From nobody Fri Dec 19 15:00:20 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2477B3451DF for ; Thu, 18 Dec 2025 13:53:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766066019; cv=none; b=F2sJPVPsZkdUw090Tjg/gSK6nlPAiV1Ur2cuSQrGz8eOSnVfY+dpU/uhWOxm07WwoU2oAZDaQlYOQRg3RP1W1WykC7CYQvHp7hxiDWYMw4PqpASCnwQZ0+utgbEI8ByiE421TU4MqU/RHWWJFe+7isC1v2EMDfY2Cj/+BX3TeL8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766066019; c=relaxed/simple; bh=2XwPXkjPp5itaGHFJrhw5rUJ97gaqRAYu3kx2ZDaiWI=; h=Message-ID:Date:From:To:Cc:Subject:References:MIME-Version: Content-Type; b=ogyqQpkf+45qv7P5zskrjU6k6oKgug7UdYXOWgfkueAQ+0SjW/7flPGyCZXzyCu7PbwvHVvCQllqYe8BHkzsuVB1YtHGi/r21cSXIiGKHBWvIlGOUoRVdL1rrPoD4qTM8YuVL3tJU3gXX/wtqgEVWm/337PBhge12hSAapN2WvQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RAwnINF2; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RAwnINF2" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 02575C116C6; Thu, 18 Dec 2025 13:53:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1766066019; bh=2XwPXkjPp5itaGHFJrhw5rUJ97gaqRAYu3kx2ZDaiWI=; h=Date:From:To:Cc:Subject:References:From; b=RAwnINF24Ph4wVCyGvV2z9bCgqVOwqtObgYJCGYdOQ+cH77xdYvKeDtt2E+36mKMm CoorcyW7ZUYkfV2O+lS3OLnYe9HsmKJ387mtPxRfy3JNCj0Y4EroP5aNPo//eH2Trw PUKSq5+YmauL+srUfOzKmmwI5BNyEsKmt6HOB21EoLsZUqO6TMi5LF2+1YHl6qTYWk js1YhDfdrY9Y+m2hmNH+Ijo1bp8cZfoYBvIQQSi2t/JQ6uuFJIMBejboB81ZHzjH/q 5xoaB7eI22zBgXZveKsjQ9uFCKcocXPoBvQWvEkhICev9IE/wC6eGg0CEsPrq+FuNl SzNw/HBv0bLPw== Received: from rostedt by gandalf with local (Exim 4.98.2) (envelope-from ) id 1vWETN-0000000Auy8-24kk; Thu, 18 Dec 2025 08:55:17 -0500 Message-ID: <20251218135517.348757919@kernel.org> User-Agent: quilt/0.68 Date: Thu, 18 Dec 2025 08:55:07 -0500 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Mathieu Desnoyers , Andrew Morton , "Darrick J. Wong" Subject: [for-linus][PATCH 3/4] tracing: Fix UBSAN warning in __remove_instance() References: <20251218135504.301981830@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Darrick J. Wong" xfs/558 triggers the following UBSAN warning: ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in kernel/trace/trace.c:10510:10 shift exponent 32 is too large for 32-bit type 'int' CPU: 1 UID: 0 PID: 888674 Comm: rmdir Not tainted 6.19.0-rc1-xfsx #rc1 PRE= EMPT(lazy) dbf607ef4c142c563f76d706e71af9731d7b9c90 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-4.modul= e+el8.8.0+21164+ed375313 04/01/2014 Call Trace: dump_stack_lvl+0x4a/0x70 ubsan_epilogue+0x5/0x2b __ubsan_handle_shift_out_of_bounds.cold+0x5e/0x113 __remove_instance.part.0.constprop.0.cold+0x18/0x26f instance_rmdir+0xf3/0x110 tracefs_syscall_rmdir+0x4d/0x90 vfs_rmdir+0x139/0x230 do_rmdir+0x143/0x230 __x64_sys_rmdir+0x1d/0x20 do_syscall_64+0x44/0x230 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f7ae8e51f17 Code: f0 ff ff 73 01 c3 48 8b 0d de 2e 0e 00 f7 d8 64 89 01 48 83 c8 ff c3= 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 54 00 00 00 0f 05 <48> 3d 00 f0 ff = ff 77 01 c3 48 8b 15 b1 2e 0e 00 f7 d8 64 89 02 b8 RSP: 002b:00007ffd90743f08 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 RAX: ffffffffffffffda RBX: 00007ffd907440f8 RCX: 00007f7ae8e51f17 RDX: 00007f7ae8f3c5c0 RSI: 00007ffd90744a21 RDI: 00007ffd90744a21 RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 R10: 00007f7ae8f35ac0 R11: 0000000000000246 R12: 00007ffd90744a21 R13: 0000000000000001 R14: 00007f7ae8f8b000 R15: 000055e5283e6a98 ---[ end trace ]--- whilst tearing down an ftrace instance. TRACE_FLAGS_MAX_SIZE is now 64bit, so the mask comparison expression must be typecast to a u64 value to avoid an overflow. AFAICT, ZEROED_TRACE_FLAGS is already cast to ULL so this is ok. Link: https://patch.msgid.link/20251216174950.GA7705@frogsfrogsfrogs Fixes: bbec8e28cac592 ("tracing: Allow tracer to add more than 32 options") Signed-off-by: "Darrick J. Wong" Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index e575956ef9b5..6f2148df14d9 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -10507,7 +10507,7 @@ static int __remove_instance(struct trace_array *tr) =20 /* Disable all the flags that were enabled coming in */ for (i =3D 0; i < TRACE_FLAGS_MAX_SIZE; i++) { - if ((1 << i) & ZEROED_TRACE_FLAGS) + if ((1ULL << i) & ZEROED_TRACE_FLAGS) set_tracer_flag(tr, 1ULL << i, 0); } =20 --=20 2.51.0