Debugging Chrome Crashpad crash report from Mac

2k views Asked by At

My application somehow manages to crash a customer's Chrome browser on Mac. I asked the customer to enable crash reports and send me the dump file next time it happens. I got a Crashpad.zip file that contains a bunch of .dmp files. I suppose each file represents a Chrome tab's process. Trying to open these dumps with Visual Studio or WinDbg doesn't work. Note that the dump files were captured on Mac and I'm working on Windows.

When trying to see the callstack with ~k I get the output:

0:000> ~k
 # Child-SP          RetAddr               Call Site
00 00000001`6ee35960 00000000`00000000     Google_Chrome_Framework+0x4486b50

When trying to load symbols from Chromium symbol server I get:

0:000> .sympath+ SRV\*C:\symbols\*https://chromium-browser-symsrv.commondatastorage.googleapis.com
Symbol search path is: srv*;https://chromium-browser-symsrv.commondatastorage.googleapis.com;SRV\*C:\symbols\*https://chromium-browser-symsrv.commondatastorage.googleapis.com
Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols;https://chromium-browser-symsrv.commondatastorage.googleapis.com;srv\*c:\symbols\*https://chromium-browser-symsrv.commondatastorage.googleapis.com

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Deferred                                       https://chromium-browser-symsrv.commondatastorage.googleapis.com
Deferred                                       SRV\*C:\symbols\*https://chromium-browser-symsrv.commondatastorage.googleapis.com
*** WARNING: Unable to verify timestamp for Google Chrome Framework
0:000> .reload
................................................................
................................................................
................................................................
................................................
Unable to load image /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Google Chrome Framework, Win32 error 0n2
*** WARNING: Unable to verify timestamp for Google Chrome Framework

************* Symbol Loading Error Summary **************
Module name            Error
Google Chrome Framewor The system cannot find the file specified

My question is how can I get symbols for the crash dump and debug it?

1

There are 1 answers

0
William Messmer On

Crashpad writes its dumps in what is, effectively, a Windows minidump format. The current WinDbg Preview (1.2205.18001.0) in the Microsoft store can indeed open and debug crashpad dumps from platforms other than Windows (including Linux and Mac OS). It understands and has support for MachO images, MachO symbols, and private DWARF symbols contained in MachO.

That said -- for that to be useful -- the images and symbols for what is loaded in the target process need to be discoverable by the debugger. I have limited experience on the Chromium front; however, as far as I'm aware, the symbol servers only index the Windows versions there.

Linux ELF and Mac MachO images can indeed be indexed on a symbol server. Documentation regarding that and the indexing key formats is available at https://github.com/dotnet/symstore/blob/main/docs/specs/SSQP_Key_Conventions.md

If you have the images/symbols from downloading something directly (e.g.: a debug package, etc...), you can put them in a local path, point the debugger at such with .sympath and .reload.

I believe that Chromium also has their own set of tools for extracting information from crashpad dumps: https://www.chromium.org/developers/decoding-crash-dumps/