kexec: locate_hole failed regression since v2.0.27

Matthias Gerstner matthias.gerstner at nefkom.net
Thu Mar 27 14:21:24 PDT 2025 

Hello list,

I just stumbled over whats looks like a regression in `kexec -l <kernel>`
that was introduced in release v2.0.27. I'm using kexec on amd64 in an initrd
context and made a bigger jump from v2.0.20 to v2.0.30. After that kexec
failed with:

```
$ kexec -l /path/to/kernel
Could not find a free area of memory of 0x9000 bytes...
locate_hole failed
```

I can also reproduce the error on my regulaer desktop system, however, so it
is not specific to the initrd scenario.

I digged a bit deeper and found that the regression was introduced via commit
29fe5067ed07, which implies the `-a` / `--kexec-syscall-auto` option. In the
debugger I see that `info->memory_ranges` is 0 and `get_memory_ranges()` was
never called when `locate_hole()` is executed. When running `kexec -c -l
/path/to/kernel` then everything works as before.

Here is a `gdb` backtrace from the spot where the error pops up:

    Breakpoint 2, locate_hole (info=0x7fffffffd690, hole_size=36864, hole_align=4096, hole_min=12288,
        hole_max=655360, hole_end=-1) at kexec/kexec.c:314
    314                     fprintf(stderr, "Could not find a free area of memory of "
    (gdb) p *info
    $2 = {segment = 0x0, nr_segments = 0, memory_range = 0x0, memory_ranges = 0, crash_range = 0x0,
      nr_crash_ranges = 0, entry = 0x0, rhdr = {ei_class = 2, ei_data = 1, e_type = 1, e_machine = 62, e_version = 1,
        e_flags = 0, e_phnum = 0, e_shnum = 17, e_shstrndx = 16, e_entry = 1872, e_phoff = 0, e_shoff = 35104,
        e_notenum = 1, e_phdr = 0x0, e_shdr = 0x55555566b5d0, e_note = 0x55555566baa0, rel_addr = 0, rel_size = 0},
      backup_start = 0, kexec_flags = 0, backup_src_start = 0, backup_src_size = 0, file_mode = 1, kernel_fd = -1,
      initrd_fd = -1, command_line = 0x0, command_line_len = 0, skip_checks = 0, elfcorehdr = 0}
    (gdb) bt
    #0  locate_hole (info=0x7fffffffd690, hole_size=36864, hole_align=4096, hole_min=12288, hole_max=655360,
        hole_end=-1) at kexec/kexec.c:314
    #1  0x000055555555bdaa in add_buffer_phys_virt (info=0x7fffffffd690, buf=0x55555566c640, bufsz=28896,
        memsz=36864, buf_align=4096, buf_min=12288, buf_max=655360, buf_end=-1, phys=0) at kexec/kexec.c:396
    #2  0x000055555555be46 in add_buffer_virt (info=0x7fffffffd690, buf=0x55555566c640, bufsz=28896, memsz=36864,
        buf_align=4096, buf_min=12288, buf_max=655360, buf_end=-1) at kexec/kexec.c:410
    #3  0x000055555556796c in add_buffer (info=0x7fffffffd690, buf=0x55555566c640, bufsz=28896, memsz=36864,
        buf_align=4096, buf_min=12288, buf_max=655360, buf_end=-1) at kexec/add_buffer.c:12
    #4  0x0000555555562243 in elf_rel_load (ehdr=0x7fffffffd6c8, info=0x7fffffffd690, min=12288, max=655360, end=-1)
        at kexec/kexec-elf-rel.c:259
    #5  0x0000555555562a91 in elf_rel_build_load (info=0x7fffffffd690, ehdr=0x7fffffffd6c8,
        buf=0x555555580a40 <purgatory> "\177ELF\002\001\001", len=36192, min=12288, max=655360, end=-1, flags=0)
        at kexec/kexec-elf-rel.c:436
    #6  0x000055555556894c in do_bzImage_load (info=0x7fffffffd690,
        kernel=0x7ffff7464010 '\377' <repeats 200 times>..., kernel_len=8655872, command_line=0x55555566b5b0 "",
        command_line_len=1, initrd=0x0, initrd_len=0, dtb=0x0, dtb_len=0, real_mode_entry=0)
        at kexec/arch/i386/kexec-bzImage.c:211
    #7  0x00005555555694ec in bzImage_load (argc=3, argv=0x7fffffffd958,
        buf=0x7ffff7464010 '\377' <repeats 200 times>..., len=8655872, info=0x7fffffffd690)
        at kexec/arch/i386/kexec-bzImage.c:467
    #8  0x000055555555e269 in do_kexec_file_load (fileind=2, argc=3, argv=0x7fffffffd958, flags=0)
        at kexec/kexec.c:1367
    #9  0x000055555555ed65 in main (argc=3, argv=0x7fffffffd958) at kexec/kexec.c:1758

I'm not sure how the collection of the memory ranges is supposed to work in
this context. The kernel I'm running does have CONFIG_KEXEC_FILE=y set in any
case. I'm also not seeing any relevant failed system calls until the error is
hit.

Regards

Matthias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/kexec/attachments/20250327/5f95dd18/attachment.sig>

More information about the kexec mailing list