parade-ps8640: Fix regulator supply order
    - drm/dp_mst: fix drm_dp_dpcd_read return value checks
    - drm:pl111: Add of_node_put() when breaking out of
      for_each_available_child_of_node()
    - ASoC: mt6359: fix tests for platform_get_irq() failure
    - platform/chrome: fix double-free in chromeos_laptop_prepare()
    - platform/chrome: fix memory corruption in ioctl
    - ASoC: tas2764: Allow mono streams
    - ASoC: tas2764: Drop conflicting set_bias_level power setting
    - ASoC: tas2764: Fix mute/unmute
    - platform/x86: msi-laptop: Fix old-ec check for backlight registering
    - platform/x86: msi-laptop: Fix resource cleanup
    - platform/chrome: cros_ec_typec: Correct alt mode index
    - drm/amdgpu: add missing pci_disable_device() in
      amdgpu_pmops_runtime_resume()
    - drm/bridge: megachips: Fix a null pointer dereference bug
    - ASoC: rsnd: Add check for rsnd_mod_power_on
    - ALSA: hda: beep: Simplify keep-power-at-enable behavior
    - drm/bochs: fix blanking
    - drm/omap: dss: Fix refcount leak bugs
    - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
    - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
    - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
    - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
    - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa()
    - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
    - ASoC: codecs: tx-macro: fix kcontrol put
    - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks()
    - ALSA: dmaengine: increment buffer pointer atomically
    - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
    - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
    - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
    - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
    - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
    - ALSA: hda/hdmi: Don't skip notification handling during PM operation
    - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
    - memory: of: Fix refcount leak bug in of_get_ddr_timings()
    - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
    - locks: fix TOCTOU race when granting write lease
    - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
    - soc: qcom: smem_state: Add refcounting for the 'state->of_node'
    - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus
    - ARM: dts: turris-omnia: Fix mpp26 pin name and comment
    - ARM: dts: kirkwood: lsxl: fix serial line
    - ARM: dts: kirkwood: lsxl: remove first ethernet port
    - ia64: export memory_add_physaddr_to_nid to fix cxl build error
    - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
    - arm64: dts: ti: k3-j7200: fix main pinmux range
    - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
    - ARM: Drop CMDLINE_* dependency on ATAGS
    - ext4: don't run ext4lazyinit for read-only filesystems
    - arm64: ftrace: fix module PLTs with mcount
    - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
    - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
    - iio: adc: at91-sama5d2_adc: check return status for pressure and touch
    - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq
    - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume
    - iio: inkern: only release the device node when done with it
    - iio: inkern: fix return value in devm_of_iio_channel_get_by_name()
    - iio: ABI: Fix wrong format of differential capacitance channel ABI.
    - iio: magnetometer: yas530: Change data type of hard_offsets to signed
    - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey
    - usb: common: debug: Check non-standard control requests
    - clk: meson: Hold reference returned by of_get_parent()
    - clk: oxnas: Hold reference returned by of_get_parent()
    - clk: qoriq: Hold reference returned by of_get_parent()
    - clk: berlin: Add of_node_put() for of_get_parent()
    - clk: sprd: Hold reference returned by of_get_parent()
    - clk: tegra: Fix refcount leak in tegra210_clock_init
    - clk: tegra: Fix refcount leak in tegra114_clock_init
    - clk: tegra20: Fix refcount leak in tegra20_clock_init
    - HSI: omap_ssi: Fix refcount leak in ssi_probe
    - HSI: omap_ssi_port: Fix dma_map_sg error check
    - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
    - tty: xilinx_uartps: Fix the ignore_status
    - media: meson: vdec: add missing clk_disable_unprepare on error in
      vdec_hevc_start()
    - media: uvcvideo: Fix memory leak in uvc_gpio_parse
    - media: uvcvideo: Use entity get_cur in uvc_ctrl_set
    - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
    - RDMA/rxe: Fix "kernel NULL pointer dereference" error
    - RDMA/rxe: Fix the error caused by qp->sk
    - misc: ocxl: fix possible refcount leak in afu_ioctl()
    - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
    - dmaengine: hisilicon: Disable channels when unregister hisi_dma
    - dmaengine: hisilicon: Fix CQ head update
    - dmaengine: hisilicon: Add multi-thread support for a DMA channel
    - dyndbg: fix static_branch manipulation
    - dyndbg: fix module.dyndbg handling
    - dyndbg: let query-modname override actual module name
    - dyndbg: drop EXPORTed dynamic_debug_exec_queries
    - clk: qcom: sm6115: Select QCOM_GDSC
    - mtd: devices: docg3: check the return value of devm_ioremap() in the probe
    - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by
      of_get_parent()
    - phy: phy-mtk-tphy: fix the phy type setting issue
    - mtd: rawnand: intel: Read the chip-select line from the correct OF node
    - mtd: rawnand: intel: Remove undocumented compatible string
    - mtd: rawnand: fsl_elbc: Fix none ECC mode
    - RDMA/irdma: Align AE id codes to correct flush code and event
    - RDMA/srp: Fix srp_abort()
    - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
    - RDMA/siw: Fix QP destroy to wait for all references dropped.
    - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
    - ata: fix ata_id_has_devslp()
    - ata: fix ata_id_has_ncq_autosense()
    - ata: fix ata_id_has_dipm()
    - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
    - md/raid5: Ensure stripe_fill happens on non-read IO with journal
    - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
    - RDMA/cm: Use SLID in the work completion as the DLID in responder side
    - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
    - xhci: Don't show warning for reinit on known broken suspend
    - usb: gadget: function: fix dangling pnp_string in f_printer.c
    - drivers: serial: jsm: fix some leaks in probe
    - serial: 8250: Toggle IER bits on only after irq has been set up
    - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown
    - phy: qualcomm: call clk_disable_unprepare in the error handling
    - staging: vt6655: fix some erroneous memory clean-up loops
    - slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON
    - firmware: google: Test spinlock on panic path to avoid lockups
    - serial: 8250: Fix restoring termios speed after suspend
    - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
    - scsi: iscsi: Rename iscsi_conn_queue_work()
    - scsi: iscsi: Add recv workqueue helpers
    - scsi: iscsi: Run recv path from workqueue
    - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
    - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
    - clk: qcom: gcc-sm6115: Override default Alpha PLL regs
    - RDMA/rxe: Fix resize_finish() in rxe_queue.c
    - fsi: core: Check error number after calling ida_simple_get
    - mfd: intel_soc_pmic: Fix an error handling path in
      intel_soc_pmic_i2c_probe()
    - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
    - mfd: lp8788: Fix an error handling path in lp8788_probe()
    - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and
      lp8788_irq_init()
    - mfd: fsl-imx25: Fix check for platform_get_irq() errors
    - mfd: sm501: Add check for platform_driver_register()
    - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
    - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in
      __cleanup()
    - usb: mtu3: fix failed runtime suspend in host only mode
    - spmi: pmic-arb: correct duplicate APID to PPID mapping logic
    - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
    - clk: baikal-t1: Fix invalid xGMAC PTP clock divider
    - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
    - clk: baikal-t1: Add SATA internal ref clock buffer
    - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
    - clk: imx: scu: fix memleak on platform_device_add() fails
    - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
    - clk: ast2600: BCLK comes from EPLL
    - mailbox: mpfs: fix handling of the reg property
    - mailbox: mpfs: account for mbox offsets while sending
    - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
    - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig
    - powerpc/math_emu/efp: Include module.h
    - powerpc/sysdev/fsl_msi: Add missing of_node_put()
    - powerpc/pci_dn: Add missing of_node_put()
    - powerpc/powernv: add missing of_node_put() in opal_export_attrs()
    - powerpc: Fix fallocate and fadvise64_64 compat parameter combination
    - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
    - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
    - powerpc: Fix SPE Power ISA properties for e500v1 platforms
    - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()
    - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
    - crypto: sahara - don't sleep when in softirq
    - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
    - hwrng: arm-smccc-trng - fix NO_ENTROPY handling
    - cgroup: Honor caller's cgroup NS when resolving path
    - hwrng: imx-rngc - Moving IRQ handler registering after
      imx_rngc_irq_mask_clear()
    - crypto: qat - fix default value of WDT timer
    - crypto: hisilicon/qm - fix missing put dfx access
    - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
    - iommu/omap: Fix buffer overflow in debugfs
    - crypto: akcipher - default implementation for setting a private key
    - crypto: ccp - Release dma channels before dmaengine unrgister
    - crypto: inside-secure - Change swab to swab32
    - crypto: qat - fix DMA transfer direction
    - cifs: return correct error in ->calc_signature()
    - iommu/iova: Fix module config properly
    - tracing: kprobe: Fix kprobe event gen test module on exit
    - tracing: kprobe: Make gen test module work in arm and riscv
    - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads
    - kbuild: remove the target in signal traps when interrupted
    - kbuild: rpm-pkg: fix breakage when V=1 is used
    - crypto: marvell/octeontx - prevent integer overflows
    - crypto: cavium - prevent integer overflow loading firmware
    - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
    - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak
    - f2fs: fix race condition on setting FI_NO_EXTENT flag
    - f2fs: fix to account FS_CP_DATA_IO correctly
    - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
    - fs: dlm: fix race in lowcomms
    - rcu: Avoid triggering strict-GP irq-work when RCU is idle
    - rcu: Back off upon fill_page_cache_func() allocation failure
    - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
    - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
    - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address
    - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode
    - MIPS: BCM47XX: Cast memcmp() of function to (void *)
    - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
    - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to
      avoid crash
    - ARM: decompressor: Include .data.rel.ro.local
    - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable
    - x86/entry: Work around Clang __bdos() bug
    - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
    - NFSD: fix use-after-free on source server when doing inter-server copy
    - wifi: brcmfmac: fix invalid address access when enabling SCAN log level
    - bpftool: Clear errno after libcap's checks
    - ice: set tx_tstamps when creating new Tx rings via ethtool
    - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329
    - openvswitch: Fix double reporting of drops in dropwatch
    - openvswitch: Fix overreporting of drops in dropwatch
    - tcp: annotate data-race around tcp_md5sig_pool_populated
    - x86/mce: Retrieve poison range from hardware
    - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
    - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround
    - xfrm: Update ipcomp_scratches with NULL when freed
    - iavf: Fix race between iavf_close and iavf_reset_task
    - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
    - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk
    - regulator: core: Prevent integer underflow
    - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
    - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
    - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
    - can: bcm: check the result of can_send() in bcm_can_tx()
    - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
    - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
    - wifi: rt2x00: set VGC gain for both chains of MT7620
    - wifi: rt2x00: set SoC wmac clock register
    - wifi: rt2x00: correctly set BBP register 86 for MT7620
    - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms
    - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
    - Bluetooth: L2CAP: Fix user-after-free
    - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc()
    - drm: Use size_t type for len variable in drm_copy_field()
    - drm: Prevent drm_copy_field() to attempt copying a NULL pointer
    - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook
    - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init()
    - drm/amd/display: fix overflow on MIN_I64 definition
    - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
    - drm: bridge: dw_hdmi: only trigger hotplug event on link change
    - ALSA: usb-audio: Register card at the last interface
    - drm/vc4: vec: Fix timings for VEC modes
    - drm: panel-orientation-quirks: Add quirk for Anbernic Win600
    - platform/chrome: cros_ec: Notify the PM of wake events during resume
    - platform/x86: msi-laptop: Change DMI match / alias strings to fix module
      autoloading
    - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms
    - drm/amdgpu: fix initial connector audio value
    - drm/meson: reorder driver deinit sequence to fix use-after-free bug
    - drm/meson: explicitly remove aggregate driver at module unload time
    - mmc: sdhci-msm: add compatible string check for sdm670
    - drm/dp: Don't rewrite link config when setting phy test pattern
    - drm/amd/display: Remove interface for periodic interrupt 1
    - ARM: dts: imx7d-sdb: config the max pressure for tsc2046
    - ARM: dts: imx6q: add missing properties for sram
    - ARM: dts: imx6dl: add missing properties for sram
    - ARM: dts: imx6qp: add missing properties for sram
    - ARM: dts: imx6sl: add missing properties for sram
    - ARM: dts: imx6sll: add missing properties for sram
    - ARM: dts: imx6sx: add missing properties for sram
    - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT
    - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply
    - btrfs: dump extra info if one free space cache has more bitmaps than it
      should
    - btrfs: scrub: try to fix super block errors
    - btrfs: don't print information about space cache or tree every remount
    - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
    - clk: zynqmp: Fix stack-out-of-bounds in strncpy`
    - media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
    - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc
    - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
    - usb: host: xhci-plat: suspend and resume clocks
    - usb: host: xhci-plat: suspend/resume clks for brcm
    - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow
    - scsi: 3w-9xxx: Avoid disabling device if failing to enable it
    - nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
    - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to
      identity
    - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
    - staging: vt6655: fix potential memory leak
    - blk-throttle: prevent overflow while calculating wait time
    - ata: libahci_platform: Sanity check the DT child nodes number
    - bcache: fix set_at_max_writeback_rate() for multiple attached devices
    - soundwire: cadence: Don't overwrite msg->buf during write commands
    - soundwire: intel: fix error handling on dai registration issues
    - HID: roccat: Fix use-after-free in roccat_read()
    - eventfd: guard wake_up in eventfd fs calls as well
    - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
    - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
    - usb: musb: Fix musb_gadget.c rxstate overflow bug
    - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes
    - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after
      resume bug
    - Revert "usb: storage: Add quirk for Samsung Fit flash"
    - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()
    - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
    - scsi: tracing: Fix compile error in trace_array calls when TRACING is
      disabled
    - ext2: Use kvmalloc() for group descriptor array
    - nvme: copy firmware_rev on each init
    - nvmet-tcp: add bounds check on Transfer Tag
    - usb: idmouse: fix an uninit-value in idmouse_open
    - clk: bcm2835: Make peripheral PLLC critical
    - clk: bcm2835: Round UART input clock up
    - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
    - io_uring: correct pinned_vm accounting
    - io_uring/rw: fix short rw error handling
    - io_uring/rw: fix error'ed retry return values
    - io_uring/rw: fix unexpected link breakage
    - mm: hugetlb: fix UAF in hugetlb_handle_userfault
    - net: ieee802154: return -EINVAL for unknown addr type
    - ALSA: usb-audio: Fix last interface check for registration
    - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
    - [Config] updateconfigs for MDIO_BITBANG
    - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses
    - Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
    - net/ieee802154: don't warn zero-sized raw_sendmsg()
    - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n
    - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
    - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
    - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5
    - [Config] updateconfigs for AS_HAS_NON_CONST_LEB128
    - ext4: continue to expand file system when the target size doesn't reach
    - thermal: intel_powerclamp: Use first online CPU as control_cpu
    - gcov: support GCC 12.1 and newer compilers
    - io-wq: Fix memory leak in worker creation
    - Linux 5.15.75
  * [SRU] Ubuntu 22.04 - NVMe TCP - Host fails to reconnect to target after
    link down/link up sequence (LP: #1989990)
    - nvme-fabrics: parse nvme connect Linux error codes
    - nvme-tcp: handle number of queue changes
    - nvme-rdma: handle number of queue changes
    - nvmet: expose max queues to configfs

linux-azure-5.15 (5.15.0-1031.38~20.04.1) focal; urgency=medium

* focal/linux-azure-5.15: 5.15.0-1031.38~20.04.1 -proposed tracker
    (LP: #2001631)

[ Ubuntu: 5.15.0-1031.38 ]

* jammy/linux-azure: 5.15.0-1031.38 -proposed tracker (LP: #2001632)
  * jammy/linux: 5.15.0-58.64 -proposed tracker (LP: #2001670)
  * CVE-2022-3643
    - xen/netback: Ensure protocol headers don't fall in the non-linear area
  * CVE-2022-4378
    - proc: proc_skip_spaces() shouldn't think it is working on C strings
    - proc: avoid integer type confusion in get_proc_long
  * CVE-2022-45934
    - Bluetooth: L2CAP: Fix u8 overflow
  * CVE-2022-42896
    - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
    - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

linux-azure-5.15 (5.15.0-1030.37~20.04.1) focal; urgency=medium

* focal/linux-azure-5.15: 5.15.0-1030.37~20.04.1 -proposed tracker
    (LP: #1999437)

* Packaging resync (LP: #1786013)
    - debian/dkms-versions -- update from kernel-versions (main/2022.10.10)

[ Ubuntu: 5.15.0-1030.37 ]

* jammy/linux-azure: 5.15.0-1030.37 -proposed tracker (LP: #1999425)
  * Azure: Jammy fio test causes panic (LP: #1996806)
    - scsi: storvsc: Fix unsigned comparison to zero
  * Azure: Jammy fio test hangs, swiotlb buffers exhausted (LP: #1998838)
    - SAUCE: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
  * Azure: hv_netvsc: Fix race between VF offering and VF association message
    from host (LP: #1994974)
    - hv_netvsc: Fix race between VF offering and VF association message from host
  * [Azure][Arm64] Unable to detect all VF nics / Failing provisioning
    (LP: #1996117)
    - PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
  * Azure: MANA New Feature MANA XDP_Redirect Action (LP: #1998351)
    - net: mana: Add support of XDP_REDIRECT action
  * jammy/linux: 5.15.0-57.63 -proposed tracker (LP: #1997737)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - debian/dkms-versions -- update from kernel-versions (main/2022.11.14)
  * Expose built-in trusted and revoked certificates (LP: #1996892)
    - [Packaging] Expose built-in trusted and revoked certificates
  * TEE Support for CCP driver (LP: #1991608)
    - crypto: ccp: Add support for TEE for PCI ID 0x14CA
  * alsa: soc: the kernel print UBSAN calltrace on the machine with cs35l41
    codec (LP: #1996121)
    - ASoC: cs35l41: Add one more variable in the debug log
    - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t
  * Fix ath11k deadlock on WCN6855 (LP: #1995041)
    - wifi: ath11k: avoid deadlock during regulatory update in
      ath11k_regd_update()
  * [UBUNTU 20.04] boot: Add s390x secure boot trailer (LP: #1996071)
    - s390/boot: add secure boot trailer
  * Fix rfkill causing soft blocked wifi (LP: #1996198)
    - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  * Fix Thunderbolt device hotplug fail when connect via thunderbolt dock
    (LP: #1991366)
    - PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
    - PCI: Pass available buses even if the bridge is already configured
    - PCI: Move pci_assign_unassigned_root_bus_resources()
    - PCI: Distribute available resources for root buses, too
    - PCI: Fix whitespace and indentation
    - PCI: Fix typo in pci_scan_child_bus_extend()
  * md: Replace snprintf with scnprintf (LP: #1993315)
    - md: Replace snprintf with scnprintf
  * input/keyboard: the keyboard on some Asus laptops can't work (LP: #1992266)
    - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA
    - ACPI: resource: Add ASUS model S5402ZA to quirks
  * Fix Turbostat is not working for fam: 6 model: 191: stepping: 2 CPU
    (LP: #1991365)
    - tools/power turbostat: Add support for RPL-S
  * pcieport 0000:00:1b.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal),
    type=Transaction Layer, (Requester ID) (LP: #1988797)
    - PCI/PTM: Cache PTM Capability offset
    - PCI/PTM: Add pci_upstream_ptm() helper
    - PCI/PTM: Separate configuration and enable
    - PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm()
    - PCI/PTM: Move pci_ptm_info() body into its only caller
    - PCI/PTM: Preserve RsvdP bits in PTM Control register
    - PCI/PTM: Reorder functions in logical order
    - PCI/PTM: Consolidate PTM interface declarations
    - PCI/PM: Always disable PTM for all devices during suspend
    - PCI/PM: Simplify pci_pm_suspend_noirq()
  * Fix RPL-S support on powercap/intel_rapl (LP: #1990161)
    - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
    - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
    - x86/cpu: Add new Raptor Lake CPU model number
    - powercap: intel_rapl: add support for RaptorLake
    - powercap: intel_rapl: Add support for RAPTORLAKE_P
    - powercap: intel_rapl: Add support for RAPTORLAKE_S
  * AMD Yellow Carp system hang on HDMI plug in/out over HP hook2 docking
    (LP: #1991974)
    - drm/amd/display: Fix for link encoder access for MST.
    - drm/amd/display: Fix MST link encoder availability check.
    - drm/amd/display: FEC configuration for dpia links
    - drm/amd/display: FEC configuration for dpia links in MST mode
    - drm/amd/display: Add work around for tunneled MST.
  * Jammy update: v5.15.74 upstream stable release (LP: #1995638)
    - nilfs2: fix use-after-free bug of struct nilfs_root
    - nilfs2: fix leak of nilfs_root in case of writer thread creation failure
    - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
    - ceph: don't truncate file in atomic_open
    - random: restore O_NONBLOCK support
    - random: clamp credited irq bits to maximum mixed
    - ALSA: hda: Fix position reporting on Poulsbo
    - efi: Correct Macmini DMI match in uefi cert quirk
    - USB: serial: qcserial: add new usb-id for Dell branded EM7455
    - Revert "powerpc/rtas: Implement reentrant rtas call"
    - Revert "crypto: qat - reduce size of mapped region"
    - random: avoid reading two cache lines on irq randomness
    - random: use expired timer rather than wq for mixing fast pool
    - Input: xpad - add supported devices as contributed on github
    - Input: xpad - fix wireless 360 controller breaking after suspend
    - misc: pci_endpoint_test: Aggregate params checking for xfer
    - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic
    - Linux 5.15.74
  * Jammy update: v5.15.73 upstream stable release (LP: #1995637)
    - Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
    - docs: update mediator information in CoC docs
    - xsk: Inherit need_wakeup flag for shared sockets
    - mm: gup: fix the fast GUP race against THP collapse
    - powerpc/64s/radix: don't need to broadcast IPI for radix pmd collapse flush
    - firmware: arm_scmi: Improve checks in the info_get operations
    - firmware: arm_scmi: Harden accesses to the sensor domains
    - firmware: arm_scmi: Add SCMI PM driver remove routine
    - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
    - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
    - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API
      failure
    - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
    - scsi: qedf: Fix a UAF bug in __qedf_probe()
    - net/ieee802154: fix uninit value bug in dgram_sendmsg
    - net: marvell: prestera: add support for for Aldrin2
    - ALSA: hda/hdmi: Fix the converter reuse for the silent stream
    - um: Cleanup syscall_handler_t cast in syscalls_32.h
    - um: Cleanup compiler warning in arch/x86/um/tls_32.c
    - arch: um: Mark the stack non-executable to fix a binutils warning
    - net: atlantic: fix potential memory leak in aq_ndev_close()
    - drm/amd/display: Fix double cursor on non-video RGB MPO
    - drm/amd/display: Assume an LTTPR is always present on fixed_vs links
    - drm/amd/display: update gamut remap if plane has changed
    - drm/amd/display: skip audio setup when audio stream is enabled
    - mmc: core: Replace with already defined values for readability
    - mmc: core: Terminate infinite loop in SD-UHS voltage switch
    - perf parse-events: Identify broken modifiers
    - mm/huge_memory: minor cleanup for split_huge_pages_all
    - mm/huge_memory: use pfn_to_online_page() in split_huge_pages_all()
    - wifi: cfg80211: fix MCS divisor value
    - net/mlx5: Disable irq when locking lag_lock
    - usb: mon: make mmapped memory read only
    - USB: serial: ftdi_sio: fix 300 bps rate for SIO
    - rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
    - Revert "clk: ti: Stop using legacy clkctrl names for omap4 and 5"
    - Linux 5.15.73
  * Jammy update: v5.15.72 upstream stable release (LP: #1995517)
    - ALSA: hda: Do disconnect jacks at codec unbind
    - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation
    - ALSA: hda: Fix Nvidia dp infoframe
    - cgroup: reduce dependency on cgroup_mutex
    - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
    - uas: add no-uas quirk for Hiksemi usb_disk
    - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS
    - uas: ignore UAS for Thinkplus chips
    - usb: typec: ucsi: Remove incorrect warning
    - thunderbolt: Explicitly reset plug events delay back to USB4 spec value
    - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
    - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
    - can: c_can: don't cache TX messages for C_CAN cores
    - clk: ingenic-tcu: Properly enable registers before accessing timers
    - x86/sgx: Do not fail on incomplete sanitization on premature stop of ksgxd
    - ARM: dts: integrator: Tag PCI host with device_type
    - ntfs: fix BUG_ON in ntfs_lookup_inode_by_name()
    - mm/damon/dbgfs: fix memory leak when using debugfs_lookup()
    - net: mt7531: only do PLL once after the reset
    - Revert "firmware: arm_scmi: Add clock management to the SCMI power domain"
    - drm/i915/gt: Restrict forced preemption to the active context
    - drm/amdgpu: Add amdgpu suspend-resume code path under SRIOV
    - vduse: prevent uninitialized memory accesses
    - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
    - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
    - mmc: hsq: Fix data stomping during mmc recovery
    - mm/page_alloc: fix race condition between build_all_zonelists and page
      allocation
    - mm: prevent page_frag_alloc() from corrupting the memory
    - mm: fix dereferencing possible ERR_PTR
    - mm/migrate_device.c: flush TLB while holding PTL
    - mm: fix madivse_pageout mishandling on non-LRU page
    - mm,hwpoison: check mm when killing accessing process
    - media: dvb_vb2: fix possible out of bound access
    - media: rkvdec: Disable H.264 error detection
    - media: v4l2-compat-ioctl32.c: zero buffer passed to
      v4l2_compat_get_array_args()
    - swiotlb: max mapping size takes min align mask into account
    - ARM: dts: am33xx: Fix MMCHS0 dma properties
    - reset: imx7: Fix the iMX8MP PCIe PHY PERST support
    - ARM: dts: am5748: keep usb4_tm disabled
    - soc: sunxi: sram: Actually claim SRAM regions
    - soc: sunxi: sram: Prevent the driver from being unbound
    - soc: sunxi_sram: Make use of the helper function
      devm_platform_ioremap_resource()
    - soc: sunxi: sram: Fix probe function ordering issues
    - soc: sunxi: sram: Fix debugfs info for A64 SRAM C
    - ASoC: imx-card: Fix refcount issue with of_node_put
    - arm64: dts: qcom: sm8350: fix UFS PHY serdes size
    - ASoC: tas2770: Reinit regcache on reset
    - drm/bridge: lt8912b: add vsync hsync
    - drm/bridge: lt8912b: set hdmi or dvi mode
    - drm/bridge: lt8912b: fix corrupted image output
    - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in
      suspend/resume time"
    - Input: melfas_mip4 - fix return value check in mip4_probe()
    - gpio: mvebu: Fix check for pwm support on non-A8K platforms
    - usbnet: Fix memory leak in usbnet_disconnect()
    - net: sched: act_ct: fix possible refcount leak in tcf_ct_init()
    - cxgb4: fix missing unlock on ETHOFLD desc collect fail path
    - net/mlxbf_gige: Fix an IS_ERR() vs NULL bug in mlxbf_gige_mdio_probe
    - nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
    - wifi: mac80211: fix regression with non-QoS drivers
    - net: stmmac: power up/down serdes in stmmac_open/release
    - net: phy: Don't WARN for PHY_UP state in mdio_bus_phy_resume()
    - selftests: Fix the if conditions of in test_extra_filter()
    - vdpa/ifcvf: fix the calculation of queuepair
    - fs: split off setxattr_copy and do_setxattr function from setxattr
    - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
    - clk: iproc: Do not rely on node name for correct PLL setup
    - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest
    - x86/alternative: Fix race in try_get_desc()
    - drm/i915/gem: Really move i915_gem_context.link under ref protection
    - Linux 5.15.72
  * Jammy update: v5.15.71 upstream stable release (LP: #1995420)
    - drm/amdgpu: Separate vf2pf work item init from virt data exchange
    - drm/amdgpu: make sure to init common IP before gmc
    - staging: r8188eu: Remove support for devices with 8188FU chipset (0bda:f179)
    - staging: r8188eu: Add Rosewill USB-N150 Nano to device tables
    - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
    - usb: dwc3: Issue core soft reset before enabling run/stop
    - usb: dwc3: gadget: Prevent repeat pullup()
    - usb: dwc3: gadget: Refactor pullup()
    - usb: dwc3: gadget: Don't modify GEVNTCOUNT in pullup()
    - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
    - usb: add quirks for Lenovo OneLink+ Dock
    - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
    - Revert "usb: add quirks for Lenovo OneLink+ Dock"
    - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
    - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
    - USB: core: Fix RST error in hub.c
    - USB: serial: option: add Quectel BG95 0x0203 composition
    - USB: serial: option: add Quectel RM520N
    - ALSA: core: Fix double-free at snd_card_new()
    - ALSA: hda/tegra: set depop delay for tegra
    - ALSA: hda: add Intel 5 Series / 3400 PCI DID
    - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9
    - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
    - ALSA: hda/realtek: Re-arrange quirk table entries
    - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
    - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
    - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
    - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
    - iommu/vt-d: Check correct capability for sagaw determination
    - btrfs: fix hang during unmount when stopping block group reclaim worker
    - btrfs: fix hang during unmount when stopping a space reclaim worker
    - media: flexcop-usb: fix endpoint type check
    - usb: dwc3: core: leave default DMA if the controller does not support 64-bit
      DMA
    - efi: x86: Wipe setup_data on pure EFI boot
    - efi: libstub: check Shim mode using MokSBStateRT
    - wifi: mt76: fix reading current per-tid starting sequence number for
      aggregation
    - gpio: mockup: fix NULL pointer dereference when removing debugfs
    - gpio: mockup: Fix potential resource leakage when register a chip
    - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
    - riscv: fix a nasty sigreturn bug...
    - kasan: call kasan_malloc() from __kmalloc_*track_caller()
    - can: flexcan: flexcan_mailbox_read() fix return value for drop = true
    - net: mana: Add rmb after checking owner bits
    - mm/slub: fix to return errno if kmalloc() fails
    - mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
    - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
    - arm64: topology: fix possible overflow in amu_fie_setup()
    - vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment
    - xfs: reorder iunlink remove operation in xfs_ifree
    - xfs: fix xfs_ifree() error handling to not leak perag ref
    - xfs: validate inode fork size against fork format
    - firmware: arm_scmi: Harden accesses to the reset domains
    - firmware: arm_scmi: Fix the asynchronous reset requests
    - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
    - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core
    - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
    - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
    - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
    - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
    - netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
    - netfilter: nf_conntrack_irc: Tighten matching on DCC message
    - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
    - ice: Don't double unplug aux on peer initiated reset
    - iavf: Fix cached head and tail value for iavf_get_tx_pending
    - ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
    - net: core: fix flow symmetric hash
    - net: phy: aquantia: wait for the suspend/resume operations to finish
    - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
    - scsi: mpt3sas: Fix return value check of dma_get_required_mask()
    - net: bonding: Share lacpdu_mcast_addr definition
    - net: bonding: Unsync device addresses on ndo_stop
    - net: team: Unsync device addresses on ndo_stop
    - drm/panel: simple: Fix innolux_g121i1_l01 bus_format
    - MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
    - MIPS: Loongson32: Fix PHY-mode being left unspecified
    - um: fix default console kernel parameter
    - iavf: Fix bad page state
    - mlxbf_gige: clear MDIO gateway lock after read
    - i40e: Fix set max_tx_rate when it is lower than 1 Mbps
    - sfc: fix TX channel offset when using legacy interrupts
    - sfc: fix null pointer dereference in efx_hard_start_xmit
    - drm/hisilicon/hibmc: Allow to be built if COMPILE_TEST is enabled
    - drm/hisilicon: Add depends on MMU
    - of: mdio: Add of_node_put() when breaking out of for_each_xx
    - net: ipa: properly limit modem routing table use
    - wireguard: ratelimiter: disable timings test by default
    - wireguard: netlink: avoid variable-sized memcpy on sockaddr
    - net: enetc: move enetc_set_psfp() out of the common enetc_set_features()
    - net: enetc: deny offload of tc-based TSN features on VF interfaces
    - net/sched: taprio: avoid disabling offload when it was never enabled
    - net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child
      qdiscs
    - netfilter: nf_tables: fix nft_counters_enabled underflow at
      nf_tables_addchain()
    - netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
    - netfilter: ebtables: fix memory leak when blob is malformed
    - net: ravb: Fix PHY state warning splat during system resume
    - net: sh_eth: Fix PHY state warning splat during system resume
    - can: gs_usb: gs_can_open(): fix race dev->can.state condition
    - perf stat: Fix BPF program section name
    - perf jit: Include program header in ELF files
    - perf kcore_copy: Do not check /proc/modules is unchanged
    - perf tools: Honor namespace when synthesizing build-ids
    - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
    - net/smc: Stop the CLC flow if no link to map buffers on
    - bonding: fix NULL deref in bond_rr_gen_slave_id
    - net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
    - net: sched: fix possible refcount leak in tc_new_tfilter()
    - bnxt: prevent skb UAF after handing over to PTP worker
    - selftests: forwarding: add shebang for sch_red.sh
    - KVM: x86/mmu: Fold rmap_recycle into rmap_add
    - serial: fsl_lpuart: Reset prior to registration
    - serial: Create uart_xmit_advance()
    - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
    - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
    - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
    - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV
    - Drivers: hv: Never allocate anything besides framebuffer from framebuffer
      memory region
    - drm/gma500: Fix BUG: sleeping function called from invalid context errors
    - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid
      cards
    - drm/amdgpu: use dirty framebuffer helper
    - drm/amd/display: Limit user regamma to a valid value
    - drm/amd/display: Reduce number of arguments of dml31's
      CalculateWatermarksAndDRAMSpeedChangeSupport()
    - drm/amd/display: Reduce number of arguments of dml31's
      CalculateFlipSchedule()
    - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage
    - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
    - fsdax: Fix infinite loop in dax_iomap_rw()
    - workqueue: don't skip lockdep work dependency in cancel_work_sync()
    - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
    - i2c: mlxbf: incorrect base address passed during io write
    - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()
    - i2c: mlxbf: Fix frequency calculation
    - drm/amdgpu: don't register a dirty callback for non-atomic
    - NFSv4: Fixes for nfs4_inode_return_delegation()
    - devdax: Fix soft-reservation memory description
    - ext4: make directory inode spreading reflect flexbg size
    - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0
    - ext4: limit the number of retries after discarding preallocations blocks
    - ext4: make mballoc try target group first even with mb_optimize_scan
    - ext4: avoid unnecessary spreading of allocations among groups
    - ext4: use locality group preallocation for small closed files
    - Linux 5.15.71
    - Revert "drm/amdgpu: use dirty framebuffer helper"
  * Jammy update: v5.15.70 upstream stable release (LP: #1995415)
    - drm/tegra: vic: Fix build warning when CONFIG_PM=n
    - serial: atmel: remove redundant assignment in rs485_config
    - tty: serial: atmel: Preserve previous USART mode if RS485 disabled
    - of: fdt: fix off-by-one error in unflatten_dt_nodes()
    - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map
    - pinctrl: qcom: sc8180x: Fix wrong pin numbers
    - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
    - pinctrl: sunxi: Fix name for A100 R_PIO
    - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
    - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
    - drm/meson: Correct OSD1 global alpha value
    - drm/meson: Fix OSD1 RGB to YCbCr coefficient
    - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for
      nowait
    - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe()
    - of/device: Fix up of_dma_configure_id() stub
    - cifs: revalidate mapping when doing direct writes
    - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM
    - cifs: always initialize struct msghdr smb_msg completely
    - parisc: Allow CONFIG_64BIT with ARCH=parisc
    - tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa
    - drm/amdgpu: Don't enable LTR if not supported
    - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega
    - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega
    - binder: remove inaccurate mmap_assert_locked()
    - arm64: dts: juno: Add missing MHU secure-irq
    - ASoC: nau8824: Fix semaphore unbalance at error paths
    - regulator: pfuze100: Fix the global-out-of-bounds access in
      pfuze100_regulator_probe()
    - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
    - rxrpc: Fix local destruction being repeated
    - rxrpc: Fix calc of resend age
    - wifi: mac80211_hwsim: check length for virtio packets
    - ALSA: hda/sigmatel: Keep power up while beep is enabled
    - ALSA: hda/tegra: Align BDL entry to 4KB boundary
    - net: usb: qmi_wwan: add Quectel RM520N
    - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
    - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
    - drm/panfrost: devfreq: set opp to the recommended one to configure regulator
    - mksysmap: Fix the mismatch of 'L0' symbols in System.map
    - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
    - net: Find dst with sk's xfrm policy not ctl_sk
    - KVM: SEV: add cache flush to solve SEV cache incoherency issues
    - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
    - ALSA: hda/sigmatel: Fix unused variable warning for beep power change
    - Linux 5.15.70
  * Jammy update: v5.15.69 upstream stable release (LP: #1993010)
    - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests
    - ACPI: resource: skip IRQ override on AMD Zen platforms
    - ARM: dts: imx: align SPI NOR node name with dtschema
    - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
    - ARM: dts: at91: fix low limit for CPU regulator
    - ARM: dts: at91: sama7g5ek: specify proper regulator output ranges
    - lockdep: Fix -Wunused-parameter for _THIS_IP_
    - x86/mm: Force-inline __phys_addr_nodebug()
    - task_stack, x86/cea: Force-inline stack helpers
    - tracing: hold caller_addr to hardirq_{enable,disable}_ip
    - tracefs: Only clobber mode/uid/gid on remount if asked
    - iommu/vt-d: Fix kdump kernels boot failure with scalable mode
    - Input: goodix - add support for GT1158
    - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2
    - drm/msm/rd: Fix FIFO-full deadlock
    - dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins
    - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
    - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
    - tg3: Disable tg3 device on system reboot to avoid triggering AER
    - gpio: mockup: remove gpio debugfs when remove device
    - ieee802154: cc2520: add rc code in cc2520_tx()
    - Input: iforce - add support for Boeder Force Feedback Wheel
    - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
    - drm/amd/amdgpu: skip ucode loading if ucode_size == 0
    - net: dsa: hellcreek: Print warning only once
    - perf/arm_pmu_platform: fix tests for platform_get_irq() failure
    - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes
    - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
    - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()
    - soc: fsl: select FSL_GUTS driver for DPIO
    - usb: gadget: f_uac2: clean up some inconsistent indenting
    - usb: gadget: f_uac2: fix superspeed transfer
    - RDMA/irdma: Use s/g array in post send only when its valid
    - Input: goodix - add compatible string for GT1158
    - Linux 5.15.69
  * Jammy update: v5.15.68 upstream stable release (LP: #1993003)
    - net: wwan: iosm: remove pointless null check
    - efi: libstub: Disable struct randomization
    - efi: capsule-loader: Fix use-after-free in efi_capsule_write
    - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
      il4965_rs_fill_link_cmd()
    - fs: only do a memory barrier for the first set_buffer_uptodate()
    - Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
    - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
    - scsi: megaraid_sas: Fix double kfree()
    - drm/gem: Fix GEM handle release errors
    - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to
      psp_hw_fini
    - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
    - drm/radeon: add a force flush to delay work when radeon
    - scsi: ufs: core: Reduce the power mode change timeout
    - Revert "parisc: Show error if wrong 32/64-bit compiler is being used"
    - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
    - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
    - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned
      fw_level
    - netfilter: conntrack: work around exceeded receive window
    - cpufreq: check only freq_table in __resolve_freq()
    - net/core/skbuff: Check the return value of skb_copy_bits()
    - md: Flush workqueue md_rdev_misc_wq in md_alloc()
    - fbdev: fbcon: Destroy mutex on freeing struct fb_info
    - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
    - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
    - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
    - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
    - ALSA: aloop: Fix random zeros in capture data when using jiffies timer
    - ALSA: usb-audio: Fix an out-of-bounds bug in
      __snd_usb_parse_audio_interface()
    - tracing: Fix to check event_mutex is held while accessing trigger list
    - btrfs: zoned: set pseudo max append zone limit in zone emulation mode
    - vfio/type1: Unpin zero pages
    - kprobes: Prohibit probes in gate area
    - debugfs: add debugfs_lookup_and_remove()
    - sched/debug: fix dentry leak in update_sched_domain_debugfs
    - drm/amd/display: fix memory leak when using debugfs_lookup()
    - nvmet: fix a use-after-free
    - scsi: mpt3sas: Fix use-after-free warning
    - scsi: lpfc: Add missing destroy_workqueue() in error path
    - NFS: Further optimisations for 'ls -l'
    - NFS: Save some space in the inode
    - NFS: Fix another fsync() issue after a server reboot
    - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an
      empty subtree
    - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
    - ASoC: qcom: sm8250: add missing module owner
    - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg
    - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL
    - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
    - soc: imx: gpcv2: Assert reset before ungating clock
    - regulator: core: Clean up on enable failure
    - tee: fix compiler warning in tee_shm_register()
    - RDMA/cma: Fix arguments order in net device validation
    - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
    - RDMA/hns: Fix supported page size
    - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift
    - wifi: wilc1000: fix DMA on stack objects
    - ARM: at91: pm: fix self-refresh for sama7g5
    - ARM: at91: pm: fix DDR recalibration when resuming from backup and self-
      refresh
    - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges
    - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges
    - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time
    - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time
    - netfilter: br_netfilter: Drop dst references before setting.
    - netfilter: nf_tables: clean up hook list when offload flags check fails
    - RDMA/srp: Set scmnd->result only when scmnd is not NULL
    - ALSA: usb-audio: Inform the delayed registration more properly
    - ALSA: usb-audio: Register card again for iface over delayed_register option
    - rxrpc: Fix ICMP/ICMP6 error handling
    - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2()
    - afs: Use the operation issue time instead of the reply time for callbacks
    - Revert "net: phy: meson-gxl: improve link-up behavior"
    - sch_sfb: Don't assume the skb is still around after enqueueing to child
    - tipc: fix shift wrapping bug in map_get()
    - net: introduce __skb_fill_page_desc_noacc
    - tcp: TX zerocopy should not sense pfmemalloc status
    - ice: use bitmap_free instead of devm_kfree
    - i40e: Fix kernel crash during module removal
    - iavf: Detach device during reset task
    - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed
    - RDMA/siw: Pass a pointer to virt_to_page()
    - ipv6: sr: fix out-of-bounds read when setting HMAC data.
    - IB/core: Fix a nested dead lock as part of ODP flow
    - RDMA/mlx5: Set local port to one when accessing counters
    - erofs: fix pcluster use-after-free on UP platforms
    - nvme-tcp: fix UAF when detecting digest errors
    - nvme-tcp: fix regression that causes sporadic requests to time out
    - tcp: fix early ETIMEDOUT after spurious non-SACK RTO
    - nvmet: fix mar and mor off-by-one errors
    - RDMA/irdma: Report the correct max cqes from query device
    - RDMA/irdma: Return correct WC error for bind operation failure
    - RDMA/irdma: Report RNR NAK generation in device caps
    - sch_sfb: Also store skb len before calling child enqueue
    - perf script: Fix Cannot print 'iregs' field for hybrid systems
    - hwmon: (tps23861) fix byte order in resistance register
    - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps
    - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion
    - MIPS: loongson32: ls1c: Fix hang during startup
    - kbuild: disable header exports for UML in a straightforward way
    - i40e: Refactor tc mqprio checks
    - i40e: Fix ADQ rate limiting for PF
    - swiotlb: avoid potential left shift overflow
    - iommu/amd: use full 64-bit value in build_completion_wait()
    - s390/boot: fix absolute zero lowcore corruption on boot
    - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined
    - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used
      sensors
    - hwmon: (mr75203) fix voltage equation for negative source input
    - hwmon: (mr75203) fix multi-channel voltage reading
    - hwmon: (mr75203) enable polling for all VM channels
    - arm64/bti: Disable in kernel BTI when cross section thunks are broken
    - [Config] updateconfigs for ARM64_BTI_KERNEL
    - iommu/vt-d: Correctly calculate sagaw value of IOMMU
    - [Config] updateconfigs for ARM64_ERRATUM_2457168
    - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly
    - drm/bridge: display-connector: implement bus fmts callbacks
    - perf machine: Use path__join() to compose a path instead of snprintf(dir,
      '/', filename)
    - ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency
    - Linux 5.15.68
  * Jammy update: v5.15.67 upstream stable release (LP: #1991841)
    - Linux 5.15.67
  * Jammy update: v5.15.66 upstream stable release (LP: #1991840)
    - drm/msm/dsi: fix the inconsistent indenting
    - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4
    - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
    - drm/msm/dsi: Fix number of regulators for SDM660
    - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
    - iio: adc: mcp3911: make use of the sign bit
    - skmsg: Fix wrong last sg check in sk_msg_recvmsg()
    - bpf: Restrict bpf_sys_bpf to CAP_PERFMON
    - bpf, cgroup: Fix kernel BUG in purge_effective_progs
    - ieee802154/adf7242: defer destroy_workqueue call
    - drm/i915/backlight: extract backlight code to a separate file
    - drm/i915/display: avoid warnings when registering dual panel backlight
    - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg
    - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
    - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
    - Revert "xhci: turn off port power in shutdown"
    - net: sparx5: fix handling uneven length packets in manual extraction
    - net: smsc911x: Stop and start PHY during suspend and resume
    - openvswitch: fix memory leak at failed datapath creation
    - net: dsa: xrs700x: Use irqsave variant for u64 stats update
    - net: sched: tbf: don't call qdisc_put() while holding tree lock
    - net/sched: fix netdevice reference leaks in attach_default_qdiscs()
    - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
    - mlxbf_gige: compute MDIO period based on i1clk
    - kcm: fix strp_init() order and cleanup
    - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
    - tcp: annotate data-race around challenge_timestamp
    - Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb"
    - net/smc: Remove redundant refcount increase
    - soundwire: qcom: fix device status array range
    - serial: fsl_lpuart: RS485 RTS polariy is inverse
    - staging: rtl8712: fix use after free bugs
    - staging: r8188eu: add firmware dependency
    - powerpc: align syscall table for ppc32
    - vt: Clear selection before changing the font
    - musb: fix USB_MUSB_TUSB6010 dependency
    - tty: serial: lpuart: disable flow control while waiting for the transmit
      engine to complete
    - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
    - iio: ad7292: Prevent regulator double disable
    - iio: adc: mcp3911: use correct formula for AD conversion
    - misc: fastrpc: fix memory corruption on probe
    - misc: fastrpc: fix memory corruption on open
    - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
    - mmc: core: Fix UHS-I SD 1.8V workaround branch
    - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure
    - binder: fix UAF of ref->proc caused by race condition
    - binder: fix alloc->vma_vm_mm null-ptr dereference
    - cifs: fix small mempool leak in SMB2_negotiate()
    - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted()
    - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
    - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
    - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
    - clk: core: Fix runtime PM sequence in clk_core_unprepare()
    - Input: rk805-pwrkey - fix module autoloading
    - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
    - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()
    - clk: bcm: rpi: Prevent out-of-bounds access
    - clk: bcm: rpi: Add missing newline
    - hwmon: (gpio-fan) Fix array out of bounds access
    - gpio: pca953x: Add mutex_lock for regcache sync in PM
    - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES
    - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
    - mm: pagewalk: Fix race between unmap and page walker
    - xen-blkback: Advertise feature-persistent as user requested
    - xen-blkfront: Advertise feature-persistent as user requested
    - xen-blkfront: Cache feature_persistent value before advertisement
    - thunderbolt: Use the actual buffer in tb_async_error()
    - usb: dwc3: pci: Add support for Intel Raptor Lake
    - media: mceusb: Use new usb_control_msg_*() routines
    - xhci: Add grace period after xHC start to prevent premature runtime suspend.
    - USB: serial: cp210x: add Decagon UCA device id
    - USB: serial: option: add support for OPPO R11 diag port
    - USB: serial: option: add Quectel EM060K modem
    - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
    - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles
    - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device
    - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes
    - usb: dwc2: fix wrong order of phy_power_on and phy_init
    - usb: cdns3: fix issue with rearming ISO OUT endpoint
    - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer
    - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
    - usb-storage: Add ignore-residue quirk for NXP PN7462AU
    - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
    - s390: fix nospec table alignments
    - USB: core: Prevent nested device-reset calls
    - usb: xhci-mtk: relax TT periodic bandwidth allocation
    - usb: xhci-mtk: fix bandwidth release issue
    - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
    - driver core: Don't probe devices after bus_type.match() probe deferral
    - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
    - wifi: mac80211: Fix UAF in ieee80211_scan_rx()
    - net: Use u64_stats_fetch_begin_irq() for stats fetch.
    - net: mac802154: Fix a condition in the receive path
    - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
    - ALSA: seq: oss: Fix data-race for max_midi_devs access
    - ALSA: seq: Fix data-race at module auto-loading
    - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
    - drm/i915: Skip wm/ddb readout for disabled pipes
    - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()
    - kbuild: Add skip_encoding_btf_enum64 option to pahole
    - usb: dwc3: fix PHY disable sequence
    - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
    - usb: dwc3: disable USB core PHY management
    - USB: serial: ch341: fix lost character on LCR updates
    - USB: serial: ch341: fix disabled rx timer on older devices
    - Linux 5.15.66
  * Jammy update: v5.15.65 upstream stable release (LP: #1991831)
    - mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
    - drm/bridge: Add stubs for devm_drm_of_get_bridge when OF is disabled
    - ACPI: thermal: drop an always true check
    - drm/vc4: hdmi: Rework power up
    - drm/vc4: hdmi: Depends on CONFIG_PM
    - firmware: tegra: bpmp: Do only aligned access to IPC memory area
    - crypto: lib - remove unneeded selection of XOR_BLOCKS
    - Drivers: hv: balloon: Support status report for larger page sizes
    - mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte
    - [Config] updateconfigs for ARM64_ERRATUM_2441009
    - arm64: errata: Add Cortex-A510 to the repeat tlbi list
    - io_uring: Remove unused function req_ref_put
    - kbuild: Fix include path in scripts/Makefile.modpost
    - Bluetooth: L2CAP: Fix build errors in some archs
    - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
    - udmabuf: Set the DMA mask for the udmabuf device (v2)
    - media: pvrusb2: fix memory leak in pvr_probe
    - HID: hidraw: fix memory leak in hidraw_release()
    - net: fix refcount bug in sk_psock_get (2)
    - fbdev: fb_pm2fb: Avoid potential divide by zero error
    - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is
      dead
    - bpf: Don't redirect packets with invalid pkt_len
    - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5
    - HID: add Lenovo Yoga C630 battery quirk
    - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks
    - HID: asus: ROG NKey: Ignore portion of 0x5a report
    - HID: thrustmaster: Add sparco wheel and fix array length
    - drm/i915/gt: Skip TLB invalidations once wedged
    - mmc: mtk-sd: Clear interrupts when cqe off/disable
    - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs
    - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx
    - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC
    - btrfs: remove root argument from btrfs_unlink_inode()
    - btrfs: remove no longer needed logic for replaying directory deletes
    - btrfs: add and use helper for unlinking inode during log replay
    - btrfs: fix warning during log replay when bumping inode link count
    - fs/ntfs3: Fix work with fragmented xattr
    - ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path
    - drm/amd/display: Avoid MPC infinite loop
    - drm/amd/display: Fix HDMI VSIF V3 incorrect issue
    - drm/amd/display: For stereo keep "FLIP_ANY_FRAME"
    - drm/amd/display: clear optc underflow before turn off odm clock
    - ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not
      configured
    - neigh: fix possible DoS due to net iface start/stop loop
    - s390/hypfs: avoid error message under KVM
    - ksmbd: don't remove dos attribute xattr on O_TRUNC open
    - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
    - drm/amd/display: Fix pixel clock programming
    - drm/amdgpu: Increase tlb flush timeout for sriov
    - drm/amd/display: avoid doing vm_init multiple time
    - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
    - testing: selftests: nft_flowtable.sh: use random netns names
    - btrfs: move lockdep class helpers to locking.c
    - btrfs: fix lockdep splat with reloc root extent buffers
    - btrfs: tree-checker: check for overlapping extent items
    - kprobes: don't call disarm_kprobe() for disabled kprobes
    - btrfs: fix space cache corruption and potential double allocations
    - android: binder: fix lockdep check on clearing vma
    - net/af_packet: check len when min_header_len equals to 0
    - net: neigh: don't call kfree_skb() under spin_lock_irqsave()
    - Linux 5.15.65
  * CVE-2022-2663
    - netfilter: nf_conntrack_irc: Fix forged IP logic
  * CVE-2022-3061
    - video: fbdev: i740fb: Error out if 'pixclock' equals zero
  * jammy/linux: 5.15.0-56.62 -proposed tracker (LP: #1997079)
  * CVE-2022-3566
    - tcp: Fix data races around icsk->icsk_af_ops.
  * CVE-2022-3567
    - ipv6: annotate some data-races around sk->sk_prot
    - ipv6: Fix data races around sk->sk_prot.
  * CVE-2022-3621
    - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  * CVE-2022-3564
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  * CVE-2022-3524
    - tcp/udp: Fix memory leak in ipv6_renew_options().
  * CVE-2022-3565
    - mISDN: fix use-after-free bugs in l1oip timer handlers
  * CVE-2022-3594
    - r8152: Rate limit overflow messages
  * CVE-2022-43945
    - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
    - SUNRPC: Fix svcxdr_init_encode's buflen calculation
    - NFSD: Protect against send buffer overflow in NFSv2 READDIR
    - NFSD: Protect against send buffer overflow in NFSv3 READDIR
    - NFSD: Protect against send buffer overflow in NFSv2 READ
    - NFSD: Protect against send buffer overflow in NFSv3 READ
    - NFSD: Remove "inline" directives on op_rsize_bop helpers
    - NFSD: Cap rsize_bop result based on send buffer size
  * CVE-2022-42703
    - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
  * 5.15.0-53-generic no longer boots (LP: #1996740)
    - drm/amd/display: Add helper for blanking all dp displays

linux-azure-5.15 (5.15.0-1029.36~20.04.1) focal; urgency=medium

* focal/linux-azure-5.15: 5.15.0-1029.36~20.04.1 -proposed tracker
    (LP: #1998946)

[ Ubuntu: 5.15.0-1029.36 ]

* jammy/linux-azure: 5.15.0-1029.36 -proposed tracker (LP: #1998845)
  * Azure: Jammy fio test hangs, swiotlb buffers exhausted (LP: #1998838)
    - SAUCE: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM

[ Ubuntu: 5.15.0-1027.33 ]

* jammy/linux-azure: 5.15.0-1027.33 -proposed tracker (LP: #1997044)
  * jammy/linux: 5.15.0-56.62 -proposed tracker (LP: #1997079)
  * CVE-2022-3566
    - tcp: Fix data races around icsk->icsk_af_ops.
  * CVE-2022-3567
    - ipv6: annotate some data-races around sk->sk_prot
    - ipv6: Fix data races around sk->sk_prot.
  * CVE-2022-3621
    - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  * CVE-2022-3564
    - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  * CVE-2022-3524
    - tcp/udp: Fix memory leak in ipv6_renew_options().
  * CVE-2022-3565
    - mISDN: fix use-after-free bugs in l1oip timer handlers
  * CVE-2022-3594
    - r8152: Rate limit overflow messages
  * CVE-2022-43945
    - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
    - SUNRPC: Fix svcxdr_init_encode's buflen calculation
    - NFSD: Protect against send buffer overflow in NFSv2 READDIR
    - NFSD: Protect against send buffer overflow in NFSv3 READDIR
    - NFSD: Protect against send buffer overflow in NFSv2 READ
    - NFSD: Protect against send buffer overflow in NFSv3 READ
    - NFSD: Remove "inline" directives on op_rsize_bop helpers
    - NFSD: Cap rsize_bop result based on send buffer size
  * CVE-2022-42703
    - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
  * 5.15.0-53-generic no longer boots (LP: #1996740)
    - drm/amd/display: Add helper for blanking all dp displays

[ Ubuntu: 5.15.0-1024.30 ]

* jammy/linux-azure: 5.15.0-1024.30 -proposed tracker (LP: #1996817)
  * Azure: Jammy fio test causes panic (LP: #1996806)
    - scsi: storvsc: Fix unsigned comparison to zero

-- Tim Gardner <tim.gardner@canonical.com>  Sat, 11 Feb 2023 09:41:39 -0700

Changed in linux-azure-5.15 (Ubuntu Focal):
status:	New → Fix Released

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-02

description:

updated

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2023-03-02: Workflow done!

All tasks have been completed and the bug is being closed

Changed in kernel-sru-workflow:
status:	In Progress → Fix Committed
description:	updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-03-27

description:

updated

Ubuntu Kernel Bot (ubuntu-kernel-bot) on 2023-04-18

Changed in kernel-sru-workflow:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.