[rocky10_1] History Rebuild through kernel-6.12.0-124.35.1.el10_1 by PlaidCat · Pull Request #874 · ctrliq/kernel-src-tree

PlaidCat · 2026-02-12T22:15:06Z

This is an automated kernel history rebuild using cron and internal tooling. It follows the same process used for previous history rebuilds:

Download all unprocessed src.rpm packages
For each src.rpm:
- Identify all commits in the changelog up to the last known tag (6.12.0-124)
- Replay commits in chronological order (oldest to newest in the changelog) using git cherry-pick
- Replace the code in the branch with the output of rpmbuild -bp for the corresponding src.rpm
- Tag the rebuild branch

JIRA Tickets

Parent: KERNEL-601
History Rebuild: KERNEL-602

Rebuild Splat Inspection

kernel-6.12.0-124.35.1.el10_1

$ cat ciq/ciq_backports/kernel-6.12.0-124.35.1.el10_1/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v6.12~1..kernel-mainline: 93416
Number of commits in rpm: 20
Number of commits matched with upstream: 15 (75.00%)
Number of commits in upstream but not in rpm: 93401
Number of commits NOT found in upstream: 5 (25.00%)

Rebuilding Kernel on Branch rocky10_1_rebuild_kernel-6.12.0-124.35.1.el10_1 for kernel-6.12.0-124.35.1.el10_1
Clean Cherry Picks: 13 (86.67%)
Empty Cherry Picks: 2 (13.33%)
_______________________________

__EMPTY COMMITS__________________________
f57e53ea252363234f86674db475839e5b87102e smb: client: let recv_done verify data_offset, data_length and remaining_data_length
41b70df5b38bc80967d2e0ed55cc3c3896bba781 io_uring/net: commit partial buffers on retry

__CHANGES NOT IN UPSTREAM________________
Add partial riscv64 support for build root'
Provide basic VisionFive 2 support'
Patch MMU for riscv64'
ice: Fix kernel panic due to page refcount underflow
ice: prevent NULL deref in ice_lag_move_new_vf_nodes()

BUILD

$ grep -E -B 5 -A 5 "\[TIMER\]|^Starting Build" $(ls -t kbuild* | head -n1)
/mnt/code/kernel-src-tree-build
Running make mrproper...
  CLEAN   scripts/basic
  CLEAN   scripts/kconfig
  CLEAN   include/config include/generated
[TIMER]{MRPROPER}: 6s
x86_64 architecture detected, copying config
'configs/kernel-x86_64-rhel.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-rocky10_1_rebuild-cf93036bafdb"
Making olddefconfig
--
  HOSTCC  scripts/kconfig/util.o
  HOSTLD  scripts/kconfig/conf
#
# configuration written to .config
#
Starting Build
  GEN     arch/x86/include/generated/asm/orc_hash.h
  WRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.h
  WRAP    arch/x86/include/generated/uapi/asm/errno.h
  WRAP    arch/x86/include/generated/uapi/asm/fcntl.h
  WRAP    arch/x86/include/generated/uapi/asm/ioctl.h
--
  BTF [M] net/qrtr/qrtr.ko
  BTF [M] net/hsr/hsr.ko
  LD [M]  virt/lib/irqbypass.ko
  BTF [M] net/qrtr/qrtr-mhi.ko
  BTF [M] virt/lib/irqbypass.ko
[TIMER]{BUILD}: 2065s
Making Modules
  SYMLINK /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/build
  INSTALL /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/modules.order
  INSTALL /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/modules.builtin
  INSTALL /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/modules.builtin.modinfo
--
  STRIP   /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/kernel/virt/lib/irqbypass.ko
  SIGN    /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/kernel/net/qrtr/qrtr-mhi.ko
  SIGN    /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/kernel/virt/lib/irqbypass.ko
  SIGN    /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+/kernel/net/qrtr/qrtr.ko
  DEPMOD  /lib/modules/6.12.0-rocky10_1_rebuild-cf93036bafdb+
[TIMER]{MODULES}: 14s
Making Install
  INSTALL /boot
[TIMER]{INSTALL}: 17s
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-6.12.0-rocky10_1_rebuild-cf93036bafdb+ and Index to 0
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 6s
[TIMER]{BUILD}: 2065s
[TIMER]{MODULES}: 14s
[TIMER]{INSTALL}: 17s
[TIMER]{TOTAL} 2107s
Rebooting in 10 seconds

KSelfTests

$ get_kselftest_diff.sh
kselftest.6.12.0-jmaple_rlc-10_6.12.0-124.29.1.el10_1-ff7f77f09d8a+.log
447
kselftest.6.12.0-rocky10_1_rebuild-248c2b40639d+.log
459
kselftest.6.12.0-jmaple_rlc-10_6.12.0-124.31.1.el10_1-0f8c8e7fb96c+.log
459
kselftest.6.12.0-rocky10_1_rebuild-cf93036bafdb+.log
458
Before: kselftest.6.12.0-jmaple_rlc-10_6.12.0-124.31.1.el10_1-0f8c8e7fb96c+.log
After: kselftest.6.12.0-rocky10_1_rebuild-cf93036bafdb+.log
Diff:
-ok 2 selftests: seccomp: seccomp_benchmark

jira KERNEL-602 cve CVE-2025-40322 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Junjie Cao <junjie.cao@intel.com> commit 18c4ef4 bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the built-in font array. Clamp the index to the actual glyph count before computing the address. This fixes a global out-of-bounds read reported by syzbot. Reported-by: syzbot+793cf822d213be1a74f2@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=793cf822d213be1a74f2 Tested-by: syzbot+793cf822d213be1a74f2@syzkaller.appspotmail.com Signed-off-by: Junjie Cao <junjie.cao@intel.com> Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de> Signed-off-by: Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org (cherry picked from commit 18c4ef4) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 cve CVE-2025-40304 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Albin Babu Varghese <albinbabuvarghese20@gmail.com> commit 3637d34 Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip image height to screen boundary. Break from the rendering loop if the X position is off-screen. When clipping image width to fit the screen, update the character count to match the clipped width to prevent buffer size mismatches. Without the character count update, bit_putcs_aligned and bit_putcs_unaligned receive mismatched parameters where the buffer is allocated for the clipped width but cnt reflects the original larger count, causing out-of-bounds writes. Reported-by: syzbot+48b0652a95834717f190@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=48b0652a95834717f190 Suggested-by: Helge Deller <deller@gmx.de> Tested-by: syzbot+48b0652a95834717f190@syzkaller.appspotmail.com Signed-off-by: Albin Babu Varghese <albinbabuvarghese20@gmail.com> Signed-off-by: Helge Deller <deller@gmx.de> (cherry picked from commit 3637d34) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 cve CVE-2025-38415 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Phillip Lougher <phillip@squashfs.org.uk> commit 734aa85 Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, issues an ioctl("/dev/loop0", LOOP_SET_BLOCK_SIZE, 0x8000). Now if this ioctl occurs at the same time another process is in the process of mounting a Squashfs filesystem on /dev/loop0, the failure occurs. When this happens the following code in squashfs_fill_super() fails. ---- msblk->devblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE); msblk->devblksize_log2 = ffz(~msblk->devblksize); ---- sb_min_blocksize() returns 0, which means msblk->devblksize is set to 0. As a result, ffz(~msblk->devblksize) returns 64, and msblk->devblksize_log2 is set to 64. This subsequently causes the UBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') This commit adds a check for a 0 return by sb_min_blocksize(). Link: https://lkml.kernel.org/r/20250409024747.876480-1-phillip@squashfs.org.uk Fixes: 0aa6661 ("Squashfs: super block operations") Reported-by: syzbot+65761fc25a137b9c8c6e@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/67f0dd7a.050a0220.0a13.0230.GAE@google.com/ Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 734aa85) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 cve CVE-2025-38415 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Phillip Lougher <phillip@squashfs.org.uk> commit b64700d If sb_min_blocksize returns 0, squashfs_fill_super exits without freeing allocated memory (sb->s_fs_info). Fix this by moving the call to sb_min_blocksize to before memory is allocated. Link: https://lkml.kernel.org/r/20250811223740.110392-1-phillip@squashfs.org.uk Fixes: 734aa85 ("Squashfs: check return result of sb_min_blocksize") Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Reported-by: Scott GUO <scottzhguo@tencent.com> Closes: https://lore.kernel.org/all/20250811061921.3807353-1-scott_gzh@163.com Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit b64700d) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

…ing_data_length jira KERNEL-602 cve CVE-2025-39933 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Stefan Metzmacher <metze@samba.org> commit f57e53e Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.35.1.el10_1/f57e53ea.failed This is inspired by the related server fixes. Cc: Tom Talpey <tom@talpey.com> Cc: Long Li <longli@microsoft.com> Cc: linux-cifs@vger.kernel.org Cc: samba-technical@lists.samba.org Reviewed-by: Namjae Jeon <linkinjeon@kernel.org> Fixes: f198186 ("CIFS: SMBD: Establish SMB Direct connection") Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit f57e53e) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # fs/smb/client/smbdirect.c

jira KERNEL-602 cve CVE-2025-38730 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Jens Axboe <axboe@kernel.dk> commit 41b70df Empty-Commit: Cherry-Pick Conflicts during history rebuild. Will be included in final tarball splat. Ref for failed cherry-pick at: ciq/ciq_backports/kernel-6.12.0-124.35.1.el10_1/41b70df5.failed Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on retry. But on the networking side, if MSG_WAITALL is set, or if the socket is of the streaming type and too little was processed, then it will hang on to the buffer rather than recycle or commit it. This is problematic for two reasons: 1) If someone unregisters the provided buffer ring before a later retry, then the req->buf_list will no longer be valid. 2) If multiple sockers are using the same buffer group, then multiple receives can consume the same memory. This can cause data corruption in the application, as either receive could land in the same userspace buffer. Fix this by disallowing partial retries from pinning a provided buffer across multiple executions, if ring provided buffers are used. Cc: stable@vger.kernel.org Reported-by: pt x <superman.xpt@gmail.com> Fixes: c56e022 ("io_uring: add support for user mapped provided buffer ring") Signed-off-by: Jens Axboe <axboe@kernel.dk> (cherry picked from commit 41b70df) Signed-off-by: Jonathan Maple <jmaple@ciq.com> # Conflicts: # io_uring/net.c

jira KERNEL-602 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Tonghao Zhang <tonghao@bamaicloud.com> commit ce7a381 Stacking technology is a type of technology used to expand ports on Ethernet switches. It is widely used as a common access method in large-scale Internet data center architectures. Years of practice have proved that stacking technology has advantages and disadvantages in high-reliability network architecture scenarios. For instance, in stacking networking arch, conventional switch system upgrades require multiple stacked devices to restart at the same time. Therefore, it is inevitable that the business will be interrupted for a while. It is for this reason that "no-stacking" in data centers has become a trend. Additionally, when the stacking link connecting the switches fails or is abnormal, the stack will split. Although it is not common, it still happens in actual operation. The problem is that after the split, it is equivalent to two switches with the same configuration appearing in the network, causing network configuration conflicts and ultimately interrupting the services carried by the stacking system. To improve network stability, "non-stacking" solutions have been increasingly adopted, particularly by public cloud providers and tech companies like Alibaba, Tencent, and Didi. "non-stacking" is a method of mimicing switch stacking that convinces a LACP peer, bonding in this case, connected to a set of "non-stacked" switches that all of its ports are connected to a single switch (i.e., LACP aggregator), as if those switches were stacked. This enables the LACP peer's ports to aggregate together, and requires (a) special switch configuration, described in the linked article, and (b) modifications to the bonding 802.3ad (LACP) mode to send all ARP/ND packets across all ports of the active aggregator. Note that, with multiple aggregators, the current broadcast mode logic will send only packets to the selected aggregator(s). +-----------+ +-----------+ | switch1 | | switch2 | +-----------+ +-----------+ ^ ^ | | +-----------------+ | bond4 lacp | +-----------------+ | | | NIC1 | NIC2 +-----------------+ | server | +-----------------+ - https://www.ruijie.com/fr-fr/support/tech-gallery/de-stack-data-center-network-architecture/ Cc: Jay Vosburgh <jv@jvosburgh.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: Simon Horman <horms@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Andrew Lunn <andrew+netdev@lunn.ch> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Nikolay Aleksandrov <razor@blackwall.org> Signed-off-by: Tonghao Zhang <tonghao@bamaicloud.com> Signed-off-by: Zengbing Tu <tuzengbing@didiglobal.com> Link: https://patch.msgid.link/84d0a044514157bb856a10b6d03a1028c4883561.1751031306.git.tonghao@bamaicloud.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> (cherry picked from commit ce7a381) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Tonghao Zhang <tonghao@bamaicloud.com> commit 3d98ee5 User can config or display the bonding broadcast_neighbor option via iproute2/netlink. Cc: Jay Vosburgh <jv@jvosburgh.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: Simon Horman <horms@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Andrew Lunn <andrew+netdev@lunn.ch> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Nikolay Aleksandrov <razor@blackwall.org> Signed-off-by: Tonghao Zhang <tonghao@bamaicloud.com> Signed-off-by: Zengbing Tu <tuzengbing@didiglobal.com> Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org> Link: https://patch.msgid.link/76b90700ba5b98027dfb51a2f3c5cfea0440a21b.1751031306.git.tonghao@bamaicloud.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> (cherry picked from commit 3d98ee5) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Tonghao Zhang <tonghao@bamaicloud.com> commit e0caeb2 This patch fixes ce7a381 ("net: bonding: add broadcast_neighbor option for 802.3ad"). Before this commit, on the broadcast mode, all devices were traversed using the bond_for_each_slave_rcu. This patch supports traversing devices by using all_slaves. Therefore, we need to update the slave array when enslave or release slave. Fixes: ce7a381 ("net: bonding: add broadcast_neighbor option for 802.3ad") Cc: Simon Horman <horms@kernel.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Andrew Lunn <andrew+netdev@lunn.ch> Cc: <stable@vger.kernel.org> Reported-by: Jiri Slaby <jirislaby@kernel.org> Tested-by: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/all/a97e6e1e-81bc-4a79-8352-9e4794b0d2ca@kernel.org/ Signed-off-by: Tonghao Zhang <tonghao@bamaicloud.com> Reviewed-by: Hangbin Liu <liuhangbin@gmail.com> Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org> Acked-by: Jay Vosburgh <jv@jvosburgh.net> Link: https://patch.msgid.link/20251016125136.16568-1-tonghao@bamaicloud.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit e0caeb2) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Shakeel Butt <shakeel.butt@linux.dev> commit 777a856 Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio". For the sleepable context, convert freader to use __kernel_read() instead of direct page cache access via read_cache_folio(). This simplifies the faultable code path by using the standard kernel file reading interface which handles all the complexity of reading file data. At the moment we are not changing the code for non-sleepable context which uses filemap_get_folio() and only succeeds if the target folios are already in memory and up-to-date. The reason is to keep the patch simple and easier to backport to stable kernels. Syzbot repro does not crash the kernel anymore and the selftests run successfully. In the follow up we will make __kernel_read() with IOCB_NOWAIT work for non-sleepable contexts. In addition, I would like to replace the secretmem check with a more generic approach and will add fstest for the buildid code. Link: https://lkml.kernel.org/r/20251222205859.3968077-1-shakeel.butt@linux.dev Fixes: ad41251 ("lib/buildid: implement sleepable build_id_parse() API") Reported-by: syzbot+09b7d050e4806540153d@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=09b7d050e4806540153d Signed-off-by: Shakeel Butt <shakeel.butt@linux.dev> Reviewed-by: Christoph Hellwig <hch@lst.de> Tested-by: Jinchao Wang <wangjinchao600@gmail.com> Link: https://lkml.kernel.org/r/aUteBPWPYzVWIZFH@ndev Reviewed-by: Christian Brauner <brauner@kernel.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Andrii Nakryiko <andrii@kernel.org> Cc: Daniel Borkman <daniel@iogearbox.net> Cc: "Darrick J. Wong" <djwong@kernel.org> Cc: Matthew Wilcox (Oracle) <willy@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> (cherry picked from commit 777a856) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Kees Cook <kees@kernel.org> commit 3a3f61c Using strscpy() meant that the final character in task->comm may be non-NUL for a moment before the "string too long" truncation happens. Instead of adding a new use of the ambiguous strncpy(), we'd want to use memtostr_pad() which enforces being able to check at compile time that sizes are sensible, but this requires being able to see string buffer lengths. Instead of trying to inline __set_task_comm() (which needs to call trace and perf functions), just open-code it. But to make sure we're always safe, add compile-time checking like we already do for get_task_comm(). Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Suggested-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Kees Cook <kees@kernel.org> (cherry picked from commit 3a3f61c) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 cve CVE-2025-68811 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Joshua Rogers <linux@joshua.hu> commit a8ee909 svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current page. Found by ZeroPath (https://zeropath.com) Fixes: 8e12258 ("svcrdma: Move svc_rdma_read_info::ri_pageno to struct svc_rdma_recv_ctxt") Cc: stable@vger.kernel.org Signed-off-by: Joshua Rogers <linux@joshua.hu> Signed-off-by: Chuck Lever <chuck.lever@oracle.com> (cherry picked from commit a8ee909) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

…g it jira KERNEL-602 cve CVE-2025-38403 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author HarshaVardhana S A <harshavardhana.sa@broadcom.com> commit 223e228 In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left in the structure. Cc: Bryan Tan <bryan-bt.tan@broadcom.com> Cc: Vishnu Dasa <vishnu.dasa@broadcom.com> Cc: Broadcom internal kernel review list Cc: Stefano Garzarella <sgarzare@redhat.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Jakub Kicinski <kuba@kernel.org> Cc: Paolo Abeni <pabeni@redhat.com> Cc: Simon Horman <horms@kernel.org> Cc: virtualization@lists.linux.dev Cc: netdev@vger.kernel.org Cc: stable <stable@kernel.org> Signed-off-by: HarshaVardhana S A <harshavardhana.sa@broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Fixes: d021c34 ("VSOCK: Introduce VM Sockets") Acked-by: Stefano Garzarella <sgarzare@redhat.com> Link: https://patch.msgid.link/20250701122254.2397440-1-gregkh@linuxfoundation.org Signed-off-by: Paolo Abeni <pabeni@redhat.com> (cherry picked from commit 223e228) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Kuniyuki Iwashima <kuniyu@google.com> commit 108a86c mptcp_active_enable() calls sk_dst_get(), which returns dst with its refcount bumped, but forgot dst_release(). Let's add missing dst_release(). Cc: stable@vger.kernel.org Fixes: 27069e7 ("mptcp: disable active MPTCP in case of blackhole") Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20250916214758.650211-7-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 108a86c) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

jira KERNEL-602 cve CVE-2025-40133 Rebuild_History Non-Buildable kernel-6.12.0-124.35.1.el10_1 commit-author Kuniyuki Iwashima <kuniyu@google.com> commit 893c49a mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Fixes: 27069e7 ("mptcp: disable active MPTCP in case of blackhole") Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20250916214758.650211-8-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> (cherry picked from commit 893c49a) Signed-off-by: Jonathan Maple <jmaple@ciq.com>

Rebuild_History BUILDABLE Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% Number of commits in upstream range v6.12~1..kernel-mainline: 93416 Number of commits in rpm: 20 Number of commits matched with upstream: 15 (75.00%) Number of commits in upstream but not in rpm: 93401 Number of commits NOT found in upstream: 5 (25.00%) Rebuilding Kernel on Branch rocky10_1_rebuild_kernel-6.12.0-124.35.1.el10_1 for kernel-6.12.0-124.35.1.el10_1 Clean Cherry Picks: 13 (86.67%) Empty Cherry Picks: 2 (13.33%) _______________________________ Full Details Located here: ciq/ciq_backports/kernel-6.12.0-124.35.1.el10_1/rebuild.details.txt Includes: * git commit header above * Empty Commits with upstream SHA * RPM ChangeLog Entries that could not be matched Individual Empty Commit failures contained in the same containing directory. The git message for empty commits will have the path for the failed commit. File names are the first 8 characters of the upstream SHA

PlaidCat added 16 commits February 12, 2026 16:06

PlaidCat self-assigned this Feb 12, 2026

PlaidCat requested review from a team February 12, 2026 22:15

roxanan1996 approved these changes Feb 13, 2026

View reviewed changes

jdieter approved these changes Feb 13, 2026

View reviewed changes

PlaidCat merged commit cf93036 into rocky10_1 Feb 13, 2026
4 checks passed

PlaidCat deleted the rocky10_1_rebuild branch February 13, 2026 19:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[rocky10_1] History Rebuild through kernel-6.12.0-124.35.1.el10_1#874

[rocky10_1] History Rebuild through kernel-6.12.0-124.35.1.el10_1#874
PlaidCat merged 16 commits intorocky10_1from
rocky10_1_rebuild

PlaidCat commented Feb 12, 2026 •

edited by atlassian bot

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

Conversation

PlaidCat commented Feb 12, 2026 • edited by atlassian bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

JIRA Tickets

Rebuild Splat Inspection

kernel-6.12.0-124.35.1.el10_1

BUILD

KSelfTests

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

PlaidCat commented Feb 12, 2026 •

edited by atlassian bot

Loading