Bug#1131431: marked as done (linux: loong64 KVM warnings (memcpy + UBSAN out-of-bounds))

[Debian Bug Tracking System]

Your message dated Tue, 14 Apr 2026 03:13:06 +0000
with message-id <e1wcud4-0000000ffym-1...@fasolo.debian.org>
and subject line Bug#1131431: fixed in linux 7.0-1~exp1
has caused the Debian Bug report #1131431,
regarding linux: loong64 KVM warnings (memcpy + UBSAN out-of-bounds)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1131431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131431
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: linux
Version: 6.19.8-1
Severity: normal
Tags: upstream
X-Debbugs-Cc: debian-loonga...@lists.debian.org, d...@debian.org
User: debian-loonga...@lists.debian.org
Usertags: loong64

Hi,

DSA reinstalled a loong64 physical machine (previously using the
debian-ports archive, now running latest sid), and we started observing
kernel warnings when starting a VM using KVM.

First warning:

| [ 2050.507635] ------------[ cut here ]------------
| [ 2050.507662] memcpy: detected field-spanning write (size 4) of single field 
"p" at arch/loongarch/kvm/intc/eiointc.c:520 (size 0)
| [ 2050.507682] WARNING: arch/loongarch/kvm/intc/eiointc.c:520 at 
kvm_eiointc_regs_access.isra.0+0x354/0x3c0, CPU#6: qemu-system-loo/16813
| [ 2050.507697] Modules linked in: bridge stp llc nls_ascii nls_cp437 vfat fat 
snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core ast snd_hwdep 
drm_client_lib snd_pcm drm_shmem_helper sg drm_kms_helper snd_timer snd 
i2c_algo_bit evdev soundcore ip6t_REJECT nf_reject_ipv6 ip6table_filter 
ip6_tables xt_hashlimit ipt_REJECT nf_reject_ipv4 xt_NFLOG nfnetlink_log 
xt_multiport xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 
drm iptable_filter ip_tables x_tables dm_snapshot dm_bufio vhost_net vhost tun 
vhost_iotlb tap sch_fq tcp_bbr zlib_deflate configfs nfnetlink autofs4 ext4 
crc16 mbcache jbd2 crc32c_cryptoapi raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq raid0 dm_mod raid1 md_mod 
sd_mod cdc_ether usbnet mii ahci libahci xhci_pci ohci_pci xhci_hcd libata 
ehci_pci dwmac_loongson ehci_hcd stmmac_libpci megaraid_sas ohci_hcd stmmac 
usbcore scsi_mod r8169 pcs_xpcs realtek phylink scsi_common usb_common efivarfs
| [ 2050.507873] CPU: 6 UID: 0 PID: 16813 Comm: qemu-system-loo Not tainted 
6.19.8+deb14-loong64 #1 PREEMPTLAZY  Debian 6.19.8-1 
| [ 2050.507879] Hardware name: LOONGSON Dabieshan/Loongson-LS2C50C6, BIOS 
Loongson UEFI (3C50007A2000_C6) V4.3.0-Dual 05/21/25 09:17:40
| [ 2050.507883] pc 9000000000280d74 ra 9000000000280d74 tp 900000010faac000 sp 
900000010faafb20
| [ 2050.507887] a0 0000000000000074 a1 0000000000000000 a2 900000010faaf920 a3 
900000010faaf918
| [ 2050.507890] a4 0000000000000000 a5 9000000001a8d960 a6 203a7970636d656d a7 
293020657a697328
| [ 2050.507894] t0 6d08ee86308d20d5 t1 6d08ee86308d20d5 t2 90000000017e8000 t3 
0000000000000001
| [ 2050.507897] t4 fffffffffffffffe t5 00000000ffffdfff t6 900010207ff04000 t7 
0000000000000000
| [ 2050.507900] t8 0000000000000000 u0 900000011ad00050 s9 900000010faafec0 s0 
900000010faafb90
| [ 2050.507903] s1 900000011ad00000 s2 900000011ad00050 s3 0000000000000000 s4 
00007ffffbf39830
| [ 2050.507906] s5 000000000000002f s6 000055556b5480d0 s7 0000555559d0be48 s8 
0000000000000000
| [ 2050.507910]    ra: 9000000000280d74 
kvm_eiointc_regs_access.isra.0+0x354/0x3c0
| [ 2050.507914]   ERA: 9000000000280d74 
kvm_eiointc_regs_access.isra.0+0x354/0x3c0
| [ 2050.507918]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
| [ 2050.507932]  PRMD: 00000000 (PPLV0 -PIE -PWE)
| [ 2050.507940]  EUEN: 00000007 (+FPE +SXE +ASXE -BTE)
| [ 2050.507948]  ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)
| [ 2050.507956] ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)
| [ 2050.507962]  PRID: 0014c011 (Loongson-64bit, Loongson-3C5000)
| [ 2050.507966] CPU: 6 UID: 0 PID: 16813 Comm: qemu-system-loo Not tainted 
6.19.8+deb14-loong64 #1 PREEMPTLAZY  Debian 6.19.8-1 
| [ 2050.507970] Hardware name: LOONGSON Dabieshan/Loongson-LS2C50C6, BIOS 
Loongson UEFI (3C50007A2000_C6) V4.3.0-Dual 05/21/25 09:17:40
| [ 2050.507972] Stack : 900000010faaf7f8 0000000000000000 9000000000238828 
900000010faac000
| [ 2050.507978]         900000010faaf740 900000010faaf748 0000000000000000 
900000010faaf888
| [ 2050.507983]         900000010faaf880 900000010faaf880 900010207ff19b40 
6572617764726148
| [ 2050.507987]         203a656d616e2065 900000010faaf748 6d08ee86308d20d5 
900000012859c840
| [ 2050.507992]         900000010faac000 90000000015c8868 00000000ffffdfff 
900010207ff04000
| [ 2050.507997]         0000000000000000 0000000000000000 000000207b878000 
900000010faafec0
| [ 2050.508002]         0000000000000000 90000000017e8000 0000000000000000 
90000000015c8868
| [ 2050.508006]         0000000000000208 0000000000000009 000055556b5480d0 
0000555559d0be48
| [ 2050.508011]         0000000000000000 0000000000000000 9000000000238844 
000055556bcb67e8
| [ 2050.508016]         00000000000000b0 0000000000000000 0000000000000007 
0000000000071c1d
| [ 2050.508020]         ...
| [ 2050.508023] Call Trace:
| [ 2050.508026] [<9000000000238844>] show_stack+0x64/0x190
| [ 2050.508037] [<9000000000230fc8>] dump_stack_lvl+0x70/0x9c
| [ 2050.508041] [<9000000000289630>] __warn+0xa0/0x1b0
| [ 2050.508046] [<90000000012358e8>] __report_bug+0xa8/0x1c0
| [ 2050.508052] [<9000000001235af0>] report_bug+0x40/0xd0
| [ 2050.508055] [<90000000012791f4>] do_bp+0x254/0x420
| [ 2050.508066] [<0000000000000000>] 0x0
| [ 2050.508070] [<9000000000280d74>] kvm_eiointc_regs_access.isra.0+0x354/0x3c0
| [ 2050.508073] [<90000000002812bc>] kvm_eiointc_set_attr+0x34c/0x770
| [ 2050.508076] [<9000000000262f04>] kvm_device_ioctl+0x264/0x3a0
| [ 2050.508082] [<900000000075f09c>] sys_ioctl+0x52c/0x1150
| [ 2050.508089] [<9000000001279804>] do_syscall+0xc4/0x320
| [ 2050.508094] ---[ end trace 0000000000000000 ]---

This warning could have been introduced by the following upstream
commit:

commit 01a8e68396a6d51f5ba92021ad1a4b8eaabdd0e7
Author: Bibo Mao <maob...@loongson.cn>
Date:   Thu Sep 18 19:44:22 2025 +0800

    LoongArch: KVM: Avoid copy_*_user() with lock hold in 
kvm_eiointc_sw_status_access()


The second one:

| [ 2050.508176] ------------[ cut here ]------------
| [ 2050.508179] UBSAN: array-index-out-of-bounds in 
/build/reproducible-path/linux-6.19.8/arch/loongarch/kvm/vcpu.c:569:20
| [ 2050.508234] index -1 is out of range for type 'kvm_phyid_info [256]'
| [ 2050.508248] CPU: 6 UID: 0 PID: 16813 Comm: qemu-system-loo Tainted: G      
  W           6.19.8+deb14-loong64 #1 PREEMPTLAZY  Debian 6.19.8-1 
| [ 2050.508253] Tainted: [W]=WARN
| [ 2050.508254] Hardware name: LOONGSON Dabieshan/Loongson-LS2C50C6, BIOS 
Loongson UEFI (3C50007A2000_C6) V4.3.0-Dual 05/21/25 09:17:40
| [ 2050.508256] Stack : 900000010faaf8f8 0000000000000000 9000000000238828 
900000010faac000
| [ 2050.508261]         900000010faaf840 900000010faaf848 0000000000000000 
900000010faaf988
| [ 2050.508266]         900000010faaf980 900000010faaf980 900010207ff1a3f0 
6572617764726148
| [ 2050.508271]         203a656d616e2065 900000010faaf848 6d08ee86308d20d5 
900000012859c840
| [ 2050.508275]         900000010faac000 90000000015c8868 00000000ffffdfff 
900010207ff04000
| [ 2050.508280]         0000000000000000 0000000000000000 000000207b878000 
0000000000000000
| [ 2050.508284]         0000000000000000 90000000017e8000 0000000000000000 
90000000015c8868
| [ 2050.508289]         0000000000000003 ffffffffffffffff 900000011ad020b8 
0000000000000000
| [ 2050.508293]         900000011ad00000 0000000000000000 9000000000238844 
000055556bcb67e8
| [ 2050.508298]         00000000000000b0 0000000000000007 0000000000000007 
0000000000071c1d
| [ 2050.508302]         ...
| [ 2050.508304] Call Trace:
| [ 2050.508306] [<9000000000238844>] show_stack+0x64/0x190
| [ 2050.508310] [<9000000000230fc8>] dump_stack_lvl+0x70/0x9c
| [ 2050.508314] [<900000000022bc60>] ubsan_epilogue+0xc/0x3c
| [ 2050.508318] [<9000000000bc61c4>] __ubsan_handle_out_of_bounds+0xa4/0xb0
| [ 2050.508322] [<900000000027a6c0>] kvm_get_vcpu_by_cpuid+0xb0/0xc0
| [ 2050.508326] [<90000000002813b8>] kvm_eiointc_set_attr+0x448/0x770
| [ 2050.508329] [<9000000000262f04>] kvm_device_ioctl+0x264/0x3a0
| [ 2050.508334] [<900000000075f09c>] sys_ioctl+0x52c/0x1150
| [ 2050.508338] [<9000000001279804>] do_syscall+0xc4/0x320
| [ 2050.508343] ---[ end trace ]---

The problem was not present when running kernel 6.17.7+deb14-loong64, so
it seems to be a relatively recent regression. Despite the warnings,
things seems to work relatively well.

Regards
Aurelien

--- End Message ---

--- Begin Message ---

Source: linux
Source-Version: 7.0-1~exp1
Done: Ben Hutchings <b...@debian.org>

We believe that the bug you reported is fixed in the latest version of
linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1131...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Hutchings <b...@debian.org> (supplier of updated linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 Apr 2026 18:00:30 +0200
Source: linux
Architecture: source
Version: 7.0-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <b...@debian.org>
Closes: 1113728 1113996 1122357 1127612 1130971 1131166 1131431 1131546 1132155 
1132201 1132622 1132796 1132814
Changes:
 linux (7.0-1~exp1) experimental; urgency=medium
 .
   * New upstream release: https://kernelnewbies.org/Linux_7.0
     - [amd64] platform/x86: hp-bioscfg: Support allocations of larger data
       (Closes: #1127612)
     - [amd64] crypto: padlock-sha - Disable for Zhaoxin processor
       (Closes: #1113996)
     - iommu: Fix mapping check for 0x0 to avoid re-mapping it (Closes: 
#1130971)
     - bpf: Fix constant blinding for PROBE_MEM32 stores (CVE-2026-23417)
       (Closes: #1132622)
     - [loong64] KVM: Fix undefined behaviour found by UBSAN (Closes: #1131431):
       + Make kvm_get_vcpu_by_cpuid() more robust
       + Handle the case that EIOINTC's coremap is empty
       + Fix base address calculation in kvm_eiointc_regs_access()
 .
   [ Bastian Blank ]
   * Merge kernel-wedge.  This takes over maintenance of this code from the
     installer team.
   * Use non-aliases paths in udebs. (closes: #1122357)
 .
   [ Han Gao ]
   * [riscv64] Enable RTC_DRV_EFI as module
   * [riscv64] Enable SENSORS_PWM_FAN as module for Sophgo SG2042
   * [riscv64] Enable SENSORS_MR75203 as module for THEAD TH1520
   * [riscv64] Enable POWER_SEQUENCING as module for THEAD TH1520
   * [riscv64] Enable POWER_SEQUENCING_TH1520_GPU as module for THEAD TH1520
   * [riscv64] Enable SND_SOC_K1_I2S as module for Spacemit K1
   * [riscv64] Enable CONFIG_PWM_TH1520 for THEAD TH1520
 .
   [ Salvatore Bonaccorso ]
   * [amd64] drivers/platform/x86/uniwill: Enable X86_PLATFORM_DRIVERS_UNIWILL
   * [amd64] drivers/platform/x86/uniwill: Enable UNIWILL_LAPTOP as module
     (Closes: #1131166)
   * [amd64] drivers/media/i2c: Enable VIDEO_OV02E10 as module (Closes: 
#1132201)
   * [amd64] drivers/staging/media/ipu7: Enable VIDEO_INTEL_IPU7 as module
     (Closes: #1132814)
 .
   [ Ben Hutchings ]
   * Fix ordering of kernel version strings for multiple Debian revisions
     (Closes: #1113728)
   * d/b/test-patches: Expect debian/control-real target to return 0
   * d/b/test-patches: Disable signing so we build linux-image packages again
     (Closes: #1131546)
   * kernel-wedge: Fix find-dups to not look for kernel-image-di
   * kernel-wedge: Remove handling of unset $SOURCEDIR
   * kernel-wedge: Remove support for non-Linux kernels
   * kernel-wedge: Remove support for separate config directories
   * kernel-wedge: Remove support for non-modular kernel
   * kernel-wedge: Remove support for exclude-packages
   * kernel-wedge: Use cpio instead of tar in copy-files
   * kernel-wedge: Rewrite copy-files in Perl
   * kernel-wedge: Fix copy-files to skip softdeps in depmod output
   * kernel-wedge: Combine gen-deps with copy-files
   * kernel-wedge, udeb: Define which packages to build through package-list
   * [mips*,sh4] udeb: Remove minix-modules package
   * [mips*] udeb: Remove affs-modules package
   * udeb: Build {jfs,loop,ppp,squashfs,uinput,xfs}-modules everywhere we can
     (Closes: #1132155)
 .
   [ Aurelien Jarno ]
   * [riscv64] Enable SPACEMIT_K3_CCU
   * [riscv64] Enable PINCTRL_PIC64GX and PINCTRL_POLARFIRE_SOC
   * [riscv64] Enable CV1800_MBOX, SND_SOC_CV1800B_TDM,
     SND_SOC_CV1800B_ADC_CODEC and SND_SOC_CV1800B_DAC_CODEC as modules
 .
   [ Morgwai Kotarbinski ]
   * linux-kbuild: Include scripts/gen-btf.sh (Closes: #1132796)
Checksums-Sha1:
 b7c0aa04b26599087cd3b320622747e8228b7fdf 183105 linux_7.0-1~exp1.dsc
 0805573ce39c5657affaaadfe45e7e79c1b68944 160332840 linux_7.0.orig.tar.xz
 3ed69a3345ad92384c6614d59ecb2afacc744f02 1451976 linux_7.0-1~exp1.debian.tar.xz
 02d303b4cb1e903375d5f1b4e5ddfcb92231a480 6962 linux_7.0-1~exp1_source.buildinfo
Checksums-Sha256:
 d18ff76532ab4dfe10a64d6d6068c78ab750ec53b4b5860a9171945b76afc5c8 183105 
linux_7.0-1~exp1.dsc
 84aabcbd9039469613e74fd735a5e9680c1958a9ff63f093ebd9e580f403d06f 160332840 
linux_7.0.orig.tar.xz
 569e4e3e998d48247dce25aaca1dd067a83773c1b5c7961c0422154b06d6ac51 1451976 
linux_7.0-1~exp1.debian.tar.xz
 95dcfcd511aca951b67f9b2b8ed51f926fdc04e95eb7cc0578c8b2744aea2794 6962 
linux_7.0-1~exp1_source.buildinfo
Files:
 483aae11d5269bc3be731565733ae3ba 183105 kernel optional linux_7.0-1~exp1.dsc
 7ffdb1d8b58227d54d348b9bb9586821 160332840 kernel optional 
linux_7.0.orig.tar.xz
 3107a8ea51576df21d858367afb6c960 1451976 kernel optional 
linux_7.0-1~exp1.debian.tar.xz
 77feae1584d60399a450169007fdf84b 6962 kernel optional 
linux_7.0-1~exp1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAmndjiwACgkQ57/I7JWG
EQmMKw/+IvmVy8jrjGonjuXCtEZ3a+nyCf6tWmV9YmKP+THJUQlo2RX+bpwM3CA6
gPO1sQBAs3g12ZatCT2qZUnrnyri+FH5NTXiPZkStMP2l0ShftP35lmHQbKPb+CD
iQOYN98DtRleQi6mZkgkhKqrGU8nZmz0fHfxF0eMcQLu1Q6qBxhcxAWcIPWg+zwl
crnNqZk2UQSB/ALbIfoPPyOFBilEpb39oYJ4LNz4aVAbJynhinGNB3CH+hnOj9yf
Dn7ry+rwkz/eRtJoy3eFShFi2n+WOdndTrDTKmf51zRN7X0cdfsI0vWa/6tyVNWy
SOZtZUAirKDyBPsGh4z8RLAUGLj5HoShE6x1nbxCb9TgcBYOlntWSL9RgmstNKZN
GzOzgWqiuUaURMsNaHAjElaXiU2G/XlZTQkjrpf/WLfZKEn3Sy5BX+JdcsV3W0Vc
4Y2NTziQVbxxs6yv8KlmP/hMZM6eNGZBu8owm70LGQe+rlzWImCRrAPRkyjzj0SY
hDyzM0buwWJbFk5HMex2nDt6PfvyviHXk90cWqUormDBsHDpdkBWHTOMtntWym9f
vnZUtH+siHxmtdulMH3OL6Y+UL+pVofWUaaAhWTKxtGOjaC0jtRaqnL3hidcezA5
rsbPdUAbHYUcT84rwo2cYe39GZu7S8yAFTt7Doojzv9FBp7bAdc=
=blsv
-----END PGP SIGNATURE-----

pgpvGQFv26bMW.pgp
Description: PGP signature

--- End Message ---