diff --git a/Makefile.rhelver b/Makefile.rhelver
index 9b9ea9b57..e5ba1ba7c 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 2
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 153
+RHEL_RELEASE = 155
 
 #
 # RHEL_REBASE_NUM
diff --git a/kernel.changelog b/kernel.changelog
index 9bad326bf..cd0656871 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,223 @@
+* Tue Nov 11 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-155.el10]
+- bpf: Do not audit capability check in do_jit() (Ondrej Mosnacek) [RHEL-108805]
+- kmem/tracing: add kmem name to kmem_cache_alloc tracepoint (Charles Haithcock) [RHEL-124143]
+- of: reserved_mem: Add missing IORESOURCE_MEM flag on resources (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Add functions to parse "memory-region" (Maxime Ripard) [RHEL-125402]
+- Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Warn for missing static reserved memory regions (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Move an assignment to effective place in __reserved_mem_alloc_size() (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Do not make kmemleak ignore freed address (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Maxime Ripard) [RHEL-125402]
+- dma-mapping: save base/size instead of pointer to shared DMA pool (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Add code to dynamically allocate reserved_mem array (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Restructure how the reserved memory regions are processed (Maxime Ripard) [RHEL-125402]
+- redhat: add all namespace-dependent selftests to kernel-selftests-internal (Joel Savitz) [RHEL-122506]
+- io_uring/waitid: always prune wait queue entry in io_waitid_wait() (CKI Backport Bot) [RHEL-124977] {CVE-2025-40047}
+Resolves: RHEL-108805, RHEL-122506, RHEL-124143, RHEL-124977, RHEL-125402
+
+* Mon Nov 10 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-154.el10]
+- net/smc: Remove validation of reserved bits in CLC Decline message (Mete Durlu) [RHEL-124196]
+- powerpc/pseries: Define __u{8,32} types in papr_hvpipe_hdr struct (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: HVPIPE changes to support migration (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Enable hvpipe with ibm,set-system-parameter RTAS (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Enable HVPIPE event message interrupt (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Wakeup hvpipe FD when the payload is pending (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Receive payload with ibm,receive-hvpipe-msg RTAS (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Send payload with ibm,send-hvpipe-msg RTAS (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Add papr-hvpipe char driver for HVPIPE interfaces (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Define HVPIPE specific macros (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Define papr-hvpipe ioctl (Mamatha Inamdar) [RHEL-101959]
+- Documentation: ioctl-number: Fix linuxppc-dev mailto link (Mamatha Inamdar) [RHEL-101959]
+- md: add legacy_async_del_gendisk mode (Nigel Croxon) [RHEL-123668]
+- lib/raid6: update recov_rvv.c zero page usage (Nigel Croxon) [RHEL-123668]
+- md: Don't clear MD_CLOSING until mddev is freed (Nigel Croxon) [RHEL-123668]
+- md: fix mssing blktrace bio split events (Nigel Croxon) [RHEL-123668]
+- md: factor out a helper raid_is_456() (Nigel Croxon) [RHEL-123668]
+- md: add a new parameter 'offset' to md_super_write() (Nigel Croxon) [RHEL-123668]
+- md: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid5: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid10: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid1: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid1: check bitmap before behind write (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: handle the case bitmap is not enabled before end_sync() (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: handle the case bitmap is not enabled before start_sync() (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: add md_bitmap_registered/enabled() helper (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: add a new parameter 'flush' to bitmap_ops->enabled (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: merge md_bitmap_group into bitmap_operations (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: remove the parameter 'init' for bitmap_ops->resize() (Nigel Croxon) [RHEL-123668]
+- md: prevent incorrect update of resync/recovery offset (Nigel Croxon) [RHEL-123668]
+- md/raid1: fix data lost for writemostly rdev (Nigel Croxon) [RHEL-123668]
+- md: fix sync_action incorrect display during resync (Nigel Croxon) [RHEL-123668]
+- md: add helper rdev_needs_recovery() (Nigel Croxon) [RHEL-123668]
+- md: keep recovery_cp in mdp_superblock_s (Nigel Croxon) [RHEL-123668]
+- md: make rdev_addable usable for rcu mode (Nigel Croxon) [RHEL-123668] {CVE-2025-38621}
+- md/raid1: remove struct pool_info and related code (Nigel Croxon) [RHEL-123668]
+- md/raid1: change r1conf->r1bio_pool to a pointer type (Nigel Croxon) [RHEL-123668]
+- md: rename recovery_cp to resync_offset (Nigel Croxon) [RHEL-123668]
+- md/md-cluster: handle REMOVE message earlier (Nigel Croxon) [RHEL-123668]
+- md: fix create on open mddev lifetime regression (Nigel Croxon) [RHEL-123668]
+- lib/raid6: replace custom zero page with ZERO_PAGE (Nigel Croxon) [RHEL-123668]
+- md: call del_gendisk in control path (Nigel Croxon) [RHEL-123668]
+- redhat/configs: enable NXP S32 on aarch64 autmotive (Alessandro Carminati) [RHEL-124951]
+- dm vdo: return error on corrupted metadata in start_restoring_volume functions (Benjamin Marzinski) [RHEL-119008]
+- dm: fix NULL pointer dereference in __dm_suspend() (Benjamin Marzinski) [RHEL-119008]
+- dm: fix queue start/stop imbalance under suspend/load/resume races (Benjamin Marzinski) [RHEL-119008]
+- dm-raid: don't set io_min and io_opt for raid1 (Benjamin Marzinski) [RHEL-119008]
+- dm-integrity: limit MAX_TAG_SIZE to 255 (Benjamin Marzinski) [RHEL-119008]
+- dm-stripe: fix a possible integer overflow (Benjamin Marzinski) [RHEL-119008]
+- dm: set DM_TARGET_PASSES_CRYPTO feature for dm-thin (Benjamin Marzinski) [RHEL-119008]
+- dm-thin: update the documentation (Benjamin Marzinski) [RHEL-119008]
+- dm-raid: do not include dm-core.h (Benjamin Marzinski) [RHEL-119008]
+- vdo: omit need_resched() before cond_resched() (Benjamin Marzinski) [RHEL-119008]
+- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: remove support for asynchronous hashes (Benjamin Marzinski) [RHEL-119008]
+- dm-mpath: don't print the "loaded" message if registering fails (Benjamin Marzinski) [RHEL-119008]
+- dm-mpath: make dm_unregister_path_selector return void (Benjamin Marzinski) [RHEL-119008]
+- dm: ima: avoid extra calls to strlen() (Benjamin Marzinski) [RHEL-119008]
+- dm: Simplify dm_io_complete() (Benjamin Marzinski) [RHEL-119008]
+- dm: Remove unnecessary return in dm_zone_endio() (Benjamin Marzinski) [RHEL-119008]
+- dm raid: add support for resync w/o metadata devices (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: Fix corrupt_bio_byte setup checks (Benjamin Marzinski) [RHEL-119008]
+- dm-table: fix checking for rq stackable devices (Benjamin Marzinski) [RHEL-119008]
+- dm-bufio: fix sched in atomic context (Benjamin Marzinski) [RHEL-119008]
+- dm-raid: fix variable in journal device check (Benjamin Marzinski) [RHEL-119008]
+- dm-stripe: small code cleanup (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: fix a memory leak if some arguments are specified multiple times (Benjamin Marzinski) [RHEL-119008]
+- dm-mirror: fix a tiny race condition (Benjamin Marzinski) [RHEL-119008]
+- dm-table: check BLK_FEAT_ATOMIC_WRITES inside limits_lock (Benjamin Marzinski) [RHEL-119008]
+- dm-zone: Use bdev_*() helper functions where applicable (Benjamin Marzinski) [RHEL-119008]
+- dm vdo indexer: don't read request structure after enqueuing (Benjamin Marzinski) [RHEL-119008]
+- dm: pass through operations on wrapped inline crypto keys (Benjamin Marzinski) [RHEL-119008]
+- blk-crypto: export wrapped key functions (Benjamin Marzinski) [RHEL-119008]
+- dm-table: Set BLK_FEAT_ATOMIC_WRITES for target queue limits (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: make corrupting read bios work (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: remove useless ERROR_READS check in flakey_end_io (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: error all IOs when num_features is absent (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: Clean up parsing messages (Benjamin Marzinski) [RHEL-119008]
+- dm: remove unneeded kvfree from alloc_targets (Benjamin Marzinski) [RHEL-119008]
+- dm-bufio: remove maximum age based eviction (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: use softirq context only when !need_resched() (Benjamin Marzinski) [RHEL-119008]
+- dm: lock limits when reading them (Benjamin Marzinski) [RHEL-119008]
+- dm: use generic functions instead of disable_discard and disable_write_zeroes (Benjamin Marzinski) [RHEL-119008]
+- dm-delay: don't busy-wait in kthread (Benjamin Marzinski) [RHEL-119008]
+- dm: fix native zone append devices on top of emulated ones (Benjamin Marzinski) [RHEL-119008]
+- dm: limit swapping tables for devices with zone write plugs (Benjamin Marzinski) [RHEL-119008]
+- dm: fix dm_blk_report_zones (Benjamin Marzinski) [RHEL-119008]
+- dm: handle failures in dm_table_set_restrictions (Benjamin Marzinski) [RHEL-119008]
+- dm: free table mempools if not used in __bind (Benjamin Marzinski) [RHEL-119008]
+- dm: don't change md if dm_table_set_restrictions() fails (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: support block number limits for different ioprio classes (Benjamin Marzinski) [RHEL-119008]
+- dm-delay: support zoned devices (Benjamin Marzinski) [RHEL-119008]
+- dm: restrict dm device size to 2^63-512 bytes (Benjamin Marzinski) [RHEL-119008]
+- dm vdo indexer: reorder uds_request to reduce padding (Benjamin Marzinski) [RHEL-119008]
+- dm vdo: rework processing of loaded refcount byte arrays (Benjamin Marzinski) [RHEL-12834]
+- dm vdo: remove remaining ring references (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: do forward error correction on metadata I/O errors (Benjamin Marzinski) [RHEL-119008]
+- dm-bufio: remove unused return value (Benjamin Marzinski) [RHEL-119008]
+- dm: Enable inline crypto passthrough for striped target (Benjamin Marzinski) [RHEL-119008]
+- dm vdo slab-depot: read refcount blocks in large chunks at load time (Benjamin Marzinski) [RHEL-12834]
+- dm vdo vio-pool: allow variable-sized metadata vios (Benjamin Marzinski) [RHEL-12834]
+- dm vdo vio-pool: support pools with multiple data blocks per vio (Benjamin Marzinski) [RHEL-12834]
+- dm vdo vio-pool: add a pool pointer to pooled_vio (Benjamin Marzinski) [RHEL-12834]
+- dm vdo: remove checks that can not fail (Benjamin Marzinski) [RHEL-119008]
+- dm vdo indexer: prevent unterminated string warning (Benjamin Marzinski) [RHEL-119008]
+- dm vdo: use a short static string for thread name prefix (Benjamin Marzinski) [RHEL-119008]
+- dm-crypt: Document integrity_key_size option. (Benjamin Marzinski) [RHEL-119008]
+- dm-integrity: Document Inline mode for storing integrity data (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: Document restart_on_error and panic_on_error options (Benjamin Marzinski) [RHEL-119008]
+- dm-crypt: switch to using the crc32 library (Benjamin Marzinski) [RHEL-119008]
+- nbd: override creds to kernel when calling sock_{send,recv}msg() (Ming Lei) [RHEL-124544]
+- netfilter: nft_set_pipapo_avx2: fix skip of expired entries (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: use 0 genmask for packetpath lookups (Florian Westphal) [RHEL-113001]
+- netfilter: nf_tables: restart set lookup on base_seq change (Florian Westphal) [RHEL-113001]
+- netfilter: nf_tables: make nft_set_do_lookup available unconditionally (Florian Westphal) [RHEL-113001]
+- netfilter: nf_tables: place base_seq in struct net (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_rbtree: continue traversal if element is inactive (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: don't check genbit from packetpath lookups (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo_avx2: Drop the comment regarding protection (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: fix null deref for empty set (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: don't return bogus extension pointer (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: merge pipapo_get/lookup (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set: remove indirection from update API call (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set: remove one argument from lookup and update functions (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: remove unused arguments (Florian Westphal) [RHEL-113001]
+- selftests: netfilter: nft_concat_range.sh: send packets to empty set (Florian Westphal) [RHEL-113001]
+- crypto: octeontx2 - Call strscpy() with correct size argument (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - get engine group number for asymmetric engine (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Rework how engine group number is obtained (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Fix address alignment issue on ucode loading (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - add timeout for load_fvc completion poll (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Use dynamic allocated memory region for lmtst (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Initialize cptlfs device info once (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Simplify multiple return statements (Vladis Dronov) [RHEL-122026]
+- crypto: lib/Kconfig - hide library options [partial] (Vladis Dronov) [RHEL-122026]
+- selftests: tls: test skb copy under mem pressure and OOB (CKI Backport Bot) [RHEL-115592]
+- tls: make sure to abort the stream if headers are bogus (CKI Backport Bot) [RHEL-115592]
+- selftests: tls: make the new data_steal test less flaky (CKI Backport Bot) [RHEL-115592]
+- selftests: tls: test TCP stealing data from under the TLS socket (CKI Backport Bot) [RHEL-115592]
+- tls: handle data disappearing from under the TLS ULP (CKI Backport Bot) [RHEL-115592]
+- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (CKI Backport Bot) [RHEL-115592]
+- net/tls: fix kernel panic when alloc_page failed (CKI Backport Bot) [RHEL-115592]
+- ktls, sockmap: Fix missing uncharge operation (CKI Backport Bot) [RHEL-115592]
+- bpf: fix ktls panic with sockmap (CKI Backport Bot) [RHEL-115592]
+- scsi: sr: Reinstate rotational media flag (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Make read-only arrays static const (Ewan D. Milne) [RHEL-116076]
+- scsi: core: sysfs: Correct sysfs attributes access rights (Ewan D. Milne) [RHEL-116076]
+- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (Ewan D. Milne) [RHEL-116076]
+- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_transport_fc: Add comments to describe added 'rport' parameter (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_transport_fc: Change to use per-rport devloss_work_q (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Fix kernel doc for scsi_track_queue_full() (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Use scsi_cmd_priv() instead of open-coding it (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_devinfo: Remove redundant 'found' (Ewan D. Milne) [RHEL-116076]
+- scsi: sd: Fix VPD page 0xb7 length check (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Remember if a device is an ATA device (Ewan D. Milne) [RHEL-116076]
+- scsi: error: alua: I/O errors for ALUA state transitions (Ewan D. Milne) [RHEL-116076]
+- scsi: core: devinfo: Fix typo in comment (Ewan D. Milne) [RHEL-116076]
+- scsi: sg: Remove unnecessary NULL check before unregister_sysctl_table() (Ewan D. Milne) [RHEL-116076]
+- scsi: sd: Remove the stream_status member from scsi_stream_status_header (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Remove unused scsi_dev_info_list_del_keyed() (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Reduce DEF_ATOMIC_WR_MAX_LENGTH (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Add ERASE for tapes (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Use scsi_device->type instead os sdebug_ptype where possible (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Move some tape-specific commands to separate definitions (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Enable different command definitions for different device types (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Fix two typos in command definitions (Ewan D. Milne) [RHEL-116076]
+- KVM: s390: Fix to clear PTE when discarding a swapped page (Thomas Huth) [RHEL-113440]
+- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (Thomas Huth) [RHEL-42486]
+- iommu/s390: Make attach succeed when the device was surprise removed (Thomas Huth) [RHEL-113440]
+- iommu/s390: Fix memory corruption when using identity domain (Thomas Huth) [RHEL-113440]
+- KVM: s390: Fix FOLL_*/FAULT_FLAG_* confusion (Thomas Huth) [RHEL-113440]
+- KVM: s390: Fix incorrect usage of mmu_notifier_register() (Thomas Huth) [RHEL-113440]
+- KVM: s390: Rework guest entry logic (Thomas Huth) [RHEL-113440]
+- entry: Add arch_in_rcu_eqs() (Thomas Huth) [RHEL-113440]
+- KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (Thomas Huth) [RHEL-113440]
+- KVM: s390: Simplify and move pv code (Thomas Huth) [RHEL-113440]
+- KVM: s390: Refactor and split some gmap helpers (Thomas Huth) [RHEL-113440]
+- KVM: s390: Remove unneeded srcu lock (Thomas Huth) [RHEL-113440]
+- s390: Remove unneeded includes (Thomas Huth) [RHEL-113440]
+- s390/uv: Rename find_secret() to uv_find_secret() and publish (Thomas Huth) [RHEL-113440]
+- s390/kvm: Split kvm_host header file (Thomas Huth) [RHEL-113440]
+- s390/sysctl: Remove "vm/allocate_pgste" sysctl (Thomas Huth) [RHEL-113440]
+- s390: Remove 2k vs 4k page table leftovers (Thomas Huth) [RHEL-113440]
+- s390/tlb: Use mm_has_pgste() instead of mm_alloc_pgste() (Thomas Huth) [RHEL-113440]
+- s390/syscall: Merge __do_syscall() and do_syscall() (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add has device attr check to uc_attr_mem_limit selftest (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add ucontrol gis routing test (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add ucontrol flic attr selftests (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for PFCR subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for PLO subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for KMAC, KMC, KM, KIMD and KLMD crypto subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for KMCTR, KMF, KMO and PCC crypto subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for PRNO, KDSA and KMA crypto subfunctions (Thomas Huth) [RHEL-113440]
+- cgroup/rstat: avoid disabling irqs for O(num_cpu) (Radostin Stoyanov) [RHEL-95602]
+Resolves: RHEL-101959, RHEL-113001, RHEL-113440, RHEL-115592, RHEL-116076, RHEL-119008, RHEL-122026, RHEL-123668, RHEL-124196, RHEL-124544, RHEL-124951, RHEL-12834, RHEL-42486, RHEL-95602
+
 * Wed Nov 05 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-153.el10]
 - tracing/osnoise: Replace kmalloc + copy_from_user with memdup_user_nul (Tomas Glozar) [RHEL-117874]
 - tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() (Tomas Glozar) [RHEL-117874] {CVE-2025-39974}
diff --git a/kernel.spec b/kernel.spec
index a630e51ab..c23757a84 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 153
+%define pkgrelease 155
 %define kversion 6
-%define tarfile_release 6.12.0-153.el10
+%define tarfile_release 6.12.0-155.el10
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 153%{?buildid}%{?dist}
+%define specrelease 155%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-153.el10
+%define kabiversion 6.12.0-155.el10
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -3294,7 +3294,7 @@ pushd tools/testing/selftests
 export CFLAGS="%{build_cflags}"
 export CXXFLAGS="%{build_cxxflags}"
 
-TARGETS="bpf cgroup kmod mm net net/forwarding net/mptcp net/netfilter net/packetdrill tc-testing memfd drivers/net/hw iommu cachestat pid_namespace rlimits timens pidfd"
+TARGETS="bpf cgroup kmod mm net net/forwarding net/mptcp net/netfilter net/packetdrill tc-testing memfd drivers/net/hw iommu cachestat pid_namespace rlimits timens pidfd capabilities clone3 exec filesystems firmware landlock mount mount_setattr move_mount_set_group nsfs openat2 proc safesetid seccomp tmpfs uevent vDSO"
 %{make} %{?_smp_mflags} EXTRA_CFLAGS="${RPM_OPT_FLAGS}" EXTRA_CXXFLAGS="${RPM_OPT_FLAGS}" EXTRA_LDFLAGS="%{__global_ldflags}" ARCH=$Arch V=1 TARGETS="$TARGETS" SKIP_TARGETS="" $force_targets VMLINUX_H="${RPM_VMLINUX_H}"
 
 # Restore the original level of source fortification
@@ -3742,6 +3742,108 @@ find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/pidfd/{} \;
 find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/pidfd/{} \;
 find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/pidfd/{} \;
 popd
+# install capabilities selftests
+pushd tools/testing/selftests/capabilities
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/capabilities/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/capabilities/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/capabilities/{} \;
+popd
+# install clone3 selftests
+pushd tools/testing/selftests/clone3
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/clone3/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/clone3/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/clone3/{} \;
+popd
+# install exec selftests
+pushd tools/testing/selftests/exec
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/exec/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/exec/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/exec/{} \;
+popd
+# install filesystems selftests
+pushd tools/testing/selftests/filesystems
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/filesystems/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/filesystems/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/filesystems/{} \;
+popd
+# install firmware selftests
+pushd tools/testing/selftests/firmware
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/firmware/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/firmware/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/firmware/{} \;
+popd
+# install landlock selftests
+pushd tools/testing/selftests/landlock
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/landlock/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/landlock/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/landlock/{} \;
+popd
+# install mount selftests
+pushd tools/testing/selftests/mount
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/mount/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/mount/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/mount/{} \;
+popd
+# install mount_setattr selftests
+pushd tools/testing/selftests/mount_setattr
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/mount_setattr/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/mount_setattr/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/mount_setattr/{} \;
+popd
+# install move_mount_set_group selftests
+pushd tools/testing/selftests/move_mount_set_group
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/move_mount_set_group/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/move_mount_set_group/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/move_mount_set_group/{} \;
+popd
+# install nsfs selftests
+pushd tools/testing/selftests/nsfs
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/nsfs/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/nsfs/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/nsfs/{} \;
+popd
+# install openat2 selftests
+pushd tools/testing/selftests/openat2
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/openat2/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/openat2/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/openat2/{} \;
+popd
+# install proc selftests
+pushd tools/testing/selftests/proc
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/proc/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/proc/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/proc/{} \;
+popd
+# install safesetid selftests
+pushd tools/testing/selftests/safesetid
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/safesetid/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/safesetid/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/safesetid/{} \;
+popd
+# install seccomp selftests
+pushd tools/testing/selftests/seccomp
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/seccomp/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/seccomp/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/seccomp/{} \;
+popd
+# install tmpfs selftests
+pushd tools/testing/selftests/tmpfs
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/tmpfs/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/tmpfs/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/tmpfs/{} \;
+popd
+# install uevent selftests
+pushd tools/testing/selftests/uevent
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/uevent/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/uevent/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/uevent/{} \;
+popd
+# install vDSO selftests
+pushd tools/testing/selftests/vDSO
+find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/vDSO/{} \;
+find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/vDSO/{} \;
+find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/vDSO/{} \;
+popd
 %endif
 
 ###
@@ -4403,14 +4505,14 @@ fi\
 #
 #
 %changelog
-* Fri Nov 07 2025 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-153
+* Wed Nov 12 2025 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-155
 - Debrand for AlmaLinux OS
 - Use AlmaLinux OS secure boot cert
 
-* Fri Nov 07 2025 Neal Gompa <ngompa@almalinux.org> - 6.12.0-153
+* Wed Nov 12 2025 Neal Gompa <ngompa@almalinux.org> - 6.12.0-155
 - Enable Btrfs support for all kernel variants
 
-* Fri Nov 07 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-153
+* Wed Nov 12 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-155
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -4421,6 +4523,224 @@ fi\
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
+* Tue Nov 11 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-155.el10]
+- bpf: Do not audit capability check in do_jit() (Ondrej Mosnacek) [RHEL-108805]
+- kmem/tracing: add kmem name to kmem_cache_alloc tracepoint (Charles Haithcock) [RHEL-124143]
+- of: reserved_mem: Add missing IORESOURCE_MEM flag on resources (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Add functions to parse "memory-region" (Maxime Ripard) [RHEL-125402]
+- Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Warn for missing static reserved memory regions (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Move an assignment to effective place in __reserved_mem_alloc_size() (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Do not make kmemleak ignore freed address (Maxime Ripard) [RHEL-125402]
+- of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Maxime Ripard) [RHEL-125402]
+- dma-mapping: save base/size instead of pointer to shared DMA pool (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Add code to dynamically allocate reserved_mem array (Maxime Ripard) [RHEL-125402]
+- of: reserved_mem: Restructure how the reserved memory regions are processed (Maxime Ripard) [RHEL-125402]
+- redhat: add all namespace-dependent selftests to kernel-selftests-internal (Joel Savitz) [RHEL-122506]
+- io_uring/waitid: always prune wait queue entry in io_waitid_wait() (CKI Backport Bot) [RHEL-124977] {CVE-2025-40047}
+
+* Mon Nov 10 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-154.el10]
+- net/smc: Remove validation of reserved bits in CLC Decline message (Mete Durlu) [RHEL-124196]
+- powerpc/pseries: Define __u{8,32} types in papr_hvpipe_hdr struct (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: HVPIPE changes to support migration (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Enable hvpipe with ibm,set-system-parameter RTAS (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Enable HVPIPE event message interrupt (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Wakeup hvpipe FD when the payload is pending (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Receive payload with ibm,receive-hvpipe-msg RTAS (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Send payload with ibm,send-hvpipe-msg RTAS (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Add papr-hvpipe char driver for HVPIPE interfaces (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Define HVPIPE specific macros (Mamatha Inamdar) [RHEL-101959]
+- powerpc/pseries: Define papr-hvpipe ioctl (Mamatha Inamdar) [RHEL-101959]
+- Documentation: ioctl-number: Fix linuxppc-dev mailto link (Mamatha Inamdar) [RHEL-101959]
+- md: add legacy_async_del_gendisk mode (Nigel Croxon) [RHEL-123668]
+- lib/raid6: update recov_rvv.c zero page usage (Nigel Croxon) [RHEL-123668]
+- md: Don't clear MD_CLOSING until mddev is freed (Nigel Croxon) [RHEL-123668]
+- md: fix mssing blktrace bio split events (Nigel Croxon) [RHEL-123668]
+- md: factor out a helper raid_is_456() (Nigel Croxon) [RHEL-123668]
+- md: add a new parameter 'offset' to md_super_write() (Nigel Croxon) [RHEL-123668]
+- md: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid5: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid10: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid1: check before referencing mddev->bitmap_ops (Nigel Croxon) [RHEL-123668]
+- md/raid1: check bitmap before behind write (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: handle the case bitmap is not enabled before end_sync() (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: handle the case bitmap is not enabled before start_sync() (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: add md_bitmap_registered/enabled() helper (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: add a new parameter 'flush' to bitmap_ops->enabled (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: merge md_bitmap_group into bitmap_operations (Nigel Croxon) [RHEL-123668]
+- md/md-bitmap: remove the parameter 'init' for bitmap_ops->resize() (Nigel Croxon) [RHEL-123668]
+- md: prevent incorrect update of resync/recovery offset (Nigel Croxon) [RHEL-123668]
+- md/raid1: fix data lost for writemostly rdev (Nigel Croxon) [RHEL-123668]
+- md: fix sync_action incorrect display during resync (Nigel Croxon) [RHEL-123668]
+- md: add helper rdev_needs_recovery() (Nigel Croxon) [RHEL-123668]
+- md: keep recovery_cp in mdp_superblock_s (Nigel Croxon) [RHEL-123668]
+- md: make rdev_addable usable for rcu mode (Nigel Croxon) [RHEL-123668] {CVE-2025-38621}
+- md/raid1: remove struct pool_info and related code (Nigel Croxon) [RHEL-123668]
+- md/raid1: change r1conf->r1bio_pool to a pointer type (Nigel Croxon) [RHEL-123668]
+- md: rename recovery_cp to resync_offset (Nigel Croxon) [RHEL-123668]
+- md/md-cluster: handle REMOVE message earlier (Nigel Croxon) [RHEL-123668]
+- md: fix create on open mddev lifetime regression (Nigel Croxon) [RHEL-123668]
+- lib/raid6: replace custom zero page with ZERO_PAGE (Nigel Croxon) [RHEL-123668]
+- md: call del_gendisk in control path (Nigel Croxon) [RHEL-123668]
+- redhat/configs: enable NXP S32 on aarch64 autmotive (Alessandro Carminati) [RHEL-124951]
+- dm vdo: return error on corrupted metadata in start_restoring_volume functions (Benjamin Marzinski) [RHEL-119008]
+- dm: fix NULL pointer dereference in __dm_suspend() (Benjamin Marzinski) [RHEL-119008]
+- dm: fix queue start/stop imbalance under suspend/load/resume races (Benjamin Marzinski) [RHEL-119008]
+- dm-raid: don't set io_min and io_opt for raid1 (Benjamin Marzinski) [RHEL-119008]
+- dm-integrity: limit MAX_TAG_SIZE to 255 (Benjamin Marzinski) [RHEL-119008]
+- dm-stripe: fix a possible integer overflow (Benjamin Marzinski) [RHEL-119008]
+- dm: set DM_TARGET_PASSES_CRYPTO feature for dm-thin (Benjamin Marzinski) [RHEL-119008]
+- dm-thin: update the documentation (Benjamin Marzinski) [RHEL-119008]
+- dm-raid: do not include dm-core.h (Benjamin Marzinski) [RHEL-119008]
+- vdo: omit need_resched() before cond_resched() (Benjamin Marzinski) [RHEL-119008]
+- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: remove support for asynchronous hashes (Benjamin Marzinski) [RHEL-119008]
+- dm-mpath: don't print the "loaded" message if registering fails (Benjamin Marzinski) [RHEL-119008]
+- dm-mpath: make dm_unregister_path_selector return void (Benjamin Marzinski) [RHEL-119008]
+- dm: ima: avoid extra calls to strlen() (Benjamin Marzinski) [RHEL-119008]
+- dm: Simplify dm_io_complete() (Benjamin Marzinski) [RHEL-119008]
+- dm: Remove unnecessary return in dm_zone_endio() (Benjamin Marzinski) [RHEL-119008]
+- dm raid: add support for resync w/o metadata devices (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: Fix corrupt_bio_byte setup checks (Benjamin Marzinski) [RHEL-119008]
+- dm-table: fix checking for rq stackable devices (Benjamin Marzinski) [RHEL-119008]
+- dm-bufio: fix sched in atomic context (Benjamin Marzinski) [RHEL-119008]
+- dm-raid: fix variable in journal device check (Benjamin Marzinski) [RHEL-119008]
+- dm-stripe: small code cleanup (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: fix a memory leak if some arguments are specified multiple times (Benjamin Marzinski) [RHEL-119008]
+- dm-mirror: fix a tiny race condition (Benjamin Marzinski) [RHEL-119008]
+- dm-table: check BLK_FEAT_ATOMIC_WRITES inside limits_lock (Benjamin Marzinski) [RHEL-119008]
+- dm-zone: Use bdev_*() helper functions where applicable (Benjamin Marzinski) [RHEL-119008]
+- dm vdo indexer: don't read request structure after enqueuing (Benjamin Marzinski) [RHEL-119008]
+- dm: pass through operations on wrapped inline crypto keys (Benjamin Marzinski) [RHEL-119008]
+- blk-crypto: export wrapped key functions (Benjamin Marzinski) [RHEL-119008]
+- dm-table: Set BLK_FEAT_ATOMIC_WRITES for target queue limits (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: make corrupting read bios work (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: remove useless ERROR_READS check in flakey_end_io (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: error all IOs when num_features is absent (Benjamin Marzinski) [RHEL-119008]
+- dm-flakey: Clean up parsing messages (Benjamin Marzinski) [RHEL-119008]
+- dm: remove unneeded kvfree from alloc_targets (Benjamin Marzinski) [RHEL-119008]
+- dm-bufio: remove maximum age based eviction (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: use softirq context only when !need_resched() (Benjamin Marzinski) [RHEL-119008]
+- dm: lock limits when reading them (Benjamin Marzinski) [RHEL-119008]
+- dm: use generic functions instead of disable_discard and disable_write_zeroes (Benjamin Marzinski) [RHEL-119008]
+- dm-delay: don't busy-wait in kthread (Benjamin Marzinski) [RHEL-119008]
+- dm: fix native zone append devices on top of emulated ones (Benjamin Marzinski) [RHEL-119008]
+- dm: limit swapping tables for devices with zone write plugs (Benjamin Marzinski) [RHEL-119008]
+- dm: fix dm_blk_report_zones (Benjamin Marzinski) [RHEL-119008]
+- dm: handle failures in dm_table_set_restrictions (Benjamin Marzinski) [RHEL-119008]
+- dm: free table mempools if not used in __bind (Benjamin Marzinski) [RHEL-119008]
+- dm: don't change md if dm_table_set_restrictions() fails (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: support block number limits for different ioprio classes (Benjamin Marzinski) [RHEL-119008]
+- dm-delay: support zoned devices (Benjamin Marzinski) [RHEL-119008]
+- dm: restrict dm device size to 2^63-512 bytes (Benjamin Marzinski) [RHEL-119008]
+- dm vdo indexer: reorder uds_request to reduce padding (Benjamin Marzinski) [RHEL-119008]
+- dm vdo: rework processing of loaded refcount byte arrays (Benjamin Marzinski) [RHEL-12834]
+- dm vdo: remove remaining ring references (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: do forward error correction on metadata I/O errors (Benjamin Marzinski) [RHEL-119008]
+- dm-bufio: remove unused return value (Benjamin Marzinski) [RHEL-119008]
+- dm: Enable inline crypto passthrough for striped target (Benjamin Marzinski) [RHEL-119008]
+- dm vdo slab-depot: read refcount blocks in large chunks at load time (Benjamin Marzinski) [RHEL-12834]
+- dm vdo vio-pool: allow variable-sized metadata vios (Benjamin Marzinski) [RHEL-12834]
+- dm vdo vio-pool: support pools with multiple data blocks per vio (Benjamin Marzinski) [RHEL-12834]
+- dm vdo vio-pool: add a pool pointer to pooled_vio (Benjamin Marzinski) [RHEL-12834]
+- dm vdo: remove checks that can not fail (Benjamin Marzinski) [RHEL-119008]
+- dm vdo indexer: prevent unterminated string warning (Benjamin Marzinski) [RHEL-119008]
+- dm vdo: use a short static string for thread name prefix (Benjamin Marzinski) [RHEL-119008]
+- dm-crypt: Document integrity_key_size option. (Benjamin Marzinski) [RHEL-119008]
+- dm-integrity: Document Inline mode for storing integrity data (Benjamin Marzinski) [RHEL-119008]
+- dm-verity: Document restart_on_error and panic_on_error options (Benjamin Marzinski) [RHEL-119008]
+- dm-crypt: switch to using the crc32 library (Benjamin Marzinski) [RHEL-119008]
+- nbd: override creds to kernel when calling sock_{send,recv}msg() (Ming Lei) [RHEL-124544]
+- netfilter: nft_set_pipapo_avx2: fix skip of expired entries (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: use 0 genmask for packetpath lookups (Florian Westphal) [RHEL-113001]
+- netfilter: nf_tables: restart set lookup on base_seq change (Florian Westphal) [RHEL-113001]
+- netfilter: nf_tables: make nft_set_do_lookup available unconditionally (Florian Westphal) [RHEL-113001]
+- netfilter: nf_tables: place base_seq in struct net (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_rbtree: continue traversal if element is inactive (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: don't check genbit from packetpath lookups (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo_avx2: Drop the comment regarding protection (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: fix null deref for empty set (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: don't return bogus extension pointer (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: merge pipapo_get/lookup (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set: remove indirection from update API call (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set: remove one argument from lookup and update functions (Florian Westphal) [RHEL-113001]
+- netfilter: nft_set_pipapo: remove unused arguments (Florian Westphal) [RHEL-113001]
+- selftests: netfilter: nft_concat_range.sh: send packets to empty set (Florian Westphal) [RHEL-113001]
+- crypto: octeontx2 - Call strscpy() with correct size argument (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - get engine group number for asymmetric engine (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Rework how engine group number is obtained (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Fix address alignment issue on ucode loading (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - add timeout for load_fvc completion poll (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Use dynamic allocated memory region for lmtst (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Initialize cptlfs device info once (Vladis Dronov) [RHEL-122026]
+- crypto: octeontx2 - Simplify multiple return statements (Vladis Dronov) [RHEL-122026]
+- crypto: lib/Kconfig - hide library options [partial] (Vladis Dronov) [RHEL-122026]
+- selftests: tls: test skb copy under mem pressure and OOB (CKI Backport Bot) [RHEL-115592]
+- tls: make sure to abort the stream if headers are bogus (CKI Backport Bot) [RHEL-115592]
+- selftests: tls: make the new data_steal test less flaky (CKI Backport Bot) [RHEL-115592]
+- selftests: tls: test TCP stealing data from under the TLS socket (CKI Backport Bot) [RHEL-115592]
+- tls: handle data disappearing from under the TLS ULP (CKI Backport Bot) [RHEL-115592]
+- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (CKI Backport Bot) [RHEL-115592]
+- net/tls: fix kernel panic when alloc_page failed (CKI Backport Bot) [RHEL-115592]
+- ktls, sockmap: Fix missing uncharge operation (CKI Backport Bot) [RHEL-115592]
+- bpf: fix ktls panic with sockmap (CKI Backport Bot) [RHEL-115592]
+- scsi: sr: Reinstate rotational media flag (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Make read-only arrays static const (Ewan D. Milne) [RHEL-116076]
+- scsi: core: sysfs: Correct sysfs attributes access rights (Ewan D. Milne) [RHEL-116076]
+- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (Ewan D. Milne) [RHEL-116076]
+- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_transport_fc: Add comments to describe added 'rport' parameter (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_transport_fc: Change to use per-rport devloss_work_q (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Fix kernel doc for scsi_track_queue_full() (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Use scsi_cmd_priv() instead of open-coding it (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_devinfo: Remove redundant 'found' (Ewan D. Milne) [RHEL-116076]
+- scsi: sd: Fix VPD page 0xb7 length check (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Remember if a device is an ATA device (Ewan D. Milne) [RHEL-116076]
+- scsi: error: alua: I/O errors for ALUA state transitions (Ewan D. Milne) [RHEL-116076]
+- scsi: core: devinfo: Fix typo in comment (Ewan D. Milne) [RHEL-116076]
+- scsi: sg: Remove unnecessary NULL check before unregister_sysctl_table() (Ewan D. Milne) [RHEL-116076]
+- scsi: sd: Remove the stream_status member from scsi_stream_status_header (Ewan D. Milne) [RHEL-116076]
+- scsi: core: Remove unused scsi_dev_info_list_del_keyed() (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Reduce DEF_ATOMIC_WR_MAX_LENGTH (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Add ERASE for tapes (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Use scsi_device->type instead os sdebug_ptype where possible (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Move some tape-specific commands to separate definitions (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Enable different command definitions for different device types (Ewan D. Milne) [RHEL-116076]
+- scsi: scsi_debug: Fix two typos in command definitions (Ewan D. Milne) [RHEL-116076]
+- KVM: s390: Fix to clear PTE when discarding a swapped page (Thomas Huth) [RHEL-113440]
+- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (Thomas Huth) [RHEL-42486]
+- iommu/s390: Make attach succeed when the device was surprise removed (Thomas Huth) [RHEL-113440]
+- iommu/s390: Fix memory corruption when using identity domain (Thomas Huth) [RHEL-113440]
+- KVM: s390: Fix FOLL_*/FAULT_FLAG_* confusion (Thomas Huth) [RHEL-113440]
+- KVM: s390: Fix incorrect usage of mmu_notifier_register() (Thomas Huth) [RHEL-113440]
+- KVM: s390: Rework guest entry logic (Thomas Huth) [RHEL-113440]
+- entry: Add arch_in_rcu_eqs() (Thomas Huth) [RHEL-113440]
+- KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (Thomas Huth) [RHEL-113440]
+- KVM: s390: Simplify and move pv code (Thomas Huth) [RHEL-113440]
+- KVM: s390: Refactor and split some gmap helpers (Thomas Huth) [RHEL-113440]
+- KVM: s390: Remove unneeded srcu lock (Thomas Huth) [RHEL-113440]
+- s390: Remove unneeded includes (Thomas Huth) [RHEL-113440]
+- s390/uv: Rename find_secret() to uv_find_secret() and publish (Thomas Huth) [RHEL-113440]
+- s390/kvm: Split kvm_host header file (Thomas Huth) [RHEL-113440]
+- s390/sysctl: Remove "vm/allocate_pgste" sysctl (Thomas Huth) [RHEL-113440]
+- s390: Remove 2k vs 4k page table leftovers (Thomas Huth) [RHEL-113440]
+- s390/tlb: Use mm_has_pgste() instead of mm_alloc_pgste() (Thomas Huth) [RHEL-113440]
+- s390/syscall: Merge __do_syscall() and do_syscall() (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add has device attr check to uc_attr_mem_limit selftest (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add ucontrol gis routing test (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add ucontrol flic attr selftests (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for PFCR subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for PLO subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for KMAC, KMC, KM, KIMD and KLMD crypto subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for KMCTR, KMF, KMO and PCC crypto subfunctions (Thomas Huth) [RHEL-113440]
+- KVM: s390: selftests: Add regression tests for PRNO, KDSA and KMA crypto subfunctions (Thomas Huth) [RHEL-113440]
+- cgroup/rstat: avoid disabling irqs for O(num_cpu) (Radostin Stoyanov) [RHEL-95602]
+
 * Wed Nov 05 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-153.el10]
 - tracing/osnoise: Replace kmalloc + copy_from_user with memdup_user_nul (Tomas Glozar) [RHEL-117874]
 - tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() (Tomas Glozar) [RHEL-117874] {CVE-2025-39974}
diff --git a/sources b/sources
index 3d8f7d42f..5a9d81e7d 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
 SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
 SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
-SHA512 (linux-6.12.0-153.el10.tar.xz) = 3d9663b27d56482d4b8cea82bb53ab522fae08c558d166da9d2f1f82b6ff585032cbb256f46dee1b2995e19a6f9b7e0c7d753f64f81f3f3a4d320cb1ea0985d2
-SHA512 (kernel-abi-stablelists-6.12.0-153.el10.tar.xz) = d11121aa4851b60e614c172752e7bb24d305dddf7d2351bf184ded290ac2d3e7b6760c0fb69e40f70b7280d10bbd204278690760e31a18a0782d925f142f2c5e
-SHA512 (kernel-kabi-dw-6.12.0-153.el10.tar.xz) = dc961ad3a92b82d9ed3f6a68946255d1e68e17155ce196497b2458ac7b78536d4fa0f272569e7a104df91784a8e6b856a3dd096f61cd007aaa4d62965ece947a
+SHA512 (linux-6.12.0-155.el10.tar.xz) = a750e5fa0467a8b20402c552aba0688b68b4df14271decbf215d60f79a44f0f067a3b465958cdfa65bbe60ee532acf108ca608f644e3c41971281b64657660c5
+SHA512 (kernel-abi-stablelists-6.12.0-155.el10.tar.xz) = 5074d63a2bda9798058b83d4aaeeb6086922d8c6a0571262436dde8587aa629a96920a6d83703ac3f2237713dd64313824d0f79114fa9140f89bfd4844afabb9
+SHA512 (kernel-kabi-dw-6.12.0-155.el10.tar.xz) = 1c83e058e4aad401e229b52ee801e2411e2569218faf8652d2e575f60f3941c65e7b4639a2996e1056bf098ebed3ab59aa624bc87660f0554f79fbb9e8ed93d4