Nmap Development mailing list archives

Re: 4.0 Segfault

From: Leif Tishendorf <ltishend () uoregon edu>
Date: Fri, 03 Feb 2006 13:19:06 -0700

Ran it a couple times, first time gave me this:

Program received signal SIGSEGV, Segmentation fault.
0x0808112f in deal_with_timedout_reads () at nmap_dns.cc:686
686             tpserv->capacity = (int) (tpserv->capacity * CAPACITY_MINOR_DOWN_SCALE);;
(gdb) bt
#0  0x0808112f in deal_with_timedout_reads () at nmap_dns.cc:686
#1  0x08081ed8 in nmap_mass_rdns_core (targets=0x94c0598, num_targets=256) at nmap_dns.cc:1136
#2  0x0808232c in nmap_mass_rdns (targets=0x94c0598, num_targets=256) at nmap_dns.cc:1205
#3  0x080551bd in nexthost (hs=0x94c0138, exclude_group=0x0, ports=0x94bdc30, pingtype=0x80c59bc) at targets.cc:438
#4  0x0804eccd in nmap_main (argc=13, argv=0xbf9933b4) at nmap.cc:1114
#5  0x0804b6b8 in main (argc=13, argv=0xbf9933b4, envp=0xbf9933ec) at main.cc:245

Second gave this:

Program received signal SIGSEGV, Segmentation fault.
deal_with_timedout_reads () at /usr/lib/gcc/i386-redhat-linux/4.0.2/../../../../include/c++/4.0.2/bits/stl_list.h:148
148             _M_node = _M_node->_M_next;
(gdb) bt
#0  deal_with_timedout_reads () at 
/usr/lib/gcc/i386-redhat-linux/4.0.2/../../../../include/c++/4.0.2/bits/stl_list.h:148
#1  0x08081ed8 in nmap_mass_rdns_core (targets=0xa44e598, num_targets=256) at nmap_dns.cc:1136
#2  0x0808232c in nmap_mass_rdns (targets=0xa44e598, num_targets=256) at nmap_dns.cc:1205
#3  0x080551bd in nexthost (hs=0xa44e138, exclude_group=0x0, ports=0xa44bc30, pingtype=0x80c59bc) at targets.cc:438
#4  0x0804eccd in nmap_main (argc=13, argv=0xbfa05134) at nmap.cc:1114
#5  0x0804b6b8 in main (argc=13, argv=0xbfa05134, envp=0xbfa0516c) at main.cc:245

Ran the scan I gave previously trying to scan a /24 subnet.

Fyodor wrote:

On Fri, Feb 03, 2006 at 11:28:22AM -0700, Leif Tishendorf wrote:

With the latest 4.0 release I am getting a segfault when I am
scanning more then one host at a time.  Did a strace and got:

--- SIGSEGV (Segmentation fault) @ 0 (0) ---
write(2, "caught SIGSEGV signal, cleaning "..., 35caught SIGSEGV signal, cleaning up) = 35
close(1)                                = 0
munmap(0xb7f67000, 4096)                = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
write(3, "The SYN Stealth Scan took 625.25"..., 2577) = 2577
tgkill(2840, 2840, SIGABRT)             = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT +++

I'm running the following scan:

/usr/local/nmap-4.00/nmap -vvvv --host_timeout 1500000 -oN - -oX <xml out> -sS -p 1-18,20-9099,9101-65535 -O <host>



Could you try it with gdb instead?  Go to (or remake) the source
directory, 'make' Nmap, then do:

gdb ./nmap
r -vvvv --host_timeout 1500000 -oN - -oX <xml out> -sS -p 1-18,20-9099,9101-65535 -O <host>
[ wait for crash, then press 'bt<enter>' ]

Then would you send us a log of the output?  If it is very long,
sending just the 'bt' results may be enough.

Thanks,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


-- 
Leif Tishendorf

Network Security
voice #: (541) 346-1666
Computing Center Room 239


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

4.0 Segfault Leif Tishendorf (Feb 03)
- Re: 4.0 Segfault Fyodor (Feb 03)
  - Re: 4.0 Segfault Leif Tishendorf (Feb 03)