rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after upgrade to 20.04

Status changed to 'Confirmed' because the bug affects multiple users.

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please answer these questions:
* Is this reproducible?
* If so, what specific steps should we take to recreate this bug?

This will help us to find and resolve the problem.

In a virtual machine I can reproduce this by installing pulseaudio and docker.io.

I'm attaching a Vagrantfile that reproduces the issue for me.

:; vagrant up
:; vagrant ssh -t -- journalctl -u rtkit-daemon

Does it lead to any user visible problem or only to those warnings?

At this point it's just these log messages.

I have the same issue, 18.04 -> 20.04 via upgrade. RTKit now failing to give pulseaudio RT priority.

Issue resulting is some choppy audio - under heavy load. Pulseaudio not RT priority

20.04 clean install:
    PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    795 twiggy 9 -11 1146096 18528 14632 S 0.0 0.9 0:00.56 pulseaudio

18.04->20.04 upgraded:
    PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
 259018 twiggy2 20 0 280064 14228 12452 S 0.0 0.0 0:00.43 pulseaudio

Haven't yet found an app that crashes when it failes to acquire RT, but, audio not behaving to previous good standard.

Could you add a 'journalctl -b 0' log from a session having the issue?

Enabling, but not configuring CONFIG_RT_GROUP_SCHED seems likely to be the cause of this:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?h=master-next&id=9b039fc517876d312e7fa0955571101a299c91f5

Some discussion of this WRT lowlatency kernel is here:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1873315

seems like from the other bug that it got turn off again in -26.30 which is the revision in use by the report here according to the apport report?

Attached is the output from journalctl -b 0, where the error occurs.

Apologies - no vagrant skills here, but I can confirm Kai's replication method - kvm qemu clean 20.04 server install, then add pulseaudio, docker.io, reboot and the issue occurs.

In the generic kernel CONFIG_RT_GROUP_SCHED is still enabled. It was only disabled for the lowlatency kernel.

Seth, could you comment on that? It was unfortunate that this kernel change landed late in the cycle and created this issue, would reverting in the next upload be an option?

Should this be fixed with a change to the kernel build config, or, is this actually indicative of rtkit being not cgroup aware ?

I haven't considered the implications for configuring rtkit cgroup aware, or even if it makes sense to. I.e. should each application that requires RT scheduling be made cgroup aware? [ which feels wrong, to closely couple RT apps to cgroup configuration ]

Seems like this kernel config change should be reverted for now. We can consider turning it back on later if rtkit receives changes to work better with this option.

Status changed to 'Confirmed' because the bug affects multiple users.

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

I am running the 5.4.0-32-generic kernel from focal-proposed, and rtkit-daemon seems to be working normally now.

: kai@dipper kai; uname -r
5.4.0-32-generic
: kai@dipper kai; journalctl -b0 -u rtkit-daemon
-- Logs begin at Fri 2020-01-03 16:35:36 EST, end at Tue 2020-05-19 11:02:23 EDT. --
May 19 10:59:19 dipper systemd[1]: Starting RealtimeKit Scheduling Policy Service...
May 19 10:59:19 dipper systemd[1]: Started RealtimeKit Scheduling Policy Service.
May 19 10:59:19 dipper rtkit-daemon[2535]: Successfully called chroot.
May 19 10:59:19 dipper rtkit-daemon[2535]: Successfully dropped privileges.
May 19 10:59:19 dipper rtkit-daemon[2535]: Successfully limited resources.
May 19 10:59:19 dipper rtkit-daemon[2535]: Running.
May 19 10:59:19 dipper rtkit-daemon[2535]: Canary thread running.
May 19 10:59:19 dipper rtkit-daemon[2535]: Watchdog thread running.
May 19 10:59:19 dipper rtkit-daemon[2535]: Successfully made thread 2444 of process 2444 owned by '123' high priority at nice level -11.
May 19 10:59:19 dipper rtkit-daemon[2535]: Supervising 1 threads of 1 processes of 1 users.
May 19 10:59:19 dipper rtkit-daemon[2535]: Supervising 1 threads of 1 processes of 1 users.
May 19 10:59:19 dipper rtkit-daemon[2535]: Successfully made thread 2682 of process 2444 owned by '123' RT at priority 5.
May 19 10:59:19 dipper rtkit-daemon[2535]: Supervising 2 threads of 1 processes of 1 users.
May 19 10:59:19 dipper rtkit-daemon[2535]: Supervising 2 threads of 1 processes of 1 users.
⋮

Agreed - proposed fix in 5.4.0-32-generic also works for me.

twiggy2@twiggy2:~$ journalctl -b -u rtkit-daemon
-- Logs begin at Wed 2020-05-06 22:30:38 BST, end at Tue 2020-05-19 19:32:24 BST. --
May 19 19:32:11 twiggy2 systemd[1]: Starting RealtimeKit Scheduling Policy Service...
May 19 19:32:11 twiggy2 systemd[1]: Started RealtimeKit Scheduling Policy Service.
May 19 19:32:11 twiggy2 rtkit-daemon[1047]: Successfully called chroot.
May 19 19:32:11 twiggy2 rtkit-daemon[1047]: Successfully dropped privileges.
May 19 19:32:11 twiggy2 rtkit-daemon[1047]: Successfully limited resources.
May 19 19:32:11 twiggy2 rtkit-daemon[1047]: Running.
May 19 19:32:11 twiggy2 rtkit-daemon[1047]: Successfully made thread 1037 of process 1037 owned by '1000' high priority at nice level -11.
May 19 19:32:11 twiggy2 rtkit-daemon[1047]: Supervising 1 threads of 1 processes of 1 users.

Rest of boot logs appear fine.

Thank you !

The fix does not work for me:

uname -r
5.4.0-33-generic

ournalctl -b0 -u rtkit-daemon
-- Logs begin at Wed 2020-04-29 18:57:09 EEST, end at Thu 2020-06-04 18:41:05 EEST. --
Jun 04 18:26:06 n552vw systemd[1]: Starting RealtimeKit Scheduling Policy Service...
Jun 04 18:26:06 n552vw systemd[1]: Started RealtimeKit Scheduling Policy Service.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Successfully called chroot.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Successfully dropped privileges.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Successfully limited resources.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Running.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Canary thread running.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Watchdog thread running.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Supervising 0 threads of 0 processes of 1 users.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Supervising 0 threads of 0 processes of 1 users.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Supervising 0 threads of 0 processes of 1 users.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Supervising 0 threads of 0 processes of 1 users.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Supervising 0 threads of 0 processes of 1 users.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Supervising 0 threads of 0 processes of 1 users.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operation not permitted
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Supervising 0 threads of 0 processes of 1 users.
Jun 04 18:26:06 n552vw rtkit-daemon[1430]: Failed to make ourselves RT: Operat...

Yes. It would appear that the fix/config change was not rolled into 5.4.0-33-generic. RT_GROUP_SCHED is still enabled in generic build but not lowlatency kernel build.

  twiggy@twiggy:/ $ zgrep CONFIG_RT_GROUP_SCHED /boot/config-5.4.0-33-generic
  CONFIG_RT_GROUP_SCHED=y

  twiggy@twiggy:/ $ zgrep CONFIG_RT_GROUP_SCHED /boot/config-5.4.0-33-lowlatency
  # CONFIG_RT_GROUP_SCHED is not set

I have no idea why... so still using lowlatency build here for now. ymmv!

This bug was fixed in the package linux - 5.4.0-37.41

---------------
linux (5.4.0-37.41) focal; urgency=medium

  * CVE-2020-0543
    - SAUCE: x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

 -- Marcelo Henrique Cerri <email address hidden> Wed, 03 Jun 2020 11:24:23 -0300

This bug was fixed in the package linux-azure - 5.4.0-1016.16

---------------
linux-azure (5.4.0-1016.16) focal; urgency=medium

  [ Ubuntu: 5.4.0-37.41 ]

  * CVE-2020-0543
    - SAUCE: x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-azure (5.4.0-1013.13) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1013.13 -proposed tracker (LP: #1878793)

  * Add support for Ambiq micro AM1805 RTC chip (LP: #1876667)
    - SAUCE: rtc: add am-1805 RTC driver

  * linux-azure: Enable FSGSBASE instructions to support SGX (LP: #1877425)
    - SAUCE: x86/ptrace: Prevent ptrace from clearing the FS/GS selector
    - SAUCE: selftests/x86/fsgsbase: Test GS selector on ptracer-induced GS base
      write
    - SAUCE: x86/cpu: Add 'unsafe_fsgsbase' to enable CR4.FSGSBASE
    - SAUCE: x86/entry/64: Clean up paranoid exit
    - SAUCE: x86/entry/64: Switch CR3 before SWAPGS in paranoid entry
    - SAUCE: x86/entry/64: Introduce the FIND_PERCPU_BASE macro
    - SAUCE: x86/entry/64: Handle FSGSBASE enabled paranoid entry/exit
    - SAUCE: x86/entry/64: Document GSBASE handling in the paranoid path
    - SAUCE: x86/fsgsbase/64: Add intrinsics for FSGSBASE instructions
    - SAUCE: x86/fsgsbase/64: Enable FSGSBASE instructions in helper functions
    - SAUCE: x86/fsgsbase/64: Use FSGSBASE in switch_to() if available
    - SAUCE: x86/fsgsbase/64: Use FSGSBASE instructions on thread copy and ptrace
    - SAUCE: x86/speculation/swapgs: Check FSGSBASE in enabling SWAPGS mitigation
    - SAUCE: selftests/x86/fsgsbase: Test ptracer-induced GS base write with
      FSGSBASE
    - SAUCE: x86/fsgsbase/64: Enable FSGSBASE on 64bit by default and add a
      chicken bit
    - SAUCE: x86/elf: Enumerate kernel FSGSBASE capability in AT_HWCAP2
    - SAUCE: Documentation/x86/64: Add documentation for GS/FS addressing mode

  * rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after
    upgrade to 20.04 (LP: #1875665)
    - [Config] Turn off CONFIG_RT_GROUP_SCHED

  [ Ubuntu: 5.4.0-34.38 ]

  * focal/linux: 5.4.0-34.38 -proposed tracker (LP: #1880118)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * Focal update: v5.4.41 upstream stable release (LP: #1878649)
    - USB: serial: qcserial: Add DW5816e support
    - nvme: refactor nvme_identify_ns_descs error handling
    - nvme: fix possible hang when ns scanning fails during error recovery
    - tracing/kprobes: Fix a double initialization typo
    - net: macb: Fix runtime PM refcounting
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - vt: fix unicode console freeing with a common interface
    - tty: xilinx_uartps: Fix missing...

This bug was fixed in the package linux-gcp - 5.4.0-1015.15

---------------
linux-gcp (5.4.0-1015.15) focal; urgency=medium

  [ Ubuntu: 5.4.0-37.41 ]

  * CVE-2020-0543
    - SAUCE: x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-gcp (5.4.0-1012.12) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1012.12 -proposed tracker (LP: #1878794)

  * rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after
    upgrade to 20.04 (LP: #1875665)
    - [Config] Turn off CONFIG_RT_GROUP_SCHED

  [ Ubuntu: 5.4.0-34.38 ]

  * focal/linux: 5.4.0-34.38 -proposed tracker (LP: #1880118)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * Focal update: v5.4.41 upstream stable release (LP: #1878649)
    - USB: serial: qcserial: Add DW5816e support
    - nvme: refactor nvme_identify_ns_descs error handling
    - nvme: fix possible hang when ns scanning fails during error recovery
    - tracing/kprobes: Fix a double initialization typo
    - net: macb: Fix runtime PM refcounting
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - vt: fix unicode console freeing with a common interface
    - tty: xilinx_uartps: Fix missing id assignment to the console
    - devlink: fix return value after hitting end in region read
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - ipv6: Use global sernum for dst validation with nexthop objects
    - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
    - neigh: send protocol value in neighbor create notification
    - net: dsa: Do not leave DSA master with NULL netdev_ops
    - net: macb: fix an issue about leak related system resources
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net_sched: sch_skbprio: add message validation to skbprio_change()
    - net: stricter validation of untrusted gso packets
    - net: tc35815: Fix phydev supported/advertising mask
    - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
    - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
    - net: usb: qmi_wwan: add support for DW5816e
    - nfp: abm: fix a memory leak bug
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - tipc: fix partial topology connection closure
    - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
    - bnxt_en: Fix VF anti-spoof filter setup.
    - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
    - bnxt_en: Improve AER slot reset.
    - bnxt_en: Retu...

This bug was fixed in the package linux-kvm - 5.4.0-1015.15

---------------
linux-kvm (5.4.0-1015.15) focal; urgency=medium

  [ Ubuntu: 5.4.0-37.41 ]

  * CVE-2020-0543
    - SAUCE: x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-kvm (5.4.0-1012.12) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1012.12 -proposed tracker (LP: #1878795)

  * rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after
    upgrade to 20.04 (LP: #1875665)
    - [Config] Turn off CONFIG_RT_GROUP_SCHED

  [ Ubuntu: 5.4.0-34.38 ]

  * focal/linux: 5.4.0-34.38 -proposed tracker (LP: #1880118)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * Focal update: v5.4.41 upstream stable release (LP: #1878649)
    - USB: serial: qcserial: Add DW5816e support
    - nvme: refactor nvme_identify_ns_descs error handling
    - nvme: fix possible hang when ns scanning fails during error recovery
    - tracing/kprobes: Fix a double initialization typo
    - net: macb: Fix runtime PM refcounting
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - vt: fix unicode console freeing with a common interface
    - tty: xilinx_uartps: Fix missing id assignment to the console
    - devlink: fix return value after hitting end in region read
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - ipv6: Use global sernum for dst validation with nexthop objects
    - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
    - neigh: send protocol value in neighbor create notification
    - net: dsa: Do not leave DSA master with NULL netdev_ops
    - net: macb: fix an issue about leak related system resources
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net_sched: sch_skbprio: add message validation to skbprio_change()
    - net: stricter validation of untrusted gso packets
    - net: tc35815: Fix phydev supported/advertising mask
    - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
    - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
    - net: usb: qmi_wwan: add support for DW5816e
    - nfp: abm: fix a memory leak bug
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - tipc: fix partial topology connection closure
    - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
    - bnxt_en: Fix VF anti-spoof filter setup.
    - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
    - bnxt_en: Improve AER slot reset.
    - bnxt_en: Retu...

This bug was fixed in the package linux-oracle - 5.4.0-1015.15

---------------
linux-oracle (5.4.0-1015.15) focal; urgency=medium

  [ Ubuntu: 5.4.0-37.41 ]

  * CVE-2020-0543
    - SAUCE: x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-oracle (5.4.0-1012.12) focal; urgency=medium

  * focal/linux-oracle: 5.4.0-1012.12 -proposed tracker (LP: #1878796)

  * rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after
    upgrade to 20.04 (LP: #1875665)
    - [Config] Turn off CONFIG_RT_GROUP_SCHED

  [ Ubuntu: 5.4.0-34.38 ]

  * focal/linux: 5.4.0-34.38 -proposed tracker (LP: #1880118)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * Focal update: v5.4.41 upstream stable release (LP: #1878649)
    - USB: serial: qcserial: Add DW5816e support
    - nvme: refactor nvme_identify_ns_descs error handling
    - nvme: fix possible hang when ns scanning fails during error recovery
    - tracing/kprobes: Fix a double initialization typo
    - net: macb: Fix runtime PM refcounting
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - vt: fix unicode console freeing with a common interface
    - tty: xilinx_uartps: Fix missing id assignment to the console
    - devlink: fix return value after hitting end in region read
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - ipv6: Use global sernum for dst validation with nexthop objects
    - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
    - neigh: send protocol value in neighbor create notification
    - net: dsa: Do not leave DSA master with NULL netdev_ops
    - net: macb: fix an issue about leak related system resources
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net_sched: sch_skbprio: add message validation to skbprio_change()
    - net: stricter validation of untrusted gso packets
    - net: tc35815: Fix phydev supported/advertising mask
    - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
    - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
    - net: usb: qmi_wwan: add support for DW5816e
    - nfp: abm: fix a memory leak bug
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - tipc: fix partial topology connection closure
    - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
    - bnxt_en: Fix VF anti-spoof filter setup.
    - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
    - bnxt_en: Improve AER slot reset.
    - b...

This bug was fixed in the package linux-riscv - 5.4.0-27.31

---------------
linux-riscv (5.4.0-27.31) focal; urgency=medium

  * focal/linux-riscv: 5.4.0-27.31 -proposed tracker (LP: #1878798)

  * Add support for Ambiq micro AM1805 RTC chip (LP: #1876667)
    - [config] riscv: disable am-1805 RTC driver

  * rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after
    upgrade to 20.04 (LP: #1875665)
    - [Config][focal/linux-riscv] Turn off CONFIG_RT_GROUP_SCHED

  [ Ubuntu: 5.4.0-34.38 ]

  * focal/linux: 5.4.0-34.38 -proposed tracker (LP: #1880118)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * Focal update: v5.4.41 upstream stable release (LP: #1878649)
    - USB: serial: qcserial: Add DW5816e support
    - nvme: refactor nvme_identify_ns_descs error handling
    - nvme: fix possible hang when ns scanning fails during error recovery
    - tracing/kprobes: Fix a double initialization typo
    - net: macb: Fix runtime PM refcounting
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - vt: fix unicode console freeing with a common interface
    - tty: xilinx_uartps: Fix missing id assignment to the console
    - devlink: fix return value after hitting end in region read
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - ipv6: Use global sernum for dst validation with nexthop objects
    - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
    - neigh: send protocol value in neighbor create notification
    - net: dsa: Do not leave DSA master with NULL netdev_ops
    - net: macb: fix an issue about leak related system resources
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net_sched: sch_skbprio: add message validation to skbprio_change()
    - net: stricter validation of untrusted gso packets
    - net: tc35815: Fix phydev supported/advertising mask
    - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
    - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
    - net: usb: qmi_wwan: add support for DW5816e
    - nfp: abm: fix a memory leak bug
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - tipc: fix partial topology connection closure
    - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
    - bnxt_en: Fix VF anti-spoof filter setup.
    - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
    - bnxt_en: Improve AER slot reset.
    - bnxt_en: Return error when allocating zero size context memory.
    - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
    - net/mlx5: DR, On creation set CQ's arm_db member to right value
    - net/mlx5: Fix forced completion access non initialized command entry
    - net/mlx5: Fix command entry leak in Internal Error State
    - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx()
    - net: mvpp2:...

This bug was fixed in the package linux-kvm - 5.4.0-1015.15

---------------
linux-kvm (5.4.0-1015.15) focal; urgency=medium

  [ Ubuntu: 5.4.0-37.41 ]

  * CVE-2020-0543
    - SAUCE: x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2
    - SAUCE: x86/cpu: Add a steppings field to struct x86_cpu_id
    - SAUCE: x86/cpu: Add 'table' argument to cpu_matches()
    - SAUCE: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
      mitigation
    - SAUCE: x86/speculation: Add SRBDS vulnerability and mitigation documentation
    - SAUCE: x86/speculation: Add Ivy Bridge to affected list

linux-kvm (5.4.0-1012.12) focal; urgency=medium

  * focal/linux-kvm: 5.4.0-1012.12 -proposed tracker (LP: #1878795)

  * rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after
    upgrade to 20.04 (LP: #1875665)
    - [Config] Turn off CONFIG_RT_GROUP_SCHED

  [ Ubuntu: 5.4.0-34.38 ]

  * focal/linux: 5.4.0-34.38 -proposed tracker (LP: #1880118)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * Focal update: v5.4.41 upstream stable release (LP: #1878649)
    - USB: serial: qcserial: Add DW5816e support
    - nvme: refactor nvme_identify_ns_descs error handling
    - nvme: fix possible hang when ns scanning fails during error recovery
    - tracing/kprobes: Fix a double initialization typo
    - net: macb: Fix runtime PM refcounting
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - vt: fix unicode console freeing with a common interface
    - tty: xilinx_uartps: Fix missing id assignment to the console
    - devlink: fix return value after hitting end in region read
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - ipv6: Use global sernum for dst validation with nexthop objects
    - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
    - neigh: send protocol value in neighbor create notification
    - net: dsa: Do not leave DSA master with NULL netdev_ops
    - net: macb: fix an issue about leak related system resources
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net_sched: sch_skbprio: add message validation to skbprio_change()
    - net: stricter validation of untrusted gso packets
    - net: tc35815: Fix phydev supported/advertising mask
    - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
    - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
    - net: usb: qmi_wwan: add support for DW5816e
    - nfp: abm: fix a memory leak bug
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - tipc: fix partial topology connection closure
    - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
    - bnxt_en: Fix VF anti-spoof filter setup.
    - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
    - bnxt_en: Improve AER slot reset.
    - bnxt_en: Retu...

This bug was fixed in the package linux-riscv - 5.4.0-27.31

---------------
linux-riscv (5.4.0-27.31) focal; urgency=medium

  * focal/linux-riscv: 5.4.0-27.31 -proposed tracker (LP: #1878798)

  * Add support for Ambiq micro AM1805 RTC chip (LP: #1876667)
    - [config] riscv: disable am-1805 RTC driver

  * rtkit-daemon[*]: Failed to make ourselves RT: Operation not permitted after
    upgrade to 20.04 (LP: #1875665)
    - [Config][focal/linux-riscv] Turn off CONFIG_RT_GROUP_SCHED

  [ Ubuntu: 5.4.0-34.38 ]

  * focal/linux: 5.4.0-34.38 -proposed tracker (LP: #1880118)
  * debian/scripts/file-downloader does not handle positive failures correctly
    (LP: #1878897)
    - [Packaging] file-downloader not handling positive failures correctly
  * Focal update: v5.4.41 upstream stable release (LP: #1878649)
    - USB: serial: qcserial: Add DW5816e support
    - nvme: refactor nvme_identify_ns_descs error handling
    - nvme: fix possible hang when ns scanning fails during error recovery
    - tracing/kprobes: Fix a double initialization typo
    - net: macb: Fix runtime PM refcounting
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - vt: fix unicode console freeing with a common interface
    - tty: xilinx_uartps: Fix missing id assignment to the console
    - devlink: fix return value after hitting end in region read
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - ipv6: Use global sernum for dst validation with nexthop objects
    - mlxsw: spectrum_acl_tcam: Position vchunk in a vregion list properly
    - neigh: send protocol value in neighbor create notification
    - net: dsa: Do not leave DSA master with NULL netdev_ops
    - net: macb: fix an issue about leak related system resources
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net_sched: sch_skbprio: add message validation to skbprio_change()
    - net: stricter validation of untrusted gso packets
    - net: tc35815: Fix phydev supported/advertising mask
    - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
    - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
    - net: usb: qmi_wwan: add support for DW5816e
    - nfp: abm: fix a memory leak bug
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - tipc: fix partial topology connection closure
    - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
    - bnxt_en: Fix VF anti-spoof filter setup.
    - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
    - bnxt_en: Improve AER slot reset.
    - bnxt_en: Return error when allocating zero size context memory.
    - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
    - net/mlx5: DR, On creation set CQ's arm_db member to right value
    - net/mlx5: Fix forced completion access non initialized command entry
    - net/mlx5: Fix command entry leak in Internal Error State
    - net: mvpp2: prevent buffer overflow in mvpp22_rss_ctx()
    - net: mvpp2:...

All autopkgtests for the newly accepted linux-oracle-5.4 (5.4.0-1019.19~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

zfs-linux/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#linux-oracle-5.4

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

This bug was fixed in the package linux-gcp - 5.4.0-1021.21

---------------
linux-gcp (5.4.0-1021.21) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1021.21 -proposed tracker (LP: #1887062)

  [ Ubuntu: 5.4.0-42.46 ]

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-gcp (5.4.0-1020.20) focal; urgency=medium

  * focal/linux-gcp: 5.4.0-1020.20 -proposed tracker (LP: #1885847)

  [ Ubuntu: 5.4.0-41.45 ]

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()
  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM
  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Fri, 10 Jul 2020 02:31:42 -0400

This bug was fixed in the package linux-azure - 5.4.0-1022.22

---------------
linux-azure (5.4.0-1022.22) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1022.22 -proposed tracker (LP: #1887060)

  [ Ubuntu: 5.4.0-42.46 ]

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-azure (5.4.0-1021.21) focal; urgency=medium

  * focal/linux-azure: 5.4.0-1021.21 -proposed tracker (LP: #1885845)

  * module intel_sgx appears to be blacklisted by the kernel. (LP: #1862201)
    - Revert "UBUNTU: [Packaging] linux-azure: Prevent intel_sgx from being
      automatically loaded"
    - [Packaging] linux-azure: Divert conf files blacklisting intel_sgx

  * Add XDP support to hv_netvsc driver (LP: #1877654)
    - hv_netvsc: Add XDP support
    - hv_netvsc: Update document for XDP support
    - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs

  * Request to include two NUMA related commits in Azure kernels (LP: #1880975)
    - PCI: hv: Decouple the func definition in hv_dr_state from VSP message
    - PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2

  [ Ubuntu: 5.4.0-41.45 ]

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()
  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM
  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Fri, 10 Jul 2020 01:51:58 -0400

This bug was fixed in the package linux-oracle - 5.4.0-1021.21

---------------
linux-oracle (5.4.0-1021.21) focal; urgency=medium

  * focal/linux-oracle: 5.4.0-1021.21 -proposed tracker (LP: #1887065)

  [ Ubuntu: 5.4.0-42.46 ]

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-oracle (5.4.0-1020.20) focal; urgency=medium

  * focal/linux-oracle: 5.4.0-1020.20 -proposed tracker (LP: #1885851)

  [ Ubuntu: 5.4.0-41.45 ]

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
  * Packaging resync (LP: #1786013)
    - update dkms package versions
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()
  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM
  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Fri, 10 Jul 2020 02:11:06 -0400

This bug was fixed in the package linux - 5.4.0-42.46

---------------
linux (5.4.0-42.46) focal; urgency=medium

  * focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)

  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux (5.4.0-41.45) focal; urgency=medium

  * focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)

  * Packaging resync (LP: #1786013)
    - update dkms package versions

  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open

  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start

  * CVE-2020-11935
    - aufs: do not call i_readcount_inc()

  * ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
    kernel (LP: #1826848)
    - selftests: net: ip_defrag: ignore EPERM

  * Update lockdown patches (LP: #1884159)
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down

  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc

  * Introduce the new NVIDIA 418-server and 440-server series, and update the
    current NVIDIA drivers (LP: #1881137)
    - [packaging] add signed modules for the 418-server and the 440-server
      flavours

 -- Khalid Elmously <email address hidden> Thu, 09 Jul 2020 19:50:26 -0400