Memory leak on failed connection attempt

Memory leak on failed connection attempt

[Tomas Targownik]

I am trying to track down a memory leak that is occurring in bluez4
v4.87 running on Linux 2.6.32.21, on an ARMv5 device. Unfortunately with
my somewhat limited bluetooth stack expertise, there is only so much I
can understand in the debugging process, so I do hope that someone can
offer their advice on this issue, or even just point me in the right
direction. 

I have an ARMv5 based device (pxa270) with an infineon PBA31308
bluetooth module, configured to create a PAN connection with a remote
device.
The PAND command line arguments being used are the following-
PAND_OPTIONS="--role GN --service PANU --connect 00:0A:94:02:A5:7A
--persist"

I have found that if the ARM device cannot connect to the remote device
(i.e. The remote bluetooth device is not present), then I am seeing a
512 byte leak on every subsequent connection attempt (roughly every 10
seconds). This leak only occurs once if I remove the '--persist' option
to PAND, however this is not a viable solution as I do require the
'persist' option for my application. Again, this leak only occurs if the
connection attempt fails. When a connection is established and being
utilised, there is no leak.

I am detecting the leak using kmemleak, and the leak in question gives
the following output (cat /sys/kernel/debug/kmemleak)-
-----------------------------------------------------------------------------------------------------------
unreferenced object 0xc2cfb600 (size 512):
  comm "softirq", pid 0, jiffies 159696
  hex dump (first 32 bytes):
    00 01 10 00 00 02 20 00 00 00 00 00 17 49 0f dc  ...... ......I..
    1b 00 00 00 09 00 00 01 01 01 00 00 00 00 00 00  ................
  backtrace:
    [<c0086d84>] create_object+0x120/0x210
    [<c01ad9e8>] kmemleak_alloc+0x40/0x84
    [<c0084700>] kmem_cache_alloc+0x98/0xcc
    [<bf124e78>] hci_conn_add+0x28/0x238 [bluetooth]
    [<bf1252b8>] hci_connect+0x8c/0x270 [bluetooth]
    [<bf148c7c>] l2cap_sock_connect+0x1bc/0x37c [l2cap]
    [<c0145678>] sys_connect+0x74/0x98
    [<c0025f20>] ret_fast_syscall+0x0/0x28
    [<ffffffff>] 0xffffffff
unreferenced object 0xc2cfbc00 (size 512):
  comm "softirq", pid 0, jiffies 161221
  hex dump (first 32 bytes):
    00 01 10 00 00 02 20 00 00 00 00 00 17 49 0f dc  ...... ......I..
    1b 00 00 00 09 00 00 01 01 01 00 00 00 00 00 00  ................
  backtrace:
    [<c0086d84>] create_object+0x120/0x210
    [<c01ad9e8>] kmemleak_alloc+0x40/0x84
    [<c0084700>] kmem_cache_alloc+0x98/0xcc
    [<bf124e78>] hci_conn_add+0x28/0x238 [bluetooth]
    [<bf1252b8>] hci_connect+0x8c/0x270 [bluetooth]
    [<bf148c7c>] l2cap_sock_connect+0x1bc/0x37c [l2cap]
    [<c0145678>] sys_connect+0x74/0x98
    [<c0025f20>] ret_fast_syscall+0x0/0x28
    [<ffffffff>] 0xffffffff
-----------------------------------------------------------------------------------------------------------

The leak shown above continues to be generated about once every 10
seconds if the "persist" option is enabled and the connection attempt
fails, and after a month of continuous running my poor ARM device is
exhausted of memory, and 'cat /proc/meminfo' shows the 'SUnreclaim'
value has grown quite large. The 'free' command quite clearly shows me
that there is no memory left on the device, as well.

If it is any help, the debug line from within
hci_core.c-->hci_send_cmd() 
    -->BT_DBG("%s opcode 0x%x plen %d", hdev->name, opcode, plen);

shows the following output every time there is a new leak:
    -->hci0 opcode 0x405 plen 13

Every time the above command is sent (once every 10 seconds) I am seeing
a new 512b memory leak.

I have had a look through the list to see if this issue has been patched
or mentioned, and the closest bug I could find that vaguely resembled my
problem is here-
http://marc.info/?l=linux-bluetooth&m=125890998917495&w=2

I have tried applying the changes in the patch provided but the memory
leak is still present, so I assume this patch was for a different
problem.

If anybody knows what could be happening here, or has any advice to
offer at all regarding this issue, it would be more than appreciated. 
Please let me know if more debugging information is required.

Thank you, 
Tomas Targownik

Re: Memory leak on failed connection attempt

[Gustavo F. Padovan]

Hi Tomas,

* Tomas Targownik <ttargownik@geicp.com> [2011-06-02 16:48:13 +1000]:

> I am trying to track down a memory leak that is occurring in bluez4
> v4.87 running on Linux 2.6.32.21, on an ARMv5 device. Unfortunately with
> my somewhat limited bluetooth stack expertise, there is only so much I
> can understand in the debugging process, so I do hope that someone can
> offer their advice on this issue, or even just point me in the right
> direction. 

Can you try an upstream kernel and check if this still happens? 2.6.32 is
quite old.

-- 
Gustavo F. Padovan
http://profusion.mobi

Re: Memory leak on failed connection attempt

[Tomas Targownik]

On Thu, 2011-06-02 at 10:57 -0300, Gustavo F. Padovan wrote:
> Hi Tomas,
> ...
> Can you try an upstream kernel and check if this still happens? 2.6.32 is
> quite old.

Hi Gustavo, and thank you for the advice. I've managed to port my device
to linux-2.6.39.1, and have also upgraded to the latest Bluez4 v4.94,
and I am still seeing the leak on failed connection attempts. The output
shown by 'cat /sys/kernel/debug/kmemleak' has changed slightly, however-

unreferenced object 0xc2ce0600 (size 512):
  comm "softirq", pid 0, jiffies 4294956138 (age 56.420s)
  hex dump (first 32 bytes):
    00 01 10 00 00 02 20 00 00 00 00 00 7a a5 02 94  ...... .....z...
    0a 00 00 00 09 00 00 01 01 01 00 00 00 00 00 00  ................
  backtrace:
    [<c00da3ac>] create_object+0x120/0x210
    [<c021d058>] kmemleak_alloc+0x40/0x74
    [<c00d7cd4>] kmem_cache_alloc+0x9c/0xd0
    [<bf055f54>] hci_conn_add+0x30/0x268 [bluetooth]
    [<bf056504>] hci_connect+0x1d4/0x3e8 [bluetooth]
    [<bf0637f8>] l2cap_do_connect+0xfc/0x304 [bluetooth]
    [<bf066c84>] l2cap_sock_connect+0x180/0x1dc [bluetooth]
    [<c01a9458>] sys_connect+0x74/0x98
    [<c0070fc0>] ret_fast_syscall+0x0/0x2c
    [<ffffffff>] 0xffffffff
unreferenced object 0xc2c4ee00 (size 512):
  comm "softirq", pid 0, jiffies 4294957663 (age 41.170s)
  hex dump (first 32 bytes):
    00 01 10 00 00 02 20 00 00 00 00 00 7a a5 02 94  ...... .....z...
    0a 00 00 00 09 00 00 01 01 01 00 00 00 00 00 00  ................
  backtrace:
    [<c00da3ac>] create_object+0x120/0x210
    [<c021d058>] kmemleak_alloc+0x40/0x74
    [<c00d7cd4>] kmem_cache_alloc+0x9c/0xd0
    [<bf055f54>] hci_conn_add+0x30/0x268 [bluetooth]
    [<bf056504>] hci_connect+0x1d4/0x3e8 [bluetooth]
    [<bf0637f8>] l2cap_do_connect+0xfc/0x304 [bluetooth]
    [<bf066c84>] l2cap_sock_connect+0x180/0x1dc [bluetooth]
    [<c01a9458>] sys_connect+0x74/0x98
    [<c0070fc0>] ret_fast_syscall+0x0/0x2c
    [<ffffffff>] 0xffffffff

Can anybody else confirm this?

Thank you, 
Tomas Targownik

Re: Memory leak on failed connection attempt

[Tomas Targownik]

To clarify this problem, I am observing the memory leak when I issue the
command shown below. The debug function sequence is also listed. The
remote bluetooth dongle must be physically unplugged to reproduce this
leak. If the remote dongle is plugged in, regardless of whether pairing
succeeds/fails, no leak occurs. Furthermore, this leak will continually
repeat itself if the '--persist' option is passed to pand, and the
remote bluetooth dongle is physically unplugged.

root@mydevice:~# pand --role GN --service PANU --connect
00:0A:94:02:A5:7A

[  341.880327] bnep_sock_create: sock c3478cf8
[  341.892856] bnep_sock_ioctl: cmd 800442d2 arg be9dcae0
[  341.959624] l2cap_sock_create: sock c3478e60
[  341.964300] l2cap_sock_init: sk c3115400
[  341.976147] l2cap_sock_getsockopt: sk c3115400
[  341.980617] l2cap_sock_getsockopt_old: sk c3115400
[  341.993539] l2cap_sock_setsockopt: sk c3115400
[  341.998011] l2cap_sock_setsockopt_old: sk c3115400
[  342.012246] l2cap_sock_bind: sk c3115400
[  342.016357] l2cap_sock_connect: sk c3115400
[  342.020572] l2cap_do_connect: 00:00:00:00:00:00 -> 00:0A:94:02:A5:7A
psm 0x0f
[  342.027973] hci_get_route: 00:00:00:00:00:00 -> 00:0A:94:02:A5:7A
[  342.034095] hci_connect: hci0 dst 00:0A:94:02:A5:7A
[  342.038972] hci_conn_add: hci0 dst 00:0A:94:02:A5:7A
[  342.044084] hci_conn_init_sysfs: conn c3b92a00
[  342.048540] hci_acl_connect: c3b92a00
[  342.052252] hci_inquiry_cache_lookup: cache c30bb2b0,
00:0A:94:02:A5:7A
[  342.058854] hci_send_cmd: hci0 opcode 0x405 plen 13
[  342.063830] hci_send_cmd: skb len 16
[  342.067440] l2cap_conn_add: hcon c3b92a00 conn c31616c0
[  342.072699] __l2cap_chan_add: conn c31616c0, psm 0x0f, dcid 0x0000
[  342.078869] l2cap_sock_set_timer: sk c3115400 state 5 timeout 4000
[  342.085083] hci_cmd_task: hci0 cmd 1
[  342.088787] hci_send_frame: hci0 type 1 len 16
[  342.093355] hci_send_to_sock: hdev c30bb000 len 16
[  342.098147] hci_uart_send_frame: hci0: type 1 len 16
[  342.103133] h4_enqueue: hu c39eda20 skb c38ac2b8
[  342.107739] hci_uart_tx_wakeup: 
[  342.111041] hci_uart_tty_wakeup: 
[  342.114474] hci_uart_tx_wakeup: 
[  342.117743] bt_sock_wait_state: sk c3115400
[  342.124366] hci_rx_task: hci0
[  342.127397] hci_send_to_sock: hdev c30bb000 len 6
[  342.132373] hci_cs_create_conn: hci0 status 0x0
[  342.136895] hci_sent_cmd_data: hci0 opcode 0x405
[  342.141559] hci_cs_create_conn: hci0 bdaddr 00:0A:94:02:A5:7A conn
c3b92a00
[  342.148881] bt_sock_poll: sock c346c1d8, sk c3167000
[  342.154111] bt_sock_poll: sock c346c8e0, sk c3115c00
[  342.177492] hci_sock_recvmsg: sock c346c778, sk c304b000
[  342.196513] hci_sock_create: sock c3478a28
[  342.200848] hci_sock_ioctl: cmd 800448d3 arg be9f8a8c
[  342.206119] hci_dev_get: 0
[  342.208825] hci_del_off_timer: hci0
[  342.228800] hci_sock_release: sock c3478a28 sk c3b71a00
[  342.244488] bt_sock_poll: sock c346c1d8, sk c3167000
[  342.249500] bt_sock_poll: sock c346c8e0, sk c3115c00
[  352.353690] hci_rx_task: hci0
[  352.356725] hci_send_to_sock: hdev c30bb000 len 13
[  352.361773] hci_conn_complete_evt: hci0
[  352.365697] hci_send_to_sock: hdev   (null) len 13
[  352.370553] hci_sco_setup: c3b92a00
[  352.374152] l2cap_connect_cfm: hcon c3b92a00 bdaddr 00:0A:94:02:A5:7A
status 4
[  352.381389] l2cap_conn_del: hcon c3b92a00 conn c31616c0, err 112
[  352.387378] l2cap_sock_clear_timer: sock c3115400 state 5
[  352.392794] l2cap_chan_del: sk c3115400, conn c31616c0, err 112
[  352.398771] hci_conn_del: hci0 conn c3b92a00 handle 0
[  352.403860] hci_conn_check_pending: hdev hci0
[  352.411925] bt_sock_poll: sock c346c1d8, sk c3167000
[  352.416931] bt_sock_poll: sock c346c8e0, sk c3115c00
[  352.423535] l2cap_sock_release: sock c3478e60, sk c3115400
[  352.429161] l2cap_sock_shutdown: sock c3478e60, sk c3115400
[  352.434837] l2cap_sock_clear_timer: sock c3115400 state 9
[  352.440223] __l2cap_sock_close: sk c3115400 state 9 socket c3478e60
[  352.446498] l2cap_sock_kill: sk c3115400 state 9
[  352.451103] l2cap_sock_destruct: sk c3115400
[  352.482403] hci_sock_recvmsg: sock c346c778, sk c304b000
[  352.488056] hci_sock_create: sock c3478e60
[  352.495035] bnep_sock_release: sock c3478cf8 sk c3b92400
[  352.516755] hci_sock_ioctl: cmd 800448d3 arg be9f8a8c
[  352.522076] hci_dev_get: 0
[  352.524782] hci_del_off_timer: hci0
[  352.537497] hci_sock_release: sock c3478e60 sk c3b92200
[  352.547924] bt_sock_poll: sock c346c1d8, sk c3167000
[  352.553185] bt_sock_poll: sock c346c8e0, sk c3115c00

root@mydevice:~# echo scan > /sys/kernel/debug/kmemleak
[  377.130389] kmemleak: 1 new suspected memory leaks
(see /sys/kernel/debug/kmemleak)

root@mydevice:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xc3b92a00 (size 512):
  comm "softirq", pid 0, jiffies 4203 (age 932.360s)
  hex dump (first 32 bytes):
    00 01 10 00 00 02 20 00 00 00 00 00 7a a5 02 94  ...... .....z...
    0a 00 00 00 09 00 00 01 01 01 00 00 00 00 00 00  ................
  backtrace:
    [<c00dee34>] create_object+0x120/0x210
    [<c0224d98>] kmemleak_alloc+0x7c/0xc0
    [<c00dc024>] kmem_cache_alloc+0x104/0x138
    [<bf05f250>] hci_conn_add+0x5c/0x2a4 [bluetooth]
    [<bf05f89c>] hci_connect+0x1f8/0x418 [bluetooth]
    [<bf06f1d0>] l2cap_do_connect+0x134/0x344 [bluetooth]
    [<bf072fd4>] l2cap_sock_connect+0x1a4/0x20c [bluetooth]
    [<c01b0cdc>] sys_connect+0x74/0x98
    [<c0071fc0>] ret_fast_syscall+0x0/0x2c
    [<ffffffff>] 0xffffffff



Thank you, 
Tomas Targownik

Re: Memory leak on failed connection attempt

[Gustavo F. Padovan]

Hi Tomas,

* Tomas Targownik <ttargownik@geicp.com> [2011-06-16 09:22:35 +1000]:

> To clarify this problem, I am observing the memory leak when I issue the
> command shown below. The debug function sequence is also listed. The
> remote bluetooth dongle must be physically unplugged to reproduce this
> leak. If the remote dongle is plugged in, regardless of whether pairing
> succeeds/fails, no leak occurs. Furthermore, this leak will continually
> repeat itself if the '--persist' option is passed to pand, and the
> remote bluetooth dongle is physically unplugged.
> 
> root@mydevice:~# pand --role GN --service PANU --connect
> 00:0A:94:02:A5:7A
> 
> [  341.880327] bnep_sock_create: sock c3478cf8
> [  341.892856] bnep_sock_ioctl: cmd 800442d2 arg be9dcae0
> [  341.959624] l2cap_sock_create: sock c3478e60
> [  341.964300] l2cap_sock_init: sk c3115400
> [  341.976147] l2cap_sock_getsockopt: sk c3115400
> [  341.980617] l2cap_sock_getsockopt_old: sk c3115400
> [  341.993539] l2cap_sock_setsockopt: sk c3115400
> [  341.998011] l2cap_sock_setsockopt_old: sk c3115400
> [  342.012246] l2cap_sock_bind: sk c3115400
> [  342.016357] l2cap_sock_connect: sk c3115400
> [  342.020572] l2cap_do_connect: 00:00:00:00:00:00 -> 00:0A:94:02:A5:7A
> psm 0x0f
> [  342.027973] hci_get_route: 00:00:00:00:00:00 -> 00:0A:94:02:A5:7A
> [  342.034095] hci_connect: hci0 dst 00:0A:94:02:A5:7A
> [  342.038972] hci_conn_add: hci0 dst 00:0A:94:02:A5:7A
> [  342.044084] hci_conn_init_sysfs: conn c3b92a00
> [  342.048540] hci_acl_connect: c3b92a00
> [  342.052252] hci_inquiry_cache_lookup: cache c30bb2b0,
> 00:0A:94:02:A5:7A
> [  342.058854] hci_send_cmd: hci0 opcode 0x405 plen 13
> [  342.063830] hci_send_cmd: skb len 16
> [  342.067440] l2cap_conn_add: hcon c3b92a00 conn c31616c0
> [  342.072699] __l2cap_chan_add: conn c31616c0, psm 0x0f, dcid 0x0000
> [  342.078869] l2cap_sock_set_timer: sk c3115400 state 5 timeout 4000
> [  342.085083] hci_cmd_task: hci0 cmd 1
> [  342.088787] hci_send_frame: hci0 type 1 len 16
> [  342.093355] hci_send_to_sock: hdev c30bb000 len 16
> [  342.098147] hci_uart_send_frame: hci0: type 1 len 16
> [  342.103133] h4_enqueue: hu c39eda20 skb c38ac2b8
> [  342.107739] hci_uart_tx_wakeup: 
> [  342.111041] hci_uart_tty_wakeup: 
> [  342.114474] hci_uart_tx_wakeup: 
> [  342.117743] bt_sock_wait_state: sk c3115400
> [  342.124366] hci_rx_task: hci0
> [  342.127397] hci_send_to_sock: hdev c30bb000 len 6
> [  342.132373] hci_cs_create_conn: hci0 status 0x0
> [  342.136895] hci_sent_cmd_data: hci0 opcode 0x405
> [  342.141559] hci_cs_create_conn: hci0 bdaddr 00:0A:94:02:A5:7A conn
> c3b92a00
> [  342.148881] bt_sock_poll: sock c346c1d8, sk c3167000
> [  342.154111] bt_sock_poll: sock c346c8e0, sk c3115c00
> [  342.177492] hci_sock_recvmsg: sock c346c778, sk c304b000
> [  342.196513] hci_sock_create: sock c3478a28
> [  342.200848] hci_sock_ioctl: cmd 800448d3 arg be9f8a8c
> [  342.206119] hci_dev_get: 0
> [  342.208825] hci_del_off_timer: hci0
> [  342.228800] hci_sock_release: sock c3478a28 sk c3b71a00
> [  342.244488] bt_sock_poll: sock c346c1d8, sk c3167000
> [  342.249500] bt_sock_poll: sock c346c8e0, sk c3115c00
> [  352.353690] hci_rx_task: hci0
> [  352.356725] hci_send_to_sock: hdev c30bb000 len 13
> [  352.361773] hci_conn_complete_evt: hci0
> [  352.365697] hci_send_to_sock: hdev   (null) len 13
> [  352.370553] hci_sco_setup: c3b92a00
> [  352.374152] l2cap_connect_cfm: hcon c3b92a00 bdaddr 00:0A:94:02:A5:7A
> status 4
> [  352.381389] l2cap_conn_del: hcon c3b92a00 conn c31616c0, err 112
> [  352.387378] l2cap_sock_clear_timer: sock c3115400 state 5
> [  352.392794] l2cap_chan_del: sk c3115400, conn c31616c0, err 112
> [  352.398771] hci_conn_del: hci0 conn c3b92a00 handle 0
> [  352.403860] hci_conn_check_pending: hdev hci0
> [  352.411925] bt_sock_poll: sock c346c1d8, sk c3167000
> [  352.416931] bt_sock_poll: sock c346c8e0, sk c3115c00
> [  352.423535] l2cap_sock_release: sock c3478e60, sk c3115400
> [  352.429161] l2cap_sock_shutdown: sock c3478e60, sk c3115400
> [  352.434837] l2cap_sock_clear_timer: sock c3115400 state 9
> [  352.440223] __l2cap_sock_close: sk c3115400 state 9 socket c3478e60
> [  352.446498] l2cap_sock_kill: sk c3115400 state 9
> [  352.451103] l2cap_sock_destruct: sk c3115400
> [  352.482403] hci_sock_recvmsg: sock c346c778, sk c304b000
> [  352.488056] hci_sock_create: sock c3478e60
> [  352.495035] bnep_sock_release: sock c3478cf8 sk c3b92400
> [  352.516755] hci_sock_ioctl: cmd 800448d3 arg be9f8a8c
> [  352.522076] hci_dev_get: 0
> [  352.524782] hci_del_off_timer: hci0
> [  352.537497] hci_sock_release: sock c3478e60 sk c3b92200
> [  352.547924] bt_sock_poll: sock c346c1d8, sk c3167000
> [  352.553185] bt_sock_poll: sock c346c8e0, sk c3115c00
> 
> root@mydevice:~# echo scan > /sys/kernel/debug/kmemleak
> [  377.130389] kmemleak: 1 new suspected memory leaks
> (see /sys/kernel/debug/kmemleak)
> 
> root@mydevice:~# cat /sys/kernel/debug/kmemleak
> unreferenced object 0xc3b92a00 (size 512):
>   comm "softirq", pid 0, jiffies 4203 (age 932.360s)
>   hex dump (first 32 bytes):
>     00 01 10 00 00 02 20 00 00 00 00 00 7a a5 02 94  ...... .....z...
>     0a 00 00 00 09 00 00 01 01 01 00 00 00 00 00 00  ................
>   backtrace:
>     [<c00dee34>] create_object+0x120/0x210
>     [<c0224d98>] kmemleak_alloc+0x7c/0xc0
>     [<c00dc024>] kmem_cache_alloc+0x104/0x138
>     [<bf05f250>] hci_conn_add+0x5c/0x2a4 [bluetooth]
>     [<bf05f89c>] hci_connect+0x1f8/0x418 [bluetooth]
>     [<bf06f1d0>] l2cap_do_connect+0x134/0x344 [bluetooth]
>     [<bf072fd4>] l2cap_sock_connect+0x1a4/0x20c [bluetooth]
>     [<c01b0cdc>] sys_connect+0x74/0x98
>     [<c0071fc0>] ret_fast_syscall+0x0/0x2c
>     [<ffffffff>] 0xffffffff


I also need the hcidump output of this.

	Gustavo

Re: Memory leak on failed connection attempt

[Tomas Targownik]

On Thu, 2011-06-16 at 18:26 -0300, Gustavo F. Padovan wrote:
> Hi Tomas,
> [...]
> I also need the hcidump output of this.
>

Hi Gustavo, 

When running this command, with the remote dongle physically unplugged-
root@mydevice:~# pand --role GN --service PANU --connect
00:0A:94:02:A5:7A

The hcidump output is-
HCI sniffer - Bluetooth packet analyzer ver 2.1
device: hci0 snap_len: 1028 filter: 0xffffffff
< HCI Command: Create Connection (0x01|0x0005) plen 13
    bdaddr 00:0A:94:02:A5:7A ptype 0xcc18 rswitch 0x01 clkoffset 0x0000
    Packet type: DM1 DM3 DM5 DH1 DH3 DH5 
> HCI Event: Command Status (0x0f) plen 4
    Create Connection (0x01|0x0005) status 0x00 ncmd 1
> HCI Event: Connect Complete (0x03) plen 11
    status 0x04 handle 65535 bdaddr 00:0A:94:02:A5:7A type ACL encrypt
0x00
    Error: Page Timeout


I noticed that the leak does not occur on the first run of this command.
The leak appears on the second, and all subsequent runs. The hcidump
output is the same in each case. 

Thank you, 
Tomas Targownik

Re: Memory leak on failed connection attempt

[Tomas Targownik]

I have isolated the memory leak to the hci_conn struct not being freed
on a hci_conn_del() call if the remote bluetooth device is not present.
The patch below remedies this.

---
net/bluetooth/hci_conn.c |    5 +++++
1 file changed, 5 insertions(+)

diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 7a6f56b..62510f7 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -375,6 +375,11 @@ int hci_conn_del(struct hci_conn *conn)

hci_dev_put(hdev);

+   if (conn->handle == 0)
+   {
+       kfree(conn);
+   }
+
return 0;
}


Best regards, 
Tomas Targownik

Re: Memory leak on failed connection attempt

[Gustavo F. Padovan]

Hi Tomas,

* Tomas Targownik <ttargownik@geicp.com> [2011-06-24 08:34:41 +1000]:

> I have isolated the memory leak to the hci_conn struct not being freed
> on a hci_conn_del() call if the remote bluetooth device is not present.
> The patch below remedies this.
> 
> ---
> net/bluetooth/hci_conn.c |    5 +++++
> 1 file changed, 5 insertions(+)
> 
> diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
> index 7a6f56b..62510f7 100644
> --- a/net/bluetooth/hci_conn.c
> +++ b/net/bluetooth/hci_conn.c
> @@ -375,6 +375,11 @@ int hci_conn_del(struct hci_conn *conn)
> 
> hci_dev_put(hdev);
> 
> +   if (conn->handle == 0)
> +   {
> +       kfree(conn);
> +   }
> +
> return 0;

I agree with this patch, but just send me a git formatted patch with proper
coding style.

	Gustavo

Re: Memory leak on failed connection attempt

[Tomas Targownik]

Hi Gustavo,

On Thu, 2011-06-30 at 02:22 -0300, Gustavo F. Padovan wrote:
> I agree with this patch, but just send me a git formatted patch with proper
> coding style.

I noticed that the patch has already been committed to the git tree,
thanks for that. I'll adhere to your advice for any future patches I may
submit.

Best regards, 
Tomas