Hello Tim, I tried to have a look at those two dmesg lines and it seems they point to the function print_arp_asset_screen, line 115 [1], where parameter rec is dereferenced unconditionally.
However, if it would be possible to install systemd-coredump then a backtrace of those crashes should be printed to the journal. This would give a way better information as the two dmesg lines alone, as it would also show the functions calling print_arp_asset_screen and therefore leading to the crash. The link [2] might give some more hints to collect more information for the maintainer. Kind regards, Bernhard [1] https://sources.debian.org/src/pads/1.2-13/src/output/output-screen.c/#L115 112 print_arp_asset_screen (ArpAsset *rec) 113 { 114 /* Print to Screen */ 115 if(rec->mac_resolved != NULL) { 116 fprintf(stdout, "[*] Asset Found: IP Address - %s / MAC Address - %s (%s)\n", [2] https://wiki.debian.org/HowToGetABacktrace
# 2022-09-27 Bookworm/testing qemu amd64 VM apt install systemd-coredump mc gdb pads pads-dbgsym apt build-dep pads mkdir /home/benutzer/source/pads/orig -p cd /home/benutzer/source/pads/orig apt source pads cd https://wiki.debian.org/InterpretingKernelOutputAtProcessCrash [87486.873713] pads[2092050]: segfault at 3a ip 00005569c2dadb64 sp 00007ffc6ce82ed0 error 4 in pads[5569c2da6000+9000] [87486.873733] Code: 23 00 00 be 01 00 00 00 0f b7 c9 e8 46 85 ff ff 58 31 c0 5a 5b 5d 41 5c c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 c7 04 48 85 c0 74 44 4c 8b 60 08 e8 b3 error 4 == 0b00000100 * bit 0 == 0: no page found * bit 1 == 0: read access * bit 2 == 1: user-mode access echo -n "find /b ..., ..., 0x" && \ echo "23 00 00 be 01 00 00 00 0f b7 c9 e8 46 85 ff ff 58 31 c0 5a 5b 5d 41 5c c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 c7 04 48 85 c0 74 44 4c 8b 60 08 e8 b3" \ | sed 's/[<>]//g' | sed 's/ /, 0x/g' benutzer@debian:~$ gdb -q (gdb) set width 0 (gdb) set pagination off (gdb) file /usr/bin/pads Reading symbols from /usr/bin/pads... Reading symbols from /usr/lib/debug/.build-id/56/25dea5149cbe3b93f99e31e95d4e8920ce5a73.debug... (gdb) b main Breakpoint 1 at 0x2470: file ./src/pads.c, line 486. (gdb) run Starting program: /usr/bin/pads [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Breakpoint 1, main (argc=1, argv=0x7fffffffe5a8) at ./src/pads.c:486 486 ./src/pads.c: Datei oder Verzeichnis nicht gefunden. (gdb) directory /home/benutzer/source/pads/orig/pads-1.2 Source directories searched: /home/benutzer/source/pads/orig/pads-1.2:$cdir:$cwd (gdb) dele 1 (gdb) pipe info target | grep ".text" 0x0000555555556460 - 0x000055555555e8a1 is .text 0x00007ffff7fcc050 - 0x00007ffff7ff0391 is .text in /lib64/ld-linux-x86-64.so.2 0x00007ffff7fc96c0 - 0x00007ffff7fc9d1d is .text in system-supplied DSO at 0x7ffff7fc9000 0x00007ffff7f4b1e0 - 0x00007ffff7f9f322 is .text in /lib/x86_64-linux-gnu/libpcre.so.3 0x00007ffff7f038b0 - 0x00007ffff7f29c4e is .text in /lib/x86_64-linux-gnu/libpcap.so.0.8 0x00007ffff7c28380 - 0x00007ffff7d94e9d is .text in /lib/x86_64-linux-gnu/libc.so.6 0x00007ffff7ef9040 - 0x00007ffff7ef9101 is .text in /lib/x86_64-linux-gnu/libpthread.so.0 0x00007ffff7eb0e30 - 0x00007ffff7edf098 is .text in /lib/x86_64-linux-gnu/libdbus-1.so.3 0x00007ffff7b46af0 - 0x00007ffff7bc241c is .text in /lib/x86_64-linux-gnu/libsystemd.so.0 0x00007ffff7e973d0 - 0x00007ffff7e9a4b6 is .text in /lib/x86_64-linux-gnu/libcap.so.2 0x00007ffff79f7580 - 0x00007ffff7ae0128 is .text in /lib/x86_64-linux-gnu/libgcrypt.so.20 0x00007ffff7e6f510 - 0x00007ffff7e865b2 is .text in /lib/x86_64-linux-gnu/liblzma.so.5 0x00007ffff7934740 - 0x00007ffff79d0636 is .text in /lib/x86_64-linux-gnu/libzstd.so.1 0x00007ffff7e493e0 - 0x00007ffff7e66437 is .text in /lib/x86_64-linux-gnu/liblz4.so.1 0x00007ffff7e206c0 - 0x00007ffff7e3600e is .text in /lib/x86_64-linux-gnu/libgpg-error.so.0 (gdb) find /b 0x0000555555556460, 0x000055555555e8a1, 0x23, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00, 0x00, 0x0f, 0xb7, 0xc9, 0xe8, 0x46, 0x85, 0xff, 0xff, 0x58, 0x31, 0xc0, 0x5a, 0x5b, 0x5d, 0x41, 0x5c, 0xc3, 0x66, 0x66, 0x2e, 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x66, 0x90, 0x41, 0x54, 0x55, 0x53, 0x48, 0x8b, 0x47, 0x10, 0x48, 0x89, 0xfb, 0x48, 0x83, 0xc7, 0x04, 0x48, 0x85, 0xc0, 0x74, 0x44, 0x4c, 0x8b, 0x60, 0x08, 0xe8, 0xb3 0x55555555db3a <print_asset_screen+74> 1 pattern found. (gdb) b * (0x55555555db3a + 42) Breakpoint 2 at 0x55555555db64: file ./src/output/output-screen.c, line 115. (gdb) info b Num Type Disp Enb Address What 2 breakpoint keep y 0x000055555555db64 in print_arp_asset_screen at ./src/output/output-screen.c:115 (gdb) disassemble /r 0xf7a94b31, 0xf7a94b31 + 62 Dump of assembler code from 0xf7a94b31 to 0xf7a94b6f: 0x00000000f7a94b31: Cannot access memory at address 0xf7a94b31 (gdb) disassemble /r 0x55555555db3a, 0x55555555db3a + 62 Dump of assembler code from 0x55555555db3a to 0x55555555db78: 0x000055555555db3a <print_asset_screen+74>: 23 00 and (%rax),%eax 0x000055555555db3c <print_asset_screen+76>: 00 be 01 00 00 00 add %bh,0x1(%rsi) 0x000055555555db42 <print_asset_screen+82>: 0f b7 c9 movzwl %cx,%ecx 0x000055555555db45 <print_asset_screen+85>: e8 46 85 ff ff call 0x555555556090 <__fprintf_chk@plt> 0x000055555555db4a <print_asset_screen+90>: 58 pop %rax 0x000055555555db4b <print_asset_screen+91>: 31 c0 xor %eax,%eax 0x000055555555db4d <print_asset_screen+93>: 5a pop %rdx 0x000055555555db4e <print_asset_screen+94>: 5b pop %rbx 0x000055555555db4f <print_asset_screen+95>: 5d pop %rbp 0x000055555555db50 <print_asset_screen+96>: 41 5c pop %r12 0x000055555555db52 <print_asset_screen+98>: c3 ret 0x000055555555db53: 66 66 2e 0f 1f 84 00 00 00 00 00 data16 cs nopw 0x0(%rax,%rax,1) 0x000055555555db5e: 66 90 xchg %ax,%ax 0x000055555555db60 <print_arp_asset_screen+0>: 41 54 push %r12 0x000055555555db62 <print_arp_asset_screen+2>: 55 push %rbp 0x000055555555db63 <print_arp_asset_screen+3>: 53 push %rbx 0x000055555555db64 <print_arp_asset_screen+4>: 48 8b 47 10 mov 0x10(%rdi),%rax <<<<<<<<<<<<< 0x000055555555db68 <print_arp_asset_screen+8>: 48 89 fb mov %rdi,%rbx 0x000055555555db6b <print_arp_asset_screen+11>: 48 83 c7 04 add $0x4,%rdi 0x000055555555db6f <print_arp_asset_screen+15>: 48 85 c0 test %rax,%rax 0x000055555555db72 <print_arp_asset_screen+18>: 74 44 je 0x55555555dbb8 <print_arp_asset_screen+88> 0x000055555555db74 <print_arp_asset_screen+20>: 4c 8b 60 08 mov 0x8(%rax),%r12 End of assembler dump. (gdb) list output-screen.c:100,125 100 101 102 /* ---------------------------------------------------------- 103 * FUNCTION : print_arp_asset_screen 104 * DESCRIPTION : This function will print out the ARP asset 105 * : to the screen and to the report file. 106 * INPUT : 0 - IP Address 107 * : 1 - MAC Address 108 * RETURN : 0 - Success 109 * : -1 - Error 110 * ---------------------------------------------------------- */ 111 int 112 print_arp_asset_screen (ArpAsset *rec) 113 { 114 /* Print to Screen */ 115 if(rec->mac_resolved != NULL) { <<<<<<<<<<< 116 fprintf(stdout, "[*] Asset Found: IP Address - %s / MAC Address - %s (%s)\n", 117 inet_ntoa(rec->ip_addr), hex2mac(rec->mac_addr), bdata(rec->mac_resolved)); 118 } else { 119 fprintf(stdout, "[*] Asset Found: IP Address - %s / MAC Address - %s\n", 120 inet_ntoa(rec->ip_addr), hex2mac(rec->mac_addr)); 121 } 122 123 return 0; 124 } 125 (gdb)
