Possible memory leak via alloc_pid()

Possible memory leak via alloc_pid()

[Catalin Marinas]

Hi,

There's a kmemleak report of a struct pid allocation in alloc_pid()
which somehow gets lost:

unreferenced object 0xc307aa00 (size 44):
  comm "gdm", pid 2734, jiffies 4294902040
  backtrace:
    [<c01e721a>] create_object+0xfa/0x250
    [<c01e73cd>] kmemleak_alloc+0x5d/0x70
    [<c01e0ad6>] kmem_cache_alloc+0x156/0x1a0
    [<c01552f9>] alloc_pid+0x19/0x350
    [<c013e6e0>] copy_process+0x800/0x1230
    [<c013f17f>] do_fork+0x6f/0x370
    [<c0101986>] sys_clone+0x36/0x40
    [<c010319c>] sysenter_do_call+0x12/0x38
    [<ffffffff>] 0xffffffff

This is the gdm fork for starting Xorg (with pid 2739). It first
logged me in automatically, after which I logged out and gdm started
another Xorg. The pid structure for the first Xorg is reported as a
leak. The Xorg with pid 2739 is no longer present on my system.

Using gdb vmlinux /proc/kcore shows that the pid->count is 2, so
that's why it probably wasn't freed by put_pid():

(gdb) print ({struct pid}0xc307aa00)
$20 = {count = {counter = 2}, level = 0, tasks = {{first = 0x0}, {
      first = 0x0}, {first = 0x0}}, rcu = {next = 0xc24bfd64,
    func = 0xc0154e90 <delayed_put_pid>}, numbers = {{nr = 2739,
      ns = 0xc0737540, pid_chain = {next = 0x0, pprev = 0x200200}}}}

Note that kmemleak is aware of and scans pid_hash (which was recorded
in kmemleak as a 16KB object).

Regards.

-- 
Catalin

Re: Possible memory leak via alloc_pid()

[Andrew Morton]

On Wed, 8 Jul 2009 22:33:31 +0100
Catalin Marinas <catalin.marinas@arm.com> wrote:

> Hi,
> 
> There's a kmemleak report of a struct pid allocation in alloc_pid()
> which somehow gets lost:
> 
> unreferenced object 0xc307aa00 (size 44):
>   comm "gdm", pid 2734, jiffies 4294902040
>   backtrace:
>     [<c01e721a>] create_object+0xfa/0x250
>     [<c01e73cd>] kmemleak_alloc+0x5d/0x70
>     [<c01e0ad6>] kmem_cache_alloc+0x156/0x1a0
>     [<c01552f9>] alloc_pid+0x19/0x350
>     [<c013e6e0>] copy_process+0x800/0x1230
>     [<c013f17f>] do_fork+0x6f/0x370
>     [<c0101986>] sys_clone+0x36/0x40
>     [<c010319c>] sysenter_do_call+0x12/0x38
>     [<ffffffff>] 0xffffffff
> 
> This is the gdm fork for starting Xorg (with pid 2739). It first
> logged me in automatically, after which I logged out and gdm started
> another Xorg. The pid structure for the first Xorg is reported as a
> leak. The Xorg with pid 2739 is no longer present on my system.
> 
> Using gdb vmlinux /proc/kcore shows that the pid->count is 2, so
> that's why it probably wasn't freed by put_pid():
> 
> (gdb) print ({struct pid}0xc307aa00)
> $20 = {count = {counter = 2}, level = 0, tasks = {{first = 0x0}, {
>       first = 0x0}, {first = 0x0}}, rcu = {next = 0xc24bfd64,
>     func = 0xc0154e90 <delayed_put_pid>}, numbers = {{nr = 2739,
>       ns = 0xc0737540, pid_chain = {next = 0x0, pprev = 0x200200}}}}
> 
> Note that kmemleak is aware of and scans pid_hash (which was recorded
> in kmemleak as a 16KB object).
> 

Thanks.  Let's cc some recent pid fiddlers.

Re: Possible memory leak via alloc_pid()

[Serge E. Hallyn]

Quoting Andrew Morton (akpm@linux-foundation.org):
> On Wed, 8 Jul 2009 22:33:31 +0100
> Catalin Marinas <catalin.marinas@arm.com> wrote:
> 
> > Hi,
> > 
> > There's a kmemleak report of a struct pid allocation in alloc_pid()
> > which somehow gets lost:
> > 
> > unreferenced object 0xc307aa00 (size 44):
> >   comm "gdm", pid 2734, jiffies 4294902040
> >   backtrace:
> >     [<c01e721a>] create_object+0xfa/0x250
> >     [<c01e73cd>] kmemleak_alloc+0x5d/0x70
> >     [<c01e0ad6>] kmem_cache_alloc+0x156/0x1a0
> >     [<c01552f9>] alloc_pid+0x19/0x350
> >     [<c013e6e0>] copy_process+0x800/0x1230
> >     [<c013f17f>] do_fork+0x6f/0x370
> >     [<c0101986>] sys_clone+0x36/0x40
> >     [<c010319c>] sysenter_do_call+0x12/0x38
> >     [<ffffffff>] 0xffffffff
> > 
> > This is the gdm fork for starting Xorg (with pid 2739). It first
> > logged me in automatically, after which I logged out and gdm started
> > another Xorg. The pid structure for the first Xorg is reported as a
> > leak. The Xorg with pid 2739 is no longer present on my system.
> > 
> > Using gdb vmlinux /proc/kcore shows that the pid->count is 2, so
> > that's why it probably wasn't freed by put_pid():
> > 
> > (gdb) print ({struct pid}0xc307aa00)
> > $20 = {count = {counter = 2}, level = 0, tasks = {{first = 0x0}, {
> >       first = 0x0}, {first = 0x0}}, rcu = {next = 0xc24bfd64,
> >     func = 0xc0154e90 <delayed_put_pid>}, numbers = {{nr = 2739,
> >       ns = 0xc0737540, pid_chain = {next = 0x0, pprev = 0x200200}}}}
> > 
> > Note that kmemleak is aware of and scans pid_hash (which was recorded
> > in kmemleak as a 16KB object).
> > 
> 
> Thanks.  Let's cc some recent pid fiddlers.

Hi,

thanks for the report.  Note that kernel modules can increment those
counds through find_get_pid().  Can you send your kernel .config and
the output of lsmod?

thanks,
-serge

Re: Possible memory leak via alloc_pid()

[Catalin Marinas]

On Wed, 2009-07-29 at 19:36 -0500, Serge E. Hallyn wrote:
> Quoting Andrew Morton (akpm@linux-foundation.org):
> > On Wed, 8 Jul 2009 22:33:31 +0100
> > Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > There's a kmemleak report of a struct pid allocation in alloc_pid()
> > > which somehow gets lost:
[...]
> > > This is the gdm fork for starting Xorg (with pid 2739). It first
> > > logged me in automatically, after which I logged out and gdm started
> > > another Xorg. The pid structure for the first Xorg is reported as a
> > > leak. The Xorg with pid 2739 is no longer present on my system.
> > > 
> > > Using gdb vmlinux /proc/kcore shows that the pid->count is 2, so
> > > that's why it probably wasn't freed by put_pid():
[...]
> thanks for the report.  Note that kernel modules can increment those
> counds through find_get_pid().  

It is possible that there are more *get_pid() calls than put_pid() but I
couldn't track them.

> Can you send your kernel .config and
> the output of lsmod?

I logged this as http://bugzilla.kernel.org/show_bug.cgi?id=13868. I
uploaded the ARM .config file (no modules loaded). I'll upload the x86
config as well later today (it's on my home machine but it's pretty much
the default Ubuntu 9.04 .config with CONFIG_KMEMLEAK enabled).

Thanks.

-- 
Catalin

Re: Possible memory leak via alloc_pid()

[Oleg Nesterov]

On 07/29, Andrew Morton wrote:
>
> On Wed, 8 Jul 2009 22:33:31 +0100
> Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> > Hi,
> >
> > There's a kmemleak report of a struct pid allocation in alloc_pid()
> > which somehow gets lost:
> >
> > unreferenced object 0xc307aa00 (size 44):
> >   comm "gdm", pid 2734, jiffies 4294902040
> >   backtrace:
> >     [<c01e721a>] create_object+0xfa/0x250
> >     [<c01e73cd>] kmemleak_alloc+0x5d/0x70
> >     [<c01e0ad6>] kmem_cache_alloc+0x156/0x1a0
> >     [<c01552f9>] alloc_pid+0x19/0x350
> >     [<c013e6e0>] copy_process+0x800/0x1230
> >     [<c013f17f>] do_fork+0x6f/0x370
> >     [<c0101986>] sys_clone+0x36/0x40
> >     [<c010319c>] sysenter_do_call+0x12/0x38
> >     [<ffffffff>] 0xffffffff
> >
> > This is the gdm fork for starting Xorg (with pid 2739). It first
> > logged me in automatically, after which I logged out and gdm started
> > another Xorg. The pid structure for the first Xorg is reported as a
> > leak. The Xorg with pid 2739 is no longer present on my system.
> >
> > Using gdb vmlinux /proc/kcore shows that the pid->count is 2, so
> > that's why it probably wasn't freed by put_pid():
> >
> > (gdb) print ({struct pid}0xc307aa00)
> > $20 = {count = {counter = 2}, level = 0, tasks = {{first = 0x0}, {
> >       first = 0x0}, {first = 0x0}}, rcu = {next = 0xc24bfd64,
> >     func = 0xc0154e90 <delayed_put_pid>}, numbers = {{nr = 2739,
> >       ns = 0xc0737540, pid_chain = {next = 0x0, pprev = 0x200200}}}}
> >
> > Note that kmemleak is aware of and scans pid_hash (which was recorded
> > in kmemleak as a 16KB object).

This pid is detached and unhanshed. God knows who did the unbalanced
get_pid().

Since you can reproduce the problem easily, perhaps you can use the
hack above to track get/put ?

	$ echo pid_of_Xorg > /proc/sys/kernel/xxx

Oleg.

--- CPUHP/kernel/sysctl.c~TRACK_PID	2009-06-28 18:14:27.000000000 +0200
+++ CPUHP/kernel/sysctl.c	2009-07-30 23:12:43.000000000 +0200
@@ -244,6 +244,10 @@ static int min_wakeup_granularity_ns;			
 static int max_wakeup_granularity_ns = NSEC_PER_SEC;	/* 1 second */
 #endif
 
+extern int xxx_pid;
+int set_xxx_pid(struct ctl_table *, int, struct file *,
+				void __user *, size_t *, loff_t *);
+
 static struct ctl_table kern_table[] = {
 #ifdef CONFIG_SCHED_DEBUG
 	{
@@ -989,7 +993,15 @@ static struct ctl_table kern_table[] = {
 		.proc_handler	= &proc_dointvec,
 	},
 #endif
-
+	{
+		.ctl_name	= 666,
+		.procname	= "xxx",
+		.data		= &xxx_pid,
+		.maxlen		= sizeof (int),
+		.mode		= 0666,
+		.proc_handler	= &set_xxx_pid,
+		.strategy	= sysctl_intvec,
+	},
 /*
  * NOTE: do not add new entries to this table unless you have read
  * Documentation/sysctl/ctl_unnumbered.txt
--- CPUHP/include/linux/pid.h~TRACK_PID	2009-04-06 00:03:41.000000000 +0200
+++ CPUHP/include/linux/pid.h	2009-07-30 23:10:32.000000000 +0200
@@ -57,6 +57,7 @@ struct upid {
 struct pid
 {
 	atomic_t count;
+	int trackme;
 	unsigned int level;
 	/* lists of tasks that use this pid */
 	struct hlist_head tasks[PIDTYPE_MAX];
@@ -74,8 +75,14 @@ struct pid_link
 
 static inline struct pid *get_pid(struct pid *pid)
 {
-	if (pid)
+	if (pid) {
+		if (pid->trackme) {
+			printk(KERN_INFO "XXXXX(%d) ++%d\n",
+				pid->numbers[0].nr, atomic_read(&pid->count));
+			dump_stack();
+		}
 		atomic_inc(&pid->count);
+	}
 	return pid;
 }
 
--- CPUHP/kernel/pid.c~TRACK_PID	2009-07-13 17:39:44.000000000 +0200
+++ CPUHP/kernel/pid.c	2009-07-30 23:12:05.000000000 +0200
@@ -207,6 +207,12 @@ void put_pid(struct pid *pid)
 	if (!pid)
 		return;
 
+	if (pid->trackme) {
+		printk(KERN_INFO "XXXXX(%d) --%d\n",
+			pid->numbers[0].nr, atomic_read(&pid->count));
+		dump_stack();
+	}
+
 	ns = pid->numbers[pid->level].ns;
 	if ((atomic_read(&pid->count) == 1) ||
 	     atomic_dec_and_test(&pid->count)) {
@@ -250,6 +256,7 @@ struct pid *alloc_pid(struct pid_namespa
 	pid = kmem_cache_alloc(ns->pid_cachep, GFP_KERNEL);
 	if (!pid)
 		goto out;
+	pid->trackme = 0;
 
 	tmp = ns;
 	for (i = ns->level; i >= 0; i--) {
@@ -491,6 +498,30 @@ struct pid *find_ge_pid(int nr, struct p
 	return pid;
 }
 
+int xxx_pid;
+
+int set_xxx_pid(ctl_table *table, int write, struct file *file,
+		void __user *buffer, size_t *length, loff_t *ppos)
+{
+	struct pid *pid;
+
+	proc_dointvec_minmax(table, write, file, buffer, length, ppos);
+	if (!write)
+		return 0;
+
+	rcu_read_lock();
+	pid = find_vpid(xxx_pid);
+	if (pid) {
+		printk(KERN_INFO "XXXXX(%d) ==%d\n", xxx_pid, atomic_read(&pid->count));
+		pid->trackme = 1;
+	} else {
+		printk(KERN_INFO "XXXXX(%d) not found\n", xxx_pid);
+	}
+	rcu_read_unlock();
+
+	return 0;
+}
+
 /*
  * The pid hash table is scaled according to the amount of memory in the
  * machine.  From a minimum of 16 slots up to 4096 slots at one gigabyte or

Re: Possible memory leak via alloc_pid()

[Catalin Marinas]

On Thu, 2009-07-30 at 23:29 +0200, Oleg Nesterov wrote:
> On 07/29, Andrew Morton wrote:
> > On Wed, 8 Jul 2009 22:33:31 +0100
> > Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > This is the gdm fork for starting Xorg (with pid 2739). It first
> > > logged me in automatically, after which I logged out and gdm started
> > > another Xorg. The pid structure for the first Xorg is reported as a
> > > leak. The Xorg with pid 2739 is no longer present on my system.
> > >
> > > Using gdb vmlinux /proc/kcore shows that the pid->count is 2, so
> > > that's why it probably wasn't freed by put_pid():
> > >
> > > (gdb) print ({struct pid}0xc307aa00)
> > > $20 = {count = {counter = 2}, level = 0, tasks = {{first = 0x0}, {
> > >       first = 0x0}, {first = 0x0}}, rcu = {next = 0xc24bfd64,
> > >     func = 0xc0154e90 <delayed_put_pid>}, numbers = {{nr = 2739,
> > >       ns = 0xc0737540, pid_chain = {next = 0x0, pprev = 0x200200}}}}
> > >
> > > Note that kmemleak is aware of and scans pid_hash (which was recorded
> > > in kmemleak as a 16KB object).
> 
> This pid is detached and unhanshed. God knows who did the unbalanced
> get_pid().
> 
> Since you can reproduce the problem easily, perhaps you can use the
> hack above to track get/put ?
> 
> 	$ echo pid_of_Xorg > /proc/sys/kernel/xxx

Below is the minicom capture. By the time Xorg dies, the count is 2.
When logging out, there are two counter incrementing events via
sys_wait4 and sys_ioctl, thoush I'm not sure whether they are
unbalanced.

It was tested on an ARM platform.


pgrep Xorg
1519
10:~# pgrep Xorg > /proc/sys/kernel/xxx 
XXXXX(1519) ==22
XXXXX(1519) ++22
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c01234e9>] (tty_get_pgrp+0x29/0x4c)
[<c01234e9>] (tty_get_pgrp+0x29/0x4c) from [<c009e7cb>] (do_task_stat+0xc3/0x3c4)
[<c009e7cb>] (do_task_stat+0xc3/0x3c4) from [<c009ead7>] (proc_tgid_stat+0xb/0xc)
[<c009ead7>] (proc_tgid_stat+0xb/0xc) from [<c009c6b5>] (proc_single_show+0x35/0x5c)
[<c009c6b5>] (proc_single_show+0x35/0x5c) from [<c0085125>] (seq_read+0x125/0x294)
[<c0085125>] (seq_read+0x125/0x294) from [<c00759c9>] (vfs_read+0x69/0x11c)
[<c00759c9>] (vfs_read+0x69/0x11c) from [<c0075af5>] (sys_read+0x2d/0x48)
[<c0075af5>] (sys_read+0x2d/0x48) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --23
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009e7db>] (do_task_stat+0xd3/0x3c4)
[<c009e7db>] (do_task_stat+0xd3/0x3c4) from [<c009ead7>] (proc_tgid_stat+0xb/0xc)
[<c009ead7>] (proc_tgid_stat+0xb/0xc) from [<c009c6b5>] (proc_single_show+0x35/0x5c)
[<c009c6b5>] (proc_single_show+0x35/0x5c) from [<c0085125>] (seq_read+0x125/0x294)
[<c0085125>] (seq_read+0x125/0x294) from [<c00759c9>] (vfs_read+0x69/0x11c)
[<c00759c9>] (vfs_read+0x69/0x11c) from [<c0075af5>] (sys_read+0x2d/0x48)
[<c0075af5>] (sys_read+0x2d/0x48) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
10:~# ps -e
  PID TTY          TIME CMD
    1 ?        00:00:02 init
    2 ?        00:00:00 kthreadd
    3 ?        00:00:00 ksoftirqd/0
    4 ?        00:00:00 watchdog/0
    5 ?        00:00:00 rcu_sched_grace
    6 ?        00:00:00 events/0
    7 ?        0:00:00 khelper
   10 ?        00:00:00 async/mgr
  136 ?        00:00:00 kblockd/0
  142 ?        00:00:00 ata/0
  143 ?        00:00:00 ata_aux
  147 ?        00:00:00 ksuspend_usbd
  151 ?        00:00:00 khubd
  154 ?        00:00:00 kseriod
  160 ?        00:00:00 kmmcd
  185 ?        00:00:00 khungtaskd
  186 ?        00:00:00 pdflush
  187 ?        00:00:00 pdflush
  188 ?        00:00:00 kswapd0
  275 ?        00:00:00 aio/0
  294 ?        00:00:01 nfsiod
  416 ?        00:00:00 kapmd
  436 ?        00:00:00 scsi_eh_0
  449 ?        00:00:00 mtdblockd
  470 ?        00:00:00 kpsmoused
  503 ?        00:00:00 usbhid_resumer
  519 ?        00:00:04 rpciod/0
  527 ?        00:00:25 kmemleak
  607 ?        00:00:04 udevd
 1141 ?        00:00:00 portmap
 1154 ?        00:00:00 rpc.statd
 1288 ?        00:00:00 dbus-daemon
 1300 ?        00:00:00 lpd
 1316 ?        00:00:00 ntpd
 1330 ?        00:00:01 hald
 1331 ?        00:00:00 hald-runner
 1361 ?        00:00:00 gdm
 1391 tty1     00:00:00 getty
 1393 ttyAMA0  00:00:00 login
 1395 ttyAMA1  00:00:00 getty
 1405 ttyAMA0  00:01:02 bash
 1419 ?        00:00:05 gdm
 1426 tty2     00:00:00 getty
 1519 tty3     00:00:01 Xorg
 1527 ?        00:00:25 gdmgreeter
 1535 ttyAMA0  00:00:00 ps

#
# CM: Xorg logout
#

10:~# XXXXX(1519) ++22
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c0042971>] (find_get_pid+0x25/0x44)
[<c0042971>] (find_get_pid+0x25/0x44) from [<c00393f5>] (sys_wait4+0x55/0x84)
[<c00393f5>] (sys_wait4+0x55/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --23
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c007605d>] (__fput+0xdd/0x160)
[<c007605d>] (__fput+0xdd/0x160) from [<c00760ff>] (fput+0x1f/0x20)
[<c00760ff>] (fput+0x1f/0x20) from [<c0073d51>] (filp_close+0x39/0x40)
[<c0073d51>] (filp_close+0x39/0x40) from [<c0073dbd>] (sys_close+0x65/0x98)
[<c0073dbd>] (sys_close+0x65/0x98) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --22
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c012a8c9>] (vt_ioctl+0xbb5/0x131c)
[<c012a8c9>] (vt_ioctl+0xbb5/0x131c) from [<c0124d65>] (tty_ioctl+0x5d9/0x620)
[<c0124d65>] (tty_ioctl+0x5d9/0x620) from [<c007d705>] (vfs_ioctl+0x15/0x50)
[<c007d705>] (vfs_ioctl+0x15/0x50) from [<c007db8d>] (do_vfs_ioctl+0x3a1/0x3c8)
[<c007db8d>] (do_vfs_ioctl+0x3a1/0x3c8) from [<c007dbd7>] (sys_ioctl+0x23/0x34)
[<c007dbd7>] (sys_ioctl+0x23/0x34) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) ++21
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c012a8e3>] (vt_ioctl+0xbcf/0x131c)
[<c012a8e3>] (vt_ioctl+0xbcf/0x131c) from [<c0124d65>] (tty_ioctl+0x5d9/0x620)
[<c0124d65>] (tty_ioctl+0x5d9/0x620) from [<c007d705>] (vfs_ioctl+0x15/0x50)
[<c007d705>] (vfs_ioctl+0x15/0x50) from [<c007db8d>] (do_vfs_ioctl+0x3a1/0x3c8)
[<c007db8d>] (do_vfs_ioctl+0x3a1/0x3c8) from [<c007dbd7>] (sys_ioctl+0x23/0x34)
[<c007dbd7>] (sys_ioctl+0x23/0x34) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --22
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --21
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --20
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --19
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --18
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --17
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --16
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --15
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --14
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --13
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --12
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --11
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --10
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --9
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --8
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --7
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4)
[<c007f44d>] (__shrink_dcache_sb+0x191/0x1f4) from [<c007f5e1>] (shrink_dcache_parent+0x25/0xb0)
[<c007f5e1>] (shrink_dcache_parent+0x25/0xb0) from [<c009d8f9>] (proc_flush_task+0x79/0x19c)
[<c009d8f9>] (proc_flush_task+0x79/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --6
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c009b20d>] (proc_delete_inode+0x19/0x34)
[<c009b20d>] (proc_delete_inode+0x19/0x34) from [<c0081843>] (generic_delete_inode+0x67/0xc4)
[<c0081843>] (generic_delete_inode+0x67/0xc4) from [<c0080e6b>] (iput+0x3f/0x4c)
[<c0080e6b>] (iput+0x3f/0x4c) from [<c007f205>] (dentry_iput+0x75/0x88)
[<c007f205>] (dentry_iput+0x75/0x88) from [<c007f29d>] (d_kill+0x21/0x40)
[<c007f29d>] (d_kill+0x21/0x40) from [<c0080609>] (dput+0xd9/0xf0)
[<c0080609>] (dput+0xd9/0xf0) from [<c009d937>] (proc_flush_task+0xb7/0x19c)
[<c009d937>] (proc_flush_task+0xb7/0x19c) from [<c00386df>] (release_task+0x27/0x380)
[<c00386df>] (release_task+0x27/0x380) from [<c0038f35>] (wait_consider_task+0x4fd/0x7b8)
[<c0038f35>] (wait_consider_task+0x4fd/0x7b8) from [<c0039279>] (do_wait+0x89/0x1b0)
[<c0039279>] (do_wait+0x89/0x1b0) from [<c0039413>] (sys_wait4+0x73/0x84)
[<c0039413>] (sys_wait4+0x73/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --5
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c003941b>] (sys_wait4+0x7b/0x84)
[<c003941b>] (sys_wait4+0x7b/0x84) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)
XXXXX(1519) --4
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c0042a2d>] (delayed_put_pid+0x9/0xc)
[<c0042a2d>] (delayed_put_pid+0x9/0xc) from [<c0056ecb>] (rcu_process_callbacks+0x43/0x50)
[<c0056ecb>] (rcu_process_callbacks+0x43/0x50) from [<c003aae1>] (__do_softirq+0x75/0xe8)
[<c003aae1>] (__do_softirq+0x75/0xe8) from [<c003ab91>] (irq_exit+0x3d/0x4c)
[<c003ab91>] (irq_exit+0x3d/0x4c) from [<c002703d>] (_text+0x3d/0x50)
[<c002703d>] (_text+0x3d/0x50) from [<c002774d>] (__irq_svc+0x4d/0xbc)
Exception stack(0xc02eff78 to 0xc02effc0)
ff60:                                                       00000001 00000004 
ff80: c02effa8 00249455 c02ee000 c0316f20 c0017c9c c02f2b98 70015e6c 411fc081 
ffa0: 0000001f 00000000 c02ee040 c02effc0 c004c753 c0028c0e 00000033 ffffffff 
[<c002774d>] (__irq_svc+0x4d/0xbc) from [<c0028c0e>] (default_idle+0x1e/0x20)
[<c0028c0e>] (default_idle+0x1e/0x20) from [<c0028f6b>] (cpu_idle+0x33/0x7c)
[<c0028f6b>] (cpu_idle+0x33/0x7c) from [<c01f9a19>] (rest_init+0x51/0x64)
[<c01f9a19>] (rest_init+0x51/0x64) from [<c000881d>] (start_kernel+0x1b5/0x1f8)
[<c000881d>] (start_kernel+0x1b5/0x1f8) from [<7000803b>] (0x7000803b)
XXXXX(1519) --3
[<c002c031>] (unwind_backtrace+0x1/0x80) from [<c01fc323>] (dump_stack+0xb/0xc)
[<c01fc323>] (dump_stack+0xb/0xc) from [<c00429f5>] (put_pid+0x19/0x48)
[<c00429f5>] (put_pid+0x19/0x48) from [<c012a8c9>] (vt_ioctl+0xbb5/0x131c)
[<c012a8c9>] (vt_ioctl+0xbb5/0x131c) from [<c0124d65>] (tty_ioctl+0x5d9/0x620)
[<c0124d65>] (tty_ioctl+0x5d9/0x620) from [<c007d705>] (vfs_ioctl+0x15/0x50)
[<c007d705>] (vfs_ioctl+0x15/0x50) from [<c007db8d>] (do_vfs_ioctl+0x3a1/0x3c8)
[<c007db8d>] (do_vfs_ioctl+0x3a1/0x3c8) from [<c007dbd7>] (sys_ioctl+0x23/0x34)
[<c007dbd7>] (sys_ioctl+0x23/0x34) from [<c0027c41>] (ret_fast_syscall+0x1/0x40)

10:~# echo scan > /sys/kernel/debug/kmemleak
kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
10:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xdfa30de0 (size 48):
  comm "gdm", pid 1419, jiffies 53918
  hex dump (first 32 bytes):
    02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 04 24 36 de 25 2a 04 c0  .........$6.%*..
  backtrace:
    [<c00737c3>] __save_stack_trace+0x17/0x1c
    [<c0073895>] create_object+0xcd/0x188
    [<c01f9dfb>] kmemleak_alloc+0x1b/0x3c
    [<c007242d>] kmem_cache_alloc+0xa5/0xb4
    [<c0042a6d>] alloc_pid+0x11/0x22c
    [<c0036685>] copy_process+0x831/0xc90
    [<c0036bcf>] do_fork+0xeb/0x228
    [<c002a4a5>] sys_clone+0x1d/0x20
    [<c0027c41>] ret_fast_syscall+0x1/0x40
    [<ffffffff>] 0xffffffff
10:~# 

-- 
Catalin

Re: Possible memory leak via alloc_pid()

[Oleg Nesterov]

On 07/31, Catalin Marinas wrote:
>
> On Thu, 2009-07-30 at 23:29 +0200, Oleg Nesterov wrote:
> >
> > Since you can reproduce the problem easily, perhaps you can use the
> > hack above to track get/put ?
> >
> > 	$ echo pid_of_Xorg > /proc/sys/kernel/xxx
>
> Below is the minicom capture. By the time Xorg dies, the count is 2.

Thanks a lot Catalin.

> When logging out, there are two counter incrementing events via
> sys_wait4 and sys_ioctl, thoush I'm not sure whether they are
> unbalanced.

wait4() is right, ioctl() looks fine too.

> pgrep Xorg
> 1519
> 10:~# pgrep Xorg > /proc/sys/kernel/xxx 
> XXXXX(1519) ==22

Unfortunately there is nothing which looks like a leak. I gueess it is
too late to start the tracking.

I'm afraid this won't really help too, but since nobody has a better
idea for now, perhaps you can do another test?

Pleas rename Xorg to Xorg.origin, and make a simple Xorg script which
does something like

	#!/bin/sh

	echo $$ >> /proc/sys/kernel/xxx
	exec /path/to/Xorg.origin $*

perhaps even this is too late, gdm can do a lot before execing.

Please avoid pgrep/ps/etc, proc adds a lot of noise. Better yet, it
would be nice to start/stop Xorg with /proc unmounted, but I don't
know is this can work without /proc.

Oleg.

Re: Possible memory leak via alloc_pid()

[Eric W. Biederman]

Oleg Nesterov <oleg@redhat.com> writes:

> On 07/31, Catalin Marinas wrote:
>>
>> On Thu, 2009-07-30 at 23:29 +0200, Oleg Nesterov wrote:
>> >
>> > Since you can reproduce the problem easily, perhaps you can use the
>> > hack above to track get/put ?
>> >
>> > 	$ echo pid_of_Xorg > /proc/sys/kernel/xxx
>>
>> Below is the minicom capture. By the time Xorg dies, the count is 2.
>
> Thanks a lot Catalin.
>
>> When logging out, there are two counter incrementing events via
>> sys_wait4 and sys_ioctl, thoush I'm not sure whether they are
>> unbalanced.
>
> wait4() is right, ioctl() looks fine too.
>
>> pgrep Xorg
>> 1519
>> 10:~# pgrep Xorg > /proc/sys/kernel/xxx 
>> XXXXX(1519) ==22
>
> Unfortunately there is nothing which looks like a leak. I gueess it is
> too late to start the tracking.
>
> I'm afraid this won't really help too, but since nobody has a better
> idea for now, perhaps you can do another test?
>
> Pleas rename Xorg to Xorg.origin, and make a simple Xorg script which
> does something like
>
> 	#!/bin/sh
>
> 	echo $$ >> /proc/sys/kernel/xxx
> 	exec /path/to/Xorg.origin $*
>
> perhaps even this is too late, gdm can do a lot before execing.
>
> Please avoid pgrep/ps/etc, proc adds a lot of noise. Better yet, it
> would be nice to start/stop Xorg with /proc unmounted, but I don't
> know is this can work without /proc.

Hmm.  I'm starting to wonder if kmemleak is right.  I don't know how
it works but something about the way pids are used might be confusing it.

Eric

Re: Possible memory leak via alloc_pid()

[Catalin Marinas]

On Sun, 2009-08-02 at 18:44 -0700, Eric W. Biederman wrote:
> Hmm.  I'm starting to wonder if kmemleak is right.  I don't know how
> it works but something about the way pids are used might be confusing it.

It could as well be a false positive but I can't find its source.

Basically, the pid structure for the dead Xorg is still allocated
minutes after Xorg died with a pid->count of 2. Kmemleak scans the data
and bss sections, task stacks and most of the allocated objects (which
are not reported as leaks) but cannot find a pointer to this pid
structure (or anywhere inside it like pid->number.pid_chain).

The supposedly leaked pid structure also have pid_chain.pprev ==
LIST_POISON2 which means that it was already removed from the pid_hash
(this block of memory is scanned by kmemleak anyway).

The free_pid() function was also called on this object according to the
pid->rcu values but put_pid() couldn't free it because of pid->count.

If this structure in not on pid_hash, is there any other place where its
pointer may be stored for a long time? Otherwise it looks like a real
leak (though not a big one).

I'll do more tests in the next few days as suggested by Oleg.

-- 
Catalin

Re: Possible memory leak via alloc_pid()

[Eric W. Biederman]

Catalin Marinas <catalin.marinas@arm.com> writes:

> On Sun, 2009-08-02 at 18:44 -0700, Eric W. Biederman wrote:
>> Hmm.  I'm starting to wonder if kmemleak is right.  I don't know how
>> it works but something about the way pids are used might be confusing it.
>
> It could as well be a false positive but I can't find its source.
>
> Basically, the pid structure for the dead Xorg is still allocated
> minutes after Xorg died with a pid->count of 2. Kmemleak scans the data
> and bss sections, task stacks and most of the allocated objects (which
> are not reported as leaks) but cannot find a pointer to this pid
> structure (or anywhere inside it like pid->number.pid_chain).
>
> The supposedly leaked pid structure also have pid_chain.pprev ==
> LIST_POISON2 which means that it was already removed from the pid_hash
> (this block of memory is scanned by kmemleak anyway).
>
> The free_pid() function was also called on this object according to the
> pid->rcu values but put_pid() couldn't free it because of pid->count.
>
> If this structure in not on pid_hash, is there any other place where its
> pointer may be stored for a long time? Otherwise it looks like a real
> leak (though not a big one).

It depends on how it is used. Pids not on the pid_hash are perfectly
fine.  We use these kinds of long standing pid references to prevent
any chance that pid rollover would be a problem.   There are corner
cases in the SIGIO path and a few other places where we have
these kind of long standing pid references.

Perhaps it comes from the tty switching code?

> I'll do more tests in the next few days as suggested by Oleg.

Thanks, and thanks for spotting into and looking into this.

Eric

Re: Possible memory leak via alloc_pid()

[Catalin Marinas]

Hi Oleg,

Sorry for the long delay with this investigation, I got distracted to
other tasks.

Oleg Nesterov <oleg@redhat.com> wrote:
> Pleas rename Xorg to Xorg.origin, and make a simple Xorg script which
> does something like
>
> 	#!/bin/sh
>
> 	echo $$ >> /proc/sys/kernel/xxx
> 	exec /path/to/Xorg.origin $*
>
> perhaps even this is too late, gdm can do a lot before execing.

I did this change and I copied the output below. The refcount log
starts at 12 but when the task exits, it is 2, hence the suspected
leak. I also ran a dummy script (i.e. without the exec line above) and
the refcount also starts at 12 but finishes at 0 (no leak). I think
this suspected leak is something specific to what the X server does.


XXXXX(1333) ==12
XXXXX(1333) ++12
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c0171844>] (__proc_set_tty+0x60/0x12c)
[<c0171844>] (__proc_set_tty+0x60/0x12c) from [<c017437c>] (tty_open+0x39c/0x444)
[<c017437c>] (tty_open+0x39c/0x444) from [<c00a2308>] (chrdev_open+0x178/0x198)
[<c00a2308>] (chrdev_open+0x178/0x198) from [<c009dbcc>] (__dentry_open+0x14c/0x268)
[<c009dbcc>] (__dentry_open+0x14c/0x268) from [<c009ddb0>] (nameidata_to_filp+0x44/0x58)
[<c009ddb0>] (nameidata_to_filp+0x44/0x58) from [<c00aaa14>] (do_filp_open+0x408/0x820)
[<c00aaa14>] (do_filp_open+0x408/0x820) from [<c009d9a0>] (do_sys_open+0x58/0x10c)
[<c009d9a0>] (do_sys_open+0x58/0x10c) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) ++13
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c0171898>] (__proc_set_tty+0xb4/0x12c)
[<c0171898>] (__proc_set_tty+0xb4/0x12c) from [<c017437c>] (tty_open+0x39c/0x444)
[<c017437c>] (tty_open+0x39c/0x444) from [<c00a2308>] (chrdev_open+0x178/0x198)
[<c00a2308>] (chrdev_open+0x178/0x198) from [<c009dbcc>] (__dentry_open+0x14c/0x268)
[<c009dbcc>] (__dentry_open+0x14c/0x268) from [<c009ddb0>] (nameidata_to_filp+0x44/0x58)
[<c009ddb0>] (nameidata_to_filp+0x44/0x58) from [<c00aaa14>] (do_filp_open+0x408/0x820)
[<c00aaa14>] (do_filp_open+0x408/0x820) from [<c009d9a0>] (do_sys_open+0x58/0x10c)
[<c009d9a0>] (do_sys_open+0x58/0x10c) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) ++14
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c017b8ac>] (vt_ioctl+0x1168/0x1c0c)
[<c017b8ac>] (vt_ioctl+0x1168/0x1c0c) from [<c017385c>] (tty_ioctl+0x880/0x920)
[<c017385c>] (tty_ioctl+0x880/0x920) from [<c00abc50>] (vfs_ioctl+0x2c/0x8c)
[<c00abc50>] (vfs_ioctl+0x2c/0x8c) from [<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0)
[<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0) from [<c00ac38c>] (sys_ioctl+0x34/0x54)
[<c00ac38c>] (sys_ioctl+0x34/0x54) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) ++15
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c00ab42c>] (f_modown+0x60/0xcc)
[<c00ab42c>] (f_modown+0x60/0xcc) from [<c00ab4b0>] (__f_setown+0x8/0x10)
[<c00ab4b0>] (__f_setown+0x8/0x10) from [<c00ab8a4>] (sys_fcntl64+0x70/0x84)
[<c00ab8a4>] (sys_fcntl64+0x70/0x84) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) ++16
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ace0>] (get_task_pid+0x40/0x60)
[<c005ace0>] (get_task_pid+0x40/0x60) from [<c00d8898>] (proc_pid_make_inode+0x50/0x9c)
[<c00d8898>] (proc_pid_make_inode+0x50/0x9c) from [<c00dacf4>] (proc_pident_instantiate+0x18/0x98)
[<c00dacf4>] (proc_pident_instantiate+0x18/0x98) from [<c00daf08>] (proc_pident_lookup+0x90/0xd0)
[<c00daf08>] (proc_pident_lookup+0x90/0xd0) from [<c00a75f0>] (do_lookup+0xbc/0x180)
[<c00a75f0>] (do_lookup+0xbc/0x180) from [<c00a93ec>] (__link_path_walk+0x9d8/0xed8)
[<c00a93ec>] (__link_path_walk+0x9d8/0xed8) from [<c00a9aac>] (path_walk+0x44/0x8c)
[<c00a9aac>] (path_walk+0x44/0x8c) from [<c00a9b80>] (do_path_lookup+0x24/0x4c)
[<c00a9b80>] (do_path_lookup+0x24/0x4c) from [<c00aa6c4>] (do_filp_open+0xb8/0x820)
[<c00aa6c4>] (do_filp_open+0xb8/0x820) from [<c009d9a0>] (do_sys_open+0x58/0x10c)
[<c009d9a0>] (do_sys_open+0x58/0x10c) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) ++17
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ac80>] (find_get_pid+0x30/0x50)
[<c005ac80>] (find_get_pid+0x30/0x50) from [<c004cae0>] (sys_wait4+0x70/0xb8)
[<c004cae0>] (sys_wait4+0x70/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --18
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00a096c>] (__fput+0x140/0x1c8)
[<c00a096c>] (__fput+0x140/0x1c8) from [<c009d7e4>] (filp_close+0x70/0x7c)
[<c009d7e4>] (filp_close+0x70/0x7c) from [<c009d884>] (sys_close+0x94/0xe4)
[<c009d884>] (sys_close+0x94/0xe4) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --17
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c017b87c>] (vt_ioctl+0x1138/0x1c0c)
[<c017b87c>] (vt_ioctl+0x1138/0x1c0c) from [<c017385c>] (tty_ioctl+0x880/0x920)
[<c017385c>] (tty_ioctl+0x880/0x920) from [<c00abc50>] (vfs_ioctl+0x2c/0x8c)
[<c00abc50>] (vfs_ioctl+0x2c/0x8c) from [<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0)
[<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0) from [<c00ac38c>] (sys_ioctl+0x34/0x54)
[<c00ac38c>] (sys_ioctl+0x34/0x54) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) ++16
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c017b8ac>] (vt_ioctl+0x1168/0x1c0c)
[<c017b8ac>] (vt_ioctl+0x1168/0x1c0c) from [<c017385c>] (tty_ioctl+0x880/0x920)
[<c017385c>] (tty_ioctl+0x880/0x920) from [<c00abc50>] (vfs_ioctl+0x2c/0x8c)
[<c00abc50>] (vfs_ioctl+0x2c/0x8c) from [<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0)
[<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0) from [<c00ac38c>] (sys_ioctl+0x34/0x54)
[<c00ac38c>] (sys_ioctl+0x34/0x54) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --17
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --16
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --15
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --14
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --13
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --12
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --11
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --10
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --9
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --8
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --7
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00aeb00>] (__shrink_dcache_sb+0x284/0x324)
[<c00aeb00>] (__shrink_dcache_sb+0x284/0x324) from [<c00aed9c>] (shrink_dcache_parent+0x2c/0x114)
[<c00aed9c>] (shrink_dcache_parent+0x2c/0x114) from [<c00db418>] (proc_flush_task+0xa4/0x280)
[<c00db418>] (proc_flush_task+0xa4/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --6
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c00d7dd8>] (proc_delete_inode+0x20/0x4c)
[<c00d7dd8>] (proc_delete_inode+0x20/0x4c) from [<c00b241c>] (generic_delete_inode+0xac/0x150)
[<c00b241c>] (generic_delete_inode+0xac/0x150) from [<c00b1618>] (iput+0x64/0x78)
[<c00b1618>] (iput+0x64/0x78) from [<c00ae854>] (d_kill+0x3c/0x64)
[<c00ae854>] (d_kill+0x3c/0x64) from [<c00af160>] (dput+0x190/0x1ac)
[<c00af160>] (dput+0x190/0x1ac) from [<c00db48c>] (proc_flush_task+0x118/0x280)
[<c00db48c>] (proc_flush_task+0x118/0x280) from [<c004bac8>] (release_task+0x40/0x3a4)
[<c004bac8>] (release_task+0x40/0x3a4) from [<c004c32c>] (wait_consider_task+0x500/0x9c0)
[<c004c32c>] (wait_consider_task+0x500/0x9c0) from [<c004c8a8>] (do_wait+0xbc/0x284)
[<c004c8a8>] (do_wait+0xbc/0x284) from [<c004cb10>] (sys_wait4+0xa0/0xb8)
[<c004cb10>] (sys_wait4+0xa0/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --5
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c004cb1c>] (sys_wait4+0xac/0xb8)
[<c004cb1c>] (sys_wait4+0xac/0xb8) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)
XXXXX(1333) --4
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c0078dd8>] (__rcu_process_callbacks+0x1b4/0x244)
[<c0078dd8>] (__rcu_process_callbacks+0x1b4/0x244) from [<c0078ea4>] (rcu_process_callbacks+0x3c/0x68)
[<c0078ea4>] (rcu_process_callbacks+0x3c/0x68) from [<c004edf8>] (__do_softirq+0x8c/0x11c)
[<c004edf8>] (__do_softirq+0x8c/0x11c) from [<c002e3dc>] (do_local_timer+0x50/0x80)
[<c002e3dc>] (do_local_timer+0x50/0x80) from [<c002ebd8>] (__irq_svc+0x38/0xc0)
Exception stack(0xc0389f70 to 0xc0389fb8)
9f60:                                     00000000 00000000 c0389fb8 00000000 
9f80: c0388000 c07e8000 007cf000 00000004 c03af048 410fb020 c03a9c40 00000000 
9fa0: 00000001 c0389fb8 c00301f4 c00301f8 60000013 ffffffff                   
[<c002ebd8>] (__irq_svc+0x38/0xc0) from [<c00301f8>] (default_idle+0x24/0x28)
[<c00301f8>] (default_idle+0x24/0x28) from [<c00306f8>] (cpu_idle+0x84/0xd8)
[<c00306f8>] (cpu_idle+0x84/0xd8) from [<c0008cb4>] (start_kernel+0x2d4/0x330)
[<c0008cb4>] (start_kernel+0x2d4/0x330) from [<70008080>] (0x70008080)
XXXXX(1333) --3
[<c0035964>] (unwind_backtrace+0x0/0xdc) from [<c005ad2c>] (put_pid+0x2c/0x80)
[<c005ad2c>] (put_pid+0x2c/0x80) from [<c017b87c>] (vt_ioctl+0x1138/0x1c0c)
[<c017b87c>] (vt_ioctl+0x1138/0x1c0c) from [<c017385c>] (tty_ioctl+0x880/0x920)
[<c017385c>] (tty_ioctl+0x880/0x920) from [<c00abc50>] (vfs_ioctl+0x2c/0x8c)
[<c00abc50>] (vfs_ioctl+0x2c/0x8c) from [<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0)
[<c00ac2fc>] (do_vfs_ioctl+0x554/0x5b0) from [<c00ac38c>] (sys_ioctl+0x34/0x54)
[<c00ac38c>] (sys_ioctl+0x34/0x54) from [<c002efc0>] (ret_fast_syscall+0x0/0x28)

10:~# echo scan > /sys/kernel/debug/kmemleak 
kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
10:~# cat /sys/kernel/debug/kmemleak 
unreferenced object 0xdb58c700 (size 64):
  comm "gdm", pid 1331, jiffies 19732
  hex dump (first 32 bytes):
    02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 14 16 e6 de 80 ad 05 c0  ................
  backtrace:
    [<c009d44c>] create_object+0x104/0x20c
    [<c009accc>] kmem_cache_alloc+0xc0/0xcc
    [<c005addc>] alloc_pid+0x18/0x358
    [<c00488b4>] copy_process+0x8a4/0xf00
    [<c0049074>] do_fork+0x164/0x2a8
    [<c002efc0>] ret_fast_syscall+0x0/0x28
    [<ffffffff>] 0xffffffff


Thanks.

-- 
Catalin