Hello, we have servers with many auditd rules (150+, I can provide the .rules file to you for testing).
Before kernel update there was no issue with: 5.15.0-140-generic #150 Now the issue persists even after upgrading to proposed 5.15.0-160-generic #170 /sbin/augenrules --load fails after parsing 135 lines of audit.d rules, no matter what rules we use: root@xxx:~# uname -a Linux xxx 5.15.0-160-generic #170-Ubuntu SMP Wed Oct 1 10:06:56 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux root@xxx:~# /sbin/augenrules --load /sbin/augenrules: No change No rules enabled 1 failure 1 pid 3348 rate_limit 0 backlog_limit 8192 lost 0 backlog 116 backlog_wait_time 60000 backlog_wait_time_actual 0 enabled 1 failure 1 pid 3348 rate_limit 0 backlog_limit 8192 lost 0 backlog 120 backlog_wait_time 60000 backlog_wait_time_actual 0 enabled 1 failure 1 pid 3348 rate_limit 0 backlog_limit 8192 lost 0 backlog 63 backlog_wait_time 60000 backlog_wait_time_actual 0 arch elf mapping not found There was an error in line 135 of /etc/audit/audit.rules -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2126434 Title: [Regression Updates] System hangs when loading audit rules (5.15.0-156.166) Status in linux package in Ubuntu: Invalid Status in linux source package in Jammy: Fix Committed Bug description: [SRU Justification] == Impact == Upstream stable v5.15.189 / CVE-2025-38465 added ae8f160e7eb2 ("netlink: Fix wraparounds of sk->sk_rmem_alloc.") which is reported to cause soft-lockups / hangs on boot when loading auditd rules. Message from syslogd@usw745 at Sep 26 12:45:22 ... kernel:[22208.861925] watchdog: BUG: soft lockup - CPU#65 stuck for 26s! [kauditd:593] [22208.862003] FS: 0000000000000000(0000) GS:ffff8e7f84c40000(0000) knlGS:0000000000000000 [22208.862004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [22208.862005] CR2: 00007f6c313b1110 CR3: 0000006fa5c30005 CR4: 00000000007706e0 [22208.862009] PKRU: 55555554 [22208.862010] Call Trace: [22208.862012] <TASK> [22208.862017] ? wake_up_q+0x90/0x90 [22208.862022] netlink_unicast+0xb0/0x290 [22208.862024] kauditd_send_queue+0xb2/0x180 == Fix == This was fixed upstream with the following commit which is part of pending v5.15.190 759dfc7d04ba netlink: avoid infinite retry looping in netlink_unicast() == Testcase == Creating and loading auditd rules on boot (details TBD) == Regression Potential == Anything related to netlink sockets. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2126434/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
