A bug on Symantec Endpoint Protection (SEP) causes a huge number of defunct processes. As a result some important services (e.g. sshd, crond) become unavailable with errors "fork: Cannot allocate memory"
Issue
-
A bug on Symantec Endpoint Protection (SEP) causes a huge number of defunct processes. As a result some important services (e.g. sshd, crond) become unavailable with errors "fork: Cannot allocate memory"
-
The following errors are observed in /var/log/secure:
sshd[1343]: error: fork: Cannot allocate memory
/etc/polkit-1/rules.d/49-polkit-pkla-compat.rules:21: Error: Error spawning helper: Error spawning: Failed to fork (Cannot allocate memory) (g-exec-error-quark, 0)
crond[1580]: pam_unix(crond:account): Fork failed: Cannot allocate memory
ps auxshows lots of defunct processes:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
...
root 31070 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31071 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31246 0.0 0.0 0 0 ? Z 06:16 0:00 [uname] <defunct>
root 31247 0.0 0.0 0 0 ? Z 06:16 0:00 [uname] <defunct>
root 31335 0.0 0.0 0 0 ? Z 11:26 0:00 [uname] <defunct>
root 31336 0.0 0.0 0 0 ? Z 11:26 0:00 [uname] <defunct>
root 31349 0.0 0.0 0 0 ? Z 16:30 0:00 [uname] <defunct>
root 31350 0.0 0.0 0 0 ? Z 16:30 0:00 [uname] <defunct>
root 31440 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31441 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31472 0.0 0.0 0 0 ? Z 01:06 0:00 [uname] <defunct>
root 31473 0.0 0.0 0 0 ? Z 01:06 0:00 [uname] <defunct>
root 31591 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31592 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31740 0.0 0.0 0 0 ? Z 06:21 0:00 [uname] <defunct>
root 31741 0.0 0.0 0 0 ? Z 06:21 0:00 [uname] <defunct>
root 31866 0.0 0.0 0 0 ? Z 16:36 0:00 [uname] <defunct>
root 31867 0.0 0.0 0 0 ? Z 16:36 0:00 [uname] <defunct>
root 31872 0.0 0.0 0 0 ? Z 11:31 0:00 [uname] <defunct>
root 31873 0.0 0.0 0 0 ? Z 11:31 0:00 [uname] <defunct>
root 31969 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31970 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 31983 0.0 0.0 0 0 ? Z 01:11 0:00 [uname] <defunct>
root 31984 0.0 0.0 0 0 ? Z 01:11 0:00 [uname] <defunct>
root 32068 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32069 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32239 0.0 0.0 0 0 ? Z 06:26 0:00 [uname] <defunct>
root 32240 0.0 0.0 0 0 ? Z 06:26 0:00 [uname] <defunct>
root 32355 0.0 0.0 0 0 ? Z 11:36 0:00 [uname] <defunct>
root 32356 0.0 0.0 0 0 ? Z 11:36 0:00 [uname] <defunct>
root 32389 0.0 0.0 0 0 ? Z 16:41 0:00 [uname] <defunct>
root 32390 0.0 0.0 0 0 ? Z 16:41 0:00 [uname] <defunct>
root 32416 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32417 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32606 0.0 0.0 0 0 ? Z 01:17 0:00 [uname] <defunct>
root 32607 0.0 0.0 0 0 ? Z 01:17 0:00 [uname] <defunct>
root 32623 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
root 32624 0.0 0.0 0 0 ? Z Jul09 0:00 [uname] <defunct>
...
Environment
- Red Hat Enterprise Linux 7.4 (kernel-3.10.0-693.el7)
- Symantec Endpoint Protection (SEP) 14.0 RU1
- Symantec Endpoint Protection (SEP) 12.1 RU6 MP9 clients
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
