Catch a core dump of the Chrome renderer process

[Denis Glotov]

Hi fellow devs!

How can I catch a core dump of the Chrome renderer process that crashes?

I touched /mnt/stateful_partition/etc/enable_chromium_coredumps so that session_manager_setup.sh prepares core dump recording (does ulimit -s unlimited),

I removed /etc/init/crash-reporter.conf so it does not tie up,

I removed "/home/chronos/Consent To Send Stats" so the renderer does not catch its own crash (and send it to go/crash),

I rebooted,

I made sure that /proc/sys/kernel/core_pattern is now set to /mnt/stateful_partition/var/coredumps/core.%e.%p

After all that, crashes in the main Chrome process does dump a core, but renderer processes still does not (just dies silently).

Maybe a renderer, as a child process of the main Chrome, does not inherit core file limit, that is 0 by default? Any ideas?
--
Thank you,
Denis

[Antoine Labour]

Try adding --no-sandbox to the chrome flags in /sbin/session_manager_sandbox.sh

Antoine

 

--
Thank you,
Denis

--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en

[Denis Glotov]

Thank you, Antonie, that worked.

Looks that sandboxed processes don't have access to /mnt/stateful_partition/var/coredumps to save coredump to.

Also looks that --disable-seccomp-sandbox is not enough.

--
Thank you,
Denis

[Antoine Labour]

On Mon, Jul 4, 2011 at 6:39 AM, Denis Glotov <glo...@chromium.org> wrote:

Thank you, Antonie, that worked.

Looks that sandboxed processes don't have access to /mnt/stateful_partition/var/coredumps to save coredump to.

Correct.

 

Also looks that --disable-seccomp-sandbox is not enough.

This only disables one kind of sandbox (the "seccomp" one). --no-sandbox also disables the SUID one.

Antoine

[Denis Glotov]

Hi Antoine! 

After the recent sync, I began to get crashes in ppapi [1] if I use --no-sandbox flag. 

Maybe we could leave renderers in sandboxes, but specify core_pattern to something easy, like core.%e.%s? What is the current dir for sandboxed renderers? Is it writable?

BTW, I could not find any document about how Sandbox work in Linux. This one (http://www.chromium.org/developers/design-documents/sandbox) is for Windows. Is there any?

[1] (gdb) bt

#0  0x71f84cd0 in ?? ()

#1  0x762af32e in webkit::ppapi::PluginModule::~PluginModule (this=0x781118b8, __in_chrg=<value optimized out>)

    at webkit/plugins/ppapi/plugin_module.cc:440

#2  0x7548016d in Release () at ./base/memory/ref_counted.h:95

#3  ~scoped_refptr () at ./base/memory/ref_counted.h:241

#4  PepperPluginRegistry () at content/common/pepper_plugin_registry.cc:198

#5  PepperPluginRegistry::GetInstance () at content/common/pepper_plugin_registry.cc:116

#6  0x766de366 in RendererMain (parameters=...) at content/renderer/renderer_main.cc:200

#7  0x741c70b0 in (anonymous namespace)::RunZygote (main_function_params=...) at chrome/app/chrome_main.cc:485

#8  0x741c77d0 in RunNamedProcessTypeMain (argc=9, argv=0x7f8041c4) at chrome/app/chrome_main.cc:532

#9  ChromeMain (argc=9, argv=0x7f8041c4) at chrome/app/chrome_main.cc:858

#10 0x741c83f9 in main (argc=9, argv=0x7f8041c4) at chrome/app/chrome_exe_main_gtk.cc:46

-- 

Thank you,
Denis

[Antoine Labour]

On Thu, Jul 7, 2011 at 8:04 AM, Denis Glotov <glo...@chromium.org> wrote:

Hi Antoine! 

After the recent sync, I began to get crashes in ppapi [1] if I use --no-sandbox flag. 

I will try again, but I don't think I'm seeing this.

 

Maybe we could leave renderers in sandboxes, but specify core_pattern to something easy, like core.%e.%s? What is the current dir for sandboxed renderers? Is it writable?

IIRC it chroots into /proc, so no.

 

BTW, I could not find any document about how Sandbox work in Linux. This one (http://www.chromium.org/developers/design-documents/sandbox) is for Windows. Is there any?

http://code.google.com/p/chromium/wiki/LinuxSUIDSandbox

Antoine