nmap -sV --open --host-timeout 300 -n -T4 -oX - <ip>

[dksupriya]

Describe the bug

I am using the 7.70 version on Nmap on centos server. I run the following scan on an IOT device(Electronic controller for a lighting system).
nmap -sV --open --host-timeout 300 -n -T4 -oX -
The nmap command on some hosts never completes and its stuck there for a long time. A core dump gets generated and as per the core dump, it throws a seg fault.
So, I face two issues here

1. Even though there is a host-timeout, the timeout is not honored
2. It throws a segmentation fault and generates a core dump maybe after an hour of trying to scan.

I also ran the command with "-d2 --version-trace --packet-trace" option but could not keep it running till the scan throws seg fault.

I ran backtrace on the core file and see only following error

(lldb) bt all

thread I get this error scanning against my gpsd #1, name = 'nmap', stop reason = signal SIGSEGV
frame #0: 0x000000000050c978
I am using this command in my application and want to gracefully exit the scan. Let me know if this is a known issue or is there a workaround.

To Reproduce

Run the following command line on a linux box and we do not get any result even after an hour.
nmap -sV --open --host-timeout 300 -n -T4 -oX -

Expected behavior

Expect the host-timeout to be honored and return a result in 5 min

Version info (please complete the following information):

• Linux
• Nmap 7.70
• Output of nmap --iflist

Additional context
Add any other context about the problem here, such as special network type.