Nmap Development mailing list archives
Re: How to debug a segmentation fault
From: "Douglas F. Calvert" <dfc () anize org>
Date: Thu, 09 Nov 2006 13:58:46 -0500
Brett Hutley wrote:
On Thu, Nov 09, 2006 at 06:06:11AM -0500, Douglas F. Calvert wrote:Hello, I am testing out nmap4.20a11 with linux 2.6.19-rc5. I am getting a lot of segmentation faults when I scan with: nmap -sV -O -n -oA basename -PE --version_all --allports --randomize_hosts -n -v -v --max_retries 3 --log-errors -d5 1.1.14-16.1-254 > nmap.out 2>&1*snip*How would I go about figuring out why nmap is dying?Typically you would compile with nmap debug enabled (the "-g" option in gcc), then start gdb with the nmap binary. shell$ gdb nmap (gdb) set args -sV -O -n -oA basename -PE --version_all --allports (etc) (gdb) run When the program segfaults, type "up" to move up the stack frame until you can see the line of the source code that is causing the segfault (usually overwriting memory, or NULL pointer or some such). I like running gdb under Emacs, so I can see the source code easily, if you're not experienced with Emacs then that probably isn't a good idea. HTH, Brett
I played around with gdb but I am out of my league now. I can get nmap to crash with a command similar to: nmap -sV -O -n -PE -PS21,80,113,8080,22,25 -v -v -oA hidden-discover-i686 --max_retries 3 --log-errors --version_all --allports 10.220.14-16.1-254 on my i686 debian/unstable/2.6 and my macppc/ubuntu/edgy/2.6 machines. I have attached gdb bt to the bottom of the email. It always dies right around the time it realizes that the os_scan is not optimal. I can send a "gdb bt full" if it would help I just did not want to spam everyone with a lot of junk. I also tried the following command with a binary created with "make debug." It never seemed to do anything but eat up a lot of cpu. I am obviously not well versed in debugging but I am interested in learning. Please let me know if anything else would be useful. #################################################################### gdb of nmap crashing on i686(2.6.14-rc4) Command: nmap -sV -O -n -PE -PS21,80,113,8080,22,25 -v -v -oA hidden-discover-i686 --max_retries 3 --log-errors --version_all --allports 10.220.14-16.1-254 ldd nmap: linux-gate.so.1 => (0xffffe000) libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7ebb000) libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7e7c000) libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7d42000) libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7c5d000) libm.so.6 => /lib/tls/libm.so.6 (0xb7c38000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb7c2c000) libc.so.6 => /lib/tls/libc.so.6 (0xb7afa000) libdl.so.2 => /lib/tls/libdl.so.2 (0xb7af6000) libz.so.1 => /usr/lib/libz.so.1 (0xb7ae2000) /lib/ld-linux.so.2 (0xb7ef5000) #################################################################### Warning: OS detection for 10.220.14.6 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Warning: OS detection for 10.220.14.11 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Warning: OS detection for 10.220.14.16 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Initiating OS detection (try #1) against 5 hosts Retrying OS detection (try #2) against 5 hosts Retrying OS detection (try #3) against 10.220.14.3 Program received signal SIGSEGV, Segmentation fault. 0x0807a571 in std::list<OFProbe*, std::allocator<OFProbe*> >::begin (this=0xc3ca009f) at /usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:589 589 { return const_iterator(this->_M_impl._M_node._M_next); } (gdb) bt #0 0x0807a571 in std::list<OFProbe*, std::allocator<OFProbe*> >::begin (this=0xc3ca009f) at /usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:589 #1 0x0807a781 in std::list<OFProbe*, std::allocator<OFProbe*> >::size (this=0xc3ca009f) at /usr/lib/gcc/i486-linux-gnu/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:657 #2 0x0807a7ae in HostOsScanStats::numProbesToSend (this=0xc3c9ffff) at osscan2.cc:284 #3 0x080784a9 in doSeqTests (OSI=0x83e6e18, HOS=0x8bd2ec0) at osscan2.cc:3351 #4 0x08079e92 in os_scan_2 (Targets=@0xbff2298c) at osscan2.cc:3831 #5 0x0807a10e in os_scan2 (Targets=@0xbff2298c) at osscan2.cc:3881 #6 0x0805272a in nmap_main (argc=16, argv=0xbff25c84) at nmap.cc:1579 #7 0x0804b748 in main (argc=16, argv=0xbff25c84) at main.cc:250 (gdb) #####END of i686##### ####BEGIN PPC#### #################################################################### gdb of nmap crashing on macppc(2.6.17-10-powerpc): Command: nmap --version_all -sV -F --allports -PE -PS21,80,113,8080,22,25 -v -v --log-errors --randomize_hosts -oA hidden-discover -T4 -O -n 10 .220.14-16.1-254 ldd nmap: linux-vdso32.so.1 => (0x00100000) libpcre.so.3 => /usr/lib/libpcre.so.3 (0x0ffb5000) libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0x0ff68000) libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x0ff04000) libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x0fd7d000) libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x0fc63000) libm.so.6 => /lib/libm.so.6 (0x0fb9b000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x0fb68000) libc.so.6 => /lib/libc.so.6 (0x0f9fb000) libdl.so.2 => /lib/libdl.so.2 (0x0f9d7000) libz.so.1 => /usr/lib/libz.so.1 (0x0f9a1000) /lib/ld.so.1 (0x30000000) #################################################################### Warning: OS detection for 10.220.15.222 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port Initiating OS detection (try #1) against 30 hosts Insufficient responses for TCP sequencing (2), OS detection may be less accurate Retrying OS detection (try #2) against 30 hosts Insufficient responses for TCP sequencing (2), OS detection may be less accurate Retrying OS detection (try #3) against 12 hosts Program received signal SIGSEGV, Segmentation fault. 0x10043a64 in std::list<OFProbe*, std::allocator<OFProbe*> >::begin (this=0xa0) at /usr/lib/gcc/powerpc-linux-gnu/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:589 589 { return const_iterator(this->_M_impl._M_node._M_next); } (gdb) bt #0 0x10043a64 in std::list<OFProbe*, std::allocator<OFProbe*> >::begin (this=0xa0) at /usr/lib/gcc/powerpc-linux-gnu/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:589 #1 0x1004401c in std::list<OFProbe*, std::allocator<OFProbe*> >::size (this=0xa0) at /usr/lib/gcc/powerpc-linux-gnu/4.1.2/../../../../include/c++/4.1.2/bits/stl_list.h:657 #2 0x100440a0 in HostOsScanStats::numProbesToSend (this=0x0) at osscan2.cc:284 #3 0x10040efc in doSeqTests (OSI=0x10442498, HOS=0x10c84e40) at osscan2.cc:3351 #4 0x10042d30 in os_scan_2 (Targets=@0x7fb11850) at osscan2.cc:3831 #5 0x100430b4 in os_scan2 (Targets=@0x7fb11850) at osscan2.cc:3881 #6 0x1000cf3c in nmap_main (argc=17, argv=0x7fb16464) at nmap.cc:1579 #7 0x10003f08 in main (argc=17, argv=0x7fb16464) at main.cc:250 (gdb) _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- How to debug a segmentation fault Douglas F. Calvert (Nov 09)
- Re: How to debug a segmentation fault Brett Hutley (Nov 09)
- Re: How to debug a segmentation fault Douglas F. Calvert (Nov 09)
- Re: How to debug a segmentation fault Brett Hutley (Nov 09)