[clamav-users] strace - select(13, [12], NULL, NULL, NULL) = -1 EBADF (Bad file descriptor) <0.000017>

Thu, 07 Nov 2019 02:58:39 -0800 

Good morning

We have an issues affecting multiple VM's running clamd (with On Access
scanning enabled). We see High sy CPU (98%) and very high load (20-50
1min), both 2 and 4 core VM's.

When we strace the process we that clamd cannot read its config files:

root@xxxxx ]# strace -T -tt -f -p 62279
strace: Process 62279 attached with 3 threads
[pid 62281] 10:08:50.970009 restart_syscall(<... resuming interrupted
poll ...> <unfinished ...>
[pid 62279] 10:08:51.491142 restart_syscall(<... resuming interrupted
poll ...> <unfinished ...>
[pid 62282] 10:08:52.047155 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000017>
[pid 62282] 10:08:52.047290 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047342 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047388 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000016>
[pid 62282] 10:08:52.047437 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000016>
[pid 62282] 10:08:52.047484 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047527 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047571 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047620 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047666 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000014>
[pid 62282] 10:08:52.047708 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000014>
[pid 62282] 10:08:52.047752 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047794 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000014>
[pid 62282] 10:08:52.047839 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047892 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047938 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.047980 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.048025 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000014>
[pid 62282] 10:08:52.048067 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.048111 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000014>
[pid 62282] 10:08:52.048153 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.048197 read(12, 0x7f2c66e0ad90, 4096) = -1 EBADF
(Bad file descriptor) <0.000015>
[pid 62282] 10:08:52.048240 select(13, [12], NULL, NULL, NULL) = -1
EBADF (Bad file descriptor) <0.000015>



I tried to launch clamdtop to see if there was a queue to view, which
failed:
[root@xxxxx ]# clamdtop
        __                    ____
  _____/ /___ _____ ___  ____/ / /_____  ____
 / ___/ / __ `/ __ `__ \/ __  / __/ __ \/ __ \
/ /__/ / /_/ / / / / / / /_/ / /_/ /_/ / /_/ /
\___/_/\__,_/_/ /_/ /_/\__,_/\__/\____/ .___/
                                     /_/
Connecting to: /var/run/clamd.scan/clamd.sock
Abnormal program termination: Failed to reconnect to clamd after
connection was lost in reconnect at line 762


this seem to result in a kill -11 on the pid:

Nov  7 10:10:12 prd-atv-int-opt03.int.tac.local systemd:
clamd@scan.service: main process exited, code=killed, status=11/SEGV
Nov  7 10:10:12 prd-atv-int-opt03.int.tac.local systemd: Unit
clamd@scan.service entered failed state.
Nov  7 10:10:12 prd-atv-int-opt03.int.tac.local systemd:
clamd@scan.service failed.
Nov  7 10:10:12 prd-atv-int-opt03.int.tac.local systemd:
clamd@scan.service holdoff time over, scheduling restart.
Nov  7 10:10:12 prd-atv-int-opt03.int.tac.local systemd: Stopped
Generic clamav scanner daemon.
Nov  7 10:10:12 prd-atv-int-opt03.int.tac.local systemd: Starting
Generic clamav scanner daemon...


Which brought clamd back to life and the system load returned to
normal. no idea is this is a OS bug, a ClamAV bug or some kind of user
error, any help here will be appreciated.


--
Thank you,
Tim

[Winner of the 2018 Consumer Credit Awards]

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to