---| overview Vulnerability: Chrome Null Pointer in InspectDataSource::StartDataRequest Date: 03/14/2012 Author: @HeyderAndrade (heyder.andrade[at]gmail[dot]com) Chrome Version: =< 21.0.1180.57 stable Operating System Tested: Win XP SP2, WIN7, Mac OS X 10.6.8 (10K549),Linux Ubuntu 12.04 Architecture: x86 and Amd64 ---| steps will reproduce this crash 1. Open the browser and visit any site that has an SSL certificate signed by a CA not trusted. an ssl error will be showed, DON'T click "proceed anayway". 2. Open a new tab and access chrome://inspect ps. I believe it should work with any ssl error, but i tested only with no valid CA error. ---| original OSX Crash Report Process: Google Chrome [767] Path: /Applications/Google Chrome.app/Contents/MacOS/Google Chrome Identifier: com.google.Chrome Version: 21.0.1180.57 (1180.57) Code Type: X86 (Native) Parent Process: launchd [158] Date/Time: 2012-08-08 22:53:09.442 -0300 OS Version: Mac OS X 10.6.8 (10K549) Report Version: 6 Interval Since Last Report: 19713 sec Crashes Since Last Report: 1 Per-App Interval Since Last Report: 19374 sec Per-App Crashes Since Last Report: 1 Anonymous UUID: B5BA5F00-E166-4923-9393-E0FC63561975 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 CrBrowserMain Dispatch queue: com.apple.main-thread ---| source code This vulnerability lies in the function call DCHECK (line 118 of the inspect_ui.cc) the render_process_host can be NULL. file: browser/ui/webui/inspect_ui.cc line: 188 function: DCHECK(render_process_host); ---| source code fix if (!render_process_host->HasConnection()) continue; ---| timeline of disclosure - discovery vulnerability - Ago 08, 2012 - code.google.com report - Aug 15, 2012 - Chromium community fix - Oct 11, 2012 - This disclosure - Mar 14, 2013 ---| references https://chromiumcodereview.appspot.com/11066114/ (for some reason this issue was removed) https://code.google.com/p/chromium/issues/detail?id=142979 (no public) Starting program: /home/user/chrome-linux/chrome --debug https://caixa.gov.br [Thread debugging using libthread_db enabled] [New Thread 0xb2735b70 (LWP 10475)] [New Thread 0xb1f34b70 (LWP 10476)] [New Thread 0xb1733b70 (LWP 10477)] [New Thread 0xb280db70 (LWP 10478)] [New Thread 0xb0666b70 (LWP 10479)] [New Thread 0xafe65b70 (LWP 10480)] [New Thread 0xaf664b70 (LWP 10481)] [New Thread 0xaee63b70 (LWP 10482)] [New Thread 0xae662b70 (LWP 10483)] [New Thread 0xade61b70 (LWP 10484)] [New Thread 0xad660b70 (LWP 10485)] [New Thread 0xace5fb70 (LWP 10486)] [New Thread 0xace3eb70 (LWP 10487)] [New Thread 0xace1db70 (LWP 10488)] [New Thread 0xacdfcb70 (LWP 10489)] [New Thread 0xac4eeb70 (LWP 10490)] [Thread 0xac4eeb70 (LWP 10490) exited] [New Thread 0xac4eeb70 (LWP 10491)] [New Thread 0xab0fbb70 (LWP 10492)] [New Thread 0xaa8fab70 (LWP 10497)] [New Thread 0xaa0f9b70 (LWP 10498)] [New Thread 0xa9282b70 (LWP 10515)] [Thread 0xa9282b70 (LWP 10515) exited] [New Thread 0xa97abb70 (LWP 10516)] [New Thread 0xa978ab70 (LWP 10519)] [New Thread 0xa9769b70 (LWP 10520)] Program received signal SIGSEGV, Segmentation fault. 0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) () #0 0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) () #1 0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource::*)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) () #2 0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) () #3 0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) () #4 0xb498cc31 in MessageLoop::DoWork() () #5 0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) () #6 0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) () #7 0xb498846e in MessageLoop::RunInternal() () #8 0xb49a4ae9 in base::RunLoop::Run() () #9 0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) () #10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() () #11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() () #12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) () #13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) () #14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() () #15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) () #16 0xb3fbe60b in ChromeMain () #17 0xb3fbe5c2 in main () Thread 25 (Thread 0xa9769b70 (LWP 10520)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 24 (Thread 0xa978ab70 (LWP 10519)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 23 (Thread 0xa97abb70 (LWP 10516)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 21 (Thread 0xaa0f9b70 (LWP 10498)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) () #4 0xb49bec19 in base::SequencedWorkerPool::Worker::Run() () #5 0xb49bf733 in base::SimpleThread::ThreadMain() () #6 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #7 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #8 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 20 (Thread 0xaa8fab70 (LWP 10497)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) () #3 0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #5 0xb498846e in MessageLoop::RunInternal() () #6 0xb49a4ae9 in base::RunLoop::Run() () #7 0xb498775e in MessageLoop::Run() () #8 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #9 0xb49bfa91 in base::Thread::ThreadMain() () #10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 19 (Thread 0xab0fbb70 (LWP 10492)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49be489 in base::SequencedWorkerPool::Inner::ThreadLoop(base::SequencedWorkerPool::Worker*) () #4 0xb49bec19 in base::SequencedWorkerPool::Worker::Run() () #5 0xb49bf733 in base::SimpleThread::ThreadMain() () #6 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #7 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #8 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 18 (Thread 0xac4eeb70 (LWP 10491)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb49bfa91 in base::Thread::ThreadMain() () #11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 16 (Thread 0xacdfcb70 (LWP 10489)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365342 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b24cc in base::ConditionVariable::TimedWait(base::TimeDelta const&) () #3 0xb49b36dd in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb498e11a in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #5 0xb498846e in MessageLoop::RunInternal() () #6 0xb49a4ae9 in base::RunLoop::Run() () #7 0xb498775e in MessageLoop::Run() () #8 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #9 0xb49bfa91 in base::Thread::ThreadMain() () #10 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #11 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #12 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 15 (Thread 0xace1db70 (LWP 10488)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 14 (Thread 0xace3eb70 (LWP 10487)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 13 (Thread 0xace5fb70 (LWP 10486)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f36b86 in poll () from /lib/tls/i686/cmov/libc.so.6 #2 0xb2a96718 in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #3 0xb2a948a3 in __libc_res_nquery () from /lib/tls/i686/cmov/libresolv.so.2 #4 0xb2a94e8b in ?? () from /lib/tls/i686/cmov/libresolv.so.2 #5 0xb2a95119 in __libc_res_nsearch () from /lib/tls/i686/cmov/libresolv.so.2 #6 0xabc80bd6 in _nss_dns_gethostbyname3_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #7 0xabc80f2b in _nss_dns_gethostbyname2_r () from /lib/tls/i686/cmov/libnss_dns.so.2 #8 0xb2f5bb0d in gethostbyname2_r () from /lib/tls/i686/cmov/libc.so.6 #9 0xb2f1d010 in ?? () from /lib/tls/i686/cmov/libc.so.6 #10 0xb2f1ea65 in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6 #11 0xb4a33e2a in net::SystemHostResolverProc(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #12 0xb4a23537 in net::(anonymous namespace)::CallSystemHostResolverProc::Resolve(std::string const&, net::AddressFamily, int, net::AddressList*, int*) () #13 0xb4a239a3 in net::HostResolverImpl::ProcTask::DoLookup(base::TimeTicks const&, unsigned int) () #14 0xb4a229b5 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (net::HostResolverImpl::ProcTask::*)(base::TimeTicks const&, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int), void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks, unsigned int)>, void ()(net::HostResolverImpl::ProcTask*, base::TimeTicks const&, unsigned int)>::Run(base::internal::BindStateBase*) () #15 0xb49c2701 in base::(anonymous namespace)::WorkerThread::ThreadMain() () #16 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #17 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #18 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 12 (Thread 0xad660b70 (LWP 10485)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb652797d in content::BrowserThreadImpl::IOThreadRun(MessageLoop*) () #11 0xb6529da3 in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 11 (Thread 0xade61b70 (LWP 10484)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527a1d in content::BrowserThreadImpl::CacheThreadRun(MessageLoop*) () #11 0xb6529db1 in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 10 (Thread 0xae662b70 (LWP 10483)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527abd in content::BrowserThreadImpl::ProcessLauncherThreadRun(MessageLoop*) () #11 0xb6529dbf in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 9 (Thread 0xaee63b70 (LWP 10482)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527b5d in content::BrowserThreadImpl::FileUserBlockingThreadRun(MessageLoop*) () #11 0xb6529dce in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 8 (Thread 0xaf664b70 (LWP 10481)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527bfd in content::BrowserThreadImpl::FileThreadRun(MessageLoop*) () #11 0xb6529dde in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 7 (Thread 0xafe65b70 (LWP 10480)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527c9d in content::BrowserThreadImpl::WebKitThreadRun(MessageLoop*) () #11 0xb6529dee in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 6 (Thread 0xb0666b70 (LWP 10479)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb6527d3d in content::BrowserThreadImpl::DBThreadRun(MessageLoop*) () #11 0xb6529dfe in content::BrowserThreadImpl::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 5 (Thread 0xb280db70 (LWP 10478)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3367f5b in read () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb4254037 in (anonymous namespace)::ShutdownDetector::ThreadMain() () #3 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #4 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #5 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 4 (Thread 0xb1733b70 (LWP 10477)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb3365015 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0 #2 0xb49b1d48 in base::ConditionVariable::Wait() () #3 0xb49b36f0 in base::WaitableEvent::TimedWait(base::TimeDelta const&) () #4 0xb49b3736 in base::WaitableEvent::Wait() () #5 0xb498e0c4 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb49bfa91 in base::Thread::ThreadMain() () #11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 3 (Thread 0xb1f34b70 (LWP 10476)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f3d971 in select () from /lib/tls/i686/cmov/libc.so.6 #2 0xb497f952 in base::files::(anonymous namespace)::InotifyReaderCallback(base::files::(anonymous namespace)::InotifyReader*, int, int) () #3 0xb497cc19 in base::internal::Invoker<3, base::internal::BindState<base::internal::RunnableAdapter<void (*)(base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int), void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>, void ()(base::files::(anonymous namespace)::InotifyReader*, int, int)>::Run(base::internal::BindStateBase*) () #4 0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) () #5 0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) () #6 0xb498cc31 in MessageLoop::DoWork() () #7 0xb498e06b in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) () #8 0xb498846e in MessageLoop::RunInternal() () #9 0xb49a4ae9 in base::RunLoop::Run() () #10 0xb498775e in MessageLoop::Run() () #11 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #12 0xb49bfa91 in base::Thread::ThreadMain() () #13 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #14 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #15 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 2 (Thread 0xb2735b70 (LWP 10475)): #0 0xb3d80430 in __kernel_vsyscall () #1 0xb2f40d37 in syscall () from /lib/tls/i686/cmov/libc.so.6 #2 0xb49e6410 in epoll_wait () #3 0xb49e5e75 in epoll_dispatch () #4 0xb49e42a7 in event_base_loop () #5 0xb495eda7 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () #6 0xb498846e in MessageLoop::RunInternal() () #7 0xb49a4ae9 in base::RunLoop::Run() () #8 0xb498775e in MessageLoop::Run() () #9 0xb49bfbb9 in base::Thread::Run(MessageLoop*) () #10 0xb49bfa91 in base::Thread::ThreadMain() () #11 0xb49bb148 in base::(anonymous namespace)::ThreadFunc(void*) () #12 0xb336096e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0 #13 0xb2f44a4e in clone () from /lib/tls/i686/cmov/libc.so.6 Thread 1 (Thread 0xb2977990 (LWP 10468)): #0 0xb40ea92b in (anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int) () #1 0xb40caf9b in base::internal::Invoker<4, base::internal::BindState<base::internal::RunnableAdapter<void (ChromeURLDataManager::DataSource::*)(std::string const&, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int), void ()(ChromeURLDataManager::DataSource*, std::string, bool, int)>, void ()(ChromeURLDataManager::DataSource*, std::string const&, bool, int)>::Run(base::internal::BindStateBase*) () #2 0xb498c220 in MessageLoop::RunTask(base::PendingTask const&) () #3 0xb498c8c2 in MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) () #4 0xb498cc31 in MessageLoop::DoWork() () #5 0xb49d58be in base::MessagePumpGlib::RunWithDispatcher(base::MessagePump::Delegate*, base::MessagePumpDispatcher*) () #6 0xb49d543c in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) () #7 0xb498846e in MessageLoop::RunInternal() () #8 0xb49a4ae9 in base::RunLoop::Run() () #9 0xb46513f5 in ChromeBrowserMainParts::MainMessageLoopRun(int*) () #10 0xb65262ec in content::BrowserMainLoop::RunMainMessageLoopParts() () #11 0xb6527280 in (anonymous namespace)::BrowserMainRunnerImpl::Run() () #12 0xb65247f3 in BrowserMain(content::MainFunctionParams const&) () #13 0xb48fb758 in content::RunNamedProcessTypeMain(std::string const&, content::MainFunctionParams const&, content::ContentMainDelegate*) () #14 0xb48fb8b0 in content::ContentMainRunnerImpl::Run() () #15 0xb48fa797 in content::ContentMain(int, char const**, content::ContentMainDelegate*) () #16 0xb3fbe60b in ChromeMain () #17 0xb3fbe5c2 in main () eax 0x4 4 ecx 0xb81187c0 -1206810688 edx 0x0 0 ebx 0xb8158ff4 -1206546444 esp 0xbfffdfa0 0xbfffdfa0 ebp 0xbfffe588 0xbfffe588 esi 0xbfffe4b0 -1073748816 edi 0xb8829880 -1199400832 eip 0xb40ea92b 0xb40ea92b <(anonymous namespace)::InspectDataSource::StartDataRequest(std::string const&, bool, int)+1899> eflags 0x210286 [ PF SF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 => 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>: mov (%edx),%eax 0xb40ea92d <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1901>: mov %edx,(%esp) 0xb40ea930 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1904>: call *0x28(%eax) 0xb40ea933 <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1907>: mov %eax,-0x580(%ebp) edx 0x0 0 eax 0x4 4 1: x/i $pc => 0xb40ea92b <_ZN12_GLOBAL__N_117InspectDataSource16StartDataRequestERKSsbi+1899>: mov (%edx),%eax