| 2025-09-11 02:32:17 |
gerald.yang |
bug |
|
|
added bug |
| 2025-09-11 02:32:29 |
gerald.yang |
linux (Ubuntu): importance |
Undecided |
High |
|
| 2025-09-11 02:32:33 |
gerald.yang |
linux (Ubuntu): status |
New |
In Progress |
|
| 2025-09-11 02:32:35 |
gerald.yang |
linux (Ubuntu): assignee |
|
gerald.yang (gerald-yang-tw) |
|
| 2025-09-11 02:33:30 |
gerald.yang |
nominated for series |
|
Ubuntu Plucky |
|
| 2025-09-11 02:33:30 |
gerald.yang |
bug task added |
|
linux (Ubuntu Plucky) |
|
| 2025-09-11 02:33:30 |
gerald.yang |
nominated for series |
|
Ubuntu Questing |
|
| 2025-09-11 02:33:30 |
gerald.yang |
bug task added |
|
linux (Ubuntu Questing) |
|
| 2025-09-11 02:33:30 |
gerald.yang |
nominated for series |
|
Ubuntu Noble |
|
| 2025-09-11 02:33:30 |
gerald.yang |
bug task added |
|
linux (Ubuntu Noble) |
|
| 2025-09-11 02:33:40 |
gerald.yang |
linux (Ubuntu Noble): status |
New |
In Progress |
|
| 2025-09-11 02:33:45 |
gerald.yang |
linux (Ubuntu Plucky): status |
New |
In Progress |
|
| 2025-09-11 02:33:47 |
gerald.yang |
linux (Ubuntu Noble): importance |
Undecided |
High |
|
| 2025-09-11 02:33:49 |
gerald.yang |
linux (Ubuntu Plucky): importance |
Undecided |
High |
|
| 2025-09-11 02:33:53 |
gerald.yang |
linux (Ubuntu Noble): assignee |
|
gerald.yang (gerald-yang-tw) |
|
| 2025-09-11 02:33:55 |
gerald.yang |
linux (Ubuntu Plucky): assignee |
|
gerald.yang (gerald-yang-tw) |
|
| 2025-09-11 02:37:54 |
gerald.yang |
description |
[Impact]
When the audit rate limit is exceeded, memory starts leaking, this can be observed by:
watch -d -n 1 grep -i SUnreclaim' /proc/meminfo
Unreclaimable slab grows rapidly and lead to run out of all available memory
Only reboot can recover it.
[Fix]
This upstream patch fixes the issue:
https://lore.kernel.org/audit/[email protected]/T/#t
and merged into maintainer's tree:
https://github.com/linux-audit/audit-kernel/commit/d2c773159327f4d2f6438acf1ae2ae9ac0ca46a9
[Test Plan]
Add the following line to set a small rate limit in /etc/audit/rules.d/audit.rules:
-a always,exit -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access -r 100
Trigger permission denied by running the following command as a normal user:
while :; do cat /proc/1/environ; done
Make sure we see the warning message in kernel log:
[ 2531.862184] audit: rate limit exceeded
[Where problems could occur]
Originally the skb is leak and no one is able to process or free it anymore.
The above patch just frees the leaking skb when rate limit is exceeded,
there won't be any additional impact. |
[Impact]
When the audit rate limit is exceeded, memory starts leaking, this can be observed by:
watch -d -n 1 grep -i SUnreclaim' /proc/meminfo
Unreclaimable slab grows rapidly and lead to run out of all available memory
Only reboot can recover it.
5.15 kernel doesn't have this issue, it's introduced later than 5.19 kernel,
and caused by LSM stacking code.
[Fix]
This upstream patch fixes the issue:
https://lore.kernel.org/audit/[email protected]/T/#t
and merged into maintainer's tree:
https://github.com/linux-audit/audit-kernel/commit/d2c773159327f4d2f6438acf1ae2ae9ac0ca46a9
[Test Plan]
Add the following line to set a small rate limit in /etc/audit/rules.d/audit.rules:
-a always,exit -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access -r 100
Trigger permission denied by running the following command as a normal user:
while :; do cat /proc/1/environ; done
Make sure we see the warning message in kernel log:
[ 2531.862184] audit: rate limit exceeded
[Where problems could occur]
Originally the skb is leak and no one is able to process or free it anymore.
The above patch just frees the leaking skb when rate limit is exceeded,
there won't be any additional impact. |
|
| 2025-09-11 02:46:40 |
gerald.yang |
description |
[Impact]
When the audit rate limit is exceeded, memory starts leaking, this can be observed by:
watch -d -n 1 grep -i SUnreclaim' /proc/meminfo
Unreclaimable slab grows rapidly and lead to run out of all available memory
Only reboot can recover it.
5.15 kernel doesn't have this issue, it's introduced later than 5.19 kernel,
and caused by LSM stacking code.
[Fix]
This upstream patch fixes the issue:
https://lore.kernel.org/audit/[email protected]/T/#t
and merged into maintainer's tree:
https://github.com/linux-audit/audit-kernel/commit/d2c773159327f4d2f6438acf1ae2ae9ac0ca46a9
[Test Plan]
Add the following line to set a small rate limit in /etc/audit/rules.d/audit.rules:
-a always,exit -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access -r 100
Trigger permission denied by running the following command as a normal user:
while :; do cat /proc/1/environ; done
Make sure we see the warning message in kernel log:
[ 2531.862184] audit: rate limit exceeded
[Where problems could occur]
Originally the skb is leak and no one is able to process or free it anymore.
The above patch just frees the leaking skb when rate limit is exceeded,
there won't be any additional impact. |
[Impact]
When the audit rate limit is exceeded, memory starts leaking, this can be observed by:
watch -d -n 1 grep -i SUnreclaim' /proc/meminfo
Unreclaimable slab grows rapidly and lead to run out of all available memory
Only reboot can recover it.
5.15 kernel doesn't have this issue, it's introduced later than 5.19 kernel,
and caused by LSM stacking code.
[Fix]
This upstream patch fixes the issue:
https://lore.kernel.org/audit/[email protected]/T/#t
and merged into maintainer's tree:
https://github.com/linux-audit/audit-kernel/commit/d2c773159327f4d2f6438acf1ae2ae9ac0ca46a9
[Test Plan]
Add the following line to set a small rate limit in /etc/audit/rules.d/audit.rules:
-a always,exit -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access -r 100
Trigger permission denied by running the following command as a normal user:
while :; do cat /proc/1/environ; done
Make sure we see the warning message in kernel log:
[ 2531.862184] audit: rate limit exceeded
[Where problems could occur]
Originally the skb is leak and no one is able to process or free it anymore.
The above patch just frees the leaking skb when rate limit is exceeded,
there won't be any additional impact.
[ Other Info ]
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2098730 |
|
| 2025-09-11 05:55:45 |
gerald.yang |
linux (Ubuntu Noble): importance |
High |
Critical |
|
| 2025-09-11 05:55:47 |
gerald.yang |
linux (Ubuntu Plucky): importance |
High |
Critical |
|
| 2025-09-11 05:55:50 |
gerald.yang |
linux (Ubuntu Questing): importance |
High |
Critical |
|
| 2025-09-11 14:55:19 |
Wesley Hershberger |
bug |
|
|
added subscriber Wesley Hershberger |
| 2025-09-11 23:00:35 |
Ubuntu Kernel Bot |
tags |
|
kernel-daily-bug |
|
| 2025-09-12 11:55:36 |
Stefan Bader |
linux (Ubuntu Noble): importance |
Critical |
High |
|
| 2025-09-12 11:55:39 |
Stefan Bader |
linux (Ubuntu Plucky): importance |
Critical |
High |
|
| 2025-09-12 11:55:42 |
Stefan Bader |
linux (Ubuntu Questing): importance |
Critical |
High |
|
| 2025-09-12 11:56:04 |
Stefan Bader |
linux (Ubuntu Questing): status |
In Progress |
Fix Committed |
|
| 2025-09-12 11:56:10 |
Stefan Bader |
linux (Ubuntu Noble): status |
In Progress |
Fix Committed |
|
| 2025-09-12 11:57:51 |
Stefan Bader |
linux (Ubuntu Plucky): status |
In Progress |
Fix Committed |
|
| 2025-09-22 19:40:34 |
Ubuntu Kernel Bot |
tags |
kernel-daily-bug |
kernel-daily-bug kernel-spammed-plucky-linux-v2 verification-needed-plucky-linux |
|
| 2025-09-23 02:48:21 |
gerald.yang |
tags |
kernel-daily-bug kernel-spammed-plucky-linux-v2 verification-needed-plucky-linux |
kernel-daily-bug kernel-spammed-plucky-linux-v2 verification-done-plucky-linux |
|
| 2025-09-24 12:55:40 |
Marco Ferrara |
bug |
|
|
added subscriber Marco Ferrara |
| 2025-09-25 14:45:40 |
Launchpad Janitor |
linux (Ubuntu Questing): status |
Fix Committed |
Fix Released |
|
| 2025-09-25 17:10:28 |
Ubuntu Kernel Bot |
tags |
kernel-daily-bug kernel-spammed-plucky-linux-v2 verification-done-plucky-linux |
kernel-daily-bug kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-plucky-linux verification-needed-noble-linux |
|
| 2025-09-26 09:07:32 |
gerald.yang |
tags |
kernel-daily-bug kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-plucky-linux verification-needed-noble-linux |
kernel-daily-bug kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-noble-linux verification-done-plucky-linux |
|
| 2025-10-07 07:58:52 |
Ubuntu Kernel Bot |
tags |
kernel-daily-bug kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-noble-linux verification-done-plucky-linux |
kernel-daily-bug kernel-spammed-jammy-linux-azure-fde-6.8-v2 kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-noble-linux verification-done-plucky-linux verification-needed-jammy-linux-azure-fde-6.8 |
|
| 2025-10-08 15:27:45 |
Heather Lemon |
bug |
|
|
added subscriber Heather Lemon |
| 2025-10-09 08:28:59 |
Ubuntu Kernel Bot |
tags |
kernel-daily-bug kernel-spammed-jammy-linux-azure-fde-6.8-v2 kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-noble-linux verification-done-plucky-linux verification-needed-jammy-linux-azure-fde-6.8 |
kernel-daily-bug kernel-spammed-jammy-linux-azure-fde-6.8-v2 kernel-spammed-noble-linux-oem-6.17-v2 kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-noble-linux verification-done-plucky-linux verification-needed-jammy-linux-azure-fde-6.8 verification-needed-noble-linux-oem-6.17 |
|
| 2025-10-15 23:08:16 |
Ubuntu Kernel Bot |
tags |
kernel-daily-bug kernel-spammed-jammy-linux-azure-fde-6.8-v2 kernel-spammed-noble-linux-oem-6.17-v2 kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-noble-linux verification-done-plucky-linux verification-needed-jammy-linux-azure-fde-6.8 verification-needed-noble-linux-oem-6.17 |
kernel-daily-bug kernel-spammed-jammy-linux-azure-fde-6.8-v2 kernel-spammed-noble-linux-bluefield-v2 kernel-spammed-noble-linux-oem-6.17-v2 kernel-spammed-noble-linux-v2 kernel-spammed-plucky-linux-v2 verification-done-noble-linux verification-done-plucky-linux verification-needed-jammy-linux-azure-fde-6.8 verification-needed-noble-linux-bluefield verification-needed-noble-linux-oem-6.17 |
|
