common/mutex_debug: fix arm64 SIGBUS/segfault due to data race

[tchaikov]

The mutex_debugging_base::is_locked_by_me() member function was experiencing random SIGBUS and segfault on ARM64 due to a data race on the non-atomic locked_by member.

The racing occurs when:

• Thread A writes to locked_by during lock acquisition
• Thread B reads from locked_by in is_locked_by_me()
• These accesses happen concurrently without synchronization

On ARM64, std::thread::id (8 bytes when using libstdc++) writes/reads are not atomic, causing the reader to potentially see partially written or corrupted thread ID values, leading to undefined behavior in the comparison operator.

Fix by making locked_by atomic and using proper memory ordering in is_locked_by_me() to ensure synchronized access.

Fixes: https://tracker.ceph.com/issues/71547

Contribution Guidelines

• To sign and title your commits, please refer to Submitting Patches to Ceph.

• If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.

• When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an x between the brackets: [x]. Spaces and capitalization matter when checking off items this way.

Checklist

• Tracker (select at least one)
  • References tracker ticket
  • Very recent bug; references commit where it was introduced
  • New feature (ticket optional)
  • Doc update (no ticket needed)
  • Code cleanup (no ticket needed)
• Component impact
  • Affects Dashboard, opened tracker ticket
  • Affects Orchestrator, opened tracker ticket
  • No impact that needs to be tracked
• Documentation (select at least one)
  • Updates relevant documentation
  • No doc update is appropriate
• Tests (select at least one)
  • Includes unit test(s)
  • Includes integration test(s)
  • Includes bug reproducer
  • No tests

Show available Jenkins commands

• jenkins test classic perf Jenkins Job | Jenkins Job Definition
• jenkins test crimson perf Jenkins Job | Jenkins Job Definition
• jenkins test signed Jenkins Job | Jenkins Job Definition
• jenkins test make check Jenkins Job | Jenkins Job Definition
• jenkins test make check arm64 Jenkins Job | Jenkins Job Definition
• jenkins test submodules Jenkins Job | Jenkins Job Definition
• jenkins test dashboard Jenkins Job | Jenkins Job Definition
• jenkins test dashboard cephadm Jenkins Job | Jenkins Job Definition
• jenkins test api Jenkins Job | Jenkins Job Definition
• jenkins test docs ReadTheDocs | Github Workflow Definition
• jenkins test ceph-volume all Jenkins Jobs | Jenkins Jobs Definition
• jenkins test windows Jenkins Job | Jenkins Job Definition
• jenkins test rook e2e Jenkins Job | Jenkins Job Definition

[tchaikov]

@Svelar and @rosinL hi Rongqi and Rixin, since this issue only manifests on the ARM64 platforms, could you help review this change?

[tchaikov]

i just spotted this issue when testing one of my pull requests at https://jenkins.ceph.com/job/ceph-pull-requests-arm64/76662/, hence created this fix.

[rosinL]

lgtm

[tchaikov]

jenkins test make check

[phlogistonjohn]

Small typo in the commit message subject: 'mute_debug' should be 'mutex_debug'.
'mute_debug' sounds like you are trying to silence debug messages ;-)

[tchaikov]

indeed. fixed.

changelog

• s/mute_debug/mutex_debug/

[tchaikov]

jenkins test api

[tchaikov]

@yuriw hi Yuri, could you please include this change in your next batch?

[tchaikov]

@ljflores hi Laura, could you please help test this change?

[bill-scales]

I agree that there is technically a race hazard with the update to locked_by on arm64, I don't think that this explains the segmentation faults/bus errors that are being seen on the make checks (arm64) - especially as they have been seen on both arm and x86_64.

On x86_64 the update to locked_by will be atomic unless the 8 bytes of memory used to store the value crosses a L1 cache line (64 bytes) boundary. x86_64 compilers will typically align 8 byte values on an 8 byte boundary for performance reasons so the code would have to try quite hard to misalign a mutex and make this a non-atomic update.

A further issue is that I think that the code only uses is_locked_by_me in asserts to check that the current thread acquired the lock earlier. This type of defensive assert is not going to suffer from the race hazard unless the code has another bug in which case the assert may occasionally fail to fire. The absence of lots of failures where we do hit the assert suggest this isn't the case.

[ljflores]

@ljflores hi Laura, could you please help test this change?

@tchaikov sorry for the delay in testing- it's been batched up now. If something needs to go through the rados suite, you can ensure it does by adding the "core" label as Casey did so it gets picked up in the query that Yuri uses.

[amathuria]

Rados approved - https://tracker.ceph.com/projects/rados/wiki/MAIN#httpstrackercephcomissues72637

[github-actions]

This is an automated message by src/script/redmine-upkeep.py.

I have resolved the following tracker ticket due to the merge of this PR:

• https://tracker.ceph.com/issues/71547

No backports are pending for the ticket. If this is incorrect, please update the tracker
ticket and reset to Pending Backport state.

Update Log: https://github.com/ceph/ceph/actions/runs/17389214803

[batrick]

@SrinivasaBharath adding reviewed-by is required for merges. Please use src/script/ptl-tool.py or another mechanism to add these.