Package "linux"

  linux (4.15.0-194.205) bionic; urgency=medium

  * bionic/linux: 4.15.0-194.205 -proposed tracker (LP: #1989935)

  * Bionic update: upstream stable patchset 2022-09-14 (LP: #1989625)
    - random: schedule mix_interrupt_randomness() less often
    - ata: libata: add qc->flags in ata_qc_complete_template tracepoint
    - dm era: commit metadata in postsuspend after worker stops
    - random: quiet urandom warning ratelimit suppression message
    - USB: serial: option: add Telit LE910Cx 0x1250 composition
    - USB: serial: option: add Quectel EM05-G modem
    - USB: serial: option: add Quectel RM500K module support
    - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
    - x86/xen: Remove undefined behavior in setup_features()
    - MIPS: Remove repetitive increase irq_err_count
    - igb: Make DMA faster when CPU is active on the PCIe link
    - iio: adc: vf610: fix conversion mode sysfs node name
    - usb: chipidea: udc: check request status before setting device address
    - iio:accel:bma180: rearrange iio trigger get and register
    - iio: accel: mma8452: ignore the return value of reset operation
    - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
    - iio: trigger: sysfs: fix use-after-free on remove
    - iio: adc: axp288: Override TS pin bias current for some models
    - xtensa: xtfpga: Fix refcount leak bug in setup
    - xtensa: Fix refcount leak bug in time.c
    - powerpc: Enable execve syscall exit tracepoint
    - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
    - powerpc/powernv: wire up rng during setup_arch
    - ARM: dts: imx6qdl: correct PU regulator ramp delay
    - ARM: exynos: Fix refcount leak in exynos_map_pmu
    - ARM: Fix refcount leak in axxia_boot_secondary
    - ARM: cns3xxx: Fix refcount leak in cns3xxx_init
    - modpost: fix section mismatch check for exported init/exit sections
    - powerpc/pseries: wire up rng during setup_arch()
    - drm: remove drm_fb_helper_modinit
    - xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
    - fdt: Update CRC check for rng-seed
    - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
    - swiotlb: skip swiotlb_bounce when orig_addr is zero
    - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
    - afs: Fix dynamic root getattr
    - iio:chemical:ccs811: rearrange iio trigger get and register
    - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
    - nvdimm: Fix badblocks clear off-by-one error
    - dm raid: fix accesses beyond end of raid member array
    - dm raid: fix KASAN warning in raid5_add_disks
    - s390/archrandom: simplify back to earlier design and initialize earlier
    - SUNRPC: Fix READ_PLUS crasher
    - net: rose: fix UAF bugs caused by timer handler
    - net: usb: ax88179_178a: Fix packet receiving
    - RDMA/qedr: Fix reporting QP timeout attribute
    - usbnet: fix memory allocation in helpers
    - net: ipv6: unexport __init-annotated seg6_hmac_net_init()
    - caif_virtio: fix race between virtio_device_ready() and ndo_open()
    - netfilter: nft_dynset: restore set element counter when failing to update
    - net: bonding: fix possible NULL deref in rlb code
    - net: bonding: fix use-after-free after 802.3ad slave unbind
    - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
    - NFC: nxp-nci: Don't issue a zero length i2c_master_read()
    - xen/gntdev: Avoid blocking in unmap_grant_pages()
    - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add()
      fails
    - sit: use min
    - ipv6/sit: fix ipip6_tunnel_get_prl return value
    - net: Rename and export copy_skb_header
    - xen/blkfront: fix leaking data in shared pages
    - xen/netfront: fix leaking data in shared pages
    - xen/netfront: force data bouncing when backend is untrusted
    - xen/blkfront: force data bouncing when backend is untrusted
    - xen/arm: Fix race in RB-tree based P2M accounting
    - net: usb: qmi_wwan: add Telit 0x1060 composition
    - net: usb: qmi_wwan: add Telit 0x1070 composition
    - virtio-net: fix race between ndo_open() and virtio_device_ready()
    - net: tun: unlink NAPI from device on destruction
    - net: tun: stop NAPI when detaching queues
    - esp: limit skb_page_frag_refill use to a single page
    - mm/slub: add missing TID updates on slab deactivation
    - can: grcan: grcan_probe(): remove extra of_node_get()
    - can: gs_usb: gs_usb_open/close(): fix memory leak
    - usbnet: fix memory leak in error case
    - net: rose: fix UAF bug caused by rose_t0timer_expiry
    - iommu/vt-d: Fix PCI bus rescan device hot add
    - video: of_display_timing.h: include errno.h
    - powerpc/powernv: delay rng platform device creation until later in boot
    - xfs: remove incorrect ASSERT in xfs_rename
    - pinctrl: sunxi: a83t: Fix NAND function name for some pins
    - i2c: cadence: Unregister the clk notifier in error path
    - ida: don't use BUG_ON() for debugging
    - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
    - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
    - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
    - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
    - dmaengine: pl330: Fix lockdep warning about non-static key
    - ALSA: hda - Add fixup for Dell Latitidue E5430
    - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
    - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
    - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
      pointer
    - ARM: 9213/1: Print message about disabled Spectre workarounds only once
    - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
    - cgroup: Use separate src/dst nodes when preloading css_sets for migration
    - nilfs2: fix incorrect masking of permission flags for symlinks
    - net: ds

  linux (4.15.0-193.204) bionic; urgency=medium

  * bionic/linux: 4.15.0-193.204 -proposed tracker (LP: #1987905)

  * CVE-2022-36946
    - netfilter: nf_queue: do not allow packet truncation below transport header
      offset

  * CVE-2021-33655
    - fbcon: Disallow setting font bigger than screen size
    - fbcon: Prevent that screen size is smaller than font size
    - fbmem: Check virtual screen sizes in fb_set_var()

 -- Luke Nowakowski-Krijger <email address hidden> Fri, 26 Aug 2022 11:31:10 -0700

  linux (4.15.0-192.203) bionic; urgency=medium

  * bionic/linux: 4.15.0-192.203 -proposed tracker (LP: #1983980)

  * CVE-2021-33656
    - vt: drop old FONT ioctls

  * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782)
    - binfmt_flat: do not stop relocating GOT entries prematurely on riscv
    - USB: serial: option: add Quectel BG95 modem
    - USB: new quirk for Dell Gen 2 devices
    - ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
    - ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
    - btrfs: add "0x" prefix for unsupported optional features
    - btrfs: repair super block num_devices automatically
    - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
    - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
    - b43legacy: Fix assigning negative value to unsigned variable
    - b43: Fix assigning negative value to unsigned variable
    - ipw2x00: Fix potential NULL dereference in libipw_xmit()
    - ACPICA: Avoid cache flush inside virtual machines
    - ALSA: jack: Access input_dev under mutex
    - drm/amd/pm: fix double free in si_parse_power_table()
    - ath9k: fix QCA9561 PA bias level
    - media: venus: hfi: avoid null dereference in deinit
    - media: pci: cx23885: Fix the error handling in cx23885_initdev()
    - media: cx25821: Fix the warning when removing the module
    - scsi: megaraid: Fix error check return value of register_chrdev()
    - drm/amd/pm: fix the compile warning
    - ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
    - ASoC: dapm: Don't fold register value changes into notifications
    - s390/preempt: disable __preempt_count_add() optimization for
      PROFILE_ALL_BRANCHES
    - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
    - ipmi:ssif: Check for NULL msg when handling events and messages
    - rtlwifi: Use pr_warn instead of WARN_ONCE
    - openrisc: start CPU timer early in boot
    - nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
    - ASoC: rt5645: Fix errorenous cleanup order
    - net: phy: micrel: Allow probing without .driver_data
    - media: exynos4-is: Fix compile warning
    - rxrpc: Return an error to sendmsg if call failed
    - eth: tg3: silence the GCC 12 array-bounds warning
    - ARM: dts: ox820: align interrupt controller node name with dtschema
    - fs: jfs: fix possible NULL pointer dereference in dbFree()
    - ARM: OMAP1: clock: Fix UART rate reporting algorithm
    - fat: add ratelimit to fat*_ent_bread()
    - ARM: versatile: Add missing of_node_put in dcscb_init
    - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
    - ARM: hisi: Add missing of_node_put after of_find_compatible_node
    - PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
    - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
    - powerpc/xics: fix refcount leak in icp_opal_init()
    - macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
    - RDMA/hfi1: Prevent panic when SDMA is disabled
    - drm: fix EDID struct for old ARM OABI format
    - ath9k: fix ar9003_get_eepmisc
    - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
    - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
    - x86/delay: Fix the wrong asm constraint in delay_loop()
    - drm/mediatek: Fix mtk_cec_mask()
    - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
    - NFC: NULL out the dev->rfkill to prevent UAF
    - efi: Add missing prototype for efi_capsule_setup_info
    - HID: hid-led: fix maximum brightness for Dream Cheeky
    - spi: img-spfi: Fix pm_runtime_get_sync() error checking
    - ath9k_htc: fix potential out of bounds access with invalid
      rxstatus->rs_keyix
    - inotify: show inotify mask flags in proc fdinfo
    - fsnotify: fix wrong lockdep annotations
    - x86/pm: Fix false positive kmemleak report in msr_build_context()
    - drm/msm/dsi: fix error checks and return values for DSI xmit functions
    - drm/msm/hdmi: check return value after calling
      platform_get_resource_byname()
    - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
    - x86: Fix return value of __setup handlers
    - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
    - x86/mm: Cleanup the control_va_addr_alignment() __setup handler
    - drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
    - media: uvcvideo: Fix missing check to determine if element is found in list
    - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
    - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
    - media: st-delta: Fix PM disable depth imbalance in delta_probe
    - media: exynos4-is: Change clk_disable to clk_disable_unprepare
    - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
    - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
    - m68k: math-emu: Fix dependencies of math emulation support
    - sctp: read sk->sk_bound_dev_if once in sctp_rcv()
    - ASoC: wm2000: fix missing clk_disable_unprepare() on error in
      wm2000_anc_transition()
    - rxrpc: Fix listen() setting the bar too high for the prealloc rings
    - rxrpc: Don't try to resend the request if we're receiving the reply
    - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
    - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
    - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
    - ARM: dts: bcm2835-rpi-b: Fix GPIO line names
    - mfd: ipaq-micro: Fix error check return value of platform_get_irq()
    - scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
    - pinctrl: mvebu: Fix irq_of_parse_and_map() return value
    - drivers/base/node.c: fix compaction sysfs file leak
    - powerpc/8xx: export 'cpm_setbrg' for modules
    - powerpc/idle: Fix return value of __setup() handler
    - powerpc

  linux (4.15.0-190.201) bionic; urgency=medium

  * bionic/linux: 4.15.0-190.201 -proposed tracker (LP: #1981321)

  * CVE-2022-1679
    - SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

  * Bionic update: upstream stable patchset 2022-07-06 (LP: #1980879)
    - MIPS: Use address-of operator on section symbols
    - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
    - can: grcan: grcan_probe(): fix broken system id check for errata workaround
      needs
    - can: grcan: only use the NAPI poll budget for RX
    - Bluetooth: Fix the creation of hdev->name
    - mmc: rtsx: add 74 Clocks in power on flow
    - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
    - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and
      __mcopy_atomic()
    - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
    - ALSA: pcm: Fix races among concurrent read/write and buffer changes
    - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
    - ALSA: pcm: Fix races among concurrent prealloc proc writes
    - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
    - VFS: Fix memory leak caused by concurrently mounting fs with subtype
    - batman-adv: Don't skb_split skbuffs with frag_list
    - net: Fix features skip in for_each_netdev_feature()
    - ipv4: drop dst in multicast routing path
    - netlink: do not reset transport header in netlink_recvmsg()
    - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
    - hwmon: (ltq-cputemp) restrict it to SOC_XWAY
    - s390/ctcm: fix variable dereferenced before check
    - s390/ctcm: fix potential memory leak
    - s390/lcs: fix variable dereferenced before check
    - net/smc: non blocking recvmsg() return -EAGAIN when no data and
      signal_pending
    - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
    - hwmon: (f71882fg) Fix negative temperature
    - ASoC: max98090: Reject invalid values in custom control put()
    - ASoC: max98090: Generate notifications on changes for custom control
    - ASoC: ops: Validate input values in snd_soc_put_volsw_range()
    - tcp: resalt the secret every 10 seconds
    - usb: cdc-wdm: fix reading stuck on device close
    - USB: serial: pl2303: add device id for HP LM930 Display
    - USB: serial: qcserial: add support for Sierra Wireless EM7590
    - USB: serial: option: add Fibocom L610 modem
    - USB: serial: option: add Fibocom MA510 modem
    - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
    - drm/vmwgfx: Initialize drm_mode_fb_cmd2
    - ping: fix address binding wrt vrf
    - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
    - net/sched: act_pedit: really ensure the skb is writable
    - um: Cleanup syscall_handler_t definition/cast, fix warning
    - Input: add bounds checking to input_set_capability()
    - Input: stmfts - fix reference leak in stmfts_input_open
    - MIPS: lantiq: check the return value of kzalloc()
    - drbd: remove usage of list iterator variable after loop
    - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
    - ALSA: wavefront: Proper check of get_user() error
    - perf: Fix sys_perf_event_open() race against self
    - drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
    - mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
    - mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
    - mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
    - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
    - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
    - clk: at91: generated: consider range when calculating best rate
    - net/qla3xxx: Fix a test in ql_reset_work()
    - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
    - ARM: 9196/1: spectre-bhb: enable for Cortex-A15
    - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
    - igb: skip phy status check where unavailable
    - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
    - gpio: gpio-vf610: do not touch other bits when set the target bit
    - gpio: mvebu/pwm: Refuse requests with inverted polarity
    - perf bench numa: Address compiler error on s390
    - scsi: qla2xxx: Fix missed DMA unmap for aborted commands
    - mac80211: fix rx reordering with non explicit / psmp ack policy
    - ethernet: tulip: fix missing pci_disable_device() on error in
      tulip_init_one()
    - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
    - net: atlantic: verify hw_head_ lies within TX buffer ring
    - swiotlb: fix info leak with DMA_FROM_DEVICE
    - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
    - net: macb: Increment rx bd head after allocating skb and buffer
    - net/sched: act_pedit: sanitize shift argument before usage
    - afs: Fix afs_getattr() to refetch file status if callback break occurred
    - x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
    - staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
    - tcp: change source port randomizarion at connect() time
    - secure_seq: use the 64 bits of the siphash for port offset calculation
    - ACPI: sysfs: Make sparse happy about address space in use
    - Revert "UBUNTU: SAUCE: ACPI: sysfs: copy ACPI data using io memory copying"
    - ACPI: sysfs: Fix BERT error region memory mapping
    - net: af_key: check encryption module availability consistency
    - net: ftgmac100: Disable hardware checksum on AST2600
    - drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI
      controllers
    - assoc_array: Fix BUG_ON during garbage collect
    - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
    - block-map: add __GFP_ZERO flag for alloc_p

  linux (4.15.0-189.200) bionic; urgency=medium

  * bionic/linux: 4.15.0-189.200 -proposed tracker (LP: #1979525)

  * linux-image-4.15.0-177-generic freezes on the welcome screen (LP: #1973167)
    - mfd: intel-lpss: Use MODULE_SOFTDEP() instead of implicit request

  * Bionic update: upstream stable patchset 2022-06-03 (LP: #1977622)
    - etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
    - mm: page_alloc: fix building error on -Werror=array-compare
    - tracing: Dump stacktrace trigger to the corresponding instance
    - gfs2: assign rgrp glock before compute_bitstructs
    - ALSA: usb-audio: Clear MIDI port active flag after draining
    - tcp: fix race condition when creating child sockets from syncookies
    - tcp: Fix potential use-after-free due to double kfree()
    - dmaengine: imx-sdma: Fix error checking in sdma_event_remap
    - net/packet: fix packet_sock xmit return value checking
    - netlink: reset network and mac headers in netlink_dump()
    - ARM: vexpress/spc: Avoid negative array index when !SMP
    - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be
      negative
    - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the
      constant
    - vxlan: fix error return code in vxlan_fdb_append
    - cifs: Check the IOCB_DIRECT flag, not O_DIRECT
    - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
    - drm/msm/mdp5: check the return of kzalloc()
    - net: macb: Restart tx only if queue pointer is lagging
    - stat: fix inconsistency between struct stat and struct compat_stat
    - ata: pata_marvell: Check the 'bmdma_addr' beforing reading
    - dma: at_xdmac: fix a missing check on list iterator
    - powerpc/perf: Fix power9 event alternatives
    - openvswitch: fix OOB access in reserve_sfa_size()
    - ASoC: soc-dapm: fix two incorrect uses of list iterator
    - e1000e: Fix possible overflow in LTR decoding
    - ARC: entry: fix syscall_trace_exit argument
    - ext4: fix symlink file size not match to file content
    - ext4: fix overhead calculation to account for the reserved gdt blocks
    - ext4: force overhead calculation if the s_overhead_cluster makes no sense
    - staging: ion: Prevent incorrect reference counting behavour
    - block/compat_ioctl: fix range check in BLKGETSIZE
    - ax25: add refcount in ax25_dev to avoid UAF bugs
    - ax25: fix reference count leaks of ax25_dev
    - ax25: fix UAF bugs of net_device caused by rebinding operation
    - ax25: Fix refcount leaks caused by ax25_cb_del()
    - ax25: fix UAF bug in ax25_send_control()
    - ax25: fix NPD bug in ax25_disconnect
    - ax25: Fix NULL pointer dereferences in ax25 timers
    - ax25: Fix UAF bugs in ax25 timers
    - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
    - net/sched: cls_u32: fix possible leak in u32_init_knode()
    - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
    - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare

  * Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831)
    - USB: serial: pl2303: add IBM device IDs
    - USB: serial: simple: add Nokia phone driver
    - netdevice: add the case if dev is NULL
    - virtio_console: break out of buf poll on remove
    - ethernet: sun: Free the coherent when failing in probing
    - spi: Fix invalid sgs value
    - spi: Fix erroneous sgs value with min_t()
    - af_key: add __GFP_ZERO flag for compose_sadb_supported in function
      pfkey_register
    - fuse: fix pipe buffer lifetime for direct_io
    - tpm: fix reference counting for struct tpm_chip
    - block: Add a helper to validate the block size
    - virtio-blk: Use blk_validate_block_size() to validate block size
    - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
    - coresight: Fix TRCCONFIGR.QE sysfs interface
    - iio: inkern: apply consumer scale on IIO_VAL_INT cases
    - iio: inkern: apply consumer scale when no channel scale is available
    - iio: inkern: make a best effort on offset calculation
    - clk: uniphier: Fix fixed-rate initialization
    - Documentation: add link to stable release candidate tree
    - Documentation: update stable tree link
    - SUNRPC: avoid race between mod_timer() and del_timer_sync()
    - NFSD: prevent underflow in nfssvc_decode_writeargs()
    - pinctrl: samsung: drop pin banks references on error paths
    - jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
    - jffs2: fix memory leak in jffs2_do_mount_fs
    - jffs2: fix memory leak in jffs2_scan_medium
    - mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
    - mempolicy: mbind_range() set_policy() after vma_merge()
    - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
    - qed: display VF trust config
    - qed: validate and restrict untrusted VFs vlan promisc mode
    - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
    - ALSA: cs4236: fix an incorrect NULL check on list iterator
    - drbd: fix potential silent data corruption
    - ACPI: properties: Consistently return -ENOENT if there are no more
      references
    - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
    - video: fbdev: sm712fb: Fix crash in smtcfb_read()
    - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
    - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
    - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5250
    - ARM: dts: exynos: add missing HDMI supplies on SMDK5420
    - carl9170: fix missing bit-wise or operator for tx_params
    - thermal: int340x: Increase bitmap size
    - lib/raid6/test: fix multiple definition linking error
    - DEC: Limit PMAX memory probing to R3k systems
    - media: davinci: vpif: fix unbalanced runtime PM get
    - brcmfmac: firmware: Allocate space for default boardrev in nvram
    - brc