[Pkg-clamav-devel] Bug#904111: clamav-daemon causing deadlocks/blocking I/O.
Adam Lambert
linuxjack at gmail.com
Thu Jul 19 21:38:04 BST 2018
Package: clamav-daemon
Version: 0.100.0+dfsg-0+deb9u2
Severity: critical
Justification: breaks the whole system
Dear Maintainer,
After a recent apt upgrade, within a few minutes, my system started locking up.
A reboot would buy me about 2 minutes of working time before it locked up again.
I noted the following in the logs that seemed to correspond:
clamd (28514): Using fanotify permission checks may lead to deadlock; tainting kernel
and shortly thereafter
INFO: task clamd:28512 blocked for more than 120 seconds.
This seemed to be causing some kind of deadlock as described in the first error, since
other programs would go into forever wait mode waiting on I/O (ie: blocking I/O).
The other programs could not be kill -9'd.
service clamav-daemon stop == system instantly returned to stability.
I downgraded to 0.99.4+dfsg-1+deb9u1 and system remains stable as it had been heretofore.
I suspect this is related to my use of ScanOnAccess true, but not sure.
The only thing I think that is otherwise unusual about my system is that I do not use
SystemD nor any major GUI environment (simple IceWM setup). Otherwise, I run a
pretty stripped down setup, with as few running processes as possible.
I have already downgraded, so you may see incorrectly some versions in the included
data of 0.99.4+dfsg-1+deb9u1. 0.99.4+dfsg-1+deb9u1 is the stable version. It is the
0.100.0+dfsg-0+deb9u2 version that is broken.
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
StatsHostID = "auto"
StatsEnabled disabled
StatsPEDisabled = "yes"
StatsTimeout = "10"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "root"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess = "yes"
OnAccessMountPath disabled
OnAccessIncludePath = "/tmp", "/home", "/root"
OnAccessExcludePath disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention = "yes"
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
Config file: freshclam.conf
---------------------------
StatsHostID disabled
StatsEnabled disabled
StatsTimeout disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.100.0
WARNING: Version mismatch: libclamav=0.100.0, clamconf=0.99.4
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT
Database information
--------------------
Database directory: /var/lib/clamav
[3rd Party] spamattach.hdb: 14 sigs
[3rd Party] jurlbl.ndb: 14038 sigs
[3rd Party] bofhland_phishing_URL.ndb: 24 sigs
[3rd Party] winnow_malware_links.ndb: 4623 sigs
main.cvd: version 58, sigs: 4566249, built on Wed Jun 7 14:38:10 2017
[3rd Party] rogue.hdb: 4668 sigs
bytecode.cld: version 325, sigs: 90, built on Wed Jul 18 11:05:37 2018
[3rd Party] porcupine.ndb: 3306 sigs
daily.cld: version 24764, sigs: 2018970, built on Thu Jul 19 10:09:32 2018
[3rd Party] junk.ndb: 56783 sigs
[3rd Party] sanesecurity.ftm: 170 sigs
[3rd Party] spamimg.hdb: 162 sigs
[3rd Party] bofhland_cracked_URL.ndb: 26 sigs
[3rd Party] winnow_extended_malware.hdb: 245 sigs
[3rd Party] winnow_bad_cw.hdb: 1 sig
[3rd Party] crdfam.clamav.hdb: 1 sig
[3rd Party] scam.ndb: 12486 sigs
[3rd Party] blurl.ndb: 61097 sigs
[3rd Party] phish.ndb: 27408 sigs
[3rd Party] winnow.attachments.hdb: 182 sigs
[3rd Party] winnow_malware.hdb: 293 sigs
[3rd Party] doppelstern.hdb: 1 sig
[3rd Party] phishtank.ndb: 29898 sigs
[3rd Party] bofhland_malware_attach.hdb: 1835 sigs
[3rd Party] bofhland_malware_URL.ndb: 4 sigs
Total number of signatures: 6802574
Platform information
--------------------
uname: Linux 4.9.0-7-amd64 #1 SMP Debian 4.9.110-1 (2018-07-05) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 9.5 (stretch)
zlib version: 1.2.8 (1.2.8), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: ivybridge, Little-endian
platform id: 0x0a215b5b0806030001060300
Build information
-----------------
GNU C: 6.3.0 20170516 (6.3.0)
GNU C++: 6.3.0 20170516 (6.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-CK3UEA/clamav-0.99.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-CK3UEA/clamav-0.99.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-CK3UEA/clamav-0.99.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-CK3UEA/clamav-0.99.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu'
sizeof(void*) = 8
Engine flevel: 91, dconf: 91
--- data dir ---
total 287532
-rw-r--r-- 1 clamav clamav 10127922 Jul 19 12:15 blurl.ndb
-rw-r--r-- 1 clamav clamav 2384 Jul 19 08:03 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav 546 Jul 19 08:03 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav 106188 Jan 12 2018 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav 3252 Jul 19 08:03 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav 950272 Jul 19 13:11 bytecode.cld
-rw-r--r-- 1 clamav clamav 82 Jul 13 2016 crdfam.clamav.hdb
-rw-r--r-- 1 clamav clamav 144614400 Jul 19 13:11 daily.cld
-rw-r--r-- 1 clamav clamav 65 Jul 26 2013 doppelstern.hdb
-rw-r--r-- 1 clamav clamav 7114765 Jul 18 01:22 junk.ndb
-rw-r--r-- 1 clamav clamav 1682782 Jul 19 12:15 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 117892267 Jan 12 2018 main.cvd
-rw------- 1 clamav clamav 1248 Jul 19 13:11 mirrors.dat
-rw-r--r-- 1 clamav clamav 4040464 Jul 18 08:17 phish.ndb
-rw-r--r-- 1 clamav clamav 4490319 Jul 19 10:01 phishtank.ndb
-rw-r--r-- 1 clamav clamav 354219 Jul 19 08:01 porcupine.ndb
-rw-r--r-- 1 clamav clamav 509662 Jul 19 10:14 rogue.hdb
-rw-r--r-- 1 clamav clamav 11098 Oct 18 2016 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1895934 Jul 17 07:18 scam.ndb
-rw-r--r-- 1 clamav clamav 454 Jul 19 02:14 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav 1391 Apr 28 2017 spamattach.hdb
-rw-r--r-- 1 clamav clamav 15567 Jul 17 01:15 spamimg.hdb
-rw-r--r-- 1 clamav clamav 14825 Jul 16 00:28 winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav 66 Jan 12 2018 winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav 16271 Feb 25 16:00 winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav 18189 Mar 4 16:00 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav 506160 Jun 26 03:27 winnow_malware_links.ndb
-- System Information:
Debian Release: 9.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages clamav-daemon depends on:
ii adduser 3.115
ii clamav-base 0.99.4+dfsg-1+deb9u1
ii clamav-freshclam [clamav-data] 0.99.4+dfsg-1+deb9u1
ii debconf [debconf-2.0] 1.5.61
ii dpkg 1.18.25
ii init-system-helpers 1.48
ii libc6 2.24-11+deb9u3
ii libclamav7 0.100.0+dfsg-0+deb9u2
ii libncurses5 6.0+20161126-1+deb9u2
ii libssl1.1 1.1.0f-3+deb9u2
ii libsystemd0 232-25+deb9u1
ii libtinfo5 6.0+20161126-1+deb9u2
ii lsb-base 9.20161125
ii procps 2:3.3.12-3+deb9u1
ii ucf 3.0036
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages clamav-daemon recommends:
pn clamdscan <none>
Versions of packages clamav-daemon suggests:
pn apparmor <none>
pn clamav-docs <none>
pn daemon <none>
-- debconf-show failed
More information about the Pkg-clamav-devel
mailing list