Bug#1019855: Fwd: libc6: immediately crashes with SIGILL on 4th gen Intel Core CPUs (seems related to AVX2 instructions), bricking the whole system

[debian-bug-report@p0358.net]

Package: libc6
Version: 2.31-13+deb11u4
Severity: critical

Dear Maintainer,

After an upgrade to version +deb11u4 on my system running Haswell
(4th gen Intel Core) CPU, most of the programs including bash or dpkg
are immediately crashing with SIGILL. The problem seems to be caused/
related to AVX2 and changes made to some functions utilizing this 
instruction set. I don't know much about Debian bug reporting, so 
forgive me any mistakes I've made.
The issue is on both host, LXC and Docker.
I have described more on this link:
https://github.com/debuerreotype/docker-debian-artifacts/issues/175
where I also linked my coredump from example program and described stuff 
more thoroughly.

Coredump link directly just in case: 
https://github.com/debuerreotype/docker-debian-artifacts/files/9569748/core.bash.100000.2663c40e671041e6b40c882a70b83c3f.1480736.1663185824000000.zip

Also log lines from kernel:
kernel: [834669.721253] traps: dpkg[1455373] trap invalid opcode 
ip:7fa39701951d sp:7ffc4ad26e58 error:0 in libc-2.31.so[7fa396edd000+15a000]
kernel: [834669.732958] traps: dpkg[1455374] trap invalid opcode 
ip:7f529ca9551d sp:7fffb6f0a238 error:0 in libc-2.31.so[7f529c959000+15a000]
kernel: [834669.840128] traps: dpkg[1455375] trap invalid opcode 
ip:7f1874cc951d sp:7fffc2c2f5d8 error:0 in libc-2.31.so[7f1874b8d000+15a000]
kernel: [834669.907918] traps: dpkg[1455378] trap invalid opcode 
ip:7f3b4f8d851d sp:7fff3ec970f8 error:0 in libc-2.31.so[7f3b4f79c000+15a000]
kernel: [834712.152139] traps: passwd[1455693] trap invalid opcode 
ip:7fefee4b52b7 sp:7ffffcb506b8 error:0 in libc-2.31.so[7fefee37d000+15a000]

Not sure what exactly might be causing the issue, but if these changes 
aren't pulled, potentially anyone with this or similar CPU as me will 
upgrade and end up with bricked system.
I will proceed to try using `clearcpuid=293` kernel flag myself, but 
consider how many distros depend on Debian, live CDs etc, with people 
unable to figure out why their system became useless, unable to trace 
the source, and blaming it just on Linux...

I'm filling this bug report from my downgraded host system to the 
previous libc6 version.

   * What led up to the situation? apt upgrade...
   * What exactly did you do (or not do) that was effective (or
     ineffective)? downgrade to +deb11u3
   * What was the outcome of this action? everything works on the older 
version
   * What outcome did you expect instead?


-- System Information:
Debian Release: 11.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.39-1-pve (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE 
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libc6 depends on:
ii  libcrypt1  1:4.4.18-4
ii  libgcc-s1  10.2.1-6

Versions of packages libc6 recommends:
ii  libidn2-0       2.3.0-5
pn  libnss-nis      <none>
pn  libnss-nisplus  <none>

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.77
pn  glibc-doc              <none>
ii  libc-l10n              2.31-13+deb11u3
ii  locales                2.31-13+deb11u3

-- debconf information:
  glibc/disable-screensaver:
  glibc/restart-services:
  glibc/kernel-not-supported:
  glibc/kernel-too-old:
  libraries/restart-without-asking: false
  glibc/restart-failed:
  glibc/upgrade: true