Ubuntu
linux package

Stacked onexec transitions fail when under NO NEW PRIVS restrictions

Bug #1839037 reported by John Johansen on 2019-08-05

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Incomplete	Undecided	Unassigned
Xenial	Fix Released	Medium	Unassigned
Bionic	Fix Released	Medium	Unassigned

Bug Description

running the apparmor nnp regression tests results in the following failure

Error: transition failed. Test 'NNP (stack onexec - NNP)' was expected to 'pass'. Reason for failure 'FAIL - execv: Operation not permitted'

with a log message of

[ 1169.863302] audit: type=1400 audit(1565046042.144:280686): apparmor="DENIED" operation="exec" info="no new privs" error=-1 profile="/home/jj/apparmor.git/tests/regression/apparmor/transition" name="/home/jj/apparmor.git/tests/regression/apparmor/open" pid=1888 comm="transition" requested_mask="x" denied_mask="x" fsuid=0 ouid=1000 target="/home/jj/apparmor.git/tests/regression/apparmor/open"

Tags:

CVE References

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-08-05: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1839037

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
Changed in linux (Ubuntu Bionic):
status:	New → Incomplete
Changed in linux (Ubuntu Xenial):
status:	New → Incomplete

Stefan Bader (smb) on 2019-08-12

Changed in linux (Ubuntu Bionic):
status:	Incomplete → Confirmed
importance:	Undecided → Medium
Changed in linux (Ubuntu Xenial):
status:	Incomplete → Confirmed
importance:	Undecided → Medium

Khaled El Mously (kmously) on 2019-08-13

Changed in linux (Ubuntu Bionic):
status:	Confirmed → Fix Committed

Khaled El Mously (kmously) on 2019-08-13

Changed in linux (Ubuntu Xenial):
status:	Confirmed → Fix Committed

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-08-15:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-bionic

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2019-08-15:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-xenial

John Johansen (jjohansen) on 2019-08-26

tags:

added: verification-done-bionic
removed: verification-needed-bionic verification-needed-xenial

John Johansen (jjohansen) on 2019-08-26

tags:

added: verification-done-xenial

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-02:

Download full text (235.3 KiB)

This bug was fixed in the package linux - 4.15.0-60.67

---------------
linux (4.15.0-60.67) bionic; urgency=medium

* bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)

  * [Regression] net test from ubuntu_kernel_selftests failed due to bpf test
    compilation issue (LP: #1840935)
    - SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"

  * [Regression] failed to compile seccomp test from ubuntu_kernel_selftests
    (LP: #1840932)
    - Revert "selftests: skip seccomp get_metadata test if not real root"

* Packaging resync (LP: #1786013)
- [Packaging] resync getabis

linux (4.15.0-59.66) bionic; urgency=medium

* bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)

* zfs not completely removed from bionic tree (LP: #1840051)
- SAUCE: (noup) remove completely the zfs code

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562

* ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
- platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

  * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure when, stacking

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) // Tight
    timeout for bcache removal causes spurious failures (LP: #1796292)
    - SAUCE: bcache: fix deadlock in bcache_allocator

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - bcache: fix writeback target calc on large devices
    - bcache: add journal statistic
    - bcache: fix high CPU occupancy during journal
    - bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set
    - bcache: fix incorrect sysfs output value of strip size
    - bcache: fix error return value in memory shrink
    - bcache: fix using of loop variable in memory shrink
    - bcache: Fix indentation
    - bcache: Add __printf annotation to __bch_check_keys()
    - bcache: Annotate switch fall-through
    - bcache: Fix kernel-doc warnings
    - bcache: Remove an unused variable
    - bcache: Suppress more warnings about set-but-not-used variables
    - bcache: Reduce the number of sparse complaints about lock imbalances
    - bcache: Fix a compiler warning in bcache_device_init()
    - bcache: Move couple of string arrays to sysfs.c
    - bcache: Move couple of functions to sysfs.c
    - bcache: Replace bch_read_string_list() by __sysfs_match_string()

  * linux hwe i386 kernel 5.0.0-21.22~18.04.1 crashes on Lenovo x220
    (LP: #1838115)
    - x86/mm: Check for pfn instead of page in vmalloc_sync_one()
    - x86/mm: Sync also unmappings in vmalloc_sync_all()
    - mm/vmalloc.c: add priority threshold to __purge_vmap_area_lazy()...

This bug was fixed in the package linux - 4.15.0-60.67

---------------
linux (4.15.0-60.67) bionic; urgency=medium

* bionic/linux: 4.15.0-60.67 -proposed tracker (LP: #1841086)

* [Regression] net test from ubuntu_kernel_selftests failed due to bpf test
    compilation issue (LP: #1840935)
    - SAUCE: Fix "bpf: relax verifier restriction on BPF_MOV | BPF_ALU"

* [Regression] failed to compile seccomp test from ubuntu_kernel_selftests
    (LP: #1840932)
    - Revert "selftests: skip seccomp get_metadata test if not real root"

* Packaging resync (LP: #1786013)
    - [Packaging] resync getabis

linux (4.15.0-59.66) bionic; urgency=medium

* bionic/linux: 4.15.0-59.66 -proposed tracker (LP: #1840006)

* zfs not completely removed from bionic tree (LP: #1840051)
    - SAUCE: (noup) remove completely the zfs code

* Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

* [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store

* ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list

* Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure when, stacking

* [bionic] drm/i915: softpin broken, needs to be fixed for 32bit mesa
    (LP: #1815172)
    - drm/i915: Mark up GTT sizes as u64
    - drm/i915/gvt: Use I915_GTT_PAGE_SIZE
    - drm/i915: Compare user's 64b GTT offset even on 32b

* Bionic update: upstream stable patchset 2019-08-07 (LP: #1839376)
    - ARM: riscpc: fix DMA
    - ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
    - ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
    - ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
    - ftrace: Enable trampoline when rec count returns back to one
    - kernel/module.c: Only return -EEXIST for modules that have finished loading
    - MIPS: lantiq: Fix bitfield masking
    - dmaengine: rcar-dmac: Reject zero-length slave DMA requests
    - clk: tegra210: fix PLLU and PLLU_OUT1
    - fs/adfs: super: fix use-after-free bug
    - btrfs: fix minimum number of chunk errors for DUP
    - cifs: Fix a race condition with cifs_echo_request
    - ceph: fix improper use of smp_mb__before_atomic()
    - ceph: return -ERANGE if virtual xattr value didn't fit in buffer
    - ACPI: blacklist: fix clang warning for unused DMI table
    - scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
    - x86: kvm: avoid constant-conversion warning
    - ACPI: fix false-positive -Wuninitialized warning
    - be2net: Signal that the device cannot transmit during reconfiguration
    - x86/apic: Silence -Wtype-limits compiler warnings
    - x86: math-emu: Hide clang warnings for 16-bit overflow
    - mm/cma.c: fail if fixed declaration can't be honored
    - coda: add error handling for fget
    - coda: fix build using bare-metal toolchain
    - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
      headers
    - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
    - ipc/mqueue.c: only perform resource calculation if user valid
    - xen/pv: Fix a boot up hang revealed by int3 self test
    - x86/kvm: Don't call kvm_spurious_fault() from .fixup
    - x86/paravirt: Fix callee-saved function ELF sizes
    - x86, boot: Remove multiple copy of static function sanitize_boot_params()
    - drm/nouveau: fix memory leak in nouveau_conn_reset()
    - kbuild: initialize CLANG_FLAGS correctly in the top Makefile
    - Btrfs: fix incremental send failure after deduplication
    - Btrfs: fix race leading to fs corruption after transaction abort
    - mmc: dw_mmc: Fix occasional hang after tuning on eMMC
    - gpiolib: fix incorrect IRQ requesting of an active-low lineevent
    - IB/hfi1: Fix Spectre v1 vulnerability
    - selinux: fix memory leak in policydb_init()
    - s390/dasd: fix endless loop after read unit address configuration
    - parisc: Fix build of compressed kernel even with debug enabled
    - drivers/perf: arm_pmu: Fix failure path in PM notifier
    - nbd: replace kill_bdev() with __invalidate_device() again
    - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
    - IB/mlx5: Fix unreg_umr to ignore the mkey state
    - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
    - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
    - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
    - IB/hfi1: Check for error on call to alloc_rsm_map_table
    - eeprom: at24: make spd world-readable again
    - objtool: Support GCC 9 cold subfunction naming scheme
    - gcc-9: properly declare the {pv,hv}clock_page storage
    - x86/vdso: Prevent segfaults due to hoisted vclock reads
    - Documentation: Add swapgs description to the Spectre v1 documentation
    - firmware/psci: psci_checker: Park kthreads before stopping them
    - btrfs: qgroup: Don't hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
    - lib/test_string.c: avoid masking memset16/32/64 failures
    - mmc: meson-mx-sdio: Fix misuse of GENMASK macro
    - arm64: compat: Allow single-byte watchpoints on all addresses
    - arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
    - IB/mlx5: Fix clean_mr() to work in the expected order
    - ARC: enable uboot support unconditionally
    - scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA

* Bionic update: upstream stable patchset 2019-08-06 (LP: #1839213)
    - staging: vt6656: use meaningful error code during buffer allocation
    - drm/amd/display: Fill prescale_params->scale for RGB565
    - drm/amd/display: Disable ABM before destroy ABM struct
    - gpu: host1x: Increase maximum DMA segment size
    - drm/amd/display: Always allocate initial connector state state
    - drm/amd/display: fix compilation error
    - mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width
    - i2c: stm32f7: fix the get_irq error cases
    - genksyms: Teach parser about 128-bit built-in types
    - powerpc/mm: Handle page table allocation failures
    - arm64: assembler: Switch ESB-instruction with a vanilla nop if
      !ARM64_HAS_RAS
    - dlm: check if workqueues are NULL before flushing/destroying
    - proc: use down_read_killable mmap_sem for /proc/pid/pagemap
    - proc: use down_read_killable mmap_sem for /proc/pid/clear_refs
    - proc: use down_read_killable mmap_sem for /proc/pid/map_files
    - proc: use down_read_killable mmap_sem for /proc/pid/maps
    - mm: use down_read_killable for locking mmap_sem in access_remote_vm
    - ALSA: ac97: Fix double free of ac97_codec_device
    - libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
    - vsock: correct removal of socket from the list
    - NFS: Fix dentry revalidation on NFSv4 lookup
    - NFS: Refactor nfs_lookup_revalidate()
    - NFSv4: Fix lookup revalidate of regular files
    - i2c: qup: fixed releasing dma without flush operation completion
    - arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
    - binder: fix possible UAF when freeing buffer
    - ISDN: hfcsusb: checking idx of ep configuration
    - media: au0828: fix null dereference in error path
    - ath10k: Change the warning message string
    - media: cpia2_usb: first wake up, then free in disconnect
    - media: pvrusb2: use a different format for warnings
    - NFS: Cleanup if nfs_match_client is interrupted
    - media: radio-raremono: change devm_k*alloc to k*alloc
    - iommu/vt-d: Don't queue_iova() if there is no flush queue
    - iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA
    - hv_sock: Add support for delayed close
    - Bluetooth: hci_uart: check for missing tty operations
    - sched/fair: Don't free p->numa_faults with concurrent readers
    - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
    - Fix allyesconfig output.
    - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL

* Bionic update: upstream stable patchset 2019-08-05 (LP: #1839036)
    - e1000e: start network tx queue only when link is up
    - Input: synaptics - enable SMBUS on T480 thinkpad trackpad
    - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
    - drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT
    - crypto: talitos - rename alternative AEAD algos.
    - samples, bpf: fix to change the buffer size for read()
    - bpf: sockmap, fix use after free from sleep in psock backlog workqueue
    - staging:iio:ad7150: fix threshold mode config bit
    - mac80211: mesh: fix RCU warning
    - mac80211: free peer keys before vif down in mesh
    - iwlwifi: Fix double-free problems in iwl_req_fw_callback()
    - dt-bindings: can: mcp251x: add mcp25625 support
    - can: mcp251x: add support for mcp25625
    - can: m_can: implement errata "Needless activation of MRAF irq"
    - can: af_can: Fix error path of can_init()
    - ibmvnic: Refresh device multicast list after reset
    - ARM: dts: am335x phytec boards: Fix cd-gpios active level
    - Input: imx_keypad - make sure keyboard can always wake up system
    - KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy
    - mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed
    - ARM: davinci: da850-evm: call regulator_has_full_constraints()
    - ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
    - mac80211: only warn once on chanctx_conf being NULL
    - qmi_wwan: add support for QMAP padding in the RX path
    - qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
    - qmi_wwan: extend permitted QMAP mux_id value range
    - md: fix for divide error in status_resync
    - bnx2x: Check if transceiver implements DDM before access
    - drm: return -EFAULT if copy_to_user() fails
    - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
    - net: lio_core: fix potential sign-extension overflow on large shift
    - quota: fix a problem about transfer quota
    - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge()
    - net :sunrpc :clnt :Fix xps refcount imbalance on the error path
    - fscrypt: don't set policy for a dead directory
    - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
    - ALSA: hda/realtek - Headphone Mic can't record after S3
    - block, bfq: NULL out the bic when it's no longer valid
    - x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
    - x86/tls: Fix possible spectre-v1 in do_get_thread_area()
    - Documentation: Add section about CPU vulnerabilities for Spectre
    - mwifiex: Abort at too short BSS descriptor element
    - mwifiex: Don't abort on small, spec-compliant vendor IEs
    - USB: serial: ftdi_sio: add ID for isodebug v1
    - USB: serial: option: add support for GosunCn ME3630 RNDIS mode
    - Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
    - p54usb: Fix race between disconnect and firmware loading
    - usb: gadget: ether: Fix race between gether_disconnect and rx_submit
    - usb: renesas_usbhs: add a workaround for a race condition of workqueue
    - staging: comedi: dt282x: fix a null pointer deref on interrupt
    - staging: comedi: amplc_pci230: fix null pointer deref on interrupt
    - binder: fix memory leak in error path
    - carl9170: fix misuse of device driver API
    - VMCI: Fix integer overflow in VMCI handle arrays
    - MIPS: Remove superfluous check for __linux__
    - clk: ti: clkctrl: Fix returning uninitialized data
    - efi/bgrt: Drop BGRT status field reserved bits check
    - perf/core: Fix perf_sample_regs_user() mm check
    - ARM: omap2: remove incorrect __init annotation
    - be2net: fix link failure after ethtool offline test
    - ppp: mppe: Add softdep to arc4
    - sis900: fix TX completion
    - ARM: dts: imx6ul: fix PWM[1-4] interrupts
    - dm verity: use message limit for data block corruption message
    - x86/boot/64: Fix crash if kernel image crosses page table boundary
    - cpu/hotplug: Fix out-of-bounds read when setting fail state
    - linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL
    - ARC: hide unused function unw_hdr_alloc
    - s390: fix stfle zero padding
    - s390/qdio: (re-)initialize tiqdio list entries
    - s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
    - crypto/NX: Set receive window credits to max number of CRBs in RxFIFO
    - drm/udl: introduce a macro to convert dev to udl.
    - drm/udl: move to embedding drm device inside udl device.
    - drm/vmwgfx: fix a warning due to missing dma_parms
    - riscv: Fix udelay in RV32.
    - mac80211: do not start any work during reconfigure flow
    - bpf, devmap: Fix premature entry free on destroying map
    - NFS4: Only set creation opendata if O_CREAT
    - perf pmu: Fix uncore PMU alias list for ARM64
    - Documentation/admin: Remove the vsyscall=native documentation
    - drivers/usb/typec/tps6598x.c: fix portinfo width
    - staging: bcm2835-camera: Ensure all buffers are returned on disable
    - staging: bcm2835-camera: Remove check of the number of buffers supplied
    - staging: rtl8712: reduce stack usage, again
    - irqchip/gic-v3-its: Fix command queue pointer comparison bug
    - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz
    - pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order
    - x86/boot/64: Add missing fixup_pointer() for next_early_pgt access
    - genirq: Delay deactivation in free_irq()
    - genirq: Fix misleading synchronize_irq() documentation
    - genirq: Update code comments wrt recycled thread_mask
    - genirq: Synchronize only with single thread on free_irq()
    - genirq: Add optional hardware synchronization for shutdown
    - x86/ioapic: Implement irq_get_irqchip_state() callback
    - x86/irq: Handle spurious interrupt after shutdown gracefully
    - crypto: talitos - move struct talitos_edesc into talitos.h
    - crypto: talitos - fix hash on SEC1.
    - regmap-irq: do not write mask register if mask_base is zero
    - MIPS: ath79: fix ar933x uart parity mode
    - MIPS: fix build on non-linux hosts
    - arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
    - scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
    - dmaengine: imx-sdma: fix use-after-free on probe error path
    - wil6210: fix potential out-of-bounds read
    - ath10k: Do not send probe response template for mesh
    - ath9k: Check for errors when reading SREV register
    - ath6kl: add some bounds checking
    - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
    - batman-adv: fix for leaked TVLV handler.
    - media: dvb: usb: fix use after free in dvb_usb_device_exit
    - media: spi: IR LED: add missing of table registration
    - crypto: talitos - fix skcipher failure due to wrong output IV
    - media: marvell-ccic: fix DMA s/g desc number calculation
    - media: vpss: fix a potential NULL pointer dereference
    - media: media_device_enum_links32: clean a reserved field
    - net: stmmac: dwmac1000: Clear unused address entries
    - net: stmmac: dwmac4/5: Clear unused address entries
    - qed: Set the doorbell address correctly
    - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
    - af_key: fix leaks in key_pol_get_resp and dump_sp.
    - xfrm: Fix xfrm sel prefix length validation
    - fscrypt: clean up some BUG_ON()s in block encryption/decryption
    - media: mc-device.c: don't memset __user pointer contents
    - media: staging: media: davinci_vpfe: - Fix for memory leak if decoder
      initialization fails.
    - net: phy: Check against net_device being NULL
    - crypto: talitos - properly handle split ICV.
    - crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
    - tua6100: Avoid build warnings.
    - locking/lockdep: Fix merging of hlocks with non-zero references
    - media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
    - cpupower : frequency-set -r option misses the last cpu in related cpu list
    - net: stmmac: dwmac4: fix flow control issue
    - net: fec: Do not use netdev messages too early
    - net: axienet: Fix race condition causing TX hang
    - s390/qdio: handle PENDING state for QEBSM devices
    - RAS/CEC: Fix pfn insertion
    - net: sfp: add mutex to prevent concurrent state checks
    - ipset: Fix memory accounting for hash types on resize
    - perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
    - perf tests: Add valid callback for parse-events test
    - perf test 6: Fix missing kvm module load for s390
    - media: fdp1: Support M3N and E3 platforms
    - iommu: Fix a leak in iommu_insert_resv_region
    - gpio: omap: fix lack of irqstatus_raw0 for OMAP4
    - gpio: omap: ensure irq is enabled before wakeup
    - regmap: fix bulk writes on paged registers
    - bpf: silence warning messages in core
    - rcu: Force inlining of rcu_read_lock()
    - x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
    - blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership
      arbitration
    - xfrm: fix sa selector validation
    - sched/core: Add __sched tag for io_schedule()
    - x86/atomic: Fix smp_mb__{before,after}_atomic()
    - perf evsel: Make perf_evsel__name() accept a NULL argument
    - vhost_net: disable zerocopy by default
    - ipoib: correcly show a VF hardware address
    - EDAC/sysfs: Fix memory leak when creating a csrow object
    - ipsec: select crypto ciphers for xfrm_algo
    - ipvs: defer hook registration to avoid leaks
    - media: s5p-mfc: Make additional clocks optional
    - media: i2c: fix warning same module names
    - ntp: Limit TAI-UTC offset
    - timer_list: Guard procfs specific code
    - acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
    - media: coda: fix mpeg2 sequence number handling
    - media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
    - media: coda: increment sequence offset for the last returned frame
    - media: vimc: cap: check v4l2_fill_pixfmt return value
    - media: hdpvr: fix locking and a missing msleep
    - rtlwifi: rtl8192cu: fix error handle when usb probe failed
    - mt7601u: do not schedule rx_tasklet when the device has been disconnected
    - x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
    - mt7601u: fix possible memory leak when the device is disconnected
    - ipvs: fix tinfo memory leak in start_sync_thread
    - ath10k: add missing error handling
    - ath10k: fix PCIE device wake up failed
    - perf tools: Increase MAX_NR_CPUS and MAX_CACHES
    - libata: don't request sense data on !ZAC ATA devices
    - clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
    - rslib: Fix decoding of shortened codes
    - rslib: Fix handling of of caller provided syndrome
    - ixgbe: Check DDM existence in transceiver before access
    - crypto: serpent - mark __serpent_setkey_sbox noinline
    - crypto: asymmetric_keys - select CRYPTO_HASH where needed
    - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
    - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
    - net: hns3: fix a -Wformat-nonliteral compile warning
    - net: hns3: add some error checking in hclge_tm module
    - ath10k: destroy sdio workqueue while remove sdio module
    - iwlwifi: mvm: Drop large non sta frames
    - perf stat: Make metric event lookup more robust
    - net: usb: asix: init MAC address buffers
    - gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
    - Bluetooth: hci_bcsp: Fix memory leak in rx_skb
    - Bluetooth: 6lowpan: search for destination address in all peers
    - Bluetooth: Check state in l2cap_disconnect_rsp
    - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
    - Bluetooth: validate BLE connection interval updates
    - gtp: fix suspicious RCU usage
    - gtp: fix Illegal context switch in RCU read-side critical section.
    - gtp: fix use-after-free in gtp_encap_destroy()
    - gtp: fix use-after-free in gtp_newlink()
    - net: mvmdio: defer probe of orion-mdio if a clock is not ready
    - iavf: fix dereference of null rx_buffer pointer
    - floppy: fix out-of-bounds read in next_valid_format
    - floppy: fix invalid pointer dereference in drive_name
    - xen: let alloc_xenballooned_pages() fail if not enough memory free
    - scsi: NCR5380: Reduce goto statements in NCR5380_select()
    - scsi: NCR5380: Always re-enable reselection interrupt
    - Revert "scsi: ncr5380: Increase register polling limit"
    - scsi: core: Fix race on creating sense cache
    - scsi: megaraid_sas: Fix calculation of target ID
    - scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
    - scsi: mac_scsi: Fix pseudo DMA implementation, take 2
    - crypto: ghash - fix unaligned memory access in ghash_setkey()
    - crypto: ccp - Validate the the error value used to index error messages
    - crypto: arm64/sha1-ce - correct digest for empty data in finup
    - crypto: arm64/sha2-ce - correct digest for empty data in finup
    - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
    - crypto: ccp - memset structure fields to zero before reuse
    - crypto: ccp/gcm - use const time tag comparison.
    - crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
    - Input: gtco - bounds check collection indent level
    - Input: alps - don't handle ALPS cs19 trackpoint-only device
    - Input: synaptics - whitelist Lenovo T580 SMBus intertouch
    - Input: alps - fix a mismatch between a condition check and its comment
    - regulator: s2mps11: Fix buck7 and buck8 wrong voltages
    - arm64: tegra: Update Jetson TX1 GPU regulator timings
    - iwlwifi: pcie: don't service an interrupt that was masked
    - iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
    - NFSv4: Handle the special Linux file open access mode
    - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
    - lib/scatterlist: Fix mapping iterator when sg->offset is greater than
      PAGE_SIZE
    - ASoC: dapm: Adapt for debugfs API change
    - ALSA: seq: Break too long mutex context in the write loop
    - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
    - media: coda: Remove unbalanced and unneeded mutex unlock
    - KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
    - arm64: tegra: Fix AGIC register range
    - fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys
      inodes.
    - drm/nouveau/i2c: Enable i2c pads & busses during preinit
    - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
    - dm zoned: fix zone state management race
    - xen/events: fix binding user event channels to cpus
    - 9p/xen: Add cleanup path in p9_trans_xen_init
    - 9p/virtio: Add cleanup path in p9_virtio_init
    - x86/boot: Fix memory leak in default_get_smp_config()
    - perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
    - perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
    - intel_th: pci: Add Ice Lake NNPI support
    - PCI: Do not poll for PME if the device is in D3cold
    - Btrfs: fix data loss after inode eviction, renaming it, and fsync it
    - Btrfs: fix fsync not persisting dentry deletions due to inode evictions
    - Btrfs: add missing inode version, ctime and mtime updates when punching hole
    - HID: wacom: generic: only switch the mode on devices with LEDs
    - HID: wacom: correct touch resolution x/y typo
    - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
    - coda: pass the host file in vma->vm_file on mmap
    - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
    - PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
    - crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
    - parisc: Ensure userspace privilege for ptraced processes in regset functions
    - parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
    - powerpc/32s: fix suspend/resume when IBATs 4-7 are used
    - powerpc/watchpoint: Restore NV GPRs while returning from exception
    - eCryptfs: fix a couple type promotion bugs
    - intel_th: msu: Fix single mode with disabled IOMMU
    - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
    - usb: Handle USB3 remote wakeup for LPM enabled devices correctly
    - net: mvmdio: allow up to four clocks to be specified for orion-mdio
    - dt-bindings: allow up to four clocks for orion-mdio
    - dm bufio: fix deadlock with loop device
    - compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
    - compiler.h: Add read_word_at_a_time() function.
    - lib/strscpy: Shut up KASAN false-positives in strscpy()
    - bnx2x: Prevent load reordering in tx completion processing
    - caif-hsi: fix possible deadlock in cfhsi_exit_module()
    - igmp: fix memory leak in igmpv3_del_delrec()
    - ipv4: don't set IPv6 only flags to IPv4 addresses
    - net: bcmgenet: use promisc for unsupported filters
    - net: dsa: mv88e6xxx: wait after reset deactivation
    - net: neigh: fix multiple neigh timer scheduling
    - net: openvswitch: fix csum updates for MPLS actions
    - nfc: fix potential illegal memory access
    - rxrpc: Fix send on a connected, but unbound socket
    - sky2: Disable MSI on ASUS P6T
    - vrf: make sure skb->data contains ip header to make routing
    - macsec: fix use-after-free of skb during RX
    - macsec: fix checksumming after decryption
    - netrom: fix a memory leak in nr_rx_frame()
    - netrom: hold sock when setting skb->destructor
    - bonding: validate ip header before check IPPROTO_IGMP
    - net: make skb_dst_force return true when dst is refcounted
    - tcp: fix tcp_set_congestion_control() use from bpf hook
    - tcp: Reset bytes_acked and bytes_received when disconnecting
    - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
    - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
    - net: bridge: stp: don't cache eth dest pointer before skb pull
    - dma-buf: balance refcount inbalance
    - dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc
    - MIPS: lb60: Fix pin mappings
    - ext4: don't allow any modifications to an immutable file
    - ext4: enforce the immutable flag on open files
    - mm: add filemap_fdatawait_range_keep_errors()
    - jbd2: introduce jbd2_inode dirty range scoping
    - ext4: use jbd2_inode dirty range scoping
    - ext4: allow directory holes
    - mm: vmscan: scan anonymous pages on file refaults
    - hvsock: fix epollout hang from race condition
    - drm/panel: simple: Fix panel_simple_dsi_probe
    - usb: core: hub: Disable hub-initiated U1/U2
    - tty: max310x: Fix invalid baudrate divisors calculator
    - pinctrl: rockchip: fix leaked of_node references
    - tty: serial: cpm_uart - fix init when SMC is relocated
    - drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
    - PCI: Return error if cannot probe VF
    - drm/bridge: tc358767: read display_props in get_modes()
    - drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
    - drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
    - memstick: Fix error cleanup path of memstick_init
    - tty/serial: digicolor: Fix digicolor-usart already registered warning
    - tty: serial: msm_serial: avoid system lockup condition
    - serial: 8250: Fix TX interrupt handling condition
    - drm/virtio: Add memory barriers for capset cache.
    - phy: renesas: rcar-gen2: Fix memory leak at error paths
    - powerpc/pseries/mobility: prevent cpu hotplug during DT update
    - drm/rockchip: Properly adjust to a true clock in adjusted_mode
    - tty: serial_core: Set port active bit in uart_port_activate
    - usb: gadget: Zero ffs_io_data
    - powerpc/pci/of: Fix OF flags parsing for 64bit BARs
    - drm/msm: Depopulate platform on probe failure
    - serial: mctrl_gpio: Check if GPIO property exisits before requesting it
    - PCI: sysfs: Ignore lockdep for remove attribute
    - kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
    - PCI: xilinx-nwl: Fix Multi MSI data programming
    - iio: iio-utils: Fix possible incorrect mask calculation
    - powerpc/xmon: Fix disabling tracing while in xmon
    - recordmcount: Fix spurious mcount entries on powerpc
    - mfd: core: Set fwnode for created devices
    - mfd: arizona: Fix undefined behavior
    - mfd: hi655x-pmic: Fix missing return value check for
      devm_regmap_init_mmio_clk
    - um: Silence lockdep complaint about mmap_sem
    - powerpc/4xx/uic: clear pending interrupt after irq type/pol change
    - RDMA/i40iw: Set queue pair state when being queried
    - serial: sh-sci: Terminate TX DMA during buffer flushing
    - serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
    - kallsyms: exclude kasan local symbols on s390
    - perf test mmap-thread-lookup: Initialize variable to suppress memory
      sanitizer warning
    - perf session: Fix potential NULL pointer dereference found by the smatch
      tool
    - perf annotate: Fix dereferencing freed memory found by the smatch tool
    - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
    - PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
    - powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
    - f2fs: avoid out-of-range memory access
    - mailbox: handle failed named mailbox channel request
    - powerpc/eeh: Handle hugepages in ioremap space
    - block/bio-integrity: fix a memory leak bug
    - sh: prevent warnings when using iounmap
    - mm/kmemleak.c: fix check for softirq context
    - 9p: pass the correct prototype to read_cache_page
    - mm/gup.c: mark undo_dev_pagemap as __maybe_unused
    - mm/gup.c: remove some BUG_ONs from get_gate_page()
    - mm/mmu_notifier: use hlist_add_head_rcu()
    - locking/lockdep: Fix lock used or unused stats error
    - locking/lockdep: Hide unused 'class' variable
    - drm/crc: Only report a single overflow when a CRC fd is opened
    - drm/crc-debugfs: Also sprinkle irqrestore over early exits
    - usb: wusbcore: fix unbalanced get/put cluster_id
    - usb: pci-quirks: Correct AMD PLL quirk detection
    - KVM: nVMX: do not use dangling shadow VMCS after guest reset
    - btrfs: inode: Don't compress if NODATASUM or NODATACOW set
    - x86/sysfb_efi: Add quirks for some devices with swapped width and height
    - x86/speculation/mds: Apply more accurate check on hypervisor platform
    - binder: prevent transactions to context manager from its own process.
    - fpga-manager: altera-ps-spi: Fix build error
    - hpet: Fix division by zero in hpet_time_div()
    - powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
    - powerpc/tm: Fix oops on sigreturn on systems without TM
    - access: avoid the RCU grace period for the temporary subjective credentials
    - batman-adv: Fix duplicated OGMs on NETDEV_UP
    - net: hns3: set ops to null when unregister ad_dev
    - x86/cpu: Add Ice Lake NNPI to Intel family
    - qed: iWARP - Fix tc for MPA ll2 connection
    - net: hns3: fix for skb leak when doing selftest
    - sched/fair: Fix "runnable_avg_yN_inv" not used warnings
    - x86/cacheinfo: Fix a -Wtype-limits warning
    - nvme-pci: properly report state change failure in nvme_reset_work
    - nvme-pci: set the errno on ctrl state change error
    - arm64: Do not enable IRQs for ct_user_exit
    - net: stmmac: sun8i: force select external PHY when no internal one
    - bcache: check CACHE_SET_IO_DISABLE in allocator code
    - bcache: check CACHE_SET_IO_DISABLE bit in bch_journal()
    - bcache: acquire bch_register_lock later in cached_dev_free()
    - bcache: fix potential deadlock in cached_def_free()
    - perf stat: Fix group lookup for metric group
    - tools: bpftool: Fix json dump crash on powerpc
    - Bluetooth: Add a new 13d3:3496 QCA_ROME device
    - Bluetooth: Add new 13d3:3491 QCA_ROME device
    - Bluetooth: Add new 13d3:3501 QCA_ROME device
    - bcache: ignore read-ahead request failure on backing device
    - bcache: fix mistaken sysfs entry for io_error counter
    - bcache: destroy dc->writeback_write_wq if failed to create
      dc->writeback_thread
    - iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill
    - iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices
    - ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform
    - media: videobuf2-core: Prevent size alignment wrapping buffer size to 0
    - media: videobuf2-dma-sg: Prevent size from overflowing
    - perf/x86/intel: Fix spurious NMI on fixed counter
    - drm/edid: parse CEA blocks embedded in DisplayID
    - PCI: qcom: Ensure that PERST is asserted for at least 100 ms
    - IB/mlx5: Report correctly tag matching rendezvous capability
    - include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT
      architectures
    - xfs: fix pagecache truncation prior to reflink
    - xfs: flush removing page cache in xfs_reflink_remap_prep
    - xfs: don't overflow xattr listent buffer
    - xfs: don't ever put nlink > 0 inodes on the unlinked list
    - xfs: fix reporting supported extra file attributes for statx()
    - xfs: serialize unaligned dio writes against all other dio writes
    - xfs: abort unaligned nowait directio early
    - powerpc/powernv/npu: Fix reference leak
    - powerpc/pseries: Fix oops in hotplug memory notifier
    - mmc: sdhci-msm: fix mutex while in spinlock
    - mtd: rawnand: mtk: Correct low level time calculation of r/w cycle
    - blk-throttle: fix zero wait time for iops throttled group
    - tcp: be more careful in tcp_fragment()
    - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn
    - net_sched: unset TCQ_F_CAN_BYPASS when adding filters
    - net: bridge: don't cache ether dest pointer on input
    - net: sched: verify that q!=NULL before setting q->flags

* Line 6 POD HD500 driver fault (LP: #1790595) // Bionic update: upstream
    stable patchset 2019-08-05 (LP: #1839036)
    - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1

* Bionic update: upstream stable patchset 2019-08-02 (LP: #1838824)
    - rapidio: fix a NULL pointer dereference when create_workqueue() fails
    - fs/fat/file.c: issue flush after the writeback of FAT
    - sysctl: return -EINVAL if val violates minmax
    - ipc: prevent lockup on alloc_msg and free_msg
    - ARM: prevent tracing IPI_CPU_BACKTRACE
    - mm/hmm: select mmu notifier when selecting HMM
    - hugetlbfs: on restore reserve error path retain subpool reservation
    - mem-hotplug: fix node spanned pages when we have a node with only
      ZONE_MOVABLE
    - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
    - mm/cma.c: fix the bitmap status to show failed allocation reason
    - mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
    - mm/slab.c: fix an infinite loop in leaks_show()
    - kernel/sys.c: prctl: fix false positive in validate_prctl_map()
    - thermal: rcar_gen3_thermal: disable interrupt in .remove
    - drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER
    - mfd: tps65912-spi: Add missing of table registration
    - mfd: intel-lpss: Set the device in reset state when init
    - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link
      configuration
    - mfd: twl6040: Fix device init errors for ACCCTL register
    - perf/x86/intel: Allow PEBS multi-entry in watermark mode
    - drm/bridge: adv7511: Fix low refresh rate selection
    - objtool: Don't use ignore flag for fake jumps
    - EDAC/mpc85xx: Prevent building as a module
    - pwm: meson: Use the spin-lock only to protect register modifications
    - ntp: Allow TAI-UTC offset to be set to zero
    - f2fs: fix to avoid panic in do_recover_data()
    - f2fs: fix to clear dirty inode in error path of f2fs_iget()
    - f2fs: fix to avoid panic in dec_valid_block_count()
    - f2fs: fix to do sanity check on valid block count of segment
    - percpu: remove spurious lock dependency between percpu and sched
    - configfs: fix possible use-after-free in configfs_register_group
    - uml: fix a boot splat wrt use of cpu_all_mask
    - mmc: mmci: Prevent polling for busy detection in IRQ context
    - watchdog: imx2_wdt: Fix set_timeout for big timeout values
    - watchdog: fix compile time error of pretimeout governors
    - blk-mq: move cancel of requeue_work into blk_mq_release
    - iommu/vt-d: Set intel_iommu_gfx_mapped correctly
    - misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test
    - nvme-pci: unquiesce admin queue on shutdown
    - ALSA: hda - Register irq handler after the chip initialization
    - nvmem: core: fix read buffer in place
    - fuse: retrieve: cap requested size to negotiated max_write
    - nfsd: allow fh_want_write to be called twice
    - vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"
    - x86/PCI: Fix PCI IRQ routing table memory leak
    - platform/chrome: cros_ec_proto: check for NULL transfer function
    - PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64
    - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
    - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
    - soc: rockchip: Set the proper PWM for rk3288
    - ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
    - ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
    - ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
    - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
    - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
    - PCI: rpadlpar: Fix leaked device_node references in add/remove paths
    - platform/x86: intel_pmc_ipc: adding error handling
    - power: supply: max14656: fix potential use-before-alloc
    - PCI: rcar: Fix a potential NULL pointer dereference
    - PCI: rcar: Fix 64bit MSI message address handling
    - video: hgafb: fix potential NULL pointer dereference
    - video: imsttfb: fix potential NULL pointer dereferences
    - block, bfq: increase idling for weight-raised queues
    - PCI: xilinx: Check for __get_free_pages() failure
    - gpio: gpio-omap: add check for off wake capable gpios
    - dmaengine: idma64: Use actual device for DMA transfers
    - pwm: tiehrpwm: Update shadow register for disabling PWMs
    - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on
      Arndale Octa
    - pwm: Fix deadlock warning when removing PWM device
    - ARM: exynos: Fix undefined instruction during Exynos5422 resume
    - usb: typec: fusb302: Check vconn is off when we start toggling
    - gpio: vf610: Do not share irq_chip
    - percpu: do not search past bitmap when allocating an area
    - drm: don't block fb changes for async plane updates
    - ALSA: seq: Cover unsubscribe_port() in list_mutex
    - initramfs: free initrd memory if opening /initrd.image fails
    - bpf: fix undefined behavior in narrow load handling
    - f2fs: fix to avoid panic in f2fs_remove_inode_page()
    - f2fs: fix to use inline space only if inline_xattr is enable
    - netfilter: nf_conntrack_h323: restore boundary check correctness
    - mips: Make sure dt memory regions are valid
    - nvmem: sunxi_sid: Support SID on A83T and H5
    - nfsd: avoid uninitialized variable warning
    - switchtec: Fix unintended mask of MRPC event
    - net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending
    - i40e: Queues are reserved despite "Invalid argument" error
    - net: hns3: return 0 and print warning when hit duplicate MAC
    - soc: renesas: Identify R-Car M3-W ES1.1
    - soc: renesas: Identify R-Car M3-W ES1.3
    - [Config] updateconfigs for CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT
    - drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)
    - nouveau: Fix build with CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT disabled
    - HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
    - HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
    - ALSA: oxfw: allow PCM capture for Stanton SCS.1m
    - ALSA: hda/realtek - Update headset mode for ALC256
    - ALSA: firewire-motu: fix destruction of data for isochronous resources
    - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
    - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
    - fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
    - mm/vmscan.c: fix trying to reclaim unevictable LRU page
    - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
    - ptrace: restore smp_rmb() in __ptrace_may_access()
    - media: v4l2-ioctl: clear fields in s_parm
    - iommu/arm-smmu: Avoid constant zero in TLBI writes
    - i2c: acorn: fix i2c warning
    - bcache: fix stack corruption by PRECEDING_KEY()
    - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
    - ASoC: cs42xx8: Add regcache mask dirty
    - ASoC: fsl_asrc: Fix the issue about unsupported rate
    - drm/i915/sdvo: Implement proper HDMI audio support for SDVO
    - x86/uaccess, kcov: Disable stack protector
    - ALSA: seq: Protect in-kernel ioctl calls with mutex
    - ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
    - Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex"
    - s390/kasan: fix strncpy_from_user kasan checks
    - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
    - scsi: qedi: remove memset/memcpy to nfunc and use func instead
    - scsi: qedi: remove set but not used variables 'cdev' and 'udev'
    - scsi: lpfc: add check for loss of ndlp when sending RRQ
    - arm64/mm: Inhibit huge-vmap with ptdump
    - nvme: remove the ifdef around nvme_nvm_ioctl
    - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI
      table
    - platform/x86: pmc_atom: Add several Beckhoff Automation boards to
      critclk_systems DMI table
    - scsi: bnx2fc: fix incorrect cast to u64 on shift operation
    - libnvdimm: Fix compilation warnings with W=1
    - selftests/timers: Add missing fflush(stdout) calls
    - usbnet: ipheth: fix racing condition
    - KVM: x86/pmu: do not mask the value that is written to fixed PMUs
    - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
    - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an
      invalid read
    - drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
    - usb: dwc2: Fix DMA cache alignment issues
    - usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression)
    - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
    - USB: serial: pl2303: add Allied Telesis VT-Kit3
    - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
    - USB: serial: option: add Telit 0x1260 and 0x1261 compositions
    - RAS/CEC: Fix binary search function
    - x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
    - x86/kasan: Fix boot with 5-level paging and KASAN
    - rtc: pcf8523: don't return invalid date when battery is low
    - HID: wacom: Don't set tool type until we're in range
    - HID: wacom: Don't report anything prior to the tool entering range
    - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
    - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached
    - f2fs: fix to avoid accessing xattr across the boundary
    - nvme: fix srcu locking on error return in nvme_get_ns_from_disk
    - nvme: merge nvme_ns_ioctl into nvme_ioctl
    - nvme: release namespace SRCU protection before performing controller ioctls
    - nvme: fix memory leak for power latency tolerance
    - KVM: x86/pmu: mask the result of rdpmc according to the width of the
      counters
    - tools/kvm_stat: fix fields filter for child events
    - RAS/CEC: Convert the timer callback to a workqueue
    - x86/mm/KASLR: Compute the size of the vmemmap section properly
    - ax25: fix inconsistent lock state in ax25_destroy_timer
    - be2net: Fix number of Rx queues used for flow hashing
    - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
    - lapb: fixed leak of control-blocks.
    - neigh: fix use-after-free read in pneigh_get_next
    - net: openvswitch: do not free vport if register_netdevice() is failed.
    - sctp: Free cookie before we memdup a new one
    - sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
    - Staging: vc04_services: Fix a couple error codes
    - perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
    - netfilter: nf_queue: fix reinject verdict handling
    - ipvs: Fix use-after-free in ip_vs_in
    - selftests: netfilter: missing error check when setting up veth interface
    - clk: ti: clkctrl: Fix clkdm_clk handling
    - powerpc/powernv: Return for invalid IMC domain
    - mISDN: make sure device name is NUL terminated
    - x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
    - perf/ring_buffer: Fix exposing a temporarily decreased data_head
    - perf/ring_buffer: Add ordering to rb->nest increment
    - perf/ring-buffer: Always use {READ,WRITE}_ONCE() for rb->user_page data
    - gpio: fix gpio-adp5588 build errors
    - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
    - net: aquantia: fix LRO with FCS error
    - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
    - ALSA: hda - Force polling mode on CNL for fixing codec communication
    - configfs: Fix use-after-free when accessing sd->s_dentry
    - perf data: Fix 'strncat may truncate' build failure with recent gcc
    - perf record: Fix s390 missing module symbol and warning for non-root users
    - ia64: fix build errors by exporting paddr_to_nid()
    - KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
    - KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
    - net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
    - net: phy: dp83867: Set up RGMII TX delay
    - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
    - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
    - scsi: scsi_dh_alua: Fix possible null-ptr-deref
    - scsi: libsas: delete sas port if expander discover failed
    - mlxsw: spectrum: Prevent force of 56G
    - coredump: fix race condition between collapse_huge_page() and core dumping
    - infiniband: fix race condition between infiniband mlx4, mlx5 driver and core
      dumping
    - Abort file_remove_privs() for non-reg. files
    - tipc: purge deferredq list for each grp member in tipc_group_delete
    - vsock/virtio: set SOCK_DONE on peer shutdown
    - usb: xhci: Fix a potential null pointer dereference in
      xhci_debugfs_create_endpoint()
    - ACPI/PCI: PM: Add missing wakeup.flags.valid checks
    - drm/etnaviv: lock MMU while dumping core
    - net: aquantia: tx clean budget logic error
    - perf namespace: Protect reading thread's namespace
    - xen/pvcalls: Remove set but not used variable
    - xen: xenbus: Catch closing of non existent transactions
    - xen: xenbus_dev_frontend: Verify body of XS_TRANSACTION_END
    - xenbus: Avoid deadlock during suspend due to open transactions
    - tracing: Silence GCC 9 array bounds warning
    - objtool: Support per-function rodata sections
    - gcc-9: silence 'address-of-packed-member' warning
    - net: phy: broadcom: Use strlcpy() for ethtool::get_strings
    - mmc: core: Prevent processing SDIO IRQs when the card is suspended
    - scsi: ufs: Avoid runtime suspend possibly being blocked forever
    - usb: chipidea: udc: workaround for endpoint conflict issue
    - IB/hfi1: Silence txreq allocation warnings
    - Input: synaptics - enable SMBus on ThinkPad E480 and E580
    - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
    - apparmor: enforce nullbyte at end of tag string
    - ARC: fix build warnings
    - ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node
    - ARC: [plat-hsdk]: Add missing FIFO size entry in GMAC node
    - parport: Fix mem leak in parport_register_dev_model
    - parisc: Fix compiler warnings in float emulation code
    - IB/rdmavt: Fix alloc_qpn() WARN_ON()
    - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
    - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
    - IB/hfi1: Validate page aligned for a given virtual address
    - MIPS: uprobes: remove set but not used variable 'epc'
    - xtensa: Fix section mismatch between memblock_reserve and mem_reserve
    - net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
    - net: hns: Fix loopback test failed at copper ports
    - mdesc: fix a missing-check bug in get_vdev_port_node_info()
    - sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
    - net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
    - net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is
      enabled
    - drm/arm/hdlcd: Actually validate CRTC modes
    - drm/arm/hdlcd: Allow a bit of clock tolerance
    - scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
    - scsi: ufs: Check that space was properly alloced in copy_query_response
    - scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous()
    - net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
    - s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
    - hwmon: (core) add thermal sensors only if dev->of_node is present
    - hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
    - nvme: Fix u32 overflow in the number of namespace list calculation
    - btrfs: start readahead also in seed devices
    - can: flexcan: fix timeout when set small bitrate
    - can: purge socket error queue on sock destruct
    - powerpc/bpf: use unsigned division instruction for 64-bit operations
    - ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
    - ARM: dts: am57xx-idk: Remove support for voltage switching for SD card
    - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
    - Bluetooth: Fix regression with minimum encryption key size alignment
    - SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
    - cfg80211: fix memory leak of wiphy device name
    - mac80211: drop robust management frames from unknown TA
    - mac80211: handle deauthentication/disassociation from TDLS peer
    - mac80211: Do not use stack memory with scatterlist for GMAC
    - s390/jump_label: Use "jdd" constraint on gcc9
    - s390/ap: rework assembler functions to use unions for in/out register
      variables
    - mmc: core: API to temporarily disable retuning for SDIO CRC errors
    - mmc: core: Add sdio_retune_hold_now() and sdio_retune_release()
    - Input: silead - add MSSL0017 to acpi_device_id
    - selftests: vm: install test_vmalloc.sh for run_vmtests
    - arm64: Silence gcc warnings about arch ABI drift
    - riscv: mm: synchronize MMU after pte change
    - arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h>
    - drm/vmwgfx: Use the backdoor port if the HB port is not available
    - {nl,mac}80211: allow 4addr AP operation on crypto controlled devices
    - perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit
      set nul
    - perf help: Remove needless use of strncpy()
    - perf header: Fix unchecked usage of strncpy()
    - IB/hfi1: Close PSM sdma_progress sleep window
    - 9p/xen: fix check for xenbus_read error in front_probe
    - 9p/rdma: do not disconnect on down_interruptible EAGAIN
    - 9p: acl: fix uninitialized iattr access
    - 9p/rdma: remove useless check in cm_event_handler
    - 9p: p9dirent_read: check network-provided name length
    - net/9p: include trans_common.h to fix missing prototype warning.
    - qmi_wwan: Fix out-of-bounds read
    - fs/proc/array.c: allow reporting eip/esp for all coredumping threads
    - mm/mempolicy.c: fix an incorrect rebind node in mpol_rebind_nodemask
    - fs/binfmt_flat.c: make load_flat_shared_library() work
    - dm log writes: make sure super sector log updates are written in order
    - scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
    - x86/speculation: Allow guests to use SSBD even if host does not
    - x86/microcode: Fix the microcode load on CPU hotplug for real
    - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
    - cpu/speculation: Warn on unsupported mitigations= parameter
    - eeprom: at24: fix unexpected timeout under high load
    - af_packet: Block execution of tasks waiting for transmit to complete in
      AF_PACKET
    - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
    - net/packet: fix memory leak in packet_set_ring()
    - net: remove duplicate fetch in sock_getsockopt
    - net: stmmac: fixed new system time seconds value calculation
    - sctp: change to hold sk after auth shkey is created successfully
    - tipc: change to use register_pernet_device
    - tipc: check msg->req data len in tipc_nl_compat_bearer_disable
    - tun: wake up waitqueues after IFF_UP is set
    - team: Always enable vlan tx offload
    - bonding: Always enable vlan tx offload
    - bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
    - bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
    - arm64: futex: Avoid copying out uninitialised stack in failed cmpxchg()
    - bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd
    - futex: Update comments and docs about return values of arch futex code
    - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
    - arm64: insn: Fix ldadd instruction encoding
    - arm64: Don't unconditionally add -Wno-psabi to KBUILD_CFLAGS
    - irqchip/mips-gic: Use the correct local interrupt map registers
    - Bluetooth: Fix faulty expression for minimum encryption key size check
    - ASoC : cs4265 : readable register too low
    - ASoC: soc-pcm: BE dai needs prepare when pause release after resume
    - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
    - drm/mediatek: fix unbind functions
    - drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
    - drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
    - ASoC: max98090: remove 24-bit format support if RJ is 0
    - ASoC: sun4i-i2s: Fix sun8i tx channel offset mask
    - ASoC: sun4i-i2s: Add offset to RX channel select
    - usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
    - usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
    - SoC: rt274: Fix internal jack assignment in set_jack callback
    - scsi: hpsa: correct ioaccel2 chaining
    - platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device
      registration
    - cpuset: restore sanity to cpuset_cpus_allowed_fallback()
    - scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
    - mm/mlock.c: change count_mm_mlocked_page_nr return type
    - module: Fix livepatch/ftrace module text permissions race
    - ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()
    - MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
    - drm/i915/dmc: protect against reading random memory
    - crypto: user - prevent operating on larval algorithms
    - crypto: cryptd - Fix skcipher instance memory leak
    - ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
    - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
    - ALSA: line6: Fix write on zero-sized buffer
    - ALSA: usb-audio: fix sign unintended sign extension on left shifts
    - ALSA: hda/realtek - Change front mic location for Lenovo M710q
    - lib/mpi: Fix karactx leak in mpi_powm
    - tracing/snapshot: Resize spare buffer if size changed
    - arm64: kaslr: keep modules inside module region when KASAN is enabled
    - drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE
    - drm/imx: notify drm core before sending event during crtc disable
    - drm/imx: only send event on crtc disable if kept disabled
    - ftrace/x86: Remove possible deadlock between register_kprobe() and
      ftrace_run_update_code()
    - mm/vmscan.c: prevent useless kswapd loops
    - btrfs: Ensure replaced device doesn't have pending chunk allocation
    - vhost-net: set packet weight of tx polling to 2 * vq size
    - vhost_net: use packet weight for rx handler, too
    - vhost_net: introduce vhost_exceeds_weight()
    - vhost: introduce vhost_exceeds_weight()
    - vhost_net: fix possible infinite loop
    - vhost: vsock: add weight support
    - vhost: scsi: add weight support
    - tty: rocket: fix incorrect forward declaration of 'rp_init()'
    - KVM: x86: degrade WARN to pr_warn_ratelimited
    - KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
    - svcrdma: Ignore source port when computing DRC hash
    - MIPS: Fix bounds check virt_addr_valid
    - MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
    - dmaengine: imx-sdma: remove BD_INTR for channel0
    - drm/mediatek: unbind components in mtk_drm_unbind()
    - drm/mediatek: clear num_pipes when unbind driver
    - x86/CPU: Add more Icelake model numbers
    - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from
      asus_nb_wmi
    - platform/x86: intel-vbtn: Report switch events when event wakes device
    - i2c: pca-platform: Fix GPIO lookup code
    - ALSA: hda/realtek: Add quirks for several Clevo notebook barebones
    - ARM: dts: armada-xp-98dx3236: Switch to armada-38x-uart serial node
    - drm/amd/powerplay: use hardware fan control if no powerplay fan table
    - drm/etnaviv: add missing failure path to destroy suballoc
    - mlxsw: spectrum: Handle VLAN device unlinking
    - media: s5p-mfc: fix incorrect bus assignment in virtual child device
    - net: hns: Fixes the missing put_device in positive leg for roce reset
    - ALSA: hda: Initialize power_state field properly
    - rds: Fix warning.
    - ip6: fix skb leak in ip6frag_expire_frag_queue()
    - netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments
    - sc16is7xx: move label 'err_spi' to correct section
    - netfilter: ipv6: nf_defrag: accept duplicate fragments again
    - nfsd: Fix overflow causing non-working mounts on 1 TB machines
    - MIPS: have "plain" make calls build dtbs for selected platforms
    - dmaengine: qcom: bam_dma: Fix completed descriptors count

* Bionic update: upstream stable patchset 2019-08-01 (LP: #1838700)
    - x86: Hide the int3_emulate_call/jmp functions from UML
    - ext4: do not delete unlinked inode from orphan list on failed truncate
    - f2fs: Fix use of number of devices
    - KVM: x86: fix return value for reserved EFER
    - bio: fix improper use of smp_mb__before_atomic()
    - sbitmap: fix improper use of smp_mb__before_atomic()
    - Revert "scsi: sd: Keep disk read-only when re-reading partition"
    - crypto: vmx - CTR: always increment IV as quadword
    - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time
      problem
    - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
    - kvm: svm/avic: fix off-by-one in checking host APIC ID
    - libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
    - arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
    - gfs2: Fix sign extension bug in gfs2_update_stats
    - Btrfs: do not abort transaction at btrfs_update_root() after failure to COW
      path
    - Btrfs: avoid fallback to transaction commit during fsync of files with holes
    - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
    - btrfs: sysfs: Fix error path kobject memory leak
    - btrfs: sysfs: don't leak memory when failing add fsid
    - fbdev: fix divide error in fb_var_to_videomode
    - btrfs: honor path->skip_locking in backref code
    - fbdev: fix WARNING in __alloc_pages_nodemask bug
    - media: cpia2: Fix use-after-free in cpia2_exit
    - media: serial_ir: Fix use-after-free in serial_ir_init_module
    - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
    - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
    - bpf: devmap: fix use-after-free Read in __dev_map_entry_free
    - batman-adv: mcast: fix multicast tt/tvlv worker locking
    - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
    - net: erspan: fix use-after-free
    - gfs2: Fix lru_count going negative
    - cxgb4: Fix error path in cxgb4_init_module
    - NFS: make nfs_match_client killable
    - IB/hfi1: Fix WQ_MEM_RECLAIM warning
    - gfs2: Fix occasional glock use-after-free
    - mmc: core: Verify SD bus width
    - tools/bpf: fix perf build error with uClibc (seen on ARC)
    - dmaengine: tegra210-dma: free dma controller in remove()
    - net: ena: gcc 8: fix compilation warning
    - pinctrl: zte: fix leaked of_node references
    - ASoC: hdmi-codec: unlock the device on startup errors
    - powerpc/perf: Return accordingly on invalid chip-id in
    - powerpc/boot: Fix missing check of lseek() return value
    - ASoC: imx: fix fiq dependencies
    - spi: pxa2xx: fix SCR (divisor) calculation
    - brcm80211: potential NULL dereference in
      brcmf_cfg80211_vndr_cmds_dcmd_handler()
    - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
    - ARM: vdso: Remove dependency with the arch_timer driver internals
    - arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
    - sched/cpufreq: Fix kobject memleak
    - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
    - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
    - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in
      tcm_qla2xxx_close_session()
    - Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota
      reserve
    - btrfs: fix panic during relocation after ENOSPC before writeback happens
    - btrfs: Don't panic when we can't find a root key
    - iwlwifi: pcie: don't crash on invalid RX interrupt
    - rtc: 88pm860x: prevent use-after-free on device remove
    - scsi: qedi: Abort ep termination if offload not scheduled
    - w1: fix the resume command API
    - dmaengine: pl330: _stop: clear interrupt status
    - mac80211/cfg80211: update bss channel on channel switch
    - libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
    - ASoC: fsl_sai: Update is_slave_mode with correct value
    - mwifiex: prevent an array overflow
    - net: cw1200: fix a NULL pointer dereference
    - crypto: sun4i-ss - Fix invalid calculation of hash end
    - bcache: return error immediately in bch_journal_replay()
    - bcache: fix failure in journal relplay
    - bcache: add failure check to run_cache_set() for journal replay
    - bcache: avoid clang -Wunintialized warning
    - vfio-ccw: Do not call flush_workqueue while holding the spinlock
    - vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
    - smpboot: Place the __percpu annotation correctly
    - x86/mm: Remove in_nmi() warning from 64-bit implementation of
      vmalloc_fault()
    - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
      versions
    - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
    - pinctrl: pistachio: fix leaked of_node references
    - pinctrl: samsung: fix leaked of_node references
    - clk: rockchip: undo several noc and special clocks as critical on rk3288
    - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
    - media: coda: clear error return value before picture run
    - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
    - media: au0828: stop video streaming only when last user stops
    - media: ov2659: make S_FMT succeed even if requested format doesn't match
    - audit: fix a memory leak bug
    - media: stm32-dcmi: fix crash when subdev do not expose any formats
    - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
    - media: pvrusb2: Prevent a buffer overflow
    - powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
    - random: add a spinlock_t to struct batched_entropy
    - cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
    - sched/core: Check quota and period overflow at usec to nsec conversion
    - sched/rt: Check integer overflow at usec to nsec conversion
    - sched/core: Handle overflow in cpu_shares_write_u64
    - drm/msm: a5xx: fix possible object reference leak
    - USB: core: Don't unbind interfaces following device reset failure
    - x86/irq/64: Limit IST stack overflow check to #DB stack
    - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
    - i40e: Able to add up to 16 MAC filters on an untrusted VF
    - i40e: don't allow changes to HW VLAN stripping on active port VLANs
    - arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
    - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
    - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
    - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
    - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
    - scsi: libsas: Do discovery on empty PHY to update PHY info
    - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
    - mmc_spi: add a status check for spi_sync_locked
    - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
    - mmc: sdhci-of-esdhc: add erratum A-009204 support
    - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
    - drm/amdgpu: fix old fence check in amdgpu_fence_emit
    - PM / core: Propagate dev->power.wakeup_path when no callbacks
    - clk: rockchip: Fix video codec clocks on rk3288
    - extcon: arizona: Disable mic detect if running when driver is removed
    - clk: rockchip: Make rkpwm a critical clock on rk3288
    - s390: zcrypt: initialize variables before_use
    - x86/microcode: Fix the ancient deprecated microcode loading method
    - s390: cio: fix cio_irb declaration
    - cpufreq: ppc_cbe: fix possible object reference leak
    - cpufreq/pasemi: fix possible object reference leak
    - cpufreq: pmac32: fix possible object reference leak
    - cpufreq: kirkwood: fix possible object reference leak
    - block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
    - x86/build: Keep local relocations with ld.lld
    - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
    - iio: hmc5843: fix potential NULL pointer dereferences
    - iio: common: ssp_sensors: Initialize calculated_time in
      ssp_common_process_data
    - rtlwifi: fix a potential NULL pointer dereference
    - mwifiex: Fix mem leak in mwifiex_tm_cmd
    - brcmfmac: fix missing checks for kmemdup
    - b43: shut up clang -Wuninitialized variable warning
    - brcmfmac: convert dev_init_lock mutex to completion
    - brcmfmac: fix WARNING during USB disconnect in case of unempty psq
    - brcmfmac: fix race during disconnect when USB completion is in progress
    - brcmfmac: fix Oops when bringing up interface during USB disconnect
    - rtc: xgene: fix possible race condition
    - rtlwifi: fix potential NULL pointer dereference
    - scsi: ufs: Fix regulator load and icc-level configuration
    - scsi: ufs: Avoid configuring regulator with undefined voltage range
    - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
    - x86/uaccess, signal: Fix AC=1 bloat
    - x86/ia32: Fix ia32_restore_sigcontext() AC leak
    - chardev: add additional check for minor range overlap
    - RDMA/hns: Fix bad endianess of port_pd variable
    - HID: core: move Usage Page concatenation to Main item
    - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
    - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
    - cxgb3/l2t: Fix undefined behaviour
    - HID: logitech-hidpp: change low battery level threshold from 31 to 30
      percent
    - spi: tegra114: reset controller on probe
    - kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
    - media: video-mux: fix null pointer dereferences
    - media: wl128x: prevent two potential buffer overflows
    - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload
      check
    - virtio_console: initialize vtermno value for ports
    - tty: ipwireless: fix missing checks for ioremap
    - x86/mce: Fix machine_check_poll() tests for error types
    - rcutorture: Fix cleanup path for invalid torture_type strings
    - rcuperf: Fix cleanup path for invalid perf_type strings
    - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
    - scsi: qla4xxx: avoid freeing unallocated dma memory
    - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
    - dmaengine: tegra210-adma: use devm_clk_*() helpers
    - hwrng: omap - Set default quality
    - thunderbolt: Fix to check for kmemdup failure
    - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
    - media: vimc: stream: fix thread state before sleep
    - media: go7007: avoid clang frame overflow warning with KASAN
    - media: vimc: zero the media_device on probe
    - scsi: lpfc: Fix FDMI manufacturer attribute value
    - scsi: lpfc: Fix fc4type information for FDMI
    - media: saa7146: avoid high stack usage with clang
    - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
    - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
    - spi: rspi: Fix sequencer reset during initialization
    - spi: Fix zero length xfer bug
    - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
    - drm/drv: Hold ref on parent device during drm_device lifetime
    - drm: Wake up next in drm_read() chain if we are forced to putback the event
    - vfio-ccw: Prevent quiesce function going into an infinite loop
    - NFS: Fix a double unlock from nfs_match,get_client
    - ext4: wait for outstanding dio during truncate in nojournal mode
    - NFSv4.1 fix incorrect return value in copy_file_range
    - media: vb2: add waiting_in_dqbuf flag
    - acct_on(): don't mess with freeze protection
    - hv_netvsc: fix race that may miss tx queue wakeup
    - Bluetooth: Ignore CC events not matching the last HCI command
    - powerpc/perf: Fix loop exit condition in nest_imc_event_init
    - drm/nouveau/bar/nv50: ensure BAR is mapped
    - media: stm32-dcmi: return appropriate error codes during probe
    - powerpc/watchdog: Use hrtimers for per-CPU heartbeat
    - scsi: qla2xxx: Fix hardirq-unsafe locking
    - x86/modules: Avoid breaking W^X while loading modules
    - sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
    - s390: qeth: address type mismatch warning
    - rsi: Fix NULL pointer dereference in kmalloc
    - nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
    - bcache: avoid potential memleak of list of journal_replay(s) in the
      CACHE_SYNC branch of run_cache_set
    - RDMA/cma: Consider scope_id while binding to ipv6 ll address
    - block: fix use-after-free on gendisk
    - staging: vc04_services: handle kzalloc failure
    - irq_work: Do not raise an IPI when queueing work on the local CPU
    - thunderbolt: Take domain lock in switch sysfs attribute callbacks
    - drm: etnaviv: avoid DMA API warning when importing buffers
    - ACPI/IORT: Reject platform device creation on NUMA node mapping failure
    - perf/x86/msr: Add Icelake support
    - perf/x86/intel/rapl: Add Icelake support
    - perf/x86/intel/cstate: Add Icelake support
    - drm/panel: otm8009a: Add delay at the end of initialization
    - thunderbolt: property: Fix a missing check of kzalloc
    - thunderbolt: Fix to check the return value of kmemdup
    - x86/mce: Handle varying MCA bank counts
    - scsi: lpfc: avoid uninitialized variable warning
    - thunderbolt: Fix to check return value of ida_simple_get
    - drm/amd/display: fix releasing planes when exiting odm
    - thunderbolt: property: Fix a NULL pointer dereference
    - e1000e: Disable runtime PM on CNP+
    - igb: Exclude device from suspend direct complete optimization
    - media: si2165: fix a missing check of return value
    - drm/amd/display: Fix Divide by 0 in memory calculations
    - spi: imx: stop buffer overflow in RX FIFO flush
    - bonding/802.3ad: fix slave link initialization transition states
    - cxgb4: offload VLAN flows regardless of VLAN ethtype
    - inet: switch IP ID generator to siphash
    - ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
    - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
    - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
    - llc: fix skb leak in llc_build_and_send_ui_pkt()
    - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
    - net: fec: fix the clk mismatch in failed_reset path
    - net-gro: fix use-after-free read in napi_gro_frags()
    - net: mvneta: Fix err code path of probe
    - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
    - net: phy: marvell10g: report if the PHY fails to boot firmware
    - net: stmmac: fix reset gpio free missing
    - usbnet: fix kernel crash after disconnect
    - tipc: Avoid copying bytes beyond the supplied data
    - net/mlx5: Allocate root ns memory using kzalloc to match kfree
    - bnxt_en: Fix aggregation buffer leak under OOM condition.
    - crypto: vmx - ghash: do nosimd fallback manually
    - include/linux/compiler*.h: define asm_volatile_goto
    - compiler.h: give up __compiletime_assert_fallback()
    - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
    - tipc: fix modprobe tipc failed after switch order of device registration
    - sparc64: Fix regression in non-hypervisor TLB flush xcall
    - include/linux/bitops.h: sanitize rotate primitives
    - xhci: update bounce buffer with correct sg num
    - xhci: Use %zu for printing size_t type
    - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
    - usb: xhci: avoid null pointer deref when bos field is NULL
    - usbip: usbip_host: fix BUG: sleeping function called from invalid context
    - usbip: usbip_host: fix stub_dev lock context imbalance regression
    - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
    - USB: sisusbvga: fix oops in error path of sisusb_probe
    - USB: Add LPM quirk for Surface Dock GigE adapter
    - USB: rio500: refuse more than one device at a time
    - USB: rio500: fix memory leak in close after disconnect
    - media: usb: siano: Fix general protection fault in smsusb
    - media: usb: siano: Fix false-positive "uninitialized variable" warning
    - media: smsusb: better handle optional alignment
    - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
    - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
    - Btrfs: fix wrong ctime and mtime of a directory after log replay
    - Btrfs: fix race updating log root item during fsync
    - Btrfs: fix fsync not persisting changed attributes of a directory
    - Btrfs: incremental send, fix file corruption when no-holes feature is
      enabled
    - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts
    - powerpc/perf: Fix MMCRA corruption by bhrb_filter
    - ALSA: hda/realtek - Set default power save node to 0
    - KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
    - drm/nouveau/i2c: Disable i2c bus access after ->fini()
    - tty: serial: msm_serial: Fix XON/XOFF
    - tty: max310x: Fix external crystal register setup
    - memcg: make it work on sparse non-0-node systems
    - kernel/signal.c: trace_signal_deliver when signal_group_exit
    - docs: Fix conf.py for Sphinx 2.0
    - doc: Cope with the deprecation of AutoReporter
    - doc: Cope with Sphinx logging deprecations
    - ima: show rules with IMA_INMASK correctly
    - serial: sh-sci: disable DMA for uart_console
    - staging: vc04_services: prevent integer overflow in create_pagelist()
    - staging: wlan-ng: fix adapter initialization failure
    - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
      ENOMEM
    - gcc-plugins: Fix build failures under Darwin host
    - drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
    - drm/rockchip: shutdown drm subsystem on shutdown
    - Compiler Attributes: add support for __copy (gcc >= 9)
    - include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
    - binder: fix race between munmap() and direct reclaim
    - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
    - brcmfmac: fix NULL pointer derefence during USB disconnect
    - iio: dac: ds4422/ds4424 fix chip verification
    - s390/crypto: fix possible sleep during spinlock aquired
    - ALSA: line6: Assure canceling delayed work at disconnection
    - vt/fbcon: deinitialize resources in visual_init() after failed memory
      allocation
    - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case
    - x86/ftrace: Do not call function graph from dynamic trampolines
    - x86/ftrace: Set trampoline pages as executable
    - x86/kprobes: Set instruction page as executable
    - of: overlay: validate overlay properties #address-cells and #size-cells
    - of: overlay: set node fields from properties when add new overlay node
    - ethtool: fix potential userspace buffer overflow
    - Fix memory leak in sctp_process_init
    - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
    - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
    - net: rds: fix memory leak in rds_ib_flush_mr_pool
    - pktgen: do not sleep with the thread lock held.
    - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
    - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
    - net: sfp: read eeprom in maximum 16 byte increments
    - ipv6: fix the check before getting the cookie in rt6_get_cookie
    - rcu: locking and unlocking need to always be at least barriers
    - parisc: Use implicit space register selection for loading the coherence
      index of I/O pdirs
    - fuse: fallocate: fix return with locked inode
    - pstore: Remove needless lock during console writes
    - pstore: Convert buf_lock to semaphore
    - pstore/ram: Run without kernel crash dump region
    - x86/power: Fix 'nosmt' vs hibernation triple fault during resume
    - i2c: xiic: Add max_read_len quirk
    - MIPS: Bounds check virt_addr_valid
    - MIPS: pistachio: Build uImage.gz by default
    - genwqe: Prevent an integer overflow in the ioctl
    - test_firmware: Use correct snprintf() limit
    - drm/gma500/cdv: Check vbt config bits when detecting lvds panels
    - drm/amdgpu/psp: move psp version specific function pointers to early_init
    - drm/i915: Fix I915_EXEC_RING_MASK
    - drm/i915/fbc: disable framebuffer compression on GeminiLake
    - TTY: serial_core, add ->install
    - qmi_wwan: Add quirk for Quectel dynamic config
    - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
    - ethtool: check the return value of get_regs_len
    - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set
    - net: mvpp2: Use strscpy to handle stat strings
    - packet: unconditionally free po->rollover
    - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter
    - NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled
    - s390/mm: fix address space detection in exception handling
    - drm/msm: fix fb references in async update
    - drm: add non-desktop quirk for Valve HMDs
    - drm: add non-desktop quirks to Sensics and OSVR headsets.
    - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in

* CVE-2019-14283
    - floppy: fix out-of-bounds read in copy_buffer

* CVE-2019-14284
    - floppy: fix div-by-zero in setup_format_params

* Bionic linux 4.15.0-56.62 fails to build with CONFIG_NVM disabled
    (LP: #1838533)
    - Revert "nvme: warn when finding multi-port subsystems without multipathing
      enabled"

* Bionic update: upstream stable patchset 2019-07-31 (LP: #1838576)
    - netfilter: compat: initialize all fields in xt_init
    - platform/x86: sony-laptop: Fix unintentional fall-through
    - platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
    - hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
    - kernfs: fix barrier usage in __kernfs_new_node()
    - USB: serial: fix unthrottle races
    - iio: adc: xilinx: fix potential use-after-free on remove
    - libnvdimm/namespace: Fix a potential NULL pointer dereference
    - HID: input: add mapping for Expose/Overview key
    - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
    - HID: input: add mapping for "Toggle Display" key
    - libnvdimm/btt: Fix a kmemdup failure check
    - s390/dasd: Fix capacity calculation for large volumes
    - mac80211: fix unaligned access in mesh table hash function
    - mac80211: Increase MAX_MSG_LEN
    - mac80211: fix memory accounting with A-MSDU aggregation
    - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
    - s390/3270: fix lockdep false positive on view->lock
    - clocksource/drivers/oxnas: Fix OX820 compatible
    - mISDN: Check address length before reading address family
    - s390/pkey: add one more argument space for debug feature entry
    - x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
    - KVM: fix spectrev1 gadgets
    - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
      tracing
    - tools lib traceevent: Fix missing equality check for strcmp
    - mm: fix inactive list balancing between NUMA nodes and cgroups
    - init: initialize jump labels before command line option parsing
    - selftests: netfilter: check icmp pkttoobig errors are set as related
    - ipvs: do not schedule icmp errors from tunnels
    - netfilter: ctnetlink: don't use conntrack/expect object addresses as id
    - s390: ctcm: fix ctcm_new_device error return code
    - drm/sun4i: Set device driver data at bind time for use in unbind
    - gpu: ipu-v3: dp: fix CSC handling
    - drm/imx: don't skip DP channel disable for background plane
    - spi: Micrel eth switch: declare missing of table
    - spi: ST ST95HF NFC: declare missing of table
    - Input: synaptics-rmi4 - fix possible double free
    - MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
    - ima: open a new file instance if no read permissions
    - drm/i915: Disable LP3 watermarks on all SNB machines
    - net: stmmac: Move debugfs init/exit to ->probe()/->remove()
    - x86/vdso: Pass --eh-frame-hdr to the linker
    - mm/memory.c: fix modifying of page protection by insert_pfn()
    - net: fec: manage ahb clock in runtime pm
    - mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
    - mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
    - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
    - mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
    - NFC: nci: Add some bounds checking in nci_hci_cmd_received()
    - nfc: nci: Potential off by one in ->pipes[] array
    - x86/kprobes: Avoid kretprobe recursion bug
    - cw1200: fix missing unlock on error in cw1200_hw_scan()
    - mwl8k: Fix rate_idx underflow
    - rtlwifi: rtl8723ae: Fix missing break in switch statement
    - bonding: fix arp_validate toggling in active-backup mode
    - bridge: Fix error path for kobject_init_and_add()
    - dpaa_eth: fix SG frame cleanup
    - ipv4: Fix raw socket lookup for local traffic
    - net: dsa: Fix error cleanup path in dsa_init_module
    - net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
    - net: seeq: fix crash caused by not set dev.parent
    - net: ucc_geth - fix Oops when changing number of buffers in the ring
    - packet: Fix error path in packet_init
    - vlan: disable SIOCSHWTSTAMP in container
    - vrf: sit mtu should not be updated when vrf netdev is the link
    - tipc: fix hanging clients using poll with EPOLLOUT flag
    - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
    - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
    - powerpc/powernv/idle: Restore IAMR after idle
    - powerpc/booke64: set RI in default MSR
    - platform/x86: dell-laptop: fix rfkill functionality
    - iio: adc: xilinx: fix potential use-after-free on probe
    - iio: adc: xilinx: prevent touching unclocked h/w on remove
    - acpi/nfit: Always dump _DSM output payload
    - libnvdimm/pmem: fix a possible OOB access when read and write pmem
    - vxge: fix return of a free'd memblock on a failed dma mapping
    - qede: fix write to free'd pointer error and double free of ptp
    - afs: Unlock pages for __pagevec_release()
    - ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash
    - scsi: aic7xxx: fix EISA support
    - drm/sun4i: Fix component unbinding and component master deletion
    - netfilter: fix nf_l4proto_log_invalid to log invalid packets
    - drm/sun4i: Unbind components before releasing DRM and memory
    - usb: typec: Fix unchecked return value
    - netfilter: nf_tables: use-after-free in dynamic operations
    - um: Don't hardcode path as it is architecture dependent
    - powerpc/book3s/64: check for NULL pointer in pgd_alloc()
    - PCI: hv: Add hv_pci_remove_slots() when we unload the driver
    - PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary
    - net: core: another layer of lists, around PF_MEMALLOC skb handling
    - locking/rwsem: Prevent decrement of reader count before increment
    - PCI: hv: Fix a memory leak in hv_eject_device_work()
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - objtool: Fix function fallthrough detection
    - ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
    - ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - power: supply: axp288_charger: Fix unchecked return value
    - arm64: compat: Reduce address limit
    - arm64: Clear OSDLR_EL1 on CPU boot
    - arm64: Save and restore OSDLR_EL1 across suspend/resume
    - sched/x86: Save [ER]FLAGS on context switch
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: skcipher - don't WARN on unprocessed data after slow walk step
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: rockchip - update IV buffer to contain the next IV
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - bpf, arm64: remove prefetch insn in xadd mapping
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - userfaultfd: use RCU to free the task struct when fork fails
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
    - mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write
    - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - jbd2: check superblock mapped prior to committing
    - ext4: make sanity check in mballoc more strict
    - ext4: ignore e_value_offs for xattrs with value-in-ea-inode
    - ext4: avoid drop reference to iloc.bh twice
    - Btrfs: do not start a transaction during fiemap
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ext4: fix use-after-free race with debug_want_extra_isize
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: arm64/aes-neonbs - don't access already-freed walk.iv
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ext4: fix data corruption caused by overlapping unaligned and aligned IO
    - ext4: fix use-after-free in dx_release()
    - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
    - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
    - iov_iter: optimize page_copy_sane()
    - ext4: fix compile error when using BUFFER_TRACE
    - arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller.
    - arm64: mmap: Ensure file offset is treated as unsigned
    - arm64: arch_timer: Ensure counter register reads occur with seqlock held
    - crypto: crypto4xx - fix ctr-aes missing output IV
    - crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
    - ALSA: line6: toneport: Fix broken usage of timer for delayed execution
    - ASoC: fsl_esai: Fix missing break in switch statement
    - mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned
      addresses
    - hugetlb: use same fault hash key for shared and private mappings
    - ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle
    - btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages
      fails
    - ext4: avoid panic during forced reboot due to aborted journal
    - libnvdimm/namespace: Fix label tracking error
    - ext4: don't update s_rev_level if not required
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - net: test nouarg before dereferencing zerocopy pointers
    - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
    - ppp: deflate: Fix possible crash in deflate_init
    - tipc: switch order of device registration to fix a crash
    - vsock/virtio: free packets during the socket release
    - vsock/virtio: Initialize core virtio vsock before registering the driver
    - net: Always descend into dsa/
    - parisc: Export running_on_qemu symbol for modules
    - parisc: Skip registering LED when running in QEMU
    - parisc: Use PA_ASM_LEVEL in boot code
    - parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
    - stm class: Fix channel free in stm output free path
    - md: add mddev->pers to avoid potential NULL pointer dereference
    - intel_th: msu: Fix single mode with IOMMU
    - p54: drop device reference count if fails to enable device
    - of: fix clang -Wunsequenced for be32_to_cpu()
    - media: ov6650: Fix sensor possibly not detected on probe
    - NFS4: Fix v4.0 client state corruption when mount
    - PNFS fallback to MDS if no deviceid found
    - clk: hi3660: Mark clk_gate_ufs_subsys as critical
    - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
    - clk: rockchip: fix wrong clock definitions for rk3328
    - fuse: fix writepages on 32bit
    - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
    - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
    - ceph: flush dirty inodes before proceeding with remount
    - x86_64: Add gap to int3 to allow for call emulation
    - x86_64: Allow breakpoints to emulate call instructions
    - ftrace/x86_64: Emulate call function while updating in breakpoint handler
    - tracing: Fix partial reading of trace event's id file
    - memory: tegra: Fix integer overflow on tick value calculation
    - perf intel-pt: Fix instructions sampling rate
    - perf intel-pt: Fix improved sample timestamp
    - perf intel-pt: Fix sample timestamp wrt non-taken branches
    - objtool: Allow AR to be overridden with HOSTAR
    - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
    - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
    - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
    - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
    - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
      VRAM
    - fbdev: sm712fb: fix support for 1024x768-16 mode
    - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
    - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
    - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
    - PCI: Mark Atheros AR9462 to avoid bus reset
    - PCI: Factor out pcie_retrain_link() function
    - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
    - dm cache metadata: Fix loading discard bitset
    - dm zoned: Fix zone report handling
    - dm delay: fix a crash when invalid device is specified
    - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
    - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
    - vti4: ipip tunnel deregistration fixes.
    - esp4: add length check for UDP encapsulation
    - xfrm4: Fix uninitialized memory read in _decode_session4
    - power: supply: cpcap-battery: Fix division by zero
    - securityfs: fix use-after-free on symlink traversal
    - apparmorfs: fix use-after-free on symlink traversal
    - mac80211: Fix kernel panic due to use of txq after free
    - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
    - power: supply: sysfs: prevent endless uevent loop with
      CONFIG_POWER_SUPPLY_DEBUG
    - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
    - sched/cpufreq: Fix kobject memleak
    - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
    - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    - perf bench numa: Add define for RUSAGE_THREAD if not present
    - md/raid: raid5 preserve the writeback action after the parity check
    - driver core: Postpone DMA tear-down until after devres release for probe
      failure
    - bpf: add map_lookup_elem_sys_only for lookups from syscall side
    - bpf, lru: avoid messing with eviction heuristics upon syscall lookup
    - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
    - nfp: flower: add rcu locks when accessing netdev for tunnels
    - rtnetlink: always put IFLA_LINK for links with a link-netnsid
    - brd: re-enable __GFP_HIGHMEM in brd_insert_page()
    - proc: prevent changes to overridden credentials
    - md: batch flush requests.
    - phy: ti-pipe3: fix missing bit-wise or operator when assigning val
    - clk: mediatek: Disable tuner_en before change PLL rate
    - PCI: rcar: Add the initialization of PCIe link in resume_noirq()
    - fuse: Add FOPEN_STREAM to use stream_open()
    - qmi_wwan: new Wistron, ZTE and D-Link devices
    - bpf: relax inode permission check for retrieving bpf program

* Bionic update: upstream stable patchset 2019-07-30 (LP: #1838459)
    - kbuild: simplify ld-option implementation
    - cifs: do not attempt cifs operation on smb2+ rename error
    - tracing: Fix a memory leak by early error exit in trace_pid_write()
    - tracing: Fix buffer_ref pipe ops
    - zram: pass down the bvec we need to read into in the work struct
    - lib/Kconfig.debug: fix build error without CONFIG_BLOCK
    - MIPS: scall64-o32: Fix indirect syscall number load
    - trace: Fix preempt_enable_no_resched() abuse
    - IB/rdmavt: Fix frwr memory registration
    - sched/numa: Fix a possible divide-by-zero
    - ceph: only use d_name directly when parent is locked
    - ceph: ensure d_name stability in ceph_dentry_hash()
    - ceph: fix ci->i_head_snapc leak
    - nfsd: Don't release the callback slot unless it was actually held
    - sunrpc: don't mark uninitialised items as VALID.
    - Input: synaptics-rmi4 - write config register values to the right offset
    - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid
    - ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache
    - drm/vc4: Fix memory leak during gpu reset.
    - drm/vc4: Fix compilation error reported by kbuild test bot
    - ext4: fix some error pointer dereferences
    - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
    - tipc: handle the err returned from cmd header function
    - slip: make slhc_free() silently accept an error pointer
    - intel_th: gth: Fix an off-by-one in output unassigning
    - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
    - ipvs: fix warning on unused variable
    - sched/deadline: Correctly handle active 0-lag timers
    - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
    - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
    - fm10k: Fix a potential NULL pointer dereference
    - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
    - tipc: check link name with right length in tipc_nl_compat_link_set
    - x86, retpolines: Raise limit for generating indirect calls from switch-case
    - x86/retpolines: Disable switch jump tables when retpolines are enabled
    - mm: Fix warning in insert_pfn()
    - ipv4: add sanity checks in ipv4_link_failure()
    - mlxsw: spectrum: Fix autoneg status in ethtool
    - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
    - net: rds: exchange of 8K and 1M pool
    - net: stmmac: move stmmac_check_ether_addr() to driver probe
    - stmmac: pci: Adjust IOT2000 matching
    - team: fix possible recursive locking when add slaves
    - net/rose: fix unbound loop in rose_loopback_timer()
    - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
    - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
    - Documentation: Add nospectre_v1 parameter
    - netfilter: nf_tables: warn when expr implements only one of
      activate/deactivate
    - net/ibmvnic: Fix RTNL deadlock during device reset
    - drm/rockchip: fix for mailbox read validation.
    - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64
    - perf/x86/intel: Enable C-state residency events for Cannon Lake
    - perf/x86/intel: Update KBL Package C-state events to also include
      PC8/PC9/PC10 counters
    - powerpc/mm/radix: Make Radix require HUGETLB_PAGE
    - workqueue: Try to catch flush_work() without INIT_WORK().
    - mlxsw: pci: Reincrease PCI reset timeout
    - mm: make page ref count overflow check tighter and more explicit
    - mm: add 'try_get_page()' helper function
    - mm: prevent get_user_pages() from overflowing page refcount
    - fs: prevent page refcount overflow in pipe_buf_get
    - ARM: dts: bcm283x: Fix hdmi hpd gpio pull
    - s390: limit brk randomization to 32MB
    - qlcnic: Avoid potential NULL pointer dereference
    - netfilter: nft_set_rbtree: check for inactive element after flag mismatch
    - netfilter: bridge: set skb transport_header before entering
      NF_INET_PRE_ROUTING
    - s390/qeth: fix race when initializing the IP address table
    - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
    - serial: ar933x_uart: Fix build failure with disabled console
    - KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
    - usb: gadget: net2280: Fix overrun of OUT messages
    - usb: gadget: net2280: Fix net2280_dequeue()
    - usb: gadget: net2272: Fix net2272_dequeue()
    - ARM: dts: pfla02: increase phy reset duration
    - net: ks8851: Dequeue RX packets explicitly
    - net: ks8851: Reassert reset pin if chip ID check fails
    - net: ks8851: Delay requesting IRQ until opened
    - net: ks8851: Set initial carrier state to down
    - staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
    - staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
    - staging: rtl8712: uninitialized memory in read_bbreg_hdl()
    - staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
    - net: macb: Add null check for PCLK and HCLK
    - net/sched: don't dereference a->goto_chain to read the chain index
    - ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
    - NFS: Fix a typo in nfs_init_timeout_values()
    - net: xilinx: fix possible object reference leak
    - net: ibm: fix possible object reference leak
    - net: ethernet: ti: fix possible object reference leak
    - gpio: aspeed: fix a potential NULL pointer dereference
    - drm/meson: Fix invalid pointer in meson_drv_unbind()
    - drm/meson: Uninstall IRQ handler
    - scsi: qla4xxx: fix a potential NULL pointer dereference
    - usb: usb251xb: fix to avoid potential NULL pointer dereference
    - usb: u132-hcd: fix resource leak
    - ceph: fix use-after-free on symlink traversal
    - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
    - libata: fix using DMA buffers on stack
    - gpio: of: Fix of_gpiochip_add() error path
    - kconfig/[mn]conf: handle backspace (^H) key
    - ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
    - leds: pca9532: fix a potential NULL pointer dereference
    - KVM: arm64: Reset the PMU in preemptible context
    - KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory
    - scsi: aacraid: Insure we don't access PCIe space during AER/EEH
    - x86/realmode: Don't leak the trampoline kernel address
    - x86/mm: Don't exceed the valid physical address space
    - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
    - ipv6/flowlabel: wait rcu grace period before put_pid()
    - ipv6: invert flowlabel sharing check in process and user mode
    - l2ip: fix possible use-after-free
    - l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()
    - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
    - net: phy: marvell: Fix buffer overrun with stats counters
    - sctp: avoid running the sctp state machine recursively
    - packet: validate msg_namelen in send directly
    - bnxt_en: Improve multicast address setup logic.
    - bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one()
    - ALSA: line6: use dynamic buffers
    - rxrpc: Fix net namespace cleanup
    - kasan: remove redundant initialization of variable 'real_size'
    - kasan: prevent compiler from optimizing away memset in tests
    - caif: reduce stack size with KASAN
    - ALSA: hda/realtek - Add new Dell platform for headset mode
    - USB: yurex: Fix protection fault after device removal
    - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
    - usb: usbip: fix isoc packet num validation in get_pipe
    - USB: core: Fix unterminated string returned by usb_string()
    - USB: core: Fix bug caused by duplicate interface PM usage counter
    - nvme-loop: init nvmet_ctrl fatal_err_work when allocate
    - HID: logitech: check the return value of create_singlethread_workqueue
    - HID: debug: fix race condition with between rdesc_show() and device removal
    - rtc: sh: Fix invalid alarm warning for non-enabled alarm
    - batman-adv: Reduce claim hash refcnt only for removed entry
    - batman-adv: Reduce tt_local hash refcnt only for removed entry
    - batman-adv: Reduce tt_global hash refcnt only for removed entry
    - ARM: dts: rockchip: Fix gpu opp node names for rk3288
    - net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands
    - bonding: show full hw address in sysfs for slave entries
    - net: stmmac: ratelimit RX error logs
    - net: stmmac: don't overwrite discard_frame status
    - net: stmmac: fix dropping of multi-descriptor RX frames
    - net: stmmac: don't log oversized frames
    - jffs2: fix use-after-free on symlink traversal
    - debugfs: fix use-after-free on symlink traversal
    - rtc: da9063: set uie_unsupported when relevant
    - HID: input: add mapping for Assistant key
    - vfio/pci: use correct format characters
    - scsi: core: add new RDAC LENOVO/DE_Series device
    - scsi: storvsc: Fix calculation of sub-channel count
    - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
    - kmemleak: powerpc: skip scanning holes in the .bss section
    - hugetlbfs: fix memory leak for resv_map
    - sh: fix multiple function definition build errors
    - xsysace: Fix error handling in ace_setup
    - ARM: orion: don't use using 64-bit DMA masks
    - ARM: iop: don't use using 64-bit DMA masks
    - perf/x86/amd: Update generic hardware cache events for Family 17h
    - Bluetooth: btusb: request wake pin with NOAUTOEN
    - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
    - staging: iio: adt7316: fix the dac read calculation
    - staging: iio: adt7316: fix the dac write calculation
    - scsi: RDMA/srpt: Fix a credit leak for aborted commands
    - ASoC: stm32: fix sai driver name initialisation
    - IB/core: Unregister notifier before freeing MAD security
    - IB/core: Fix potential memory leak while creating MAD agents
    - IB/core: Destroy QP if XRC QP fails
    - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
    - Input: stmfts - acknowledge that setting brightness is a blocking call
    - selinux: never allow relabeling on context mounts
    - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown
      search
    - x86/mce: Improve error message when kernel cannot recover, p2
    - clk: x86: Add system specific quirk to mark clocks as critical
    - i2c: i2c-stm32f7: Fix SDADEL minimum formula
    - media: v4l2: i2c: ov7670: Fix PLL bypass register values
    - mm/kmemleak.c: fix unused-function warning
    - mac80211: don't attempt to rename ERR_PTR() debugfs dirs
    - i2c: Remove unnecessary call to irq_find_mapping
    - i2c: Clear client->irq in i2c_device_remove
    - i2c: Allow recovery of the initial IRQ by an I2C client device.
    - i2c: Prevent runtime suspend of adapter when Host Notify is required
    - USB: dummy-hcd: Fix failure to give back unlinked URBs
    - batman-adv: fix warning in function batadv_v_elp_get_throughput
    - riscv: fix accessing 8-byte variable from RV32
    - net: stmmac: don't stop NAPI processing when dropping a packet
    - mfd: twl-core: Disable IRQ while suspended
    - block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx
    - arm/mach-at91/pm : fix possible object reference leak
    - fs: stream_open - opener for stream-like files so that read and write can
      run simultaneously without deadlock
    - block: pass no-op callback to INIT_WORK().
    - platform/x86: intel_pmc_core: Fix PCH IP name
    - platform/x86: intel_pmc_core: Handle CFL regmap properly
    - x86/mm: Fix a crash with kmemleak_scan()
    - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
    - ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
    - staging: greybus: power_supply: fix prop-descriptor request size
    - ASoC: hdmi-codec: fix S/PDIF DAI
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC: nau8824: fix the issue of the widget with prefix name
    - ASoC: nau8810: fix the issue of widget with prefixed name
    - ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
    - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
    - ASoC: cs4270: Set auto-increment bit for register writes
    - IB/hfi1: Eliminate opcode tests on mr deref
    - MIPS: KGDB: fix kgdb support for SMP platforms.
    - ASoC: tlv320aic32x4: Fix Common Pins
    - drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - perf/x86/intel: Initialize TFA MSR
    - linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
    - ASoC: rockchip: pdm: fix regmap_ops hang issue
    - slab: fix a crash by reading /proc/slab_allocators
    - virtio_pci: fix a NULL pointer reference in vp_del_vqs
    - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove
    - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
    - drm/mediatek: fix possible object reference leak
    - ASoC: Intel: kbl: fix wrong number of channels
    - virtio-blk: limit number of hw queues by nr_cpu_ids
    - platform/x86: pmc_atom: Drop __initconst on dmi table
    - genirq: Prevent use-after-free and work list corruption
    - usb: dwc3: Fix default lpm_nyet_threshold value
    - USB: serial: f81232: fix interrupt worker not stop
    - USB: cdc-acm: fix unthrottle races
    - usb-storage: Set virt_boundary_mask to avoid SG overflows
    - intel_th: pci: Add Comet Lake support
    - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
    - UAS: fix alignment of scatter/gather segments
    - ASoC: Intel: avoid Oops if DMA setup fails
    - locking/futex: Allow low-level atomic operations to return -EAGAIN
    - arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
    - ASoC: tlv320aic3x: fix reset gpio reference counting
    - ASoC: stm32: sai: fix exposed capabilities in spdif mode
    - ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
    - ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
    - drm/omap: hdmi4_cec: Fix CEC clock handling for PM
    - IB/hfi1: Fix the allocation of RSM table
    - drm/amd/display: fix cursor black issue
    - objtool: Add machine_real_restart() to the noreturn list
    - objtool: Add rewind_stack_do_exit() to the noreturn list
    - RDMA/hns: Fix bug that caused srq creation to fail
    - perf/core: Fix perf_event_disable_inatomic() race
    - soc: sunxi: Fix missing dependency on REGMAP_MMIO
    - scsi: lpfc: change snprintf to scnprintf for possible overflow

* [ZenBook S UX391UA, Realtek ALC294, Mic, Internal] No sound at all
    (LP: #1784485) // Bionic update: upstream stable patchset 2019-07-30
    (LP: #1838459)
    - ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR

* Bionic update: upstream stable patchset 2019-07-29 (LP: #1838349)
    - ARC: u-boot args: check that magic number is correct
    - arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
    - perf/core: Restore mmap record type correctly
    - ext4: add missing brelse() in add_new_gdb_meta_bg()
    - ext4: report real fs size after failed resize
    - ALSA: echoaudio: add a check for ioremap_nocache
    - ALSA: sb8: add a check for request_region
    - auxdisplay: hd44780: Fix memory leak on ->remove()
    - IB/mlx4: Fix race condition between catas error reset and aliasguid flows
    - mmc: davinci: remove extraneous __init annotation
    - ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and
      declaration
    - thermal/intel_powerclamp: fix __percpu declaration of worker_data
    - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
    - thermal/int340x_thermal: Add additional UUIDs
    - thermal/int340x_thermal: fix mode setting
    - thermal/intel_powerclamp: fix truncated kthread name
    - scsi: iscsi: flush running unbind operations when removing a session
    - x86/mm: Don't leak kernel addresses
    - tools/power turbostat: return the exit status of a command
    - perf list: Don't forget to drop the reference to the allocated thread_map
    - perf config: Fix an error in the config template documentation
    - perf config: Fix a memory leak in collect_config()
    - perf build-id: Fix memory leak in print_sdt_events()
    - perf top: Fix error handling in cmd_top()
    - perf hist: Add missing map__put() in error case
    - perf evsel: Free evsel->counts in perf_evsel__exit()
    - perf tests: Fix a memory leak of cpu_map object in the
      openat_syscall_event_on_all_cpus test
    - perf tests: Fix memory leak by expr__find_other() in test__expr()
    - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
    - irqchip/mbigen: Don't clear eventid when freeing an MSI
    - x86/hpet: Prevent potential NULL pointer dereference
    - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
    - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
    - iommu/vt-d: Check capability before disabling protected memory
    - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return
      an error
    - fix incorrect error code mapping for OBJECTID_NOT_FOUND
    - ext4: prohibit fstrim in norecovery mode
    - gpio: pxa: handle corner case of unprobed device
    - rsi: improve kernel thread handling to fix kernel panic
    - 9p: do not trust pdu content for stat item size
    - 9p locks: add mount option for lock retry interval
    - f2fs: fix to do sanity check with current segment number
    - netfilter: xt_cgroup: shrink size of v2 path
    - serial: uartps: console_setup() can't be placed to init section
    - powerpc/pseries: Remove prrn_work workqueue
    - media: au0828: cannot kfree dev before usb disconnect
    - HID: i2c-hid: override HID descriptors for certain devices
    - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
    - [Config] updateconfigs for CONFIG_SAMSUNG_PM_CHECK
    - usbip: fix vhci_hcd controller counting
    - ACPI / SBS: Fix GPE storm on recent MacBookPro's
    - KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
    - cifs: fallback to older infolevels on findfirst queryinfo retry
    - kernel: hung_task.c: disable on suspend
    - crypto: sha256/arm - fix crash bug in Thumb2 build
    - crypto: sha512/arm - fix crash bug in Thumb2 build
    - iommu/dmar: Fix buffer overflow during PCI bus notification
    - soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
    - lkdtm: Print real addresses
    - lkdtm: Add tests for NULL pointer dereference
    - drm/panel: panel-innolux: set display off in innolux_panel_unprepare
    - crypto: axis - fix for recursive locking from bottom half
    - Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
    - coresight: cpu-debug: Support for CA73 CPUs
    - drm/nouveau/volt/gf117: fix speedo readout register
    - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
    - drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
    - appletalk: Fix use-after-free in atalk_proc_exit
    - lib/div64.c: off by one in shift
    - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
    - bpf: fix use after free in bpf_evict_inode
    - dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock
    - net: stmmac: Set dma ring length before enabling the DMA
    - mm: hide incomplete nr_indirectly_reclaimable in sysfs
    - appletalk: Fix compile regression
    - ext4: avoid panic during forced reboot
    - i40iw: Avoid panic when handling the inetdev event
    - sched/core: Fix buffer overflow in cgroup2 property cpu.max
    - ACPI / utils: Drop reference in test for device presence
    - PM / Domains: Avoid a potential deadlock
    - drm/exynos/mixer: fix MIXER shadow registry synchronisation code
    - Bluetooth: Fix debugfs NULL pointer dereference
    - f2fs: cleanup dirty pages if recover failed
    - [Config] updateconfigs for CONFIG_INTEL_ATOMISP2_PM
    - platform/x86: Add Intel AtomISP2 dummy / power-management driver
    - drm/ttm: Fix bo_global and mem_global kfree error
    - ALSA: hda: fix front speakers on Huawei MBXP
    - ACPI: EC / PM: Disable non-wakeup GPEs for suspend-to-idle
    - net/rds: fix warn in rds_message_alloc_sgs
    - scsi: core: Avoid that system resume triggers a kernel warning
    - PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe ports
    - rxrpc: Fix client call connect/disconnect race
    - f2fs: fix to dirty inode for i_mode recovery
    - bonding: fix event handling for stacked bonds
    - net: atm: Fix potential Spectre v1 vulnerabilities
    - net: bridge: fix per-port af_packet sockets
    - net: bridge: multicast: use rcu to access port list from
      br_multicast_start_querier
    - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
    - tcp: tcp_grow_window() needs to respect tcp_space()
    - team: set slave to promisc if team is already in promisc mode
    - vhost: reject zero size iova range
    - ipv4: recompile ip options in ipv4_link_failure
    - ipv4: ensure rcu_read_lock() in ipv4_link_failure()
    - net: thunderx: raise XDP MTU to 1508
    - net: thunderx: don't allow jumbo frames with XDP
    - KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
    - KVM: x86: svm: make sure NMI is injected after nmi_singlestep
    - Staging: iio: meter: fixed typo
    - staging: iio: ad7192: Fix ad7193 channel address
    - iio: gyro: mpu3050: fix chip ID reading
    - iio/gyro/bmg160: Use millidegrees for temperature scale
    - iio: cros_ec: Fix the maths for gyro scale calculation
    - iio: ad_sigma_delta: select channel when reading register
    - iio: dac: mcp4725: add missing powerdown bits in store eeprom
    - iio: Fix scan mask selection
    - iio: adc: at91: disable adc channel interrupt in timeout case
    - iio: core: fix a possible circular locking dependency
    - io: accel: kxcjk1013: restore the range after resume.
    - staging: comedi: vmk80xx: Fix use of uninitialized semaphore
    - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
    - staging: comedi: ni_usb6501: Fix use of uninitialized mutex
    - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
    - ALSA: core: Fix card races between register and disconnect
    - scsi: core: set result when the command cannot be dispatched
    - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core
      dumping
    - crypto: x86/poly1305 - fix overflow during partial reduction
    - arm64: futex: Restore oldval initialization to work around buggy compilers
    - x86/kprobes: Verify stack frame on kretprobe
    - kprobes: Mark ftrace mcount handler functions nokprobe
    - kprobes: Fix error check when reusing optimized probes
    - rt2x00: do not increment sequence number while re-transmitting
    - mac80211: do not call driver wake_tx_queue op during reconfig
    - perf/x86/amd: Add event map for AMD Family 17h
    - x86/cpu/bugs: Use __initconst for 'const' init data
    - perf/x86: Fix incorrect PEBS_REGS
    - x86/speculation: Prevent deadlock on ssb_state::lock
    - crypto: crypto4xx - properly set IV after de- and encrypt
    - mmc: sdhci: Fix data command CRC error handling
    - mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR
    - mmc: sdhci: Handle auto-command errors
    - modpost: file2alias: go back to simple devtable lookup
    - modpost: file2alias: check prototype of handler
    - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
    - ipv6: frags: fix a lockdep false positive
    - Revert "kbuild: use -Oz instead of -Os when using clang"
    - device_cgroup: fix RCU imbalance in error case
    - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y
      CONFIG_SMP=n
    - ALSA: info: Fix racy addition/deletion of nodes
    - percpu: stop printing kernel addresses
    - iomap: report collisions between directio and buffered writes to userspace
    - i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
    - net: Fix missing meta data in skb with vlan packet
    - nfp: flower: replace CFI with vlan present
    - nfp: flower: remove vlan CFI bit from push vlan action
    - ip: add helpers to process in-order fragments faster.
    - net: IP defrag: encapsulate rbtree defrag code into callable functions
    - ip: process in-order fragments efficiently
    - ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
    - net: IP6 defrag: use rbtrees for IPv6 defrag
    - net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
    - cifs: fix handle leak in smb2_query_symlink()
    - Input: elan_i2c - add hardware ID for multiple Lenovo laptops
    - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2
    - timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze()
    - tpm: Fix the type of the return value in calc_tpm2_event_size()

* Bionic update: upstream stable patchset 2019-07-26 (LP: #1838116)
    - mmc: pxamci: fix enum type confusion
    - drm/vmwgfx: Don't double-free the mode stored in par->set_mode
    - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE
    - libceph: wait for latest osdmap in ceph_monc_blacklist_add()
    - udf: Fix crash on IO error during truncate
    - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
    - MIPS: Ensure ELF appended dtb is relocated
    - MIPS: Fix kernel crash for R6 in jump label branch function
    - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton
    - scsi: ibmvscsi: Fix empty event pool access during host removal
    - futex: Ensure that futex address is aligned in handle_futex_death()
    - perf probe: Fix getting the kernel map
    - objtool: Move objtool_file struct off the stack
    - ALSA: x86: Fix runtime PM for hdmi-lpe-audio
    - ext4: fix NULL pointer dereference while journal is aborted
    - ext4: fix data corruption caused by unaligned direct AIO
    - ext4: brelse all indirect buffer in ext4_ind_remove_space()
    - media: v4l2-ctrls.c/uvc: zero v4l2_event
    - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf()
    - Bluetooth: Fix decrementing reference count twice in releasing socket
    - Bluetooth: hci_ldisc: Initialize hci_dev before open()
    - Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in
      hci_uart_set_proto()
    - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx
    - netfilter: ebtables: remove BUGPRINT messages
    - x86/unwind: Handle NULL pointer calls better in frame unwinder
    - x86/unwind: Add hardcoded ORC entry for NULL
    - locking/lockdep: Add debug_locks check in __lock_downgrade()
    - ALSA: hda - Record the current power state before suspend/resume calls
    - PCI: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits
    - PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable
    - PCI: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent()
    - rtc: Fix overflow when converting time64_t to rtc_time
    - sched/cpufreq/schedutil: Fix error path mutex unlock
    - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle.
    - power: supply: charger-manager: Fix incorrect return value
    - ath10k: avoid possible string overflow
    - mmc: renesas_sdhi: limit block count to 16 bit for old revisions
    - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038
    - RDMA/cma: Rollback source IP address if failing to acquire device
    - f2fs: fix to avoid deadlock of atomic file operations
    - loop: access lo_backing_file only when the loop device is Lo_bound
    - video: fbdev: Set pixclock = 0 in goldfishfb
    - dccp: do not use ipv6 header for ipv4 flow
    - genetlink: Fix a memory leak on error path
    - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
    - net: datagram: fix unbounded loop in __skb_try_recv_datagram()
    - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
    - net: rose: fix a possible stack overflow
    - net: stmmac: fix memory corruption with large MTUs
    - net-sysfs: call dev_hold if kobject_init_and_add success
    - packets: Always register packet sk in the same order
    - rhashtable: Still do rehash when we get EEXIST
    - tcp: do not use ipv6 header for ipv4 flow
    - thunderx: enable page recycling for non-XDP case
    - thunderx: eliminate extra calls to put_page() for pages held for recycling
    - vxlan: Don't call gro_cells_destroy() before device is unregistered
    - sctp: get sctphdr by offset in sctp_compute_cksum
    - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
    - mac8390: Fix mmio access size probe
    - tun: properly test for IFF_UP
    - tun: add a missing rcu_read_unlock() in error path
    - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
    - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
    - powerpc/fsl: Add infrastructure to fixup branch predictor flush
    - powerpc/fsl: Add macro to flush the branch predictor
    - powerpc/fsl: Emulate SPRN_BUCSR register
    - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
    - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
    - powerpc/fsl: Flush branch predictor when entering KVM
    - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
    - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
    - powerpc/fsl: Fix the flush of branch predictor.
    - Btrfs: fix incorrect file size after shrinking truncate and fsync
    - btrfs: remove WARN_ON in log_dir_items
    - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
    - powerpc: bpf: Fix generation of load/store DW instructions
    - NFSv4.1 don't free interrupted slot on open
    - net: dsa: qca8k: remove leftover phy accessors
    - ALSA: pcm: Fix possible OOB access in PCM oss plugins
    - ALSA: pcm: Don't suspend stream in unrecoverable PCM state
    - kbuild: modversions: Fix relative CRC byte order interpretation
    - fs/open.c: allow opening only regular files during execve()
    - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
    - scsi: sd: Fix a race between closing an sd device and sd I/O
    - scsi: sd: Quiesce warning if device does not report optimal I/O size
    - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
    - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP
      devices
    - tty: atmel_serial: fix a potential NULL pointer dereference
    - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
    - staging: vt6655: Remove vif check from vnt_interrupt
    - staging: vt6655: Fix interrupt race condition on device start up.
    - serial: max310x: Fix to avoid potential NULL pointer dereference
    - serial: sh-sci: Fix setting SCSCR_TIE while transferring data
    - USB: serial: cp210x: add new device id
    - USB: serial: ftdi_sio: add additional NovaTech products
    - USB: serial: mos7720: fix mos_parport refcount imbalance on error path
    - USB: serial: option: set driver_info for SIM5218 and compatibles
    - USB: serial: option: add support for Quectel EM12
    - USB: serial: option: add Olicard 600
    - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
    - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
    - drm/vgem: fix use-after-free when drm_gem_handle_create() fails
    - gpio: exar: add a check for the return value of ida_simple_get fails
    - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
    - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs
    - usb: mtu3: fix EXTCON dependency
    - USB: gadget: f_hid: fix deadlock in f_hidg_write()
    - usb: common: Consider only available nodes for dr_mode
    - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk
    - xhci: Fix port resume done detection for SS ports with LPM enabled
    - usb: cdc-acm: fix race during wakeup blocking TX traffic
    - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
    - perf intel-pt: Fix TSC slip
    - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n
    - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
    - KVM: Reject device ioctls from processes other than the VM's creator
    - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
    - vfio: ccw: only free cp on final interrupt
    - ipmi_si: Fix crash when using hard-coded device
    - gtp: change NET_UDP_TUNNEL dependency to select
    - Btrfs: fix assertion failure on fsync with NO_HOLES enabled
    - NFS: fix mount/umount race in nlmclnt.
    - ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
    - ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286
    - ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic
    - ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256
    - ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256
    - ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256
    - ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops
    - drm/rockchip: Do not use memcpy for MMIO addresses
    - drm/rockchip: vop: reset scale mode when win is disabled
    - tty: mxs-auart: fix a potential NULL pointer dereference
    - staging: speakup_soft: Fix alternate speech with other synths
    - serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference
    - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
    - usb: xhci: dbc: Don't free all memory with spinlock held
    - xhci: Don't let USB3 ports stuck in polling state prevent suspend
    - mm: add support for kmem caches in DMA32 zone
    - iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging
    - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
    - perf pmu: Fix parser error for uncore event alias
    - objtool: Query pkg-config for libelf location
    - bpf: do not restore dst_reg when cur_state is freed
    - arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
    - ext4: cleanup bh release code in ext4_ind_remove_space()
    - tty/serial: atmel: Add is_half_duplex helper
    - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
    - CIFS: fix POSIX lock leak and invalid ptr deref
    - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
    - f2fs: fix to avoid deadlock in f2fs_read_inline_dir()
    - tracing: kdb: Fix ftdump to not sleep
    - net/mlx5: Avoid panic when setting vport rate
    - net/mlx5: Avoid panic when setting vport mac, getting vport config
    - gpio: gpio-omap: fix level interrupt idling
    - include/linux/relay.h: fix percpu annotation in struct rchan
    - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    - scsi: hisi_sas: Set PHY linkrate when disconnected
    - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver
    - perf c2c: Fix c2c report for empty numa node
    - mm/cma.c: cma_declare_contiguous: correct err handling
    - mm/page_ext.c: fix an imbalance with kmemleak
    - mm, mempolicy: fix uninit memory access
    - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    - mm/slab.c: kmemleak no scan alien caches
    - ocfs2: fix a panic problem caused by o2cb_ctl
    - f2fs: do not use mutex lock in atomic context
    - fs/file.c: initialize init_files.resize_wait
    - page_poison: play nicely with KASAN
    - cifs: use correct format characters
    - dm thin: add sanity checks to thin-pool and external snapshot creation
    - cifs: Fix NULL pointer dereference of devname
    - jbd2: fix invalid descriptor block checksum
    - fs: fix guard_bio_eod to check for real EOD errors
    - tools lib traceevent: Fix buffer overflow in arg_eval
    - PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove()
    - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies
    - crypto: crypto4xx - add missing of_node_put after of_device_is_available
    - crypto: cavium/zip - fix collision with generic cra_driver_name
    - usb: chipidea: Grab the (legacy) USB PHY by phandle first
    - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
    - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc
    - coresight: etm4x: Add support to enable ETMv4.2
    - serial: 8250_pxa: honor the port number from devicetree
    - ARM: 8840/1: use a raw_spinlock_t in unwind
    - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables
    - powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area
      callback
    - mmc: omap: fix the maximum timeout setting
    - e1000e: Fix -Wformat-truncation warnings
    - mlxsw: spectrum: Avoid -Wformat-truncation warnings
    - IB/mlx4: Increase the timeout for CM cache
    - clk: fractional-divider: check parent rate only if flag is set
    - cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies
    - efi: cper: Fix possible out-of-bounds access
    - scsi: megaraid_sas: return error when create DMA pool failed
    - scsi: fcoe: make use of fip_mode enum complete
    - perf test: Fix failure of 'evsel-tp-sched' test on s390
    - SoC: imx-sgtl5000: add missing put_device()
    - media: sh_veu: Correct return type for mem2mem buffer helpers
    - media: s5p-jpeg: Correct return type for mem2mem buffer helpers
    - media: s5p-g2d: Correct return type for mem2mem buffer helpers
    - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
    - media: mtk-jpeg: Correct return type for mem2mem buffer helpers
    - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1
    - HID: intel-ish-hid: avoid binding wrong ishtp_cl_device
    - jbd2: fix race when writing superblock
    - leds: lp55xx: fix null deref on firmware load failure
    - iwlwifi: pcie: fix emergency path
    - ACPI / video: Refactor and fix dmi_is_desktop()
    - kprobes: Prohibit probing on bsearch()
    - netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in
      __nf_conntrack_confirm
    - ARM: 8833/1: Ensure that NEON code always compiles with Clang
    - ALSA: PCM: check if ops are defined before suspending PCM
    - usb: f_fs: Avoid crash due to out-of-scope stack ptr access
    - sched/topology: Fix percpu data types in struct sd_data & struct s_data
    - bcache: fix input overflow to cache set sysfs file io_error_halflife
    - bcache: fix input overflow to sequential_cutoff
    - bcache: improve sysfs_strtoul_clamp()
    - genirq: Avoid summation loops for /proc/stat
    - iw_cxgb4: fix srqidx leak during connection abort
    - fbdev: fbmem: fix memory access if logo is bigger than the screen
    - cdrom: Fix race condition in cdrom_sysctl_register
    - platform/x86: intel_pmc_core: Fix PCH IP sts reading
    - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
    - sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK
    - efi/memattr: Don't bail on zero VA if it equals the region's PA
    - ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation
    - soc: qcom: gsbi: Fix error handling in gsbi_probe()
    - mt7601u: bump supported EEPROM version
    - ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of
    - ARM: avoid Cortex-A9 livelock on tight dmb loops
    - bpf: fix missing prototype warnings
    - cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix
      the accounting
    - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state
    - tty: increase the default flip buffer limit to 2*640K
    - powerpc/pseries: Perform full re-add of CPU for topology update post-
      migration
    - usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded
    - media: mt9m111: set initial frame size other than 0x0
    - hwrng: virtio - Avoid repeated init of completion
    - soc/tegra: fuse: Fix illegal free of IO base address
    - HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR
      busy_clear bit
    - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
    - cpu/hotplug: Mute hotplug lockdep during init
    - dmaengine: imx-dma: fix warning comparison of distinct pointer types
    - dmaengine: qcom_hidma: assign channel cookie correctly
    - dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_*
    - netfilter: physdev: relax br_netfilter dependency
    - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
    - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
    - drm: Auto-set allow_fb_modifiers when given modifiers at plane init
    - drm/nouveau: Stop using drm_crtc_force_disable
    - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
    - selinux: do not override context on context mounts
    - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
    - x86/build: Mark per-CPU symbols as absolute explicitly for LLD
    - clk: rockchip: fix frac settings of GPLL clock for rk3328
    - dmaengine: tegra: avoid overflow of byte tracking
    - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
    - ACPI / video: Extend chassis-type detection with a "Lunch Box" check
    - f2fs: fix to adapt small inline xattr space in __find_inline_xattr()
    - net: stmmac: Avoid sometimes uninitialized Clang warnings
    - libbpf: force fixdep compilation at the start of the build
    - scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
    - x86/hyperv: Fix kernel panic when kexec on HyperV
    - mm/sparse: fix a bad comparison
    - mm, swap: bounds check swap_info array accesses to avoid NULL derefs
    - memcg: killed threads should not invoke memcg OOM killer
    - cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED
    - netfilter: nf_tables: check the result of dereferencing base_chain->stats
    - netfilter: conntrack: tcp: only close if RST matches exact sequence
    - kbuild: invoke syncconfig if include/config/auto.conf.cmd is missing
    - mwifiex: don't advertise IBSS features without FW support
    - perf report: Don't shadow inlined symbol with different addr range
    - media: rockchip/rga: Correct return type for mem2mem buffer helpers
    - selftests: skip seccomp get_metadata test if not real root
    - kprobes: Prohibit probing on RCU debug routine
    - bcache: fix potential div-zero error of writeback_rate_i_term_inverse
    - drm: rcar-du: add missing of_node_put
    - perf/aux: Make perf_event accessible to setup_aux()
    - e1000e: Exclude device from suspend direct complete optimization
    - i2c: of: Try to find an I2C adapter matching the parent
    - sched/core: Use READ_ONCE()/WRITE_ONCE() in
      move_queued_task()/task_rq_lock()
    - powerpc/64s: Clear on-stack exception marker upon exception return
    - platform/x86: intel-hid: Missing power button release on some Dell models
    - pinctrl: meson: meson8b: add the eth_rxd2 and eth_rxd3 pins
    - net: stmmac: Avoid one more sometimes uninitialized Clang warning
    - bcache: fix potential div-zero error of writeback_rate_p_term_inverse
    - net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe
    - drm/i915/gvt: do not let pin count of shadow mm go negative
    - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
    - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    - x86: vdso: Use $LD instead of $CC to link
    - x86/vdso: Drop implicit common-page-size linker flag
    - lib/string.c: implement a basic bcmp
    - stating: ccree: revert "staging: ccree: fix leak of import() after init()"
    - arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
    - tty: mark Siemens R3964 line discipline as BROKEN
    - [Config] updateconfigs for CONFIG_R3964 (BROKEN)
    - [Config] updateconfigs for CONFIG_LDISC_AUTOLOAD
    - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    - ipv6: Fix dangling pointer when ipv6 fragment
    - ipv6: sit: reset ip header pointer in ipip6_rcv
    - kcm: switch order of device registration to fix a crash
    - net-gro: Fix GRO flush when receiving a GSO packet.
    - net/mlx5: Decrease default mr cache size
    - net/sched: fix ->get helper of the matchall cls
    - qmi_wwan: add Olicard 600
    - sctp: initialize _pad of sockaddr_in before copying to user memory
    - tcp: Ensure DCTCP reacts to losses
    - vrf: check accept_source_route on the original netdevice
    - net/mlx5e: Fix error handling when refreshing TIRs
    - net/mlx5e: Add a lock on tir list
    - nfp: validate the return code from dev_queue_xmit()
    - bnxt_en: Improve RX consumer index validity check.
    - bnxt_en: Reset device on RX buffer errors.
    - net/sched: act_sample: fix divide by zero in the traffic path
    - netns: provide pure entropy for net_hash_mix()
    - net: ethtool: not call vzalloc for zero sized memory request
    - ALSA: seq: Fix OOB-reads from strlcpy
    - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
    - hv_netvsc: Fix unwanted wakeup after tx_disable
    - arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
    - parisc: Detect QEMU earlier in boot process
    - parisc: regs_return_value() should return gpr28
    - alarmtimer: Return correct remaining time
    - drm/udl: add a release method and delay modeset teardown
    - include/linux/bitrev.h: fix constant bitrev
    - ASoC: fsl_esai: fix channel swap issue when stream starts
    - Btrfs: do not allow trimming when a fs is mounted with the nologreplay
      option
    - btrfs: prop: fix zstd compression parameter validation
    - btrfs: prop: fix vanished compression property after failed set
    - block: do not leak memory in bio_copy_user_iov()
    - block: fix the return errno for direct IO
    - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
    - genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
    - virtio: Honour 'may_reduce_num' in vring_create_virtqueue
    - ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
    - ARM: dts: am335x-evm: Correct the regulators for the audio codec
    - ARM: dts: at91: Fix typo in ISC_D0 on PC9
    - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
    - arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
    - arm64: backtrace: Don't bother trying to unwind the userspace stack
    - xen: Prevent buffer overflow in privcmd ioctl
    - sched/fair: Do not re-read ->h_load_next during hierarchical load
      calculation
    - xtensa: fix return_address
    - x86/perf/amd: Resolve race condition when disabling PMC
    - x86/perf/amd: Resolve NMI latency issues for active PMCs
    - x86/perf/amd: Remove need to check "running" bit in NMI handler
    - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
    - dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
    - arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
    - arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
    - tcp: fix a potential NULL pointer dereference in tcp_sk_exit
    - nfp: disable netpoll on representors
    - r8169: disable default rx interrupt coalescing on RTL8168
    - kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
    - ACPICA: Namespace: remove address node from global list after method
      termination
    - ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
    - mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
    - riscv: Fix syscall_get_arguments() and syscall_set_arguments()
    - x86/asm: Remove dead __GNUC__ conditionals
    - dm integrity: change memcmp to strncmp in dm_integrity_ctr

* Bionic update: upstream stable patchset 2019-07-25 (LP: #1837952)
    - ACPICA: Reference Counts: increase max to 0x4000 for large servers
    - gro_cells: make sure device is up in gro_cells_receive()
    - ipv4/route: fail early when inet dev is missing
    - l2tp: fix infoleak in l2tp_ip6_recvmsg()
    - net: hsr: fix memory leak in hsr_dev_finalize()
    - net/hsr: fix possible crash in add_timer()
    - net: sit: fix UBSAN Undefined behaviour in check_6rd
    - net/x25: fix use-after-free in x25_device_event()
    - net/x25: reset state in x25_connect()
    - pptp: dst_release sk_dst_cache in pptp_sock_destruct
    - ravb: Decrease TxFIFO depth of Q3 and Q2 to one
    - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
    - rxrpc: Fix client call queueing, waiting for channel
    - tcp: Don't access TCP_SKB_CB before initializing it
    - tcp: handle inet_csk_reqsk_queue_add() failures
    - vxlan: Fix GRO cells race condition between receive and link delete
    - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
    - net/mlx4_core: Fix reset flow when in command polling mode
    - net/mlx4_core: Fix locking in SRIOV mode when switching between events and
      polling
    - net/mlx4_core: Fix qp mtt size calculation
    - net/x25: fix a race in x25_bind()
    - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
    - bonding: fix PACKET_ORIGDEV regression
    - missing barriers in some of unix_sock ->addr and ->path accesses
    - ipvlan: disallow userns cap_net_admin to change global mode/flags
    - perf/x86: Fixup typo in stub functions
    - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against
      Liquid Saffire 56
    - ALSA: firewire-motu: fix construction of PCM frame for capture direction
    - perf/x86/intel: Fix memory corruption
    - perf/x86/intel: Make dev_attr_allow_tsx_force_abort static
    - It's wrong to add len to sector_nr in raid10 reshape twice
    - sctp: remove sched init from sctp_stream_init
    - team: use operstate consistently for linkup
    - ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
    - ALSA: hda - add more quirks for HP Z2 G4 and HP Z240
    - ALSA: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294
    - i40e: report correct statistics when XDP is enabled
    - 9p: use inode->i_lock to protect i_size_write() under 32-bit
    - 9p/net: fix memory leak in p9_client_create
    - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
    - iio: adc: exynos-adc: Fix NULL pointer exception on unbind
    - stm class: Fix an endless loop in channel allocation
    - crypto: caam - fixed handling of sg list
    - crypto: ahash - fix another early termination in hash walk
    - crypto: rockchip - fix scatterlist nents error
    - crypto: rockchip - update new iv to device in multiple operations
    - drm/imx: ignore plane updates on disabled crtcs
    - gpu: ipu-v3: Fix i.MX51 CSI control registers offset
    - drm/imx: imx-ldb: add missing of_node_puts
    - gpu: ipu-v3: Fix CSI offsets for imx53
    - s390/dasd: fix using offset into zero size array error
    - Input: pwm-vibra - prevent unbalanced regulator
    - Input: pwm-vibra - stop regulator after disabling pwm, not before
    - ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be
      uninitialized
    - ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables
    - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check
    - KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded
    - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
    - Input: cap11xx - switch to using set_brightness_blocking()
    - Input: ps2-gpio - flush TX work when closing port
    - Input: matrix_keypad - use flush_delayed_work()
    - mac80211: Fix Tx aggregation session tear down with ITXQs
    - ipvs: fix dependency on nf_defrag_ipv6
    - floppy: check_events callback should not return a negative number
    - NFS: Don't use page_file_mapping after removing the page
    - mm/gup: fix gup_pmd_range() for dax
    - Revert "mm: use early_pfn_to_nid in page_ext_init"
    - mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
    - net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
    - i2c: cadence: Fix the hold bit setting
    - i2c: bcm2835: Clear current buffer pointers and counts after a transfer
    - auxdisplay: ht16k33: fix potential user-after-free on module unload
    - Input: st-keyscan - fix potential zalloc NULL dereference
    - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit
    - clk: sunxi: A31: Fix wrong AHB gate number
    - esp: Skip TX bytes accounting when sending from a request socket
    - ARM: 8824/1: fix a migrating irq bug when hotplug cpu
    - af_key: unconditionally clone on broadcast
    - assoc_array: Fix shortcut creation
    - keys: Fix dependency loop between construction record and auth key
    - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
    - net: systemport: Fix reception of BPDUs
    - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
    - qmi_wwan: apply SET_DTR quirk to Sierra WP7607
    - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
    - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue
    - ASoC: topology: free created components in tplg load error
    - qed: Fix iWARP syn packet mac address validation.
    - arm64: Relax GIC version check during early boot
    - net: marvell: mvneta: fix DMA debug warning
    - tmpfs: fix link accounting when a tmpfile is linked in
    - ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN
    - ARCv2: lib: memcpy: fix doing prefetchw outside of buffer
    - ARC: uacces: remove lp_start, lp_end from clobber list
    - ARCv2: support manual regfile save on interrupts
    - phonet: fix building with clang
    - mac80211_hwsim: propagate genlmsg_reply return code
    - net: thunderx: make CFG_DONE message to run through generic send-ack
      sequence
    - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K
    - nfp: bpf: fix ALU32 high bits clearance bug
    - net: set static variable an initial value in atl2_probe()
    - tmpfs: fix uninitialized return value in shmem_link
    - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
    - stm class: Prevent division by zero
    - libnvdimm/label: Clear 'updating' flag after label-set update
    - libnvdimm, pfn: Fix over-trim in trim_pfn_device()
    - libnvdimm/pmem: Honor force_raw for legacy pmem regions
    - libnvdimm: Fix altmap reservation size calculation
    - fix cgroup_do_mount() handling of failure exits
    - crypto: arm/crct10dif - revert to C code for short inputs
    - crypto: arm64/crct10dif - revert to C code for short inputs
    - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
    - crypto: testmgr - skip crc32c context test for ahash algorithms
    - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
    - crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
    - CIFS: Do not reset lease state to NONE on lease break
    - CIFS: Fix read after write for files with read caching
    - tracing: Use strncpy instead of memcpy for string keys in hist triggers
    - tracing: Do not free iter->trace in fail path of tracing_open_pipe()
    - xen: fix dom0 boot on huge systems
    - ACPI / device_sysfs: Avoid OF modalias creation for removed device
    - mmc: sdhci-esdhc-imx: fix HS400 timing issue
    - spi: ti-qspi: Fix mmap read when more than one CS in use
    - spi: pxa2xx: Setup maximum supported DMA transfer length
    - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
    - regulator: max77620: Initialize values for DT properties
    - regulator: s2mpa01: Fix step values for some LDOs
    - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
    - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
    - s390/setup: fix early warning messages
    - s390/virtio: handle find on invalid queue gracefully
    - scsi: virtio_scsi: don't send sc payload with tmfs
    - scsi: aacraid: Fix performance issue on logical drives
    - scsi: sd: Optimal I/O size should be a multiple of physical block size
    - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
    - fs/devpts: always delete dcache dentry-s in dput()
    - splice: don't merge into linked buffers
    - m68k: Add -ffreestanding to CFLAGS
    - Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
    - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
    - Btrfs: fix corruption reading shared and compressed extents after hole
      punching
    - crypto: pcbc - remove bogus memcpy()s with src == dest
    - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
    - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
    - x86/kprobes: Prohibit probing on optprobe template code
    - cpufreq: tegra124: add missing of_node_put()
    - cpufreq: pxa2xx: remove incorrect __init annotation
    - ext4: add mask of ext4 flags to swap
    - ext4: fix crash during online resizing
    - IB/hfi1: Close race condition on user context disable and close
    - cxl: Wrap iterations over afu slices inside 'afu_list_lock'
    - ext2: Fix underflow in ext2_max_size()
    - clk: uniphier: Fix update register for CPU-gear
    - clk: clk-twl6040: Fix imprecise external abort for pdmclk
    - clk: ingenic: Fix round_rate misbehaving with non-integer dividers
    - clk: ingenic: Fix doc of ingenic_cgu_div_info
    - usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
    - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
    - mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
    - mm/vmalloc: fix size check for remap_vmalloc_range_partial()
    - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
    - device property: Fix the length used in PROPERTY_ENTRY_STRING()
    - intel_th: Don't reference unassigned outputs
    - parport_pc: fix find_superio io compare code, should use equal test.
    - i2c: tegra: fix maximum transfer size
    - crypto: arm64/aes-neonbs - fix returning final keystream block
    - drm/i915: Relax mmap VMA check
    - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
    - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
    - serial: 8250_pci: Fix number of ports for ACCES serial cards
    - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954
      chip use the pci_pericom_setup()
    - jbd2: clear dirty flag when revoking a buffer from an older transaction
    - jbd2: fix compile warning when using JBUFFER_TRACE
    - security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
    - powerpc/32: Clear on-stack exception marker upon exception return
    - powerpc/wii: properly disable use of BATs when requested.
    - powerpc/powernv: Make opal log only readable by root
    - powerpc/83xx: Also save/restore SPRG4-7 during suspend
    - powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
    - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
    - powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR
      configuration
    - powerpc/traps: fix recoverability of machine check handling on book3s/32
    - powerpc/traps: Fix the message printed when stack overflows
    - ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
    - arm64: Fix HCR.TGE status for NMI contexts
    - arm64: debug: Ensure debug handlers check triggering exception level
    - arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
    - dm: fix to_sector() for 32bit
    - dm integrity: limit the rate of error messages
    - cpcap-charger: generate events for userspace
    - NFS: Fix I/O request leakages
    - NFS: Fix an I/O request leakage in nfs_do_recoalesce
    - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
    - nfsd: fix memory corruption caused by readdir
    - nfsd: fix wrong check in write_v4_end_grace()
    - NFSv4.1: Reinitialise sequence results before retransmitting a request
    - PM / wakeup: Rework wakeup source timer cancellation
    - x86/unwind/orc: Fix ORC unwind table alignment
    - perf intel-pt: Fix CYC timestamp calculation after OVF
    - perf auxtrace: Define auxtrace record alignment
    - perf intel-pt: Fix overlap detection to identify consecutive buffers
      correctly
    - perf intel-pt: Fix overlap calculation for padding
    - perf intel-pt: Fix divide by zero when TSC is not available
    - md: Fix failed allocation of md_register_thread
    - tpm/tpm_crb: Avoid unaligned reads in crb_recv()
    - tpm: Unify the send callback behaviour
    - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
    - media: imx: prpencvf: Stop upstream before disabling IDMA channel
    - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
    - media: vimc: Add vimc-streamer for stream control
    - media: imx: csi: Disable CSI immediately after last EOF
    - media: imx: csi: Stop upstream before disabling IDMA channel
    - drm/radeon/evergreen_cs: fix missing break in switch statement
    - KVM: Call kvm_arch_memslots_updated() before updating memslots
    - KVM: x86/mmu: Detect MMIO generation wrap in any address space
    - KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
    - KVM: nVMX: Sign extend displacements of VMX instr's mem operands
    - KVM: nVMX: Apply addr size mask to effective address for VMX instructions
    - KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
    - s390/setup: fix boot crash for machine without EDAT-1
    - crypto: caam - fix hash context DMA unmap size
    - crypto: caam - fix DMA mapping of stack memory
    - KVM: arm/arm64: vgic: Make vgic_dist->lpi_list_lock a raw_spinlock
    - arm/arm64: KVM: Allow a VCPU to fully reset itself
    - arm/arm64: KVM: Don't panic on failure to properly reset system registers
    - ASoC: samsung: Prevent clk_get_rate() calls in atomic context
    - mac80211: call drv_ibss_join() on restart
    - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
    - xprtrdma: Make sure Send CQ is allocated on an existing compvec
    - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
    - x86/CPU: Add Icelake model number
    - kallsyms: Handle too long symbols in kallsyms.c
    - ARM: 8835/1: dma-mapping: Clear DMA ops on teardown
    - net: dsa: bcm_sf2: Do not assume DSA master supports WoL
    - qed: Fix iWARP buffer size provided for syn packet processing.
    - mm: handle lru_add_drain_all for UP properly
    - ARCv2: don't assume core 0x54 has dual issue
    - bpf, lpm: fix lookup bug in map_delete_elem
    - acpi/nfit: Fix bus command validation
    - mmc:fix a bug when max_discard is 0
    - netfilter: ipt_CLUSTERIP: fix warning unused variable cn
    - [Config] updateconfigs for CONFIG_SUN50I_ERRATUM_UNKNOWN1
    - clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer
      instability
    - irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
    - ext4: fix check of inode in swap_inode_boot_loader
    - ext4: cleanup pagecache before swap i_data
    - ext4: update quota information while swapping boot loader inode
    - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
    - mm/memory.c: do_fault: avoid usage of stale vm_area_struct
    - media: i2c: ov5640: Fix post-reset delay
    - powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
    - mfd: sm501: Fix potential NULL pointer dereference
    - nfsd: fix performance-limiting session calculation
    - svcrpc: fix UDP on servers with lots of threads
    - stable-kernel-rules.rst: add link to networking patch queue
    - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata

* Bionic update: upstream stable patchset 2019-07-24 (LP: #1837813)
    - dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string
    - eeprom: at24: add support for 24c2048
    - blk-mq: fix a hung issue when fsync
    - ARM: 8789/1: signal: copy registers using __copy_to_user()
    - ARM: 8790/1: signal: always use __copy_to_user to save iwmmxt context
    - ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state
    - ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user()
    - ARM: 8793/1: signal: replace __put_user_error with __put_user
    - ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit
    - ARM: 8795/1: spectre-v1.1: use put_user() for __put_user()
    - ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization
    - ARM: 8797/1: spectre-v1.1: harden __copy_to_user
    - ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc
    - ARM: make lookup_processor_type() non-__init
    - ARM: split out processor lookup
    - ARM: clean up per-processor check_bugs method call
    - ARM: add PROC_VTABLE and PROC_TABLE macros
    - ARM: spectre-v2: per-CPU vtables to work around big.Little systems
    - ARM: ensure that processor vtables is not lost after boot
    - ARM: fix the cockup in the previous patch
    - ACPI: NUMA: Use correct type for printing addresses on i386-PAE
    - perf test shell: Use a fallback to get the pathname in vfs_getname
    - cpufreq: check if policy is inactive early in __cpufreq_get()
    - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE
    - drm/bridge: tc358767: fix single lane configuration
    - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value
    - drm/bridge: tc358767: reject modes which require too much BW
    - drm/bridge: tc358767: fix output H/V syncs
    - nvme-pci: use the same attributes when freeing host_mem_desc_bufs.
    - ARM: dts: da850-evm: Correct the sound card name
    - ARM: dts: da850-lcdk: Correct the sound card name
    - ARM: dts: kirkwood: Fix polarity of GPIO fan lines
    - gpio: pl061: handle failed allocations
    - drm/nouveau: Don't disable polling in fallback mode
    - drm/nouveau/falcon: avoid touching registers if engine is off
    - cifs: Limit memory used by lock request calls to a page
    - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
    - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
    - perf/core: Fix impossible ring-buffer sizes warning
    - perf/x86: Add check_period PMU callback
    - ALSA: hda - Add quirk for HP EliteBook 840 G5
    - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
    - kvm: vmx: Fix entry number check for add_atomic_switch_msr()
    - Input: bma150 - register input device after setting private data
    - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
    - mm: proc: smaps_rollup: fix pss_locked calculation
    - alpha: fix page fault handling for r16-r18 targets
    - alpha: Fix Eiger NR_IRQS to 128
    - tracing/uprobes: Fix output for multiple string arguments
    - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
    - signal: Restore the stop PTRACE_EVENT_EXIT
    - md/raid1: don't clear bitmap bits on interrupted recovery.
    - x86/a.out: Clear the dump structure initially
    - dm crypt: don't overallocate the integrity tag space
    - dm thin: fix bug where bio that overwrites thin block ignores FUA
    - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
    - perf report: Fix wrong iteration count in --branch-history
    - riscv: fix trace_sys_exit hook
    - ARM: dts: da850-lcdk: Correct the audio codec regulators
    - ARM: OMAP5+: Fix inverted nirq pin interrupts with irq_set_type
    - ASoC: hdmi-codec: fix oops on re-probe
    - riscv: Add pte bit to distinguish swap from invalid
    - mmc: sunxi: Filter out unsupported modes declared in the device tree
    - s390/zcrypt: fix specification exception on z196 during ap probe
    - drm/i915: Block fbdev HPD processing during suspend
    - dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit
    - net: fix IPv6 prefix route residue
    - net: ipv4: use a dedicated counter for icmp_v4 redirect packets
    - vsock: cope with memory allocation failure at socket creation time
    - vxlan: test dev->flags & IFF_UP before calling netif_rx()
    - hwmon: (lm80) Fix missing unlock on error in set_fan_div()
    - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable
    - net: Fix for_each_netdev_feature on Big endian
    - net: phy: xgmiitorgmii: Support generic PHY status read
    - net: stmmac: Fix a race in EEE enable callback
    - net: stmmac: handle endianness in dwmac4_get_timestamp
    - vhost: correctly check the return value of translate_desc() in log_used()
    - net: Add header for usage of fls64()
    - net: Do not allocate page fragments that are not skb aligned
    - tcp: clear icsk_backoff in tcp_write_queue_purge()
    - sunrpc: fix 4 more call sites that were using stack memory with a
      scatterlist
    - net/x25: do not hold the cpu too long in x25_new_lci()
    - mISDN: fix a race in dev_expire_timer()
    - ax25: fix possible use-after-free
    - af_packet: fix raw sockets over 6in4 tunnel
    - tcp: tcp_v4_err() should be more careful
    - mmc: meson-gx: fix interrupt name
    - ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction
    - tracing: Fix number of entries in trace header
    - MIPS: eBPF: Always return sign extended 32b values
    - mac80211: Restore vif beacon interval if start ap fails
    - mac80211: Free mpath object when rhashtable insertion fails
    - libceph: handle an empty authorize reply
    - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
    - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
    - proc, oom: do not report alien mms when setting oom_score_adj
    - KEYS: allow reaching the keys quotas exactly
    - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
    - pvcalls-back: set -ENOTCONN in pvcalls_conn_back_read
    - mfd: twl-core: Fix section annotations on {,un}protect_pm_master
    - mfd: db8500-prcmu: Fix some section annotations
    - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported
    - mfd: ab8500-core: Return zero in get_register_interruptible()
    - mfd: bd9571mwv: Add volatile register to make DVFS work
    - mfd: qcom_rpm: write fw_version to CTRL_REG
    - mfd: wm5110: Add missing ASRC rate register
    - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in
      probe()
    - mfd: mc13xxx: Fix a missing check of a register-read failure
    - xen/pvcalls: remove set but not used variable 'intf'
    - qed: Fix qed_chain_set_prod() for PBL chains with non power of 2 page count
    - qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier
    - net: hns: Fix use after free identified by SLUB debug
    - MIPS: ath79: Enable OF serial ports in the default config
    - netfilter: nf_tables: fix leaking object reference count
    - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
    - scsi: isci: initialize shost fully before calling scsi_add_host()
    - MIPS: jazz: fix 64bit build
    - bpf: correctly set initial window on active Fast Open sender
    - net: stmmac: Fix PCI module removal leak
    - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
    - scsi: ufs: Fix system suspend status
    - scsi: qedi: Add ep_state for login completion on un-reachable targets
    - always clear the X2APIC_ENABLE bit for PV guest
    - drm/meson: add missing of_node_put
    - atm: he: fix sign-extension overflow on large shift
    - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute
      in OF device ID table
    - leds: lp5523: fix a missing check of return value of lp55xx_read
    - bpf: bpf_setsockopt: reset sock dst on SO_MARK changes
    - mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
    - net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
    - isdn: avm: Fix string plus integer warning from Clang
    - batman-adv: fix uninit-value in batadv_interface_tx()
    - ipv6: propagate genlmsg_reply return code
    - net/mlx5e: Don't overwrite pedit action when multiple pedit used
    - net/packet: fix 4gb buffer limit due to overflow check
    - net: sfp: do not probe SFP module before we're attached
    - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
    - team: avoid complex list operations in team_nl_cmd_options_set()
    - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
    - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
    - inet_diag: fix reporting cgroup classid and fallback to priority
    - RDMA/srp: Rework SCSI device reset handling
    - KEYS: user: Align the payload buffer
    - KEYS: always initialize keyring_index_key::desc_len
    - parisc: Fix ptrace syscall number modification
    - ARCv2: Enable unaligned access in early ASM code
    - ARC: U-boot: check arguments paranoidly
    - ARC: define ARCH_SLAB_MINALIGN = 8
    - net: validate untrusted gso packets without csum offload
    - net: avoid false positives in untrusted gso validation
    - Revert "bridge: do not add port to router list when receives query with
      source 0.0.0.0"
    - netfilter: nf_tables: fix flush after rule deletion in the same batch
    - netfilter: nft_compat: use-after-free when deleting targets
    - netfilter: ipv6: Don't preserve original oif for loopback address
    - pinctrl: max77620: Use define directive for max77620_pinconf_param values
    - phy: tegra: remove redundant self assignment of 'map'
    - net: phylink: avoid resolving link state too early
    - gpio: pxa: avoid attempting to set pin direction via pinctrl on MMP2
    - pvcalls-front: read all data before closing the connection
    - pvcalls-front: don't try to free unallocated rings
    - pvcalls-front: properly allocate sk
    - mfd: cros_ec_dev: Add missing mfd_remove_devices() call in remove
    - bpf: Fix [::] -> [::1] rewrite in sys_sendmsg
    - watchdog: mt7621_wdt/rt2880_wdt: Fix compilation problem
    - net/mlx4: Get rid of page operation after dma_alloc_coherent
    - xprtrdma: Double free in rpcrdma_sendctxs_create()
    - RDMA/mthca: Clear QP objects during their allocation
    - powerpc/8xx: fix setting of pagetable for Abatron BDI debug tool.
    - net: stmmac: Fix the logic of checking if RX Watchdog must be enabled
    - scsi: ufs: Fix geometry descriptor size
    - scsi: cxgb4i: add wait_for_completion()
    - afs: Fix key refcounting in file locking code
    - dpaa_eth: NETIF_F_LLTX requires to do our own update of trans_start
    - mlxsw: pci: Return error on PCI reset timeout
    - sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
    - drm/amdgpu: Set DPM_FLAG_NEVER_SKIP when enabling PM-runtime
    - gpu: drm: radeon: Set DPM_FLAG_NEVER_SKIP when enabling PM-runtime
    - drm/amd/display: Fix MST reboot/poweroff sequence
    - mac80211: allocate tailroom for forwarded mesh packets
    - netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in
      clusterip_config_entry_put()
    - net: stmmac: Fix reception of Broadcom switches tags
    - drm/msm: Unblock writer if reader closes file
    - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
    - ALSA: compress: prevent potential divide by zero bugs
    - ASoC: Variable "val" in function rt274_i2c_probe() could be uninitialized
    - clk: vc5: Abort clock configuration without upstream clock
    - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
    - usb: dwc3: gadget: synchronize_irq dwc irq in suspend
    - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
    - usb: gadget: Potential NULL dereference on allocation error
    - genirq: Make sure the initial affinity is not empty
    - ASoC: dapm: change snprintf to scnprintf for possible overflow
    - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
    - selftests: seccomp: use LDLIBS instead of LDFLAGS
    - selftests: gpio-mockup-chardev: Check asprintf() for error
    - ARC: fix __ffs return value to avoid build warnings
    - drivers: thermal: int340x_thermal: Fix sysfs race condition
    - staging: rtl8723bs: Fix build error with Clang when inlining is disabled
    - mac80211: fix miscounting of ttl-dropped frames
    - sched/wait: Fix rcuwait_wake_up() ordering
    - futex: Fix (possible) missed wakeup
    - locking/rwsem: Fix (possible) missed wakeup
    - drm/amd/powerplay: OD setting fix on Vega10
    - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
    - staging: android: ion: Support cpu access during dma_buf_detach
    - direct-io: allow direct writes to empty inodes
    - writeback: synchronize sync(2) against cgroup writeback membership switches
    - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
    - net: altera_tse: fix connect_local_phy error path
    - hv_netvsc: Fix ethtool change hash key error
    - net: usb: asix: ax88772_bind return error when hw_reset fail
    - net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP
    - ibmveth: Do not process frames after calling napi_reschedule
    - mac80211: don't initiate TDLS connection if station is not associated to AP
    - mac80211: Add attribute aligned(2) to struct 'action'
    - cfg80211: extend range deviation for DMG
    - KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting
      to L1
    - mmc: spi: Fix card detection during probe
    - mmc: tmio_mmc_core: don't claim spurious interrupts
    - mmc: tmio: fix access width of Block Count Register
    - mmc: sdhci-esdhc-imx: correct the fix of ERR004536
    - MIPS: fix truncation in __cmpxchg_small for short values
    - MIPS: eBPF: Fix icache flush end address
    - x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
    - irq/matrix: Split out the CPU selection code into a helper
    - irq/matrix: Spread managed interrupts on allocation
    - genirq/matrix: Improve target CPU selection for managed interrupts.
    - clk: tegra: dfll: Fix a potential Oop in remove()
    - selftests/vm/gup_benchmark.c: match gup struct to kernel
    - ARC: show_regs: lockdep: avoid page allocator...
    - sched/wake_q: Fix wakeup ordering for wake_q
    - drm/sun4i: hdmi: Fix usage of TMDS clock
    - scsi: lpfc: nvme: avoid hang / use-after-free when destroying localport
    - scsi: lpfc: nvmet: avoid hang / use-after-free when destroying targetport
    - mmc: core: Fix NULL ptr crash from mmc_should_fail_request
    - drm: Block fb changes for async plane updates
    - hugetlbfs: fix races and page leaks during migration
    - MIPS: BCM63XX: provide DMA masks for ethernet devices
    - cpufreq: Use struct kobj_attribute instead of struct global_attr
    - USB: serial: option: add Telit ME910 ECM composition
    - USB: serial: cp210x: add ID for Ingenico 3070
    - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
    - staging: comedi: ni_660x: fix missing break in switch statement
    - staging: wilc1000: fix to set correct value for 'vif_num'
    - staging: android: ion: fix sys heap pool's gfp_flags
    - ip6mr: Do not call __IP6_INC_STATS() from preemptible context
    - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in
      mv88e6xxx_port_set_duplex
    - net-sysfs: Fix mem leak in netdev_register_kobject
    - team: Free BPF filter when unregistering netdev
    - tipc: fix RDM/DGRAM connect() regression
    - bnxt_en: Drop oversize TX packets to prevent errors.
    - hv_netvsc: Fix IP header checksum for coalesced packets
    - net: dsa: mv88e6xxx: Fix statistics on mv88e6161
    - net: dsa: mv88e6xxx: Fix u64 statistics
    - netlabel: fix out-of-bounds memory accesses
    - net: netem: fix skb length BUG_ON in __skb_to_sgvec
    - net: phy: Micrel KSZ8061: link failure after cable connect
    - net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
    - net: sit: fix memory leak in sit_init_net()
    - tipc: fix race condition causing hung sendto
    - tun: fix blocking read
    - xen-netback: don't populate the hash cache on XenBus disconnect
    - xen-netback: fix occasional leak of grant ref mappings under memory pressure
    - tun: remove unnecessary memory barrier
    - net: Add __icmp_send helper.
    - net: avoid use IPCB in cipso_v4_error
    - ipv4: Return error for RTA_VIA attribute
    - ipv6: Return error for RTA_VIA attribute
    - mpls: Return error for RTA_GATEWAY attribute
    - net/sched: act_ipt: fix refcount leak when replace fails
    - x86/CPU/AMD: Set the CPB bit unconditionally on F17h
    - MIPS: irq: Allocate accurate order pages for irq stack
    - xtensa: fix get_wchan
    - Bluetooth: Fix locking in bt_accept_enqueue() for BH context
    - scsi: core: reset host byte in DID_NEXUS_FAILURE case
    - bpf: fix sanitation rewrite in case of non-pointers
    - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
    - perf core: Fix perf_proc_update_handler() bug
    - perf tools: Handle TOPOLOGY headers with no CPU
    - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
    - iommu/amd: Call free_iova_fast with pfn in map_sg
    - iommu/amd: Unmap all mapped pages in error path of map_sg
    - ipvs: Fix signed integer overflow when setsockopt timeout
    - iommu/amd: Fix IOMMU page flush when detach device from a domain
    - xtensa: SMP: fix ccount_timer_shutdown
    - selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
    - xtensa: SMP: fix secondary CPU initialization
    - xtensa: smp_lx200_defconfig: fix vectors clash
    - xtensa: SMP: mark each possible CPU as present
    - xtensa: SMP: limit number of possible CPUs by NR_CPUS
    - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
    - net: hns: Fix for missing of_node_put() after of_parse_phandle()
    - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
    - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
    - netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are
      present
    - gpio: vf610: Mask all GPIO interrupts
    - selftests: timers: use LDLIBS instead of LDFLAGS
    - nfs: Fix NULL pointer dereference of dev_name
    - qed: Fix bug in tx promiscuous mode settings
    - qed: Fix LACP pdu drops for VFs
    - qed: Fix VF probe failure while FLR
    - qed: Fix system crash in ll2 xmit
    - qed: Fix stack out of bounds bug
    - scsi: libfc: free skb when receiving invalid flogi resp
    - scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
    - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
    - cifs: fix computation for MAX_SMB2_HDR_SIZE
    - x86/microcode/amd: Don't falsely trick the late loading mechanism
    - arm64: kprobe: Always blacklist the KVM world-switch code
    - apparmor: Fix aa_label_build() error handling for failed merges
    - x86/kexec: Don't setup EFI info if EFI runtime is not enabled
    - x86_64: increase stack size for KASAN_EXTRA
    - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
    - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
    - lib/test_kmod.c: potential double free in error handling
    - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
    - autofs: drop dentry reference only when it is never used
    - autofs: fix error return in autofs_fill_super()
    - ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
    - arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
    - soc: fsl: qbman: avoid race in clearing QMan interrupt
    - bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
    - ARM: pxa: ssp: unneeded to free devm_ allocated data
    - arm64: dts: add msm8996 compatible to gicv3
    - DTS: CI20: Fix bugs in ci20's device tree.
    - usb: phy: fix link errors
    - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
    - net: stmmac: Fallback to Platform Data clock in Watchdog conversion
    - net: stmmac: Send TSO packets always from Queue 0
    - net: stmmac: Disable EEE mode earlier in XMIT callback
    - irqchip/gic-v3-its: Fix ITT_entry_size accessor
    - relay: check return of create_buf_file() properly
    - bpf, selftests: fix handling of sparse CPU allocations
    - bpf: fix lockdep false positive in percpu_freelist
    - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
    - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
    - vsock/virtio: fix kernel panic after device hot-unplug
    - vsock/virtio: reset connected sockets on device removal
    - dmaengine: dmatest: Abort test in case of mapping error
    - selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
    - selftests: netfilter: add simple masq/redirect test cases
    - s390/qeth: fix use-after-free in error path
    - perf symbols: Filter out hidden symbols from labels
    - perf trace: Support multiple "vfs_getname" probes
    - MIPS: Remove function size check in get_frame_info()
    - i2c: omap: Use noirq system sleep pm ops to idle device for suspend
    - fs: ratelimit __find_get_block_slow() failure message.
    - qed: Fix EQ full firmware assert.
    - qed: Consider TX tcs while deriving the max num_queues for PF.
    - Input: wacom_serial4 - add support for Wacom ArtPad II tablet
    - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
    - iscsi_ibft: Fix missing break in switch statement
    - scsi: aacraid: Fix missing break in switch statement
    - arm64: dts: hikey: Give wifi some time after power-on
    - ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
    - ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
    - drm: disable uncached DMA optimization for ARM and arm64
    - ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
    - gfs2: Fix missed wakeups in find_insert_glock
    - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
    - perf/x86/intel: Make cpuc allocations consistent
    - perf/x86/intel: Generalize dynamic constraint creation
    - x86: Add TSX Force Abort CPUID/MSR
    - perf/x86/intel: Implement support for TSX Force Abort
    - perf script: Fix crash with printing mixed trace point and other events
    - clk: ti: Fix error handling in ti_clk_parse_divider_data()
    - riscv: Adjust mmap base address at a third of task size
    - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start
    - iomap: fix a use after free in iomap_dio_rw
    - selftests: net: use LDLIBS instead of LDFLAGS
    - scsi: scsi_debug: fix write_same with virtual_gb problem
    - scsi: bnx2fc: Fix error handling in probe()
    - ARM: OMAP: dts: N950/N9: fix onenand timings
    - ARM: dts: sun8i: h3: Add ethernet0 alias to Beelink X2
    - ARM: dts: imx6sx: correct backward compatible of gpt
    - pinctrl: mcp23s08: spi: Fix regmap allocation for mcp23s18
    - bpftool: Fix prog dump by tag
    - bpftool: fix percpu maps updating
    - batman-adv: release station info tidstats
    - irqchip/gic-v4: Fix occasional VLPI drop
    - s390/qeth: release cmd buffer in error paths
    - nvme-pci: add missing unlock for reset error
    - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub
    - ARM: dts: exynos: Fix max voltage for buck8 regulator on Odroid XU3/XU4

* Bionic update: upstream stable patchset 2019-07-23 (LP: #1837664)
    - amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs
    - net: bridge: Fix ethernet header pointer before check skb forwardable
    - net: Fix usage of pskb_trim_rcsum
    - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error
      handling
    - net_sched: refetch skb protocol for each filter
    - openvswitch: Avoid OOB read when parsing flow nlattrs
    - vhost: log dirty page correctly
    - net: ipv4: Fix memory leak in network namespace dismantle
    - tcp: allow MSG_ZEROCOPY transmission also in CLOSE_WAIT state
    - mei: me: add denverton innovation engine device IDs
    - USB: serial: simple: add Motorola Tetra TPG2200 device id
    - USB: serial: pl2303: add new PID to support PL2303TB
    - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
    - ASoC: rt5514-spi: Fix potential NULL pointer dereference
    - ARCv2: lib: memeset: fix doing prefetchw outside of buffer
    - ARC: adjust memblock_reserve of kernel memory
    - ARC: perf: map generic branches to correct hardware condition
    - s390/smp: fix CPU hotplug deadlock with CPU rescan
    - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
    - tty: Handle problem if line discipline does not have receive_buf
    - uart: Fix crash in uart_write and uart_put_char
    - tty/n_hdlc: fix __might_sleep warning
    - hv_balloon: avoid touching uninitialized struct page during tail onlining
    - Drivers: hv: vmbus: Check for ring when getting debug info
    - CIFS: Fix possible hang during async MTU reads and writes
    - CIFS: Fix credits calculations for reads with errors
    - CIFS: Fix credit calculation for encrypted reads with errors
    - CIFS: Do not reconnect TCP session in add_credits()
    - Input: xpad - add support for SteelSeries Stratus Duo
    - compiler.h: enable builtin overflow checkers and add fallback code
    - Input: uinput - fix undefined behavior in uinput_validate_absinfo()
    - acpi/nfit: Block function zero DSMs
    - acpi/nfit: Fix command-supported detection
    - dm thin: fix passdown_double_checking_shared_status()
    - dm crypt: fix parsing of extended IV arguments
    - KVM: x86: Fix single-step debugging
    - x86/pkeys: Properly copy pkey state at fork()
    - x86/selftests/pkeys: Fork() to check for state being preserved
    - x86/kaslr: Fix incorrect i8254 outb() parameters
    - posix-cpu-timers: Unbreak timer rearming
    - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
    - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by
      removing it
    - can: bcm: check timer values before ktime conversion
    - vt: invoke notifier on screen size change
    - Revert "seccomp: add a selftest for get_metadata"
    - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
    - nvmet-rdma: Add unlikely for response allocated check
    - nvmet-rdma: fix null dereference under heavy load
    - usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup
    - x86/xen/time: Output xen sched_clock time from 0
    - xen: Fix x86 sched_clock() interface for xen
    - mlxsw: pci: Increase PCI SW reset timeout
    - mlxsw: spectrum_fid: Update dummy FID index
    - ASoC: tlv320aic32x4: Kernel OOPS while entering DAPM standby mode
    - s390/mm: always force a load of the primary ASCE on context switch
    - mmc: meson-gx: Free irq in release() callback
    - vgacon: unconfuse vc_origin when using soft scrollback
    - drm/amdgpu: Add APTX quirk for Lenovo laptop
    - vt: always call notifier with the console lock held
    - drm/meson: Fix atomic mode switching regression
    - bpf: improve verifier branch analysis
    - bpf: add per-insn complexity limit
    - ipv6: Consider sk_bound_dev_if when binding a socket to an address
    - ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation
    - l2tp: copy 4 more bytes to linear part if necessary
    - net/mlx4_core: Add masking for a few queries on HCA caps
    - netrom: switch to sock timer API
    - net/rose: fix NULL ax25_cb kernel panic
    - net: set default network namespace in init_dummy_netdev()
    - net/mlx5e: Allow MAC invalidation while spoofchk is ON
    - Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager"
    - virtio_net: Don't enable NAPI when interface is down
    - virtio_net: Don't call free_old_xmit_skbs for xdp_frames
    - virtio_net: Fix not restoring real_num_rx_queues
    - sctp: improve the events for sctp stream adding
    - sctp: improve the events for sctp stream reset
    - l2tp: remove l2specific_len dependency in l2tp_core
    - l2tp: fix reading optional fields of L2TPv3
    - ipvlan, l3mdev: fix broken l3s mode wrt local routes
    - CIFS: Do not count -ENODATA as failure for query directory
    - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
    - iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions()
    - NFS: Fix up return value on fatal errors in nfs_page_async_flush()
    - ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
    - arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
    - arm64: hyp-stub: Forbid kprobing of the hyp-stub
    - arm64: hibernate: Clean the __hyp_text to PoC after resume
    - gpio: altera-a10sr: Set proper output level for direction_output
    - gpio: pcf857x: Fix interrupts on multiple instances
    - mmc: bcm2835: Fix DMA channel leak on probe error
    - IB/hfi1: Remove overly conservative VM_EXEC flag check
    - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
    - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
    - mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
    - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
    - oom, oom_reaper: do not enqueue same task twice
    - mm, oom: fix use-after-free in oom_kill_process
    - mm: hwpoison: use do_send_sig_info() instead of force_sig()
    - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
    - md/raid5: fix 'out of memory' during raid cache recovery
    - cifs: Always resolve hostname before reconnecting
    - drivers: core: Remove glue dirs from sysfs earlier
    - fanotify: fix handling of events on child sub-directory
    - drm/msm/gpu: fix building without debugfs
    - ravb: expand rx descriptor data to accommodate hw checksum
    - tun: move the call to tun_set_real_num_queues
    - sctp: set chunk transport correctly when it's a new asoc
    - sctp: set flow sport from saddr only when it's 0
    - virtio_net: Don't process redirected XDP frames when XDP is disabled
    - CIFS: Do not consider -ENODATA as stat failure for reads
    - mmc: mediatek: fix incorrect register setting of hs400_cmd_int_delay
    - ALSA: usb-audio: Add Opus #3 to quirks for native DSD support
    - Btrfs: fix deadlock when allocating tree block during leaf/node split
    - mm/hugetlb.c: teach follow_hugetlb_page() to handle FOLL_NOWAIT
    - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages
    - of: Convert to using %pOFn instead of device_node.name
    - of: overlay: add tests to validate kfrees from overlay removal
    - of: overlay: add missing of_node_get() in __of_attach_node_sysfs
    - of: overlay: use prop add changeset entry for property in new nodes
    - ucc_geth: Reset BQL queue when stopping device
    - staging: iio: adc: ad7280a: handle error from __ad7280_read32()
    - drm/vgem: Fix vgem_init to get drm device available.
    - pinctrl: bcm2835: Use raw spinlock for RT compatibility
    - ASoC: Intel: mrfld: fix uninitialized variable access
    - gpu: ipu-v3: image-convert: Prevent race between run and unprepare
    - ath9k: dynack: use authentication messages for 'late' ack
    - scsi: lpfc: Correct LCB RJT handling
    - scsi: mpt3sas: Call sas_remove_host before removing the target devices
    - scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
    - ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
    - clk: boston: fix possible memory leak in clk_boston_setup()
    - dlm: Don't swamp the CPU with callbacks queued during recovery
    - x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
    - powerpc/pseries: add of_node_put() in dlpar_detach_node()
    - crypto: aes_ti - disable interrupts while accessing S-box
    - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
    - serial: fsl_lpuart: clear parity enable bit when disable parity
    - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
    - MIPS: Boston: Disable EG20T prefetch
    - staging:iio:ad2s90: Make probe handle spi_setup failure
    - fpga: altera-cvp: Fix registration for CvP incapable devices
    - Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
    - platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
    - staging: iio: ad7780: update voltage on read
    - usbnet: smsc95xx: fix rx packet alignment
    - drm/rockchip: fix for mailbox read size
    - ARM: OMAP2+: hwmod: Fix some section annotations
    - net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
    - modpost: validate symbol names also in find_elf_symbol
    - perf tools: Add Hygon Dhyana support
    - soc/tegra: Don't leak device tree node reference
    - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm()
    - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
    - dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
    - iio: adc: meson-saradc: check for devm_kasprintf failure
    - iio: adc: meson-saradc: fix internal clock names
    - iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
    - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
    - ACPI: SPCR: Consider baud rate 0 as preconfigured state
    - staging: pi433: fix potential null dereference
    - f2fs: move dir data flush to write checkpoint process
    - f2fs: fix race between write_checkpoint and write_begin
    - f2fs: fix wrong return value of f2fs_acl_create
    - i2c: sh_mobile: add support for r8a77990 (R-Car E3)
    - arm64: io: Ensure calls to delay routines are ordered against prior readX()
    - sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
    - soc: bcm: brcmstb: Don't leak device tree node reference
    - nfsd4: fix crash on writing v4_end_grace before nfsd startup
    - drm: Clear state->acquire_ctx before leaving
      drm_atomic_helper_commit_duplicated_state()
    - arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
    - Thermal: do not clear passive state during system sleep
    - firmware/efi: Add NULL pointer checks in efivars API functions
    - s390/zcrypt: improve special ap message cmd handling
    - arm64: ftrace: don't adjust the LR value
    - ARM: dts: mmp2: fix TWSI2
    - x86/fpu: Add might_fault() to user_insn()
    - media: DaVinci-VPBE: fix error handling in vpbe_initialize()
    - smack: fix access permissions for keyring
    - usb: dwc3: Correct the logic for checking TRB full in
      __dwc3_prepare_one_trb()
    - usb: hub: delay hub autosuspend if USB3 port is still link training
    - timekeeping: Use proper seqcount initializer
    - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
    - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks
    - driver core: Move async_synchronize_full call
    - kobject: return error code if writing /sys/.../uevent fails
    - IB/hfi1: Unreserve a reserved request when it is completed
    - usb: dwc3: trace: add missing break statement to make compiler happy
    - pinctrl: sx150x: handle failure case of devm_kstrdup
    - iommu/amd: Fix amd_iommu=force_isolation
    - ARM: dts: Fix OMAP4430 SDP Ethernet startup
    - mips: bpf: fix encoding bug for mm_srlv32_op
    - media: coda: fix H.264 deblocking filter controls
    - ARM: dts: Fix up the D-Link DIR-685 MTD partition info
    - watchdog: renesas_wdt: don't set divider while watchdog is running
    - usb: dwc3: gadget: Disable CSP for stream OUT ep
    - iommu/arm-smmu: Add support for qcom,smmu-v2 variant
    - iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
    - sata_rcar: fix deferred probing
    - clk: imx6sl: ensure MMDC CH0 handshake is bypassed
    - cpuidle: big.LITTLE: fix refcount leak
    - OPP: Use opp_table->regulators to verify no regulator case
    - i2c-axxia: check for error conditions first
    - phy: sun4i-usb: add support for missing USB PHY index
    - udf: Fix BUG on corrupted inode
    - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite
    - selftests/bpf: use __bpf_constant_htons in test_prog.c
    - ARM: pxa: avoid section mismatch warning
    - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
    - KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines
    - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
    - mmc: bcm2835: reset host on timeout
    - mmc: sdhci-of-esdhc: Fix timeout checks
    - mmc: sdhci-xenon: Fix timeout checks
    - tty: serial: samsung: Properly set flags in autoCTS mode
    - perf test: Fix perf_event_attr test failure
    - perf header: Fix unchecked usage of strncpy()
    - perf probe: Fix unchecked usage of strncpy()
    - arm64: KVM: Skip MMIO insn after emulation
    - usb: musb: dsps: fix otg state machine
    - percpu: convert spin_lock_irq to spin_lock_irqsave.
    - powerpc/uaccess: fix warning/error with access_ok()
    - mac80211: fix radiotap vendor presence bitmap handling
    - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
    - mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG
    - scsi: smartpqi: correct host serial num for ssa
    - scsi: smartpqi: correct volume status
    - scsi: smartpqi: increase fw status register read timeout
    - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
    - powerpc/perf: Fix thresholding counter data for unknown type
    - drbd: narrow rcu_read_lock in drbd_sync_handshake
    - drbd: disconnect, if the wrong UUIDs are attached on a connected peer
    - drbd: skip spurious timeout (ping-timeo) when failing promote
    - drbd: Avoid Clang warning about pointless switch statment
    - video: clps711x-fb: release disp device node in probe()
    - fbdev: fbmem: behave better with small rotated displays and many CPUs
    - i40e: define proper net_device::neigh_priv_len
    - ACPI/APEI: Clear GHES block_status before panic()
    - fbdev: fbcon: Fix unregister crash when more than one framebuffer
    - powerpc/mm: Fix reporting of kernel execute faults on the 8xx
    - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
    - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
    - KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
    - powerpc/fadump: Do not allow hot-remove memory from fadump reserved area.
    - kvm: Change offset in kvm_write_guest_offset_cached to unsigned
    - NFS: nfs_compare_mount_options always compare auth flavors.
    - hwmon: (lm80) fix a missing check of the status of SMBus read
    - hwmon: (lm80) fix a missing check of bus read in lm80 probe
    - seq_buf: Make seq_buf_puts() null-terminate the buffer
    - crypto: ux500 - Use proper enum in cryp_set_dma_transfer
    - crypto: ux500 - Use proper enum in hash_set_dma_transfer
    - MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8
    - cifs: check ntwrk_buf_start for NULL before dereferencing it
    - um: Avoid marking pages with "changed protection"
    - niu: fix missing checks of niu_pci_eeprom_read
    - f2fs: fix sbi->extent_list corruption issue
    - cgroup: fix parsing empty mount option string
    - scripts/decode_stacktrace: only strip base path when a prefix of the path
    - ocfs2: don't clear bh uptodate for block read
    - ocfs2: improve ocfs2 Makefile
    - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in
      HFCPCI_l1hw()
    - gdrom: fix a memory leak bug
    - fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address()
    - block/swim3: Fix -EBUSY error when re-opening device after unmount
    - thermal: bcm2835: enable hwmon explicitly
    - kdb: Don't back trace on a cpu that didn't round up
    - thermal: generic-adc: Fix adc to temp interpolation
    - HID: lenovo: Add checks to fix of_led_classdev_register
    - kernel/hung_task.c: break RCU locks based on jiffies
    - proc/sysctl: fix return error for proc_doulongvec_minmax()
    - kernel/hung_task.c: force console verbose before panic
    - fs/epoll: drop ovflist branch prediction
    - scripts/gdb: fix lx-version string output
    - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
    - dccp: fool proof ccid_hc_[rt]x_parse_options()
    - enic: fix checksum validation for IPv6
    - net: dp83640: expire old TX-skb
    - rxrpc: bad unlock balance in rxrpc_recvmsg
    - skge: potential memory corruption in skge_get_regs()
    - rds: fix refcount bug in rds_sock_addref
    - net: systemport: Fix WoL with password after deep sleep
    - net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
    - net: dsa: slave: Don't propagate flag changes on down slave interfaces
    - ALSA: compress: Fix stop handling on compressed capture streams
    - ALSA: hda - Serialize codec registrations
    - dmaengine: bcm2835: Fix interrupt race on RT
    - dmaengine: bcm2835: Fix abort of transactions
    - dmaengine: imx-dma: fix wrong callback invoke
    - futex: Handle early deadlock return correctly
    - irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID
    - usb: phy: am335x: fix race condition in _probe
    - usb: dwc3: gadget: Handle 0 xfer length for OUT EP
    - usb: gadget: udc: net2272: Fix bitwise and boolean operations
    - usb: gadget: musb: fix short isoc packets with inventra dma
    - staging: speakup: fix tty-operation NULL derefs
    - scsi: cxlflash: Prevent deadlock when adapter probe fails
    - scsi: aic94xx: fix module loading
    - cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
    - perf/x86/intel/uncore: Add Node ID mask
    - x86/MCE: Initialize mce.bank in the case of a fatal error in
      mce_no_way_out()
    - perf/core: Don't WARN() for impossible ring-buffer sizes
    - perf tests evsel-tp-sched: Fix bitwise operator
    - serial: fix race between flush_to_ldisc and tty_open
    - serial: 8250_pci: Make PCI class test non fatal
    - IB/hfi1: Add limit test for RC/UC send via loopback
    - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
    - ath9k: dynack: make ewma estimation faster
    - ath9k: dynack: check da->enabled first in sampling routines
    - devres: Align data[] to ARCH_KMALLOC_MINALIGN
    - genirq/affinity: Spread IRQs to all available NUMA nodes
    - wil6210: fix memory leak in wil_find_tx_bcast_2
    - fpga: altera-cvp: fix 'bad IO access' on x86_64
    - drm/amd/display: calculate stream->phy_pix_clk before clock mapping
    - net: aquantia: return 'err' if set MPI_DEINIT state fails
    - perf: arm_spe: handle devm_kasprintf() failure
    - xtensa: xtfpga.dtsi: fix dtc warnings about SPI
    - media: imx274: select REGMAP_I2C
    - drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2)
    - tipc: fix node keep alive interval calculation
    - mmc: meson-mx-sdio: check devm_kasprintf for failure
    - mmc: sdhci-omap: Fix timeout checks
    - mmc: jz4740: Get CD/WP GPIOs from descriptors
    - usb: renesas_usbhs: add support for RZ/G2E
    - i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E)
    - livepatch: check kzalloc return values
    - usb: musb: dsps: fix runtime pm for peripheral mode
    - perf header: Fix up argument to ctime()
    - drm/amd/display: Add retry to read ddc_clock pin
    - Bluetooth: hci_bcm: Handle deferred probing for the clock supply
    - mlx5: update timecounter at least twice per counter overflow
    - drm/amd/display: validate extended dongle caps
    - perf build: Don't unconditionally link the libbfd feature test to -liberty
      and -lz
    - PCI: imx: Enable MSI from downstream components
    - arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition
    - kernel/kcov.c: mark write_comp_data() as notrace
    - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat
    - xfs: Fix error code in 'xfs_ioc_getbmap()'
    - xfs: fix shared extent data corruption due to missing cow reservation
    - xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers
    - xfs: delalloc -> unwritten COW fork allocation can go wrong
    - fs/xfs: fix f_ffree value for statfs when project quota is set
    - lib/test_rhashtable: Make test_insert_dup() allocate its hash table
      dynamically
    - net: dsa: Fix lockdep false positive splat
    - Revert "net: phy: marvell: avoid pause mode on SGMII-to-Copper for 88e151x"
    - ALSA: hda/realtek - Fix lose hp_pins for disable auto mute
    - serial: sh-sci: Do not free irqs that have already been freed
    - mtd: rawnand: gpmi: fix MX28 bus master lockup problem
    - iio: adc: axp288: Fix TS-pin handling
    - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius
    - signal: Always notice exiting tasks
    - signal: Better detection of synchronous signals
    - misc: vexpress: Off by one in vexpress_syscfg_exec()
    - samples: mei: use /dev/mei0 instead of /dev/mei
    - debugfs: fix debugfs_rename parameter checking
    - tracing: uprobes: Fix typo in pr_fmt string
    - mips: cm: reprime error cause
    - MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
    - MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
    - ARM: iop32x/n2100: fix PCI IRQ mapping
    - ARM: tango: Improve ARCH_MULTIPLATFORM compatibility
    - mac80211: ensure that mgmt tx skbs have tailroom for encryption
    - drm/modes: Prevent division by zero htotal
    - drm/vmwgfx: Fix setting of dma masks
    - drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
    - HID: debug: fix the ring buffer implementation
    - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
    - xfrm: refine validation of template and selector families
    - batman-adv: Avoid WARN on net_device without parent in netns
    - batman-adv: Force mac header to start of data on xmit
    - uio: Reduce return paths from uio_write()
    - uio: Prevent device destruction while fds are open
    - uio: change to use the mutex lock instead of the spin lock
    - uio: fix crash after the device is unregistered
    - uio: fix wrong return value from uio_mmap()
    - uio: fix possible circular locking dependency
    - mtd: Make sure mtd->erasesize is valid even if the partition is of size 0
    - libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD
    - mips: loongson64: remove unreachable(), fix loongson_poweroff().
    - SUNRPC: Always drop the XPRT_LOCK on XPRT_CLOSE_WAIT

* HP ProBook 470 G5, LED's in Hotkeys f5, f8 and f11 without function
    (LP: #1811254) // Bionic update: upstream stable patchset 2019-07-23
    (LP: #1837664)
    - ALSA: hda - Add mute LED support for HP ProBook 470 G5

* Bionic update: upstream stable patchset 2019-07-22 (LP: #1837477)
    - pinctrl: meson: fix pull enable register calculation
    - powerpc: Fix COFF zImage booting on old powermacs
    - powerpc/mm: Fix linux page tables build with some configs
    - HID: ite: Add USB id match for another ITE based keyboard rfkill key quirk
    - ARM: imx: update the cpu power up timing setting on i.mx6sx
    - ARM: dts: imx7d-nitrogen7: Fix the description of the Wifi clock
    - Input: restore EV_ABS ABS_RESERVED
    - checkstack.pl: fix for aarch64
    - xfrm: Fix error return code in xfrm_output_one()
    - xfrm: Fix bucket count reported to userspace
    - xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears
      the dst_entry.
    - netfilter: seqadj: re-load tcp header pointer after possible head
      reallocation
    - scsi: bnx2fc: Fix NULL dereference in error handling
    - Input: omap-keypad - fix idle configuration to not block SoC idle states
    - Input: synaptics - enable RMI on ThinkPad T560
    - ibmvnic: Fix non-atomic memory allocation in IRQ context
    - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done
    - i40e: fix mac filter delete when setting mac address
    - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
    - netfilter: nat: can't use dst_hold on noref dst
    - bnx2x: Clear fip MAC when fcoe offload support is disabled
    - bnx2x: Remove configured vlans as part of unload sequence.
    - bnx2x: Send update-svid ramrod with retry/poll flags enabled
    - scsi: target: iscsi: cxgbit: add missing spin_lock_init()
    - x86, hyperv: remove PCI dependency
    - drivers: net: xgene: Remove unnecessary forward declarations
    - w90p910_ether: remove incorrect __init annotation
    - SUNRPC: Fix a race with XPRT_CONNECTING
    - qed: Fix an error code qed_ll2_start_xmit()
    - net: macb: fix random memory corruption on RX with 64-bit DMA
    - net: macb: fix dropped RX frames due to a race
    - lan78xx: Resolve issue with changing MAC address
    - vxge: ensure data0 is initialized in when fetching firmware version
      information
    - mac80211: free skb fraglist before freeing the skb
    - kbuild: fix false positive warning/error about missing libelf
    - virtio: fix test build after uio.h change
    - gpio: mvebu: only fail on missing clk if pwm is actually to be used
    - Input: synaptics - enable SMBus for HP EliteBook 840 G4
    - net: netxen: fix a missing check and an uninitialized use
    - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup
    - serial/sunsu: fix refcount leak
    - scsi: zfcp: fix posting too many status read buffers leading to adapter
      shutdown
    - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is
      invalid
    - tools: fix cross-compile var clobbering
    - zram: fix double free backing device
    - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
    - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
    - mm, devm_memremap_pages: kill mapping "System RAM" support
    - mm, hmm: use devm semantics for hmm_devmem_{add, remove}
    - mm, hmm: mark hmm_devmem_{add, add_resource} EXPORT_SYMBOL_GPL
    - mm, swap: fix swapoff with KSM pages
    - sunrpc: fix cache_head leak due to queued request
    - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer
    - powerpc: Disable -Wbuiltin-requires-header when setjmp is used
    - ftrace: Build with CPPFLAGS to get -Qunused-arguments
    - kbuild: add -no-integrated-as Clang option unconditionally
    - kbuild: consolidate Clang compiler flags
    - Makefile: Export clang toolchain variables
    - powerpc/boot: Set target when cross-compiling for clang
    - raid6/ppc: Fix build for clang
    - ALSA: cs46xx: Potential NULL dereference in probe
    - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
    - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
    - dlm: fixed memory leaks after failed ls_remove_names allocation
    - dlm: possible memory leak on error path in create_lkb()
    - dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
    - dlm: memory leaks on error path in dlm_user_request()
    - gfs2: Get rid of potential double-freeing in gfs2_create_inode
    - b43: Fix error in cordic routine
    - selinux: policydb - fix byte order and alignment issues
    - scripts/kallsyms: filter arm64's __efistub_ symbols
    - arm64: drop linker script hack to hide __efistub_ symbols
    - arm64: relocatable: fix inconsistencies in linker script and options
    - powerpc/tm: Set MSR[TS] just prior to recheckpoint
    - 9p/net: put a lower bound on msize
    - rxe: fix error completion wr_id and qp_num
    - iommu/vt-d: Handle domain agaw being less than iommu agaw
    - sched/fair: Fix infinite loop in update_blocked_averages() by reverting
      a9e7f6544b9c
    - ceph: don't update importing cap's mseq when handing cap export
    - genwqe: Fix size check
    - intel_th: msu: Fix an off-by-one in attribute store
    - power: supply: olpc_battery: correct the temperature units
    - lib: fix build failure in CONFIG_DEBUG_VIRTUAL test
    - drm/vc4: Set ->is_yuv to false when num_planes == 1
    - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
    - tools: power/acpi, revert to LD = gcc
    - ARM: dts: sun8i: a83t: bananapi-m3: increase vcc-pd voltage to 3.3V
    - arm64: dts: mt7622: fix no more console output on rfb1
    - ibmvnic: Convert reset work item mutex to spin lock
    - ixgbe: Fix race when the VF driver does a reset
    - net: macb: add missing barriers when reading descriptors
    - powerpc: remove old GCC version checks
    - Fix failure path in alloc_pid()
    - block: deactivate blk_stat timer in wbt_disable_default()
    - PCI / PM: Allow runtime PM without callback functions
    - leds: pwm: silently error out on EPROBE_DEFER
    - Revert "powerpc/tm: Unset MSR[TS] if not recheckpointing"
    - iio: dac: ad5686: fix bit shift read register
    - video: fbdev: pxafb: Fix "WARNING: invalid free of devm_ allocated data"
    - drivers/perf: hisi: Fixup one DDRC PMU register offset
    - drm/nouveau/drm/nouveau: Check rc from drm_dp_mst_topology_mgr_resume()
    - drm/rockchip: psr: do not dereference encoder before it is null checked.
    - CIFS: Fix adjustment of credits for MTU requests
    - CIFS: Do not hide EINTR after sending network packets
    - cifs: Fix potential OOB access of lock element array
    - usb: cdc-acm: send ZLP for Telit 3G Intel based modems
    - USB: storage: don't insert sane sense for SPC3+ when bad sense specified
    - USB: storage: add quirk for SMI SM3350
    - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
    - slab: alien caches must not be initialized if the allocation of the alien
      cache failed
    - mm: page_mapped: don't assume compound page is huge or THP
    - mm, memcg: fix reclaim deadlock with writeback
    - ACPI: power: Skip duplicate power resource references in _PRx
    - ACPI / PMIC: xpower: Fix TS-pin current-source handling
    - i2c: dev: prevent adapter retries and timeout being set as minus value
    - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2
    - rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set
    - ext4: make sure enough credits are reserved for dioread_nolock writes
    - ext4: fix a potential fiemap/page fault deadlock w/ inline_data
    - ext4: avoid kernel warning when writing the superblock to a dead device
    - ext4: track writeback errors using the generic tracking infrastructure
    - KVM: arm/arm64: Fix VMID alloc race by reverting to lock-less
    - Btrfs: fix deadlock when using free space tree due to block group creation
    - mm/usercopy.c: no check page span for stack objects
    - vfio/type1: Fix unmap overflow off-by-one
    - drm/amdgpu: Don't ignore rc from drm_dp_mst_topology_mgr_resume()
    - ext4: fix special inode number checks in __ext4_iget()
    - Btrfs: fix access to available allocation bits when starting balance
    - Btrfs: use nofs context when initializing security xattrs to avoid deadlock
    - tty/ldsem: Wake up readers after timed out down_write()
    - can: gw: ensure DLC boundaries after CAN frame modification
    - mmc: sdhci-msm: Disable CDR function on TX
    - media: em28xx: Fix misplaced reset of dev->v4l::field_count
    - scsi: target: iscsi: cxgbit: fix csk leak
    - scsi: target: iscsi: cxgbit: fix csk leak
    - arm64/kvm: consistently handle host HCR_EL2 flags
    - arm64: Don't trap host pointer auth use to EL2
    - ipv6: fix kernel-infoleak in ipv6_local_error()
    - net: bridge: fix a bug on using a neighbour cache entry without checking its
      state
    - packet: Do not leak dev refcounts on error exit
    - bonding: update nest level on unlink
    - ip: on queued skb use skb_header_pointer instead of pskb_may_pull
    - crypto: caam - fix zero-length buffer DMA mapping
    - crypto: authencesn - Avoid twice completion call in decrypt path
    - crypto: bcm - convert to use crypto_authenc_extractkeys()
    - btrfs: wait on ordered extents on abort cleanup
    - Yama: Check for pid death before checking ancestry
    - scsi: core: Synchronize request queue PM status only on successful resume
    - scsi: sd: Fix cache_type_store()
    - crypto: talitos - reorder code in talitos_edesc_alloc()
    - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
    - mips: fix n32 compat_ipc_parse_version
    - MIPS: lantiq: Fix IPI interrupt handling
    - OF: properties: add missing of_node_put
    - mfd: tps6586x: Handle interrupts on suspend
    - media: v4l: ioctl: Validate num_planes for debug messages
    - pstore/ram: Avoid allocation and leak of platform data
    - arm64: kaslr: ensure randomized quantities are clean to the PoC
    - Disable MSI also when pcie-octeon.pcie_disable on
    - omap2fb: Fix stack memory disclosure
    - media: vivid: fix error handling of kthread_run
    - media: vivid: set min width/height to a value > 0
    - bpf: in __bpf_redirect_no_mac pull mac only if present
    - LSM: Check for NULL cred-security on free
    - media: vb2: vb2_mmap: move lock up
    - sunrpc: handle ENOMEM in rpcb_getport_async
    - netfilter: ebtables: account ebt_table_info to kmemcg
    - selinux: fix GPF on invalid policy
    - blockdev: Fix livelocks on loop device
    - sctp: allocate sctp_sockaddr_entry with kzalloc
    - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
    - tipc: fix uninit-value in tipc_nl_compat_bearer_enable
    - tipc: fix uninit-value in tipc_nl_compat_link_set
    - tipc: fix uninit-value in tipc_nl_compat_name_table_dump
    - tipc: fix uninit-value in tipc_nl_compat_doit
    - block/loop: Don't grab "struct file" for vfs_getattr() operation.
    - loop: drop caches if offset or block_size are changed
    - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
    - media: vb2: be sure to unlock mutex on errors
    - nbd: Use set_blocksize() to set device blocksize
    - tun: publish tfile after it's fully initialized
    - crypto: sm3 - fix undefined shift by >= width of value
    - MIPS: BCM47XX: Setup struct device for the SoC
    - RDMA/vmw_pvrdma: Return the correct opcode when creating WR
    - arm64: dts: marvell: armada-ap806: reserve PSCI area
    - ipv6: make icmp6_send() robust against null skb->dev
    - block: use rcu_work instead of call_rcu to avoid sleep in softirq
    - selftests: Fix test errors related to lib.mk khdr target
    - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
    - mlxsw: spectrum: Disable lag port TX before removing it
    - mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
    - net, skbuff: do not prefer skb allocation fails early
    - qmi_wwan: add MTU default to qmap network interface
    - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
    - net: dsa: mv88x6xxx: mv88e6390 errata
    - gpio: pl061: Move irq_chip definition inside struct pl061
    - platform/x86: asus-wmi: Tell the EC the OS will handle the display off
      hotkey
    - e1000e: allow non-monotonic SYSTIM readings
    - writeback: don't decrement wb->refcnt if !wb->bdi
    - serial: set suppress_bind_attrs flag only if builtin
    - ALSA: oxfw: add support for APOGEE duet FireWire
    - x86/mce: Fix -Wmissing-prototypes warnings
    - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
    - arm64: perf: set suppress_bind_attrs flag to true
    - usb: gadget: udc: renesas_usb3: add a safety connection way for
      forced_b_device
    - selinux: always allow mounting submounts
    - rxe: IB_WR_REG_MR does not capture MR's iova field
    - jffs2: Fix use of uninitialized delayed_work, lockdep breakage
    - clk: imx: make mux parent strings const
    - pstore/ram: Do not treat empty buffers as valid
    - powerpc/xmon: Fix invocation inside lock region
    - powerpc/pseries/cpuidle: Fix preempt warning
    - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
    - media: venus: core: Set dma maximum segment size
    - net: call sk_dst_reset when set SO_DONTROUTE
    - scsi: target: use consistent left-aligned ASCII INQUIRY data
    - selftests: do not macro-expand failed assertion expressions
    - clk: imx6q: reset exclusive gates on init
    - arm64: Fix minor issues with the dcache_by_line_op macro
    - kconfig: fix file name and line number of warn_ignored_character()
    - kconfig: fix memory leak when EOF is encountered in quotation
    - mmc: atmel-mci: do not assume idle after atmci_request_end
    - btrfs: improve error handling of btrfs_add_link
    - tty/serial: do not free trasnmit buffer page under port lock
    - perf intel-pt: Fix error with config term "pt=0"
    - perf svghelper: Fix unchecked usage of strncpy()
    - perf parse-events: Fix unchecked usage of strncpy()
    - netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
    - dm crypt: use u64 instead of sector_t to store iv_offset
    - dm kcopyd: Fix bug causing workqueue stalls
    - tools lib subcmd: Don't add the kernel sources to the include path
    - dm snapshot: Fix excessive memory usage and workqueue stalls
    - quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
    - clocksource/drivers/integrator-ap: Add missing of_node_put()
    - ALSA: bebob: fix model-id of unit for Apogee Ensemble
    - sysfs: Disable lockdep for driver bind/unbind files
    - IB/usnic: Fix potential deadlock
    - scsi: smartpqi: correct lun reset issues
    - scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
    - scsi: megaraid: fix out-of-bound array accesses
    - ocfs2: fix panic due to unrecovered local alloc
    - mm/page-writeback.c: don't break integrity writeback on ->writepage() error
    - mm/swap: use nr_node_ids for avail_lists in swap_info_struct
    - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
    - cifs: allow disabling insecure dialects in the config
    - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
    - PCI: dwc: Move interrupt acking into the proper callback
    - ipmi:ssif: Fix handling of multi-part return messages
    - net: clear skb->tstamp in bridge forwarding path
    - netfilter: ipset: Allow matching on destination MAC address for mac and
      ipmac sets
    - drm/amdkfd: fix interrupt spin lock
    - of: overlay: add missing of_node_put() after add new node to changeset
    - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
    - ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
    - efi/libstub: Disable some warnings for x86{,_64}
    - media: uvcvideo: Refactor teardown of uvc on USB disconnect
    - arm64: kasan: Increase stack size for KASAN_EXTRA
    - bpf: relax verifier restriction on BPF_MOV | BPF_ALU
    - perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
    - netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
    - netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
    - x86/topology: Use total_cpus for max logical packages calculation
    - perf stat: Avoid segfaults caused by negated options
    - perf tools: Add missing sigqueue() prototype for systems lacking it
    - perf tools: Add missing open_memstream() prototype for systems lacking it
    - dm: Check for device sector overflow if CONFIG_LBDAF is not set
    - userfaultfd: clear flag if remap event not enabled

* Bionic update: upstream stable patchset 2019-07-19 (LP: #1837257)
    - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
    - userfaultfd: check VM_MAYWRITE was set after verifying the uffd is
      registered
    - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing
    - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
    - mmc: sdhci: fix the timeout check window for clock and reset
    - ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
    - dm thin: send event about thin-pool state change _after_ making it
    - dm cache metadata: verify cache has blocks in
      blocks_are_clean_separate_dirty()
    - tracing: Fix memory leak in set_trigger_filter()
    - tracing: Fix memory leak of instance function hash filters
    - powerpc/msi: Fix NULL pointer access in teardown code
    - drm/nouveau/kms: Fix memory leak in nv50_mstm_del()
    - drm/i915/execlists: Apply a full mb before execution for Braswell
    - drm/amdgpu: update SMC firmware image for polaris10 variants
    - x86/build: Fix compiler support check for CONFIG_RETPOLINE
    - locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath()
    - locking/qspinlock: Ensure node is initialised before updating prev->next
    - locking/qspinlock: Bound spinning on pending->locked transition in slowpath
    - locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'
    - locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath
    - locking/qspinlock: Remove duplicate clear_pending() function from PV code
    - locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue
    - locking/qspinlock: Re-order code
    - locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound
    - locking/qspinlock, x86: Provide liveness guarantee
    - mac80211: don't WARN on bad WMM parameters from buggy APs
    - mac80211: Fix condition validating WMM IE
    - IB/hfi1: Remove race conditions in user_sdma send path
    - locking/qspinlock: Fix build for anonymous union in older GCC compilers
    - mac80211_hwsim: fix module init error paths for netlink
    - Input: hyper-v - fix wakeup from suspend-to-idle
    - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
    - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during
      unload
    - x86/earlyprintk/efi: Fix infinite loop on some screen widths
    - drm/msm: Grab a vblank reference when waiting for commit_done
    - ARC: io.h: Implement reads{x}()/writes{x}()
    - bonding: fix 802.3ad state sent to partner when unbinding slave
    - bpf: Fix verifier log string check for bad alignment.
    - nfs: don't dirty kernel pages read by direct-io
    - SUNRPC: Fix a potential race in xprt_connect()
    - sbus: char: add of_node_put()
    - drivers/sbus/char: add of_node_put()
    - drivers/tty: add missing of_node_put()
    - ide: pmac: add of_node_put()
    - drm/msm: Fix error return checking
    - clk: mvebu: Off by one bugs in cp110_of_clk_get()
    - clk: mmp: Off by one in mmp_clk_add()
    - Input: synaptics - enable SMBus for HP 15-ay000
    - Input: omap-keypad - fix keyboard debounce configuration
    - libata: whitelist all SAMSUNG MZ7KM* solid-state disks
    - mv88e6060: disable hardware level MAC learning
    - net/mlx4_en: Fix build break when CONFIG_INET is off
    - ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address
      handling
    - ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
    - ethernet: fman: fix wrong of_node_put() in probe function
    - drm/ast: Fix connector leak during driver unload
    - vhost/vsock: fix reset orphans race with close timeout
    - mlxsw: spectrum_switchdev: Fix VLAN device deletion via ioctl
    - i2c: axxia: properly handle master timeout
    - i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
    - i2c: uniphier: fix violation of tLOW requirement for Fast-mode
    - i2c: uniphier-f: fix violation of tLOW requirement for Fast-mode
    - nvmet-rdma: fix response use after free
    - rtc: snvs: Add timeouts to avoid kernel lockups
    - bpf, arm: fix emit_ldx_r and emit_mov_i using TMP_REG_1
    - scsi: raid_attrs: fix unused variable warning
    - staging: olpc_dcon: add a missing dependency
    - ARM: dts: qcom-apq8064-arrow-sd-600eval fix graph_endpoint warning
    - mmc: core: use mrq->sbc when sending CMD23 for RPMB
    - dm: call blk_queue_split() to impose device limits on bios
    - media: vb2: don't call __vb2_queue_cancel if vb2_start_streaming failed
    - powerpc: Look for "stdout-path" when setting up legacy consoles
    - dm zoned: Fix target BIO completion handling
    - block: fix infinite loop if the device loses discard capability
    - ASoC: sta32x: set ->component pointer in private struct
    - perf record: Synthesize features before events in pipe mode
    - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
    - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
    - USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd
    - USB: serial: option: add GosunCn ZTE WeLink ME3630
    - USB: serial: option: add HP lt4132
    - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
    - USB: serial: option: add Fibocom NL668 series
    - USB: serial: option: add Telit LN940 series
    - scsi: sd: use mempool for discard special page
    - mmc: core: Reset HPI enabled state during re-init and in case of errors
    - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
    - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
    - mmc: omap_hsmmc: fix DMA API warning
    - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
    - gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers
    - posix-timers: Fix division by zero bug
    - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
    - Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
    - x86/mtrr: Don't copy uninitialized gentry fields back to userspace
    - panic: avoid deadlocks in re-entrant console drivers
    - iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares
    - iwlwifi: add new cards for 9560, 9462, 9461 and killer series
    - ubifs: Handle re-linking of inodes correctly while recovery
    - mm: don't miss the last page because of round-off error
    - proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
    - i2c: rcar: check bus state before reinitializing
    - drm/amd/display: Fix 6x4K displays light-up on Vega20 (v2)
    - drm/msm: Fix task dump in gpu recovery
    - drm/msm: fix handling of cmdstream offset
    - net: aquantia: fix rx checksum offload bits
    - liquidio: read sc->iq_no before release sc
    - drm/msm/hdmi: Enable HPD after HDMI IRQ is set up
    - macvlan: return correct error value
    - bpf: check pending signals while verifying programs
    - ARM: 8816/1: dma-mapping: fix potential uninitialized return
    - tools/testing/nvdimm: Align test resources to 128M
    - Btrfs: fix missing delayed iputs on unmount
    - ax25: fix a use-after-free in ax25_fillin_cb()
    - gro_cell: add napi_disable in gro_cells_destroy
    - ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
    - ieee802154: lowpan_header_create check must check daddr
    - ipv6: explicitly initialize udp6_addr in udp_sock_create6()
    - ipv6: tunnels: fix two use-after-free
    - isdn: fix kernel-infoleak in capi_unlocked_ioctl
    - net: macb: restart tx after tx used bit read
    - net: phy: Fix the issue that netif always links up after resuming
    - netrom: fix locking in nr_find_socket()
    - net/wan: fix a double free in x25_asy_open_tty()
    - packet: validate address length
    - packet: validate address length if non-zero
    - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
    - qmi_wwan: Added support for Telit LN940 series
    - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
    - tcp: fix a race in inet_diag_dump_icsk()
    - tipc: fix a double kfree_skb()
    - vhost: make sure used idx is seen before log in vhost_add_used_n()
    - VSOCK: Send reset control packet when socket is partially bound
    - xen/netfront: tolerate frags with no data
    - net/mlx5: Typo fix in del_sw_hw_rule
    - net/mlx5e: RX, Fix wrong early return in receive queue poll
    - mlxsw: core: Increase timeout during firmware flash process
    - net/mlx5e: Remove the false indication of software timestamping support
    - tipc: use lock_sock() in tipc_sk_reinit()
    - tipc: compare remote and local protocols in tipc_udp_enable()
    - qmi_wwan: Added support for Fibocom NL668 series
    - qmi_wwan: Add support for Fibocom NL678 series
    - net/smc: fix TCP fallback socket release
    - sock: Make sock->sk_stamp thread-safe
    - IB/hfi1: Incorrect sizing of sge for PIO will OOPs
    - mtd: atmel-quadspi: disallow building on ebsa110
    - ALSA: hda: add mute LED support for HP EliteBook 840 G4
    - ALSA: fireface: fix for state to fetch PCM frames
    - ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet
    - ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header'
      tracepoint
    - ALSA: firewire-lib: use the same print format for 'without_header'
      tracepoints
    - ALSA: hda/tegra: clear pending irq handlers
    - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - USB: serial: option: add Fibocom NL678 series
    - usb: r8a66597: Fix a possible concurrency use-after-free bug in
      r8a66597_endpoint_disable()
    - staging: wilc1000: fix missing read_write setting when reading data
    - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
    - s390/pci: fix sleeping in atomic during hotplug
    - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off
    - KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
    - KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails
    - platform-msi: Free descriptors in platform_msi_domain_free()
    - perf pmu: Suppress potential format-truncation warning
    - ext4: add ext4_sb_bread() to disambiguate ENOMEM cases
    - ext4: fix possible use after free in ext4_quota_enable
    - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
    - ext4: fix EXT4_IOC_GROUP_ADD ioctl
    - ext4: include terminating u32 in size of xattr entries when expanding inodes
    - ext4: force inode writes when nfsd calls commit_metadata()
    - ext4: check for shutdown and r/o file system in ext4_write_inode()
    - spi: bcm2835: Fix race on DMA termination
    - spi: bcm2835: Fix book-keeping of DMA termination
    - spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
    - clk: rockchip: fix typo in rk3188 spdif_frac parent
    - crypto: cavium/nitrox - fix a DMA pool free failure
    - cgroup: fix CSS_TASK_ITER_PROCS
    - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
    - Btrfs: fix fsync of files with multiple hard links in new directories
    - f2fs: fix validation of the block count in sanity_check_raw_super
    - serial: uartps: Fix interrupt mask issue to handle the RX interrupts
      properly
    - media: vivid: free bitmap_cap when updating std/timings/etc.
    - media: v4l2-tpg: array index could become negative
    - MIPS: math-emu: Write-protect delay slot emulation pages
    - MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3
    - MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
    - MIPS: Align kernel load address to 64KB
    - MIPS: Expand MIPS32 ASIDs to 64 bits
    - MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
    - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
    - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
    - arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3
      PPIs/SGIs
    - rtc: m41t80: Correct alarm month range with RTC reads
    - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
    - spi: bcm2835: Unbreak the build of esoteric configs
    - MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y
    - KVM: X86: Fix NULL deref in vcpu_scan_ioapic
    - futex: Cure exit race
    - x86/mm: Fix decoy address handling vs 32-bit builds
    - x86/intel_rdt: Ensure a CPU remains online for the region's pseudo-locking
      sequence
    - mm: add mm_pxd_folded checks to pgtable_bytes accounting functions
    - mm: make the __PAGETABLE_PxD_FOLDED defines non-empty
    - mm: introduce mm_[p4d|pud|pmd]_folded
    - ip: validate header length on virtual device xmit
    - net: clear skb->tstamp in forwarding paths
    - net/hamradio/6pack: use mod_timer() to rearm timers
    - tipc: check tsk->group in tipc_wait_for_cond()
    - tipc: check group dests after tipc_wait_for_cond()
    - ipv6: frags: Fix bogus skb->sk in reassembled packets
    - ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294
    - ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Clapper
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Gnawty
    - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
    - arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
    - DRM: UDL: get rid of useless vblank initialization
    - clocksource/drivers/arc_timer: Utilize generic sched_clock
    - ocxl: Fix endiannes bug in ocxl_link_update_pe()
    - ocxl: Fix endiannes bug in read_afu_name()
    - ext4: add verifier check for symlink with append/immutable flags
    - ext4: avoid declaring fs inconsistent due to invalid file handles
    - clk: sunxi-ng: Use u64 for calculation of NM rate
    - crypto: testmgr - add AES-CFB tests
    - btrfs: dev-replace: go back to suspended state if target device is missing
    - btrfs: run delayed items before dropping the snapshot
    - powerpc/tm: Unset MSR[TS] if not recheckpointing
    - f2fs: read page index before freeing
    - f2fs: sanity check of xattr entry size
    - media: cec: keep track of outstanding transmits
    - media: imx274: fix stack corruption in imx274_read_reg
    - media: vb2: check memory model for VIDIOC_CREATE_BUFS
    - MIPS: Fix a R10000_LLSC_WAR logic in atomic.h
    - KVM: arm/arm64: vgic: Do not cond_resched_lock() with IRQs disabled
    - KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum

* alsa/hda: neither mute led nor mic-mute led work on several Lenovo laptops
    (LP: #1837963)
    - SAUCE: ALSA: hda - Add a conexant codec entry to let mute led work

-- Stefan Bader <stefan.bader@canonical.com>  Thu, 22 Aug 2019 18:32:43 +0200

Changed in linux (Ubuntu Bionic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-02:

Download full text (5.5 KiB)

This bug was fixed in the package linux - 4.4.0-161.189

---------------
linux (4.4.0-161.189) xenial; urgency=medium

* xenial/linux: 4.4.0-161.189 -proposed tracker (LP: #1841544)

  * flock not mediated by 'k' (LP: 1658219)
    - Revert "UBUNTU: SAUCE: apparmor: flock mediation is not being, enforced on
      cache check"

* Packaging resync (LP: #1786013)
- [Packaging] resync getabis

linux (4.4.0-160.188) xenial; urgency=medium

* xenial/linux: 4.4.0-160.188 -proposed tracker (LP: #1840021)

* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

  * EeePC 1005px laptop backlight is off after system boot up (LP: #1837117)
    - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from
      asus_nb_wmi

  * CVE-2019-10638
    - [Config] CONFIG_TEST_HASH=n
    - siphash: add cryptographically secure PRF
    - inet: switch IP ID generator to siphash

  * Stacked onexec transitions fail when under NO NEW PRIVS restrictions
    (LP: #1839037)
    - SAUCE: apparmor: fix nnp subset check failure, when stacking

* AppArmor onexec transition causes WARN kernel stack trace (LP: #1838627)
- SAUCE: apparmor: fix audit failures when performing profile transitions

  * flock not mediated by 'k' (LP: 1658219) // Ubuntu 16.04: read access
    incorrectly implies 'm' rule (LP: 1838090)
    - SAUCE: apparmor: flock mediation is not being, enforced on cache check

  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: improve bcache_reboot()
    - bcache: add journal statistic
    - bcache: fix high CPU occupancy during journal
    - bcache: fix incorrect sysfs output value of strip size
    - bcache: fix error return value in memory shrink
    - bcache: fix using of loop variable in memory shrink
    - bcache: Fix indentation
    - bcache: Add __printf annotation to __bch_check_keys()
    - bcache: Annotate switch fall-through
    - bcache: Fix kernel-doc warnings
    - bcache: Remove an unused variable
    - bcache: Suppress more warnings about set-but-not-used variables
    - bcache: Reduce the number of sparse complaints about lock imbalances
    - bcache: Move couple of functions to sysfs.c

  * CVE-2019-3900
    - vhost: introduce vhost_vq_avail_empty()
    - vhost_net: tx batching
    - vhost_net: do not stall on zerocopy depletion
    - vhost-net: set packet weight of tx polling to 2 * vq size
    - vhost_net: use packet weight for rx handler, too
    - vhost_net: introduce vhost_exceeds_weight()
    - vhost: introduce vhost_exceeds_weight()
    - vhost_net: fix possible infinite loop
    - vhost: scsi: add weight support

* Xenial: ZFS deadlock in shrinker path with xattrs (LP: #1839521)
- SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu28

* CVE-2019-13648
- powerpc/tm: Fix oops on sigreturn on systems without TM

* CVE-2018-20856
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case

* CVE-2019-14283
- floppy: fix out-of-bound...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

Stacked onexec transitions fail when under NO NEW PRIVS restrictions

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package