Bug 13868 - struct pid memory leak via alloc_pid()
struct pid memory leak via alloc_pid()
Status: RESOLVED OBSOLETE
Product: Process Management
Classification: Unclassified
Component: Other
All Linux
: P1 normal
Assigned To: process_other
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-29 15:48 UTC by Catalin Marinas
Modified: 2013-12-10 16:42 UTC (History)
3 users (show)

See Also:
Kernel Version: 2.6.31-rc4
Tree: Mainline
Regression: No


Attachments
ARM .config file (RealView PB-A8 board) (35.13 KB, application/octet-stream)
2009-07-30 09:13 UTC, Catalin Marinas
Details
x86 .config file (97.32 KB, application/octet-stream)
2009-07-30 23:00 UTC, Catalin Marinas
Details

Description Catalin Marinas 2009-07-29 15:48:27 UTC
I posted this on LKML a few weeks ago (http://lkml.org/lkml/2009/7/8/422) but I log it here as well so that it is not forgotten. I can consistently reproduce this leak on both x86 and ARM platforms as described in the original post, reproduced here:

There's a kmemleak report of a struct pid allocation in alloc_pid()
which somehow gets lost:

unreferenced object 0xc307aa00 (size 44):
  comm "gdm", pid 2734, jiffies 4294902040
  backtrace:
    [<c01e721a>] create_object+0xfa/0x250
    [<c01e73cd>] kmemleak_alloc+0x5d/0x70
    [<c01e0ad6>] kmem_cache_alloc+0x156/0x1a0
    [<c01552f9>] alloc_pid+0x19/0x350
    [<c013e6e0>] copy_process+0x800/0x1230
    [<c013f17f>] do_fork+0x6f/0x370
    [<c0101986>] sys_clone+0x36/0x40
    [<c010319c>] sysenter_do_call+0x12/0x38
    [<ffffffff>] 0xffffffff

This is the gdm fork for starting Xorg (with pid 2739). It first
logged me in automatically, after which I logged out and gdm started
another Xorg. The pid structure for the first Xorg is reported as a
leak. The Xorg with pid 2739 is no longer present on my system.

Using gdb vmlinux /proc/kcore shows that the pid->count is 2, so
that's why it probably wasn't freed by put_pid():

(gdb) print ({struct pid}0xc307aa00)
$20 = {count = {counter = 2}, level = 0, tasks = {{first = 0x0}, {
      first = 0x0}, {first = 0x0}}, rcu = {next = 0xc24bfd64,
    func = 0xc0154e90 <delayed_put_pid>}, numbers = {{nr = 2739,
      ns = 0xc0737540, pid_chain = {next = 0x0, pprev = 0x200200}}}}

Note that kmemleak is aware of and scans pid_hash (which was recorded
in kmemleak as a 16KB object).
Comment 1 Catalin Marinas 2009-07-30 09:13:59 UTC
Created attachment 22531 [details]
ARM .config file (RealView PB-A8 board)
Comment 2 Catalin Marinas 2009-07-30 23:00:50 UTC
Created attachment 22548 [details]
x86 .config file
Comment 3 Catalin Marinas 2009-07-30 23:02:36 UTC
$ lsmod
Module                  Size  Used by
tun                    14532  0 
i915                  215720  2 
drm                   163168  3 i915
i2c_algo_bit            5920  1 i915
binfmt_misc             8484  1 
ppdev                   6920  0 
lp                     10020  0 
parport                36296  2 ppdev,lp
snd_hda_codec_realtek   201792  1 
arc4                    1820  2 
snd_hda_intel          27048  3 
snd_hda_codec          69172  2 snd_hda_codec_realtek,snd_hda_intel
ecb                     2748  2 
snd_pcm_oss            39648  0 
snd_mixer_oss          16996  1 snd_pcm_oss
snd_pcm                76512  3 snd_hda_intel,snd_hda_codec,snd_pcm_oss
joydev                 10880  0 
iwlagn                115684  0 
iwlcore               113292  1 iwlagn
snd_seq_dummy           2752  0 
snd_seq_oss            28976  0 
snd_seq_midi            6784  0 
led_class               4272  1 iwlcore
snd_rawmidi            22720  1 snd_seq_midi
snd_seq_midi_event      7364  2 snd_seq_oss,snd_seq_midi
snd_seq                51448  6 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_midi_event
snd_timer              22144  2 snd_pcm,snd_seq
mac80211              227992  2 iwlagn,iwlcore
snd_seq_device          7408  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_rawmidi,snd_seq
pcspkr                  2556  0 
cfg80211               89572  3 iwlagn,iwlcore,mac80211
psmouse                56860  0 
snd                    61380  17 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_seq_oss,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
serio_raw               5760  0 
iTCO_wdt               11152  0 
iTCO_vendor_support     3680  1 iTCO_wdt
soundcore               7840  1 snd
snd_page_alloc          9284  2 snd_hda_intel,snd_pcm
video                  18940  1 i915
output                  3076  1 video
intel_agp              27004  1 
agpgart                36032  3 drm,intel_agp
r8169                  32960  0 
mii                     5276  1 r8169

Note You need to log in before you can comment on or make changes to this bug.