SIGBUS BUS_ADRALN, prescan.cgi and Sol 10
807567Nov 15 2005 — edited Feb 14 2006Hello,
Apologies if this isn't the correct forum - it's partly kernel related and partly Solaris 10.
I have recently applied the latest security patches to one of my Solaris 10 boxes, and I am now having an issue with Trend's InterScan VirusWall prescan.cgi program (which downloads the latest virus definitions from Trend).
This binary program is run on an hourly cron job. However, now when it runs, it core dumps. The relevant truss output is below (I think):
...
20971: mprotect(0xFEC80000, 1039296, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
20971: mprotect(0xFEC80000, 1039296, PROT_READ|PROT_EXEC) = 0
20971: munmap(0xFF030000, 8192) = 0
20971: mmap(0x00010000, 65536, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_
ANON|MAP_ALIGN, -1, 0) = 0xFF020000
20971: resolvepath("./", ".", 1024) = 1
20971: getcwd("/etc/iscan", 1024) = 0
20971: resolvepath("/etc/iscan", "/etc/iscan", 1024) = 10
20971: open("/etc/iscan/aucfg.ini", O_RDONLY) = 6
20971: lseek(6, 0, SEEK_CUR) = 0
20971: read(6, 0x000E79F0, 512) = 162
20971: ; f o r s e l f u p d a t e\n A U _ P R O D U C T _ I D =
20971: 5 5\n\n [ d e b u g ]\n ; t h e h i g h e r l e v e l , t
20971: h e l e s s i n f o\n l e v e l = 0\n ; s e t t o 0 i
20971: s n o n e l o g\n l o g _ m o d e = 1\n\n [ D o w n l o a d
20971: e r ]\n ; r e t r y d o w n l o a d t i m e\n R e t r y = 2
20971: \n\n
20971: schedctl() = 0xFF00C000
20971: lwp_mutex_timedlock(0x000E7530, 0x00000000) = 0
20971: Incurred fault #5, FLTACCESS %pc = 0xFEFB7C54
20971: siginfo: SIGBUS BUS_ADRALN addr=0x000000FF
20971: Received signal #10, SIGBUS [default]
20971: siginfo: SIGBUS BUS_ADRALN addr=0x000000FF
20970: waitid(P_ALL, 0, 0xFFBFE8B8, WEXITED|WTRAPPED) = 0
...
The program then goes on to perform some cleanup, including unlinking /dev/null!
...
20973: getpid() = 20973 [20970]
20973: setustack(0xFF392088)
20973: brk(0x000245D0) = 0
20973: brk(0x000265D0) = 0
20973: stat("/platform/SUNW,Ultra-250/lib/libc_psr.so.1", 0xFFBFF238) = 0
20973: resolvepath("/platform/SUNW,Ultra-250/lib/libc_psr.so.1", "/platform/sun
4u/lib/libc_psr.so.1", 1023) = 33
20973: open("/platform/SUNW,Ultra-250/lib/libc_psr.so.1", O_RDONLY) = 4
20973: mmap(0x00010000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ALIGN, 4, 0)
= 0xFF380000
20973: mmap(0x00002000, 16384, PROT_NONE, MAP_PRIVATE|MAP_NORESERVE|MAP_ANON|MA
P_ALIGN, -1, 0) = 0xFF388000
20973: mmap(0xFF388000, 13512, PROT_READ|PROT_EXEC, MAP_PRIVATE|0x410, 4, 0) =
0xFF388000
20973: close(4) = 0
20973: mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_A
NON, -1, 0) = 0xFF270000
20973: munmap(0xFF380000, 8192) = 0
20973: getrlimit64(RLIMIT_NOFILE, 0xFFBFF9F8) = 0
20973: lstat64("/tmp/lpt*vpn.*", 0xFFBFF900) Err#2 ENOENT
20973: lstat64(">", 0xFFBFF900) Err#2 ENOENT
20973: lstat64("/dev/null", 0xFFBFF900) = 0
20973: unlink("/dev/null") = 0
20973: lstat64("2>&1", 0xFFBFF900) Err#2 ENOENT
20973: _exit(0)
20970: waitid(P_PID, 20973, 0xFFBFD7C0, WEXITED|WTRAPPED) = 0
20970: lseek(1, 0, SEEK_CUR) = 3727341
20970: lseek(2, 0, SEEK_CUR) = 3727341
20970: lseek(2, 0, SEEK_CUR) = 3727341
20970: llseek(3, 0xFFFFFFFFFFFFE0AA, SEEK_CUR) = 170
20970: _exit(0)
Any pointers about how I should go about resolving this? I could backout all the patches?
Thanks,
Ben.