This bug was fixed in the package linux - 6.8.0-78.78
---------------
linux (6.8.0-78.78) noble; urgency=medium
* noble/linux: 6.8.0-78.78 -proposed tracker (LP: #2120405)
* Incorrect backport for CVE-2025-21861 causes kernel hangs
(LP: #2120330) // CVE-2025-21861
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
* Incorrect backport for CVE-2025-21861 causes kernel hangs (LP: #2120330)
- SAUCE: Revert "mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()"
- mm: migrate_device: use more folio in migrate_device_finalize()
linux (6.8.0-72.72) noble; urgency=medium
* noble/linux: 6.8.0-72.72 -proposed tracker (LP: #2117691)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* NVMe namespace ID mismatch on repeated map/unmap (LP: #2115209)
- nvme: requeue namespace scan on missed AENs
- nvme: re-read ANA log page after ns scan completes
- nvme: fixup scan failure for non-ANA multipath controllers
* integrated I219-LM network adapter appears to be running too fast, causing
synchronization issues when using the I219-LM PTP feature (LP: #2116072)
- e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
* intel_rapl: support ARL-H hardware (LP: #2115652)
- powercap: intel_rapl_msr: Add PL4 support for ArrowLake-H
* Ubuntu 24.04+ arm64: screen resolution fixed to 1024x768 with last kernel
update (LP: #2115068)
- [Config] Replace FB_HYPERV with DRM_HYPERV
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212)
- arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
- xfs: assert a valid limit in xfs_rtfind_forw
- xfs: validate inumber in xfs_iget
- xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
- xfs: fix a typo
- xfs: skip background cowblock trims on inodes open for write
- xfs: don't free cowblocks from under dirty pagecache on unshare
- xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname
- xfs: return bool from xfs_attr3_leaf_add
- xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split
- xfs: distinguish extra split from real ENOSPC from
xfs_attr_node_try_addname
- xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate
- xfs: don't ifdef around the exact minlen allocations
- xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc
- xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc
- xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate()
- xfs: Remove empty declartion in header file
- xfs: pass the exact range to initialize to xfs_initialize_perag
- xfs: update the file system geometry after recoverying superblock
buffers
- xfs: error out when a superblock buffer update reduces the agcount
- xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag
- xfs: update the pag for the last AG at recovery time
- xfs: Reduce unnecessary searches when searching for the best extents
- xfs: streamline xfs_filestream_pick_ag
- xfs: Check for delayed allocations before setting extsize
- md/md-bitmap: replace md_bitmap_status() with a new helper
md_bitmap_get_stats()
- md/md-cluster: fix spares warnings for __le64
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats
- mm: update mark_victim tracepoints fields
- cpufreq: dt-platdev: add missing MODULE_DESCRIPTION() macro
- cpufreq: fix using cpufreq-dt as module
- Bluetooth: qca: Support downloading board id specific NVM for WCN7850
- Bluetooth: qca: Update firmware-name to support board specific nvm
- Bluetooth: qca: Fix poor RF performance for WCN6855
- Input: serio - define serio_pause_rx guard to pause and resume serio
ports
- ASoC: renesas: rz-ssi: Add a check for negative sample_space
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB]
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
- ALSA: seq: Drop UMP events when no UMP-conversion is set
- ibmvnic: Return error code on TX scrq flush fail
- ibmvnic: Introduce send sub-crq direct
- ibmvnic: Add stat for tx direct vs tx batched
- vsock/bpf: Warn on socket without transport
- tcp: adjust rcvq_space after updating scaling ratio
- geneve: Suppress list corruption splat in geneve_destroy_tunnels().
- flow_dissector: Fix handling of mixed port and port-range keys
- flow_dissector: Fix port range key handling in BPF conversion
- net: Add non-RCU dev_getbyhwaddr() helper
- arp: switch to dev_getbyhwaddr() in arp_req_set_public()
- net: axienet: Set mac_managed_pm
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic
- strparser: Add read_sock callback
- bpf: Fix wrong copied_seq calculation
- bpf: Disable non stream socket for strparser
- power: supply: da9150-fg: fix potential overflow
- nouveau/svm: fix missing folio unlock + put after
make_device_exclusive_range()
- drm/msm: Avoid rounding up to one jiffy
- nvme/ioctl: add missing space in err message
- bpf: skip non exist keys in generic_map_lookup_batch
- drm/nouveau/pmu: Fix gp10b firmware guard
- drm/msm/dpu: Disable dither in phys encoder cleanup
- drm/i915: Make sure all planes in use by the joiner have their crtc
included
- drm/i915/dp: Fix error handling during 128b/132b link training
- soc: loongson: loongson2_guts: Add check for devm_kstrdup()
- lib/iov_iter: fix import_iovec_ubuf iovec management
- ASoC: fsl_micfil: Enable default case in micfil_set_quality()
- ALSA: hda: Add error check for snd_ctl_rename_id() in
snd_hda_create_dig_out_ctls()
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
- acct: block access to kernel internal filesystems
- mm,madvise,hugetlb: check for 0-length range after end address
adjustment
- mtd: rawnand: cadence: fix error code in cadence_nand_init()
- mtd: rawnand: cadence: use dma_map_resource for sdma address
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
- EDAC/qcom: Correct interrupt enable register configuration
- ftrace: Correct preemption accounting for function tracing.
- ftrace: Do not add duplicate entries in subops manager ops
- arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1
plus lts
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
- KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base()
- KVM: x86: Inline kvm_get_apic_mode() in lapic.h
- KVM: Introduce vcpu->wants_to_run
- KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID
- drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER
- arm64: dts: mt8183: add dpi node to mt8183
- arm64: dts: mt8183: Add port node to dpi node
- arm64: dts: mediatek: mt8183-kukui: Disable DPI display interface
- arm64: dts: mediatek: mt8183: Disable DPI display output by default
- arm64: dts: mediatek: mt8183-pumpkin: add HDMI support
- arm64: dts: mediatek: mt8183: Disable DSI display output by default
- accel/ivpu: Limit FW version string length
- accel/ivpu: Add coredump support
- accel/ivpu: Add FW state dump on TDR
- accel/ivpu: Fix error handling in recovery/reset
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private
- ASoC: SOF: topology: Parse DAI type token for dspless mode
- ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device
- vsock/virtio: fix variables initialization during resuming
- drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450
- drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields
- drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side
- drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver
- drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk
source
- nvme: tcp: Fix compilation warning with W=1
- nvme-tcp: fix connect failure on receiving partial ICResp PDU
- drm: panel: jd9365da-h3: fix reset signal polarity
- io_uring/rw: forbid multishot async reads
- arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588
- arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM
- arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck
- s390/boot: Fix ESSA detection
- xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n
- smb: client: fix chmod(2) regression with ATTR_READONLY
- tracing: Fix using ret variable in tracing_set_tracer()
- selftests/mm: build with -O2
- Upstream stable to v6.6.80, v6.12.17
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21861
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21868
- net: allow small head cache usage with large MAX_SKB_FRAGS values
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21869
- powerpc/code-patching: Disable KASAN report during patching via
temporary mm
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21870
- ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21844
- smb: client: Add check for next_buffer in receive_encrypted_standard()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21846
- acct: perform last write from workqueue
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21847
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21848
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21862
- drop_monitor: fix incorrect initialization order
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21871
- tee: optee: Fix supplicant wait loop
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21863
- io_uring: prevent opcode speculation
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2024-58088
- bpf: Fix deadlock when freeing cgroup storage
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21867
- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21864
- tcp: drop secpath at the same time as we currently drop dst
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21854
- sockmap, vsock: For connectible sockets allow only connected
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21856
- s390/ism: add release function for struct device
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21857
- net/sched: cls_api: fix error handling causing NULL dereference
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21858
- geneve: Fix use-after-free in geneve_find_dev().
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21866
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area
as VM_ALLOC
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21859
- USB: gadget: f_midi: f_midi_complete to call queue_work
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21746
- Input: synaptics - fix crash when enabling pass-through port
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2024-57977
- memcg: fix soft lockup in the OOM process
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21712
- md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
* CVE-2024-58093
- PCI/ASPM: Fix link state exit during switch upstream function removal
* [SRU]Request E825-C driver into latest LTS of Ubuntu OS 24.04
(LP: #2114785)
- ice: add support for 3k signing DDP sections for E825C
- ice: Add helper function ice_is_generic_mac
- ice: introduce new E825C devices family
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: Add z17 elf platform
* [UBUNTU 24.04] Kernel: Add CPUMF extended counter set for z17
(LP: #2114258)
- s390/cpumf: Update CPU Measurement facility extended counter set support
* Noble update: upstream stable patchset 2025-06-29 (LP: #2115616)
- nfsd: clear acl_access/acl_default after releasing them
- NFSD: fix hang in nfsd4_shutdown_callback
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware
- HID: multitouch: Add NULL check in mt_input_configured
- HID: hid-thrustmaster: fix stack-out-of-bounds read in
usb_check_int_endpoints()
- spi: sn-f-ospi: Fix division by zero
- ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
- vrf: use RCU protection in l3mdev_l3_out()
- vxlan: check vxlan_vnigroup_init() return value
- LoongArch: Fix idle VS timer enqueue
- LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
- team: better TEAM_OPTION_TYPE_STRING validation
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
- cgroup: Remove steal time from usage_usec
- drm/i915/selftests: avoid using uninitialized context
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Add missing newline to dev_err format string
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
- xen/swiotlb: relax alignment requirements
- x86/xen: allow larger contiguous memory regions in PV guests
- block: cleanup and fix batch completion adding conditions
- gpiolib: Fix crash on error in gpiochip_get_ngpios()
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel
- RDMA/efa: Reset device on probe failure
- fbdev: omap: use threaded IRQ for LCD DMA
- soc/tegra: fuse: Update Tegra234 nvmem keepout list
- media: cxd2841er: fix 64-bit division on gcc-9
- media: i2c: ds90ub913: Add error handling to ub913_hw_init()
- media: i2c: ds90ub953: Add error handling for i2c reads/writes
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co.
292a camera
- media: uvcvideo: Add Kurokesu C1 PRO camera
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
- PCI: switchtec: Add Microchip PCI100X device IDs
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
- rtla/timerlat_hist: Abort event processing on second signal
- rtla/timerlat_top: Abort event processing on second signal
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
- Grab mm lock before grabbing pt lock
- selftests: gpio: gpio-sim: Fix missing chip disablements
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V
- x86/mm/tlb: Only trim the mm_cpumask once a second
- orangefs: fix a oob in orangefs_debug_write
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- batman-adv: fix panic during interface removal
- batman-adv: Ignore neighbor throughput metrics in error case
- batman-adv: Drop unmanaged ELP metric worker
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-
kernel
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU
- perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI
bind retries
- usb: dwc3: Fix timeout issue during controller enter/exit from halt
state
- usb: roles: set switch registered flag early on
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: dwc2: gadget: remove of_node reference upon udc_stop
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- usb: core: fix pipe creation for get_bMaxPacketSize0
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
- USB: hub: Ignore non-compliant devices with too many configs or
interfaces
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- usb: cdc-acm: Check control transfer buffer size before access
- usb: cdc-acm: Fix handling of oversized fragments
- USB: serial: option: add MeiG Smart SLM828
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: drop MeiG Smart defines
- can: ctucanfd: handle skb allocation failure
- can: c_can: fix unbalanced runtime PM disable in error path
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial
- alpha: make stack 16-byte aligned (most cases)
- wifi: ath12k: fix handling of 6 GHz rules
- kbuild: userprogs: fix bitsize and target detection on clang
- efi: Avoid cold plugged memory for placing the kernel
- cgroup: fix race between fork and cgroup.kill
- serial: port: Assign ->iotype correctly when ->iobase is set
- serial: port: Always update ->iotype in __uart_read_properties()
- serial: 8250: Fix fifo underflow on flush
- alpha: align stack for page fault and user unaligned trap handlers
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14
- gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock
- partitions: mac: fix handling of bogus partition table
- regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
- regmap-irq: Add missing kfree()
- arm64: Handle .ARM.attributes section in linker scripts
- mmc: mtk-sd: Fix register settings for hs400(es) mode
- igc: Set buffer type for empty frames in igc_init_empty_frame
- mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
- btrfs: fix hole expansion when writing at an offset beyond EOF
- clocksource: Use pr_info() for "Checking clocksource synchronization"
message
- clocksource: Use migrate_disable() to avoid calling get_random_u32() in
atomic context
- ipv4: add RCU protection to ip4_dst_hoplimit()
- net: add dev_net_rcu() helper
- ipv4: use RCU protection in ipv4_default_advmss()
- ipv4: use RCU protection in rt_is_expired()
- ipv4: use RCU protection in inet_select_addr()
- net: ipv4: Cache pmtu for all packet paths if multipath enabled
- ipv4: use RCU protection in __ip_rt_update_pmtu()
- ipv4: icmp: convert to dev_net_rcu()
- flow_dissector: use RCU protection to fetch dev_net()
- ipv6: use RCU protection in ip6_default_advmss()
- ipv6: icmp: convert to dev_net_rcu()
- HID: hid-steam: Add Deck IMU support
- HID: hid-steam: Make sure rumble work is canceled on removal
- HID: hid-steam: Move hidraw input (un)registering to work
- ndisc: use RCU protection in ndisc_alloc_skb()
- neighbour: delete redundant judgment statements
- neighbour: use RCU protection in __neigh_notify()
- arp: use RCU protection in arp_xmit()
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
- ndisc: extend RCU protection in ndisc_send_skb()
- ipv6: mcast: extend RCU protection in igmp6_send()
- ipv6: mcast: add RCU protection to mld_newpack()
- drm/tidss: Fix issue in irq handling causing irq-flood issue
- drm/tidss: Clear the interrupt status for interrupts being disabled
- drm/rcar-du: dsi: Fix PHY lock bit check
- drm/v3d: Stop active perfmon if it is being destroyed
- netdevsim: print human readable IP address
- selftests: rtnetlink: update netdevsim ipsec output format
- md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
- md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
- md/md-bitmap: move bitmap_{start, end}write to md upper layer
- mm: gup: fix infinite loop within __get_longterm_locked
- alpha: replace hardcoded stack offsets with autogenerated ones
- HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context
- io_uring/kbuf: reallocate buf lists on upgrade
- x86/i8253: Disable PIT timer 0 when not in use
- pinctrl: cy8c95x0: Rename PWMSEL to SELPWM
- pinctrl: pinconf-generic: print hex value
- pinctrl: pinconf-generic: Print unsigned value if a format is registered
- idpf: fix handling rsc packet with a single segment
- idpf: call set_real_num_queues in idpf_open
- igc: Fix HW RX timestamp when passed by ZC XDP
- LoongArch: KVM: Fix typo issue about GCFG feature detection
- workqueue: Put the pwq after detaching the rescuer from the pool
- perf/x86/intel: Clean up PEBS-via-PT on hybrid
- drm/xe/client: bo->client does not need bos_lock
- io_uring/waitid: don't abuse io_tw_state
- drm: Fix DSC BPP increment decoding
- i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming
- i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus
- [Config] updateconfigs for MIPI_I3C_HCI_PCI
- serial: 8250_pci: Resolve WCH vendor ID ambiguity
- serial: 8250_pci: Share WCH IDs with parport_serial driver
- fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode()
- kbuild: suppress stdout from merge_config for silent builds
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
- perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF
- USB: gadget: core: create sysfs link between udc and gadget
- usb: gadget: core: flush gadget workqueue after device removal
- include: net: add static inline dst_dev_overhead() to dst.h
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks()
- scsi: ufs: core: Prepare to introduce a new clock_gating lock
- scsi: ufs: core: Introduce a new clock_gating lock
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not
allowed
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
- drm/tidss: Fix race condition while handling interrupt registers
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
- wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
- scsi: ufs: core: Ensure clk_gating.lock is used only after
initialization
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
- HID: hid-steam: Fix use-after-free when detaching device
- block: change blk_mq_add_to_batch() third argument type to bool
- nvme: move error logging from nvme_end_req() to __nvme_end_req()
- Upstream stable to v6.6.79, v6.12.16
* Noble update: upstream stable patchset 2025-06-17 (LP: #2114849)
- ice: Add check for devm_kzalloc()
- io_uring/rw: commit provided buffer state on async
- mptcp: pm: only set fullmesh for subflow endp
- selftests: mptcp: join: fix AF_INET6 variable
- xfs: don't lose solo dquot update transactions
- Upstream stable to v6.6.78, v6.12.15
* [Regression Updates] "PCI: Explicitly put devices into D0 when
initializing" breaks pci-pass-through in QEMU/KVM (LP: #2117494)
- PCI/PM: Set up runtime PM even for devices without PCI PM
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
* CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
-- Stefan Bader <[email protected]> Tue, 12 Aug 2025 11:44:16
+0200
** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2024-57977
** CVE added: https://cve.org/CVERecord?id=CVE-2024-58088
** CVE added: https://cve.org/CVERecord?id=CVE-2024-58093
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21712
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21746
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21844
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21846
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21847
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21848
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21853
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21854
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21855
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21856
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21857
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21858
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21859
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21861
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21862
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21863
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21864
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21866
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21867
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21868
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21869
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21870
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21871
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37797
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38083
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2115209
Title:
NVMe namespace ID mismatch on repeated map/unmap
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Noble:
Fix Released
Status in linux source package in Oracular:
Won't Fix
Status in linux source package in Plucky:
Fix Released
Status in linux source package in Questing:
Fix Released
Bug description:
[Impact]
During repeated NS map/unmap operations in ONTAP (which triggers NS attr
changed AENs) where new NSs get mapped reusing the old NSID, one occasionally
sees the Ubuntu 24.04 NVMe/TCP host ending up with device inconsistencies where
the respective NVMe block device (i.e. /dev/nvmeXnY) is available, but not the
corresponding NVMe generic char device (i.e. /dev/ngXnY). This issue is not
seen if the same NS is remapped on the same NSID, but only hit when a new NS is
mapped reusing the same NSID which was previously used by some other NS.
The following error entries are seen in the messages file during this
device inconsistency scenario:
...
kernel: [267011.744167][ T2016] nvme nvme6: rescanning namespaces.
kernel: [267011.744347][T46805] nvme nvme2: rescanning namespaces.
kernel: [267011.750418][ T7876] nvme nvme1: rescanning namespaces.
kernel: [267011.784466][ T2016] nvme nvme6: IDs don't match for shared
namespace 1
kernel: [267011.784791][T46805] nvme nvme2: IDs don't match for shared
namespace 1
kernel: [267011.790843][ T7876] nvme nvme1: IDs don't match for shared
namespace 1
kernel: [267011.804852][ T2016] nvme nvme6: IDs don't match for shared
namespace 2
kernel: [267011.804867][T46805] nvme nvme2: IDs don't match for shared
namespace 2
kernel: [267011.810788][ T7876] nvme nvme1: IDs don't match for shared
namespace 2
kernel: [267011.824600][ T2016] nvme nvme6: IDs don't match for shared
namespace 3
kernel: [267011.825114][T46805] nvme nvme2: IDs don't match for shared
namespace 3
kernel: [267011.830982][ T7876] nvme nvme1: IDs don't match for shared
namespace 3
kernel: [267011.844712][ T2016] nvme nvme6: duplicate IDs in subsystem for
nsid 4
kernel: [267011.845161][T46805] nvme nvme2: duplicate IDs in subsystem for
nsid 4
kernel: [267011.851060][ T7876] nvme nvme1: duplicate IDs in subsystem for
nsid 4
[Fix]
The following upstream commits are required:
9546ad1a9bda nvme: requeue namespace scan on missed AENs
62baf70c3274 nvme: re-read ANA log page after ns scan completes
26d7fb4fd4ca nvme: fixup scan failure for non-ANA multipath controllers
$ git describe --contains 9546ad1a9bda 62baf70c3274 26d7fb4fd4ca
v6.15-rc2~11^2~1^2~11
v6.15-rc2~11^2~1^2~10
v6.15-rc3~27^2^2~5
These are already included in the Plucky tree and the Questing kernel
seems to be based on v6.15 already, so only Noble needs the cherry-
picks.
[Test Case]
The ns-stress.sh script should be able to reproduce this. It repeatedly
creates and deletes NVMe namespaces mapped to the same ID. An example run from
an affected system will look like the one below:
# ./ns-stress.sh /dev/nvme2
Starting test with parameters:
Controller: /dev/nvme2
NSID: 1
Iterations: 100
Size1: 0x200000
Size2: 0x400000
Iteration 1/100
create-ns: Success, created nsid:1
attach-ns: Success, nsid:1
❌ Char device missing after first attach
[Where Problems Could Occur]
The fix requeues controller scans if there are any pending/missed AEN events.
This can introduce delays when managing NVMe namespaces, so we should look out
for any delays or hangs with such operations.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2115209/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
