Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.kernel > #91758 > unrolled thread

Bug#1131431: linux: loong64 KVM warnings (memcpy + UBSAN out-of-bounds)

Back to article view | Back to linux.debian.kernel

Contents

  Bug#1131431: linux: loong64 KVM warnings (memcpy + UBSAN out-of-bounds) Aurelien Jarno <aurel32@debian.org> - 2026-03-21 11:20 +0100
    Bug#1131431: fixed in linux 6.19.11-1 Aurelien Jarno <aurel32@debian.org> - 2026-04-05 23:40 +0200
    Bug#1131431: marked as done (linux: loong64 KVM warnings (memcpy  + UBSAN out-of-bounds)) "Debian Bug Tracking System" <owner@bugs.debian.org> - 2026-04-14 05:20 +0200

#91758 — Bug#1131431: linux: loong64 KVM warnings (memcpy + UBSAN out-of-bounds)

Source: linux
Version: 6.19.8-1
Severity: normal
Tags: upstream
X-Debbugs-Cc: debian-loongarch@lists.debian.org, dsa@debian.org
User: debian-loongarch@lists.debian.org
Usertags: loong64

Hi,

DSA reinstalled a loong64 physical machine (previously using the
debian-ports archive, now running latest sid), and we started observing
kernel warnings when starting a VM using KVM.

First warning:

| [ 2050.507635] ------------[ cut here ]------------
| [ 2050.507662] memcpy: detected field-spanning write (size 4) of single field "p" at arch/loongarch/kvm/intc/eiointc.c:520 (size 0)
| [ 2050.507682] WARNING: arch/loongarch/kvm/intc/eiointc.c:520 at kvm_eiointc_regs_access.isra.0+0x354/0x3c0, CPU#6: qemu-system-loo/16813
| [ 2050.507697] Modules linked in: bridge stp llc nls_ascii nls_cp437 vfat fat snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core ast snd_hwdep drm_client_lib snd_pcm drm_shmem_helper sg drm_kms_helper snd_timer snd i2c_algo_bit evdev soundcore ip6t_REJECT nf_reject_ipv6 ip6table_filter ip6_tables xt_hashlimit ipt_REJECT nf_reject_ipv4 xt_NFLOG nfnetlink_log xt_multiport xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 drm iptable_filter ip_tables x_tables dm_snapshot dm_bufio vhost_net vhost tun vhost_iotlb tap sch_fq tcp_bbr zlib_deflate configfs nfnetlink autofs4 ext4 crc16 mbcache jbd2 crc32c_cryptoapi raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq raid0 dm_mod raid1 md_mod sd_mod cdc_ether usbnet mii ahci libahci xhci_pci ohci_pci xhci_hcd libata ehci_pci dwmac_loongson ehci_hcd stmmac_libpci megaraid_sas ohci_hcd stmmac usbcore scsi_mod r8169 pcs_xpcs realtek phylink scsi_common usb_common efivarfs
| [ 2050.507873] CPU: 6 UID: 0 PID: 16813 Comm: qemu-system-loo Not tainted 6.19.8+deb14-loong64 #1 PREEMPTLAZY  Debian 6.19.8-1 
| [ 2050.507879] Hardware name: LOONGSON Dabieshan/Loongson-LS2C50C6, BIOS Loongson UEFI (3C50007A2000_C6) V4.3.0-Dual 05/21/25 09:17:40
| [ 2050.507883] pc 9000000000280d74 ra 9000000000280d74 tp 900000010faac000 sp 900000010faafb20
| [ 2050.507887] a0 0000000000000074 a1 0000000000000000 a2 900000010faaf920 a3 900000010faaf918
| [ 2050.507890] a4 0000000000000000 a5 9000000001a8d960 a6 203a7970636d656d a7 293020657a697328
| [ 2050.507894] t0 6d08ee86308d20d5 t1 6d08ee86308d20d5 t2 90000000017e8000 t3 0000000000000001
| [ 2050.507897] t4 fffffffffffffffe t5 00000000ffffdfff t6 900010207ff04000 t7 0000000000000000
| [ 2050.507900] t8 0000000000000000 u0 900000011ad00050 s9 900000010faafec0 s0 900000010faafb90
| [ 2050.507903] s1 900000011ad00000 s2 900000011ad00050 s3 0000000000000000 s4 00007ffffbf39830
| [ 2050.507906] s5 000000000000002f s6 000055556b5480d0 s7 0000555559d0be48 s8 0000000000000000
| [ 2050.507910]    ra: 9000000000280d74 kvm_eiointc_regs_access.isra.0+0x354/0x3c0
| [ 2050.507914]   ERA: 9000000000280d74 kvm_eiointc_regs_access.isra.0+0x354/0x3c0
| [ 2050.507918]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)
| [ 2050.507932]  PRMD: 00000000 (PPLV0 -PIE -PWE)
| [ 2050.507940]  EUEN: 00000007 (+FPE +SXE +ASXE -BTE)
| [ 2050.507948]  ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)
| [ 2050.507956] ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)
| [ 2050.507962]  PRID: 0014c011 (Loongson-64bit, Loongson-3C5000)
| [ 2050.507966] CPU: 6 UID: 0 PID: 16813 Comm: qemu-system-loo Not tainted 6.19.8+deb14-loong64 #1 PREEMPTLAZY  Debian 6.19.8-1 
| [ 2050.507970] Hardware name: LOONGSON Dabieshan/Loongson-LS2C50C6, BIOS Loongson UEFI (3C50007A2000_C6) V4.3.0-Dual 05/21/25 09:17:40
| [ 2050.507972] Stack : 900000010faaf7f8 0000000000000000 9000000000238828 900000010faac000
| [ 2050.507978]         900000010faaf740 900000010faaf748 0000000000000000 900000010faaf888
| [ 2050.507983]         900000010faaf880 900000010faaf880 900010207ff19b40 6572617764726148
| [ 2050.507987]         203a656d616e2065 900000010faaf748 6d08ee86308d20d5 900000012859c840
| [ 2050.507992]         900000010faac000 90000000015c8868 00000000ffffdfff 900010207ff04000
| [ 2050.507997]         0000000000000000 0000000000000000 000000207b878000 900000010faafec0
| [ 2050.508002]         0000000000000000 90000000017e8000 0000000000000000 90000000015c8868
| [ 2050.508006]         0000000000000208 0000000000000009 000055556b5480d0 0000555559d0be48
| [ 2050.508011]         0000000000000000 0000000000000000 9000000000238844 000055556bcb67e8
| [ 2050.508016]         00000000000000b0 0000000000000000 0000000000000007 0000000000071c1d
| [ 2050.508020]         ...
| [ 2050.508023] Call Trace:
| [ 2050.508026] [<9000000000238844>] show_stack+0x64/0x190
| [ 2050.508037] [<9000000000230fc8>] dump_stack_lvl+0x70/0x9c
| [ 2050.508041] [<9000000000289630>] __warn+0xa0/0x1b0
| [ 2050.508046] [<90000000012358e8>] __report_bug+0xa8/0x1c0
| [ 2050.508052] [<9000000001235af0>] report_bug+0x40/0xd0
| [ 2050.508055] [<90000000012791f4>] do_bp+0x254/0x420
| [ 2050.508066] [<0000000000000000>] 0x0
| [ 2050.508070] [<9000000000280d74>] kvm_eiointc_regs_access.isra.0+0x354/0x3c0
| [ 2050.508073] [<90000000002812bc>] kvm_eiointc_set_attr+0x34c/0x770
| [ 2050.508076] [<9000000000262f04>] kvm_device_ioctl+0x264/0x3a0
| [ 2050.508082] [<900000000075f09c>] sys_ioctl+0x52c/0x1150
| [ 2050.508089] [<9000000001279804>] do_syscall+0xc4/0x320
| [ 2050.508094] ---[ end trace 0000000000000000 ]---

This warning could have been introduced by the following upstream
commit:

commit 01a8e68396a6d51f5ba92021ad1a4b8eaabdd0e7
Author: Bibo Mao <maobibo@loongson.cn>
Date:   Thu Sep 18 19:44:22 2025 +0800

    LoongArch: KVM: Avoid copy_*_user() with lock hold in kvm_eiointc_sw_status_access()


The second one:

| [ 2050.508176] ------------[ cut here ]------------
| [ 2050.508179] UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.19.8/arch/loongarch/kvm/vcpu.c:569:20
| [ 2050.508234] index -1 is out of range for type 'kvm_phyid_info [256]'
| [ 2050.508248] CPU: 6 UID: 0 PID: 16813 Comm: qemu-system-loo Tainted: G        W           6.19.8+deb14-loong64 #1 PREEMPTLAZY  Debian 6.19.8-1 
| [ 2050.508253] Tainted: [W]=WARN
| [ 2050.508254] Hardware name: LOONGSON Dabieshan/Loongson-LS2C50C6, BIOS Loongson UEFI (3C50007A2000_C6) V4.3.0-Dual 05/21/25 09:17:40
| [ 2050.508256] Stack : 900000010faaf8f8 0000000000000000 9000000000238828 900000010faac000
| [ 2050.508261]         900000010faaf840 900000010faaf848 0000000000000000 900000010faaf988
| [ 2050.508266]         900000010faaf980 900000010faaf980 900010207ff1a3f0 6572617764726148
| [ 2050.508271]         203a656d616e2065 900000010faaf848 6d08ee86308d20d5 900000012859c840
| [ 2050.508275]         900000010faac000 90000000015c8868 00000000ffffdfff 900010207ff04000
| [ 2050.508280]         0000000000000000 0000000000000000 000000207b878000 0000000000000000
| [ 2050.508284]         0000000000000000 90000000017e8000 0000000000000000 90000000015c8868
| [ 2050.508289]         0000000000000003 ffffffffffffffff 900000011ad020b8 0000000000000000
| [ 2050.508293]         900000011ad00000 0000000000000000 9000000000238844 000055556bcb67e8
| [ 2050.508298]         00000000000000b0 0000000000000007 0000000000000007 0000000000071c1d
| [ 2050.508302]         ...
| [ 2050.508304] Call Trace:
| [ 2050.508306] [<9000000000238844>] show_stack+0x64/0x190
| [ 2050.508310] [<9000000000230fc8>] dump_stack_lvl+0x70/0x9c
| [ 2050.508314] [<900000000022bc60>] ubsan_epilogue+0xc/0x3c
| [ 2050.508318] [<9000000000bc61c4>] __ubsan_handle_out_of_bounds+0xa4/0xb0
| [ 2050.508322] [<900000000027a6c0>] kvm_get_vcpu_by_cpuid+0xb0/0xc0
| [ 2050.508326] [<90000000002813b8>] kvm_eiointc_set_attr+0x448/0x770
| [ 2050.508329] [<9000000000262f04>] kvm_device_ioctl+0x264/0x3a0
| [ 2050.508334] [<900000000075f09c>] sys_ioctl+0x52c/0x1150
| [ 2050.508338] [<9000000001279804>] do_syscall+0xc4/0x320
| [ 2050.508343] ---[ end trace ]---

The problem was not present when running kernel 6.17.7+deb14-loong64, so
it seems to be a relatively recent regression. Despite the warnings,
things seems to work relatively well.

Regards
Aurelien

[toc] | [next] | [standalone]

#91924 — Bug#1131431: fixed in linux 6.19.11-1

Hi,

On 2026-04-05 08:23, Debian FTP Masters wrote:
> Source: linux
> Source-Version: 6.19.11-1
> Done: Salvatore Bonaccorso <carnil@debian.org>
> 
> We believe that the bug you reported is fixed in the latest version of
> linux, which is due to be installed in the Debian FTP archive.
> 
> A summary of the changes between this version and the previous one is
> attached.
> 
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 1131431@bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
> 
> Debian distribution maintenance software
> pp.
> Salvatore Bonaccorso <carnil@debian.org> (supplier of updated linux package)
> 
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmaster@ftp-master.debian.org)
> 
> 
> Format: 1.8
> Date: Sun, 05 Apr 2026 08:17:47 +0200
> Source: linux
> Architecture: source
> Version: 6.19.11-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
> Changed-By: Salvatore Bonaccorso <carnil@debian.org>
> Closes: 1131431 1131546 1132622
> Changes:
>  linux (6.19.11-1) unstable; urgency=medium
>  .

...

>      - [loong64] KVM: Make kvm_get_vcpu_by_cpuid() more robust (Closes: #1131431)
>      - [loong64] KVM: Fix base address calculation in kvm_eiointc_regs_access()
>        (Closes: #1131431)
>      - [loong64] KVM: Handle the case that EIOINTC's coremap is empty
>        (Closes: #1131431)

Thanks, I confirm that the bug is indeed fixed.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                     http://aurel32.net

[toc] | [prev] | [next] | [standalone]

#92019 — Bug#1131431: marked as done (linux: loong64 KVM warnings (memcpy + UBSAN out-of-bounds))

[Multipart message — attachments visible in raw view] — view raw

Your message dated Tue, 14 Apr 2026 03:13:06 +0000
with message-id <E1wCUD4-0000000FFym-1AMC@fasolo.debian.org>
and subject line Bug#1131431: fixed in linux 7.0-1~exp1
has caused the Debian Bug report #1131431,
regarding linux: loong64 KVM warnings (memcpy + UBSAN out-of-bounds)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1131431: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131431
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

[toc] | [prev] | [standalone]

Back to top | Article view | linux.debian.kernel

csiph-web