From 9dfe5c17646bf7d505864419e48b9499e2d36e01 Mon Sep 17 00:00:00 2001 From: Bill Scales Date: Thu, 20 Mar 2025 11:45:46 +0000 Subject: [PATCH] test: test_bluefs_ex.cc - use after free bug This test case calls exit() to terminiate a test mid flight to test recovery from crashes at different points in the code. However it does not stop threads before calling exit and consequently these threads can continue to access mempool structures that have gone out of scope and are freed by the exiting thread. The introduction of a unique_ptr into mempool causes these threads to assert when they access the freed memory. The simple fix is to call _exit instead of exit in the test case so that global destructors are not run. Signed-off-by: Bill Scales --- src/test/objectstore/test_bluefs_ex.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/objectstore/test_bluefs_ex.cc b/src/test/objectstore/test_bluefs_ex.cc index 1b65f0abea9ff..c8878eaf13686 100644 --- a/src/test/objectstore/test_bluefs_ex.cc +++ b/src/test/objectstore/test_bluefs_ex.cc @@ -133,7 +133,7 @@ public: conf.ApplyChanges(); auto stop_at_fixed_point = [&](uint32_t i) -> void { - if (i == stop_point) exit(107); + if (i == stop_point) _exit(107); }; BlueFS fs(g_ceph_context); fs.tracepoint_async_compact = stop_at_fixed_point; -- 2.39.5