Guest

Preview Tool

Cisco Bug: CSCvu92620 - Secure key agent memory leak in 16.9 and only in 16.9

Last Modified

Aug 26, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

16.9.5

Description (partial)

Symptom:
Memory leak in IOSXE 16.9.x software version, with 'keyman' process being the cause of it. Here are some places where evidence of it may be seen:

<div style="font-family:courier;white-space:pre;">
switch1#show process memory platform sorted
System memory: 7711568K total, 7548804K used, 162764K free,
Lowest: 162764K
   Pid    Text      Data   Stack   Dynamic       RSS     Total              Name
--------------------------------------------------------------------------------
14441  143965    635592     136       300    635592   4632088   linux_iosd-imag
10895     106   3988736     136   3978588   3988736   4133588            keyman  <<<< RSS counter increasing over time

switch1#show platform software status control-processor brief							
Load Average							
 Slot  Status  1-Min  5-Min 15-Min							
1-RP0 Healthy   0.31   0.47   0.55							
2-RP0 Healthy   0.38   0.36   0.37							
3-RP0 Healthy   0.11   0.17   0.15							
							
Memory (kB)							
 Slot  Status    Total     Used (Pct)     Free (Pct) Committed (Pct)							
1-RP0 Warning  3977748  3749888 (94%)   227860 ( 6%)   4676672 (118%) <<<							
2-RP0 Healthy  3977748  1783944 (45%)  2193804 (55%)   2719304 (68%)							
3-RP0 Healthy  3977748  1123252 (28%)  2854496 (72%)   1507588 (38%)	

</div>						

If the overall memory usage is very high the system starts generating memory usage warnings:

%PLATFORM-4-ELEMENT_WARNING: Switch 1 R0/0: smand: 1/RP/0: Used Memory value 91% exceeds warning level 90%

Conditions:
When AP's (Access Points) reconnect to the switch with authentication method MAB (MAC Address Bypass), it spikes the memory usage of keyman process. Use 'show auth session' to check what's authenticated to the switch and what method is used.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.