[Bug 1861389] Re: nmap hang due to BADF ioctl inside select call is returning good rc

Tue, 12 May 2020 05:17:01 -0700 

Similar thing. Debian 9. Haven't tried to reproduce it, bu I managed to
attach to running process and grab some info:

# uname -a
Linux debian 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1 (2020-01-20) x86_64 
GNU/Linux

nmap -n -Pn -oG /tmp/nmap-<ip>-1432834534 -sS --defeat-rst-ratelimit -sU
-p T:<long list of ports> --scan-delay 10 <ip>

# strace -p1212 -s9999
strace: Process 1212 attached
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=170055}) = 0 (Timeout)
ioctl(-1, TIOCGPGRP, 0x7ffe4a632bdc)    = -1 EBADF (Bad file descriptor)
getpgrp()                               = 872
sendto(4, 
"E\0\0,/&\0\0005\6X\321\300\250\n\332P\370\341Z\3206\10:y\221\273\257\0\0\0\0`\2\4\0\210\237\0\0\2\4\5\264",
 44, 0, {sa_family=AF_INET, sin_port=htons(2106), sin_addr=inet_addr("<ip>")}, 
16) = 44
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=999728}) = 1 (in [5], left 
{tv_sec=9, tv_usec=964264})
ioctl(-1, TIOCGPGRP, 0x7ffe4a632bdc)    = -1 EBADF (Bad file descriptor)
getpgrp()                               = 872
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=963845}^Cstrace: Process 1212 
detached
 <detached ...>

and this repeats


(gdb) attach 1212
(gdb) bt
#0  0x00002ad3702905e3 in __select_nocancel () at 
../sysdeps/unix/syscall-template.S:84
#1  0x0000563913f0c0b9 in pcap_select(pcap*, timeval*) ()
#2  0x0000563913f0c47d in pcap_select(pcap*, long) ()
#3  0x0000563913edfb74 in readip_pcap(pcap*, unsigned int*, long, timeval*, 
link_header*, bool) ()
#4  0x0000563913ecbbd1 in get_pcap_result(UltraScanInfo*, timeval*) ()
#5  0x0000563913ec43b1 in ultra_scan(std::vector<Target*, 
std::allocator<Target*> >&, scan_lists*, stype, timeout_info*) ()
#6  0x0000563913e969b1 in nmap_main(int, char**) ()
#7  0x0000563913e68c41 in main ()

# lsof -p 1212
(...)
nmap    1212 root  mem    REG                0,8            28012 
socket:[28012] (stat: No such file or directory)
(...)

# ls -lh /proc/1212/fd
total 0
lr-x------ 1 root root 64 May 12 10:14 0 -> /dev/null
lrwx------ 1 root root 64 May 12 10:14 1 -> socket:[28003]
lrwx------ 1 root root 64 May 12 10:14 2 -> socket:[28003]
l-wx------ 1 root root 64 May 12 10:14 3 -> /tmp/nmap-<ip>-1432834534
lrwx------ 1 root root 64 May 12 10:14 4 -> socket:[28010]
lrwx------ 1 root root 64 May 12 10:14 5 -> socket:[28012]

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861389

Title:
  nmap hang due to BADF ioctl inside select call is returning good rc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1861389/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to