[Top] [All Lists]

BUG : Memory leak in Linux 2.4.2 MIPS SMP kernel

Subject: BUG : Memory leak in Linux 2.4.2 MIPS SMP kernel
From: Krishna Kondaka <>
Date: Tue, 13 Nov 2001 15:36:32 -0800 (PST)
Reply-to: Krishna Kondaka <>

        Here is the bug we found in the Linux 2.4.2 MIPS SMP kernel and the
        fix for the bug.
1. Summary:
        Memory leak in Linux 2.4.2 MIPS SMP kernel

2. Description:
        Memory leak happens whenever a process is created and destroyed.
        Whatever memory allocated during process creation is not getting
        freed when the process exits. This problem can be easily reproduced
        by writing any program/script which does a lot of process creation
        and termination. my test script is
        while true
                cat /proc/meminfo
                ls /bin
                cat /proc/slabinfo
        when /proc/slabinfo is printed, we can see that size of 32-byte
        memory chunks growing indefinitely and eventually causing the
        following panic:
        kernel BUG at page_alloc.c:75!
Unable to handle kernel paging request at virtual address 00000000, epc == 
8013bcdc, ra == 8013bcdc
Oops in fault.c:do_page_fault, line 172:
$0 : 00000000 10009f00 0000001f 0000000a
$4 : 802afc10 00000001 00000001 00000000
$8 : 802d7636 b0060170 0000001f 0000000d
$12: 00000000 0000001f 10009f00 0000000a
$16: 80329f50 80329f50 00000000 00657a03
$20: 8053000c 806451a0 80b785a0 ffc00000
$24: 802d7617 8036dca1
$28: 8036c000 8036de08 806451a0 8013bcdc
epc    : 000000008013bcdc
Status : 10009f03
Cause  : 1080000c

BadAddr: 00000000ffc00000Process kswapd (pid: 5, stackpage=8036c000)
Stack: 80253434 8025344c 0000004b 00000001 806451a0 00403000 80329f50 00403000
       00000001 00657a03 8053000c 806451a0 80b785a0 ffc00000 806451a0 8013cba8
       00403000 00000000 80329f50 00403000 801395fc 8013967c 00000000 00000000
       00000000 00000000 00000000 00000000 00657a03 00000000 00000000 00000000
       00000000 00000000 00403000 8053000c 00000007 00424000 80b785a0 806451a0
       ffc00000 ...
Call Trace: [<80253434>] [<8025344c>] [<8013cba8>] [<801395fc>] [<8013967c>] 
 [<801399d8>] [<80139ab0>] [<80136a30>] [<8013b42c>] [<80139c1c>] [<80139c24>]
 [<80162fa8>] [<8013b3e8>] [<8013b4a0>] [<8013b524>] [<8013b55c>] [<80107d38>]
 [<80108d9c>] [<80108d8c>]

3. Keywords
        mips, SMP, memory leak

4. Kernel version

        Linux version 2.4.2

5. Output
        (included as part of description)

6. testcase
        (included as part of description)

7. Environment
        7.1 software
        7.2 Processor info
                (NOTE *** cat /proc/cpuinfo does not print information about 
                    both the CPUs ***)
                cpu                     : MIPS
                processor               : 0
                cpu model               : SiByte SB1 V0.1
                BogoMIPS                : 332.59
                processor               : 1
                cpu model               : SiByte SB1 V0.1
                BogoMIPS                : 332.59
                system type             : SiByte unknown
                byteorder               : big endian
                unaligned accesses      : 0
                wait instruction        : no
                microsecond timers      : no
                extra interrupt vector  : yes
                hardware watchpoint     : no
                VCED exceptions         : not available
                VCEI exceptions         : not available
        7.3 Module information
                No modules.
        7.4 Loaded driver and hardware information (/proc/ioports, /proc/iomem)
                bash-2.04# cat /proc/ioports
                bash-2.04# cat /proc/iomem
                00000000-0fe94fff : System RAM
                  00100000-00267d77 : Kernel code
                  00299a40-002ad38f : Kernel data
        7.5 PCI information
                No PCI devices attached
        7.6 SCSI information
                No SCSI devices attached
        7.7 Other information

8. Fix

I found that the bug is in destroy_context() in include/asm-mips/mmu_context.h.
destroy_context() is supposed to kfree() the memory that is allocated by
init_new_context() but it is not doing that.

I modified destroy_context as follows:

 * Destroy context related info for an mm_struct that is about
 * to be put to rest.
extern inline void destroy_context(struct mm_struct *mm)
        kfree((void *)mm->context);
        /* Nothing to do.  */

And when I tested this I do not see the memory leak any more.

Krishna Kondaka
Sanera Systems Inc.

<Prev in Thread] Current Thread [Next in Thread>