问题
当我使用带有服务检测标志 ( -sV
) 的 nmap 时,扫描结束时会出现分段错误。无论哪个 IP 地址或域,只要可以扫描即可。我正在使用带有 nmap 版本的 Ubuntu 22.04 7.91+dfsg1+really7.80+dfsg1-2build1
,但运行结果nmap --version
为:
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.0 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
示例输出:
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-30 17:05 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00027s latency).
rDNS record for 127.0.0.1: rez-latitude
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.4.54 ((Ubuntu))
443/tcp open ssl/https Apache/2.4.54 (Ubuntu)
631/tcp open ipp CUPS 2.4
783/tcp open spamassassin SpamAssassin spamd
Service Info: Host: rez-latitude.lan
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.60 seconds
Segmentation fault (core dumped)
那么有什么方法可以修复分段错误吗?
研究
gdb
当通过运行(Gnu Debugger)进行调试时gdb nmap
,我安装了一些调试符号包find-dbgsym-packages
正如@Bram建议的那样,我使用了debian-goodies
包来找到必要的包以获取崩溃的完整跟踪,这里是输出:
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from nmap...
Reading symbols from /usr/lib/debug/.build-id/ab/eaeb9c57cd40a2fca33be55267d325a72233b7.debug...
(gdb) run -sV localhost
Starting program: /usr/bin/nmap -sV localhost
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff4881640 (LWP 1231874)]
[New Thread 0x7ffff4080640 (LWP 1231875)]
[New Thread 0x7fffeb87f640 (LWP 1231876)]
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-06 09:59 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00024s latency).
rDNS record for 127.0.0.1: rez-latitude
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.4.54 ((Ubuntu))
443/tcp open ssl/https Apache/2.4.54 (Ubuntu)
631/tcp open ipp CUPS 2.4
783/tcp open spamassassin SpamAssassin spamd
Service Info: Host: rez-latitude.lan; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.72 seconds
Thread 1 "nmap" received signal SIGSEGV, Segmentation fault.
___pthread_rwlock_rdlock (rwlock=0x0) at ./nptl/pthread_rwlock_rdlock.c:26
26 ./nptl/pthread_rwlock_rdlock.c: No such file or directory.
(gdb) where
#0 ___pthread_rwlock_rdlock (rwlock=0x0) at ./nptl/pthread_rwlock_rdlock.c:26
#1 0x00007ffff7ba740d in CRYPTO_THREAD_read_lock (lock=<optimized out>)
at ../crypto/threads_pthread.c:85
#2 0x00007ffff7b9a726 in ossl_lib_ctx_get_data (
ctx=0x7ffff7e234e0 <default_context_int.lto_priv>, index=1,
meth=0x7ffff7dda7e0 <provider_store_method.lto_priv>) at ../crypto/context.c:362
#3 0x00007ffff7bae8ca in get_provider_store (libctx=<optimized out>)
at ../crypto/provider_core.c:334
#4 ossl_provider_deregister_child_cb (handle=0x555555dc7520)
at ../crypto/provider_core.c:1755
#5 0x00007ffff7b9ac6f in ossl_provider_deinit_child (ctx=0x555555dce0b0)
at ../crypto/provider_child.c:279
#6 OSSL_LIB_CTX_free (ctx=0x555555dce0b0) at ../crypto/context.c:247
#7 OSSL_LIB_CTX_free (ctx=0x555555dce0b0) at ../crypto/context.c:240
#8 0x00007fffdada98f6 in legacy_teardown (provctx=0x555555dc77e0)
at ../providers/legacyprov.c:168
#9 0x00007ffff7baed3b in ossl_provider_teardown (prov=0x555555dc7520)
at ../crypto/provider_core.c:1480
#10 ossl_provider_free (prov=0x555555dc7520) at ../crypto/provider_core.c:686
#11 0x00007ffff7b79736 in ossl_provider_free (prov=<optimized out>)
at ../crypto/provider_core.c:671
#12 evp_cipher_free_int (cipher=0x555555e4b420) at ../crypto/evp/evp_enc.c:1635
#13 EVP_CIPHER_free (cipher=0x555555e4b420) at ../crypto/evp/evp_enc.c:1650
#14 0x00007ffff7e609cd in ssl_evp_cipher_free (cipher=0x555555e4b420)
at ../ssl/ssl_lib.c:5951
#15 ssl_evp_cipher_free (cipher=0x555555e4b420) at ../ssl/ssl_lib.c:5941
#16 SSL_CTX_free (a=0x555555dccd70) at ../ssl/ssl_lib.c:3477
--Type <RET> for more, q to quit, c to continue without paging--RET
#17 SSL_CTX_free (a=0x555555dccd70) at ../ssl/ssl_lib.c:3414
#18 0x0000555555624d33 in nsock_pool_delete (ms_pool=0x555555da4c60)
at nsock/src/nsock_pool.c:290
#19 0x000055555560b2bf in gc_pool (L=<optimized out>)
at /build/nmap-gXJEwe/nmap-7.91+dfsg1+really7.80+dfsg1/nse_nsock.cc:77
#20 0x00007ffff797aad6 in luaD_precall (L=L@entry=0x555555da1708, func=0x5555568f7ae0,
nresults=nresults@entry=0) at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/ldo.c:434
#21 0x00007ffff797b2d9 in luaD_call (nResults=0, func=<optimized out>, L=0x555555da1708)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/ldo.c:498
#22 luaD_callnoyield (nResults=0, func=<optimized out>, L=0x555555da1708)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/ldo.c:509
#23 dothecall (L=L@entry=0x555555da1708, ud=ud@entry=0x0)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/lgc.c:803
#24 0x00007ffff7973747 in luaD_rawrunprotected (L=L@entry=0x555555da1708,
f=f@entry=0x7ffff797b2a0 <dothecall>, ud=ud@entry=0x0)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/ldo.c:142
#25 0x00007ffff7975fdb in luaD_pcall (L=L@entry=0x555555da1708,
func=func@entry=0x7ffff797b2a0 <dothecall>, u=u@entry=0x0, old_top=16, ef=ef@entry=0)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/ldo.c:729
#26 0x00007ffff7974861 in GCTM (L=0x555555da1708, propagateerrors=0)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/lgc.c:823
#27 0x00007ffff797ceba in callallpendingfinalizers (L=<optimized out>)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/lgc.c:862
#28 luaC_freeallobjects (L=0x555555da1708)
at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/lgc.c:971
#29 close_state (L=0x555555da1708) at /build/lua5.3-5AFsFS/lua5.3-5.3.6/src/lstate.c:245
#30 0x00005555555b6919 in close_nse ()
--Type <RET> for more, q to quit, c to continue without paging--RET
at /build/nmap-gXJEwe/nmap-7.91+dfsg1+really7.80+dfsg1/nse_main.cc:836
#31 NmapOps::~NmapOps (this=<optimized out>, this=<optimized out>)
at /build/nmap-gXJEwe/nmap-7.91+dfsg1+really7.80+dfsg1/NmapOps.cc:199
#32 0x00007ffff7455495 in __run_exit_handlers (status=0,
listp=0x7ffff7629838 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at ./stdlib/exit.c:113
#33 0x00007ffff7455610 in __GI_exit (status=<optimized out>) at ./stdlib/exit.c:143
#34 0x00007ffff7439d97 in __libc_start_call_main (
main=main@entry=0x55555558b9c0 <main(int, char**)>, argc=argc@entry=3,
argv=argv@entry=0x7fffffffdf58) at ../sysdeps/nptl/libc_start_call_main.h:74
#35 0x00007ffff7439e40 in __libc_start_main_impl (
main=0x55555558b9c0 <main(int, char**)>, argc=3, argv=0x7fffffffdf58,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffffdf48) at ../csu/libc-start.c:392
#36 0x000055555558c1b5 in _start ()
(gdb) list
21 in ./nptl/pthread_rwlock_rdlock.c
(gdb) quit
A debugging session is active.
Inferior 1 [process 1231857] will be killed.
Quit anyway? (y or n) y
当使用valgrind
标志--track-origins=yes
来调试崩溃时我得到了:
==1377174== Memcheck, a memory error detector
==1377174== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1377174== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==1377174== Command: /usr/bin/nmap -sV localhost
==1377174==
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-06 21:17 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00051s latency).
rDNS record for 127.0.0.1: rez-latitude
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 4+deb7u2 (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.4.54 ((Ubuntu))
443/tcp open ssl/https Apache/2.4.54 (Ubuntu)
631/tcp open ipp CUPS 2.4
783/tcp open spamassassin SpamAssassin spamd
Service Info: Host: rez-latitude.lan; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 45.65 seconds
==1377174== Invalid read of size 4
==1377174== at 0x527B6CC: __pthread_rwlock_rdlock_full64 (pthread_rwlock_common.c:298)
==1377174== by 0x527B6CC: pthread_rwlock_rdlock@@GLIBC_2.34 (pthread_rwlock_rdlock.c:26)
==1377174== by 0x4BB240C: CRYPTO_THREAD_read_lock (threads_pthread.c:85)
==1377174== by 0x4BA5725: ossl_lib_ctx_get_data (context.c:362)
==1377174== by 0x4BB98C9: UnknownInlinedFun (provider_core.c:334)
==1377174== by 0x4BB98C9: ossl_provider_deregister_child_cb (provider_core.c:1755)
==1377174== by 0x4BA5C6E: UnknownInlinedFun (provider_child.c:279)
==1377174== by 0x4BA5C6E: UnknownInlinedFun (context.c:247)
==1377174== by 0x4BA5C6E: OSSL_LIB_CTX_free (context.c:240)
==1377174== by 0x48638F5: legacy_teardown (legacyprov.c:168)
==1377174== by 0x4BB9D3A: UnknownInlinedFun (provider_core.c:1480)
==1377174== by 0x4BB9D3A: ossl_provider_free.part.0 (provider_core.c:686)
==1377174== by 0x4B84735: UnknownInlinedFun (provider_core.c:671)
==1377174== by 0x4B84735: UnknownInlinedFun (evp_enc.c:1635)
==1377174== by 0x4B84735: EVP_CIPHER_free (evp_enc.c:1650)
==1377174== by 0x49859CC: UnknownInlinedFun (ssl_lib.c:5951)
==1377174== by 0x49859CC: UnknownInlinedFun (ssl_lib.c:5941)
==1377174== by 0x49859CC: UnknownInlinedFun (ssl_lib.c:3477)
==1377174== by 0x49859CC: SSL_CTX_free (ssl_lib.c:3414)
==1377174== by 0x1D8D32: nsock_pool_delete (nsock_pool.c:290)
==1377174== by 0x1BF2BE: gc_pool(lua_State*) (nse_nsock.cc:77)
==1377174== by 0x4E82AD5: luaD_precall (ldo.c:434)
==1377174== Address 0x18 is not stack'd, malloc'd or (recently) free'd
==1377174==
==1377174==
==1377174== Process terminating with default action of signal 11 (SIGSEGV)
==1377174== Access not within mapped region at address 0x18
==1377174== at 0x527B6CC: __pthread_rwlock_rdlock_full64 (pthread_rwlock_common.c:298)
==1377174== by 0x527B6CC: pthread_rwlock_rdlock@@GLIBC_2.34 (pthread_rwlock_rdlock.c:26)
==1377174== by 0x4BB240C: CRYPTO_THREAD_read_lock (threads_pthread.c:85)
==1377174== by 0x4BA5725: ossl_lib_ctx_get_data (context.c:362)
==1377174== by 0x4BB98C9: UnknownInlinedFun (provider_core.c:334)
==1377174== by 0x4BB98C9: ossl_provider_deregister_child_cb (provider_core.c:1755)
==1377174== by 0x4BA5C6E: UnknownInlinedFun (provider_child.c:279)
==1377174== by 0x4BA5C6E: UnknownInlinedFun (context.c:247)
==1377174== by 0x4BA5C6E: OSSL_LIB_CTX_free (context.c:240)
==1377174== by 0x48638F5: legacy_teardown (legacyprov.c:168)
==1377174== by 0x4BB9D3A: UnknownInlinedFun (provider_core.c:1480)
==1377174== by 0x4BB9D3A: ossl_provider_free.part.0 (provider_core.c:686)
==1377174== by 0x4B84735: UnknownInlinedFun (provider_core.c:671)
==1377174== by 0x4B84735: UnknownInlinedFun (evp_enc.c:1635)
==1377174== by 0x4B84735: EVP_CIPHER_free (evp_enc.c:1650)
==1377174== by 0x49859CC: UnknownInlinedFun (ssl_lib.c:5951)
==1377174== by 0x49859CC: UnknownInlinedFun (ssl_lib.c:5941)
==1377174== by 0x49859CC: UnknownInlinedFun (ssl_lib.c:3477)
==1377174== by 0x49859CC: SSL_CTX_free (ssl_lib.c:3414)
==1377174== by 0x1D8D32: nsock_pool_delete (nsock_pool.c:290)
==1377174== by 0x1BF2BE: gc_pool(lua_State*) (nse_nsock.cc:77)
==1377174== by 0x4E82AD5: luaD_precall (ldo.c:434)
==1377174== If you believe this happened as a result of a stack
==1377174== overflow in your program's main thread (unlikely but
==1377174== possible), you can try to increase the size of the
==1377174== main thread stack using the --main-stacksize= flag.
==1377174== The main thread stack size used in this run was 8388608.
==1377174==
==1377174== HEAP SUMMARY:
==1377174== in use at exit: 20,463,686 bytes in 197,745 blocks
==1377174== total heap usage: 807,909 allocs, 610,164 frees, 221,766,054 bytes allocated
==1377174==
==1377174== LEAK SUMMARY:
==1377174== definitely lost: 0 bytes in 0 blocks
==1377174== indirectly lost: 0 bytes in 0 blocks
==1377174== possibly lost: 139,052 bytes in 10 blocks
==1377174== still reachable: 20,324,634 bytes in 197,735 blocks
==1377174== suppressed: 0 bytes in 0 blocks
==1377174== Rerun with --leak-check=full to see details of leaked memory
==1377174==
==1377174== For lists of detected and suppressed errors, rerun with: -s
==1377174== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
在网上搜索后我发现它./nptl/pthread_rwlock_rdlock.c
似乎来自 glibc(来源),但我找不到与我的问题相关的帖子。nptl
似乎是原生 POSIX 线程库
pthread_rwlock_rdlock.c
通过使用apt-file find
(https://wiki.debian.org/apt-file)我只发现:
emscripten: /usr/share/emscripten/system/lib/libc/musl/src/thread/pthread_rwlock_rdlock.c
apt-cache
show libc6 显示:
Package: libc6
Architecture: amd64
Version: 2.35-0ubuntu3.1
Multi-Arch: same
Priority: required
Section: libs
Source: glibc
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: GNU Libc Maintainers <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 13592
Depends: libgcc-s1, libcrypt1 (>= 1:4.4.10-10ubuntu4)
Recommends: libidn2-0 (>= 2.0.5~), libnss-nis, libnss-nisplus
Suggests: glibc-doc, debconf | debconf-2.0, locales
Breaks: busybox (<< 1.30.1-6), fakeroot (<< 1.25.3-1.1ubuntu2~), hurd (<< 1:0.9.git20170910-1), ioquake3 (<< 1.36+u20200211.f2c61c1~dfsg-2~), iraf-fitsutil (<< 2018.07.06-4), libgegl-0.4-0 (<< 0.4.18), libtirpc1 (<< 0.2.3), locales (<< 2.35), locales-all (<< 2.35), macs (<< 2.2.7.1-3~), nocache (<< 1.1-1~), nscd (<< 2.35), openarena (<< 0.8.8+dfsg-4~), openssh-server (<< 1:8.2p1-4), r-cran-later (<< 0.7.5+dfsg-2), wcc (<< 0.0.2+dfsg-3)
Replaces: libc6-amd64
Filename: pool/main/g/glibc/libc6_2.35-0ubuntu3.1_amd64.deb
Size: 3235278
MD5sum: fd3eab380955d1e259e9994d2b403f64
SHA1: 44792f0e04d468c6440ac00cb98a7c1ad740bdbf
SHA256: f84e4f7896002f01c8e36fc3aed6f9c450974164078a87d051c2582da8634bcb
SHA512: 7225eb92b276153d0fff9184776a8ac75d9358401b0b92afd9af8321f51972cf79677df19ca693210f4cea396ce570ee6a121e215c10ac6d727ad2c1daa8783b
Homepage: https://www.gnu.org/software/libc/libc.html
Description-en: GNU C Library: Shared libraries
Contains the standard libraries that are used by nearly all programs on
the system. This package includes shared versions of the standard C library
and the standard math library, as well as many others.
Description-md5: fc3001b0b90a1c8e6690b283a619d57f
Task: minimal, server-minimal
Original-Vcs-Browser: https://salsa.debian.org/glibc-team/glibc
Original-Vcs-Git: https://salsa.debian.org/glibc-team/glibc.git
Package: libc6
Architecture: amd64
Version: 2.35-0ubuntu3
Multi-Arch: same
Priority: required
Section: libs
Source: glibc
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: GNU Libc Maintainers <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 13592
Depends: libgcc-s1, libcrypt1 (>= 1:4.4.10-10ubuntu4)
Recommends: libidn2-0 (>= 2.0.5~), libnss-nis, libnss-nisplus
Suggests: glibc-doc, debconf | debconf-2.0, locales
Breaks: busybox (<< 1.30.1-6), fakeroot (<< 1.25.3-1.1ubuntu2~), hurd (<< 1:0.9.git20170910-1), ioquake3 (<< 1.36+u20200211.f2c61c1~dfsg-2~), iraf-fitsutil (<< 2018.07.06-4), libgegl-0.4-0 (<< 0.4.18), libtirpc1 (<< 0.2.3), locales (<< 2.35), locales-all (<< 2.35), macs (<< 2.2.7.1-3~), nocache (<< 1.1-1~), nscd (<< 2.35), openarena (<< 0.8.8+dfsg-4~), openssh-server (<< 1:8.2p1-4), r-cran-later (<< 0.7.5+dfsg-2), wcc (<< 0.0.2+dfsg-3)
Replaces: libc6-amd64
Filename: pool/main/g/glibc/libc6_2.35-0ubuntu3_amd64.deb
Size: 3235142
MD5sum: a5195b20efd4841287f8c6c955af72ca
SHA1: acb061472bf9d12b2ebb1237ace2bc28843e33c9
SHA256: ea9a27e0ebdd0cfc9c750d94f8074f3a35d1f97dcc77ae04c370fb498a6b6db2
SHA512: 7f129f7f0bf22e542e47e125b1b1b852c9078e2e5f151210e307ac53b96b2c7708178ee6bdce3494bc39de2269949773e71cd7dd61f67bb3dc3c0d372e56ffae
Homepage: https://www.gnu.org/software/libc/libc.html
Description-en: GNU C Library: Shared libraries
Contains the standard libraries that are used by nearly all programs on
the system. This package includes shared versions of the standard C library
and the standard math library, as well as many others.
Description-md5: fc3001b0b90a1c8e6690b283a619d57f
Task: minimal, server-minimal
Original-Vcs-Browser: https://salsa.debian.org/glibc-team/glibc
Original-Vcs-Git: https://salsa.debian.org/glibc-team/glibc.git
答案1
完整性检查
作为健全性检查,请执行此操作,which nmap
如果确实如此/usr/bin/nmap
,则也请先尝试重新安装,以防文件损坏(由于磁盘空间不足或其他原因)。
$ sudo dpkg --purge nmap
$ sudo apt install nmap
看看它是否还会崩溃。
调试
要调试 Ubuntu 中的崩溃,您需要调试符号。
默认情况下,Ubuntu 操作系统不包含调试符号。
您必须按如下方式启用它们:
$ echo "deb http://ddebs.ubuntu.com $(lsb_release -cs) main restricted universe multiverse
deb http://ddebs.ubuntu.com $(lsb_release -cs)-updates main restricted universe multiverse
deb http://ddebs.ubuntu.com $(lsb_release -cs)-proposed main restricted universe multiverse" | \
sudo tee -a /etc/apt/sources.list.d/ddebs.list
获取签名密钥:
$ sudo apt install ubuntu-dbgsym-keyring
获取 nmap 的 dbgsym 包
$ sudo apt update
$ sudo apt install nmap-dbgsym
当您在 gdb 中捕获崩溃时,输入where
它会列出行号。
笔记:
有时您需要添加更多 dbgsym 包以获取依赖项,以便进一步了解调用堆栈。例如,如果 nmap 依赖于 libssl3 并在 ssl 代码中崩溃,那么sudo apt install libssl3-dbgsym
也请这样做。重复此操作,直到调用堆栈中的所有函数都有行号。这为您提供了崩溃发生位置的完整跟踪,并应该有助于您找到错误。
运行时边界检查
在这种情况下有用的另一个调试工具是 valgrind。
它将让您跟踪代码是否以及何时尝试使用释放的内存,或访问超出范围的内存。
$ sudo apt install valgrind
$ valgrind --track-origins=yes /usr/bin/nmap -sV
据我所知,我认为您很可能在 nmap 中发现了一个错误。如果有必要,尝试使用较新版本的 nmap 甚至从源代码构建它可能是有意义的。