From c0f5359b7b47bb424d700f69a2af43ab81fa87c2 Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Tue, 18 Feb 2025 17:51:47 +0100
Subject: [PATCH] test/rbd_mirror: clear Namespace::s_instance at the end of a
 test

TestMockPoolReplayer.Namespaces and NamespacesError tests leave behind
a dangling pointer to a stack-allocated MockNamespace which leads to an
easily reproducible use-after-free and segfault when tests are shuffled.

Fixes: https://tracker.ceph.com/issues/70041
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 src/test/rbd_mirror/test_mock_PoolReplayer.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/test/rbd_mirror/test_mock_PoolReplayer.cc b/src/test/rbd_mirror/test_mock_PoolReplayer.cc
index ec5d40f8705d3..31540021eb5a4 100644
--- a/src/test/rbd_mirror/test_mock_PoolReplayer.cc
+++ b/src/test/rbd_mirror/test_mock_PoolReplayer.cc
@@ -56,9 +56,15 @@ public:
   }
 
   Namespace() {
+    ceph_assert(s_instance == nullptr);
     s_instance = this;
   }
 
+  ~Namespace() {
+    ceph_assert(s_instance == this);
+    s_instance = nullptr;
+  }
+
   void add(const std::string &name) {
     std::lock_guard locker{m_lock};
 
-- 
2.39.5