Bug#1111017: linux 6.1.147 hangs when loading audit rules / booting
Hi,
On Wed, Aug 13, 2025 at 05:41:03PM +0200, Julian Taylor wrote:
> Package: linux-signed-amd64
> Version: 6.1.147-1
> Severity: important
>
> hello
> the update to 6.1.147 https://lists.debian.org/debian-security-announce/2025/msg00137.html fully hangs the
> machine when auditd rules are loaded (also during boot).
>
> To reproduce boot into this kernel, install auditd and run:
> $ cat /etc/audit/audit.rules
> -D
> -b 8192
> -f 1
> --backlog_wait_time 60000
> -a always,exit -F arch=b64 -F dir=/var/log/audit/ -F perm=wa -F auid!=4294967295 -k T1005_Data_From_Local_System_audit_log
> $ auditctl -R /etc/audit/audit.rules
> $ systemctl restart auditd
>
>
> It is highly likely to freeze the machine or at least a cpu after a few tries:
> kernel:[22824.150267] watchdog: BUG: soft lockup - CPU#1 stuck for 48s! [kauditd:28]
>
>
> This appears to be a regression introduced in upstream commit ae8f160e7eb2
> This was reported also on amazon linux https://github.com/amazonlinux/amazon-linux-2023/issues/988
> and shows itself in the same way in debian bookworm
> amazon linux revert the commit https://github.com/amazonlinux/linux/commit/585be8ae62c8c0cf802d2a60d49a9878ce41478d
>
>
>
> According to upstream fixes tags this commit upstream should fix the problem:
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=759dfc7d04ba
>
> I have tested this commit added onto the debian 6.1.147-1 kernel package and cannot reproduce the problem anymore.
Thanks for confirming the required fix. I believe this affects as well
other stable series, and in particular as well 6.12.41-1 in trixie and
the curren experimental version.
It looks while the fixing commit was CC'ed to stable, it was not in
time for the current round of stable update reviews. Will have a look.
Regards,
Salvatore
Reply to: