iolog: fix double free when verified I/O overlaps
When running
valgrind ./fio --randseed=1 --ioengine=libaio --thread --rw=randrw \
--random_distribution=zipf:1.4 --filename=/tmp/fiofile --io_limit=50M \
--verify=crc32c --name=verifyfree --iodepth=32 --bsrange=512-1M --size=100M
valgrind reports:
==29301== Invalid read of size 4
==29301== at 0x44ADFC: io_completed (io_u.c:1835)
==29301== by 0x44B215: ios_completed (io_u.c:1924)
==29301== by 0x44B683: io_u_queued_complete (io_u.c:1983)
==29301== by 0x46FA6F: wait_for_completions (backend.c:455)
==29301== by 0x471568: do_io (backend.c:1046)
==29301== by 0x474405: thread_main (backend.c:1746)
==29301== by 0x576E6B9: start_thread (pthread_create.c:333)
==29301== by 0x5C8E82C: clone (clone.S:109)
==29301== Address 0x62cf988 is 72 bytes inside a block of size 88 free'd
==29301== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
When the __ipo is still in-flight we shouldn't free it when it overlaps
because it will be used at I/O completion time. Fixes
https://github.com/axboe/fio/issues/336 .
Tested-by: Jeff Furlong <jeff.furlong@wdc.com>
Signed-off-by: Sitsofe Wheeler <sitsofe@yahoo.com>
projects / fio.git / commit