The Out-Of-Memory (OOM) Killer is a Linux kernel process that selectively terminates applications to free up memory when the system is critically low on available RAM. It is invoked as a last resort when all other memory reclamation efforts, such as garbage collection and cache eviction, have failed to prevent an out-of-memory condition. The kernel calculates an oom_score for each process based on its memory usage, runtime, and priority to determine the optimal target for termination.
Glossary
Out-Of-Memory (OOM) Killer

What is Out-Of-Memory (OOM) Killer?
A definition of the Linux kernel's emergency process for managing critical memory exhaustion.
This mechanism is a critical, albeit disruptive, form of system-level memory management that prevents total system lockup. In agentic systems, analogous eviction policies like Least Recently Used (LRU) manage context windows and vector stores proactively to avoid reaching such a critical state. Understanding the OOM Killer is essential for engineers designing resilient systems that must gracefully handle resource constraints without catastrophic failure.
Key Characteristics of the OOM Killer
The Out-Of-Memory (OOM) Killer is a last-resort Linux kernel process that terminates applications to free up memory when the system faces a critical, unrecoverable shortage of available RAM.
Trigger Mechanism: The OOM Score
The kernel does not trigger the OOM Killer at the moment physical RAM is exhausted. Instead, it activates when the system is under severe memory pressure and the swapping mechanism is overwhelmed or disabled. The kernel calculates a dynamic oom_score for each process, which estimates the system memory that would be reclaimed if the process were terminated. Key factors include:
- Memory Usage: Total resident memory and swap usage.
- Process Age: Longer-running processes may receive a penalty.
- Process Niceness (
nicevalue): Lower priority (highernicevalue) processes are favored for killing. - User Privileges: Root-owned processes may be penalized less.
- Direct Reclaim Activity: Processes causing significant memory reclaim work may be targeted.
Selection Algorithm: The `oom_score_adj` Tuning
While the kernel calculates a base oom_score, administrators and processes can influence the selection via the oom_score_adj tunable (ranging from -1000 to +1000). This value is added to the final oom_score. This allows for critical system protection and application-level control.
- Protecting Critical Daemons: Setting
oom_score_adjto -1000 forsshdorsystemdensures they are virtually never killed. - Prioritizing Eviction: Setting a high positive
oom_score_adjon a memory-intensive, non-critical batch job makes it the primary candidate for termination. - The chosen victim is the process with the highest adjusted
oom_score. The kernel logs the kill event with details likeoom_score,oom_score_adj, and memory usage to/var/log/kern.log.
System-Wide vs. Cgroup Enforcement
The OOM Killer operates in two primary scopes, with cgroup (Control Group)-based killing being the modern standard for containerized environments.
- System-Wide OOM Killer: The traditional model that evaluates all processes on the system. This can lead to the termination of a critical database process to save a rogue user application.
- Cgroup-Aware OOM Killer: In modern kernels, memory limits are enforced via memory cgroups. When a cgroup hits its hard memory limit, the OOM Killer is invoked within that cgroup only. This provides crucial isolation:
- A container exceeding its memory limit is terminated without affecting the host or other containers.
- Quality of Service (QoS) is maintained by protecting higher-priority cgroups.
- This is the fundamental mechanism enabling memory limits in Docker and Kubernetes.
The `oom_kill_allocating_task` Optimization
A kernel tunable (/proc/sys/vm/oom_kill_allocating_task) provides a performance optimization. When enabled (set to 1), the kernel bypasses the full oom_score calculation and immediately kills the task that triggered the OOM condition by attempting to allocate memory.
- Advantage: Extremely fast resolution. It avoids scanning the entire task list, reducing latency during a critical memory crisis.
- Disadvantage: It is a blunt instrument. The allocating task might be a critical service (e.g., a database handling a query) rather than the true source of the memory leak. This setting is often unsuitable for complex, multi-service systems but can be useful for simple, single-application workloads.
Interaction with Swapping (Swapiness)
The OOM Killer's behavior is intrinsically linked to the kernel's swapping policy, governed by the vm.swappiness parameter (0-100).
- High Swappiness (e.g., 60): The kernel aggressively moves inactive memory pages to swap space on disk. This delays the onset of OOM conditions but can cause thrashing—severe performance degradation due to excessive disk I/O.
- Low Swappiness (e.g., 10 or 0): The kernel avoids swapping, keeping more data in fast RAM. This improves performance but causes memory pressure to rise faster, triggering the OOM Killer sooner.
- Swappiness = 0: Does not disable swapping entirely. It prevents reclaiming anonymous memory for the file cache but will still swap under absolute memory pressure. In container environments, swap is often disabled (
--memory-swapequals--memory) to guarantee predictable OOM behavior and latency.
Mitigation Strategies in Production
Reliable systems are designed to avoid invoking the OOM Killer, as its actions are non-deterministic from an application perspective. Key engineering mitigations include:
- Resource Limits: Enforce strict memory cgroup limits on all containers and processes. This confines the blast radius.
- Monitoring and Alerting: Monitor
oom_killevents via kernel logs or Prometheus/node_exportermetrics (node_vmstat_oom_kill). Alert on rising memory pressure, not just usage. - Application-Level Resilience: Design services to be stateless and idempotent, allowing them to be restarted after being killed without data loss.
- Overprovisioning and Right-Sizing: Allocate sufficient memory headroom based on the working set model of applications.
- Use of
mlock(): For extreme latency-sensitive processes (e.g., real-time trading), critical memory pages can be locked in RAM usingmlock()ormlockall()to prevent them from being swapped or considered for reclaim, though this reduces system flexibility.
Frequently Asked Questions
The Out-Of-Memory (OOM) Killer is a critical Linux kernel mechanism for managing severe memory pressure. These questions address its operation, configuration, and relevance to modern AI and agentic systems.
The Out-Of-Memory (OOM) Killer is a Linux kernel process that selectively terminates applications to free up memory when the system is critically low on available RAM and cannot satisfy allocation requests. It is a last-resort mechanism invoked after the kernel has exhausted standard memory management techniques like aggressive cache eviction and swapping. The OOM Killer's primary function is to prevent a complete system lockup by sacrificing one or more processes to restore system responsiveness. It calculates an oom_score for each running process based on its memory consumption, runtime, and user-defined adjustments, then terminates the process with the highest score to reclaim its memory.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
The Out-Of-Memory Killer is a critical failsafe within a broader ecosystem of memory management and eviction strategies. These related concepts detail the policies, algorithms, and failure modes that govern how systems allocate, manage, and reclaim finite computational resources.
Garbage Collection (GC)
Garbage collection (GC) is an automatic memory management process that identifies and reclaims memory occupied by objects that are no longer in use by the program. Unlike the OOM Killer's reactive termination, GC is a proactive, application-level mechanism.
- Key Mechanism: A garbage collector periodically traces object references starting from 'roots' (like global variables) to identify 'live' data. Memory used by unreachable objects is freed.
- Prevents Leaks: Mitigates memory leaks by automatically handling deallocation, reducing the chance of an OOM condition.
- Trade-offs: Introduces pause times ('stop-the-world') and CPU overhead during collection cycles. Common algorithms include mark-and-sweep and generational collectors.
Cache Eviction Policy
A cache eviction policy is a predetermined algorithm that determines which items to remove from a cache when it reaches its capacity limit. This is a planned, granular form of eviction, contrasting with the OOM Killer's process-level termination.
- Common Algorithms:
- Least Recently Used (LRU): Evicts the item not accessed for the longest time.
- Least Frequently Used (LFU): Evicts the item with the fewest access counts.
- Time-To-Live (TTL): Evicts items after a fixed expiration period.
- Adaptive Systems: Policies like Adaptive Replacement Cache (ARC) dynamically balance between LRU and LFU based on workload.
- Application: Essential for in-memory databases (e.g., Redis), CPU caches, and vector database indexes to maintain performance under memory constraints.
Thrashing
Thrashing is a severe performance degradation state in virtual memory systems where the CPU spends excessive time swapping data pages between main memory (RAM) and disk, rather than executing useful work. It is often a precursor to OOM Killer activation.
- Root Cause: Occurs when the total working set of active processes exceeds available physical RAM, causing constant page faults.
- Symptoms: System becomes extremely sluggish, disk I/O is saturated at 100%, and CPU utilization for actual computation drops.
- Relationship to OOM: The kernel attempts to manage thrashing via swapping. When swap is exhausted or system responsiveness becomes critically poor, the OOM Killer is invoked as a last resort to break the deadlock.
Memory Leak
A memory leak is a software bug where a program fails to release memory it has allocated but no longer needs. Over time, this gradually consumes available system memory, creating the resource exhaustion scenario that the OOM Killer is designed to address.
- Mechanism: Common in languages without automatic garbage collection (e.g., C/C++) due to missing
free()ordeletecalls. Can also occur in managed languages through unintended long-lived references. - Impact: Leads to gradual performance degradation and, if unchecked, triggers the OOM Killer to terminate the leaking process or others.
- Detection: Requires tools like Valgrind, heap profilers, or observability metrics tracking process memory growth over time.
Working Set Model
The working set model is a principle in memory management that defines the subset of total memory pages a process actively needs within a specific time interval to operate efficiently without excessive page faults. It informs intelligent memory allocation and eviction.
- Core Concept: A process's working set is the set of pages referenced during a defined window of time. Keeping this set in RAM is crucial for performance.
- Application to Eviction: Modern memory managers and cache policies (e.g., in databases) use working set analysis to decide which pages to keep in fast memory and which can be evicted or tiered to slower storage.
- Preventive Role: Effective working set estimation can help size container memory limits appropriately, reducing the likelihood of OOM events.
Rate Limiting & Backpressure
Rate limiting and backpressure are flow control mechanisms that prevent system overload by regulating the inflow of work or data. They are architectural strategies to avoid the resource exhaustion that forces reactive measures like the OOM Killer.
- Rate Limiting: Restricts the number of requests a client or service can make in a time window (e.g., 1000 requests/minute). Prevents a single component from flooding the system.
- Backpressure: A dynamic feedback mechanism in data streaming systems (e.g., Apache Kafka, reactive streams). When a downstream consumer is overwhelmed, it signals upstream producers to slow or pause data emission.
- Proactive vs. Reactive: These are proactive stability controls, whereas the OOM Killer is a reactive, last-ditch safety net after these controls have failed or were absent.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us