From: Bill Scales <bill_scales@uk.ibm.com>
Date: Thu, 20 Mar 2025 11:45:46 +0000 (+0000)
Subject: test: test_bluefs_ex.cc - use after free bug
X-Git-Tag: testing/wip-vshankar-testing-20250407.173548-debug~36^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9dfe5c17646bf7d505864419e48b9499e2d36e01;p=ceph-ci.git

test: test_bluefs_ex.cc - use after free bug

This test case calls exit() to terminiate a test mid flight to test
recovery from crashes at different points in the code. However it
does not stop threads before calling exit and consequently these
threads can continue to access mempool structures that have gone
out of scope and are freed by the exiting thread.

The introduction of a unique_ptr into mempool causes these threads
to assert when they access the freed memory.

The simple fix is to call _exit instead of exit in the test case
so that global destructors are not run.

Signed-off-by: Bill Scales <bill_scales@uk.ibm.com>
---

diff --git a/src/test/objectstore/test_bluefs_ex.cc b/src/test/objectstore/test_bluefs_ex.cc
index 1b65f0abea9..c8878eaf136 100644
--- a/src/test/objectstore/test_bluefs_ex.cc
+++ b/src/test/objectstore/test_bluefs_ex.cc
@@ -133,7 +133,7 @@ public:
     conf.ApplyChanges();
 
     auto stop_at_fixed_point = [&](uint32_t i) -> void {
-      if (i == stop_point) exit(107);
+      if (i == stop_point) _exit(107);
     };
     BlueFS fs(g_ceph_context);
     fs.tracepoint_async_compact = stop_at_fixed_point;