On some platforms, we can end up freeing td->mutex while the wakee
is still inside fio_mutex_up(). This introduces a use-after-free
condition, and we crash.
Free the main thread_data mutex from the main thread instead,
when we know the process/thread is long dead and gone.
Signed-off-by: Jens Axboe <axboe@fb.com>
if (o->write_iolog_file)
write_iolog_close(td);
if (o->write_iolog_file)
write_iolog_close(td);
- fio_mutex_remove(td->mutex);
- td->mutex = NULL;
-
td_set_runstate(td, TD_EXITED);
/*
td_set_runstate(td, TD_EXITED);
/*
fio_mutex_remove(td->rusage_sem);
td->rusage_sem = NULL;
}
fio_mutex_remove(td->rusage_sem);
td->rusage_sem = NULL;
}
+ fio_mutex_remove(td->mutex);
+ td->mutex = NULL;