Red Hat Bugzilla – Bug 189626
LTC23352-Audit netlink deadlock
Last modified: 2007-11-30 17:11:31 EST
LTC Owner is: firstname.lastname@example.org
LTC Originator is: email@example.com
Auditctl deadlocks on large buffers. It appears that when the netlink buffer
fills, it is holding a mutex, it expects the receiver to receive, auditctl
receive needs to be audited but can't because the mutex is held. Hence it
If this is a customer issue, please indicate the impact to the customer:
If this is not an installation problem,
Describe any custom patches installed.
Using FC5 + latest updates + 2.6.17-rc1-mm3 + audit 1.2.1
Provide output from "uname -a", if possible:
Linux jawbreaker.ltc.austin.ibm.com 2.6.17-rc1-mm3 #1 SMP Tue Apr 18
13:23:40 CDT 2006 ppc64 ppc64 ppc64 GNU/Linux
Machine type (p650, x235, SF2, etc.): HV4 LPAR
Cpu type (Power4, Power5, IA-64, etc.): Power5
Describe any special hardware you think might be relevant to this problem:
Is this reproducible?
If so, how long does it (did it) take to reproduce it?
Describe the steps:
Please see attached scripts. Basically, add a entry and exit never rules
for all syscalls, auditctl -l, auditctl -D. Now you're deadlocked.
If not, describe how the bug was encountered:
Is the system (not just the application) hung?
Yes, for some value of hung. Kernel is still alive. However, trusted
programs, such as login, are hung.
If so, describe how you determined this:
Can still Ctrl-o (Alt-SysRq) t, u, and b on console. Existing open ssh
sessions still allow some commands to be executed. Auditctl -l hangs.
Did the system produce an OOPS message on the console?
No. However, please see attached Ctrl-o t output.
Is the system sitting in a debugger right now?
Can be at any time.
Created attachment 128097 [details]
Test driver shell script
Created attachment 128098 [details]
awk script to grab syscalls from ppc_table.h and insert audit rules
Sorry this is a single line ugly thing. It's just a saved shell command line.
Created attachment 128099 [details]
Straces of auditctl -l and auditctl -D
Created attachment 128100 [details]
Task list from Ctrl-O t
Why are you filing -mm bugs here ? They belong in http://bugme.osdl.org/
----- Additional Comments From firstname.lastname@example.org 2006-04-25 15:01 EDT -------
Please do not redisposition this bug. Steve Grubb explicitly requested that it
be opened against Fedora Development. I asked him beforehand. I also cc'd him
on it and have in our project status. Irina Boverman is also aware of it.
Contact Steve or Irina if you have questions.
Quoting from the redhat-lspp list:
> On Friday 21 April 2006 10:35, George Wilson wrote:
> > Should it just be against rawhide?
> Yes. Fedora Core/devel. Let me know the bugzilla number.
----- Additional Comments From email@example.com 2006-04-25 15:16 EDT -------
Steve Grubb is reopening this on the Red Hat side. Thanks, Steve.
The kernel piece has been released in lspp.20 kernel. Closing this bug.
What |Removed |Added
------- Additional Comments From firstname.lastname@example.org 2006-05-03 18:26 EDT -------
Deadlock appears to be fixed in the lspp.21 kernel.