Re: [syzbot] [trace?] WARNING in tracing_buffers_mmap_close (3)

Next message: Swarna Prabhu: "Re: [PATCH v4 0/2] enable sector size &gt; PAGE_SIZE for scsi"
Previous message: kernel test robot: "[tip:tip/urgent] BUILD SUCCESS adb7b8318d487b8a0b43fd4133ad31be2bb4b4bb"
In reply to: Steven Rostedt: "Re: [syzbot] [trace?] WARNING in tracing_buffers_mmap_close (3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Qing Wang

Date: Thu Feb 26 2026 - 22:07:57 EST

On Fri, 27 Feb 2026 at 00:52, Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> OK, so the issue is that the ring buffer was mapped, then the process that
> mapped it forked duplicating the mappings. And then on exit (or unmap),
> the first one to unmap the buffer will cause the ring buffer to think it
> was fully unmapped causing the next one to unmap to trigger the error.
>
>
> > + */
> > +void ring_buffer_map_user_mapped_inc(struct trace_buffer *buffer, int cpu)
>
> Let's call this ring_buffer_map_dup() to be consistent with ring_buffer_map().
>
> inc would expect a dec, but dup() is more of what it is doing.
>
> > +{
> > + struct ring_buffer_per_cpu *cpu_buffer;
> > +
> > + if (!cpumask_test_cpu(cpu, buffer->cpumask))
> > + return;
>
> I wonder if this fails we should warn. As it should never be called unless
> it was successfully mapped.
>
> > +
> > + cpu_buffer = buffer->buffers[cpu];
> > +
> > + guard(mutex)(&cpu_buffer->mapping_lock);
> > +
> > + if (cpu_buffer->user_mapped)
> > + __rb_inc_dec_mapped(cpu_buffer, true);
>
> Probably should also warn if user_mapped is not set. Again, this should not
> ever not be mapped if we get here.
>
> -- Steve

Thanks for your suggestion. I sent a patch [0] and looking forward to your review.
[0] https://lore.kernel.org/all/20260227025842.1085206-1-wangqing7171@xxxxxxxxx/

--
Best regards,
Qing