Nmap Development mailing list archives

NSE using 100% CPU and effectively hanging until timeout

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 3 Feb 2009 01:57:32 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rather than chain a bunch of issues into one long thread, I'll start a
new one regarding NSE behaving oddly.

I was seeing a memory-leak or runaway memory usage issue that I have
not been able to reproduce.  Now I'm seeing a semi-reproducible NSE
issue where the Nmap process starts using 100% and NSE stops doing
useful work.

If I scan a handful of hosts (6) with --script=all NSE makes
progress and then suddenly the Nmap process starts using 100% CPU and
NSE hangs.  I decided to increase verbosity and debug info when I saw
it happen.  Nothing but host timeouts was printed even with the
debugging way up:

SCRIPT ENGINE Timing: About 89.80% done; ETC: 01:43 (0:00:30 remaining)
SCRIPT ENGINE Timing: About 89.80% done; ETC: 01:44 (0:00:34 remaining)
SCRIPT ENGINE Timing: About 89.80% done; ETC: 01:44 (0:00:37 remaining)
SCRIPT ENGINE Timing: About 89.80% done; ETC: 01:45 (0:00:40 remaining)
SCRIPT ENGINE Timing: About 89.80% done; ETC: 01:45 (0:00:44 remaining)
Debugging Increased to 2.
Debugging Increased to 3.
Debugging Increased to 4.
Debugging Increased to 5.
Debugging Increased to 6.
Debugging Increased to 7.
Debugging Increased to 8.
Debugging Increased to 9.
Debugging Increased to 10.
Stats: 0:21:26 elapsed; 0 hosts completed (6 up), 6 undergoing Script Scan
Active NSE scripts: 30
SCRIPT ENGINE Timing: About 89.80% done; ETC: 01:46 (0:00:46 remaining)
Verbosity Increased to 3.
Verbosity Increased to 4.
Verbosity Increased to 5.
Verbosity Increased to 6.
Verbosity Increased to 7.
Verbosity Increased to 8.
Verbosity Increased to 9.
Verbosity Increased to 10.
Verbosity Increased to 11.
Stats: 0:21:29 elapsed; 0 hosts completed (6 up), 6 undergoing Script Scan
Active NSE scripts: 30
SCRIPT ENGINE Timing: About 89.80% done; ETC: 01:46 (0:00:47 remaining)
SCRIPT ENGINE (1291.975s): Stopped ./scripts/banner.nse against a.b.1.47:10101 (thread 0x7953980) because of host 
timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/rpcinfo.nse against a.b.1.47:1003 (thread 0x7a0e130) because of host 
timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/banner.nse against a.b.1.47:1003 (thread 0x7a08f50) because of host 
timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/pop3-brute.nse against a.b.1.47:995 (thread 0x79ee0f0) because of host 
timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/banner.nse against a.b.1.47:993 (thread 0x79e1900) because of host timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/banner.nse against a.b.1.47:514 (thread 0x7994b60) because of host timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/sslv2.nse against a.b.1.47:443 (thread 0x7982840) because of host timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/banner.nse against a.b.1.47:110 (thread 0x78e6ac0) because of host timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/http-auth.nse against a.b.1.47:80 (thread 0x789ad70) because of host 
timeout.
SCRIPT ENGINE (1291.975s): Stopped ./scripts/robots.txt.nse against a.b.1.47:80 (thread 0x789e590) because of host 
timeout.
SCRIPT ENGINE Timing: About 93.20% done; ETC: 01:46 (0:00:32 remaining)
SCRIPT ENGINE Timing: About 93.20% done; ETC: 01:47 (0:00:34 remaining)
SCRIPT ENGINE (1362.817s): Stopped ./scripts/auth-owners.nse against a.b.1.90:2049 (thread 0x7871060) because of host 
timeout.
SCRIPT ENGINE (1362.817s): Stopped ./scripts/skypev2-version.nse against a.b.1.90:875 (thread 0x7964960) because of 
host timeout.
SCRIPT ENGINE (1362.817s): Stopped ./scripts/rpcinfo.nse against a.b.1.90:700 (thread 0x79476a0) because of host 
timeout.
SCRIPT ENGINE (1362.817s): Stopped ./scripts/auth-owners.nse against a.b.1.90:699 (thread 0x792fc80) because of host 
timeout.
SCRIPT ENGINE (1362.817s): Stopped ./scripts/auth-owners.nse against a.b.1.90:587 (thread 0x791c890) because of host 
timeout.
SCRIPT ENGINE (1362.817s): Stopped ./scripts/banner.nse against a.b.1.90:105 (thread 0x78690a0) because of host timeout.
SCRIPT ENGINE (1362.817s): Stopped ./scripts/http-trace.nse against a.b.1.90:80 (thread 0x777f620) because of host 
timeout.
SCRIPT ENGINE (1362.817s): Stopped ./scripts/banner.nse against a.b.1.90:80 (thread 0x76cbb20) because of host timeout.
SCRIPT ENGINE Timing: About 95.92% done; ETC: 01:47 (0:00:21 remaining)
...this goes on with hosts timing out...

Normally with a really high debugging NSOCK events get printed to the
screen.  Whatever Nmap/NSE was doing during this time, no interesting
debug info was printed.

Is there a way I can figure out what scripts are running or what the
script engine is doing during this time?  Would doing something like
attaching GDB to the running process when I see the issue happen work?
I've never tried to debug a running process on Linux.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmHpIwACgkQqaGPzAsl94LJ0QCffG8/LbOfyXk3B4/J4f8IyUwP
5DgAn2cG3P2B6xAEYtTlcrzqYh64aZSp
=BkGQ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:

NSE using 100% CPU and effectively hanging until timeout Brandon Enright (Feb 02)
- Re: NSE using 100% CPU and effectively hanging until timeout Vlatko Kosturjak (Feb 02)