What does [anon] means in pmap linux cmd

Question

I'am working on an internet home gateway (openwrt, 64 bit). When I execute top, I find that UPNPD process is allocating a huge amount of virtual memory:

Mem: 239096K used, 215584K free, 0K shrd, 9652K buff, 39256K cached
CPU:   0% usr   0% sys   0% nic 100% idle   0% io   0% irq   0% sirq
Load average: 0.36 0.41 0.39 1/93 10104
  PID  PPID USER     STAT   VSZ %VSZ %CPU COMMAND
 2196   930 root     S     394m  89%   0% upnpd -f -r 

--> About 394m --> It can reach 1 G!!!

When I execute pmap pidof upnpd I found that there are big blocs:

# pmap 2196
0000000000400000      88K r-xp  /usr/sbin/upnpd
0000000000426000       4K rw-p  /usr/sbin/upnpd
0000000000427000       4K rw-p    [ anon ]
0000000036d6e000     140K rw-p  [heap]
0000007f78000000     132K rw-p    [ anon ]
**0000007f78021000   65404K ---p    [ anon ]**
0000007f80000000    2596K rw-p    [ anon ]
0000007f80289000   62940K ---p    [ anon ]
0000007f84000000     132K rw-p    [ anon ]
0000007f84021000   65404K ---p    [ anon ]
0000007f88000000     132K rw-p    [ anon ]
0000007f88021000   65404K ---p    [ anon ]
0000007f8c000000     132K rw-p    [ anon ]
0000007f8c021000   65404K ---p    [ anon ]
0000007f90000000     132K rw-p    [ anon ]
0000007f90021000   65404K ---p    [ anon ]
0000007f95adb000       4K ---p    [ anon ]
0000007f95adc000     124K rw-p    [ anon ]
0000007f95afb000       4K ---p    [ anon ]
0000007f95afc000     124K rw-p  [stack:2249]
0000007f95b1b000       4K ---p    [ anon ]
0000007f95b1c000     124K rw-p  [stack:2248]
0000007f95b3b000       4K ---p    [ anon ]
0000007f95b3c000    1020K rw-p    [ anon ]
0000007f95c3b000       4K ---p    [ anon ]
0000007f95c3c000    1020K rw-p  [stack:2246]
0000007f95d3b000       4K ---p    [ anon ]
0000007f95d3c000    1020K rw-p  [stack:2245]
0000007f95e3b000       4K ---p    [ anon ]
0000007f95e3c000    1020K rw-p  [stack:2244]
0000007f95f3b000       4K ---p    [ anon ]
0000007f95f3c000    1020K rw-p  [stack:2243]
0000007f9603b000       4K ---p    [ anon ]
0000007f9603c000    1020K rw-p  [stack:2242]
0000007f9613b000       4K ---p    [ anon ]
0000007f9613c000    1020K rw-p    [ anon ]
0000007f9623b000       4K ---p    [ anon ]
0000007f9623c000    1020K rw-p  [stack:2240]
0000007f9633b000    1220K r-xp  /lib/libc-2.22.so
0000007f9646c000      60K ---p  /lib/libc-2.22.so
0000007f9647b000      16K r--p  /lib/libc-2.22.so
0000007f9647f000       8K rw-p  /lib/libc-2.22.so
0000007f96481000      16K rw-p    [ anon ]
0000007f96485000      84K r-xp  /usr/lib/libgsdf.so.1.0.0
0000007f9649a000      60K ---p  /usr/lib/libgsdf.so.1.0.0
0000007f964a9000       4K rw-p  /usr/lib/libgsdf.so.1.0.0
0000007f964aa000      16K rw-p    [ anon ]
0000007f964ae000      16K r-xp  /usr/lib/libthreadutil.so.6.0.3
0000007f964b2000      64K ---p  /usr/lib/libthreadutil.so.6.0.3
0000007f964c2000       4K rw-p  /usr/lib/libthreadutil.so.6.0.3
0000007f964c3000      32K r-xp  /usr/lib/libixml.so.2.0.8
0000007f964cb000      64K ---p  /usr/lib/libixml.so.2.0.8
0000007f964db000       4K rw-p  /usr/lib/libixml.so.2.0.8
0000007f964dc000     120K r-xp  /usr/lib/libupnp.so.6.3.2
0000007f964fa000      64K ---p  /usr/lib/libupnp.so.6.3.2
0000007f9650a000       4K rw-p  /usr/lib/libupnp.so.6.3.2
0000007f9650b000       8K rw-p    [ anon ]
0000007f9650d000      92K r-xp  /lib/libpthread-2.22.so
0000007f96524000      60K ---p  /lib/libpthread-2.22.so
0000007f96533000       4K r--p  /lib/libpthread-2.22.so
0000007f96534000       4K rw-p  /lib/libpthread-2.22.so
0000007f96535000      16K rw-p    [ anon ]
0000007f96539000     112K r-xp  /lib/ld-2.22.so
0000007f9655f000      16K rw-p    [ anon ]
0000007f96563000       4K r--p  [vvar]
0000007f96564000       4K r-xp  [vdso]
0000007f96565000       4K r--p  /lib/ld-2.22.so
0000007f96566000       8K rw-p  /lib/ld-2.22.so
0000007fd72dd000     132K rw-p  [stack]

For your information, Upnpd process creates threads depending on clients connected. I noticed that for each thread created, a bloc of 65404K is mapped, for example: 0000007f90021000 65404K ---p [ anon ]

Questions: 1- What are the meaning of these blocs? 2- Why we map these blocs for each thread ? 3- Why when killing a thread, these blocs remains mapped?

Answer 1

pmap uses the proc filesystem to get information. And below is from man proc about a /proc/[pid]/maps file:

What are the meaning of these blocs?

If the pathname field is blank, this is an anonymous mapping as obtained via the mmap(2) function. There is no easy way to coordinate this back to a process's source, short of running it through gdb(1), strace(1), or similar.

The address field is the address space in the process that the mapping occupies. The perms field is a set of permissions:

               r = read
               w = write
               x = execute
               s = shared
               p = private (copy on write)

So it seems that the program allocates memory from heap in each of its thread.

Answer 2

It's just a reserved private memory.

---p permissions mean that this private memory was allocated with PROT_NONE

Reserved memory it's just allocated process virtual address space, not memory.