[Crash-utility] Re: [PATCH 2/4] add folio_order function

Monday, 23 February 2026

Hi Huang,

Some issues were found for this patch:

On Thu, Feb 12, 2026 at 1:39 AM Huang Shijie <huangsj(a)hygon.cn&gt; wrote:
...

 Add the folio_order() which keeps the same logic as kernel code,
 and it will be used in the later patches.

 Signed-off-by: Huang Shijie <huangsj(a)hygon.cn&gt;
 ---
  defs.h    |  4 ++++
  memory.c  | 22 ++++++++++++++++++++++
  symbols.c |  2 ++
  3 files changed, 28 insertions(+)

 diff --git a/defs.h b/defs.h
 index 60cf56a..fdea94f 100644
 --- a/defs.h
 +++ b/defs.h
 @@ -1425,6 +1425,7 @@ struct offset_table {                    /* stash of commonly-used
offsets */
         long page_buffers;
         long page_lru;
         long page_pte;
 +       long folio__flags_1; 
New members of offset_table and size_table should always be appended
to the end of the struct, not inserted in the middle. See
https://github.com/crash-utility/crash/wiki "If you add struct members
to tables" section.

...
         long swap_info_struct_swap_file;
         long swap_info_struct_swap_vfsmnt;
         long swap_info_struct_flags;
 @@ -2398,6 +2399,7 @@ struct size_table {         /* stash of commonly-used sizes */
         long probe;
         long kobj_map;
         long page_flags;
 +       long folio__flags_1;
         long module_sect_attr;
         long task_struct_utime;
         long task_struct_stime;
 @@ -6007,6 +6009,8 @@ ulong do_xarray(ulong, int, struct list_pair *, int);
  #define XARRAY_TAG_MASK      (3UL)
  #define XARRAY_TAG_INTERNAL  (2UL)

 +int folio_order(ulong folio);
 +
  int file_dump(ulong, ulong, ulong, int, int);
  #define DUMP_FULL_NAME      0x1
  #define DUMP_INODE_ONLY     0x2
 diff --git a/memory.c b/memory.c
 index cbc8d2f..9080332 100644
 --- a/memory.c
 +++ b/memory.c
 @@ -547,6 +547,9 @@ vm_init(void)
         MEMBER_OFFSET_INIT(page_freelist, "page", "freelist");
         MEMBER_OFFSET_INIT(page_page_type, "page", "page_type");

 +       MEMBER_OFFSET_INIT(folio__flags_1, "folio", "_flags_1");
 +       MEMBER_SIZE_INIT(folio__flags_1, "folio", "_flags_1");
 +
         MEMBER_OFFSET_INIT(mm_struct_pgd, "mm_struct", "pgd");

         MEMBER_OFFSET_INIT(swap_info_struct_swap_file,
 @@ -5690,6 +5693,7 @@ PG_slab_flag_init(void)

  #define v26_PG_private              12

 +#define PG_head                     6
  #define PGMM_CACHED (512)

  static void
 @@ -20423,6 +20427,24 @@ static unsigned int oo_objects(ulong oo)
          return (oo & ((1 << 16) - 1));
  }

 +int
 +folio_order(ulong folio)
 +{
 +       ulong v = 0;
 +
 +       /* 1.) Check PG_head bit in the first page's flags. */
 +       readmem(folio + OFFSET(page_flags), KVADDR, &v, sizeof(ulong),
 +                       "folio.page.flags", FAULT_ON_ERROR);
 +       if (!(v & (1 << PG_head)))
 +               return 0;
 +
 +       /* 2.) Get folio->_flags_1 in the second page */
 +       readmem(folio + OFFSET(folio__flags_1), KVADDR, &v, sizeof(ulong),
 +                       "folio->_flags_1", FAULT_ON_ERROR);
 +
 +       return v & 0xff;
 +} 
I encountered some regressions for this patch. See this backtrace logs:

1)
#0  folio_order (folio=18446617889843220480) at memory.c:20433
#1  0x0000000000a1243b in do_xarray_count (node=18446617889843768752,
slot=18446617889843220480, path=0x7fffffffbbd0 "root/0/0",
    index=1, private=0x7fffffffceb0) at filesys.c:4275
#2  0x00000000009be0fd in do_xarray_iter (node=18446617889843768752,
height=1, path=0x7fffffffbbd0 "root/0/0", index=0,
    ops=0x7fffffffce90) at tools.c:4767
#3  0x00000000009be19c in do_xarray_iter (node=18446617890154567376,
height=2, path=0x7fffffffc220 "root/0", index=0,
    ops=0x7fffffffce90) at tools.c:4774
#4  0x00000000009be19c in do_xarray_iter (node=18446617886337392040,
height=3, path=0x7fffffffc860 "root", index=0,
    ops=0x7fffffffce90) at tools.c:4774
#5  0x00000000009be5ca in do_xarray_traverse
(ptr=18446744071941975336, is_root=1, ops=0x7fffffffce90) at
tools.c:4849
#6  0x0000000000a127d3 in do_xarray (root=18446744071941975336,
flag=1, xp=0x0, type=0) at filesys.c:4409
#7  0x0000000000a1c7d9 in refresh_xarray_task_table () at task.c:2613
#8  0x0000000000a16c07 in task_init () at task.c:670
#9  0x00000000009aa445 in main_loop () at main.c:799
#10 0x0000000000807add in captured_main (data=<optimized out>) at main.c:1374
#11 gdb_main (args=<optimized out>) at main.c:1407
#12 0x0000000000807b45 in gdb_main_entry (argc=2, argv=0x7fffffffd908)
at main.c:1434
#13 0x0000000000a61d0b in gdb_main_loop (argc=2, argv=0x7fffffffd908)
at gdb_interface.c:81
#14 0x00000000009aa290 in main (argc=3, argv=0x7fffffffd908) at main.c:732
(gdb) p offset_table.page_flags
$1 = 0
(gdb) p offset_table.folio__flags_1
$2 = -1
20438 if (!(v & (1 << PG_head)))
(gdb) p v
$3 = 112

crash: invalid structure member offset: folio__flags_1
       FILE: memory.c  LINE: 20442  FUNCTION: folio_order()

Kernel version: 4.20.0-0.rc3, also I see plenty of similar regressions
for kernels 4.18, 5.2 ...

2)
Also emerge some warnings:

bpf: invalid kernel virtual address: 0  type: "folio.page.flags"

#0  readmem (addr=0, memtype=1, buffer=0x7fffffff9998, size=8,
type=0xda350f "folio.page.flags", error_handle=1) at memory.c:2411
#1  0x0000000000a0595a in folio_order (folio=0) at memory.c:20436
#2  0x0000000000a1243b in do_xarray_count (node=0, slot=0,
path=0x7fffffff9a20 "direct", index=0, private=0x7fffffffa070)
    at filesys.c:4275
#3  0x00000000009be592 in do_xarray_traverse
(ptr=18446744072013761824, is_root=1, ops=0x7fffffffa050) at
tools.c:4846
#4  0x0000000000a127d3 in do_xarray (root=18446744072013761824,
flag=1, xp=0x0, type=0) at filesys.c:4409
#5  0x0000000000a7512b in bpf_init (bpf=0x12b3e80 <bpf_info>) at bpf.c:346
#6  0x0000000000a7568f in do_bpf (flags=0, prog_id=0, map_id=0,
radix=0) at bpf.c:438
#7  0x0000000000a747ea in cmd_bpf () at bpf.c:215
#8  0x00000000009aa7e1 in exec_command () at main.c:904
#9  0x00000000009aa5d3 in main_loop () at main.c:851
#10 0x0000000000807add in captured_main (data=<optimized out>) at main.c:1374
#11 gdb_main (args=<optimized out>) at main.c:1407
#12 0x0000000000807b45 in gdb_main_entry (argc=2, argv=0x7fffffffd918)
at main.c:1434
#13 0x0000000000a61d0b in gdb_main_loop (argc=2, argv=0x7fffffffd918)
at gdb_interface.c:81
#14 0x00000000009aa290 in main (argc=3, argv=0x7fffffffd918) at main.c:732

Could you please check for those?

Thanks,
Tao Liu

...
 +
  #ifdef NOT_USED
  ulong
  slab_to_kmem_cache_node(struct meminfo *si, ulong slab_page)
 diff --git a/symbols.c b/symbols.c
 index e6865ca..19fcc03 100644
 --- a/symbols.c
 +++ b/symbols.c
 @@ -10451,6 +10451,7 @@ dump_offset_table(char *spec, ulong makestruct)
          fprintf(fp, "                  page_private: %ld\n",
OFFSET(page_private));
         fprintf(fp, "                page_page_type: %ld\n",
                 OFFSET(page_page_type));
 +       fprintf(fp, "                folio__flags_1: %ld\n",
OFFSET(folio__flags_1));

         fprintf(fp, "        trace_print_flags_mask: %ld\n",
                 OFFSET(trace_print_flags_mask));
 @@ -11961,6 +11962,7 @@ dump_offset_table(char *spec, ulong makestruct)
         fprintf(fp, "\n                    size_table:\n");
         fprintf(fp, "                          page: %ld\n", SIZE(page));
         fprintf(fp, "                    page_flags: %ld\n",
SIZE(page_flags));
 +       fprintf(fp, "                folio__flags_1: %ld\n",
SIZE(folio__flags_1));
         fprintf(fp, "             trace_print_flags: %ld\n",
SIZE(trace_print_flags));
          fprintf(fp, "              free_area_struct: %ld\n",
                 SIZE(free_area_struct));
 --
 2.43.0

 --
 Crash-utility mailing list -- devel(a)lists.crash-utility.osci.io
 To unsubscribe send an email to devel-leave(a)lists.crash-utility.osci.io
 https://${domain_name}/admin/lists/devel.lists.crash-utility.osci.io/
 Contribution Guidelines: https://github.com/crash-utility/crash/wiki 

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[Crash-utility] Re: [PATCH 2/4] add folio_order function