[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1111017: linux 6.1.147 hangs when loading audit rules / booting

Package: linux-signed-amd64
Version: 6.1.147-1
Severity: important

hello
the update to 6.1.147 https://lists.debian.org/debian-security-announce/2025/msg00137.html fully hangs the
machine when auditd rules are loaded (also during boot).

To reproduce boot into this kernel, install auditd and run:
$ cat /etc/audit/audit.rules
-D
-b 8192
-f 1
--backlog_wait_time 60000
-a always,exit -F arch=b64 -F dir=/var/log/audit/ -F perm=wa  -F auid!=4294967295 -k T1005_Data_From_Local_System_audit_log
$ auditctl -R /etc/audit/audit.rules
$ systemctl restart auditd


It is highly likely to freeze the machine or at least a cpu after a few tries:
 kernel:[22824.150267] watchdog: BUG: soft lockup - CPU#1 stuck for 48s! [kauditd:28]


This appears to be a regression introduced in upstream commit ae8f160e7eb2
This was reported also on amazon linux https://github.com/amazonlinux/amazon-linux-2023/issues/988
and shows itself in the same way in debian bookworm
amazon linux revert the commit https://github.com/amazonlinux/linux/commit/585be8ae62c8c0cf802d2a60d49a9878ce41478d



According to upstream fixes tags this commit upstream should fix the problem:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=759dfc7d04ba

I have tested this commit added onto the debian 6.1.147-1 kernel package and cannot reproduce the problem anymore.
Reply to: