I added recently debugobject support for kref and testing how well it works. That means code like this: | p = kmalloc(); | kref_init(&p->kref); | kfree(p); is considered as invalid because |kref_put(&p->kref, cleanup) was expected. With this change I created ramdisk+loopback target. Then I started removing it and run into |/sys/kernel/config/target/loopback/naa.6001405c3214b06a# rmdir tpgt_1 | ------------[ cut here ]------------ | WARNING: CPU: 0 PID: 2038 at lib/debugobjects.c:260 debug_print_object+0x94/0xc4() | ODEBUG: free active (active state 0) object type: kref hint: core_tpg_check_initiator_node_acl+0x5c/0x220 [target_core_mod] | CPU: 0 PID: 2038 Comm: rmdir Not tainted 3.12.0+ #452 | [<c0014d38>] (unwind_backtrace+0x0/0xf4) from [<c001249c>] (show_stack+0x14/0x1c) | [<c001249c>] (show_stack+0x14/0x1c) from [<c0037474>] (warn_slowpath_common+0x64/0x84) | [<c0037474>] (warn_slowpath_common+0x64/0x84) from [<c0037528>] (warn_slowpath_fmt+0x30/0x40) | [<c0037528>] (warn_slowpath_fmt+0x30/0x40) from [<c022ea9c>] (debug_print_object+0x94/0xc4) | [<c022ea9c>] (debug_print_object+0x94/0xc4) from [<c022f3fc>] (__debug_check_no_obj_freed+0x1bc/0x228) | [<c022f3fc>] (__debug_check_no_obj_freed+0x1bc/0x228) from [<c00f25b8>] (kfree+0xf8/0x228) | [<c00f25b8>] (kfree+0xf8/0x228) from [<bf172634>] (transport_deregister_session+0xfc/0x13c [target_core_mod]) | [<bf172634>] (transport_deregister_session+0xfc/0x13c [target_core_mod]) from [<bf1bf7f0>] (tcm_loop_drop_nexus+0x3c/0x6c [tcm | [<bf1bf7f0>] (tcm_loop_drop_nexus+0x3c/0x6c [tcm_loop]) from [<bf1c002c>] (tcm_loop_drop_naa_tpg+0x18/0x34 [tcm_loop]) | [<bf1c002c>] (tcm_loop_drop_naa_tpg+0x18/0x34 [tcm_loop]) from [<bf163a70>] (target_fabric_tpg_release+0x24/0x30 [target_core_ | [<bf163a70>] (target_fabric_tpg_release+0x24/0x30 [target_core_mod]) from [<c015c93c>] (config_item_release+0x5c/0x80) | [<c015c93c>] (config_item_release+0x5c/0x80) from [<c015b13c>] (configfs_rmdir+0x254/0x2e4) | [<c015b13c>] (configfs_rmdir+0x254/0x2e4) from [<c0105b48>] (vfs_rmdir+0x9c/0x10c) | [<c0105b48>] (vfs_rmdir+0x9c/0x10c) from [<c0107ce0>] (do_rmdir+0x14c/0x174) | [<c0107ce0>] (do_rmdir+0x14c/0x174) from [<c000e680>] (ret_fast_syscall+0x0/0x48) | ---[ end trace 8cbc7c644521ad81 ]--- kref_init() is from core_tpg_check_initiator_node_acl() |kref_init(&acl->acl_kref) I see in __transport_register_session() a get and in target_put_nacl() a put. As it can be seen in transport_deregister_session() the memory behind that kref is removed before the release function has been called. Can somebody say if this is a bug or a false positive? I've hit the second one at transport_init_session() / ->sess_kref and asking basically the same question :) Sebastian -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
