test: test_bluefs_ex.cc - use after free bug

This test case calls exit() to terminiate a test mid flight to test
recovery from crashes at different points in the code. However it
does not stop threads before calling exit and consequently these
threads can continue to access mempool structures that have gone
out of scope and are freed by the exiting thread.

The introduction of a unique_ptr into mempool causes these threads
to assert when they access the freed memory.

The simple fix is to call _exit instead of exit in the test case
so that global destructors are not run.

Signed-off-by: Bill Scales <bill_scales@uk.ibm.com>

diff --git a/src/test/objectstore/test_bluefs_ex.cc b/src/test/objectstore/test_bluefs_ex.cc
index 1b65f0abea9ffc4a8fe958020cd2efe108f07906..c8878eaf13686c193496409bb0b785d538081753 100644 (file)
--- a/src/test/objectstore/test_bluefs_ex.cc
+++ b/src/test/objectstore/test_bluefs_ex.cc
@@ -133,7 +133,7 @@ public:
     conf.ApplyChanges();
 
     auto stop_at_fixed_point = [&](uint32_t i) -> void {
-      if (i == stop_point) exit(107);
+      if (i == stop_point) _exit(107);
     };
     BlueFS fs(g_ceph_context);
     fs.tracepoint_async_compact = stop_at_fixed_point;