Bug 217010

Summary: unmapped pages of shared memory sectors, get allocated during coredump
Product: Memory Management Reporter: abhida
Component: Page AllocatorAssignee: Andrew Morton (akpm)
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 6.1, 6.0, 5.18, 5.15.64, 5.4.212 Subsystem:
Regression: No Bisected commit-id:
Attachments: incorrect attachment,please ignore this attachment
unix commands that reproduce the issue

Description abhida 2023-02-07 05:05:26 UTC 
Created attachment 303703 [details]
incorrect attachment,please ignore this attachment

It is observed that unmapped regions of a shared memory sector in any programs virtual address space, get forcefully mapped and allocated when the program generates a coredump. 

This behavior is observed in kernels 6.1, 6.0, 5.18, 5.15, and 5.4. All though other kernel versions were not tested, the issue is more than likely present in all other kernel versions. 

The issue can be reproduced by running following program, called fractional_memeater.bin, the source code for this program is shared at the end of the bug report.

The attachment in this bugreport, is a screenshot of all the commands that reproduces the bug. The commands should be executed in sequential order. 

Before running the instructions in the attachment, run "ulimit -c unlimited","ulimit unlimited". This insures the ulimit sizes are set to the largest value. Also set the corepattern to "core" using "echo core >  /proc/sys/kernel/core_pattern" and the corefilter to "echo 0x0000007B > /proc/self/coredump_filter".

By setting the coredump_filter, flag to 0x0000007B, all types of pages will be collected during allocation. Setting the corepattern to "core", will generate the corefile, in the same path as the program. The program has to be terminated with kill -6 <pid_of_program>, as shown in the attachment. 

All the details of coredump_filter and corepattern are referenced here:

https://www.google.com/search?q=linux+coredump+size&rlz=1C1GCEA_enCA1014CA1014&oq=linux+coredump+size&aqs=chrome..69i57j0i10i22i30l2j0i22i30l3j0i390.3589j0j7&sourceid=chrome&ie=UTF-8

fractional_memeater.c source code:
----------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>

int main(int argc, char **argv){
        
	char * shm_name = "shmemtest";
	int size = 4096;
	int fraction = 1;
	char * addr = NULL;
	int errstr = -1;

	if(argc > 1){
		size = atoi(argv[1]);
	}

	if(argc > 2){
		fraction = atoi(argv[2]);
	}

	if(argc > 3){
		shm_name = argv[3];
	}

	int fd = shm_open(shm_name, O_RDWR|O_CREAT, S_IREAD|S_IWRITE);

	if(fd == -1){
		int errstr = errno;
		printf("shm_open failed, errno: %d\n", errstr);
		return -1;
	}

	if(ftruncate(fd,size) == -1){
		errstr = errno;
		printf("ftruncate error, errno: %d\n", errstr);
		return -1;

	}

	addr = (char *) mmap(NULL, size, PROT_READ|PROT_WRITE,MAP_SHARED,fd,0);
        
        if(addr == NULL){
		printf("addr = NULL\n");
		return -1;
	}

	if(size > 4096){
		size = size/fraction;
	}

	for(int i = 0; i < size; i++){
		addr[i] = 'c';
	}

        printf("pid: %d\n", getpid());
	printf("fd: %d\n", fd);
	printf("addr: %p\n", addr);
	printf("size: %d\n", size);
	while(1){};

	return 0;
}
Comment 1 abhida 2023-02-07 05:09:02 UTC 
Created attachment 303704 [details]
unix commands that reproduce the issue
Comment 2 Andrew Morton 2023-02-07 21:47:25 UTC 
Well, we have to page that memory in to dump it?  What do you think the kernel should be doing in this sitiation?