The following test demonstrates the leak:

```
import subprocess

cwd = 'x' * 10**6
for __ in range(100):
    try:
        subprocess.call(['/xxx'], cwd=cwd, user=2**64)
    except OverflowError:
        pass

from resource import *
print(getrusage(RUSAGE_SELF).ru_maxrss)
```

The leak was introduced by bpo-36046. Previously, `cleanup:` label was not reachable after `cwd_obj2` was initialized at https://github.com/python/cpython/blob/492d513ccbebeec40a8ba85cbd894a027ca5b2b3/Modules/_posixsubprocess.c#L892

I'll submit a PR with a simple fix suitable for backporting to 3.9.

Also, I think it might make sense to unify the two almost-identical cleanup paths we have now. I'll follow up with another PR.

I've submitted both PRs.

Regarding PR 22970:

* I made it a draft since we'd probably want to fix the leak first, but then it will have to be rebased. 

* It fixes a bug with _enable_gc(): if it failed after fork(), we'd raise OSError instead. Additionally, if fork() succeeded(), the errno inside OSError would be zero, and we'd leak the child process.

New changeset c0590c0033e86f98cdf5f2ca6898656f98ab4053 by Alexey Izbyshev in branch 'master':
bpo-42146: Fix memory leak in subprocess.Popen() in case of uid/gid overflow (GH-22966)
https://github.com/python/cpython/commit/c0590c0033e86f98cdf5f2ca6898656f98ab4053

New changeset c12afa92b0db6f017e479b41f95d75bac7b59850 by Miss Skeleton (bot) in branch '3.9':
[3.9] bpo-42146: Fix memory leak in subprocess.Popen() in case of uid/gid overflow (GH-22966) (GH-22980)
https://github.com/python/cpython/commit/c12afa92b0db6f017e479b41f95d75bac7b59850

Thanks for merging! I've rebased PR 22970.

New changeset d3b4e068077dd26927ae7485bd0303e09d962c02 by Alexey Izbyshev in branch 'master':
bpo-42146: Unify cleanup in subprocess_fork_exec() (GH-22970)
https://github.com/python/cpython/commit/d3b4e068077dd26927ae7485bd0303e09d962c02