From: Eric W. Biederman Ok. This was hard to track down only because /proc/slabinfo gives an imprecise use count. After creating a hack to report precisely how many times the task_struct was allocated of freed. It was easy to see that every trigger even only increased this the number of leaked task_struct by one. After that it was just a matter of narrowing down where what triggered it and what function was missing this. stat /proc/self/fd/0 turned out to be my simple and reliable reproducer. Doing the same kinds of tests I could not trigger this any other way, so that should be the last of reference counting bugs for me to track. Signed-off-by: Eric W. Biederman Signed-off-by: Andrew Morton --- fs/proc/base.c | 1 + 1 files changed, 1 insertion(+) diff -puN fs/proc/base.c~proc-dont-lock-task_structs-indefinitely-always-drop-the-reference-count-in-tid_fd_revalidate fs/proc/base.c --- devel/fs/proc/base.c~proc-dont-lock-task_structs-indefinitely-always-drop-the-reference-count-in-tid_fd_revalidate 2006-03-09 20:55:54.000000000 -0800 +++ devel-akpm/fs/proc/base.c 2006-03-09 20:55:54.000000000 -0800 @@ -1413,6 +1413,7 @@ static int tid_fd_revalidate(struct dent inode->i_gid = 0; } security_task_to_inode(task, inode); + put_task_struct(task); return 1; } rcu_read_unlock(); _