Hanging processes with Linux Security 11.00 on RHEL/CentOS 7.x
Linux Security 11.00 on RHEL/CentOS 7.x causes processes to hang when on-access scanning is turned on. The system log warns about one or more processes being blocked for more than 120 seconds.
The Linux kernel version (3.10) used by RHEL/CentOS 7.x suffers from a subtle but serious bug that has been fixed in later kernel versions.
Specifically, the function fanotify_merge() has a faulty logic that replaces fsnotify_event when test_event->refcnt is 2. The original test_event is replaced with a clone and then removed from the notification queue. If the original test_event was carrying an OPEN_PERM event, it has no chance of being woken up again because only the clone of the event will get a response.
The bug has been fixed in RHEL/CentOS 7.x. Simply run
to get a current kernel (3.10.0-327.36.1.el7 or later) and reboot.