UBSAN: invalid-load in mm/vmscan.c:4286:37: load of value 88 is not a valid value for type 'bool' (aka '_Bool')

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Paul Menzel <pmenzel@molgen.mpg.de>
To: Andrew Morton <akpm@linux-foundation.org>,
	Axel Rasmussen <axelrasmussen@google.com>,
	Yuanchu Xie <yuanchu@google.com>, Wei Xu <weixugc@google.com>,
	Johannes Weiner <hannes@cmpxchg.org>,
	David Hildenbrand <david@kernel.org>,
	Michal Hocko <mhocko@kernel.org>,
	Qi Zheng <zhengqi.arch@bytedance.com>,
	Shakeel Butt <shakeel.butt@linux.dev>,
	Lorenzo Stoakes <ljs@kernel.org>
Cc: linux-mm@kvack.org, LKML <linux-kernel@vger.kernel.org>
Subject: UBSAN: invalid-load in mm/vmscan.c:4286:37: load of value 88 is not a valid value for type 'bool' (aka '_Bool')
Date: Mon, 13 Apr 2026 16:27:28 +0200	[thread overview]
Message-ID: <6548ed30-531b-4121-a4a4-f9cd724ba52b@molgen.mpg.de> (raw)

Dear Linux folks,


Linux 7.0 built with Debian’s *clang-23* 
1:23~++20260204101751+dd02b404b020-1~exp1 (and *libstdc++-16-dev* 
installed) logs an UBSAN finding on a Dell XPS 13 9360:

```
[    0.000000] Linux version 7.0.0 
(build@bohemianrhapsody.molgen.mpg.de) (Debian clang version 23.0.0 
(++20260204101751+dd02b404b020-1~exp1), GNU ld (GNU Binutils for Debian) 
2.46) #234 SMP PREEMPT_DYNAMIC Mon Apr 13 11:04:59 CEST 2026
[…]
[  149.874833] ------------[ cut here ]------------
[  149.874840] UBSAN: invalid-load in mm/vmscan.c:4286:37
[  149.874848] load of value 88 is not a valid value for type 'bool' 
(aka '_Bool')
[  149.874855] CPU: 2 UID: 0 PID: 69 Comm: kswapd0 Not tainted 7.0.0 
#234 PREEMPT(lazy)
[  149.874858] Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0 
06/02/2022
[  149.874860] Call Trace:
[  149.874864]  <TASK>
[  149.874868]  dump_stack_lvl+0x5e/0x80
[  149.874875]  ubsan_epilogue+0x5/0x30
[  149.874878]  __ubsan_handle_load_invalid_value+0x9c/0xa0
[  149.874886]  ? pfn_valid+0x106/0x130
[  149.874895]  lru_gen_look_around+0x2a6/0x570
[  149.874912]  folio_referenced_one+0x1d2/0x4c0
[  149.874919]  ? __rmap_walk_file+0x40/0x190
[  149.874933]  __rmap_walk_file+0x12b/0x190
[  149.874941]  folio_referenced+0x144/0x210
[  149.874945]  ? __pfx_folio_referenced_one+0x10/0x10
[  149.874949]  ? __pfx_folio_lock_anon_vma_read+0x10/0x10
[  149.874952]  ? __pfx_invalid_folio_referenced_vma+0x10/0x10
[  149.874959]  shrink_folio_list+0x58b/0x1220
[  149.874991]  ? mod_memcg_lruvec_state+0x15f/0x270
[  149.874999]  ? lock_release+0xfc/0x340
[  149.875005]  ? evict_folios+0x16f3/0x1c90
[  149.875013]  evict_folios+0x177d/0x1c90
[  149.875037]  ? lock_acquire+0xa8/0x1d0
[  149.875041]  ? lock_release+0xfc/0x340
[  149.875049]  ? lru_gen_rotate_memcg+0x37/0x2f0
[  149.875056]  try_to_shrink_lruvec+0x2be/0x370
[  149.875068]  shrink_one+0xa6/0x180
[  149.875073]  ? shrink_node+0x96f/0xd60
[  149.875077]  shrink_node+0xb04/0xd60
[  149.875094]  kswapd+0xa45/0x1210
[  149.875106]  ? kswapd+0x544/0x1210
[  149.875120]  ? lock_acquire+0xa8/0x1d0
[  149.875124]  ? lock_release+0xfc/0x340
[  149.875129]  ? __kthread_parkme+0x45/0xb0
[  149.875137]  ? _raw_spin_unlock_irqrestore+0x28/0x50
[  149.875144]  ? __pfx_kswapd+0x10/0x10
[  149.875150]  kthread+0xfe/0x130
[  149.875156]  ? __pfx_kthread+0x10/0x10
[  149.875160]  ret_from_fork+0x12a/0x2f0
[  149.875164]  ? __pfx_kthread+0x10/0x10
[  149.875169]  ret_from_fork_asm+0x1a/0x30
[  149.875185]  </TASK>
[  149.875186] ---[ end trace ]---
[  149.875214] ------------[ cut here ]------------
[  149.875216] UBSAN: invalid-load in mm/vmscan.c:4274:39
[  149.875222] load of value 112 is not a valid value for type 'bool' 
(aka '_Bool')
[  149.875226] CPU: 2 UID: 0 PID: 69 Comm: kswapd0 Not tainted 7.0.0 
#234 PREEMPT(lazy)
[  149.875230] Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0 
06/02/2022
[  149.875231] Call Trace:
[  149.875232]  <TASK>
[  149.875234]  dump_stack_lvl+0x5e/0x80
[  149.875238]  ubsan_epilogue+0x5/0x30
[  149.875241]  __ubsan_handle_load_invalid_value+0x9c/0xa0
[  149.875249]  ? pfn_valid+0x106/0x130
[  149.875256]  lru_gen_look_around+0x42a/0x570
[  149.875272]  folio_referenced_one+0x1d2/0x4c0
[  149.875277]  ? __rmap_walk_file+0x40/0x190
[  149.875291]  __rmap_walk_file+0x12b/0x190
[  149.875299]  folio_referenced+0x144/0x210
[  149.875303]  ? __pfx_folio_referenced_one+0x10/0x10
[  149.875307]  ? __pfx_folio_lock_anon_vma_read+0x10/0x10
[  149.875310]  ? __pfx_invalid_folio_referenced_vma+0x10/0x10
[  149.875317]  shrink_folio_list+0x58b/0x1220
[  149.875349]  ? mod_memcg_lruvec_state+0x15f/0x270
[  149.875356]  ? lock_release+0xfc/0x340
[  149.875361]  ? evict_folios+0x16f3/0x1c90
[  149.875369]  evict_folios+0x177d/0x1c90
[  149.875393]  ? lock_acquire+0xa8/0x1d0
[  149.875397]  ? lock_release+0xfc/0x340
[  149.875404]  ? lru_gen_rotate_memcg+0x37/0x2f0
[  149.875412]  try_to_shrink_lruvec+0x2be/0x370
[  149.875423]  shrink_one+0xa6/0x180
[  149.875428]  ? shrink_node+0x96f/0xd60
[  149.875432]  shrink_node+0xb04/0xd60
[  149.875450]  kswapd+0xa45/0x1210
[  149.875461]  ? kswapd+0x544/0x1210
[  149.875476]  ? lock_acquire+0xa8/0x1d0
[  149.875480]  ? lock_release+0xfc/0x340
[  149.875485]  ? __kthread_parkme+0x45/0xb0
[  149.875492]  ? _raw_spin_unlock_irqrestore+0x28/0x50
[  149.875498]  ? __pfx_kswapd+0x10/0x10
[  149.875504]  kthread+0xfe/0x130
[  149.875509]  ? __pfx_kthread+0x10/0x10
[  149.875514]  ret_from_fork+0x12a/0x2f0
[  149.875517]  ? __pfx_kthread+0x10/0x10
[  149.875522]  ret_from_fork_asm+0x1a/0x30
[  149.875538]  </TASK>
[  149.875539] ---[ end trace ]---
```

mm/vmscan.c:4274:39 should refer to `w` in `walk_update_folio()`:

```
[…]
4273                 if (last != folio) { 

4274                         walk_update_folio(walk, last, gen, dirty);
4275
4276                         last = folio;
4277                         dirty = false;
4278                 }
4279
4280                 if (pte_dirty(ptent))
4281                         dirty = true;
4282
4283                 young++;
4284         }
4285
4286         walk_update_folio(walk, last, gen, dirty);
[…]
```


`mm/vmscan.c:4286:37` refers to `dirty` in:

     walk_update_folio(walk, last, gen, dirty);


Kind regards,

Paul

                 reply	other threads:[~2026-04-13 14:28 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6548ed30-531b-4121-a4a4-f9cd724ba52b@molgen.mpg.de \
    --to=pmenzel@molgen.mpg.de \
    --cc=akpm@linux-foundation.org \
    --cc=axelrasmussen@google.com \
    --cc=david@kernel.org \
    --cc=hannes@cmpxchg.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=ljs@kernel.org \
    --cc=mhocko@kernel.org \
    --cc=shakeel.butt@linux.dev \
    --cc=weixugc@google.com \
    --cc=yuanchu@google.com \
    --cc=zhengqi.arch@bytedance.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox