Bug 189626 - LTC23352-Audit netlink deadlock
LTC23352-Audit netlink deadlock
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
powerpc Linux
medium Severity high
: ---
: ---
Assigned To: Steve Grubb
Brian Brock
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2006-04-21 14:45 EDT by IBM Bug Proxy
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-05-02 09:01:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Test driver shell script (95 bytes, text/plain)
2006-04-21 14:47 EDT, IBM Bug Proxy
no flags Details
awk script to grab syscalls from ppc_table.h and insert audit rules (283 bytes, application/octet-stream)
2006-04-21 14:49 EDT, IBM Bug Proxy
no flags Details
Straces of auditctl -l and auditctl -D (165.45 KB, text/plain)
2006-04-21 14:50 EDT, IBM Bug Proxy
no flags Details
Task list from Ctrl-O t (62.87 KB, text/plain)
2006-04-21 14:51 EDT, IBM Bug Proxy
no flags Details

  None (edit)
Description IBM Bug Proxy 2006-04-21 14:45:15 EDT
LTC Owner is: bugrobot@linux.ibm.com
LTC Originator is: gcwilson@us.ibm.com

Problem description:

Auditctl deadlocks on large buffers.  It appears that when the netlink buffer
fills, it is holding a mutex, it expects the receiver to receive, auditctl
receive needs to be audited but can't because the mutex is held.  Hence it

If this is a customer issue, please indicate the impact to the customer:

If this is not an installation problem,
       Describe any custom patches installed.

       Using FC5 + latest updates + 2.6.17-rc1-mm3 + audit 1.2.1

       Provide output from "uname -a", if possible:

       Linux jawbreaker.ltc.austin.ibm.com 2.6.17-rc1-mm3 #1 SMP Tue Apr 18
13:23:40 CDT 2006 ppc64 ppc64 ppc64 GNU/Linux

Hardware Environment
    Machine type (p650, x235, SF2, etc.): HV4 LPAR
    Cpu type (Power4, Power5, IA-64, etc.): Power5
    Describe any special hardware you think might be relevant to this problem:

Is this reproducible?
    If so, how long does it (did it) take to reproduce it?

    1 min.

    Describe the steps:

    Please see attached scripts.  Basically, add a entry and exit never rules
for all syscalls, auditctl -l, auditctl -D.  Now you're deadlocked.

    If not, describe how the bug was encountered:

Is the system (not just the application) hung?

    Yes, for some value of hung.  Kernel is still alive.  However, trusted
programs, such as login, are hung.

    If so, describe how you determined this:

    Can still Ctrl-o (Alt-SysRq) t, u, and b on console.  Existing open ssh
sessions still allow some commands to be executed.  Auditctl -l hangs.

Did the system produce an OOPS message on the console?

    No.  However, please see attached Ctrl-o t output.

Is the system sitting in a debugger right now?

    Can be at any time.
Comment 1 IBM Bug Proxy 2006-04-21 14:47:42 EDT
Created attachment 128097 [details]
Test driver shell script
Comment 2 IBM Bug Proxy 2006-04-21 14:49:03 EDT
Created attachment 128098 [details]
awk script to grab syscalls from ppc_table.h and insert audit rules

Sorry this is a single line ugly thing.  It's just a saved shell command line.
Comment 3 IBM Bug Proxy 2006-04-21 14:50:41 EDT
Created attachment 128099 [details]
Straces of auditctl -l and auditctl -D
Comment 4 IBM Bug Proxy 2006-04-21 14:51:51 EDT
Created attachment 128100 [details]
Task list from Ctrl-O t
Comment 5 Dave Jones 2006-04-24 23:38:34 EDT
Why are you filing -mm bugs here ? They belong in http://bugme.osdl.org/
Comment 6 IBM Bug Proxy 2006-04-25 14:59:18 EDT
----- Additional Comments From gcwilson@us.ibm.com  2006-04-25 15:01 EDT -------
Please do not redisposition this bug.  Steve Grubb explicitly requested that it
be opened against Fedora Development.  I asked him beforehand.  I also cc'd him
on it and have in our project status.  Irina Boverman is also aware of it. 
Contact Steve or Irina if you have questions.

Quoting from the redhat-lspp list:

> On Friday 21 April 2006 10:35, George Wilson wrote:
> > Should it just be against rawhide?
> Yes. Fedora Core/devel. Let me know the bugzilla number.
> -Steve 
Comment 7 IBM Bug Proxy 2006-04-25 15:13:24 EDT
----- Additional Comments From gcwilson@us.ibm.com  2006-04-25 15:16 EDT -------
Steve Grubb is reopening this on the Red Hat side.  Thanks, Steve. 
Comment 8 Steve Grubb 2006-05-02 09:01:27 EDT
The kernel piece has been released in lspp.20 kernel. Closing this bug.
Comment 9 IBM Bug Proxy 2006-05-03 18:23:52 EDT

           What    |Removed                     |Added
             Status|FIXEDAWAITINGTEST           |TESTED

------- Additional Comments From gcwilson@us.ibm.com  2006-05-03 18:26 EDT -------
Deadlock appears to be fixed in the lspp.21 kernel. 

Note You need to log in before you can comment on or make changes to this bug.