From: Jens Axboe Date: Thu, 26 Feb 2015 22:38:42 +0000 (-0700) Subject: Fix segfault due to bad munmap() X-Git-Tag: fio-2.2.6~3 X-Git-Url: https://git.kernel.dk/?p=fio.git;a=commitdiff_plain;h=3d0e3417997d9caa27cf97462e15ba437d285d29 Fix segfault due to bad munmap() Bruce reports: The latest code from git (built using clang) causes a segfault after printing the usage text when "./fio" is run: [New LWP 100111] No jobs(s) defined fio-2.2.5-28-g93eeb [usage text] [New Thread 801c06400 (LWP 100111/fio)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 801c06400 (LWP 100111/fio)] flist_empty (head=0x802000040) at flist.h:119 119 return head->next == head; Current language: auto; currently minimal (gdb) p head $1 = (const struct flist_head *) 0x802000040 which is due to a bug in the filelock code, that uses fio_mutex_remove() to remove the mutex. But that mutex is embedded inside another mmap'ed region, hence we then segfault on later deferencing pointers. Signed-off-by: Jens Axboe --- diff --git a/filelock.c b/filelock.c index 17b5a85a..b1130071 100644 --- a/filelock.c +++ b/filelock.c @@ -101,7 +101,7 @@ void fio_filelock_exit(void) return; assert(flist_empty(&fld->list)); - fio_mutex_remove(&fld->lock); + __fio_mutex_remove(&fld->lock); while (!flist_empty(&fld->free_list)) { struct fio_filelock *ff; @@ -109,7 +109,7 @@ void fio_filelock_exit(void) ff = flist_first_entry(&fld->free_list, struct fio_filelock, list); flist_del_init(&ff->list); - fio_mutex_remove(&ff->lock); + __fio_mutex_remove(&ff->lock); } sfree(fld);