Just to update, it seems the main trigger is whenever the rate limit or buffer is exceeded. I can reliably hit this bug once I start seeing those buffer reached messages:
[Fri Sep 5 23:39:12 2025] audit: rate limit exceeded [Fri Sep 5 23:39:13 2025] audit: audit_lost=4556975 audit_rate_limit=100 audit_backlog_limit=100 [Fri Sep 5 23:39:13 2025] audit: rate limit exceeded [Fri Sep 5 23:39:14 2025] audit: audit_lost=4560045 audit_rate_limit=100 audit_backlog_limit=100 [Fri Sep 5 23:39:14 2025] audit: rate limit exceeded [Fri Sep 5 23:39:15 2025] audit: audit_lost=4563135 audit_rate_limit=100 audit_ba the increasing memory usage is stopped once I set the rate limit (-r) and/or backlog buffer (-b) to higher values. To note, apparmor=0 was set throughout this test so I don't believe this is specific to apparmor. This still does not allow me to reclaim the already allocated memory, apart from a full reboot of the host unfortunately. But hopefully this is of some use in the continued debugging. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2098730 Title: Kernel 6.8.0 memory leak To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2098730/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
