|Summary:||security/clamav: unstoppable, unkillable clamscan process blocking system in state "ufs"|
|Product:||Ports & Packages||Reporter:||O. Hartmann <ohartmann>|
|Component:||Individual Port(s)||Assignee:||freebsd-ports-bugs (Nobody) <ports-bugs>|
|Severity:||Affects Many People||CC:||chris, dewayne, yasu|
Description O. Hartmann 2020-12-13 11:50:04 UTC
Comment 1 O. Hartmann 2020-12-13 12:03:06 UTC
OS: FreeBSD CURRENT (FreeBSD 13.0-CURRENT #168 r368515: Thu Dec 10 15:01:30 CET 2020 amd64), port clamav-0.103.0,1 and clamav-unofficial-sigs-7.0.1. Roughly seven days ago the access to the hosts/netoworks providing clamav's update files were blockes by our firewall. Since 12th of December, clamscan is running with two instances for a user (myself) on the specified host and it is unkillable. I tried almost every KILL signal to stop the process as root, as the UID it runs as, with no success. Opening files with vi doesn't work or starting a new screen with screen command (sysutils/screen, screen-4.8.0) is stuck forever - the attached tty is irresponsive, ssh sessions are stuck and stay in that state forever. The problem looks like a full /tmp or /var/tmp filesystem, but there is plenty of space left and I can't see anything wrong with out of space or out of inodes.
Comment 2 Mark Linimon 2020-12-13 18:04:56 UTC
^Triage: notify maintainer.
Comment 3 dewayne 2020-12-13 20:23:31 UTC
(In reply to O. Hartmann from comment #1) Oliver, perhaps if you could kill the parent pid (kill -s KILL $PPID). Examine ps -axwd -o pid,ppid,command (Generally a SIGTERM should be all that's required, or per FreeBSD's shutdown sequence, finally a SIGKILL deals with the recalcitrant) Also, don't rule out that you might have a full /tmp /var/tmp. If an inode is being used, it may be locked to a naughty process and the space may appear free, but isn't.