auditd consuming excessive memory leading to out-of-memory (OOM)
Issue
- The system encountered an out-of-memory (OOM) condition due to unusually high memory consumption by the
auditdprocess. - Kernel logs captured during the OOM event show
auditdconsuming several gigabytes of resident memory (RSS):
# grep "Tasks state" /var/log/messages -A 5 | grep -E "auditd|^.*rss"
Jul 29 10:00:56 test kernel: [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
Jul 29 10:00:56 test kernel: [ 1608] 0 1608 23837220 19078154 190963712 3912128 -1000 auditd
Jul 29 10:00:56 test kernel: [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
Jul 29 10:00:56 test kernel: [ 1608] 0 1608 23837780 19078250 190971904 3912128 -1000 auditd
Jul 29 10:00:56 test kernel: [ pid ] uid tgid total_vm rss pgtables_bytes swapents oom_score_adj name
Jul 29 10:00:56 test kernel: [ 1608] 0 1608 23837780 19078250 190971904 3912128 -1000 auditd
- The Resident Set Size (rss) value suggests that
auditdconsumed ~73 GiB of RAM:
# bc -q
scale=2
19078250*4/2^20
72.77 (GiB)
Environment
- Red Hat Enterprise Linux 9
- audit
- CentrifyDA/CentrifyDC libraries
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
