System panics with "Kernel panic - not syncing: audit: backlog limit exceeded" (OR) "Kernel panic - not syncing: audit: kauditd retry queue overflow"

Solution Verified - Updated -

Issue

  • Kernel panicked with the following call traces.
crash> log
[..]
[190792.730395] audit: audit_backlog=8193 > audit_backlog_limit=8192 
[190792.730399] audit: audit_lost=57 audit_rate_limit=0 audit_backlog_limit=8192
[190792.730402] Kernel panic - not syncing: audit: backlog limit exceeded 

[190792.730495] CPU: 4 PID: 24401 Comm: chown Kdump: loaded Tainted: P           OE  ------------   3.10.0-1160.71.1.el7.x86_64 #1
[190792.730539] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
[190792.730579] Call Trace:
[190792.730599]  [<ffffffffb3d865c9>] dump_stack+0x19/0x1b
[190792.730632]  [<ffffffffb3d802d1>] panic+0xe8/0x21f
[190792.730656]  [<ffffffffb369e669>] ? vprintk_default+0x29/0x40
[190792.730682]  [<ffffffffb3736914>] audit_panic+0x64/0x70
[190792.730704]  [<ffffffffb373695f>] audit_log_lost+0x3f/0xd0
[190792.730727]  [<ffffffffb37376b4>] audit_log_start+0x1c4/0x4b0
[190792.730752]  [<ffffffffb36daf20>] ? wake_up_state+0x20/0x20
[190792.730776]  [<ffffffffb373c282>] audit_log_exit+0x52/0x990
[190792.730819]  [<ffffffffb373e5aa>] ? audit_filter_inodes+0xda/0x130
[190792.730845]  [<ffffffffb373ed0d>] __audit_syscall_exit+0x22d/0x2b0
[190792.730871]  [<ffffffffb3d9a176>] sysret_audit+0x17/0x21

OR

crash> log
[..]
audit: type=1302 audit(1670108441.530:4365593): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25186565 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
audit: type=1327 audit(1670108441.530:4365593): proctitle=63686D6F6400363434002F7661722F6C6F672F6E6574776F726B5F7379736C6F672F6E6574776F726B5F66696C65732F31302E3
132392E34302E3235322E747874002F7661722F6C6F672F6E6574776F726B5F7379736C6F672F6E6574776F726B5F66696C65732F32303231
2E747874002F7661722F6C6F672F6E6574776F72
Kernel panic - not syncing: audit: kauditd retry queue overflow

CPU: 0 PID: 82 Comm: kauditd Not tainted 4.18.0-425.3.1.el8.x86_64 #1
Hardware name: Red Hat RHEL, BIOS 1.15.0-2.module+el8.6.0+14757+c25ee005 04/01/2014
Call Trace:
dump_stack+0x41/0x60
panic+0xe7/0x2ac
? kauditd_printk_skb+0x40/0x40
audit_panic.cold.25+0x1f/0x1f
kauditd_retry_skb+0x3b/0x50
kauditd_send_queue+0x109/0x130
? audit_log_lost+0x90/0x90
? audit_log_lost+0x90/0x90
kauditd_thread+0x103/0x240
? finish_wait+0x80/0x80
? auditd_reset+0xa0/0xa0
kthread+0x10b/0x130
? set_kthread_struct+0x50/0x50
ret_from_fork+0x35/0x40
Kernel Offset: 0x38800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
---[ end Kernel panic - not syncing: audit: kauditd retry queue overflow

Environment

  • Red Hat Enterprise Linux (RHEL) 5, 6, 7, 8
  • auditd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content