Bug#977048: linux-image-4.19.0-13-amd64: Kernel oops in unmount ...chroot.../sys/firmware/efi/efivar

[Salvatore Bonaccorso]

Hi,

On Thu, Dec 10, 2020 at 10:57:17PM +0100, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Thu, Dec 10, 2020 at 05:04:22PM +0100, Klaus Singvogel wrote:
> > Package: src:linux
> > Version: 4.19.160-2
> > Severity: important
> > 
> > Dear Maintainer,
> > 
> > *** Reporter, please consider answering these questions, where appropriate 
> > ***
> > 
> >    * What led up to the situation?
> > 
> >      sudo mount -rbind /sys /${CHROOT}/sys
> > 
> >    * What exactly did you do (or not do) that was effective (or 
> > ineffective)?
> > 
> >      sudo umount /${CHROOT}/sys/firmware/efi/efivar
> > 
> >    * What was the outcome of this action?
> > 
> >      Segmentation fault and Kernel oops
> > 
> >    * What outcome did you expect instead?
> > 
> >      No segmentation fault, no Kernel oops
> > 
> > Note:
> > This bug can be reproduced on further machines with this kernel version.
> > 
> > Here is the output of the oops:
> > 
> > [133082.213609] ------------[ cut here ]------------
> > [133082.213610] kernel BUG at mm/slub.c:3950!
> > [133082.213615] invalid opcode: 0000 [#1] SMP PTI
> > [133082.213617] CPU: 5 PID: 11559 Comm: umount Tainted: G     U            
> > 4.19.0-13-amd64 #1 Debian 4.19.160-2
> > [133082.213618] Hardware name: Micro-Star International Co., Ltd. 
> > MS-7B45/Z370 GAMING PRO CARBON (MS-7B45), BIOS A.B0 06/05/2020
> > [133082.213621] RIP: 0010:kfree+0x168/0x180
> > [133082.213622] Code: 5d 41 5c e9 fa 11 f9 ff 48 89 d9 48 89 da 41 b8 01 00 
> > 00 00 5b 4c 89 d6 5d 41 5c e9 02 f6 ff ff 0f 0b 49 8b 42 08 a8 01 75 c3 
> > <0f> 0b 48 8b 3d ff 48 dd 00 e9 c7 fe ff ff 66 2e 0f 1f 84 00 00 00
> > [133082.213623] RSP: 0018:ffffb71549543e58 EFLAGS: 00010246
> > [133082.213624] RAX: 0000000000000000 RBX: ffff941ddae5c000 RCX: 
> > ffffffffa4ada018
> > [133082.213625] RDX: 0000000000000000 RSI: 0000000000000296 RDI: 
> > 00006be600000000
> > [133082.213626] RBP: ffffffffc08c1040 R08: ffffe66b51437208 R09: 
> > 0000000000000001
> > [133082.213626] R10: ffffe66b516b9700 R11: ffffe66b51707008 R12: 
> > ffffffffc08bf742
> > [133082.213627] R13: 0000000000000000 R14: 0000000000000000 R15: 
> > ffff941ddae5c000
> > [133082.213628] FS:  00007f6337c2c080(0000) GS:ffff941ddeb40000(0000) 
> > knlGS:0000000000000000
> > [133082.213629] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [133082.213630] CR2: 00007ffd34ee8cf8 CR3: 000000042a628006 CR4: 
> > 00000000003606e0
> > [133082.213631] Call Trace:
> > [133082.213635]  ? efivarfs_kill_sb+0x30/0x30 [efivarfs]
> > [133082.213637]  efivarfs_destroy+0x22/0x30 [efivarfs]
> > [133082.213639]  __efivar_entry_iter+0xd8/0x110
> > [133082.213642]  deactivate_locked_super+0x2f/0x70
> > [133082.213644]  cleanup_mnt+0x3f/0x70
> > [133082.213646]  task_work_run+0x8a/0xb0
> > [133082.213648]  exit_to_usermode_loop+0xeb/0xf0
> > [133082.213650]  do_syscall_64+0x10d/0x110
> > [133082.213652]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
> > [133082.213653] RIP: 0033:0x7f6338052507
> > [133082.213655] Code: 19 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 
> > 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 
> > <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 59 19 0c 00 f7 d8 64 89 01 48
> > [133082.213655] RSP: 002b:00007ffd34eea528 EFLAGS: 00000246 ORIG_RAX: 
> > 00000000000000a6
> > [133082.213657] RAX: 0000000000000000 RBX: 0000563e3ae26ac0 RCX: 
> > 00007f6338052507
> > [133082.213657] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 
> > 0000563e3ae26cd0
> > [133082.213658] RBP: 0000000000000000 R08: 0000563e3ae27b40 R09: 
> > 00007f63380d3e80
> > [133082.213659] R10: 0000000000000000 R11: 0000000000000246 R12: 
> > 0000563e3ae26cd0
> > [133082.213659] R13: 00007f63381781c4 R14: 0000563e3ae26bb8 R15: 
> > 0000000000000000
> > [133082.213661] Modules linked in: tcp_diag udp_diag raw_diag inet_diag 
> > unix_diag fuse rfkill uvcvideo videobuf2_vmalloc videobuf2_memops 
> > videobuf2_v4l2 videobuf2_common snd_usb_audio nls_ascii videodev nls_cp437 
> > snd_usbmidi_lib vfat snd_rawmidi intel_rapl media snd_seq_device fat 
> > snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp coretemp 
> > snd_hda_codec_realtek kvm_intel snd_hda_codec_generic kvm irqbypass 
> > crct10dif_pclmul crc32_pclmul snd_hda_intel snd_hda_codec 
> > ghash_clmulni_intel intel_cstate efi_pstore snd_hda_core joydev sg 
> > intel_uncore snd_hwdep intel_rapl_perf snd_pcm iTCO_wdt snd_timer 
> > iTCO_vendor_support efivars snd pcspkr soundcore mei_me pcc_cpufreq mei 
> > acpi_pad acpi_tad evdev i2c_dev parport_pc sunrpc ppdev lp parport efivarfs 
> > ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 fscrypto
> > [133082.213677]  ecb btrfs zstd_decompress zstd_compress xxhash raid10 
> > raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor 
> > raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod 
> > hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid sr_mod cdrom 
> > sd_mod uas usb_storage crc32c_intel i915 ahci libahci i2c_algo_bit libata 
> > drm_kms_helper mxm_wmi scsi_mod xhci_pci xhci_hcd aesni_intel drm e1000e 
> > usbcore aes_x86_64 crypto_simd cryptd glue_helper i2c_i801 usb_common 
> > thermal fan wmi video button
> > [133082.213691] ---[ end trace fdc6cf3f029628a7 ]---
> > [133082.303757] RIP: 0010:kfree+0x168/0x180
> > [133082.303775] Code: 5d 41 5c e9 fa 11 f9 ff 48 89 d9 48 89 da 41 b8 01 00 
> > 00 00 5b 4c 89 d6 5d 41 5c e9 02 f6 ff ff 0f 0b 49 8b 42 08 a8 01 75 c3 
> > <0f> 0b 48 8b 3d ff 48 dd 00 e9 c7 fe ff ff 66 2e 0f 1f 84 00 00 00
> > [133082.303776] RSP: 0018:ffffb71549543e58 EFLAGS: 00010246
> > [133082.303776] RAX: 0000000000000000 RBX: ffff941ddae5c000 RCX: 
> > ffffffffa4ada018
> > [133082.303777] RDX: 0000000000000000 RSI: 0000000000000296 RDI: 
> > 00006be600000000
> > [133082.303778] RBP: ffffffffc08c1040 R08: ffffe66b51437208 R09: 
> > 0000000000000001
> > [133082.303778] R10: ffffe66b516b9700 R11: ffffe66b51707008 R12: 
> > ffffffffc08bf742
> > [133082.303779] R13: 0000000000000000 R14: 0000000000000000 R15: 
> > ffff941ddae5c000
> > [133082.303780] FS:  00007f6337c2c080(0000) GS:ffff941ddeb40000(0000) 
> > knlGS:0000000000000000
> > [133082.303781] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [133082.303781] CR2: 00007ffd34ee8cf8 CR3: 000000042a628006 CR4: 
> > 00000000003606e0
> 
> This should be
> https://lore.kernel.org/lkml/5f31cde519b941308412b3849197e...@acums.aculab.com/
> and the commit was reverted in 4.19.161.
> 
> Can you check if applying the revert commit fixes the issue?

No need to test explicitly, I could verify myself and it is the same
issue and fixed by the revert. Fix will be included in the next
upload.

Regards,
Salvatore