My favorites | Sign in
Project Home Downloads Wiki Issues Code Search
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 208052: Render crashes are not uploading to the crash server.
4 people starred this issue and may be notified of changes. Back to list
 
Project Member Reported by son...@chromium.org, Jan 13, 2012
Chrome OS Version  :  1563.7.0
Chrome Version     :  18.0.1003.1
Type of computer   :  All


Please specify Area-Crash reporting

Please specify Area-Crash reporting.

What steps will reproduce the problem?
1. Sign in to the device.
2. Enable send usage statistics and crash reports option from wrench menu -> settings -> Under the Hood
3. Open google.com and navigate to about:crash to trigger a render crash.

What is the expected output?
Render crash should be uploaded to the server.

What do you see instead?
Did not find any render crash report in server.

How frequently does this problem reproduce? (Always, sometimes, hard to
reproduce?)
Always.

Mar 17, 2013
#1 bugdro...@chromium.org
(No comment was entered for this change.)
Blocking: chromium-os:25196
Jan 13, 2012
#2 dd...@chromium.org
(No comment was entered for this change.)
Status: Assigned
Owner: mkr...@chromium.org
Jan 13, 2012
#3 mkr...@chromium.org
I'll assign this to thestig@ in case he knows what might be going on with chrome crashes, but I'll try looking into it as well.
Owner: thestig@chromium.org
Jan 13, 2012
#4 mkr...@chromium.org
(No comment was entered for this change.)
Cc: mkr...@chromium.org
Labels: Iteration-47
Jan 13, 2012
#5 thestig@chromium.org
It works on Linux 18.0.1003.1:
http://crash/reportdetail?reportid=6f365a8da6fa9be7

So crash generation on the Chrome side is working. *waves hands in the air*

kmixter: wanna find a CrOS owner for this? Feel free to kick it back to me if you end up discovering Chrome is misbehaving somehow.
Owner: kmix...@chromium.org
Jan 13, 2012
#6 kmix...@chromium.org
Bouncing back to mkrebs - he owns Chrome OS crash reporting.
Owner: mkr...@chromium.org
Jan 13, 2012
#7 son...@chromium.org
This issue is present in TOT also.
Jan 13, 2012
#8 mkr...@chromium.org
I'm getting this error on 18.0.1005.0 (1571.0.0) when I try about:crash:

    [1319:1341:318586561:WARNING:crash_handler_host_linux.cc(286)] Could not translate tid - assuming crashing thread is thread group leader; syscall_supported=1
    [1319:1337:318592261:ERROR:crash_handler_host_linux.cc(348)] Failed to write crash dump for pid 5804

Breakpad doesn't give any reason _why_ it failed to write the crash dump, though.

Cc: benc...@chromium.org
Jan 13, 2012
#9 thestig@chromium.org
We'll need to look into google_breakpad::WriteMinidump() and see why it fails. The WARNING message might be a red herring.
Jan 13, 2012
#10 mkr...@chromium.org
Wow... I think I finally tracked this down (through lots of gdb fun).  The problem is that the chrome browser can no longer attach to the crashing process's threads with ptrace(PTRACE_ATTACH,...).  This ultimately results in Breakpad failing to write the minidump.

It looks like the change for  issue 22137  is what enabled this ptrace restriction for Chrome OS.  Indeed, if I run "echo 0 > /proc/sys/kernel/yama/ptrace_scope" then the about:crash is reported again.

I think the "correct" fix is to have each process call "prctl(PR_SET_PTRACER, browser_pid, 0, 0, 0)" to allow the browser to attach to it.  This seems to have been addressed in Breakpad itself with  issue chromium:46368 .  I guess the analogous change for Chrome would be to add that call to chrome/app/breakpad_linux.cc:NonBrowserCrashHandler().  Although if the browser's PID is not know in that context, maybe it can be called when the process is first launched?

Given this is a ReleaseBlocker, I would suggest either adding the PR_SET_PTRACER fix really soon or temporarily disabling the ptrace restriction -- until chrome can be fixed to handle it.  I've assigned this to keescook@ because I'm figuring that disabling the ptrace restriction for now is the easiest/fastest way to unblock the R18 Dev release.  But I'm not sure if there are other implications to doing that.  keescook@, if you don't think this is feasible I would probably suggest assigning this back to thestig@ to implement the PR_SET_PTRACER change in Chrome.  ..or, given you know a lot about this stuff from the kernel side as well, maybe you have another solution?

Owner: keesc...@chromium.org
Cc: thestig@chromium.org keesc...@chromium.org
Jan 14, 2012
#11 keesc...@chromium.org
The PR_SET_PTRACER changes should happen no matter what. We can easily disable the ptrace restrictions in chromeos_init or similar.
Status: Started
Jan 14, 2012
#12 keesc...@chromium.org
Additionally, is there an autotest for catching this sort of regression? It seems the existing crash reporting tests never noticed this problem. :(
Jan 17, 2012
#14 mkr...@chromium.org
keescook@'s change got bounced back by the Commit Queue.  From what I can tell, it looks like amd64-corei7-commit-queue is down, so I'm guessing he can't get this change in until that's fixed. :(

And I can look into the autotest issue.. I wondered the same thing.

Jan 17, 2012
#15 son...@chromium.org
Still able to reproduce this issue with build "1590.0.0"
Cc: dd...@google.com
Jan 17, 2012
#16 mkr...@chromium.org
keescook@'s change went in @10:41 this morning.  (As an aside, shouldn't bugdroid1@ have automatically added a comment about this?)

The problem of there not having been an autotest to catch this is being tracked in  issue 25135 .

Jan 17, 2012
#17 or...@chromium.org
I don't see the change in 1591.0.0 either. Does this repro on R17 builds too? 
Jan 17, 2012
#18 keesc...@chromium.org
No, R17 did not contain the Yama security restrictions. This should only impact R18.
Status: Fixed
Jan 17, 2012
#19 son...@chromium.org
chromeos version: 1590.0.0
chrome version: 18.0.1010.0

This issue is still present in Alex,Alex-he,ZGB,ZGB-he,mario.

For Lumpy and Stumpy renderer crashes are uploading to the server.

Jan 17, 2012
#20 bugdro...@chromium.org
Commit: 2f1395ea7c462fd61ce3b232f0881a195134693e
 Email: keescook@chromium.org

chromeos_startup: disable ptrace restrictions

Disable ptrace restrictions until Chrome calls PR_SET_PTRACER.

BUG=chromium-os:25087
TEST=x86-alex build & boot

Change-Id: I78787b6794a6422313a8a8edd5687933e9846907
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/14217
Reviewed-by: Michael Krebs <mkrebs@chromium.org>

M	chromeos_startup
Jan 18, 2012
#21 keesc...@chromium.org
I've opened this to track the need for PR_SET_PTRACER in Chrome:
https://code.google.com/p/chromium-os/issues/detail?id=25195
Jan 18, 2012
#22 keesc...@chromium.org
(No comment was entered for this change.)
Blocking: 25196
Jan 18, 2012
#23 bugdro...@chromium.org
Commit: 9a15c753307795c7dd2feba1717743217e471303
 Email: keescook@chromium.org

temporarily disable security_ptraceRestrictions

Due to crosbug.com/25087, ptrace restrictions have been temporarily
disabled. Adjust the autotest suite to match.

BUG=chromium-os:25087
TEST=x86-alex passes when ptrace_scope manually set to 0.

Change-Id: Ibd97455b4f959bb4425d2504a92a8376059aaed3
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/14384
Reviewed-by: Elly Jones <ellyjones@chromium.org>

M	server/site_tests/suites/control.security
Jan 18, 2012
#24 bugdro...@chromium.org
Commit: 81ef72e1638661333aaa53aa8ea56790df99b24e
 Email: keescook@chromium.org

chromeos_startup: disable ptrace restrictions

Disable ptrace restrictions until Chrome calls PR_SET_PTRACER.

BUG=chromium-os:25087
TEST=x86-alex build & boot

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/14217
Reviewed-by: Michael Krebs <mkrebs@chromium.org>
(cherry picked from commit 2f1395ea7c462fd61ce3b232f0881a195134693e)

Change-Id: Ibb56168ecdb7674018a889a7bcdd423f914a8a73
Reviewed-on: https://gerrit.chromium.org/gerrit/14434
Tested-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Michael Krebs <mkrebs@chromium.org>

M	chromeos_startup
Jan 19, 2012
#25 son...@chromium.org
Verified on build "1590.2.0"
Status: Verified
Feb 23, 2012
#26 bugdro...@chromium.org
Commit: 7de89eb02c3bec3a21467dd89b555df6fe6930ea
 Email: keescook@chromium.org

Re-enable security_ptraceRestrictions in the security suite

This reverts commit 9a15c753307795c7dd2feba1717743217e471303.

BUG=chromium-os:25087
TEST=Ran security suite successfully.

Change-Id: I94fe64626c5fbcbabf771603e8c481c92bd4e093
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/16503
Reviewed-by: Jim Hebert <jimhebert@chromium.org>

M	server/site_tests/suites/control.security
Apr 6, 2012
#27 dd...@chromium.org
(No comment was entered for this change.)
Labels: -Mstone-R18 Mstone-18
May 15, 2012
#28 chromeos...@chromium.org
(No comment was entered for this change.)
Labels: FixedIn-1817.0.0 FixedInIndex-3d
Blocking: -25196 chromium-os:25196
Mar 6, 2013
#29 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: OS-Chrome
Blocking: -chromium-os:25196 chromium-os:25196
Mar 9, 2013
#30 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Type-Bug -Regression Type-Bug-Regression
Mar 9, 2013
#31 bugdro...@chromium.org
(No comment was entered for this change.)
Labels: -Area-Logging -Mstone-18 M-18 Cr-Internals-Logging
Sign in to add a comment

Powered by Google Project Hosting