APPLIED[P/N]/Cmnt: [SRU][N/P/Q][PATCH 0/1] UBUNTU: SAUCE: memory leaks when configuring a small rate limit in audit

Stefan Bader stefan.bader at canonical.com
Fri Sep 12 11:59:11 UTC 2025 

On 11/09/2025 10:51, Gerald Yang wrote:
> BugLink: https://bugs.launchpad.net/bugs/2122554
> 
> [Impact]
> 
> When the audit rate limit is exceeded, memory starts leaking, this can be observed by:
> watch -d -n 1 grep -i SUnreclaim' /proc/meminfo
> 
> Unreclaimable slab grows rapidly and lead to run out of all available memory
> Only reboot can recover it.
> 
> 5.15 kernel doesn't have this issue, it's introduced later than 5.19 kernel,
> and caused by LSM stacking code.
> 
> [Fix]
> 
> This upstream patch fixes the issue:
> https://lore.kernel.org/audit/ea31a17a30e6bb284168353606436752@paul-moore.com/T/#t
> 
> and merged into maintainer's tree:
> https://github.com/linux-audit/audit-kernel/commit/d2c773159327f4d2f6438acf1ae2ae9ac0ca46a9
> 
> [Test Plan]
> 
> Add the following line to set a small rate limit in /etc/audit/rules.d/audit.rules:
> -a always,exit -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access -r 100
> 
> Trigger permission denied by running the following command as a normal user:
> while :; do cat /proc/1/environ; done
> 
> Make sure we see the warning message in kernel log:
> [ 2531.862184] audit: rate limit exceeded
> 
> [Where problems could occur]
> 
> Originally the skb is leak and no one is able to process or free it anymore.
> The above patch just frees the leaking skb when rate limit is exceeded,
> there won't be any additional impact.
> 
> [ Other Info ]
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2098730
> 
> Gerald Yang (1):
>    audit: fix skb leak when audit rate limit is exceeded
> 
>   kernel/audit.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 


Applied to plucky,noble:linux/master-next (adjusted SHA1 and dropped 
SAUCE). Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250912/149a6cbd/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250912/149a6cbd/attachment-0001.sig>

More information about the kernel-team mailing list