Re: kernel panic: audit: rate limit exceeded
On Mon, Feb 24, 2020 at 3:08 AM syzbot
<syzbot+72461ac44b36c98f58e5(a)syzkaller.appspotmail.com> wrote:
Hello,
syzbot found the following crash on:
HEAD commit: 0c0ddd6a Merge tag 'linux-watchdog-5.6-rc3' of git://www.l..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=12c8a3d9e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=3b8906eb6a7d6028
dashboard link: https://syzkaller.appspot.com/bug?extid=72461ac44b36c98f58e5
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c803ede00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17237de9e00000
The bug was bisected to:
commit 28b75415ad19fef232d8daab4d5de17d753f0b36
Author: Romain Perier <romain.perier(a)collabora.com>
Date: Wed Aug 23 07:16:51 2017 +0000
wireless: ipw2200: Replace PCI pool old API
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12dbfe09e00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=11dbfe09e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=16dbfe09e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+72461ac44b36c98f58e5(a)syzkaller.appspotmail.com
Fixes: 28b75415ad19 ("wireless: ipw2200: Replace PCI pool old API")
audit: audit_lost=1 audit_rate_limit=2 audit_backlog_limit=0
Kernel panic - not syncing: audit: rate limit exceeded
CPU: 1 PID: 10031 Comm: syz-executor626 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
audit_panic.cold+0x32/0x32 kernel/audit.c:307
audit_log_lost kernel/audit.c:377 [inline]
audit_log_lost+0x8b/0x180 kernel/audit.c:349
audit_log_end+0x23c/0x2b0 kernel/audit.c:2322
audit_log_config_change+0xcc/0xf0 kernel/audit.c:396
audit_receive_msg+0x2246/0x28b0 kernel/audit.c:1277
audit_receive+0x114/0x230 kernel/audit.c:1513
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:672
____sys_sendmsg+0x753/0x880 net/socket.c:2343
___sys_sendmsg+0x100/0x170 net/socket.c:2397
__sys_sendmsg+0x105/0x1d0 net/socket.c:2430
__do_sys_sendmsg net/socket.c:2439 [inline]
__se_sys_sendmsg net/socket.c:2437 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441239
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89
ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3
66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd68c9df48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441239
RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
RBP: 0000000000018b16 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402060
R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..
Has the syzbot audit related configuration recently changed? At the
very least it looks like you want to configure the system so that it
doesn't panic when an audit record is lost (printk/AUDIT_FAIL_PRINTK
or silent/AUDIT_FAIL_SILENT are better options); look at the
auditctl(8) manpage for some more information (hint: look at the "-f"
option).
--
paul moore
www.paul-moore.com