On Tue, Apr 28, 2026 at 10:25:11AM +0800, Yingchao Deng (Consultant) wrote:

[...]

...

tg->used_mask = bitmap_zalloc(nr_filter_sigs, GFP_KERNEL);

"nr_filter_sigs" is the count of entries in the DT property array, if the DT property is:     arm,trig-filters = <22 23>; Here nr_filter_sigs=2, so bitmap_zalloc(2) allocates only 1 unsigned long (64 bits). set_bit(22/23, used_mask) still fits, but it's logically an OOB, and any index >=64 would write past the end.

Thanks for explanation. It is correct for me.