[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-dev
Subject: Re: Follow up to NSE issues and gh_list assert() failure (Was
From: Brandon Enright <bmenrigh () ucsd ! edu>
Date: 2009-02-26 6:03:08
Message-ID: 20090226060308.77f96464 () moray
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 25 Feb 2009 21:12:10 -0700 or thereabouts Patrick Donnelly
<batrick.donnelly@gmail.com> wrote:
> On Wed, Feb 25, 2009 at 6:28 PM, Brandon Enright <bmenrigh@ucsd.edu>
> wrote:
> > ==12614==
> > ==12614== Invalid read of size 8
> > ==12614== at 0x58427C3: lua_pushboolean
...snip...
>
> I'm fairly certain this is caused by nsock using the Lua thread after
> we have killed it (most likely due to timeout). Is there a way to stop
> nsock from doing work on behalf of the thread once we decide to
> destroy the thread?
>
> Cheers,
>
I can't refute your thread killed on timeout idea however it is likely
that there are other causes for a script to be collected and then used
besides timeouts. Most of the time the issue happens right in the
middle of a hostgroup before any of the hosts could be timing out.
It even occasionally happens on the first hostgroup so ideas like
memory being corrupted on a previous hostgroup's script timeouts hurting
a later hostgroup can't be the whole story.
Shortly before I had to stop working on this, I was able to catch NSE
hanging in a way that caused 100% CPU usage. David suggested attaching
GDB to the process. I printed the size of a lua_State and it was 184
bytes which matches nicely with this Valgrind free message:
> ==12614== Address 0xa5ab3c8 is 16 bytes inside a block of size 184 free'd
I hope to find the time tomorrow to run a scan with a large host
timeout like 2+ hours. If I can catch NSE hanging in the middle of a
hostgroup I should have plenty of time to attach GDB and poke around at
the internals. David has some breakpoints in mind that he'd like to
set and then continue.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkmmMKMACgkQqaGPzAsl94Lr8gCghE68Sj935g8R0y3PJBhNz0bX
I+wAn1qGTM+q1uM7XIcb1GGEXukwb2JD
=YX34
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic