Bug 217010 - unmapped pages of shared memory sectors, get allocated during coredump
Summary: unmapped pages of shared memory sectors, get allocated during coredump
Status: NEW
Alias: None
Product: Memory Management
Classification: Unclassified
Component: Page Allocator (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Andrew Morton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-07 05:05 UTC by abhida
Modified: 2023-02-07 21:47 UTC (History)
0 users

See Also:
Kernel Version: 6.1, 6.0, 5.18, 5.15.64, 5.4.212
Subsystem:
Regression: No
Bisected commit-id:

Attachments
incorrect attachment,please ignore this attachment (38.20 KB, image/png)
2023-02-07 05:05 UTC, abhida 		Details
unix commands that reproduce the issue (212.21 KB, image/png)
2023-02-07 05:09 UTC, abhida 		Details
Add an attachment (proposed patch, testcase, etc.)

Description abhida 2023-02-07 05:05:26 UTC 
Created attachment 303703 [details]
incorrect attachment,please ignore this attachment

It is observed that unmapped regions of a shared memory sector in any programs virtual address space, get forcefully mapped and allocated when the program generates a coredump. 

This behavior is observed in kernels 6.1, 6.0, 5.18, 5.15, and 5.4. All though other kernel versions were not tested, the issue is more than likely present in all other kernel versions. 

The issue can be reproduced by running following program, called fractional_memeater.bin, the source code for this program is shared at the end of the bug report.

The attachment in this bugreport, is a screenshot of all the commands that reproduces the bug. The commands should be executed in sequential order. 

Before running the instructions in the attachment, run "ulimit -c unlimited","ulimit unlimited". This insures the ulimit sizes are set to the largest value. Also set the corepattern to "core" using "echo core >  /proc/sys/kernel/core_pattern" and the corefilter to "echo 0x0000007B > /proc/self/coredump_filter".

By setting the coredump_filter, flag to 0x0000007B, all types of pages will be collected during allocation. Setting the corepattern to "core", will generate the corefile, in the same path as the program. The program has to be terminated with kill -6 <pid_of_program>, as shown in the attachment. 

All the details of coredump_filter and corepattern are referenced here:

https://www.google.com/search?q=linux+coredump+size&rlz=1C1GCEA_enCA1014CA1014&oq=linux+coredump+size&aqs=chrome..69i57j0i10i22i30l2j0i22i30l3j0i390.3589j0j7&sourceid=chrome&ie=UTF-8

fractional_memeater.c source code:
----------------------------------

#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>

int main(int argc, char **argv){
        
	char * shm_name = "shmemtest";
	int size = 4096;
	int fraction = 1;
	char * addr = NULL;
	int errstr = -1;

	if(argc > 1){
		size = atoi(argv[1]);
	}

	if(argc > 2){
		fraction = atoi(argv[2]);
	}

	if(argc > 3){
		shm_name = argv[3];
	}

	int fd = shm_open(shm_name, O_RDWR|O_CREAT, S_IREAD|S_IWRITE);

	if(fd == -1){
		int errstr = errno;
		printf("shm_open failed, errno: %d\n", errstr);
		return -1;
	}

	if(ftruncate(fd,size) == -1){
		errstr = errno;
		printf("ftruncate error, errno: %d\n", errstr);
		return -1;

	}

	addr = (char *) mmap(NULL, size, PROT_READ|PROT_WRITE,MAP_SHARED,fd,0);
        
        if(addr == NULL){
		printf("addr = NULL\n");
		return -1;
	}

	if(size > 4096){
		size = size/fraction;
	}

	for(int i = 0; i < size; i++){
		addr[i] = 'c';
	}

        printf("pid: %d\n", getpid());
	printf("fd: %d\n", fd);
	printf("addr: %p\n", addr);
	printf("size: %d\n", size);
	while(1){};

	return 0;
}
Comment 1 abhida 2023-02-07 05:09:02 UTC 
Created attachment 303704 [details]
unix commands that reproduce the issue
Comment 2 Andrew Morton 2023-02-07 21:47:25 UTC 
Well, we have to page that memory in to dump it?  What do you think the kernel should be doing in this sitiation?
Note You need to log in before you can comment on or make changes to this bug.