Ubuntu
glibc package

Bug #1861389
Comment #3

Comment 3 for bug 1861389

Revision history for this message

Zdzisław Krajewski (d21d3q) wrote on 2020-05-12:

Similar thing. Debian 9. Haven't tried to reproduce it, bu I managed to attach to running process and grab some info:

# uname -a
Linux debian 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1 (2020-01-20) x86_64 GNU/Linux

nmap -n -Pn -oG /tmp/nmap-<ip>-1432834534 -sS --defeat-rst-ratelimit -sU -p T:<long list of ports> --scan-delay 10 <ip>

# strace -p1212 -s9999
strace: Process 1212 attached
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=170055}) = 0 (Timeout)
ioctl(-1, TIOCGPGRP, 0x7ffe4a632bdc) = -1 EBADF (Bad file descriptor)
getpgrp() = 872
sendto(4, "E\0\0,/&\0\0005\6X\321\300\250\n\332P\370\341Z\3206\10:y\221\273\257\0\0\0\0`\2\4\0\210\237\0\0\2\4\5\264", 44, 0, {sa_family=AF_INET, sin_port=htons(2106), sin_addr=inet_addr("<ip>")}, 16) = 44
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=999728}) = 1 (in [5], left {tv_sec=9, tv_usec=964264})
ioctl(-1, TIOCGPGRP, 0x7ffe4a632bdc) = -1 EBADF (Bad file descriptor)
getpgrp() = 872
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=963845}^Cstrace: Process 1212 detached
<detached ...>

and this repeats

(gdb) attach 1212
(gdb) bt
#0 0x00002ad3702905e3 in __select_nocancel () at ../sysdeps/unix/syscall-template.S:84
#1 0x0000563913f0c0b9 in pcap_select(pcap*, timeval*) ()
#2 0x0000563913f0c47d in pcap_select(pcap*, long) ()
#3 0x0000563913edfb74 in readip_pcap(pcap*, unsigned int*, long, timeval*, link_header*, bool) ()
#4 0x0000563913ecbbd1 in get_pcap_result(UltraScanInfo*, timeval*) ()
#5 0x0000563913ec43b1 in ultra_scan(std::vector<Target*, std::allocator<Target*> >&, scan_lists*, stype, timeout_info*) ()
#6 0x0000563913e969b1 in nmap_main(int, char**) ()
#7 0x0000563913e68c41 in main ()

# lsof -p 1212
(...)
nmap 1212 root mem REG 0,8 28012 socket:[28012] (stat: No such file or directory)
(...)

# ls -lh /proc/1212/fd
total 0
lr-x------ 1 root root 64 May 12 10:14 0 -> /dev/null
lrwx------ 1 root root 64 May 12 10:14 1 -> socket:[28003]
lrwx------ 1 root root 64 May 12 10:14 2 -> socket:[28003]
l-wx------ 1 root root 64 May 12 10:14 3 -> /tmp/nmap-<ip>-1432834534
lrwx------ 1 root root 64 May 12 10:14 4 -> socket:[28010]
lrwx------ 1 root root 64 May 12 10:14 5 -> socket:[28012]

Similar thing. Debian 9. Haven't tried to reproduce it, bu I managed to attach to running process and grab some info:

# uname -a
Linux debian 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1 (2020-01-20) x86_64 GNU/Linux

nmap -n -Pn -oG /tmp/nmap-<ip>-1432834534 -sS --defeat-rst-ratelimit -sU -p T:<long list of ports> --scan-delay 10 <ip>

# strace -p1212 -s9999
strace: Process 1212 attached
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=170055}) = 0 (Timeout)
ioctl(-1, TIOCGPGRP, 0x7ffe4a632bdc)    = -1 EBADF (Bad file descriptor)
getpgrp()                               = 872
sendto(4, "E\0\0,/&\0\0005\6X\321\300\250\n\332P\370\341Z\3206\10:y\221\273\257\0\0\0\0`\2\4\0\210\237\0\0\2\4\5\264", 44, 0, {sa_family=AF_INET, sin_port=htons(2106), sin_addr=inet_addr("<ip>")}, 16) = 44
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=999728}) = 1 (in [5], left {tv_sec=9, tv_usec=964264})
ioctl(-1, TIOCGPGRP, 0x7ffe4a632bdc)    = -1 EBADF (Bad file descriptor)
getpgrp()                               = 872
select(6, [5], NULL, NULL, {tv_sec=9, tv_usec=963845}^Cstrace: Process 1212 detached
 <detached ...>

and this repeats

(gdb) attach 1212
(gdb) bt
#0  0x00002ad3702905e3 in __select_nocancel () at ../sysdeps/unix/syscall-template.S:84
#1  0x0000563913f0c0b9 in pcap_select(pcap*, timeval*) ()
#2  0x0000563913f0c47d in pcap_select(pcap*, long) ()
#3  0x0000563913edfb74 in readip_pcap(pcap*, unsigned int*, long, timeval*, link_header*, bool) ()
#4  0x0000563913ecbbd1 in get_pcap_result(UltraScanInfo*, timeval*) ()
#5  0x0000563913ec43b1 in ultra_scan(std::vector<Target*, std::allocator<Target*> >&, scan_lists*, stype, timeout_info*) ()
#6  0x0000563913e969b1 in nmap_main(int, char**) ()
#7  0x0000563913e68c41 in main ()

# lsof -p 1212
(...)
nmap    1212 root  mem    REG                0,8            28012 socket:[28012] (stat: No such file or directory)
(...)

Ubuntuglibc package

Comment 3 for bug 1861389

Ubuntu
glibc package