Hanging processes with Linux Security 11.00 on RHEL/CentOS 7.x

This discussion has a more recent version.
Khairul_A Posts: 272 F-Secure Employee


Linux Security 11.00 on RHEL/CentOS 7.x causes processes to hang when on-access scanning is turned on. The system log warns about one or more processes being blocked for more than 120 seconds.


The Linux kernel version (3.10) used by RHEL/CentOS 7.x suffers from a subtle but serious bug that has been fixed in later kernel versions.

Specifically, the function fanotify_merge() has a faulty logic that replaces fsnotify_event when test_event->refcnt is 2. The original test_event is replaced with a clone and then removed from the notification queue. If the original test_event was carrying an OPEN_PERM event, it has no chance of being woken up again because only the clone of the event will get a response.


The bug has been fixed in RHEL/CentOS 7.x. Simply run

yum update

to get a current kernel (3.10.0-327.36.1.el7 or later) and reboot.