[Diagnostics] Add in-proc crash report watchdog (#128281)

Adds a watchdog for the in-proc crash report generation so a hung crash
reporter cannot leave the process stuck indefinitely.

The in-proc crash reporter runs while the process is already handling a
fatal signal. If the reporter hangs, OS-level watchdogs are not reliable
across all relevant app locations, especially worker/background-thread
crashes. This bounds reporter execution time and ensures the process
eventually terminates instead of remaining stuck.

The watchdog is initialized outside the crash path, uses a pipe-backed
notification channel, and keeps the crash-reporting path limited to
async-signal-safe `write()` calls. If report generation starts but does
not finish before the configured timeout, the watchdog aborts the
process with SIGABRT.
 
 - Adds `inproccrashreportwatchdog.{h,cpp}`.
- Arms the watchdog when `InProcCrashReporter::CreateReport()` begins
and disarms it when report generation exits.
- Uses a detached watchdog thread plus a nonblocking pipe instead of
semaphores for POSIX compatibility.
- Blocks fatal signals on the watchdog thread so process-directed crash
signals do not land there.
 - Adds `DOTNET_CrashReportTimeoutSeconds`.
   - Default: `30`
   - `0` disables the watchdog for diagnostics/debugging.
- Keeps watchdog initialization best-effort; if initialization fails,
crash reporting proceeds without the watchdog.

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: mdh1418

src/coreclr/debug/crashreport/CMakeLists.txt

@@ -5,8 +5,10 @@ set(CRASHREPORT_SOURCES
     signalsafejsonwriter.cpp
     signalsafeconsolewriter.cpp
     inproccrashreporter.cpp
+    inproccrashreportwatchdog.cpp
 )
 
 add_library(inproccrashreport OBJECT ${CRASHREPORT_SOURCES})
+target_include_directories(inproccrashreport PRIVATE ${CLR_DIR}/pal/src/include)
 
 target_sources(coreclrpal PRIVATE $<TARGET_OBJECTS:inproccrashreport>)

src/coreclr/debug/crashreport/inproccrashreporter.cpp

@@ -6,6 +6,7 @@
 // Streams a createdump-shaped JSON skeleton to a crashreport.json file.
 
 #include "inproccrashreporter.h"
+#include "inproccrashreportwatchdog.h"
 #include "signalsafeconsolewriter.h"
 #include "signalsafejsonwriter.h"
 #include "signalsafeformatter.h"
@@ -15,6 +16,7 @@
 
 #include <fcntl.h>
 #include <errno.h>
+#include <stdlib.h>
 #include <new>
 #include <unistd.h>
 #include <string.h>
@@ -608,6 +610,7 @@ InProcCrashReporter::CreateReport(
     {
         return;
     }
+    CrashReportWatchdogScope watchdogScope;
 
     m_reportFilePath[0] = '\0';
     // The JSON file sink is only enabled when DbgMiniDumpName supplied a
@@ -746,6 +749,8 @@ InProcCrashReporter::Initialize(
     m_stackOverflowTrace.available = 0;
     CrashReportHelpers::CopyString(m_reportPath, sizeof(m_reportPath), settings.reportPath);
 
+    (void)CrashReportWatchdog::TryInitialize(settings.timeoutSeconds);
+
     m_processName[0] = '\0';
 #if defined(__ANDROID__)
     // On Android every app forks from the Zygote, so /proc/self/exe always

src/coreclr/debug/crashreport/inproccrashreporter.h

@@ -74,6 +74,7 @@ using InProcCrashReportModuleInfoCallback = bool (*)(
 struct InProcCrashReporterSettings
 {
     const char* reportPath;
+    int timeoutSeconds;
     InProcCrashReportIsManagedThreadCallback isManagedThreadCallback;
     InProcCrashReportWalkStackCallback walkStackCallback;
     InProcCrashReportEnumerateThreadsCallback enumerateThreadsCallback;