Binary Bomb phase 6 no nodes

This question is based on the same project as the other Binary Bomb Phase 6 questions (most likely will be related links), but for some reason I can't find the nodes themselves, to check their increasing/decreasing values. When I try to use the function: x/3x $eax, it returns: Cannot access memory at 0x4, which makes me think that it actually isn't a node. It is, however, what is in the end being compared to check for equality.

(gdb) x/3x $eax
0x4:    Cannot access memory at address 0x4

Here is the function phase_6:

   0x08048dea <+0>:     push   %esi
   0x08048deb <+1>:     push   %ebx
   0x08048dec <+2>:     sub    $0x44,%esp
   0x08048def <+5>:     lea    0x10(%esp),%eax
   0x08048df3 <+9>:     mov    %eax,0x4(%esp)
   0x08048df7 <+13>:    mov    0x50(%esp),%eax
   0x08048dfb <+17>:    mov    %eax,(%esp)
   0x08048dfe <+20>:    call   0x8049479 <read_six_numbers>
   0x08048e03 <+25>:    mov    $0x0,%esi
   0x08048e08 <+30>:    mov    0x10(%esp,%esi,4),%eax
   0x08048e0c <+34>:    sub    $0x1,%eax
   0x08048e0f <+37>:    cmp    $0x5,%eax
   0x08048e12 <+40>:    jbe    0x8048e19 <phase_6+47>
   0x08048e14 <+42>:    call   0x804932c <explode_bomb>
   0x08048e19 <+47>:    add    $0x1,%esi
   0x08048e1c <+50>:    cmp    $0x6,%esi
   0x08048e1f <+53>:    je     0x8048e54 <phase_6+106>
   0x08048e21 <+55>:    mov    %esi,%ebx
   0x08048e23 <+57>:    mov    0x10(%esp,%ebx,4),%eax
   0x08048e27 <+61>:    cmp    %eax,0xc(%esp,%esi,4)
   0x08048e2b <+65>:    jne    0x8048e32 <phase_6+72>
   0x08048e2d <+67>:    call   0x804932c <explode_bomb>
   0x08048e32 <+72>:    add    $0x1,%ebx
   0x08048e35 <+75>:    cmp    $0x5,%ebx
   0x08048e38 <+78>:    jle    0x8048e23 <phase_6+57>
   0x08048e3a <+80>:    jmp    0x8048e08 <phase_6+30>
   0x08048e3c <+82>:    mov    0x8(%edx),%edx
   0x08048e3f <+85>:    add    $0x1,%eax
   0x08048e42 <+88>:    cmp    %ecx,%eax
   0x08048e44 <+90>:    jne    0x8048e3c <phase_6+82>
   0x08048e46 <+92>:    mov    %edx,0x28(%esp,%esi,4)
   0x08048e4a <+96>:    add    $0x1,%ebx
   0x08048e4d <+99>:    cmp    $0x6,%ebx
   0x08048e50 <+102>:   jne    0x8048e59 <phase_6+111>
   0x08048e52 <+104>:   jmp    0x8048e70 <phase_6+134>
   0x08048e54 <+106>:   mov    $0x0,%ebx
   0x08048e59 <+111>:   mov    %ebx,%esi
   0x08048e5b <+113>:   mov    0x10(%esp,%ebx,4),%ecx
   0x08048e5f <+117>:   mov    $0x1,%eax
   0x08048e64 <+122>:   mov    $0x804d154,%edx
   0x08048e69 <+127>:   cmp    $0x1,%ecx
   0x08048e6c <+130>:   jg     0x8048e3c <phase_6+82>
   0x08048e6e <+132>:   jmp    0x8048e46 <phase_6+92>
   0x08048e70 <+134>:   mov    0x28(%esp),%ebx
   0x08048e74 <+138>:   mov    0x2c(%esp),%eax
   0x08048e78 <+142>:   mov    %eax,0x8(%ebx)
   0x08048e7b <+145>:   mov    0x30(%esp),%edx
   0x08048e7f <+149>:   mov    %edx,0x8(%eax)
   0x08048e82 <+152>:   mov    0x34(%esp),%eax
   0x08048e86 <+156>:   mov    %eax,0x8(%edx)
   0x08048e89 <+159>:   mov    0x38(%esp),%edx
   0x08048e8d <+163>:   mov    %edx,0x8(%eax)
   0x08048e90 <+166>:   mov    0x3c(%esp),%eax
   0x08048e94 <+170>:   mov    %eax,0x8(%edx)
   0x08048e97 <+173>:   movl   $0x0,0x8(%eax)
   0x08048e9e <+180>:   mov    $0x5,%esi
   0x08048ea3 <+185>:   mov    0x8(%ebx),%eax
*   0x08048ea6 <+188>:   mov    (%eax),%edx
*   0x08048ea8 <+190>:   cmp    %edx,(%ebx)
   0x08048eaa <+192>:   jge    0x8048eb1 <phase_6+199>
   0x08048eac <+194>:   call   0x804932c <explode_bomb>
   0x08048eb1 <+199>:   mov    0x8(%ebx),%ebx
   0x08048eb4 <+202>:   sub    $0x1,%esi
   0x08048eb7 <+205>:   jne    0x8048ea3 <phase_6+185>
   0x08048eb9 <+207>:   add    $0x44,%esp
   0x08048ebc <+210>:   pop    %ebx
   0x08048ebd <+211>:   pop    %esi
   0x08048ebe <+212>:   ret

In the two lines before which I put the asterisk, that is where the nodes are being compared, I think. Essentially eax is being compared to ebx. However, when I try to find what the nodes are for eax, it gives me that error. When I try to run the same method on ebx, this is what returns:

(gdb) x/3x $ebx
0xffffd4c4:     0xffffd625      0x00000000      0xffffd651
(gdb) x/3x *($ebx + 8)
0xffffd651:     0x5f474458      0x53534553      0x5f4e4f49
(gdb) x/3x *(*($ebx+8)+8)
0x5f4e4f49:     Cannot access memory at address 0x5f4e4f49

Does that mean ebx doesn't go past that memory address?

Here is what I DO know: it is taking in 6 integers, none of them can be equal to another, they must be less than or equal to 6, and they must be put in decreasing node order.

EDIT:

After going to the asterisked lines, here is my issue:

(gdb) x/3x *(*(*(*($eax+8)+8)+8)+8)
0x804d154 <node1>:      0x00000395      0x00000001      0x00000000
(gdb) x/3x *(*(*($eax+8)+8)+8)
0x804d160 <node2>:      0x000001e2      0x00000002      0x0804d154
(gdb) x/3x*( *($eax+8)+8)
0x804d16c <node3>:      0x00000328      0x00000003      0x0804d160
(gdb) x/3x*($eax+8)
0x804d178 <node4>:      0x000000d3      0x00000004      0x0804d16c
(gdb) x/3x $eax
0x804d184 <node5>:      0x00000273      0x00000005      0x0804d178

There seem to only be 5 nodes instead of the necessary 6.

try *(*(*(*($eax+8)+8)+8)+8), *(*(*($eax+8)+8)+8), *(*($eax+8)+8), *($eax+8), $eax, AND $edx.

> run bomb

---after input 6 int---
---breakpoints phase6, explode_bomb

> until *0x08048ea8
> x/3x *(*(*(*($eax+8)+8)+8)+8)
> x/3x *(*(*($eax+8)+8)+8)
> x/3x *(*($eax+8)+8)
> x/3x *($eax+8)
> x/3x $eax
> x/3x $edx