A bug on Symantec Endpoint Protection (SEP) causes a huge number of defunct processes. As a result some important services (e.g. sshd, crond) become unavailable with errors "fork: Cannot allocate memory"
Issue
-
A bug on Symantec Endpoint Protection (SEP) causes a huge number of defunct processes. As a result some important services (e.g. sshd, crond) become unavailable with errors "fork: Cannot allocate memory"
-
The following errors are observed in /var/log/secure:
sshd[1343]: error: fork: Cannot allocate memory
/etc/polkit-1/rules.d/49-polkit-pkla-compat.rules:21: Error: Error spawning helper: Error spawning: Failed to fork (Cannot allocate memory) (g-exec-error-quark, 0)
crond[1580]: pam_unix(crond:account): Fork failed: Cannot allocate memory
ps auxshows lots of defunct processes:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
...
root 31070 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31071 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31246 0.0 0.0 0 0 ? Z 06:16 0:00 [uname] <defunct>
root 31247 0.0 0.0 0 0 ? Z 06:16 0:00 [uname] <defunct>
root 31335 0.0 0.0 0 0 ? Z 11:26 0:00 [uname] <defunct>
root 31336 0.0 0.0 0 0 ? Z 11:26 0:00 [uname] <defunct>
root 31349 0.0 0.0 0 0 ? Z 16:30 0:00 [uname] <defunct>
root 31350 0.0 0.0 0 0 ? Z 16:30 0:00 [uname] <defunct>
root 31440 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31441 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31472 0.0 0.0 0 0 ? Z 01:06 0:00 [uname] <defunct>
root 31473 0.0 0.0 0 0 ? Z 01:06 0:00 [uname] <defunct>
root 31591 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31592 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31740 0.0 0.0 0 0 ? Z 06:21 0:00 [uname] <defunct>
root 31741 0.0 0.0 0 0 ? Z 06:21 0:00 [uname] <defunct>
root 31866 0.0 0.0 0 0 ? Z 16:36 0:00 [uname] <defunct>
root 31867 0.0 0.0 0 0 ? Z 16:36 0:00 [uname] <defunct>
root 31872 0.0 0.0 0 0 ? Z 11:31 0:00 [uname] <defunct>
root 31873 0.0 0.0 0 0 ? Z 11:31 0:00 [uname] <defunct>
root 31969 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31970 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31983 0.0 0.0 0 0 ? Z 01:11 0:00 [uname] <defunct>
root 31984 0.0 0.0 0 0 ? Z 01:11 0:00 [uname] <defunct>
root 32068 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32069 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32239 0.0 0.0 0 0 ? Z 06:26 0:00 [uname] <defunct>
root 32240 0.0 0.0 0 0 ? Z 06:26 0:00 [uname] <defunct>
root 32355 0.0 0.0 0 0 ? Z 11:36 0:00 [uname] <defunct>
root 32356 0.0 0.0 0 0 ? Z 11:36 0:00 [uname] <defunct>
root 32389 0.0 0.0 0 0 ? Z 16:41 0:00 [uname] <defunct>
root 32390 0.0 0.0 0 0 ? Z 16:41 0:00 [uname] <defunct>
root 32416 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32417 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32606 0.0 0.0 0 0 ? Z 01:17 0:00 [uname] <defunct>
root 32607 0.0 0.0 0 0 ? Z 01:17 0:00 [uname] <defunct>
root 32623 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32624 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
...
Environment
- Red Hat Enterprise Linux 7.4 (kernel-3.10.0-693.el7)
- Symantec Endpoint Protection (SEP) 14.0 RU1
- Symantec Endpoint Protection (SEP) 12.1 RU6 MP9 clients
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
