<?xml version="1.0" encoding="utf-8"?>
<!--RSS generated by Flaimo.com RSS Builder [2026-07-03 18:47:04]-->
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"><channel><docs>https://bugs.almalinux.org/</docs><link>https://bugs.almalinux.org/</link><description><![CDATA[MantisBT - Issues]]></description><title>MantisBT - Issues</title><image><title>MantisBT - Issues</title><url>https://bugs.almalinux.org/images/mantis_logo.png</url><link>https://bugs.almalinux.org/</link><description><![CDATA[MantisBT - Issues]]></description></image><language>en</language><category>All Projects</category><ttl>10</ttl><dc:language>en</dc:language><sy:updatePeriod>hourly</sy:updatePeriod><sy:updateFrequency>1</sy:updateFrequency><item><title>0000644: AlmaLinux 10: advisories removed from errata.full.json while their HTML pages remain published — which source is authoritative?</title><author></author><link>https://bugs.almalinux.org/view.php?id=644</link><description><![CDATA[I help maintain the data pipeline of an open-source vulnerability scanner&lt;br /&gt;
&lt;a href=&quot;https://github.com/future-architect/vuls/&quot; rel=&quot;noopener&quot;&gt;https://github.com/future-architect/vuls/&lt;/a&gt; , which consumes &lt;a href=&quot;https://errata.almalinux.org/10/errata.full.json&quot; rel=&quot;noopener&quot;&gt;https://errata.almalinux.org/10/errata.full.json.&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
Around 2026-05-19..26, the AlmaLinux 10 errata feed went through a large&lt;br /&gt;
re-curation:&lt;br /&gt;
&lt;br /&gt;
- Many published ALSA advisories disappeared from errata.full.json.&lt;br /&gt;
  Our snapshot of 2026-05-21 contained 279 advisories; during that window&lt;br /&gt;
  the feed shrank to roughly 60, and it has since regrown to 264&lt;br /&gt;
  (as of 2026-07-02).&lt;br /&gt;
- Some advisories were re-issued under new IDs, in some cases more than&lt;br /&gt;
  once. Example: CVE-2025-13601 was covered by ALSA-2026:0975, which&lt;br /&gt;
  disappeared and is now covered by ALSA-2026:18344.&lt;br /&gt;
- However, the static HTML pages of the removed advisories are still&lt;br /&gt;
  published: they return HTTP 200 with full content, and they are still&lt;br /&gt;
  listed in the directory index at &lt;a href=&quot;https://errata.almalinux.org/10/&quot; rel=&quot;noopener&quot;&gt;https://errata.almalinux.org/10/&lt;/a&gt;&lt;br /&gt;
  (504 ALSA-*.html files vs 264 entries in the current feed).&lt;br /&gt;
&lt;br /&gt;
Impact: comparing our 2026-05-21 snapshot with the current feed, the&lt;br /&gt;
removed advisories referenced 434 unique CVEs, of which only 58 are still&lt;br /&gt;
referenced by any advisory in the current feed. The remaining 376 CVEs are&lt;br /&gt;
no longer covered at all. For downstream consumers of the feed (security&lt;br /&gt;
scanners, SBOM/VEX tooling), this is an effective loss of detection&lt;br /&gt;
coverage for AlmaLinux 10, while the same advisories still look&lt;br /&gt;
&quot;published&quot; on the website.&lt;br /&gt;
&lt;br /&gt;
Questions:&lt;br /&gt;
1. Was the removal of these advisories from errata.full.json an&lt;br /&gt;
   intentional retirement/re-curation, or a side effect of how the feed&lt;br /&gt;
   is regenerated?&lt;br /&gt;
2. Which source should downstream consumers treat as authoritative:&lt;br /&gt;
   errata.full.json, the HTML pages, or the updateinfo.xml shipped in&lt;br /&gt;
   the repositories?&lt;br /&gt;
3. If the retirement is intentional, could the corresponding HTML pages&lt;br /&gt;
   be removed or marked as retired, so the two sources stay consistent?&lt;br /&gt;
   Conversely, if it is not intentional, could the feed be regenerated&lt;br /&gt;
   to include them again?&lt;br /&gt;
4. Is there any announcement or changelog describing this re-curation&lt;br /&gt;
   that we could reference?&lt;br /&gt;
&lt;br /&gt;
Other examples absent from the feed but live as HTML:&lt;br /&gt;
- &lt;a href=&quot;https://errata.almalinux.org/10/ALSA-2025-21013.html&quot; rel=&quot;noopener&quot;&gt;https://errata.almalinux.org/10/ALSA-2025-21013.html&lt;/a&gt; (libssh)&lt;br /&gt;
- &lt;a href=&quot;https://errata.almalinux.org/10/ALSA-2025-23479.html&quot; rel=&quot;noopener&quot;&gt;https://errata.almalinux.org/10/ALSA-2025-23479.html&lt;/a&gt; (openssh)&lt;br /&gt;
- &lt;a href=&quot;https://errata.almalinux.org/10/ALSA-2026-13515.html&quot; rel=&quot;noopener&quot;&gt;https://errata.almalinux.org/10/ALSA-2026-13515.html&lt;/a&gt; (freeipmi)&lt;br /&gt;
- &lt;a href=&quot;https://errata.almalinux.org/10/ALSA-2026-3517.html&quot; rel=&quot;noopener&quot;&gt;https://errata.almalinux.org/10/ALSA-2026-3517.html&lt;/a&gt; (thunderbird)]]></description><category>General</category><pubDate>Fri, 03 Jul 2026 01:45:49 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=644</guid><comments>https://bugs.almalinux.org/view.php?id=644#bugnotes</comments></item><item><title>0000638: samba-4.19.4-16.el8_10.src.rpm fails to build on AlmaLinux 8.10: samba-4.19-redhat.patch cannot be applied</title><author></author><link>https://bugs.almalinux.org/view.php?id=638</link><description><![CDATA[I am trying to rebuild the official samba-4.19.4-16.el8_10.src.rpm package on AlmaLinux 8.10.&lt;br /&gt;
&lt;br /&gt;
The build process fails during the %prep phase while applying the samba-4.19-redhat.patch patch.&lt;br /&gt;
&lt;br /&gt;
The error obtained is:&lt;br /&gt;
&lt;br /&gt;
/usr/bin/patch -p1 -s --fuzz=0 --no-backup-if-mismatch&lt;br /&gt;
&lt;br /&gt;
1 out of 3 hunks FAILED -- saving rejects to file lib/util/substitute.c.rej&lt;br /&gt;
1 out of 7 hunks FAILED -- saving rejects to file source3/printing/print_generic.c.rej&lt;br /&gt;
1 out of 1 hunk FAILED -- saving rejects to file docs-xml/smbdotconf/printing/printcommand.xml.rej&lt;br /&gt;
&lt;br /&gt;
error: Bad exit status from /var/tmp/rpm-tmp.ulMvkp (%prep)]]></description><category>samba</category><pubDate>Thu, 02 Jul 2026 08:11:05 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=638</guid><comments>https://bugs.almalinux.org/view.php?id=638#bugnotes</comments></item><item><title>0000643: [AlmaLinux][Backport][MANA] net: mana: Fall back to standard MTU when PF reports adapter_mtu of 0</title><author></author><link>https://bugs.almalinux.org/view.php?id=643</link><description><![CDATA[Request backport of the following bug fix patch. &lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=6bd81a5b4e0d&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=6bd81a5b4e0d&lt;/a&gt;]]></description><category>General</category><pubDate>Wed, 01 Jul 2026 17:10:13 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=643</guid><comments>https://bugs.almalinux.org/view.php?id=643#bugnotes</comments></item><item><title>0000642: [AlmaLinux][Mana][Backport] net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR</title><author></author><link>https://bugs.almalinux.org/view.php?id=642</link><description><![CDATA[Request backport of the following patch. &lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=95084f1883a7&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=95084f1883a7&lt;/a&gt;]]></description><category>General</category><pubDate>Wed, 01 Jul 2026 14:31:42 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=642</guid><comments>https://bugs.almalinux.org/view.php?id=642#bugnotes</comments></item><item><title>0000641: [AlmaLinux][Backport][Mana] patches for Numa, RSS Queues.</title><author></author><link>https://bugs.almalinux.org/view.php?id=641</link><description><![CDATA[Request backport of the following patches &lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=45b2b84ac6fde39c427018d6cdf7d44258938faa&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=45b2b84ac6fde39c427018d6cdf7d44258938faa&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?h=hyperv-fixes&amp;id=7b3b1e5a87b2f5e35c52b5386d7c327be869454f&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux.git/commit/?h=hyperv-fixes&amp;id=7b3b1e5a87b2f5e35c52b5386d7c327be869454f&lt;/a&gt;]]></description><category>General</category><pubDate>Wed, 01 Jul 2026 14:25:23 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=641</guid><comments>https://bugs.almalinux.org/view.php?id=641#bugnotes</comments></item><item><title>0000640: [AlmaLinux][Backport][MANA] net: mana: Optimize irq affinity for low vcpu configs</title><author></author><link>https://bugs.almalinux.org/view.php?id=640</link><description><![CDATA[Upstream References&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://lore.kernel.org/all/20260624072138.1632849-1-shradhagupta@linux.microsoft.com/&quot; rel=&quot;noopener&quot;&gt;https://lore.kernel.org/all/20260624072138.1632849-1-shradhagupta@linux.microsoft.com/&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
Dependence Patch&lt;br /&gt;
upstream previous kernel version for patch: bug fix for: Fixes: 755391121038 (&quot;net: mana: Allocate MSI-X vectors dynamically&quot;)]]></description><category>General</category><pubDate>Wed, 01 Jul 2026 13:59:06 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=640</guid><comments>https://bugs.almalinux.org/view.php?id=640#bugnotes</comments></item><item><title>0000639: [AlmaLinux][Backport][MANA] net: mana: fix error-path issues in queue setup</title><author></author><link>https://bugs.almalinux.org/view.php?id=639</link><description><![CDATA[Request backport of the following patch. &lt;br /&gt;
&lt;br /&gt;
Problem Summary&lt;br /&gt;
Two error-path fixes in MANA queue setup, both surfaced during review of a recently upstreamed patch series.&lt;br /&gt;
&lt;br /&gt;
Patch 1 initializes queue-&gt;id to INVALID_QUEUE_ID in mana_gd_create_mana_wq_cq() so that a CQ creation failure before the firmware id is assigned does not NULL gc-&gt;cq_table[0] and silently break whichever real CQ owns that slot. This mirrors the existing pattern in mana_gd_create_eq().&lt;br /&gt;
&lt;br /&gt;
Patch 2 guards mana_destroy_txq()'s call to mana_destroy_wq_obj() with an INVALID_MANA_HANDLE check, mirroring mana_destroy_rxq(). Without it, TX setup failures lead to a firmware-rejected destroy of (u64)-1 and a spurious error in dmesg.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Upstream reference&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5985474e1cb4&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5985474e1cb4&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f8fd56977eee&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f8fd56977eee&lt;/a&gt;]]></description><category>General</category><pubDate>Tue, 30 Jun 2026 12:55:57 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=639</guid><comments>https://bugs.almalinux.org/view.php?id=639#bugnotes</comments></item><item><title>0000637: [AlmaLinux][Mana][Backport] Cobalt 200 mana networking performance patch to use full 4k page rx buffers (disable page fragmentat</title><author></author><link>https://bugs.almalinux.org/view.php?id=637</link><description><![CDATA[Request backport of the following patch. &lt;br /&gt;
&lt;br /&gt;
Primary Patch&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://lore.kernel.org/all/20260602202801.1873742-1-dipayanroy@linux.microsoft.com/&quot; rel=&quot;noopener&quot;&gt;https://lore.kernel.org/all/20260602202801.1873742-1-dipayanroy@linux.microsoft.com/&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
Prerequisite Patches&lt;br /&gt;
&lt;a href=&quot;https://lore.kernel.org/all/acLUhLpLum6qrD%2fN@linuxonhyperv3.guj3yctzbm1etfxqx2vob5hsef.xx.internal.cloudapp.net/&quot; rel=&quot;noopener&quot;&gt;https://lore.kernel.org/all/acLUhLpLum6qrD%2fN@linuxonhyperv3.guj3yctzbm1etfxqx2vob5hsef.xx.internal.cloudapp.net/&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=17bfe0a8c014&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=17bfe0a8c014&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5b05aa36ee24&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=5b05aa36ee24&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
Dependencies&lt;br /&gt;
All prerequisite patches must be applied before enabling the ethtool flag patch&lt;br /&gt;
Requires existing MANA RX path implementation with page_pool support]]></description><category>General</category><pubDate>Tue, 30 Jun 2026 12:18:05 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=637</guid><comments>https://bugs.almalinux.org/view.php?id=637#bugnotes</comments></item><item><title>0000636: kernel BUG in folio_end_writeback via cifs_writepages on close()</title><author></author><link>https://bugs.almalinux.org/view.php?id=636</link><description><![CDATA[--------------------------------------------------------------------------------&lt;br /&gt;
SUMMARY&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
&lt;br /&gt;
5.14.0-687.15.1.el9_8 — kernel BUG at mm/filemap.c:1593 in folio_end_writeback,&lt;br /&gt;
reached from cifs_writepages during the writeback flush on close(). Seen in the&lt;br /&gt;
same event are a refcount_warn_saturate (refcount underflow / use-after-free) in&lt;br /&gt;
the CIFS async write path and a socket send failure (Error -32 / EPIPE) to the&lt;br /&gt;
server. The crash(8) disassembly confirms the BUG is the&lt;br /&gt;
&quot;if (!__folio_end_writeback(folio)) BUG();&quot; case — i.e. writeback is ended on a&lt;br /&gt;
folio whose writeback flag was already clear (a double-completion of writeback).&lt;br /&gt;
&lt;br /&gt;
Severity: crash / kernel panic&lt;br /&gt;
Category: kernel&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
TWO INDEPENDENT MACHINES, IDENTICAL PANIC&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
&lt;br /&gt;
The same panic was captured on two physically different servers running the&lt;br /&gt;
identical kernel build. The call traces match down to the same symbol offsets.&lt;br /&gt;
&lt;br /&gt;
  hostA&lt;br /&gt;
    Server  : Dell PowerEdge R740, BIOS 2.26.1&lt;br /&gt;
    Kernel  : 5.14.0-687.15.1.el9_8&lt;br /&gt;
    Comm    : dask worker [tc   (PID 70950, CPU 22)&lt;br /&gt;
    Hardware: 40 CPUs, 766.6 GB RAM&lt;br /&gt;
    CIFS    : cache=none&lt;br /&gt;
&lt;br /&gt;
  hostB&lt;br /&gt;
    Server  : Dell PowerEdge R750xa, BIOS 1.20.2&lt;br /&gt;
    Kernel  : 5.14.0-687.15.1.el9_8&lt;br /&gt;
    Comm    : pt_main_thread   (PID 246362, CPU 21)&lt;br /&gt;
    Hardware: 24 CPUs, 383.2 GB RAM&lt;br /&gt;
    CIFS    : cache=strict&lt;br /&gt;
&lt;br /&gt;
Kernel build string (both dumps):&lt;br /&gt;
&lt;br /&gt;
  Linux version 5.14.0-687.15.1.el9_8.x86_64&lt;br /&gt;
  (&lt;a href=&quot;mailto:mockbuild@x64-builder01.almalinux.org&quot;&gt;mockbuild@x64-builder01.almalinux.org&lt;/a&gt;) ...&lt;br /&gt;
  #1 SMP PREEMPT_DYNAMIC Thu Jun 11 08:51:45 EDT 2026&lt;br /&gt;
&lt;br /&gt;
Two different server models crashing at the identical instruction with the&lt;br /&gt;
identical call chain points to a software defect, not a per-machine hardware&lt;br /&gt;
fault. The only taint flag present before the crash is from an out-of-tree&lt;br /&gt;
module (NVIDIA, visible in &quot;Modules linked in&quot;); there is no machine-check /&lt;br /&gt;
hardware-error taint in either dump.&lt;br /&gt;
&lt;br /&gt;
The two hosts also run different CIFS cache modes (hostA cache=none, hostB&lt;br /&gt;
cache=strict) yet hit the identical signature — see &quot;Both cache modes affected&quot;&lt;br /&gt;
below.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
WHAT THE DUMPS SHOW&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
&lt;br /&gt;
In both dumps the crash is a two-part event on the same CPU/PID. The two parts&lt;br /&gt;
are shown below in the order the report discusses them; the order in which they&lt;br /&gt;
were actually printed to the kernel log varies (see &quot;A note on ordering&quot; at the&lt;br /&gt;
end of this section).&lt;br /&gt;
&lt;br /&gt;
1) refcount underflow in the CIFS async write path&lt;br /&gt;
&lt;br /&gt;
     refcount_t: underflow; use-after-free.&lt;br /&gt;
     WARNING: CPU: &lt;cpu&gt; PID: &lt;pid&gt; at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110&lt;br /&gt;
     ... Tainted: P  OE  5.14.0-687.15.1.el9_8.x86_64&lt;br /&gt;
     Hardware name: Dell Inc. PowerEdge R740, BIOS 2.26.1&lt;br /&gt;
     RIP: 0010:refcount_warn_saturate+0xba/0x110&lt;br /&gt;
     Call Trace:&lt;br /&gt;
      refcount_warn_saturate+0xba/0x110&lt;br /&gt;
      cifs_call_async+0x1ee/0x330 [cifs]&lt;br /&gt;
      smb2_async_writev+0x473/0x6f0 [cifs]&lt;br /&gt;
      ? __pfx_cifs_writedata_release+0x10/0x10 [cifs]&lt;br /&gt;
      cifs_writepages+0x52f/0xbc0 [cifs]&lt;br /&gt;
      do_writepages+0xd5/0x1b0&lt;br /&gt;
      cifs_flush+0x73/0x120 [cifs]&lt;br /&gt;
      __x64_sys_close+0x2e/0x80&lt;br /&gt;
&lt;br /&gt;
   The release function on the stack is cifs_writedata_release — i.e. the object&lt;br /&gt;
   whose refcount saturates/underflows is the CIFS writedata associated with this&lt;br /&gt;
   writeback.&lt;br /&gt;
&lt;br /&gt;
2) socket send failure, and the BUG&lt;br /&gt;
&lt;br /&gt;
     CIFS: VFS: \\&lt;fileserver&gt; Error -32 sending data on socket to server&lt;br /&gt;
     ------------[ cut here ]------------&lt;br /&gt;
     kernel BUG at mm/filemap.c:1593!&lt;br /&gt;
     invalid opcode: 0000 [#1] PREEMPT SMP NOPTI&lt;br /&gt;
     ... Tainted: P  W  OE  5.14.0-687.15.1.el9_8.x86_64&lt;br /&gt;
     Hardware name: Dell Inc. PowerEdge R740, BIOS 2.26.1&lt;br /&gt;
     RIP: 0010:folio_end_writeback+0x7d/0x80&lt;br /&gt;
     Call Trace:&lt;br /&gt;
      folio_end_writeback+0x7d/0x80&lt;br /&gt;
      cifs_writepages+0x998/0xbc0 [cifs]&lt;br /&gt;
      do_writepages+0xd5/0x1b0&lt;br /&gt;
      filemap_fdatawrite_wbc+0x66/0x90&lt;br /&gt;
      filemap_write_and_wait_range+0x3e/0xb0&lt;br /&gt;
      cifs_flush+0x73/0x120 [cifs]&lt;br /&gt;
      __x64_sys_close+0x2e/0x80&lt;br /&gt;
&lt;br /&gt;
   BUG at mm/filemap.c:1593 inside folio_end_writeback means writeback is being&lt;br /&gt;
   ended on a folio that is no longer flagged as under writeback — the folio's&lt;br /&gt;
   writeback state has already been completed/torn down once. Combined with the&lt;br /&gt;
   refcount underflow on the CIFS writedata and the socket send failure&lt;br /&gt;
   (Error -32 / EPIPE) seen in the same event, the signature is a use-after-free&lt;br /&gt;
   / double-completion of the writeback in the SMB2 async write path, occurring&lt;br /&gt;
   during the flush on close(). We read the failed/aborted send during writeback&lt;br /&gt;
   as the likely trigger, but state this as a hypothesis rather than a proven&lt;br /&gt;
   sequence (see &quot;A note on ordering&quot;).&lt;br /&gt;
&lt;br /&gt;
Matching offsets on both machines: cifs_call_async+0x1ee, smb2_async_writev+0x473,&lt;br /&gt;
cifs_writepages+0x52f (send path) and +0x998 (writeback-end path),&lt;br /&gt;
folio_end_writeback+0x7d, BUG at mm/filemap.c:1593.&lt;br /&gt;
&lt;br /&gt;
A note on ordering&lt;br /&gt;
&lt;br /&gt;
   The three symptoms — the refcount underflow (refcount_warn_saturate), the&lt;br /&gt;
   socket send failure (CIFS: VFS: ... Error -32 sending data on socket), and the&lt;br /&gt;
   BUG in folio_end_writeback — appear together in every dump, but their PRINTED&lt;br /&gt;
   order is not stable (it differs between hosts and even between different dumps&lt;br /&gt;
   of the same host). We therefore do NOT claim a proven cause-and-effect order&lt;br /&gt;
   between the send failure and the refcount underflow. printk ordering on a&lt;br /&gt;
   many-CPU box under load does not necessarily reflect the true event timeline,&lt;br /&gt;
   and the send-error and refcount messages originate in different contexts. What&lt;br /&gt;
   is consistent across both dumps is the end state: a CIFS writeback whose state&lt;br /&gt;
   is ended twice (__folio_end_writeback() returns false -&gt; BUG), in the close()&lt;br /&gt;
   flush path, in the presence of a failing/aborted SMB2 send. The &quot;failed send&lt;br /&gt;
   during writeback triggers a bad writeback completion&quot; reading is our&lt;br /&gt;
   best-supported hypothesis, not a fact the logs establish on their own.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
BOTH CACHE MODES AFFECTED&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
&lt;br /&gt;
The two hosts run different CIFS cache modes, and each crashed with the same&lt;br /&gt;
confirmed signature:&lt;br /&gt;
&lt;br /&gt;
  - hostA (R740): cache=none&lt;br /&gt;
  - hostB (R750xa): cache=strict&lt;br /&gt;
&lt;br /&gt;
This is visible in the stacks themselves. On hostB (cache=strict), the writeback&lt;br /&gt;
path goes through cifs_strict_writev:&lt;br /&gt;
&lt;br /&gt;
     cifs_writepages+0x52f/0xbc0 [cifs]&lt;br /&gt;
     ? generic_perform_write+0x14c/0x210&lt;br /&gt;
     do_writepages+0xd5/0x1b0&lt;br /&gt;
     ? cifs_strict_writev+0x1c4/0x330 [cifs]      &lt;-- strict path&lt;br /&gt;
     ...&lt;br /&gt;
     cifs_writepages+0x998/0xbc0 [cifs]&lt;br /&gt;
     ? cifs_strict_writev+0x1c4/0x330 [cifs]      &lt;-- strict path&lt;br /&gt;
     do_writepages+0xd5/0x1b0&lt;br /&gt;
     cifs_flush+0x73/0x120 [cifs]&lt;br /&gt;
&lt;br /&gt;
The cifs_strict_writev frame is present on hostB and absent on hostA, confirming&lt;br /&gt;
the two crashes reach the same folio_end_writeback double-completion through two&lt;br /&gt;
different CIFS write paths (strict vs. none). The bug therefore does NOT depend&lt;br /&gt;
on a single cache mode; it is in the writeback-completion handling common to&lt;br /&gt;
both.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
crash(8) ANALYSIS — VERIFIED SOURCE LINE AND FULL KERNEL STACK&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
&lt;br /&gt;
crash(8) sessions over the full vmcores (with vmlinux debuginfo for&lt;br /&gt;
5.14.0-687.15.1.el9_8) confirm the source line and the complete in-kernel stack&lt;br /&gt;
that the redacted dmesg only shows by offset.&lt;br /&gt;
&lt;br /&gt;
The disassembly of folio_end_writeback shows the BUG() at line 1593 is reached&lt;br /&gt;
directly from the &quot;if (!__folio_end_writeback(folio)) BUG();&quot; path — i.e.&lt;br /&gt;
__folio_end_writeback() returned false because the folio's PG_writeback flag was&lt;br /&gt;
already clear:&lt;br /&gt;
&lt;br /&gt;
     1591    folio_get(folio);&lt;br /&gt;
     1592    if (!__folio_end_writeback(folio))&lt;br /&gt;
       ... call __folio_end_writeback ; test %al,%al ; je &lt;+125&gt;&lt;br /&gt;
     1593        BUG();&lt;br /&gt;
       0xffffffff8137921d &lt;+125&gt;: ud2&lt;br /&gt;
&lt;br /&gt;
Resolved kernel-side backtrace (hostA; hostB is identical bar addresses):&lt;br /&gt;
&lt;br /&gt;
     [exception RIP: folio_end_writeback+125]&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=8&quot;&gt;0000008&lt;/a&gt;  cifs_writepages              [cifs]&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=9&quot;&gt;0000009&lt;/a&gt;  do_writepages&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=10&quot;&gt;0000010&lt;/a&gt; filemap_fdatawrite_wbc&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=11&quot;&gt;0000011&lt;/a&gt; __filemap_fdatawrite_range&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=12&quot;&gt;0000012&lt;/a&gt; filemap_write_and_wait_range&lt;br /&gt;
     #13 cifs_flush                   [cifs]&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=14&quot;&gt;0000014&lt;/a&gt; filp_flush&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=15&quot;&gt;0000015&lt;/a&gt; __x64_sys_close&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=16&quot;&gt;0000016&lt;/a&gt; do_syscall_64&lt;br /&gt;
     &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=17&quot;&gt;0000017&lt;/a&gt; entry_SYSCALL_64_after_hwframe&lt;br /&gt;
&lt;br /&gt;
This matches the dmesg-derived signature exactly and pins the BUG to the&lt;br /&gt;
__folio_end_writeback()-returns-false (writeback already ended) case.&lt;br /&gt;
&lt;br /&gt;
Note for reviewers: in the slab PAGE lines of the attachments, MAPPING values&lt;br /&gt;
of the form dead0000000004xx / dead000000000001 are the normal kernel slab&lt;br /&gt;
page-poison marker (page-&gt;mapping for a slab page), NOT corruption and NOT a&lt;br /&gt;
redaction.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
CIFS MOUNT OPTIONS (anonymized)&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
&lt;br /&gt;
Requested options (autofs map; same on both hosts):&lt;br /&gt;
&lt;br /&gt;
     sec=krb5,cruid=${UID},uid=${UID},gid=${GID},forceuid,forcegid,&lt;br /&gt;
     iocharset=utf8,vers=3.0,nosuid,nodev,dir_mode=0700,file_mode=0700,&lt;br /&gt;
     noserverino,cache=none&lt;br /&gt;
&lt;br /&gt;
Effective options after expansion (from the dumps), anonymized:&lt;br /&gt;
&lt;br /&gt;
  hostA (R740) — cache=none:&lt;br /&gt;
&lt;br /&gt;
     rw,nosuid,nodev,relatime,vers=3.0,sec=krb5,cruid=&lt;uid&gt;,cache=none,&lt;br /&gt;
     upcall_target=app,username=&lt;username&gt;,uid=&lt;uid&gt;,forceuid,gid=&lt;gid&gt;,&lt;br /&gt;
     forcegid,addr=&lt;fileserver-ip&gt;,file_mode=0700,dir_mode=0700,&lt;br /&gt;
     iocharset=utf8,soft,nounix,mapposix,reparse=nfs,nativesocket,&lt;br /&gt;
     symlink=native,rsize=4194304,wsize=4194304,bsize=1048576,&lt;br /&gt;
     echo_interval=60,actimeo=1,closetimeo=1&lt;br /&gt;
&lt;br /&gt;
  hostB (R750xa) — cache=strict:&lt;br /&gt;
&lt;br /&gt;
     rw,nosuid,nodev,relatime,vers=3.0,sec=krb5,cruid=&lt;uid&gt;,cache=strict,&lt;br /&gt;
     upcall_target=app,username=&lt;username&gt;,uid=&lt;uid&gt;,forceuid,gid=&lt;gid&gt;,&lt;br /&gt;
     forcegid,addr=&lt;fileserver-ip&gt;,file_mode=0700,dir_mode=0700,&lt;br /&gt;
     iocharset=utf8,soft,nounix,mapposix,reparse=nfs,nativesocket,&lt;br /&gt;
     symlink=native,rsize=4194304,wsize=4194304,bsize=1048576,&lt;br /&gt;
     echo_interval=60,actimeo=1,closetimeo=1&lt;br /&gt;
&lt;br /&gt;
Anonymized fields: cruid/uid -&gt; &lt;uid&gt;, gid -&gt; &lt;gid&gt;, username -&gt; &lt;username&gt;,&lt;br /&gt;
addr -&gt; &lt;fileserver-ip&gt;. All other values are verbatim. The two hosts differ&lt;br /&gt;
only in the cache mode (none vs. strict).&lt;br /&gt;
&lt;br /&gt;
Why these may matter to maintainers (context, not a diagnosis):&lt;br /&gt;
&lt;br /&gt;
  - cache mode. Same signature under cache=none (hostA) and cache=strict (hostB),&lt;br /&gt;
    so the bug is not specific to one writeback path; see &quot;Both cache modes&lt;br /&gt;
    affected&quot;.&lt;br /&gt;
  - vers=3.0 (not 3.1.1) and sec=krb5 narrow down which SMB2/3 code path and&lt;br /&gt;
    auth path are in use.&lt;br /&gt;
  - soft, actimeo=1, closetimeo=1. A soft mount with very short attribute/close&lt;br /&gt;
    timeouts means operations abort with errors sooner under network pressure —&lt;br /&gt;
    consistent with the Error -32 / &quot;send fails mid-writeback&quot; condition seen in&lt;br /&gt;
    the dumps.&lt;br /&gt;
  - rsize/wsize=4194304 (4 MiB). Large I/O sizes, relevant to how writeback is&lt;br /&gt;
    chunked.&lt;br /&gt;
&lt;br /&gt;
We note these as potentially relevant context; we are not claiming any single&lt;br /&gt;
option is the proven cause.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
UPSTREAM CONTEXT (known class of bug; exact fix status for el9 is an open&lt;br /&gt;
question)&lt;br /&gt;
--------------------------------------------------------------------------------&lt;br /&gt;
&lt;br /&gt;
This is consistent with a previously reported class of CIFS writeback-completion&lt;br /&gt;
bugs rather than a brand-new defect:&lt;br /&gt;
&lt;br /&gt;
  - On the linux-cifs list (Feb 2024), Steve French reported the same call path&lt;br /&gt;
    (cifs_flush -&gt; filemap_write_and_wait_range -&gt; ... -&gt; folio_end_writeback)&lt;br /&gt;
    hit under xfstests when writes time out due to repeatedly failing server&lt;br /&gt;
    reconnects. Matthew Wilcox's reading was that the bug is something failing to&lt;br /&gt;
    call folio_end_writeback() when it should — i.e. a mismatch in writeback-end&lt;br /&gt;
    accounting, which is exactly the __folio_end_writeback()-returns-false&lt;br /&gt;
    signature seen here. Our trigger (Error -32 / EPIPE on the socket send during&lt;br /&gt;
    the close() flush) is the same &quot;send/reconnect fails mid-writeback&quot; condition.&lt;br /&gt;
    Thread: &lt;a href=&quot;https://www.spinics.net/lists/linux-cifs/msg31067.html&quot; rel=&quot;noopener&quot;&gt;https://www.spinics.net/lists/linux-cifs/msg31067.html&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
  - The CIFS writeback path saw significant churn upstream: a two-phase&lt;br /&gt;
    cifs_writepages_begin / cifs_extend_writeback design (around f3dc1bdb6b0b&lt;br /&gt;
    &quot;cifs: Fix writeback data corruption&quot;), later a cut-over to netfslib&lt;br /&gt;
    (3ee1a1fc3981), plus follow-up fixes (e.g. a per-cifs_writepages_begin folio&lt;br /&gt;
    leak fix by Yang Erkun). Several of these touch exactly the folio/writeback&lt;br /&gt;
    refcounting on the write path.&lt;br /&gt;
&lt;br /&gt;
We have NOT been able to identify a single specific upstream commit and confirm&lt;br /&gt;
whether it is present in or missing from 5.14.0-687.15.1.el9_8. Determining&lt;br /&gt;
whether el9's backport of the CIFS writeback path already contains the relevant&lt;br /&gt;
fix (or needs one) is the key question for the maintainers, and requires checking&lt;br /&gt;
the el9 kernel changelog against the upstream CIFS/netfs writeback fixes above.&lt;br /&gt;
We're happy to provide the full vmcore(s) and test further.]]></description><category>kernel</category><pubDate>Fri, 26 Jun 2026 11:21:08 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=636</guid><comments>https://bugs.almalinux.org/view.php?id=636#bugnotes</comments></item><item><title>0000635: AMDI0015 (DesignWare I3C master) driver initialization failure (Timeout -110 / UBSAN shift-out-of-bounds) on AMD EPYC 5th Gen</title><author></author><link>https://bugs.almalinux.org/view.php?id=635</link><description><![CDATA[IMPORTANT NOTE FOR TRIAGE: &lt;br /&gt;
We are opening this ticket here under the explicit direction of Benny (AlmaLinux). Although the attached logs were captured from a Proxmox VE kernel environment, this is a critical upstream Linux kernel driver/hardware compatibility issue on the new AMD EPYC 5th Gen platform. It directly impacts any modern enterprise Linux ecosystem trying to leverage native I3C telemetry on this Gigabyte hardware.&lt;br /&gt;
&lt;br /&gt;
---&lt;br /&gt;
&lt;br /&gt;
A critical issue has been identified during the initialization of the native MIPI I3C bus on an AMD EPYC 5th Generation platform hosted on a Gigabyte server (Model: XV23-ZU0-AAJ1-000). &lt;br /&gt;
&lt;br /&gt;
During the boot sequence, the Synopsys/DesignWare I3C master control driver (dw-i3c-master.c) fails entirely. This driver failure triggers two explicit kernel errors:&lt;br /&gt;
1. UBSAN Math Error (Underflow): A shift-out-of-bounds error occurs when the driver tries to parse an invalid or corrupt hardware initialization response as an unsigned 64-bit integer.&lt;br /&gt;
2. Driver Timeout (Error -110): The integrated AMD ACPI I3C devices (AMDI0015) do not respond to the OS probing requests within the time limit (ETIMEDOUT), causing the controller to fail and disable itself.&lt;br /&gt;
&lt;br /&gt;
Secondary Impact (Power Capping):&lt;br /&gt;
Concurrently, the CPU performance is degraded; the processor persistently caps its power consumption at ~245W despite its nominal 300W TDP specification. This is highly suspected to be a security Power Capping mechanism triggered by the AMD System Management Unit (SMU) or BMC due to the lack of high-speed telemetry from the VRMs/PMICs over the failed I3C bus.&lt;br /&gt;
&lt;br /&gt;
Hardware &amp; Firmware Context:&lt;br /&gt;
* Server Model: Gigabyte XV23-ZU0-AAJ1-000 (Motherboard MZU3-MG0-000)&lt;br /&gt;
* CPU: AMD EPYC 5th Generation&lt;br /&gt;
* Firmware: BIOS version R22_F17]]></description><category>kernel</category><pubDate>Thu, 25 Jun 2026 12:58:53 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=635</guid><comments>https://bugs.almalinux.org/view.php?id=635#bugnotes</comments></item><item><title>0000634: Disk I/O issue in Proxmox VM (Aborted Command) + XFS shut down</title><author></author><link>https://bugs.almalinux.org/view.php?id=634</link><description><![CDATA[Following this thread : &lt;a href=&quot;https://forum.proxmox.com/threads/io_uring-on-kernel-7-0-6-2-pve-pve-9-2-3-guest-disk-i-o-errors-eio-filesystem-xfs-shutdown.184360/&quot; rel=&quot;noopener&quot;&gt;https://forum.proxmox.com/threads/io_uring-on-kernel-7-0-6-2-pve-pve-9-2-3-guest-disk-i-o-errors-eio-filesystem-xfs-shutdown.184360/&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
I discovered a strange behavior on AlmaLinux 10 inside a Proxmox VM. It appears that kernel 6.12.0-211.22.1.el10_2.x86_64 has issue that triggers a disk failure (see screenshots).&lt;br /&gt;
&lt;br /&gt;
Randomly, the filesystem (XFS) becomes unavailable and I can't do anything more except stop and start the VM again.&lt;br /&gt;
&lt;br /&gt;
I don't know if it's related to the storage architecture on Proxmox but I'm using LUKS + LVM-thin on 2 different hosts that are impacted.&lt;br /&gt;
&lt;br /&gt;
Here is the way I was able to reproduce :&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;mailto:root@zabbix&quot;&gt;root@zabbix&lt;/a&gt; :~$ fio --name=stress-write --ioengine=libaio --iodepth=64 --rw=randwrite \&lt;br /&gt;
    --bs=4k --direct=1 --size=20G --numjobs=8 --runtime=600 \&lt;br /&gt;
    --time_based --ramp_time=30 --group_reporting \&lt;br /&gt;
    --filename=/tmp/fio-test --output-format=normal,json \&lt;br /&gt;
    --output=fio-result.json&lt;br /&gt;
Jobs: 8 (f=0): [/(8)][-.-%][eta 10m:15s]&lt;br /&gt;
Jobs: 8 (f=0): [/(8)][-.-%][eta 10m:15s]&lt;br /&gt;
Jobs: 8 (f=0): [/(8)][-.-%][eta 10m:14s]&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=20592291840, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=9765498880, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=11389923328, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=10865082368, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=4592693248, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=17240551424, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=10608463872, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=18193764352, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=10405310464, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=18420568064, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=20068622336, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=14732562432, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=19714949120, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=11894398976, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=13342396416, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=18269777920, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=21153767424, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=8210624512, buflen=4096&lt;br /&gt;
fio: io_u error on file /tmp/fio-test: Input/output error: write offset=5009162240, buflen=4096]]></description><category>General</category><pubDate>Thu, 18 Jun 2026 10:13:05 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=634</guid><comments>https://bugs.almalinux.org/view.php?id=634#bugnotes</comments></item><item><title>0000633: [AlmaLinux][Backport][MANA] net: mana: Cache MANA_QUERY_LINK_CONFIG result to avoid repeated HWC queries</title><author></author><link>https://bugs.almalinux.org/view.php?id=633</link><description><![CDATA[Request backport of the following patch to all active kernels. &lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=8e0ffcc926f4&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=8e0ffcc926f4&lt;/a&gt;]]></description><category>General</category><pubDate>Mon, 15 Jun 2026 05:50:08 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=633</guid><comments>https://bugs.almalinux.org/view.php?id=633#bugnotes</comments></item><item><title>0000632: [AlmaLinux][MANA][Backport][Distros] Patch: net: mana: Add support for PF device 0x00C1</title><author></author><link>https://bugs.almalinux.org/view.php?id=632</link><description><![CDATA[Request backport of the following patch. &lt;br /&gt;
&lt;br /&gt;
Problem Summary : Dual link feature added 2nd PF, that require this patch to support it.&lt;br /&gt;
&lt;br /&gt;
Impact on Customer VMs/BMs : All BM (Bare metal) instances with Dual Link feature. (VR system)&lt;br /&gt;
Repro details : without this patch the 2nd PF (device 0x00C1) won't be available.&lt;br /&gt;
Relationship to large feature : None&lt;br /&gt;
Patch Criticality:  Medium (High for Distros on VR system)&lt;br /&gt;
Classification : New feature&lt;br /&gt;
Upstream reference&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=53a65db20a4f3fe6c01b1f789f9eae6b1244910f&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=53a65db20a4f3fe6c01b1f789f9eae6b1244910f&lt;/a&gt;]]></description><category>General</category><pubDate>Mon, 15 Jun 2026 05:06:37 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=632</guid><comments>https://bugs.almalinux.org/view.php?id=632#bugnotes</comments></item><item><title>0000623: Request to backport recent GVE patches for Google Cloud overcommited Gen3+ VMs for AlmaLinux 8</title><author></author><link>https://bugs.almalinux.org/view.php?id=623</link><description><![CDATA[Currently, the maximum queue depth supported for gVNIC on overcommited Gen3+ VMs such as N4 is 1K, whereas the maximum queue depth supported on Gen1/Gen2 VMs is 2K. Customers who are migrating their workloads from N2 to N4 have requested higher queue depth support on N4 VMs.&lt;br /&gt;
&lt;br /&gt;
GVE driver changes to support greater than 1K queue depth for overcommitted Gen3+ have been upstreamed to Linux kernel recently:&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a2f19184014f&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a2f19184014f&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=07993df56091&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=07993df56091&lt;/a&gt;]]></description><category>general</category><pubDate>Wed, 10 Jun 2026 21:49:37 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=623</guid><comments>https://bugs.almalinux.org/view.php?id=623#bugnotes</comments></item><item><title>0000621: Request to backport recent GVE patches for Google Cloud overcommited Gen3+ VMs for AlmaLinux 10</title><author></author><link>https://bugs.almalinux.org/view.php?id=621</link><description><![CDATA[Currently, the maximum queue depth supported for gVNIC on overcommited Gen3+ VMs such as N4 is 1K, whereas the maximum queue depth supported on Gen1/Gen2 VMs is 2K. Customers who are migrating their workloads from N2 to N4 have requested higher queue depth support on N4 VMs.&lt;br /&gt;
&lt;br /&gt;
GVE driver changes to support greater than 1K queue depth for overcommitted Gen3+ have been upstreamed to Linux kernel recently:&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a2f19184014f&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a2f19184014f&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=07993df56091&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=07993df56091&lt;/a&gt;]]></description><category>General</category><pubDate>Fri, 05 Jun 2026 13:20:21 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=621</guid><comments>https://bugs.almalinux.org/view.php?id=621#bugnotes</comments></item><item><title>0000622: Request to backport recent GVE patches for Google Cloud overcommited Gen3+ VMs for AlmaLinux 9</title><author></author><link>https://bugs.almalinux.org/view.php?id=622</link><description><![CDATA[Currently, the maximum queue depth supported for gVNIC on overcommited Gen3+ VMs such as N4 is 1K, whereas the maximum queue depth supported on Gen1/Gen2 VMs is 2K. Customers who are migrating their workloads from N2 to N4 have requested higher queue depth support on N4 VMs.&lt;br /&gt;
&lt;br /&gt;
GVE driver changes to support greater than 1K queue depth for overcommitted Gen3+ have been upstreamed to Linux kernel recently:&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a2f19184014f&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=a2f19184014f&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=07993df56091&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=07993df56091&lt;/a&gt;]]></description><category>general</category><pubDate>Thu, 04 Jun 2026 17:48:30 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=622</guid><comments>https://bugs.almalinux.org/view.php?id=622#bugnotes</comments></item><item><title>0000631: [AlmaLinux][RDMA/DPDK] [Backport] mana_ib patch to distro to support RX traffic stop on MANA hotplug events</title><author></author><link>https://bugs.almalinux.org/view.php?id=631</link><description><![CDATA[Request backport of the following patch to all active kernels. &lt;br /&gt;
&lt;br /&gt;
This patch correctly shutdown receive traffic when MANA device is hot plugged from DPDK. Without this patch, the kernel may send interrupts under heavy traffic when MANA is hot removed.&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v7.1-rc1&amp;id=dbeb256e8dd87233d891b170c0b32a6466467036&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v7.1-rc1&amp;id=dbeb256e8dd87233d891b170c0b32a6466467036&lt;/a&gt;]]></description><category>General</category><pubDate>Thu, 04 Jun 2026 14:13:25 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=631</guid><comments>https://bugs.almalinux.org/view.php?id=631#bugnotes</comments></item><item><title>0000630: Downloading ISO's from your server</title><author></author><link>https://bugs.almalinux.org/view.php?id=630</link><description><![CDATA[When downloading ISO files from repo.almalinux.org, the Content-Length header is missing from GET responses.&lt;br /&gt;
However doing a HEAD request to the same URL returns it correctly.&lt;br /&gt;
&lt;br /&gt;
Example URL:&lt;br /&gt;
&lt;a href=&quot;https://repo.almalinux.org/almalinux/10/live/x86_64_v2/AlmaLinux-10.2-x86_64_v2-Live-KDE.iso&quot; rel=&quot;noopener&quot;&gt;https://repo.almalinux.org/almalinux/10/live/x86_64_v2/AlmaLinux-10.2-x86_64_v2-Live-KDE.iso&lt;/a&gt;&lt;br /&gt;
HEAD returns: Content-Length: 2638260224&lt;br /&gt;
GET returns: no Content-Length header&lt;br /&gt;
This means download managers cannot show progress, percentage or ETA without using a workaround such as doing a HEAD request first.]]></description><category>General</category><pubDate>Tue, 02 Jun 2026 05:19:00 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=630</guid><comments>https://bugs.almalinux.org/view.php?id=630#bugnotes</comments></item><item><title>0000587: Unable to install perl-DBD-MySQL-4.053 in a MySQL 8.4 (libmysqlclient.so.24)</title><author></author><link>https://bugs.almalinux.org/view.php?id=587</link><description><![CDATA[Unable to install perl-DBD-MySQL-4.053 in a MySQL 8.4 (libmysqlclient.so.24) environment&lt;br /&gt;
due to a dependency on libmysqlclient.so.21.]]></description><category>mysql</category><pubDate>Tue, 02 Jun 2026 05:18:37 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=587</guid><comments>https://bugs.almalinux.org/view.php?id=587#bugnotes</comments></item><item><title>0000629: SSSD install/setup issue due to insufficient permissions and ownership</title><author></author><link>https://bugs.almalinux.org/view.php?id=629</link><description><![CDATA[Hello,&lt;br /&gt;
we're having trouble connecting AlmaLinux 10.2 to an Active Directory using SSSD. Previously we were able to set it up just fine using AlmaLinux 10.1. &lt;br /&gt;
The following text describes the issues and how to solve them. However, it would be better if the issues were fixed at the source.&lt;br /&gt;
Firstly, sssd doesn't own the paths /var/lib/sss and /var/log/sssd.&lt;br /&gt;
&lt;br /&gt;
# systemctl status sssd&lt;br /&gt;
× sssd.service - System Security Services Daemon&lt;br /&gt;
     Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset: enabled)&lt;br /&gt;
     Active: failed (Result: exit-code) since Fri 2026-05-29 11:10:06 UTC; 7min ago&lt;br /&gt;
 Invocation: cddf4fea77444dab88d80a37de5875f2&lt;br /&gt;
    Process: 4346 ExecStartPre=/bin/chown -f -R -H root:sssd /etc/sssd (code=exited, status=0/SUCCESS)&lt;br /&gt;
    Process: 4348 ExecStartPre=/bin/chmod -f -R g+r /etc/sssd (code=exited, status=0/SUCCESS)&lt;br /&gt;
    Process: 4350 ExecStartPre=/bin/chmod -f g+x /etc/sssd (code=exited, status=0/SUCCESS)&lt;br /&gt;
    Process: 4352 ExecStartPre=/bin/chmod -f g+x /etc/sssd/conf.d (code=exited, status=0/SUCCESS)&lt;br /&gt;
    Process: 4354 ExecStartPre=/bin/chmod -f g+x /etc/sssd/pki (code=exited, status=0/SUCCESS)&lt;br /&gt;
    Process: 4356 ExecStartPre=/bin/sh -c /bin/chown -f -h sssd:sssd /var/lib/sss/db/*.ldb (code=exited, status=1/FAILURE)&lt;br /&gt;
    Process: 4358 ExecStartPre=/bin/chown -f -R -h sssd:sssd /var/lib/sss/gpo_cache (code=exited, status=0/SUCCESS)&lt;br /&gt;
    Process: 4360 ExecStartPre=/bin/sh -c /bin/chown -f -h sssd:sssd /var/log/sssd/*.log* (code=exited, status=1/FAILURE)&lt;br /&gt;
    Process: 4362 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=8)&lt;br /&gt;
   Main PID: 4362 (code=exited, status=8)&lt;br /&gt;
   Mem peak: 2.3M&lt;br /&gt;
        CPU: 49ms&lt;br /&gt;
&lt;br /&gt;
May 29 11:10:06 redacted sssd[4362]: Could not open file [/var/log/sssd/sssd.log]. Error: [13][Permission denied]&lt;br /&gt;
May 29 11:10:06 redacted sssd[4362]: Error opening log file, falling back to stderr&lt;br /&gt;
May 29 11:10:06 redacted sssd[4362]: [sssd] [main] (0x3f7c0): Started under uid=997 (euid=997) : gid=997 (egid=997) with SECBIT_KEEP_CAPS = 0 and following capabilities:&lt;br /&gt;
May 29 11:10:06 redacted sssd[4362]:    (nothing)&lt;br /&gt;
May 29 11:10:06 redacted sssd[4362]: [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sssd_options]: Attribute 'config_file_version' is not allowed in section 'sssd'. Check for typos.&lt;br /&gt;
May 29 11:10:06 redacted sssd[4362]: [sssd] [confdb_write_ini] (0x0010): Can't delete old '/var/lib/sss/db/config.ldb'&lt;br /&gt;
May 29 11:10:06 redacted sssd[4362]: [sssd] [main] (0x0010): Failed to write config DB: 'Permission denied'&lt;br /&gt;
May 29 11:10:06 redacted systemd[1]: sssd.service: Main process exited, code=exited, status=8/n/a&lt;br /&gt;
May 29 11:10:06 redacted systemd[1]: sssd.service: Failed with result 'exit-code'.&lt;br /&gt;
May 29 11:10:06 redacted systemd[1]: Failed to start sssd.service - System Security Services Daemon.&lt;br /&gt;
&lt;br /&gt;
# ls -la /var/log/sssd&lt;br /&gt;
total 4&lt;br /&gt;
drwxrwx---. 2 root root    6 Apr 14 00:00 .&lt;br /&gt;
drwxr-xr-x. 9 root root 4096 May 29 11:09 ..&lt;br /&gt;
&lt;br /&gt;
# ls -la /var/lib/sss&lt;br /&gt;
total 4&lt;br /&gt;
drwxrwxr-x. 10 root root  120 May 29 11:09 .&lt;br /&gt;
drwxr-xr-x. 27 root root 4096 May 29 11:09 ..&lt;br /&gt;
drwxrwx---.  2 root root    6 Apr 14 00:00 db&lt;br /&gt;
drwxrwx--x.  2 root root    6 Apr 14 00:00 deskprofile&lt;br /&gt;
drwxrwx---.  2 sssd sssd    6 Apr 14 00:00 gpo_cache&lt;br /&gt;
drwxrwx---.  2 sssd sssd    6 Apr 14 00:00 keytabs&lt;br /&gt;
drwxrwxr-x.  2 root root    6 Apr 14 00:00 mc&lt;br /&gt;
drwxrwxr-x.  3 root root   21 May 26 13:48 pipes&lt;br /&gt;
drwxrwxr-x.  3 root root   28 May 26 13:48 pubconf&lt;br /&gt;
drwxrwx---.  2 root root    6 Apr 14 00:00 secrets&lt;br /&gt;
&lt;br /&gt;
The second issue is that the current file permissions for executables are insufficient, that are required for running sssd.&lt;br /&gt;
&lt;br /&gt;
# ls -la /usr/libexec/sssd/&lt;br /&gt;
total 2200&lt;br /&gt;
drwxr-xr-x.  2 root root   4096 May 29 11:09 .&lt;br /&gt;
drwxr-xr-x. 30 root root   4096 May 29 11:09 ..&lt;br /&gt;
-rwxr-xr-x.  1 root root  40608 Apr 14 00:00 gpo_child&lt;br /&gt;
-rwxr-x---.  1 root root 140016 Apr 14 00:00 krb5_child&lt;br /&gt;
-rwxr-x---.  1 root root  53112 Apr 14 00:00 ldap_child&lt;br /&gt;
-rwxr-xr-x.  1 root root  73384 Apr 14 00:00 p11_child&lt;br /&gt;
-rwxr-x---.  1 root sssd  32368 Apr 14 00:00 proxy_child&lt;br /&gt;
-rwxr-x---.  1 root sssd  32416 Apr 14 00:00 selinux_child&lt;br /&gt;
-rwxr-xr-x.  1 root root 186968 Apr 14 00:00 sssd_autofs&lt;br /&gt;
-rwxr-xr-x.  1 root root 261800 Apr 14 00:00 sssd_be&lt;br /&gt;
-rwxr-xr-x.  1 root root  15840 Apr 14 00:00 sssd_check_socket_activated_responders&lt;br /&gt;
-rwxr-xr-x.  1 root root 215640 Apr 14 00:00 sssd_kcm&lt;br /&gt;
-rwxr-xr-x.  1 root root 266888 Apr 14 00:00 sssd_nss&lt;br /&gt;
-rwxr-xr-x.  1 root root 195056 Apr 14 00:00 sssd_pac&lt;br /&gt;
-rwxr-x---.  1 root root 306768 Apr 14 00:00 sssd_pam&lt;br /&gt;
-rwxr-xr-x.  1 root root 195176 Apr 14 00:00 sssd_ssh&lt;br /&gt;
-rwxr-xr-x.  1 root root 195224 Apr 14 00:00 sssd_sudo&lt;br /&gt;
-rwxr-xr-x.  1 root root  15800 Apr 14 00:00 sss_signal&lt;br /&gt;
&lt;br /&gt;
This issue can be resolved by running the three commands below and then restarting the SSSD service.&lt;br /&gt;
&lt;br /&gt;
chown -R sssd:sssd /var/lib/sss&lt;br /&gt;
chown sssd:sssd /var/log/sssd&lt;br /&gt;
chmod o+rx /usr/libexec/sssd/*]]></description><category>General</category><pubDate>Fri, 29 May 2026 12:36:33 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=629</guid><comments>https://bugs.almalinux.org/view.php?id=629#bugnotes</comments></item><item><title>0000628: [AlmaLinux][Mana][Backport] net: mana: Avoid queue struct allocation failure under memory fragmentation</title><author></author><link>https://bugs.almalinux.org/view.php?id=628</link><description><![CDATA[Backport Justification (ADO)&lt;br /&gt;
&lt;br /&gt;
1. Problem Summary&lt;br /&gt;
&lt;br /&gt;
MANA driver does large contiguous kmallocs during queue setup that may fail in system with highly fragmented memory:&lt;br /&gt;
&lt;br /&gt;
 - mana_create_txq (tx_qp array): &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=5#c2&quot; class=&quot;resolved&quot;&gt;0000005:0000002&lt;/a&gt;.2 MB @ 64 queues&lt;br /&gt;
 - mana_create_rxq (rxq + flex array): &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=5#c2&quot; class=&quot;resolved&quot;&gt;0000005:0000002&lt;/a&gt;.4 MB per queue @ depth 8192&lt;br /&gt;
 - mana_pre_alloc_rxbufs: &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=7#c4&quot; class=&quot;resolved&quot;&gt;0000007:0000004&lt;/a&gt; MB @ 64 queues / depth 8192&lt;br /&gt;
&lt;br /&gt;
Failures occur on driver open and on runtime reconfig (channels, ring size, MTU).&lt;br /&gt;
&lt;br /&gt;
Mellanox (mlx5) previously hit the same class of issue — large contiguous allocations (&lt;a href=&quot;https://bugs.almalinux.org/view.php?id=57#c128&quot;&gt;0000057:0000128&lt;/a&gt; KB / &lt;a href=&quot;https://bugs.almalinux.org/view.php?id=198#c512&quot; class=&quot;resolved&quot;&gt;0000198:0000512&lt;/a&gt; KB) failed on fragmented systems and were fixed by switching to smaller page-sized units.&lt;br /&gt;
2. Impact on Customer VMs&lt;br /&gt;
&lt;br /&gt;
 - Driver load failure → VM loses networking / availability.&lt;br /&gt;
 - Runtime reconfig (ethtool, MTU) fails → blocks workload tuning.&lt;br /&gt;
 - Worst on long-running VMs, high-memory workloads (AI/HPC, in-memory DBs), and max queue/ring configs (64 queues, depth 8192).&lt;br /&gt;
3. Reproduction Details (If Available)&lt;br /&gt;
&lt;br /&gt;
 - Trigger: High memory fragmentation + MANA driver load / queue reconfiguration.&lt;br /&gt;
 - Symptom: kmalloc order-N allocation failure during mana_create_txq / mana_create_rxq / mana_pre_alloc_rxbufs; driver open/reconfig returns -ENOMEM.&lt;br /&gt;
 - No deterministic repro; observed on fragmented systems and reproducible by forcing high-order allocation pressure.&lt;br /&gt;
4. Relationship to Larger Feature&lt;br /&gt;
&lt;br /&gt;
None&lt;br /&gt;
5. Patch Criticality&lt;br /&gt;
&lt;br /&gt;
   -  Medium&lt;br /&gt;
   - Customer-visible loss of VM networking on memory fragmented systems on reloading driver or reconfiguring queue depth, queue size etc.&lt;br /&gt;
6. Classification (Select All That Apply)&lt;br /&gt;
&lt;br /&gt;
 - Bug fix – driver fails to load or reconfigure queues when contiguous high-order memory is unavailable due to memory fragmentation.&lt;br /&gt;
7. Upstream References&lt;br /&gt;
&lt;br /&gt;
Upstream commit:&lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=3af0820c878e&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=3af0820c878e&lt;/a&gt;&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=d07efe5a6e64&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=d07efe5a6e64&lt;/a&gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Request backport of the above patches to the active kernel versions. Thanks.]]></description><category>General</category><pubDate>Thu, 28 May 2026 13:06:37 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=628</guid><comments>https://bugs.almalinux.org/view.php?id=628#bugnotes</comments></item><item><title>0000627: [AlmaLinux][MANA][Backport][Distros] porting patch: net: mana: Expose hardware diagnostic info via debugfs</title><author></author><link>https://bugs.almalinux.org/view.php?id=627</link><description><![CDATA[Hello, &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
  Problem Summary&lt;br /&gt;
Add debugfs entries to expose hardware configuration and diagnostic information that aids in debugging driver initialization and runtime operations without adding noise to dmesg.&lt;br /&gt;
&lt;br /&gt;
The debugfs directory for each PCI device is named using pci_name() (the unique BDF address), and its creation and removal is integrated into mana_gd_setup() and mana_gd_cleanup_device() respectively, so that all callers (probe, remove, suspend, resume, shutdown) share a single code path.&lt;br /&gt;
Impact on Customer VMs&lt;br /&gt;
All VMs&lt;br /&gt;
Repro details&lt;br /&gt;
Additional details exposed from debugfs via this patch&lt;br /&gt;
Relationship to large feature&lt;br /&gt;
None&lt;br /&gt;
Patch Criticality&lt;br /&gt;
Medium&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Request backport of the following patch to all active LTS Kernel versions. &lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=c227f8aaf22c&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=c227f8aaf22c&lt;/a&gt;]]></description><category>General</category><pubDate>Wed, 27 May 2026 13:00:42 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=627</guid><comments>https://bugs.almalinux.org/view.php?id=627#bugnotes</comments></item><item><title>0000626: [AlmaLInux][Backport][MANA] net: mana: validate rx_req_idx to prevent out-of-bounds array access</title><author></author><link>https://bugs.almalinux.org/view.php?id=626</link><description><![CDATA[Hello,&lt;br /&gt;
&lt;br /&gt;
    This is a Sev 2 on our side with impact on all customer VM's&lt;br /&gt;
&lt;br /&gt;
Problem Summary&lt;br /&gt;
In mana_hwc_rx_event_handler(), rx_req_idx is derived from&lt;br /&gt;
sge-&gt;address in DMA-coherent memory. In Confidential VMs&lt;br /&gt;
(SEV-SNP/TDX), this memory is shared unencrypted and HW can modify&lt;br /&gt;
WQE contents at any time. No bounds check exists on rx_req_idx,&lt;br /&gt;
which can lead to an out-of-bounds access into reqs[].&lt;br /&gt;
&lt;br /&gt;
Add bounds check on rx_req_idx in mana_hwc_rx_event_handler() before&lt;br /&gt;
using it to index the reqs[] array.&lt;br /&gt;
Impact on Customer VMs&lt;br /&gt;
All VMs &lt;br /&gt;
&lt;br /&gt;
Requesting backport of the below fix to all LTS kernels versions. &lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b809d0409991&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b809d0409991&lt;/a&gt;]]></description><category>General</category><pubDate>Wed, 27 May 2026 12:30:41 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=626</guid><comments>https://bugs.almalinux.org/view.php?id=626#bugnotes</comments></item><item><title>0000625: ssss</title><author></author><link>https://bugs.almalinux.org/view.php?id=625</link><description><![CDATA[ssss]]></description><category>General</category><pubDate>Wed, 27 May 2026 12:29:10 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=625</guid><comments>https://bugs.almalinux.org/view.php?id=625#bugnotes</comments></item><item><title>0000624: [AlmaLinux][Backport][MANA] net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer</title><author></author><link>https://bugs.almalinux.org/view.php?id=624</link><description><![CDATA[This is a Sev 2 on our side with customer facing issues.&lt;br /&gt;
&lt;br /&gt;
Problem Summary&lt;br /&gt;
In mana_hwc_rx_event_handler(), resp-&gt;response.hwc_msg_id is read from&lt;br /&gt;
DMA-coherent memory and bounds-checked, then mana_hwc_handle_resp()&lt;br /&gt;
re-reads the same field from the same DMA buffer for test_bit() and&lt;br /&gt;
pointer arithmetic.&lt;br /&gt;
&lt;br /&gt;
DMA-coherent memory is mapped uncacheable on x86 and is shared,&lt;br /&gt;
unencrypted, in Confidential VMs (SEV-SNP/TDX), so each load goes&lt;br /&gt;
directly to host-visible memory. A H/W can modify the value&lt;br /&gt;
between the check and the use, bypassing the bounds validation.&lt;br /&gt;
&lt;br /&gt;
Fix this by reading hwc_msg_id exactly once using READ_ONCE() into a&lt;br /&gt;
stack-local variable in mana_hwc_rx_event_handler(), and passing the&lt;br /&gt;
validated value as a parameter to mana_hwc_handle_resp().&lt;br /&gt;
Impact on Customer VMs&lt;br /&gt;
All VMs &lt;br /&gt;
&lt;br /&gt;
Requesting backport of the below fix to all LTS kernels. &lt;br /&gt;
&lt;br /&gt;
&lt;a href=&quot;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35f0f0a2536a&quot; rel=&quot;noopener&quot;&gt;https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35f0f0a2536a&lt;/a&gt;]]></description><category>General</category><pubDate>Thu, 21 May 2026 06:02:56 +0000</pubDate><guid>https://bugs.almalinux.org/view.php?id=624</guid><comments>https://bugs.almalinux.org/view.php?id=624#bugnotes</comments></item></channel></rss>
