linux-audit.redhat.com archive mirror
 help / color / mirror / Atom feed
* kernel panic: audit: rate limit exceeded
@ 2020-02-24  8:08 syzbot
  2020-02-24  8:08 ` syzbot
  2020-02-24 22:37 ` Paul Moore
  0 siblings, 2 replies; 6+ messages in thread
From: syzbot @ 2020-02-24  8:08 UTC (permalink / raw)
  To: eparis, kvalo, linux-audit, linux-kernel, netdev, paul,
	peter.senna, romain.perier, stas.yakovlev, syzkaller-bugs

Hello,

syzbot found the following crash on:

HEAD commit:    0c0ddd6a Merge tag 'linux-watchdog-5.6-rc3' of git://www.l..
git tree:       net
console output: https://syzkaller.appspot.com/x/log.txt?x=12c8a3d9e00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3b8906eb6a7d6028
dashboard link: https://syzkaller.appspot.com/bug?extid=72461ac44b36c98f58e5
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14c803ede00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17237de9e00000

The bug was bisected to:

commit 28b75415ad19fef232d8daab4d5de17d753f0b36
Author: Romain Perier <romain.perier@collabora.com>
Date:   Wed Aug 23 07:16:51 2017 +0000

    wireless: ipw2200: Replace PCI pool old API

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12dbfe09e00000
final crash:    https://syzkaller.appspot.com/x/report.txt?x=11dbfe09e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=16dbfe09e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com
Fixes: 28b75415ad19 ("wireless: ipw2200: Replace PCI pool old API")

audit: audit_lost=1 audit_rate_limit=2 audit_backlog_limit=0
Kernel panic - not syncing: audit: rate limit exceeded
CPU: 1 PID: 10031 Comm: syz-executor626 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 audit_panic.cold+0x32/0x32 kernel/audit.c:307
 audit_log_lost kernel/audit.c:377 [inline]
 audit_log_lost+0x8b/0x180 kernel/audit.c:349
 audit_log_end+0x23c/0x2b0 kernel/audit.c:2322
 audit_log_config_change+0xcc/0xf0 kernel/audit.c:396
 audit_receive_msg+0x2246/0x28b0 kernel/audit.c:1277
 audit_receive+0x114/0x230 kernel/audit.c:1513
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:672
 ____sys_sendmsg+0x753/0x880 net/socket.c:2343
 ___sys_sendmsg+0x100/0x170 net/socket.c:2397
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
 __do_sys_sendmsg net/socket.c:2439 [inline]
 __se_sys_sendmsg net/socket.c:2437 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441239
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd68c9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
RBP: 0000000000018b16 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402060
R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 6+ messages in thread

* kernel panic: audit: rate limit exceeded
  2020-02-24  8:08 kernel panic: audit: rate limit exceeded syzbot
@ 2020-02-24  8:08 ` syzbot
  2020-02-24 22:37 ` Paul Moore
  1 sibling, 0 replies; 6+ messages in thread
From: syzbot @ 2020-02-24  8:08 UTC (permalink / raw)
  To: eparis, kvalo, linux-audit, linux-kernel, netdev, paul,
	peter.senna, romain.perier, stas.yakovlev, syzkaller-bugs

Hello,

syzbot found the following crash on:

HEAD commit:    0c0ddd6a Merge tag 'linux-watchdog-5.6-rc3' of git://www.l..
git tree:       net
console output: https://syzkaller.appspot.com/x/log.txt?x=12c8a3d9e00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3b8906eb6a7d6028
dashboard link: https://syzkaller.appspot.com/bug?extid=72461ac44b36c98f58e5
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14c803ede00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17237de9e00000

The bug was bisected to:

commit 28b75415ad19fef232d8daab4d5de17d753f0b36
Author: Romain Perier <romain.perier@collabora.com>
Date:   Wed Aug 23 07:16:51 2017 +0000

    wireless: ipw2200: Replace PCI pool old API

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12dbfe09e00000
final crash:    https://syzkaller.appspot.com/x/report.txt?x=11dbfe09e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=16dbfe09e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com
Fixes: 28b75415ad19 ("wireless: ipw2200: Replace PCI pool old API")

audit: audit_lost=1 audit_rate_limit=2 audit_backlog_limit=0
Kernel panic - not syncing: audit: rate limit exceeded
CPU: 1 PID: 10031 Comm: syz-executor626 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 audit_panic.cold+0x32/0x32 kernel/audit.c:307
 audit_log_lost kernel/audit.c:377 [inline]
 audit_log_lost+0x8b/0x180 kernel/audit.c:349
 audit_log_end+0x23c/0x2b0 kernel/audit.c:2322
 audit_log_config_change+0xcc/0xf0 kernel/audit.c:396
 audit_receive_msg+0x2246/0x28b0 kernel/audit.c:1277
 audit_receive+0x114/0x230 kernel/audit.c:1513
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:672
 ____sys_sendmsg+0x753/0x880 net/socket.c:2343
 ___sys_sendmsg+0x100/0x170 net/socket.c:2397
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
 __do_sys_sendmsg net/socket.c:2439 [inline]
 __se_sys_sendmsg net/socket.c:2437 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441239
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd68c9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
RBP: 0000000000018b16 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402060
R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: kernel panic: audit: rate limit exceeded
  2020-02-24  8:08 kernel panic: audit: rate limit exceeded syzbot
  2020-02-24  8:08 ` syzbot
@ 2020-02-24 22:37 ` Paul Moore
  2020-02-24 22:37   ` Paul Moore
  2020-02-27 15:40   ` Dmitry Vyukov
  1 sibling, 2 replies; 6+ messages in thread
From: Paul Moore @ 2020-02-24 22:37 UTC (permalink / raw)
  To: syzbot
  Cc: Eric Paris, kvalo, linux-audit, linux-kernel, netdev,
	peter.senna, romain.perier, stas.yakovlev, syzkaller-bugs

On Mon, Feb 24, 2020 at 3:08 AM syzbot
<syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:    0c0ddd6a Merge tag 'linux-watchdog-5.6-rc3' of git://www.l..
> git tree:       net
> console output: https://syzkaller.appspot.com/x/log.txt?x=12c8a3d9e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3b8906eb6a7d6028
> dashboard link: https://syzkaller.appspot.com/bug?extid=72461ac44b36c98f58e5
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14c803ede00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17237de9e00000
>
> The bug was bisected to:
>
> commit 28b75415ad19fef232d8daab4d5de17d753f0b36
> Author: Romain Perier <romain.perier@collabora.com>
> Date:   Wed Aug 23 07:16:51 2017 +0000
>
>     wireless: ipw2200: Replace PCI pool old API
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12dbfe09e00000
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=11dbfe09e00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=16dbfe09e00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com
> Fixes: 28b75415ad19 ("wireless: ipw2200: Replace PCI pool old API")
>
> audit: audit_lost=1 audit_rate_limit=2 audit_backlog_limit=0
> Kernel panic - not syncing: audit: rate limit exceeded
> CPU: 1 PID: 10031 Comm: syz-executor626 Not tainted 5.6.0-rc2-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:77 [inline]
>  dump_stack+0x197/0x210 lib/dump_stack.c:118
>  panic+0x2e3/0x75c kernel/panic.c:221
>  audit_panic.cold+0x32/0x32 kernel/audit.c:307
>  audit_log_lost kernel/audit.c:377 [inline]
>  audit_log_lost+0x8b/0x180 kernel/audit.c:349
>  audit_log_end+0x23c/0x2b0 kernel/audit.c:2322
>  audit_log_config_change+0xcc/0xf0 kernel/audit.c:396
>  audit_receive_msg+0x2246/0x28b0 kernel/audit.c:1277
>  audit_receive+0x114/0x230 kernel/audit.c:1513
>  netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
>  netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
>  netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
>  sock_sendmsg_nosec net/socket.c:652 [inline]
>  sock_sendmsg+0xd7/0x130 net/socket.c:672
>  ____sys_sendmsg+0x753/0x880 net/socket.c:2343
>  ___sys_sendmsg+0x100/0x170 net/socket.c:2397
>  __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
>  __do_sys_sendmsg net/socket.c:2439 [inline]
>  __se_sys_sendmsg net/socket.c:2437 [inline]
>  __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
>  do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
>  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x441239
> Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
> RSP: 002b:00007ffd68c9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
> RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
> RBP: 0000000000018b16 R08: 00000000004002c8 R09: 00000000004002c8
> R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402060
> R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
> Kernel Offset: disabled
> Rebooting in 86400 seconds..

Has the syzbot audit related configuration recently changed?  At the
very least it looks like you want to configure the system so that it
doesn't panic when an audit record is lost (printk/AUDIT_FAIL_PRINTK
or silent/AUDIT_FAIL_SILENT are better options); look at the
auditctl(8) manpage for some more information (hint: look at the "-f"
option).

-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: kernel panic: audit: rate limit exceeded
  2020-02-24 22:37 ` Paul Moore
@ 2020-02-24 22:37   ` Paul Moore
  2020-02-27 15:40   ` Dmitry Vyukov
  1 sibling, 0 replies; 6+ messages in thread
From: Paul Moore @ 2020-02-24 22:37 UTC (permalink / raw)
  To: syzbot
  Cc: netdev, syzkaller-bugs, linux-kernel, linux-audit, peter.senna,
	stas.yakovlev, romain.perier, kvalo

On Mon, Feb 24, 2020 at 3:08 AM syzbot
<syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:    0c0ddd6a Merge tag 'linux-watchdog-5.6-rc3' of git://www.l..
> git tree:       net
> console output: https://syzkaller.appspot.com/x/log.txt?x=12c8a3d9e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3b8906eb6a7d6028
> dashboard link: https://syzkaller.appspot.com/bug?extid=72461ac44b36c98f58e5
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14c803ede00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17237de9e00000
>
> The bug was bisected to:
>
> commit 28b75415ad19fef232d8daab4d5de17d753f0b36
> Author: Romain Perier <romain.perier@collabora.com>
> Date:   Wed Aug 23 07:16:51 2017 +0000
>
>     wireless: ipw2200: Replace PCI pool old API
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12dbfe09e00000
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=11dbfe09e00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=16dbfe09e00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com
> Fixes: 28b75415ad19 ("wireless: ipw2200: Replace PCI pool old API")
>
> audit: audit_lost=1 audit_rate_limit=2 audit_backlog_limit=0
> Kernel panic - not syncing: audit: rate limit exceeded
> CPU: 1 PID: 10031 Comm: syz-executor626 Not tainted 5.6.0-rc2-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:77 [inline]
>  dump_stack+0x197/0x210 lib/dump_stack.c:118
>  panic+0x2e3/0x75c kernel/panic.c:221
>  audit_panic.cold+0x32/0x32 kernel/audit.c:307
>  audit_log_lost kernel/audit.c:377 [inline]
>  audit_log_lost+0x8b/0x180 kernel/audit.c:349
>  audit_log_end+0x23c/0x2b0 kernel/audit.c:2322
>  audit_log_config_change+0xcc/0xf0 kernel/audit.c:396
>  audit_receive_msg+0x2246/0x28b0 kernel/audit.c:1277
>  audit_receive+0x114/0x230 kernel/audit.c:1513
>  netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
>  netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
>  netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
>  sock_sendmsg_nosec net/socket.c:652 [inline]
>  sock_sendmsg+0xd7/0x130 net/socket.c:672
>  ____sys_sendmsg+0x753/0x880 net/socket.c:2343
>  ___sys_sendmsg+0x100/0x170 net/socket.c:2397
>  __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
>  __do_sys_sendmsg net/socket.c:2439 [inline]
>  __se_sys_sendmsg net/socket.c:2437 [inline]
>  __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
>  do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
>  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x441239
> Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
> RSP: 002b:00007ffd68c9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
> RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
> RBP: 0000000000018b16 R08: 00000000004002c8 R09: 00000000004002c8
> R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402060
> R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
> Kernel Offset: disabled
> Rebooting in 86400 seconds..

Has the syzbot audit related configuration recently changed?  At the
very least it looks like you want to configure the system so that it
doesn't panic when an audit record is lost (printk/AUDIT_FAIL_PRINTK
or silent/AUDIT_FAIL_SILENT are better options); look at the
auditctl(8) manpage for some more information (hint: look at the "-f"
option).

-- 
paul moore
www.paul-moore.com


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: kernel panic: audit: rate limit exceeded
  2020-02-24 22:37 ` Paul Moore
  2020-02-24 22:37   ` Paul Moore
@ 2020-02-27 15:40   ` Dmitry Vyukov
  2020-02-27 15:40     ` Dmitry Vyukov
  1 sibling, 1 reply; 6+ messages in thread
From: Dmitry Vyukov @ 2020-02-27 15:40 UTC (permalink / raw)
  To: Paul Moore
  Cc: syzbot, Eric Paris, Kalle Valo, linux-audit, LKML, netdev,
	peter.senna, romain.perier, stas.yakovlev, syzkaller-bugs

On Mon, Feb 24, 2020 at 11:37 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Mon, Feb 24, 2020 at 3:08 AM syzbot
> <syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:    0c0ddd6a Merge tag 'linux-watchdog-5.6-rc3' of git://www.l..
> > git tree:       net
> > console output: https://syzkaller.appspot.com/x/log.txt?x=12c8a3d9e00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=3b8906eb6a7d6028
> > dashboard link: https://syzkaller.appspot.com/bug?extid=72461ac44b36c98f58e5
> > compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14c803ede00000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17237de9e00000
> >
> > The bug was bisected to:
> >
> > commit 28b75415ad19fef232d8daab4d5de17d753f0b36
> > Author: Romain Perier <romain.perier@collabora.com>
> > Date:   Wed Aug 23 07:16:51 2017 +0000
> >
> >     wireless: ipw2200: Replace PCI pool old API
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12dbfe09e00000
> > final crash:    https://syzkaller.appspot.com/x/report.txt?x=11dbfe09e00000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=16dbfe09e00000
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com
> > Fixes: 28b75415ad19 ("wireless: ipw2200: Replace PCI pool old API")
> >
> > audit: audit_lost=1 audit_rate_limit=2 audit_backlog_limit=0
> > Kernel panic - not syncing: audit: rate limit exceeded
> > CPU: 1 PID: 10031 Comm: syz-executor626 Not tainted 5.6.0-rc2-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > Call Trace:
> >  __dump_stack lib/dump_stack.c:77 [inline]
> >  dump_stack+0x197/0x210 lib/dump_stack.c:118
> >  panic+0x2e3/0x75c kernel/panic.c:221
> >  audit_panic.cold+0x32/0x32 kernel/audit.c:307
> >  audit_log_lost kernel/audit.c:377 [inline]
> >  audit_log_lost+0x8b/0x180 kernel/audit.c:349
> >  audit_log_end+0x23c/0x2b0 kernel/audit.c:2322
> >  audit_log_config_change+0xcc/0xf0 kernel/audit.c:396
> >  audit_receive_msg+0x2246/0x28b0 kernel/audit.c:1277
> >  audit_receive+0x114/0x230 kernel/audit.c:1513
> >  netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
> >  netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
> >  netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
> >  sock_sendmsg_nosec net/socket.c:652 [inline]
> >  sock_sendmsg+0xd7/0x130 net/socket.c:672
> >  ____sys_sendmsg+0x753/0x880 net/socket.c:2343
> >  ___sys_sendmsg+0x100/0x170 net/socket.c:2397
> >  __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
> >  __do_sys_sendmsg net/socket.c:2439 [inline]
> >  __se_sys_sendmsg net/socket.c:2437 [inline]
> >  __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
> >  do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
> >  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> > RIP: 0033:0x441239
> > Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
> > RSP: 002b:00007ffd68c9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> > RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
> > RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
> > RBP: 0000000000018b16 R08: 00000000004002c8 R09: 00000000004002c8
> > R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402060
> > R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
> > Kernel Offset: disabled
> > Rebooting in 86400 seconds..
>
> Has the syzbot audit related configuration recently changed?  At the
> very least it looks like you want to configure the system so that it
> doesn't panic when an audit record is lost (printk/AUDIT_FAIL_PRINTK
> or silent/AUDIT_FAIL_SILENT are better options); look at the
> auditctl(8) manpage for some more information (hint: look at the "-f"
> option).

That one has more extended discussion of the situation:

#syz dup: kernel panic: audit: backlog limit exceeded

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: kernel panic: audit: rate limit exceeded
  2020-02-27 15:40   ` Dmitry Vyukov
@ 2020-02-27 15:40     ` Dmitry Vyukov
  0 siblings, 0 replies; 6+ messages in thread
From: Dmitry Vyukov @ 2020-02-27 15:40 UTC (permalink / raw)
  To: Paul Moore
  Cc: netdev, syzkaller-bugs, LKML, linux-audit, peter.senna,
	stas.yakovlev, romain.perier, syzbot, Kalle Valo

On Mon, Feb 24, 2020 at 11:37 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Mon, Feb 24, 2020 at 3:08 AM syzbot
> <syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:    0c0ddd6a Merge tag 'linux-watchdog-5.6-rc3' of git://www.l..
> > git tree:       net
> > console output: https://syzkaller.appspot.com/x/log.txt?x=12c8a3d9e00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=3b8906eb6a7d6028
> > dashboard link: https://syzkaller.appspot.com/bug?extid=72461ac44b36c98f58e5
> > compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14c803ede00000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17237de9e00000
> >
> > The bug was bisected to:
> >
> > commit 28b75415ad19fef232d8daab4d5de17d753f0b36
> > Author: Romain Perier <romain.perier@collabora.com>
> > Date:   Wed Aug 23 07:16:51 2017 +0000
> >
> >     wireless: ipw2200: Replace PCI pool old API
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12dbfe09e00000
> > final crash:    https://syzkaller.appspot.com/x/report.txt?x=11dbfe09e00000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=16dbfe09e00000
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: syzbot+72461ac44b36c98f58e5@syzkaller.appspotmail.com
> > Fixes: 28b75415ad19 ("wireless: ipw2200: Replace PCI pool old API")
> >
> > audit: audit_lost=1 audit_rate_limit=2 audit_backlog_limit=0
> > Kernel panic - not syncing: audit: rate limit exceeded
> > CPU: 1 PID: 10031 Comm: syz-executor626 Not tainted 5.6.0-rc2-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > Call Trace:
> >  __dump_stack lib/dump_stack.c:77 [inline]
> >  dump_stack+0x197/0x210 lib/dump_stack.c:118
> >  panic+0x2e3/0x75c kernel/panic.c:221
> >  audit_panic.cold+0x32/0x32 kernel/audit.c:307
> >  audit_log_lost kernel/audit.c:377 [inline]
> >  audit_log_lost+0x8b/0x180 kernel/audit.c:349
> >  audit_log_end+0x23c/0x2b0 kernel/audit.c:2322
> >  audit_log_config_change+0xcc/0xf0 kernel/audit.c:396
> >  audit_receive_msg+0x2246/0x28b0 kernel/audit.c:1277
> >  audit_receive+0x114/0x230 kernel/audit.c:1513
> >  netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
> >  netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
> >  netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
> >  sock_sendmsg_nosec net/socket.c:652 [inline]
> >  sock_sendmsg+0xd7/0x130 net/socket.c:672
> >  ____sys_sendmsg+0x753/0x880 net/socket.c:2343
> >  ___sys_sendmsg+0x100/0x170 net/socket.c:2397
> >  __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
> >  __do_sys_sendmsg net/socket.c:2439 [inline]
> >  __se_sys_sendmsg net/socket.c:2437 [inline]
> >  __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
> >  do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
> >  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> > RIP: 0033:0x441239
> > Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
> > RSP: 002b:00007ffd68c9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
> > RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
> > RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
> > RBP: 0000000000018b16 R08: 00000000004002c8 R09: 00000000004002c8
> > R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402060
> > R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
> > Kernel Offset: disabled
> > Rebooting in 86400 seconds..
>
> Has the syzbot audit related configuration recently changed?  At the
> very least it looks like you want to configure the system so that it
> doesn't panic when an audit record is lost (printk/AUDIT_FAIL_PRINTK
> or silent/AUDIT_FAIL_SILENT are better options); look at the
> auditctl(8) manpage for some more information (hint: look at the "-f"
> option).

That one has more extended discussion of the situation:

#syz dup: kernel panic: audit: backlog limit exceeded


--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-02-27 16:04 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-24  8:08 kernel panic: audit: rate limit exceeded syzbot
2020-02-24  8:08 ` syzbot
2020-02-24 22:37 ` Paul Moore
2020-02-24 22:37   ` Paul Moore
2020-02-27 15:40   ` Dmitry Vyukov
2020-02-27 15:40     ` Dmitry Vyukov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).