[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] Update kernel base to 6.6.120-part2 #1420

opsiff · 2026-01-13T06:43:23Z

Due to github limit, submit part 2/8 of v6.6.120.

git log --oneline v6.6.120~~638..v6.6.120~~537 |wc
101 913 7546

Merged:
wifi: mac80211: remove RX_DROP_UNUSABLE

Abdun Nihaal (2):
wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()

Ahelenia Ziemiańska (1):
power: supply: apm_power: only unset own apm_get_power_status

Al Viro (1):
tracefs: fix a leak in eventfs_create_events_dir()

Alexander Dahl (1):
net: phy: adin1100: Fix software power-down ready condition

Alexei Starovoitov (1):
selftests/bpf: Fix failure paths in send_signal test

Andy Shevchenko (1):
lib/vsprintf: Check pointer before dereferencing in time_and_date()

Bart Van Assche (1):
scsi: target: Do not write NUL characters into ASCII configfs output

Bean Huo (1):
scsi: ufs: core: fix incorrect buffer duplication in
ufshcd_read_string_desc()

Chen Ridong (1):
cpuset: Treat cpusets in attaching as populated

Chien Wong (1):
wifi: mac80211: fix CMAC functions not handling errors

Christophe JAILLET (1):
phy: renesas: rcar-gen3-usb2: Fix an error handling path in
rcar_gen3_phy_usb2_probe()

Christophe Leroy (1):
powerpc/32: Fix unpaired stwcx. on interrupt exit

Dapeng Mi (1):
perf/x86/intel: Correct large PEBS flag check

Dinh Nguyen (1):
firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc

Dmitry Antipov (1):
ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()

Dmitry Baryshkov (3):
interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS
arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller
drm/msm/a2xx: stop over-complaining about the legacy firmware

Edward Adam Davis (3):
ntfs3: init run lock for extend inode
fs/ntfs3: out1 also needs to put mi
fs/ntfs3: Prevent memory leaks in add sub record

FUKAUMI Naoki (2):
arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK
5A
arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A

Fangyu Yu (1):
RISC-V: KVM: Fix guest page fault within HLV* instructions

Fernando Fernandez Mancera (1):
ipv6: clear RA flags when adding a static route

Frank Li (1):
i3c: fix refcount inconsistency in i3c_master_register

Gabor Juhos (1):
regulator: core: disable supply if enabling main regulator fails

Gautham R. Shenoy (1):
cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs

Gopi Krishna Menon (1):
usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE

Haotian Zhang (14):
soc: qcom: smem: fix hwspinlock resource leak in probe error paths
pinctrl: stm32: fix hwspinlock resource leak in probe function
mfd: da9055: Fix missing regmap_del_irq_chip() in error path
scsi: stex: Fix reboot_notifier leak in probe error path
clk: renesas: r9a06g032: Fix memory leak in error path
ACPI: property: Fix fwnode refcount leak in
acpi_fwnode_graph_parse_endpoint()
scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls
leds: netxbig: Fix GPIO descriptor leak in error paths
watchdog: wdat_wdt: Fix ACPI table leak in probe function
watchdog: starfive: Fix resource leak in probe error path
mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
crypto: starfive - Correctly handle return of sg_nents_for_len
crypto: ccree - Correctly handle return of sg_nents_for_len

Ian Rogers (1):
perf maps: Add maps__load_first()

Ivan Abramov (3):
power: supply: cw2015: Check devm_delayed_work_autocancel() return
code
power: supply: rt9467: Return error on failure in
rt9467_set_value_from_ranges()
power: supply: wm831x: Check wm831x_set_bits() return value

Jarkko Nikula (1):
i3c: master: Inherit DMA masks and parameters from parent device

Jay Liu (1):
drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue

Jihed Chaibi (3):
ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible
ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible
ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node
properties

Jisheng Zhang (3):
usb: dwc2: disable platform lowlevel hw resources during shutdown
usb: dwc2: fix hang during shutdown if set as peripheral
usb: dwc2: fix hang during suspend if set as peripheral

Johan Hovold (1):
staging: most: remove broken i2c driver

Jose Fernandez (1):
bpf: Improve program stats run-time calculation

Kuan-Wei Chiu (1):
interconnect: debugfs: Fix incorrect error handling for NULL path

Kui-Feng Lee (1):
net/ipv6: Remove expired routes with a separated list of routes.

Leo Yan (5):
coresight: etm4x: Correct polling IDLE bit
coresight: etm4x: Extract the trace unit controlling
coresight: etm4x: Add context synchronization before enabling trace
perf arm-spe: Extend branch operations
perf arm_spe: Fix memset subclass in operation

Leon Hwang (1):
bpf: Free special fields when update [lru_,]percpu_hash maps

Long Li (1):
macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse

Ma Ke (1):
RDMA/rtrs: server: Fix error handling in get_or_create_srv

Manivannan Sadhasivam (1):
dt-bindings: PCI: amlogic: Fix the register name of the DBI region

Martin KaFai Lau (1):
bpf: Check skb->transport_header is set in bpf_skb_check_mtu

Matt Bobrowski (2):
selftests/bpf: skip test_perf_branches_hw() on unsupported platforms
selftests/bpf: Improve reliability of test_perf_branches_no_hw()

Menglong Dong (1):
bpf: Handle return value of ftrace_set_filter_ip in register_fentry

Mike McGowen (1):
scsi: smartpqi: Fix device resources accessed after device removal

Murad Masimov (1):
power: supply: rt9467: Prevent using uninitialized local variable in
rt9467_set_value_from_ranges()

Namhyung Kim (1):
perf lock contention: Load kernel map before lookup

Oliver Neukum (1):
usb: chaoskey: fix locking for O_NONBLOCK

Pu Lehui (1):
bpf: Fix invalid prog->stats access when update_effective_progs fails

Rene Rebe (1):
ps3disk: use memcpy_{from,to}_bvec index

Ritesh Harjani (IBM) (2):
powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within
RMA limit
powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE
format

Selvin Xavier (1):
RDMA/bnxt_re: Fix the inline size for GenP7 devices

Sergey Bashirov (1):
NFSD/blocklayout: Fix minlength check in proc_layoutget

Seungjin Bae (1):
wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb()

Shuai Xue (1):
perf record: skip synthesize event when open evsel failed

Siddharth Vadapalli (1):
PCI: keystone: Exit ks_pcie_probe() for invalid mode

Stanley Chu (1):
i3c: master: svc: Prevent incomplete IBI transaction

Tingmao Wang (1):
fs/9p: Don't open remote file with APPEND mode when writeback cache is
used

Usama Arif (2):
x86/boot: Fix page table access in 5-level to 4-level paging
transition
efi/libstub: Fix page table access in 5-level to 4-level paging
transition

Uwe Kleine-König (2):
staging: most: i2c: Drop explicit initialization of struct
i2c_device_id::driver_data to 0
pwm: bcm2835: Make sure the channel is enabled after pwm_request()

Vishwaroop A (1):
spi: tegra210-quad: Fix timeout handling

Yegor Yefremov (1):
ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels

Zhang Yi (1):
ext4: correct the checking of quota files before moving extents

Zhao Yipeng (1):
ima: Handle error code returned by ima_filter_rule_match()

Zheng Qixing (2):
nbd: defer config put in recv_work
nbd: defer config unlock in nbd_genl_connect

Zilin Guan (2):
scsi: qla2xxx: Fix improper freeing of purex item
mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()

Summary by Sourcery

Update multiple kernel subsystems as part of the 6.6.120 base rebase, including tracing, networking, BPF, USB, watchdog, storage, crypto, power, SoC and driver fixes, plus perf tooling adjustments and test robustness improvements.

Bug Fixes:

Ensure Arm CoreSight ETM4x trace units are enabled/disabled with proper synchronization and correct idle status checks.
Fix WDAT ACPI watchdog driver to always release ACPI tables on probe failures and other early exits.
Rework IPv6 route expiration handling to track expiring routes per table and improve garbage collection of temporary and RA-learned routes.
Harden mac80211 AES-CMAC helpers and WPA users to handle crypto errors and avoid using invalid MICs.
Prevent buffer underflow and length misuse in Realtek rtl8187 RX handling and correct RTL8180 RX ring error paths to avoid leaks.
Avoid incomplete IBI transactions in the svc I3C master by polling for completion before slot allocation and safely dropping data on slot exhaustion.
Make Tegra210 QSPI error and timeout handling more robust by resetting and masking IRQs correctly and clearing current transfer state on completion and interrupts.
Fix Renesas R-Car Gen3 USB2 PHY reset handling by using managed reset controls and avoiding stale reset references on remove.
Correct SmartPQI device reset and teardown paths to skip removed devices and synchronously cancel per-LUN work before freeing.
Guard dwc2 USB controller suspend/shutdown against uninitialized low-level hardware state and properly disable low-level hardware on shutdown.
Honor O_NONBLOCK in chaoskey USB RNG reads by using trylock semantics and returning EAGAIN instead of blocking.
Avoid NULL stats dereferences in BPF program runtime accounting and only update stats when allocated.
Fix pf powerpc hash page table dumping for ISA v3.00 by converting HPTE encodings and restricting stress test allocations to RMA when needed.
Fix various driver resource leaks and error paths (GPIO extenders, hwspinlocks, IRQ domains, DMA mappings, ioport mappings, reboot notifiers, regulator supplies, hw locks, etc.).
Correct numerous subsystem-specific bugs across networking (IPv6 MTU checks, RA route flags, ndisc lifetime), storage (ext4 move extent on quota files, ocfs2 extent flag mismatch, nfsd blocklayout minlength), RISC-V KVM guest page faults, x86 5-level paging transitions, UFS string descriptors, 9p writeback append semantics, and others.

Enhancements:

Refactor Arm CoreSight ETM4x trace-unit control into dedicated helpers and tighten synchronization around enable/disable and save paths.
Extend Arm SPE perf decoder to recognize additional load/store subclasses, GCS, and call/return branch types and expose new CR/GCS helpers.
Improve IPv6 neighbor discovery and RA route management by tying expiring routes into a per-table garbage-collection list for more efficient cleanup.
Treat cpusets with in-progress task attachments as populated to prevent invalid empty cpuset transitions and improve partition population checks.
Simplify BCM2835 PWM driver by handling mode setup in apply() and removing custom request/free callbacks while ensuring the channel is enabled.
Improve perf BPF lock contention tooling by loading kernel maps earlier and using a new maps__load_first() helper.
Tighten BPF program stats handling in both fast path and trampoline updates by reusing measured durations and checking for allocated stats pointers.
Make BPF perf branch selftests more robust by waiting for actual program execution, validating run counts, and broadening skip conditions on unsupported hardware.
Improve watchdog drivers (StarFive, WDAT) by adding proper cleanup paths around registration and runtime power management.
Clarify device tree bindings and DTS wiring for several platforms (Amlogic PCIe DBI naming, MSM8996 interconnect USB HS link, various ARM boards).

Documentation:

Fix minor comments and devicetree binding descriptions related to Amlogic PCIe DBI registers and Stratix10 SVC FCS documentation.

Tests:

Strengthen BPF selftests for perf branches and send_signal with additional run count checks, longer spin loops, and more robust child cleanup on failures.

[ Upstream commit dc5db35073a19f6d3c30bea367b551c1a784ef8f ] The hwspinlock acquired via hwspin_lock_request_specific() is not released on several error paths. This results in resource leakage when probe fails. Switch to devm_hwspin_lock_request_specific() to automatically handle cleanup on probe failure. Remove the manual hwspin_lock_free() in qcom_smem_remove() as devm handles it automatically. Fixes: 20bb6c9 ("soc: qcom: smem: map only partitions used by local HOST") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Link: https://lore.kernel.org/r/20251029022733.255-1-vulab@iscas.ac.cn Signed-off-by: Bjorn Andersson <andersson@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit ea954e50d312a080ca2b8676c1e082aeb95371b3) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 002679f79ed605e543fbace465557317cd307c9a ] In stm32_pctl_probe(), hwspin_lock_request_specific() is called to request a hwspinlock, but the acquired lock is not freed on multiple error paths after this call. This causes resource leakage when the function fails to initialize properly. Use devm_hwspin_lock_request_specific() instead of hwspin_lock_request_specific() to automatically manage the hwspinlock resource lifecycle. Fixes: 97cfb6c ("pinctrl: stm32: protect configuration registers with a hwspinlock") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Reviewed-by: Antonio Borneo <antonio.borneo@foss.st.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 5f133ebe68366fbd94b34b00c9cf30776915e193) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 0c35691 ] Copy the DMA masks and parameters for an I3C master device from parent device so that the master device has them set for the DMA buffer and mapping API. Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com> Link: https://lore.kernel.org/r/20230921055704.1087277-2-jarkko.nikula@linux.intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Stable-dep-of: 9d4f219807d5 ("i3c: fix refcount inconsistency in i3c_master_register") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 4fc6af9d9e6d1f502cd3f08595021d15da597498) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 9d4f219807d5ac11fb1d596e4ddb09336b040067 ] In `i3c_master_register`, a possible refcount inconsistency has been identified, causing possible resource leak. Function `of_node_get` increases the refcount of `parent->of_node`. If function `i3c_bus_init` fails, the function returns immediately without a corresponding decrease, resulting in an inconsistent refcounter. Move call i3c_bus_init() after device_initialize() to let callback i3c_masterdev_release() release of_node. Reported-by: Shuhao Fu <sfual@cse.ust.hk> Closes: https://lore.kernel.org/linux-i3c/aO2tjp_FsV_WohPG@osx.local/T/#m2c05a982beeb14e7bf039c1d8db856734bf234c7 Fixes: 3a379bb ("i3c: Add core I3C infrastructure") Signed-off-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20251016143814.2551256-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 82a09b9965ed7a4743fe41a142254f0d0ccb63a0) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 3a36273e5a07dda0ccec193800f3b78c3c0380af ] If no free IBI slot is available, svc_i3c_master_handle_ibi returns immediately. This causes the STOP condition to be missed because the EmitStop request is sent when the transfer is not complete. To resolve this, svc_i3c_master_handle_ibi must wait for the transfer to complete before returning. Fixes: dd3c528 ("i3c: master: svc: Add Silvaco I3C master driver") Signed-off-by: Stanley Chu <yschu@nuvoton.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://patch.msgid.link/20251027034715.708243-1-yschu@nuvoton.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit bbd0544921015fcdb50131991949aff8a566eac3) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 8cf9b43f6b4d90e19a9341edefdd46842d4adb55 ] >From the initial submission the interconnect driver missed the link from SNOC_PNOC to the USB 2 configuration space. Add missing link in order to let the platform configure and utilize this path. Fixes: 7add937 ("interconnect: qcom: Add MSM8996 interconnect provider driver") Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Link: https://lore.kernel.org/r/20251002-fix-msm8996-icc-v1-1-a36a05d1f869@oss.qualcomm.com Signed-off-by: Georgi Djakov <djakov@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 7bfe9e5e31e35a604614a6cce64538758f5aa645) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 242f7558e7bf54cb63c06506f7b0630dd67d45a4 ] Add the missing interconnects to the USB2 host. The Fixes tag points to the commit which broke probing of the USB host on that platform. Fixes: 130733a ("interconnect: qcom: msm8996: Promote to core_initcall") Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Acked-by: Bjorn Andersson <andersson@kernel.org> Link: https://lore.kernel.org/r/20251002-fix-msm8996-icc-v1-2-a36a05d1f869@oss.qualcomm.com Signed-off-by: Georgi Djakov <djakov@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 92087be48b6da1458da481de844c30d3416c3928) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 6bfe104fd0f94d0248af22c256ce725ee087157b ] The icc_commit_set() function, used by the debugfs interface, checks the validity of the global cur_path pointer using IS_ERR_OR_NULL(). However, in the specific case where cur_path is NULL, while IS_ERR_OR_NULL(NULL) correctly evaluates to true, the subsequent call to PTR_ERR(NULL) returns 0. This causes the function to return a success code (0) instead of an error, misleading the user into believing their bandwidth request was successfully committed when, in fact, no operation was performed. Fix this by adding an explicit check to return -EINVAL if cur_path is NULL. This prevents silent failures and ensures that an invalid operational sequence is immediately and clearly reported as an error. Fixes: 770c69f ("interconnect: Add debugfs test client") Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com> Link: https://lore.kernel.org/r/20251010151447.2289779-1-visitorckw@gmail.com Signed-off-by: Georgi Djakov <djakov@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 23411ba96edc6a571d37ac9dbe7ba836d411dd9c) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit e77b023 ] Avoid bpf_lock_contention_read touching the internal maps data structure by adding a helper function. As access is done directly on the map in maps, hold the read lock to stop it being removed. Signed-off-by: Ian Rogers <irogers@google.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Athira Rajeev <atrajeev@linux.vnet.ibm.com> Cc: Changbin Du <changbin.du@huawei.com> Cc: Colin Ian King <colin.i.king@gmail.com> Cc: Dmitrii Dolgov <9erthalion6@gmail.com> Cc: German Gomez <german.gomez@arm.com> Cc: Guilherme Amadio <amadio@gentoo.org> Cc: Huacai Chen <chenhuacai@kernel.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Clark <james.clark@arm.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: K Prateek Nayak <kprateek.nayak@amd.com> Cc: Kajol Jain <kjain@linux.ibm.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Leo Yan <leo.yan@linaro.org> Cc: Li Dong <lidong@vivo.com> Cc: Liam Howlett <liam.howlett@oracle.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Miguel Ojeda <ojeda@kernel.org> Cc: Ming Wang <wangming01@loongson.cn> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Nick Terrell <terrelln@fb.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ravi Bangoria <ravi.bangoria@amd.com> Cc: Sandipan Das <sandipan.das@amd.com> Cc: Sean Christopherson <seanjc@google.com> Cc: Steinar H. Gunderson <sesse@google.com> Cc: Vincent Whitchurch <vincent.whitchurch@axis.com> Cc: Wenyu Liu <liuwenyu7@huawei.com> Cc: Yang Jihong <yangjihong1@huawei.com> Link: https://lore.kernel.org/r/20231207011722.1220634-20-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Stable-dep-of: 553d18c98a89 ("perf lock contention: Load kernel map before lookup") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 9dd3998165eae0f434736b1355d5d033202a85ee) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 553d18c98a896094b99a01765b9698b204183d49 ] On some machines, it caused troubles when it tried to find kernel symbols. I think it's because kernel modules and kallsyms are messed up during load and split. Basically we want to make sure the kernel map is loaded and the code has it in the lock_contention_read(). But recently we added more lookups in the lock_contention_prepare() which is called before _read(). Also the kernel map (kallsyms) may not be the first one in the group like on ARM. Let's use machine__kernel_map() rather than just loading the first map. Reviewed-by: Ian Rogers <irogers@google.com> Fixes: 688d2e8 ("perf lock contention: Add -l/--lock-addr option") Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 4dc555120afc1fb15123885f6c15b2de38340500) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 163e5f2b96632b7fb2eaa965562aca0dbdf9f996 ] When using perf record with the `--overwrite` option, a segmentation fault occurs if an event fails to open. For example: perf record -e cycles-ct -F 1000 -a --overwrite Error: cycles-ct:H: PMU Hardware doesn't support sampling/overflow-interrupts. Try 'perf stat' perf: Segmentation fault #0 0x6466b6 in dump_stack debug.c:366 #1 0x646729 in sighandler_dump_stack debug.c:378 #2 0x453fd1 in sigsegv_handler builtin-record.c:722 #3 0x7f8454e65090 in __restore_rt libc-2.32.so[54090] #4 0x6c5671 in __perf_event__synthesize_id_index synthetic-events.c:1862 deepin-community#5 0x6c5ac0 in perf_event__synthesize_id_index synthetic-events.c:1943 deepin-community#6 0x458090 in record__synthesize builtin-record.c:2075 deepin-community#7 0x45a85a in __cmd_record builtin-record.c:2888 deepin-community#8 0x45deb6 in cmd_record builtin-record.c:4374 deepin-community#9 0x4e5e33 in run_builtin perf.c:349 deepin-community#10 0x4e60bf in handle_internal_command perf.c:401 deepin-community#11 0x4e6215 in run_argv perf.c:448 deepin-community#12 0x4e653a in main perf.c:555 deepin-community#13 0x7f8454e4fa72 in __libc_start_main libc-2.32.so[3ea72] deepin-community#14 0x43a3ee in _start ??:0 The --overwrite option implies --tail-synthesize, which collects non-sample events reflecting the system status when recording finishes. However, when evsel opening fails (e.g., unsupported event 'cycles-ct'), session->evlist is not initialized and remains NULL. The code unconditionally calls record__synthesize() in the error path, which iterates through the NULL evlist pointer and causes a segfault. To fix it, move the record__synthesize() call inside the error check block, so it's only called when there was no error during recording, ensuring that evlist is properly initialized. Fixes: 4ea648a ("perf record: Add --tail-synthesize option") Signed-off-by: Shuai Xue <xueshuai@linux.alibaba.com> Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 42c1d38de86e3d2a59955e5c4936ccfc70eb9057) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 92ec7e7b86ec0aff9cd7db64d9dce50a0ea7c542 ] Since devm_delayed_work_autocancel() may fail, add return code check and exit cw_bat_probe() on error. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 0cb172a ("power: supply: cw2015: Use device managed API to simplify the code") Signed-off-by: Ivan Abramov <i.abramov@mt-integration.ru> Link: https://patch.msgid.link/20251008120711.556021-1-i.abramov@mt-integration.ru Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 1f309df6378582898d7bfd270e9277373f993640) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

…om_ranges() [ Upstream commit 8b27fe2d8d2380118c343629175385ff587e2fe4 ] The return value of rt9467_set_value_from_ranges() when setting AICL VTH is not checked, even though it may fail. Log error and return from rt9467_run_aicl() on fail. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 6f7f70e ("power: supply: rt9467: Add Richtek RT9467 charger driver") Signed-off-by: Ivan Abramov <i.abramov@mt-integration.ru> Link: https://patch.msgid.link/20251009144725.562278-1-i.abramov@mt-integration.ru Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 5e9308f3539ba78bb7a30cfd7590b9c62beb3060) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

…rt9467_set_value_from_ranges() [ Upstream commit 15aca30cc6c69806054b896a2ccf7577239cb878 ] There is a typo in rt9467_set_value_from_ranges() that can cause leaving local variable sel with an undefined value which is then used in regmap_field_write(). Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 6f7f70e ("power: supply: rt9467: Add Richtek RT9467 charger driver") Signed-off-by: Murad Masimov <m.masimov@mt-integration.ru> Link: https://patch.msgid.link/20251009145308.1830893-1-m.masimov@mt-integration.ru Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 0fcbaf9e99dc1d16b4893d29fc5107565e901eda) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit ea14bae6df18942bccb467fcf5ff33ca677b8253 ] Since wm831x_set_bits() may return error, log failure and exit from wm831x_usb_limit_change() in such case. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 626b6cd ("power: wm831x_power: Support USB charger current limit management") Signed-off-by: Ivan Abramov <i.abramov@mt-integration.ru> Link: https://patch.msgid.link/20251009170553.566561-1-i.abramov@mt-integration.ru Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit ea3bdf099e6e23d7f072b79b343d9828616c5cbe) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit bd44ea12919ac4e83c9f3997240fe58266aa8799 ] Mirroring drivers/macintosh/apm_emu.c, this means that modprobe apm_power && modprobe $anotherdriver && modprobe -r apm_power leaves $anotherdriver's apm_get_power_status instead of deleting it. Fixes: 3788ec9 ("[BATTERY] APM emulation driver for class batteries") Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Link: https://patch.msgid.link/xczpgox57hxbunkcbdl5fxhc4gnsajsipldfidi7355afezk64@tarta.nabijaczleweli.xyz Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 4eee4a5b9b2e06c1f2144812700a73ebacce26e7) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit c03b55f235e283cae49c88b9602fd11096b92eba ] NUL characters are not allowed in ASCII configfs output. Hence this patch. Fixes: c66ac9d ("[SCSI] target: Add LIO target core v4.0.0-rc6") Signed-off-by: Bart Van Assche <bvanassche@acm.org> Link: https://patch.msgid.link/20251027184639.3501254-2-bvanassche@acm.org Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 3b8431f15cdd02a9d9586e1430b18a89ef99336d) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

…s used [ Upstream commit a63dd8fd137933551bfd9aeeeaa942f04c7aad65 ] When page cache is used, writebacks are done on a page granularity, and it is expected that the underlying filesystem (such as v9fs) should respect the write position. However, currently v9fs will passthrough O_APPEND to the server even on cached mode. This causes data corruption if a sync or fstat gets between two writes to the same file. This patch removes the APPEND flag from the open request we send to the server when writeback caching is involved. I believe keeping server-side APPEND is probably fine for uncached mode (even if two fds are opened, one without O_APPEND and one with it, this should still be fine since they would use separate fid for the writes). Signed-off-by: Tingmao Wang <m@maowtm.org> Fixes: 4eb3117 ("fs/9p: Rework cache modes and add new options to Documentation") Message-ID: <20251102235631.8724-1-m@maowtm.org> Signed-off-by: Dominique Martinet <asmadeus@codewreck.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 577d1ef1849959af6e81a0ea570dbd8ccb292ad1) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit b4e002d8a7cee3b1d70efad0e222567f92a73000 ] When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached. While handling the timeouts, any pending transfers are cleaned up and the message that they correspond to is marked as failed, which leaves the curr_xfer field pointing at stale memory. To avoid this, clear curr_xfer to NULL upon timeout and check for this condition when the IRQ thread is finally run. While at it, also make sure to clear interrupts on failure so that new interrupts can be run. A better, more involved, fix would move the interrupt clearing into a hard IRQ handler. Ideally we would also want to signal that the IRQ thread no longer needs to be run after the timeout is hit to avoid the extra check for a valid transfer. Fixes: 921fc18 ("spi: tegra210-quad: Add support for Tegra210 QSPI controller") Signed-off-by: Thierry Reding <treding@nvidia.com> Signed-off-by: Vishwaroop A <va@nvidia.com> Link: https://patch.msgid.link/20251028155703.4151791-2-va@nvidia.com Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit c934e40246da2c5726d14e94719c514e30840df8) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit d0c4b1723c419a18cb434903c7754954ecb51d35 ] Fixes: 8e9d75f ("ARM: dts: am335x-netcom: add GPIO names for NetCom Plus 2-port devices") Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Link: https://lore.kernel.org/r/20251007103851.3765678-1-yegorslists@googlemail.com Signed-off-by: Kevin Hilman <khilman@baylibre.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 2470624c4a2124e85a89662826b0c7555c78c954) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit f7f3bc18300a230e0f1bfb17fc8889435c1e47f5 ] The "ti,twl4030-power-beagleboard-xm" compatible string is obsolete and is not supported by any in-kernel driver. Currently, the kernel falls back to the second entry, "ti,twl4030-power-idle-osc-off", to bind a driver to this node. Make this fallback explicit by removing the obsolete board-specific compatible. This preserves the existing functionality while making the DTS compliant with the new, stricter 'ti,twl.yaml' binding. Fixes: 9188883 ("ARM: dts: Enable twl4030 off-idle configuration for selected omaps") Signed-off-by: Jihed Chaibi <jihed.chaibi.dev@gmail.com> Link: https://lore.kernel.org/r/20250914192516.164629-3-jihed.chaibi.dev@gmail.com Signed-off-by: Kevin Hilman <khilman@baylibre.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 4c1dd8da53860d5580b7250516a93ff21890f759) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 3862123e9b56663c7a3e4a308e6e65bffe44f646 ] The "ti,twl4030-power-n900" compatible string is obsolete and is not supported by any in-kernel driver. Currently, the kernel falls back to the second entry, "ti,twl4030-power-idle-osc-off", to bind a driver to this node. Make this fallback explicit by removing the obsolete board-specific compatible. This preserves the existing functionality while making the DTS compliant with the new, stricter 'ti,twl.yaml' binding. Fixes: daebabd ("mfd: twl4030-power: Fix PM idle pin configuration to not conflict with regulators") Signed-off-by: Jihed Chaibi <jihed.chaibi.dev@gmail.com> Link: https://lore.kernel.org/r/20250914192516.164629-4-jihed.chaibi.dev@gmail.com Signed-off-by: Kevin Hilman <khilman@baylibre.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 182b0cc9c6d5b1f971d4a5308bca284352f88d18) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit eb2266312507d7b757859e2227aa5c4ba6280ebe ] When transitioning from 5-level to 4-level paging, the existing code incorrectly accesses page table entries by directly dereferencing CR3 and applying PAGE_MASK. This approach has several issues: - __native_read_cr3() returns the raw CR3 register value, which on x86_64 includes not just the physical address but also flags. Bits above the physical address width of the system i.e. above __PHYSICAL_MASK_SHIFT) are also not masked. - The PGD entry is masked by PAGE_SIZE which doesn't take into account the higher bits such as _PAGE_BIT_NOPTISHADOW. Replace this with proper accessor functions: - native_read_cr3_pa(): Uses CR3_ADDR_MASK to additionally mask metadata out of CR3 (like SME or LAM bits). All remaining bits are real address bits or reserved and must be 0. - mask pgd value with PTE_PFN_MASK instead of PAGE_MASK, accounting for flags above bit 51 (_PAGE_BIT_NOPTISHADOW in particular). Bits below 51, but above the max physical address are reserved and must be 0. Fixes: e9d0e63 ("x86/boot/compressed/64: Prepare new top-level page table for trampoline") Reported-by: Michael van der Westhuizen <rmikey@meta.com> Reported-by: Tobias Fleig <tfleig@meta.com> Co-developed-by: Kiryl Shutsemau <kas@kernel.org> Signed-off-by: Kiryl Shutsemau <kas@kernel.org> Signed-off-by: Usama Arif <usamaarif642@gmail.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Dave Hansen <dave.hansen@linux.intel.com> Link: https://lore.kernel.org/r/a482fd68-ce54-472d-8df1-33d6ac9f6bb5@intel.com Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 6f16ed9c84013ab4333386a684221596f4ddd8bd) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

…ition [ Upstream commit 84361123413efc84b06f3441c6c827b95d902732 ] When transitioning from 5-level to 4-level paging, the existing code incorrectly accesses page table entries by directly dereferencing CR3 and applying PAGE_MASK. This approach has several issues: - __native_read_cr3() returns the raw CR3 register value, which on x86_64 includes not just the physical address but also flags Bits above the physical address width of the system (i.e. above __PHYSICAL_MASK_SHIFT) are also not masked. - The pgd value is masked by PAGE_SIZE which doesn't take into account the higher bits such as _PAGE_BIT_NOPTISHADOW. Replace this with proper accessor functions: - native_read_cr3_pa(): Uses CR3_ADDR_MASK to additionally mask metadata out of CR3 (like SME or LAM bits). All remaining bits are real address bits or reserved and must be 0. - mask pgd value with PTE_PFN_MASK instead of PAGE_MASK, accounting for flags above bit 51 (_PAGE_BIT_NOPTISHADOW in particular). Bits below 51, but above the max physical address are reserved and must be 0. Fixes: cb1c9e0 ("x86/efistub: Perform 4/5 level paging switch from the stub") Reported-by: Michael van der Westhuizen <rmikey@meta.com> Reported-by: Tobias Fleig <tfleig@meta.com> Co-developed-by: Kiryl Shutsemau <kas@kernel.org> Signed-off-by: Kiryl Shutsemau <kas@kernel.org> Signed-off-by: Usama Arif <usamaarif642@gmail.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Ard Biesheuvel <ardb@kernel.org> Link: https://patch.msgid.link/20251103141002.2280812-3-usamaarif642@gmail.com Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit e4d11160a77d5d7db92215aa74d273c2d258324e) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 1b58acfd067ca16116b9234cd6b2d30cc8ab7502 ] When da9055_device_init() fails after regmap_add_irq_chip() succeeds but mfd_add_devices() fails, the error handling path only calls mfd_remove_devices() but forgets to call regmap_del_irq_chip(). This results in a resource leak. Fix this by adding regmap_del_irq_chip() to the error path so that resources are released properly. Fixes: 2896434 ("mfd: DA9055 core driver") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Link: https://patch.msgid.link/20251010011737.1078-1-vulab@iscas.ac.cn Signed-off-by: Lee Jones <lee@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit b5ed17a409094440a5467843d8ed0e3c8dab1264) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit a2e5a3cea4b18f6e2575acc444a5e8cce1fc8260 ] The move extent operation should return -EOPNOTSUPP if any of the inodes is a quota inode, rather than requiring both to be quota inodes. Fixes: 02749a4 ("ext4: add ext4_is_quota_file()") Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Reviewed-by: Jan Kara <jack@suse.cz> Message-ID: <20251013015128.499308-2-yi.zhang@huaweicloud.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 22b62f223c074d332bcc6089ae70c1638f6efa15) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 5e4e355ae7cdeb0fef5dbe908866e1f895abfacc ] current large PEBS flag check only checks if sample_regs_user contains unsupported GPRs but doesn't check if sample_regs_intr contains unsupported GPRs. Of course, currently PEBS HW supports to sample all perf supported GPRs, the missed check doesn't cause real issue. But it won't be true any more after the subsequent patches support to sample SSP register. SSP sampling is not supported by adaptive PEBS HW and it would be supported until arch-PEBS HW. So correct this issue. Fixes: a47ba4d ("perf/x86: Enable free running PEBS for REGS_USER/INTR") Signed-off-by: Dapeng Mi <dapeng1.mi@linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://patch.msgid.link/20251029102136.61364-5-dapeng1.mi@linux.intel.com Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 313ab3b06f777f6286a6070cf2d507858a83403e) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit fb1ebb10468da414d57153ddebaab29c38ef1a78 ] For 'always-on' and 'boot-on' regulators, the set_machine_constraints() may enable supply before enabling the main regulator, however if the latter fails, the function returns with an error but the supply remains enabled. When this happens, the regulator_register() function continues on the error path where it puts the supply regulator. Since enabling the supply is not balanced with a disable call, a warning similar to the following gets issued from _regulator_put(): [ 1.603889] WARNING: CPU: 2 PID: 44 at _regulator_put+0x8c/0xa0 [ 1.603908] Modules linked in: [ 1.603926] CPU: 2 UID: 0 PID: 44 Comm: kworker/u16:3 Not tainted 6.18.0-rc4 #0 NONE [ 1.603938] Hardware name: Qualcomm Technologies, Inc. IPQ9574/AP-AL02-C7 (DT) [ 1.603945] Workqueue: async async_run_entry_fn [ 1.603958] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1.603967] pc : _regulator_put+0x8c/0xa0 [ 1.603976] lr : _regulator_put+0x7c/0xa0 ... [ 1.604140] Call trace: [ 1.604145] _regulator_put+0x8c/0xa0 (P) [ 1.604156] regulator_register+0x2ec/0xbf0 [ 1.604166] devm_regulator_register+0x60/0xb0 [ 1.604178] rpm_reg_probe+0x120/0x208 [ 1.604187] platform_probe+0x64/0xa8 ... In order to avoid this, change the set_machine_constraints() function to disable the supply if enabling the main regulator fails. Fixes: 05f224c ("regulator: core: Clean enabling always-on regulators + their supplies") Signed-off-by: Gabor Juhos <j4g8y7@gmail.com> Link: https://patch.msgid.link/20251107-regulator-disable-supply-v1-1-c95f0536f1b5@gmail.com Signed-off-by: Mark Brown <broonie@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit e432944735edb63ad7dfd37deb4b754c78f24ec4) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 9517b82d8d422d426a988b213fdd45c6b417b86d ] There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // conf_ref=3 recv_work A done // conf_ref=2 NBD_CLEAR_SOCK // conf_ref=1 nbd_genl_reconfigure // conf_ref=2 (trigger recv_work B) close nbd // conf_ref=1 recv_work B config_put // conf_ref=0 atomic_dec(&config->recv_threads); -> UAF Or only running NBD_CLEAR_SOCK: nbd_genl_connect // conf_ref=2 nbd_open // conf_ref=3 NBD_CLEAR_SOCK // conf_ref=2 close nbd nbd_release config_put // conf_ref=1 recv_work config_put // conf_ref=0 atomic_dec(&config->recv_threads); -> UAF Commit 87aac3a ("nbd: call nbd_config_put() before notifying the waiter") moved nbd_config_put() to run before waking up the waiter in recv_work, in order to ensure that nbd_start_device_ioctl() would not be woken up while nbd->task_recv was still uncleared. However, in nbd_start_device_ioctl(), after being woken up it explicitly calls flush_workqueue() to make sure all current works are finished. Therefore, there is no need to move the config put ahead of the wakeup. Move nbd_config_put() to the end of recv_work, so that the reference is held for the whole lifetime of the worker thread. This makes sure the config cannot be freed while recv_work is still running, even if clear + reconfigure interleave. In addition, we don't need to worry about recv_work dropping the last nbd_put (which causes deadlock): path A (netlink with NBD_CFLAG_DESTROY_ON_DISCONNECT): connect // nbd_refs=1 (trigger recv_work) open nbd // nbd_refs=2 NBD_CLEAR_SOCK close nbd nbd_release nbd_disconnect_and_put flush_workqueue // recv_work done nbd_config_put nbd_put // nbd_refs=1 nbd_put // nbd_refs=0 queue_work path B (netlink without NBD_CFLAG_DESTROY_ON_DISCONNECT): connect // nbd_refs=2 (trigger recv_work) open nbd // nbd_refs=3 NBD_CLEAR_SOCK // conf_refs=2 close nbd nbd_release nbd_config_put // conf_refs=1 nbd_put // nbd_refs=2 recv_work done // conf_refs=0, nbd_refs=1 rmmod // nbd_refs=0 Reported-by: syzbot+56fbf4c7ddf65e95c7cc@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6907edce.a70a0220.37351b.0014.GAE@google.com/T/ Fixes: 87aac3a ("nbd: make the config put is called before the notifying the waiter") Depends-on: e2daec4 ("nbd: Fix hungtask when nbd_config_put") Signed-off-by: Zheng Qixing <zhengqixing@huawei.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 1ba2ced2bbdf7e64a30c3e88c70ea8bc208d1509) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 20da637eb545b04753e20c675cfe97b04c7b600b ] In stex_probe(), register_reboot_notifier() is called at the beginning, but if any subsequent initialization step fails, the function returns without unregistering the notifier, resulting in a resource leak. Add unregister_reboot_notifier() in the out_disable error path to ensure proper cleanup on all failure paths. Fixes: 61b745f ("scsi: stex: Add S6 support") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Link: https://patch.msgid.link/20251104094847.270-1-vulab@iscas.ac.cn Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 1867723a98c869d7feddc6a141fe4e244ca01350) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

…_phy_usb2_probe() [ Upstream commit 662bb179d3381c7c069e44bb177396bcaee31cc8 ] If an error occurs after the reset_control_deassert(), reset_control_assert() must be called, as already done in the remove function. Use devm_add_action_or_reset() to add the missing call and simplify the .remove() function accordingly. While at it, drop struct rcar_gen3_chan::rstc as it is not used aymore. [claudiu.beznea: removed "struct reset_control *rstc = data;" from rcar_gen3_reset_assert(), dropped struct rcar_gen3_chan::rstc] Fixes: 4eae163 ("phy: renesas: rcar-gen3-usb2: Add support to initialize the bus") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com> Link: https://patch.msgid.link/20251023135810.1688415-3-claudiu.beznea.uj@bp.renesas.com Signed-off-by: Vinod Koul <vkoul@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 8d946fccf5b4df7b9d570055df002d3c3dafb2f1) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit bccaf1fe08f2c9f96f6bc38391d41e67f6bf38e3 ] Value CRSM_SFT_PD written to Software Power-Down Control Register (CRSM_SFT_PD_CNTRL) is 0x01 and therefor different to value CRSM_SFT_PD_RDY (0x02) read from System Status Register (CRSM_STAT) for confirmation powerdown has been reached. The condition could have only worked when disabling powerdown (both 0x00), but never when enabling it (0x01 != 0x02). Result is a timeout, like so: $ ifdown eth0 macb f802c000.ethernet eth0: Link is Down ADIN1100 f802c000.ethernet-ffffffff:01: adin_set_powerdown_mode failed: -110 ADIN1100 f802c000.ethernet-ffffffff:01: adin_set_powerdown_mode failed: -110 Fixes: 7eaf913 ("net: phy: adin1100: Add initial support for ADIN1100 industrial PHY") Signed-off-by: Alexander Dahl <ada@thorsis.com> Reviewed-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Acked-by: Nuno Sá <nuno.sa@analog.com> Link: https://patch.msgid.link/20251119124737.280939-2-ada@thorsis.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 49dc43b25d3457e974a6c7e97d9484a12d65fbba) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit b1bcaed1e39a9e0dfbe324a15d2ca4253deda316 ] Currently, the check for whether a partition is populated does not account for tasks in the cpuset of attaching. This is a corner case that can leave a task stuck in a partition with no effective CPUs. The race condition occurs as follows: cpu0 cpu1 //cpuset A with cpu N migrate task p to A cpuset_can_attach // with effective cpus // check ok // cpuset_mutex is not held // clear cpuset.cpus.exclusive // making effective cpus empty update_exclusive_cpumask // tasks_nocpu_error check ok // empty effective cpus, partition valid cpuset_attach ... // task p stays in A, with non-effective cpus. To fix this issue, this patch introduces cs_is_populated, which considers tasks in the attaching cpuset. This new helper is used in validate_change and partition_is_populated. Fixes: e2d5990 ("cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective") Signed-off-by: Chen Ridong <chenridong@huawei.com> Reviewed-by: Waiman Long <longman@redhat.com> Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 06a5e91764ed8ce85ee211cf7b07248c9fd2aec1) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

…cb() [ Upstream commit b647d2574e4583c2e3b0ab35568f60c88e910840 ] The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header. If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, and causing a kernel panic. Add length checks for both rtl8187 and rtl8187b descriptor headers before attempting to access them, dropping the packet cleanly if the check fails. Fixes: 6f7853f ("rtl8187: change rtl8187_dev.c to support RTL8187B (part 2)") Signed-off-by: Seungjin Bae <eeodqql09@gmail.com> Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Link: https://patch.msgid.link/20251118013258.1789949-2-eeodqql09@gmail.com Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit dc153401fb26c1640a2b279c47b65e1c416af276) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 738c9738e690f5cea24a3ad6fd2d9a323cf614f6 ] In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if (!rc)' check and sets 'result = true'. The LSM rule is considered a match, causing extra files to be measured by IMA. This issue can be reproduced in the following scenario: After unloading the SELinux policy module via 'semodule -d', if an IMA measurement is triggered before ima_lsm_rules is updated, in ima_match_rules(), the first call to ima_filter_rule_match() returns -ESTALE. This causes the code to enter the 'if (rc == -ESTALE && !rule_reinitialized)' block, perform ima_lsm_copy_rule() and retry. In ima_lsm_copy_rule(), since the SELinux module has been removed, the rule becomes NULL, and the second call to ima_filter_rule_match() returns -ENOENT. This bypasses the 'if (!rc)' check and results in a false match. Call trace: selinux_audit_rule_match+0x310/0x3b8 security_audit_rule_match+0x60/0xa0 ima_match_rules+0x2e4/0x4a0 ima_match_policy+0x9c/0x1e8 ima_get_action+0x48/0x60 process_measurement+0xf8/0xa98 ima_bprm_check+0x98/0xd8 security_bprm_check+0x5c/0x78 search_binary_handler+0x6c/0x318 exec_binprm+0x58/0x1b8 bprm_execve+0xb8/0x130 do_execveat_common.isra.0+0x1a8/0x258 __arm64_sys_execve+0x48/0x68 invoke_syscall+0x50/0x128 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x44/0x200 el0t_64_sync_handler+0x100/0x130 el0t_64_sync+0x3c8/0x3d0 Fix this by changing 'if (!rc)' to 'if (rc <= 0)' to ensure that error codes like -ENOENT do not bypass the check and accidentally result in a successful match. Fixes: 4af4662 ("integrity: IMA policy") Signed-off-by: Zhao Yipeng <zhaoyipeng5@huawei.com> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit cca3e7df3c0f99542033657ba850b9a6d27f8784) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit a2fa8a12e6bc9d89c0505b8dd7ae38ec173d25de ] A failure to take a lock with O_NONBLOCK needs to result in -EAGAIN. Change it. Fixes: 66e3e59 ("usb: Add driver for Altus Metrum ChaosKey device (v2)") Signed-off-by: Oliver Neukum <oneukum@suse.com> Link: https://patch.msgid.link/20251030093918.2248104-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit b90c743a0a32b62345d539ac40dddfad751cce37) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 7481a97 ] On some SoC platforms, in shutdown stage, most components' power is cut off, but there's still power supply to the so called always-on domain, so if the dwc2's regulator is from the always-on domain, we need to explicitly disable it to save power. Disable platform lowlevel hw resources such as phy, clock and regulators etc. in device shutdown hook to reduce non-necessary power consumption when the platform enters shutdown stage. Signed-off-by: Jisheng Zhang <jszhang@kernel.org> Acked-by: Minas Harutyunyan <hminas@synopsys.com> Link: https://lore.kernel.org/r/20250629094655.747-1-jszhang@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Stable-dep-of: b6ebcfdcac40 ("usb: dwc2: fix hang during shutdown if set as peripheral") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 7e993b9d6d246924eb49d7dcb6906398a11720be) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit b6ebcfdcac40a27953f052e4269ce75a18825ffc ] dwc2 on most platforms needs phy controller, clock and power supply. All of them must be enabled/activated to properly operate. If dwc2 is configured as peripheral mode, then all the above three hardware resources are disabled at the end of the probe: /* Gadget code manages lowlevel hw on its own */ if (hsotg->dr_mode == USB_DR_MODE_PERIPHERAL) dwc2_lowlevel_hw_disable(hsotg); But dwc2_driver_shutdown() tries to disable the interrupts on HW IP level. This would result in hang during shutdown if dwc2 is configured as peripheral mode. Fix this hang by only disable and sync irq when lowlevel hw is enabled. Fixes: 4fdf228 ("usb: dwc2: Fix shutdown callback in platform") Signed-off-by: Jisheng Zhang <jszhang@kernel.org> Link: https://patch.msgid.link/20251104002503.17158-2-jszhang@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit bac021bf0733fe9c380646da73f6dddd82d6cfac) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 2b94b054ac4974ad2f89f7f7461840c851933adb ] dwc2 on most platforms needs phy controller, clock and power supply. All of them must be enabled/activated to properly operate. If dwc2 is configured as peripheral mode, then all the above three hardware resources are disabled at the end of the probe: /* Gadget code manages lowlevel hw on its own */ if (hsotg->dr_mode == USB_DR_MODE_PERIPHERAL) dwc2_lowlevel_hw_disable(hsotg); But the dwc2_suspend() tries to read the dwc2's reg to check whether is_device_mode or not, this would result in hang during suspend if dwc2 is configured as peripheral mode. Fix this hang by bypassing suspend/resume if lowlevel hw isn't enabled. Fixes: 09a75e8 ("usb: dwc2: refactor common low-level hw code to platform.c") Signed-off-by: Jisheng Zhang <jszhang@kernel.org> Link: https://patch.msgid.link/20251104002503.17158-3-jszhang@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit b6943283343b9b15da942393d1b58e342983bb9b) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit a5160af78be7fcf3ade6caab0a14e349560c96d7 ] The previous commit removed the PAGE_SIZE limit on transfer length of raw_io buffer in order to avoid any problems with emulating USB devices whose full configuration descriptor exceeds PAGE_SIZE in length. However this also removes the upperbound on user supplied length, allowing very large values to be passed to the allocator. syzbot on fuzzing the transfer length with very large value (1.81GB) results in kmalloc() to fall back to the page allocator, which triggers a kernel warning as the page allocator cannot handle allocations more than MAX_PAGE_ORDER/KMALLOC_MAX_SIZE. Since there is no limit imposed on the size of buffer for both control and non control transfers, cap the raw_io transfer length to KMALLOC_MAX_SIZE and return -EINVAL for larger transfer length to prevent any warnings from the page allocator. Fixes: 37b9dd0 ("usb: raw-gadget: do not limit transfer length") Tested-by: syzbot+d8fd35fa6177afa8c92b@syzkaller.appspotmail.com Reported-by: syzbot+d8fd35fa6177afa8c92b@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/68fc07a0.a70a0220.3bf6c6.01ab.GAE@google.com/ Signed-off-by: Gopi Krishna Menon <krishnagopi487@gmail.com> Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com> Link: https://patch.msgid.link/20251028165659.50962-1-krishnagopi487@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 3915c76df201644f88347878e6342af93bbae9f5) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 27746aaf1b20172f0859546c4a3e82eca459f680 ] Gracefully skip the test_perf_branches_hw subtest on platforms that do not support LBR or require specialized perf event attributes to enable branch sampling. For example, AMD's Milan (Zen 3) supports BRS rather than traditional LBR. This requires specific configurations (attr.type = PERF_TYPE_RAW, attr.config = RETIRED_TAKEN_BRANCH_INSTRUCTIONS) that differ from the generic setup used within this test. Notably, it also probably doesn't hold much value to special case perf event configurations for selected micro architectures. Fixes: 67306f8 ("selftests/bpf: Add bpf_read_branch_records() selftest") Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Acked-by: Song Liu <song@kernel.org> Link: https://lore.kernel.org/r/20251120142059.2836181-1-mattbobrowski@google.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit e5343f28814d81ff0488afece0274813e40dd5ba) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit ae24fc8a16b0481ea8c5acbc66453c49ec0431c4 ] Currently, test_perf_branches_no_hw() relies on the busy loop within test_perf_branches_common() being slow enough to allow at least one perf event sample tick to occur before starting to tear down the backing perf event BPF program. With a relatively small fixed iteration count of 1,000,000, this is not guaranteed on modern fast CPUs, resulting in the test run to subsequently fail with the following: bpf_testmod.ko is already unloaded. Loading bpf_testmod.ko... Successfully loaded bpf_testmod.ko. test_perf_branches_common:PASS:test_perf_branches_load 0 nsec test_perf_branches_common:PASS:attach_perf_event 0 nsec test_perf_branches_common:PASS:set_affinity 0 nsec check_good_sample:PASS:output not valid 0 nsec check_good_sample:PASS:read_branches_size 0 nsec check_good_sample:PASS:read_branches_stack 0 nsec check_good_sample:PASS:read_branches_stack 0 nsec check_good_sample:PASS:read_branches_global 0 nsec check_good_sample:PASS:read_branches_global 0 nsec check_good_sample:PASS:read_branches_size 0 nsec test_perf_branches_no_hw:PASS:perf_event_open 0 nsec test_perf_branches_common:PASS:test_perf_branches_load 0 nsec test_perf_branches_common:PASS:attach_perf_event 0 nsec test_perf_branches_common:PASS:set_affinity 0 nsec check_bad_sample:FAIL:output not valid no valid sample from prog Summary: 0/1 PASSED, 0 SKIPPED, 1 FAILED Successfully unloaded bpf_testmod.ko. On a modern CPU (i.e. one with a 3.5 GHz clock rate), executing 1 million increments of a volatile integer can take significantly less than 1 millisecond. If the spin loop and detachment of the perf event BPF program elapses before the first 1 ms sampling interval elapses, the perf event will never end up firing. Fix this by bumping the loop iteration counter a little within test_perf_branches_common(), along with ensuring adding another loop termination condition which is directly influenced by the backing perf event BPF program executing. Notably, a concious decision was made to not adjust the sample_freq value as that is just not a reliable way to go about fixing the problem. It effectively still leaves the race window open. Fixes: 67306f8 ("selftests/bpf: Add bpf_read_branch_records() selftest") Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Reviewed-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/r/20251119143540.2911424-1-mattbobrowski@google.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 6a17f898a8bf91281c202c687b52f7fb957e0e47) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit e9eb52037a529fbb307c290e9951a62dd728b03d ] The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers. Add error checking for sg_nents_for_len and return immediately on failure to prevent potential buffer overflows. Fixes: 7883d1b ("crypto: starfive - Add hash and HMAC support") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 6cd14414394b4f3d6e1ed64b8241d1fcc2271820) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 8700ce07c5c6bf27afa7b59a8d9cf58d783a7d5c ] Fix error handling in cc_map_hash_request_update where sg_nents_for_len return value was assigned to u32, converting negative errors to large positive values before passing to sg_copy_to_buffer. Check sg_nents_for_len return value and propagate errors before assigning to areq_ctx->in_nents. Fixes: b7ec853 ("crypto: ccree - use std api when possible") Signed-off-by: Haotian Zhang <vulab@iscas.ac.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 76ae0cc396736c4e729616fd6442d4e74f60bb57) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 974555d6e417974e63444266e495a06d06c23af5 ] When executing HLV* instructions at the HS mode, a guest page fault may occur when a g-stage page table migration between triggering the virtual instruction exception and executing the HLV* instruction. This may be a corner case, and one simpler way to handle this is to re-execute the instruction where the virtual instruction exception occurred, and the guest page fault will be automatically handled. Fixes: b91f0e4 ("RISC-V: KVM: Factor-out instruction emulation into separate sources") Signed-off-by: Fangyu Yu <fangyu.yu@linux.alibaba.com> Reviewed-by: Anup Patel <anup@brainfault.org> Link: https://lore.kernel.org/r/20251121133543.46822-1-fangyu.yu@linux.alibaba.com Signed-off-by: Anup Patel <anup@brainfault.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit e3e1c7416be8a902fcffc9749935e9bab369656e) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 6afe40ff484a1155b71158b911c65299496e35c3 ] Inline size supported by the device is based on the number of SGEs supported by the adapter. Change the inline size calculation based on that. Fixes: de1d364 ("RDMA/bnxt_re: Add support for Variable WQE in Genp7 adapters") Reviewed-by: Kashyap Desai <kashyap.desai@broadcom.com> Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com> Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com> Link: https://patch.msgid.link/1763624215-10382-1-git-send-email-selvin.xavier@broadcom.com Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit ccc585db618c7823c8f83d8f756398c2020a4da0) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 53d1548612670aa8b5d89745116cc33d9d172863 ] In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing sskb, leading to a memory leak. Fix this by calling dev_kfree_skb() on sskb in the error handling path to ensure it is properly released. Fixes: 99c457d ("mt76: mt7615: move mt7615_mcu_set_bmc to mt7615_mcu_ops") Signed-off-by: Zilin Guan <zilin@seu.edu.cn> Acked-by: Lorenzo Bianconi <lorenzo@kernel.org> Link: https://patch.msgid.link/20251113062415.103611-1-zilin@seu.edu.cn Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 1c3c234af9407256ed670c8752923a672eea4225) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

[ Upstream commit 377441d53a2df61b105e823b335010cd4f1a6e56 ] Fix this warning that was generated from "make htmldocs": WARNING: drivers/firmware/stratix10-svc.c:58 struct member 'intel_svc_fcs' not described in 'stratix10_svc' Fixes: e6281c2 ("firmware: stratix10-svc: Add support for FCS") Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Closes: https://lore.kernel.org/linux-next/20251106145941.37920e97@canb.auug.org.au/ Signed-off-by: Dinh Nguyen <dinguyen@kernel.org> Link: https://patch.msgid.link/20251114185815.358423-1-dinguyen@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit d6ce96e10e4d00200f1dc411ea00f3eeda6789de) Signed-off-by: Wentao Guan <guanwentao@uniontech.com>

sourcery-ai · 2026-01-13T06:43:30Z

Reviewer's Guide

Kernel 6.6.120 base update (part 2) that pulls in a wide set of upstream fixes: refactors and tightens CoreSight ETM4 trace-unit enable/disable sequencing, reworks IPv6 route expiration/GC to use per-table GC lists, hardens mac80211 AES-CMAC by propagating crypto errors, and applies many targeted correctness fixes across drivers (leak/error-path handling, race and timeout handling, HW programming sequences), BPF/perf tooling, and various subsystems.

Sequence diagram for ETM4 trace unit enable/disable sequencing

sequenceDiagram
    participant CPU
    participant etm4_enable as etm4_enable
    participant etm4_enable_hw as etm4_enable_hw
    participant etm4_enable_trace_unit as etm4_enable_trace_unit
    participant etm4_disable as etm4_disable
    participant etm4_disable_hw as etm4_disable_hw
    participant etm4_disable_trace_unit as etm4_disable_trace_unit
    participant TraceUnit as etm4x_trace_unit

    CPU->>etm4_enable: perf_event start
    etm4_enable->>etm4_enable_hw: configure and power up ETM4

    activate etm4_enable_hw
    etm4_enable_hw->>TraceUnit: power_up_sequence
    note over etm4_enable_hw,TraceUnit: TRCPDCR power up, config registers programmed

    etm4_enable_hw->>etm4_enable_trace_unit: rc = etm4_enable_trace_unit(drvdata)
    activate etm4_enable_trace_unit

    etm4_enable_trace_unit->>TraceUnit: if etm4x_is_ete() write TRCRSR_TA
    etm4_enable_trace_unit->>TraceUnit: etm4x_allow_trace()
    alt sysreg_interface
        etm4_enable_trace_unit->>CPU: isb() (sync before enable)
    end
    etm4_enable_trace_unit->>TraceUnit: write TRCPRGCTLR = 1 (enable)
    alt sysreg_interface
        etm4_enable_trace_unit->>CPU: isb() (sync before reading TRCSTATR)
    end
    etm4_enable_trace_unit->>TraceUnit: poll TRCSTATR[IDLE]==0 (etm4x_wait_status)
    alt timeout
        etm4_enable_trace_unit-->>etm4_enable_hw: return -ETIME
    else ok
        etm4_enable_trace_unit->>CPU: dsb(sy), isb() (MMIO sync)
        etm4_enable_trace_unit-->>etm4_enable_hw: return 0
    end

    deactivate etm4_enable_trace_unit
    etm4_enable_hw-->>etm4_enable: return rc
    deactivate etm4_enable_hw

    CPU->>etm4_disable: perf_event stop
    etm4_disable->>etm4_disable_hw: stop ETM4

    activate etm4_disable_hw
    etm4_disable_hw->>TraceUnit: etm4_cs_unlock(), etm4_disable_arch_specific()
    etm4_disable_hw->>TraceUnit: if !skip_power_up clear TRCPDCR_PU (power down)
    etm4_disable_hw->>etm4_disable_trace_unit: etm4_disable_trace_unit(drvdata)

    activate etm4_disable_trace_unit
    etm4_disable_trace_unit->>TraceUnit: read TRCPRGCTLR
    alt trace_enabled
        etm4_disable_trace_unit->>TraceUnit: clear TRCPRGCTLR.EN
        etm4_disable_trace_unit->>TraceUnit: etm4x_prohibit_trace()
        etm4_disable_trace_unit->>CPU: dsb(sy), isb() (stop speculation)
        etm4_disable_trace_unit->>CPU: tsb_csync() (trace sync barrier)
        etm4_disable_trace_unit->>TraceUnit: wait TRCSTATR[IDLE]==1
        etm4_disable_trace_unit->>CPU: dsb(sy), isb()
    end
    etm4_disable_trace_unit-->>etm4_disable_hw: return
    deactivate etm4_disable_trace_unit

    etm4_disable_hw-->>etm4_disable: return
    deactivate etm4_disable_hw

    etm4_disable-->>CPU: return

Updated class diagram for IPv6 fib6_info garbage-collection integration

classDiagram
    class fib6_info {
        +u32 fib6_flags
        +unsigned_long expires
        +refcount_t fib6_ref
        +fib6_node *fib6_node
        +fib6_table *fib6_table
        +hlist_node gc_link
        +dst_metrics *fib6_metrics
        +bool fib6_requires_src()
        +void fib6_clean_expires()
        +void fib6_set_expires(unsigned_long expires)
        +bool fib6_info_hold_safe()
        +void fib6_info_release()
    }

    class fib6_table {
        +spinlock_t tb6_lock
        +fib6_node tb6_root
        +inet_peer_base tb6_peers
        +unsigned_int flags
        +unsigned_int fib_seq
        +hlist_head tb6_gc_hlist
    }

    class fib6_gc_args {
        +unsigned_long now
        +unsigned_long timeout
        +unsigned_long more
        +unsigned_long expires
        +struct net *net
        +bool force
    }

    class net_ipv6 {
        +fib6_table *fib6_main_tbl
        +fib6_table *fib6_local_tbl
        +unsigned_long ip6_rt_last_gc
        +unsigned_long sysctl_ip6_rt_gc_interval
    }

    class net {
        +net_ipv6 ipv6
    }

    class fib6_add_gc_list {
        +static void fib6_add_gc_list(fib6_info *f6i)
    }

    class fib6_remove_gc_list {
        +static void fib6_remove_gc_list(fib6_info *f6i)
    }

    class fib6_age {
        +static int fib6_age(fib6_info *rt, fib6_gc_args *gc_args)
    }

    class fib6_gc_table {
        +static void fib6_gc_table(net *net, fib6_table *tb6, fib6_gc_args *gc_args)
    }

    class fib6_gc_all {
        +static void fib6_gc_all(net *net, fib6_gc_args *gc_args)
    }

    class fib6_run_gc {
        +void fib6_run_gc(unsigned_long expires, net *net, bool force)
    }

    fib6_table "1" o-- "*" fib6_info : contains_routes
    fib6_info "0..1" --> "1" fib6_table : fib6_table
    fib6_info "0..1" --> "1" fib6_node : fib6_node

    fib6_table "1" o-- "*" fib6_info : tb6_gc_hlist(gc_link)

    net "1" o-- "1" net_ipv6 : ipv6
    net_ipv6 "1" o-- "1" fib6_table : fib6_main_tbl
    net_ipv6 "0..1" o-- "1" fib6_table : fib6_local_tbl

    fib6_add_gc_list ..> fib6_info : uses
    fib6_add_gc_list ..> fib6_table : uses tb6_gc_hlist
    fib6_remove_gc_list ..> fib6_info : uses

    fib6_age ..> fib6_info : ages_route
    fib6_age ..> fib6_gc_args : uses

    fib6_gc_table ..> fib6_table : iterates_tb6_gc_hlist
    fib6_gc_table ..> fib6_info : calls_fib6_age
    fib6_gc_table ..> fib6_gc_args : uses

    fib6_gc_all ..> net : iterates_fib_table_hash
    fib6_gc_all ..> fib6_table : calls_fib6_gc_table
    fib6_gc_all ..> fib6_gc_args : uses

    fib6_run_gc ..> net : operates_on
    fib6_run_gc ..> fib6_gc_args : initializes
    fib6_run_gc ..> fib6_gc_all : calls

    class ipv6_route_users {
        +cleanup_prefix_route()
        +addrconf_prefix_rcv()
        +modify_prefix_route()
        +rt6_route_rcv()
        +ndisc_router_discovery()
    }

    ipv6_route_users ..> fib6_info : updates_expires
    ipv6_route_users ..> fib6_add_gc_list : add_expiring_routes
    ipv6_route_users ..> fib6_remove_gc_list : remove_persistent_routes

File-Level Changes

Change	Details	Files
Refactor Arm CoreSight ETM4 trace-unit control and idle handling	Introduce etm4_enable_trace_unit()/etm4_disable_trace_unit() helpers and call them from enable/disable paths Add appropriate isb()/dsb() barriers around TRCPRGCTLR/TRCSTATR access depending on sysreg vs MMIO, per Arm ARM/IHI guidance Fix __etm4_cpu_save() to wait for TRCSTATR_IDLE_BIT instead of PMSTABLE when saving state	`drivers/hwtracing/coresight/coresight-etm4x-core.c`
Rework IPv6 route expiration and GC using explicit per-table GC lists	Extend fib6_info and fib6_table with gc_link/tb6_gc_hlist and helpers to add/remove routes to GC lists under tb6_lock Update route add/update paths and RA/prefix/route processing to maintain GC list and to clean expiry when routes change semantics Replace fib6_clean_all/fib6_age walker with fib6_gc_all()/fib6_gc_table() that iterate only GC candidates	`include/net/ip6_fib.h` `net/ipv6/ip6_fib.c` `net/ipv6/addrconf.c` `net/ipv6/ndisc.c` `net/ipv6/route.c`
Harden mac80211 AES-CMAC handling by propagating crypto errors and checking lengths	Change ieee80211_aes_cmac*() to return int error codes and check crypto_shash_init/update/finup return values Adjust WPA/BIP encrypt/decrypt call sites to drop TX/RX on CMAC computation failure Guard rtl8187 RX header parsing with skb length checks and centralize error path to avoid buffer underflow	`net/mac80211/aes_cmac.c` `net/mac80211/aes_cmac.h` `net/mac80211/wpa.c` `drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c`
Fix watchdog, GPIO LED, and various driver error paths and resource leaks	In wdat_wdt, ensure ACPI watchdog table is put on all probe failure paths and on late failures In leds-netxbig, track number of acquired GPIOs and gpiod_put() them on partial failures when requesting addr/data/enable lines Convert multiple drivers to use devm_* or hwspinlock/regmap/irq_domain managed teardown and add missing unmap/free/unregister calls in error/remove paths	`drivers/watchdog/wdat_wdt.c` `drivers/leds/leds-netxbig.c` `drivers/watchdog/starfive-wdt.c` `drivers/soc/qcom/smem.c` `drivers/mfd/da9055-core.c` `drivers/mfd/mt6358-irq.c` `drivers/mfd/mt6397-irq.c` `drivers/scsi/sim710.c` `drivers/scsi/stex.c` `drivers/phy/renesas/phy-rcar-gen3-usb2.c`
Strengthen bus and controller drivers (I3C, SPI Tegra QSPI, USB DWC2/raw-gadget, RISC-V KVM) for races and corner cases	In i3c master core, inherit DMA masks/params from parent before bus init; in svc-i3c, wait for COMPLETE before IBI processing and drop data safely if no IBI slots In tegra210-quad SPI, ensure curr_xfer is cleared on all paths, mask interrupts if device_reset() fails, and early-exit IRQ thread if transfer already timed out In DWC2, guard suspend/shutdown/resume against ll_hw_enabled state and disable low-level HW on shutdown Cap usb raw-gadget IO lengths to KMALLOC_MAX_SIZE and add constant for it In RISC-V KVM, treat load-guest-page-fault scause specially by returning to guest to let normal G-stage fault handler populate tables	`drivers/i3c/master.c` `drivers/i3c/master/svc-i3c-master.c` `drivers/spi/spi-tegra210-quad.c` `drivers/usb/dwc2/platform.c` `drivers/usb/gadget/legacy/raw_gadget.c` `arch/riscv/kvm/vcpu_insn.c`
Networking and BPF/perf tooling robustness improvements	Adjust bpf program stats accounting to guard against NULL prog->stats and reuse measured duration; likewise in trampoline update_prog_stats and misses counter Tighten bpf_skb_check_mtu() to require skb->transport_header set when validating GSO segments, otherwise return -EINVAL Rework perf arm-spe decoder op-type decoding to use bitfield helpers, add new subclasses/flags (GCS, CR-*), and include linux/bitfield.h Add maps__load_first() helper and use it in perf lock-contention code instead of manually loading maps__first()->map	`include/linux/filter.h` `kernel/bpf/hashtab.c` `kernel/bpf/trampoline.c` `kernel/bpf/syscall.c` `net/core/filter.c` `tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.c` `tools/perf/util/arm-spe-decoder/arm-spe-pkt-decoder.h` `tools/perf/util/maps.c` `tools/perf/util/maps.h` `tools/perf/util/bpf_lock_contention.c`
Filesystem and block-layer fixes for safety and correctness	ext4 move_extents: forbid moving extents when either inode is a quota file instead of only when both are OCFS2 move_extents: replace BUG() on extent flag mismatch with ocfs2_error() and error return 9p: avoid switching remote opens to O_RDWR when writeback caching for O_APPEND, and ensure APPEND flag is not set when upgrading access mode Fix NTFS3 subrecord insertion and mi lifetime, add run_lock init for $Extend inodes, and plug small leaks in ntfs3 frecord handling Fix ps3disk scatter-gather to increment bounce buffer offset by bv_len and add debug logging	`fs/ext4/move_extent.c` `fs/ocfs2/move_extents.c` `fs/9p/vfs_file.c` `fs/9p/vfs_inode.c` `fs/9p/vfs_inode_dotl.c` `fs/ntfs3/frecord.c` `fs/ntfs3/inode.c` `drivers/block/ps3disk.c`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

deepin-ci-robot · 2026-01-13T06:44:45Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from opsiff. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sourcery-ai

Hey - I've found 2 issues

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `kernel/bpf/hashtab.c:960-969` </location>
<code_context>
 static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
 			    void *value, bool onallcpus)
 {
+	void *ptr;
+
 	if (!onallcpus) {
 		/* copy true value_size bytes */
-		copy_map_value(&htab->map, this_cpu_ptr(pptr), value);
+		ptr = this_cpu_ptr(pptr);
+		copy_map_value(&htab->map, ptr, value);
+		bpf_obj_free_fields(htab->map.record, ptr);
 	} else {
 		u32 size = round_up(htab->map.value_size, 8);
 		int off = 0, cpu;

 		for_each_possible_cpu(cpu) {
-			copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value + off);
+			ptr = per_cpu_ptr(pptr, cpu);
</code_context>

<issue_to_address>
**issue (bug_risk):** pcpu_copy_value frees new value fields instead of the old contents, likely breaking kptr/inner object lifetimes

pcpu_copy_value() now calls bpf_obj_free_fields() on the per-CPU slot *after* copying in the new value. This inverts the intended order: bpf_obj_free_fields() should run on the *old* contents before they are overwritten. With the current sequence, references in the newly written value (kptrs, inner maps, etc.) are dropped, while any references from the previous value are leaked, and the map element is left pointing at a value whose embedded objects were just freed.

Please adjust the logic so that you first free fields for the old contents, then copy in the new value, and finally perform any required initialization/acquisition for the new value’s fields.
</issue_to_address>

### Comment 2
<location> `kernel/bpf/trampoline.c:873` </location>
<code_context>
 	     * Hence check that 'start' is valid.
 	     */
 	    start > NO_START_TIME) {
+		u64 duration = sched_clock() - start;
 		unsigned long flags;

</code_context>

<issue_to_address>
**issue (bug_risk):** update_prog_stats still assumes prog->stats is non-NULL, unlike other updated call sites

Other sites that touch prog->stats (e.g. __bpf_prog_run, bpf_prog_inc_misses_counter) now check for prog->stats being NULL before use, but update_prog_stats() still does:

  stats = this_cpu_ptr(prog->stats);

If stats allocation fails or stats get toggled so prog->stats is NULL, this will dereference a NULL pointer. Please add a guard at the start of update_prog_stats(), e.g.:

  if (unlikely(!prog->stats))
      return;
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

sourcery-ai · 2026-01-13T06:47:53Z

kernel/bpf/trampoline.c

 	     * Hence check that 'start' is valid.
 	     */
 	    start > NO_START_TIME) {
+		u64 duration = sched_clock() - start;


issue (bug_risk): update_prog_stats still assumes prog->stats is non-NULL, unlike other updated call sites

Other sites that touch prog->stats (e.g. __bpf_prog_run, bpf_prog_inc_misses_counter) now check for prog->stats being NULL before use, but update_prog_stats() still does:

stats = this_cpu_ptr(prog->stats);

If stats allocation fails or stats get toggled so prog->stats is NULL, this will dereference a NULL pointer. Please add a guard at the start of update_prog_stats(), e.g.:

if (unlikely(!prog->stats))
return;

opsiff · 2026-01-13T06:51:30Z

staging: most: remove broken i2c driver drop the config MOST_I2C

Copilot

Pull request overview

This pull request is part 2 of 8 for updating the kernel base to version 6.6.120, containing 101 upstream commits focused on bug fixes, resource leak corrections, and error handling improvements across multiple subsystems.

Changes:

Fixes resource leaks in drivers (hwspinlock, GPIO, IRQ domains, memory)
Improves error handling in BPF, networking, and filesystem code
Removes broken staging driver (most/i2c)
Enhances test reliability in BPF selftests
Extends ARM SPE decoder capabilities
Corrects IPv6 route garbage collection mechanism

Reviewed changes

Copilot reviewed 102 out of 102 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
tools/testing/selftests/bpf/*	Enhanced BPF test reliability with run count validation and improved error handling
tools/perf/util/*	Added maps__load_first() helper and improved BPF lock contention tooling
net/mac80211/*	Added error handling for CMAC crypto operations
net/ipv6/*	Implemented per-table GC list for expired routes
net/core/filter.c	Added transport header validation for MTU checks
kernel/bpf/*	Fixed stats NULL pointer checks and improved error handling
kernel/cgroup/cpuset.c	Fixed cpuset population checking during attach
fs/ntfs3/*	Fixed memory leaks and added run_lock initialization
fs/9p/*	Corrected append mode handling with writeback cache
drivers/watchdog/*	Fixed ACPI table leaks and added proper cleanup
drivers/usb/*	Fixed suspend/shutdown handling and O_NONBLOCK support
drivers/net/wireless/*	Fixed memory leaks in error paths
drivers/spi/spi-tegra210-quad.c	Improved timeout and IRQ handling
drivers/phy/renesas/*	Fixed reset control resource management
drivers/scsi/*	Fixed device removal race conditions
drivers/interconnect/*	Fixed NULL vs IS_ERR error handling
drivers/i3c/*	Fixed IBI handling race conditions
drivers/leds/leds-netxbig.c	Fixed GPIO descriptor error path handling
drivers/staging/most/i2c/*	Removed broken I2C driver
arch/x86/*	Fixed 5-level to 4-level paging transitions
arch/powerpc/*	Fixed hash page table handling for ISA v3.00
arch/riscv/kvm/*	Fixed guest page faults in HLV instructions

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot · 2026-01-13T06:57:52Z

tools/testing/selftests/bpf/prog_tests/perf_branches.c

+	 * checking whether the specific run count marker has been explicitly
+	 * incremented at least once by the backing perf_event BPF program.
+	 */
+	for (i = 0; i < 100000000 && !*(volatile int *)&skel->bss->run_cnt; ++i)


The loop condition checks run_cnt without proper volatile semantics initially declared. While the cast to volatile int is added in the condition, the global variable run_cnt should be declared as volatile int run_cnt = 0; in the header to ensure proper memory ordering semantics across all accesses, not just in the polling loop.

Copilot · 2026-01-13T06:57:52Z

tools/perf/util/bpf_lock_contention.c

+	/* make sure it loads the kernel map before lookup */
+	map__load(machine__kernel_map(con->machine));


The function moves kernel map loading from lock_contention_read to lock_contention_prepare, but uses machine__kernel_map instead of the new maps__load_first helper that was just added. For consistency with the rest of the changes in this file, consider using maps__load_first(machine->kmaps) here.

Copilot · 2026-01-13T06:57:52Z

drivers/leds/leds-netxbig.c

+err_free_data:
+	for (i = 0; i < gpio_ext->num_data; i++)
+		gpiod_put(gpio_ext->data[i]);
+err_set_code:
+	ret = PTR_ERR(gpiod);
+err_free_addr:
+	for (i = 0; i < gpio_ext->num_addr; i++)
+		gpiod_put(gpio_ext->addr[i]);
+	return ret;


In the error path starting at line 424, the code attempts to free GPIOs in reverse order but uses gpiod which may contain an error pointer from the last failed gpiod_get_index call. The code should save the error value before entering the cleanup path. Consider: ret = PTR_ERR(gpiod); should be moved before the err_set_code label (line 428) to avoid using gpiod after it's been set to an error value.

ISCAS-Vulab and others added 30 commits January 13, 2026 14:36

tititiou36 and others added 18 commits January 13, 2026 14:38

deepin-ci-robot requested review from Avenger-285714, BLumia, Ink-Paper, YukariChiba and hello666888999 January 13, 2026 06:44

sourcery-ai bot reviewed Jan 13, 2026

View reviewed changes

Avenger-285714 requested a review from Copilot January 13, 2026 06:52

Copilot started reviewing on behalf of Avenger-285714 January 13, 2026 06:54 View session

Copilot AI reviewed Jan 13, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] Update kernel base to 6.6.120-part2 #1420

[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] Update kernel base to 6.6.120-part2 #1420

Uh oh!

opsiff commented Jan 13, 2026 •

edited by sourcery-ai bot

Loading

Uh oh!

sourcery-ai bot commented Jan 13, 2026 •

edited

Loading

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

deepin-ci-robot commented Jan 13, 2026

Uh oh!

sourcery-ai bot left a comment

Uh oh!

sourcery-ai bot Jan 13, 2026

Uh oh!

opsiff commented Jan 13, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI Jan 13, 2026

Uh oh!

Copilot AI Jan 13, 2026

Uh oh!

Copilot AI Jan 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

		/* make sure it loads the kernel map before lookup */
		map__load(machine__kernel_map(con->machine));

[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] Update kernel base to 6.6.120-part2 #1420

Are you sure you want to change the base?

[Deepin-Kernel-SIG] [linux 6.6-y] [Upstream] Update kernel base to 6.6.120-part2 #1420

Uh oh!

Conversation

opsiff commented Jan 13, 2026 • edited by sourcery-ai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by Sourcery

Uh oh!

sourcery-ai bot commented Jan 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviewer's Guide

Sequence diagram for ETM4 trace unit enable/disable sequencing

Updated class diagram for IPv6 fib6_info garbage-collection integration

File-Level Changes

Interacting with Sourcery

Customizing Your Experience

Getting Help

Uh oh!

deepin-ci-robot commented Jan 13, 2026

Uh oh!

sourcery-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

sourcery-ai bot Jan 13, 2026

Choose a reason for hiding this comment

Uh oh!

opsiff commented Jan 13, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Copilot AI Jan 13, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jan 13, 2026

Choose a reason for hiding this comment

Uh oh!

Copilot AI Jan 13, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

opsiff commented Jan 13, 2026 •

edited by sourcery-ai bot

Loading

sourcery-ai bot commented Jan 13, 2026 •

edited

Loading