 |
≫ |
|
|
|
パッチ名: PHNE_35729
パッチ摘要: s700_800 11.00 累積ARPAトランスポートパッチ
作成日: 06/11/20
公開日: 07/02/27
ハードウェアプラットフォームおよびOSリリース:
s700: 11.00
s800: 11.00
現象:
PHNE_35729:
PHNE_33395はこのパッチに置き換えられました。
1.(SR:8606427700 CR:JAGaf87181)
libnm関数get_mib_info()がメモリーを適切に処理しません。
2.(SR:8606439315 CR:JAGaf97308)
NFS over UDPAによって転送されたラージファイルが破損しています。
3.(SR:8606448078 CR:JAGag05349)
UDPメッセージのバックログ。
問題点の説明:
PHNE_35729:
PHNE_33395はこのパッチに置き換えられました。
1.(SR:8606427700 CR:JAGaf87181)
get_mib_info()関数が正常に機能していませんでした。
解決方法:
libnm関数get_mib_info()のコードを修正しました。
2.(SR:8606439315 CR:JAGaf97308)
IPフラグメントの再組み立て時に、あるパケットに対応する一部のフラグメン
トが消失すると、残りのフラグメントは、ip_fragment_timeoutでタイムアウ
トするまで再組み立てキュー内で待機し、タイムアウト後削除されます。HPUX
でのip_fragment_timeoutのデフォルト値は1分です。ところが、1ギガビット
インタフェースの場合、IP識別番号がラップアラウンドしてホールを埋め、
再組み立てを完了させることがありました。その結果、その破損パケットが
igelanドライバを通じてアプリケーションに転送されていました。
解決方法:
破損したパケットがアプリケーションに転送されないようにコードを修正しま
した。
3.(SR:8606448078 CR:JAGag05349)
UDPメッセージが正しく処理されないことがあったため、バックログが生じて
いました。
解決方法:
UDPメッセージが常に正しく処理されるようにコードを修正しました。これで、
バックログは生じません。
-----------------------------------------------------------------------------
Patch Name: PHNE_35729
Patch Description: s700_800 11.00 cumulative ARPA Transport patch
Creation Date: 06/11/20
Post Date: 07/02/27
Hardware Platforms - OS Releases:
s700: 11.00
s800: 11.00
Products: N/A
Filesets:
OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP
Networking.NET-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
Networking.NET-PRG,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
Networking.NET-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP
Networking.NMS2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_32,v=HP
OS-Core.CORE2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP
Networking.NET2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP
Networking.NMS2-KRN,fr=B.11.00,fa=HP-UX_B.11.00_64,v=HP
Automatic Reboot?: Yes
Status: General Release
Critical:
Yes
PHNE_35729: PANIC MEMORY_LEAK CORRUPTION
PHNE_33395: PANIC
PHNE_32041: PANIC HANG CORRUPTION
PHNE_29473: PANIC MEMORY_LEAK
PHNE_28538: PANIC HANG
PHNE_27886: PANIC
PHNE_27058: PANIC HANG MEMORY_LEAK
PHNE_26771: CORRUPTION
PHNE_26445: PANIC
PHNE_26412: CORRUPTION
PHNE_25423: PANIC HANG CORRUPTION
PHNE_25381: PANIC
PHNE_25135: PANIC
PHNE_24715: PANIC
PHNE_24289: PANIC
PHNE_24075: PANIC
PHNE_23456: PANIC
PHNE_22869: PANIC
PHNE_22527: PANIC
PHNE_22397: PANIC
PHNE_22318: PANIC
PHNE_22067: PANIC
PHNE_21890: PANIC
PHNE_21767: PANIC
PHNE_21606: PANIC
PHNE_21318: PANIC
PHNE_21038: PANIC
PHNE_20735: PANIC
PHNE_20633: PANIC
PHNE_20436: PANIC
PHNE_20041: PANIC
PHNE_19899: PANIC
PHNE_19375: PANIC
PHNE_19110: PANIC
PHNE_18708: PANIC
PHNE_18611: PANIC
PHNE_18554: PANIC
PHNE_18553: PANIC
PHNE_17662: PANIC
PHNE_17613: PANIC
PHNE_17446: PANIC
PHNE_17227: PANIC
PHNE_17117: PANIC
PHNE_17018: PANIC
PHNE_17017: PANIC
PHNE_16645: PANIC
PHNE_16497: PANIC
PHNE_16283: PANIC
PHNE_15995: PANIC
PHNE_15911: PANIC
PHNE_15692: PANIC
PHNE_15583: PANIC
PHNE_15047: PANIC
PHNE_14876: PANIC
PHNE_14730: PANIC
PHNE_14702: PANIC
PHNE_14575: PANIC
PHNE_14279: PANIC
PHNE_14274: PANIC
PHNE_14260: PANIC
PHNE_14017: PANIC
PHNE_13692: PANIC
PHNE_13405: PANIC
Category Tags:
defect_repair general_release critical panic halts_system
corruption memory_leak
Path Name: /hp-ux_patches/s700_800/11.X/PHNE_35729
Symptoms:
PHNE_35729:
This patch replaces PHNE_33395
( SR: 8606427700 CR: JAGaf87181 )
The get_mib_info() function in libnm does not handle
memory properly.
( SR: 8606439315 CR: JAGaf97308 )
A large file transferred by NFS over UDP gets
corrupted.
( SR: 8606448078 CR: JAGag05349 )
UDP message backlog.
PHNE_33395:
This patch replaces PHNE_32041
( SR: 8606390716 CR: JAGaf50862 )
System panics with the following stack trace
panic+0x6c
report_trap_or_int_and_panic+0x94
trap+0x910
nokgdb+0x8
tcp_rput_context_check+0x10
tcp_rput+0x340
puthere+0xc8
tcp_conn_ind+0x65c
tcp_rput+0x47c
puthere+0xc8
tcp_conn_ind+0x65c
tcp_rput+0x47c
puthere+0xc8
( SR: 8606397865 CR: JAGaf57847 )
Slow TCP data transfer.
( SR: 8606399900 CR: JAGaf59856 )
ICMP message handling requires modifications.
PHNE_32041:
This patch replaces PHNE_29473
( SR: 8606339926 CR: JAGaf00847 )
System panics with following stack trace:
panic+0x54
report_trap_or_int_and_panic+0x84
trap+0xd9c
thandler+0xd24
TPI_discon_ind+0x24
sosend+0x208
soo_rw+0x88
write+0x104
syscall+0x28c
syscallinit+0x54c
( SR: 8606340920 CR: JAGaf01830 )
An IGMP query is not answered by a host with multiple
IP addresses if the router which sends the query is
on a different subnet.
( SR: 8606350213 CR: JAGaf11035 )
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
ihandler+0x928
puthere+0x14
mi_timeout_exec+0x294
sw_service+0xb0
mp_ext_interrupt+0x144
ivti_patch_to_nop3+0x0
idle+0x430
swidle_exit+0x0
( SR: 8606351019 CR: JAGaf11831 )
Panic due to Data Page Fault with the following
stack trace :
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
dupb+0xcc
tcp_xmit_mp+0x434
tcp_wput+0x7a4
tcp_timer+0x4fc
tcp_wput+0x954
puthere+0x148
mi_timeout_exec+0x294
sw_service+0xb0
mp_ext_interrupt+0x150
ivti_patch_to_nop3+0x0
idle+0xe18
swidle_exit+0x0
( SR: 8606351765 CR: JAGaf12570 )
An application gets notification of the presence of urgent
data even when there is no urgent data.
( SR: 8606358089 CR: JAGaf18788 )
In some cases, sendfile(2) returns 0, indicating success,
even if the connection associated with the socket is broken.
( SR: 8606366614 CR: JAGaf27178 )
In some cases, sendfile(2) generates SIGPIPE signal without
setting errno to EPIPE.
( SR: 8606376003 CR: JAGaf36297 )
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
ip_reassemble+0x15c
ip_rput_local+0x1014
ip_rput+0x1a0
putnext+0xcc
hp_dlpi_mblk_fast_in+0x420
hp_dlpi_mblk_intr_put+0x960
streams_put+0xf8
hp_dlpi_mblk_intr+0x148
lanc_ether_ics+0x114
_btlan3_receive_pkts+0x588
_btlan3_isr+0x198
sapic_interrupt+0x2c
mp_ext_interrupt+0x318
ivti_patch_to_nop3+0x0
idle+0x1150
swidle_exit+0x0
( SR: 8606349322 CR: JAGaf10143 )
System panics with following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
trap+0xd9c
thandler+0xd24
sbcompress+0x4c
sbappend+0x34
uipc_usrreq+0x9c
sosend+0x440
soo_rw+0x88
( SR: 8606344720 CR: JAGaf05570 )
An application may hang in accept(2).
( SR: 8606320479 CR: JAGae82961 )
send(2) returns an EWOULDBLOCK failure on a
TCP socket when the preceding poll(2) call on the
same socket had returned a POLLOUT revent.
( SR: 8606317678 CR: JAGae80233 )
The nettl(1M) trace for NS_LS_IP and NS_LS_ICMP may lead to
memory corruption. As a result of this corruption, the
system may get a subsequent Data page fault panic. The
traced ICMP packets may then display an unknown ICMP type.
( SR: 8606333354 CR: JAGae94443 )
recvfrom(2) or recv(2) performed on SOCK_DGRAM
socket with MSG_PEEK flag set returns all the
messages, when only the first message should be
returned.
PHNE_29473:
This patch replaces PHNE_28538
( SR: 8606285107 CR: JAGae49049 )
Disrupted IGMP membership reporting.
( SR: 8606328253 CR: JAGae89895 )
read() returns ECONNRESET instead of ECONNREFUSED.
( SR: 8606297439 CR: JAGae60941 )
System panics with the following stack trace:
optcom_req+0xb8
tcp_wput_proto+0xa4
tcp_wput+0x458
( SR: 8606304572 CR: JAGae67915 )
System panics with the following stack trace:
ip_bind+0x334
ip_wput_nondata+0x38
ip_wput+0x108
putnext+0xcc
tcp_connect+0x204
tcp_wput_proto+0xc4
tcp_wput+0x574
putnext+0xcc
str_async_ioctl+0x210
hpstreams_ioctl_int+0x548
streams_ioctl+0x34
soconnect+0x140
connect+0xdc
( SR: 8606306857 CR: JAGae69891 )
System panics with the following stack trace:
freeb+0x18
ire_delete_now+0x6c
ip_dfg_flush+0x158
invoke_callouts_for_self+0xc0
sw_service+0xb0
up_ext_interrupt+0x118
ihandler+0x8c4
( SR: 8606312501 CR: JAGae75317 )
Data page fault in tcp_detach() with the
following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
trap+0xd9c nokgdb+0x8
tcp_detach+0x5d8
tcp_close+0xf0
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x214
osr_close_subr+0xf50
hpstreams_close_int+0x31c
streams_close+0x14
soclose+0xf0
soo_close+0x90
( SR: 8606318794 CR: JAGae81284 )
Panic while closing the socket, with the following
stack trace:
panic+0x14
too_much_time+0x2e0
wait_for_lock+0x14c
slu_retry+0x1c
hpstreams_ioctl_int+0x6a4
streams_ioctl+0x34
sotocache+0x164
sounlock+0x704
mp_socket_unlock+0x10
soclose+0x964
soo_close+0x90
closef+0x64
close+0x90
syscall+0x28c
$syscallrtn+0x0
( SR: 8606331109 CR: JAGae92230 )
Unexpected memory consumption of M_DATA mblks
in 512 bytes bucket resulting in memory starvation.
( SR: 8606248122 CR: JAGae14522 )
The "ifconfig lanx:y" command which is supposed to
display the current configuration of lanx:y, will display
a dummy entry for lanx:y if that interface does not exist.
( SR: 8606317300 CR: JAGae79861 )
Memory leak in 512 bytes bucket.
( SR: 8606298990 CR: JAGae62486 )
IREs of type IRE_LOOPBACK remain in the
system even after a RST is sent to the
peer TCP.
( SR: 8606322708 CR: JAGae85175 )
Route entries associated with loopback interfaces
intermittently get deleted.
PHNE_28538:
This patch replaces PHNE_27886
( SR number: 8606224462 ; Defect: JAGad93550 )
Message getting displayed on console:
tcp_timer: strange state (-6) [5767,d425] TCP_CLOSED
( SR number: 8606257154 ; Defect: JAGae21460 )
connect(2) over AF_INET socket hangs. System TOC with the
following stack trace:
_swtch+0xc4
_sleep+0x318
read_sleep+0x17c
streams_getmsg+0x3c8
soconnect+0x188
connect+0xdc
syscall+0x62c
syscallinit+0x554
( SR number: 8606274495 ; Defect: JAGae38572 )
When the timestamp value passed in the timestamp option
in the TCP packet rolls over after the connection is
established, TCP connection drops packets and applications
may hang or time out.
( SR number: 8606283209 ; Defect: JAGae47164 )
Bucket allocation usage is too high when there is a TCP
traffic burst.
( SR number: 8606283966 ; Defect: JAGae47912 )
System panics with the following stack
trace:
stack trace for event 0
crash event was a panic
panic+0x14
sbflush+0x130
sbrelease+0x14
sorflush+0x98
sofree+0x98
soclose+0x1b4
soo_close+0x90
closef+0x64
close+0x90
syscall+0x6f8
$syscallrtn+0x0
( SR number: 8606286419 ; Defect: JAGae50362 )
send(2) may take a long time to complete for
AF_UNIX/SOCK_STREAM type of sockets.
( SR number: 8606292583 ; Defect: JAGae56336 )
When an ICMP Address Mask Request packet is sent to
a unicast address, an ICMP Address Mask Reply is sent
even though the tunable ip_respond_to_address_mask_broadcast
is turned OFF.
( SR number: 8606294788 ; Defect: JAGae58482 )
The number of collisions between threads executing select(2)
is exceedingly high in some cases.
( SR number: 8606294967 ; Defect: JAGae58664 )
select(2) may take more time for AF_UNIX domain sockets in
some cases.
( SR number: 8606294977 ; Defect: JAGae58674 )
read(2) on a socket, may return ECONNREFUSED
instead of ECONNRESET.
( SR number: 8606295188 ; Defect: JAGae58883 )
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x4c
interrupt+0x1e8
$ihndlr_rtn+0x0
ipc_walk+0x7c
ill_down_ind+0x118
ip_rput_dlpi+0x9b0
ip_rput+0x394
putnext+0xc4
hp_dlpi_event+0x1b0
HP1_ospif_mib_event+0x150
ospif_watchdog+0x3c
HP1_oim_timeout+0x10
invoke_callouts_for_self+0xac
sw_service+0x8c
inttr_emulate_save_fpu+0x100
drv_priv+0x0
ip_open+0x11c
open_wrapper+0x44
csq_protect+0x10c
osr_open+0xaec
pse_open+0xe4
streams_open+0x48
soclone+0x178
soaccept+0xf4
sodequeue+0xac
accept+0x204
syscall+0x6e8
$syscallrtn+0x0
PHNE_27886:
This patch replaces PHNE_27058
( SR number: 8606244252 ; Defect: JAGae10742 )
Data transfer over TCP is very slow.
( SR number: 8606248840 ; Defect: JAGae15237 )
System panics with the following stack trace
panic+0xa0
assfail+0x3c
_assfail+0x2c
b_vsema+0x36c
sounlock+0x974
mp_socket_unlock+0x10
function name is not available
pstat_socket+0x400
pstat+0x380
syscall+0x834
syscallinit+0x554
( SR number: 8606272841 ; Defect: JAGae36947 )
It is not possible to know if the support for
RFC 1948 is enabled or disabled.
( SR number: 8606272891 ; Defect: JAGae36997 )
The HP-UX 11.0 client does not transmit multicast packets
when INADDR_ANY is used.
( SR number: 8606277294 ; Defect: JAGae41365 )
Applications using UDP via XTI or applications
using remote file locking via NFS may cause
datagram packets to be dropped.
PHNE_27058:
This patch replaces PHNE_26771
( SR number: 8606226976 ; Defect: JAGad96038 )
Repeatedly joining and leaving various multicast
groups and rejoining already joined groups causes
the system to hang.
( SR number: 8606233305 ; Defect: JAGae02529 )
Application hangs in the accept(2) system call.
( SR number: 8606238262 ; Defect: JAGae07289 )
Data corruption occurs in the socket structure
during a connect(2).
( SR number: 8606241187 ; Defect: JAGae08450 )
The system does not respond to any keystrokes or
commands and appears to hang. A Service Guard system
will perform TOC.
( SR number: 8606241192 ; Defect: JAGae08455 )
Memory leak of timer related mblks in 512-byte bucket.
( SR number: 8606242679 ; Defect: JAGae09914 )
A process appears to hang in accept(2) and cannot be
killed when there is another process doing a
getsockopt(2) on the same socket.
( SR number: 8606247193 ; Defect: JAGae13633 )
System panics with either of the following stack traces:
stack trace for event 0
crash event was a panic
panic+0x14
too_much_time+0x2d4
wait_for_lock+0x120
sl_retry+0x18
ip_trash+0x18
ip_rtimer+0x38
ip_rput+0x3c0
puthere+0x140
mi_timeout_exec+0x224
sw_service+0x8c
mp_ext_interrupt+0x108
ivti_patch_to_nop3+0x0
idle+0xd5c
swidle_exit+0x0
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
ilm_lookup_exact+0x4
ip_delmulti+0x40
ilg_delete+0x90
ilg_delete_all+0x34
ip_close+0x58
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x214
osr_close_subr+0xcbc
hpstreams_close_int+0x31c
streams_close+0x14
soclose+0x308
soo_close+0x90
closef+0x64
close+0x90
syscall+0x200
$syscallrtn+0x0
( SR number: 8606248331 ; Defect: JAGae14731 )
System panics during boot after building the
kernel with tcphashsz value less than 256.
( SR number: 8606249571 ; Defect: JAGae15961 )
System panics with either of the
following stack traces:
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
ip_rput_unbind_do+0x1ec
ip_rput_dlpi+0x2f4
ip_rput+0x4c0
csq_turnover_with_lock+0x84
putnext+0x258
hp_dlpi_mblk_fast_in+0x354
hp_dlpi_mblk_intr_put+0x960
streams_put+0xe8
streams_put_release+0x168
hp_dlpi_mblk_intr+0x14c
apa_intr+0x184
lanc_ether_ics+0x114
_btlan3_receive_pkts+0x588
_btlan3_isr+0x198
dino_isr+0xcc
mp_ext_interrupt+0x318
ivti_patch_to_nop3+0x0
idle+0x1054
swidle_exit+0x0
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
ip_rput_dlpi_up+0x550
ip_rput_dlpi+0x98
ip_rput+0x4c0
csq_turnover_with_lock+0x84
putnext+0x258
ar_client_notify+0x78
ar_rput+0x7d0
putnext+0xcc
hp_dlpi_unitdata_in+0x1504
hp_dlpi_intr_put+0x8b0
streams_put+0xe8
hp_dlpi_intr+0x214
lan2_process_packet+0x87c
lan2_int_fr_rnr+0x1b0
lan2_isr+0x164
lasi_interrupt+0x64
mp_ext_interrupt+0x318
ivti_patch_to_nop3+0x0
sounlock+0x90
mp_socket_unlock+0x10
soreceive+0x4bc
recvit+0x144
recv+0x54
syscall+0x6f8
( SR number: 8606250217 ; Defect: JAGae16597 )
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
trap+0xd9c
nokgdb+0x8
ill_delete+0x5c8
ip_close+0x1e4
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x214
osr_close_subr+0xf50
osr_unlink+0x1fc
str_plumb_ioctl+0x4a4
hpstreams_ioctl_int+0x398
hpstreams_ioctl+0x50
spec_ioctl+0xac
vno_ioctl+0x90
ioctl+0x78
syscall+0x6f8
$syscallrtn+0x0
( SR number: 8606257697 ; Defect: JAGae22000 )
System panics with the following stack trace:
stack trace for event 0
crash event was a panic
panic+0x14
too_much_time+0x2e0
wait_for_lock+0x14c
slu_retry+0x1c
mp_socket_lock+0x2c
TPI_ok_ack+0x1a4
soaccept+0x5f4
sodequeue+0x30c
accept+0x168
syscall+0x200
$syscallrtn+0x0
( SR number: 8606259311 ; Defect: JAGae23629 )
POSIX recvmsg() returns incorrect "cmsg_len".
PHNE_26771:
This patch replaces PHNE_26445
( SR number: 8606236775 ; Defect: JAGae05826 )
SIOCATMARK ioctl returns with the flag parameter
set even after reading out-of-band data when
the SO_OOBINLINE socket option is set.
( SR number: 8606237266 ; Defect: JAGae06311 )
Passing invalid arguments to connect() on an
already connected datagram socket does not
disconnect the socket, as documented in the
connect() manpage.
( SR number: 8606238197 ; Defect: JAGae07224 )
rlogin and other applications that call recv() with
the MSG_OOB flag lose data if the urgent byte has
not arrived when the call to recv() is made.
( SR number: 8606250322 ; Defect: JAGae16697 )
AF_UNIX domain datagram type socket applications
fail on recv() call.
PHNE_26445:
This patch replaces PHNE_25423
( SR number: 8606213513 ; Defect: JAGad82705 )
Systems relying on random increments for choosing less
predictable TCP ISN values, are still vulnerable to
statistical attacks.
( SR number: 8606218753 ; Defect: JAGad87901 )
System runs out of memory when it is under heavy
inbound TCP traffic.
( SR number: 8606223127 ; Defect: JAGad92230 )
Memory Leak in the 2k bucket when sanmgr hostagent is
running.
( SR number: 8606224045 ; Defect: JAGad93141 )
System runs out of memory and seems to hang.
( SR number: 8606224560 ; Defect: JAGad93648 )
FTP hangs when transferring files from PC DOS to HP-UX.
( SR number: 8606225324 ; Defect: JAGad94412 )
"Communication stops" occur due to incorrect host route
in the routing table.
( SR number: 8606228310 ; Defect: JAGad97367 )
read() done on a socket returned by accept() returns
the EWOULDBLOCK error.
( SR number: 8606229279 ; Defect: JAGad98332 )
System panics with the following stack trace:
tcp_icmp_error+0x38
tcp_rput_other+0x518
tcp_rput+0x58
csq_turnover_with_lock+0x84
str_spu_sw_isr+0x654
sw_service+0xb0
mp_ext_interrupt+0x150
ivti_patch_to_nop3+0x0
idle+0x104
( SR number: 8606229650 ; Defect: JAGad98702 )
System panics with the following stack trace:
igmp_timeout_handler+0x160
ip_rtimer+0x100
ip_rput+0x408
puthere+0x148
mi_timeout_exec+0x288
sw_service+0xb0
mp_ext_interrupt+0x150
ihandler+0x904
idle+0xe24
swidle+0x20
( SR number: 8606230164 ; Defect: JAGad99215 )
performance degradation after installing PHNE_23456.
( SR number: 8606231247 ; Defect: JAGae00485 )
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
tcp_get_ucred+0x1d4
tcp_wput_ioctl+0x160
tcp_wput+0x918
putnext+0xcc
wait_iocack+0x68
str_istr_ioctl+0x72c
hpstreams_ioctl_int+0x370
hpstreams_ioctl+0x50
spec_ioctl+0xac
vno_ioctl+0x90
ioctl+0x78
syscall+0x6f8
$syscallrtn+0x0
( SR number: 8606231526 ; Defect: JAGae00764 )
System panics with the following stacks:
tcp_wput+0x58
csq_turnover_with_lock+0x84
str_spu_sw_isr+0x654
or
tcp_wput+0x58
putnext+0xcc
sth_wsrv+0x204
sq_wrapper+0x94
str_sched_up_daemon+0x1c4
str_sched_daemon+0x1a4
main+0x854
( SR number: 8606231951 ; Defect: JAGae01187 )
System panics with the following stack trace:
tcp_rsrv_comm+0x18
tcp_rput+0x3620
csq_turnover_with_lock+0x7c
str_spu_sw_isr+0x5f8
sw_service+0x8c
( SR number: 8606232185 ; Defect: JAGae01421 )
System panics with the following stack trace:
tcp_rsrv_comm+0x18
tcp_rsrv+0x10
sq_wrapper+0x90
str_sched_mp_daemon+0x130
str_sched_daemon+0x2dc
main+0xa9c
$vstart+0x34
$locore+0x90
( SR number: 8606232612 ; Defect: JAGae01847 )
If the primary route for an interface is deleted, then
a host on the same subnet is not reachable through the
secondary route, though the secondary network route
exists.
( SR number: 8606233090 ; Defect: JAGae02314 )
In some cases urgent data gets retransmitted
unnecessarily impairing performance.
( SR number: 8606233164 ; Defect: JAGae02387 )
connect() call for the SOCK_STREAMS socket returns
the ETIMEDOUT error. This occurs when another
connection already bound to the same address
(with 4-tuple being the same) has received RST from
the remote side, and has not been closed by the
application.
PHNE_26412:
( SR number: 8606221602 ; Defect: JAGad90736 )
read() sometimes loses data and returns 0 on system
with PHNE_23456.
PHNE_25423:
This patch replaces PHNE_25135
( SR number: 8606146239 ; Defect: JAGad15575 )
Intermittent hangs exhibited in close()
when using so_linger.
( SR number: 8606160572 ; Defect: JAGad29893 )
When both ts option and socket cache are used,
tcp connection gets timed out.
( SR number: 8606189015 ; Defect: JAGad58231 )
UNIX domain socket programme uses a large amount of CPU.
This can be observed in some cases of fast producer
and a slow consumer type of client server programmes.
( SR number: 8606211448 ; Defect: JAGad80636 )
When IPSEC is active, nettl can turn on layer 4 tracing
( SR number: 8606217657 ; Defect: JAGad86809 )
ifconfig lan10000 fails, but ifconfig lan9999 succeeds.
( SR number: 8606219937 ; Defect: JAGad89079 )
On UP boxes when 2 (or more) aio_reads are pending
on the same socket and ioctl(SIOCAIOABORT) is used,
a close on that socket will result in an unkillable
hung process.
( SR number: 8606220568 ; Defect: JAGad89705 )
Sometimes telnet session initiated by W2K to
HP-UX 11.00 machine hangs.
( SR number: 8606220677 ; Defect: JAGad89814 )
Data retransmission sometimes takes a long time.
( SR number: 8606221602 ; Defect: JAGad90736 )
read() sometimes lose data and return 0 on system
with PHNE_23456.
( SR number: 8606221777 ; Defect: JAGad90911 )
When setting ip_pmtu_strategy to 0 any non-local
networks have a maximum MTU of 576.
( SR number: 8606222508 ; Defect: JAGad91621 )
When system memory use is very high
the accept system call returns ENOBUFS.
( SR number: 8606223947 ; Defect: JAGad93042 )
When loopback address, 127.n.n.n (where n can 0
to 255) is pinged and ping succeeds, netstat -rn
displays entries for each pinged address other
than 127.0.0.1
PHNE_25381:
System panics on sbflush panic 2:
trace event 0
stack trace for event 0
crash event was a panic
panic+0x14
sbflush+0x68
sbrelease+0x14
sorflush+0xa4
sofree+0x15c
soclose+0x23c
soo_close+0xc8
closef+0x64
close+0x90
syscall+0x6f8
$syscallrtn+0x0
PHNE_25135:
This patch replaces PHNE_24715
( SR number: 8606193755 ; Defect: JAGab72514 )
When using shutdown() and stack-caching the mss value
could be set to one (1) byte.
( SR number: 8606137536 ; Defect: JAGad06654 )
Tcpdump trace showed that sendfile sends trailer buffers
as a separate "send".
( SR number: 8606203612 ; Defect: JAGad72784 )
Examination of code found a problem.
( SR number: 8606215148 ; Defect: JAGad84339 )
System panics on sbflush panic 2:
trace event 0
stack trace for event 0
crash event was a panic
panic+0x14
sbflush+0x68
sbrelease+0x14
sorflush+0xa4
sofree+0x15c
soclose+0x23c
soo_close+0xc8
closef+0x64
close+0x90
syscall+0x6f8
$syscallrtn+0x0
PHNE_24715:
This patch replaces PHNE_24289
( SR number: 8606193754 ; Defect: JAGad62965 )
Customer noted that performance of ftp over
hyper-fabric was very slow when putting a file
after installing PHNE_22397.
( SR number: 8606206542 ; Defect: JAGad75715 )
Some packets are dropped intermittently and not
retransmitted for a long time.
( SR number: 8606206806 ; Defect: JAGad75979 )
Since PHNE_21767, all outbound datagrams have
the "Don't Fragment" bit set for Path MTU Discovery.
( SR number: 8606139436 ; Defect: JAGad08735 )
system panic on X.25 socket.
The panic stack is as follows:
A possible deadlock situation
stack trace for event 0
crash event was a panic
panic+0x10
spin_deadlock_failure+0x38
deadlock_check+0x9c
sl_pre_check+0x54
spinlock+0x14
mp_socket_lock+0x34
mp_socket_lock2+0x38
XLS_F_handler+0x6c4
XSO_F_handler+0x958
XLS_F0_a_connect_ind+0x188
XLS_F_handler+0x6a4
XST_F_read_put+0x398
putnext+0x1f4
CI_touser+0x268
Rx_CALL+0x384
L2_datind+0x4ac
dlpi_rxll+0xb4
x25lrsrv+0x60
sq_wrapper+0xc8
str_sched_mp_daemon+0x33c
str_sched_daemon+0x29c
im_mpnetstr+0x28
DoCalllist+0x38
main+0x24
$vstart+0x34
$locore+0x90
( SR number: 8606140093 ; Defect: JAGad09415 )
TCP connections where both ends close at
the same time may experience an unnecessary
delay of 1.5 seconds or more. This problem
has an especially high probability of being
seen on loopback connections where one
end of the connection has the SO_LINGER
option turned on.
( SR number: 8606167654 ; Defect: JAGad36937 )
Sometimes nettl is unable to capture reply packets.
( SR number: 8606198667 ; Defect: JAGad67856 )
Closing a socket with socket caching turned on and
SO_LINGER set will cause a loop in the kernel. The
connection will be left in an IDLE state.
( SR number: 8606202518 ; Defect: JAGad71692 )
Symptom:
System panic on X.25 socket.
Panic stack is :
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
XIQ_F_handler+0xc0
XSO_F0_cleanup_pcb+0xa4
XSO_F_handler+0x12dc
XPR_F_pr_usrreq+0x298
soclose+0x250
soo_close+0x90
closef+0x64
close+0x90
syscall+0x200
$syscallrtn+0x0
( SR number: 8606202738 ; Defect: JAGad71912 )
PHNE_23456 shows duplicate uipc_socket.c what strings.
( SR number: 8606203039 ; Defect: JAGad72213 )
A UDP broadcast is sent once for each IP
address configured on the interface.
( SR number: 8606203900 ; Defect: JAGad73078 )
TCP connection hangs in an ESTABLISHED state.
( SR number: 8606204354 ; Defect: JAGad73536 )
UDP datagrams are silently dropped.
( SR number: 8606204948 ; Defect: JAGad74124 )
System hang while ftping and concurrent file truncation.
( SR number: 8606205538 ; Defect: JAGad74714 )
System panics while executing accept call. The
panic stack is as follows:
panic+0x6c
report_trap_or_int_and_panic+0x94
interrupt+0x208
ihandler+0x930
x_mi_timer+0xc
tcp_accept+0x510
tcp_wput_proto+0x18c
tcp_wput+0xa0
csq_turnover_with_lock+0x8c
puthere+0x260
tcp_icmp_error+0x270
tcp_rput_other+0x600
tcp_rput+0x60
putnext+0xcc
icmp_inbound_error+0xa74
icmp_inbound+0x38c
ip_rput_local+0xd58
ip_rput+0x188
putnext+0xcc
hp_dlpi_mblk_fast_in+0xa0
hp_dlpi_mblk_intr_put+0xb8
streams_put+0xdc
streams_put_release+0x4c
hp_dlpi_mblk_intr+0x5c
lanc_ether_ics+0x11c
btlan_receive_frame+0x5e4
btlan_isr+0xfc
sapic_interrupt+0x2c
mp_ext_interrupt+0x2ec
ihandler+0x90c
( SR number: 8606206366 ; Defect: JAGad75539 )
System panics with the following
stack trace:
panic
report_trap_or_int_and_panic
trap
nokgdb
ipif_up
ip_sioctl_copyin_done
ip_wput_nondata
ip_wput
csq_turnover_with_lock
putnext
udp_wput_other
udp_wput
putnext
wait_iocack
str_trans_ioctl
hpstreams_ioctl_int
streams_ioctl
ifioctl
soo_ioctl
ioctl
syscall
( SR number: 8606207797 ; Defect: JAGad76974 )
Performance degradation in IPSEC.
( SR number: 8606209138 ; Defect: JAGad78325 )
With ATM on system and IP traffic, system panics
with following panic stack:
panic+0x6c
report_trap_or_int_and_panic+0x94
interrupt+0x208
ihandler+0x930
bcopy_pcxu_method+0x0
LDI_F_set_fastpath+0x100
LEC_F0_uwioctl+0x1d8
LEC_F0_uwput+0xac
csq_turnover_with_lock+0x84
putnext+0x258
CAM_F0_sp_dataind+0x70
streams_put+0xe4
CAM_F_data_ind+0x404
alx_receive_it+0x13fc
alx_isr+0x25c
wsio_interrupt+0x54
mp_ext_interrupt+0x34c
ivti_patch_to_nop3+0x0
sounlock+0x90
mp_socket_unlock+0x10
soo_select2+0x1c4
soo_select+0x14
select+0xac4
syscall+0x480
( SR number: 8606209264 ; Defect: JAGad78451 )
When 2 (or more) aio_read are pending on the same
socket and ioctl(SIOCAIOABORT) is used, a close
on that socket will cause to process to hang and
the process is not killable.
PHNE_24289:
This patch replaces PHNE_24075
( SR number: 8606131836 ; Defect: JAGad00986 )
RAW socket behaviour for HP-UX 11.0 is inconsistent
with HP-UX 10.20 and HP-UX 11.11. Non-root user is
allowed to open a RAW socket.
( SR number: 8606162623 ; Defect: JAGad31939 )
Service Guard system TOC with the following trace:
x_mi_mpprintf_putc+0x1c
x_mi_iprintf+0x280
x_mi_mpprintf+0x64
tcp_status_report+0x188
x_nd_getset+0x148
tcp_wput_ioctl+0x9c
tcp_wput+0x82c
putnext+0xcc
wait_iocack+0x68 s
tr_istr_ioctl+0x738
hpstreams_ioctl_int+0x6a8
hpstreams_ioctl+0x50
spec_ioctl+0xac
vno_ioctl+0x90
ioctl+0x7c
syscall+0x480
$syscallrtn+0x0
( SR number: 8606187409 ; Defect: JAGad56616 )
An AF_UNIX socket application hangs on MP system.
( SR number: 1653284372 ; Defect: JAGaa44209 )
STCP recv() with MSG_PEEK is different from BSD.
( SR number: 5003411751 ; Defect: JAGaa27047 )
A connection in FIN_WAIT_2 can stay forever.
Note: This defect was fixed in PHNE_19899, but it
was not documented in the patch.
( SR number: 8606198555 ; Defect: JAGad67744 )
Problems compiling recent versions
of transport source code within ClearCase.
These compilation failures are not visible
to customers
( SR number: 8606198614 ; Defect: JAGad67803 )
System hangs and free memory is zero.
System TOC with the following trace:
putnext+0x188
ip_wput_ire+0x398
ip_wput+0x470
putnext+0xcc
tcp_rput+0x1088
csq_turnover_with_lock+0x84
str_spu_sw_isr+0x200
sw_service+0xb0
mp_ext_interrupt+0x150
ivti_patch_to_nop3+0x0
ki_accum_push_TOS+0xa0
syscall+0x808
$syscallrtn+0x0
PHNE_24075:
This patch replaces PHNE_23456
( SR number: 8606197851 ; Defect: JAGad67042 )
T_ALLOPT option in XTI/TLI will fail with TBADOPT.
Also the tcp initial congestion window is too large
possibly causing performance problems at connect time.
( SR number: 8606154818 ; Defect: JAGad24135 )
The system with IPSEC installed can panic with
the following trace:
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
ip_flush_readers+0x1a8
ip_close+0x238
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x1fc
osr_close_subr+0x324
hpstreams_close_int+0xd40
streams_close+0x14
soclose+0x670
soaccept+0x2d8
sodequeue+0x224
accept+0x23c
syscall+0x480
$syscallrtn+0x0
( SR number: 8606160792 ; Defect: JAGad30111 )
A server program listening for incoming connection
requests with select() or accept() can receive
notification of a connection's existence before
it is fully established.
( SR number: 8606164046 ; Defect: JAGad33347 )
Some customers using the Raptor Firewall product found
the daemon processes (tcp_gspd) spinning and eating
CPU time (70-80% of a cpu on UP systems).
( SR number: 8606166814 ; Defect: JAGad36101 )
Remsh hangs.
( SR number: 8606176180 ; Defect: JAGad45420 )
UDP socket bound to local IP address cannot receive
broadcast packet.
( SR number: 8606178029 ; Defect: JAGad47256 )
gettcpstate() is not available in 11.0.
( SR number: 8606178097 ; Defect: JAGad47324 )
The system has a Data Page Fault panic with
either of the following two traces:
Trace 1:
panic+0x14
report_trap_or_int_and_panic+0x4c
interrupt+0x1e8
$ihndlr_rtn+0x0
puthere+0x44
mi_timeout_exec+0x224
sw_service+0x8c
mp_ext_interrupt+0x108
ivti_patch_to_nop3+0x0
idle+0x1e8
swidle_exit+0x0
Trace 2:
panic+0x14
report_trap_or_int_and_panic+0x4c
interrupt+0x1e8
$ihndlr_rtn+0x0
puthere+0x44
tcp_rput_context_check+0x4a4
tcp_rput+0x784
putnext+0x16c
ip_rput_local+0x524
ip_rput+0x648
putnext+0x16c
hp_dlpi_mbuf_fast_in+0x70
hp_dlpi_intr_put+0x154
streams_put+0x134
hp_dlpi_intr+0x84
lan2_process_packet+0xcc
lan2_int_fr_rnr+0x19c
lan2_isr+0x184
eisa_int+0x134
lasi_interrupt+0x5c
mp_ext_interrupt+0x300
ivti_patch_to_nop3+0x0
idle+0x1b8
swidle_exit+0x0
( SR number: 8606183744 ; Defect: JAGad52955 )
Individual host route on local interface does
not work if the subnet route for the subnet
containing that host is removed.
( SR number: 8606187509 ; Defect: JAGad56716 )
When a program uses the ICMP TIMESTAMP request
message to query an HP-UX system for the
current time, the reply generated provides
less precise information than was available
from a 10.20 system.
( SR number: 8606194889 ; Defect: JAGad64095 )
Partially-completed incoming connection
requests can occupy excessive system memory.
PHNE_23456:
This patch replaces PHNE_22869
( SR number: 8606147348 ; Defect: JAGad16691 )
Data is received with garbage bytes appended to it. The
length of the received data will have a size which is a
multiple of STRMSGSZ (where STRMSGSZ is the value of the
kernel parameter STRMSGSZ on the system sending the data).
For this to occur, the kernel parameter STRMSGSZ must have
been changed to a value smaller than the default on the
system which sends the data.
( SR number: 8606151945 ; Defect: JAGad21284 )
The system experiences extensive memory consumption
when processing large numbers of routes.
( SR number: 8606155790 ; Defect: JAGad25103 )
X-terminals are not able to boot from a server
operating in a Service Guard environment.
( SR number: 8606169570 ; Defect: JAGad38845 )
panic: Data memory protection fault
gelan_if_resolved_output+0x106c
hp_dlpi_mblk_CKO_fast_out+0x60
hp_dlpi_wput+0x64
putnext+0xcc
ip_wput_ire+0x454
ip_wput+0x470
csq_turnover_with_lock+0x84
putnext+0x258
hp_dlpi_mblk_fast_in+0x98
hp_dlpi_mblk_intr_put+0xc8
streams_put_release+0x1cc
hp_dlpi_mblk_intr+0x4c
lanc_ether_ics+0x240
( SR number: 8606170531 ; Defect: JAGad39795 )
Large numbers of connections on WWW servers fail to
close completely. They are left stranded forever in the
the CLOSE_WAIT state.
( SR number: 8606175299 ; Defect: JAGad44542 )
The system panics with a Data Page Fault.
A possible stack looks like this:
panic+0x14
report_trap_or_int_and_panic+0x84
trap+0xd9c
nokgdb+0x8
ipc_hash_insert+0x84
ip_bind+0xc28
ip_wput_nondata+0x38
.
.
.
( SR number: 8606175531 ; Defect: JAGad44771 )
An IGMP_HOST_MEMBERSHIP_QUERY can cause a
divide by zero panic.
igmp_input+0x7e4
ip_rput_local+0xc00
ip_rput+0x238
putnext+0xcc
hp_dlpi_unitdata_in+0x1108
hp_dlpi_mblk_intr_put+0x7bc
streams_put_release+0x1cc
hp_dlpi_mblk_intr+0x4c
lanc_ether_ics+0x240
_btlan3_receive_pkts+0x3a0
_btlan3_isr+0x178
sapic_interrupt+0x2c
mp_ext_interrupt+0x34c
ivti_patch_to_nop3+0x0
idle+0x814
swidle_exit+0x0
( SR number: 8606177050 ; Defect: JAGad46285 )
If inbound UDP packets are dropped because of socket
receive buffer overflow, it is difficult to discern
which UDP connection is getting overflowed and how
many times it has happened.
( SR number: 8606178227 ; Defect: JAGad47454 )
Keepalive probes exceed the desired length of time
set by the ndd tunable tcp_keepalive_interval.
( SR number: 8606181319 ; Defect: JAGad50536 )
An ENOTCONN is intermittently returned when
a read is done on a non-blocking socket.
( SR number: 8606184465 ; Defect: JAGad53672 )
Event_port not supported by sockets.
( SR number: 8606184470 ; Defect: JAGad53677 )
System panics whenever a "poll" is done via "event_port"
on an AF_UNIX socket that was created by socketpair().
Here is the panic;
soo_select2+0x8
soo_select+0x14
unp_poll_handler+0x40
so_poll_switch+0x74
evp_dp_poll+0x20c
evp_ioctl+0x104
spec_ioctl+0xac
vno_ioctl+0x90
ioctl+0x1f4
syscall+0x480
$syscallrtn+0x0
( SR number: 8606185191 ; Defect: JAGad54393 )
System panic's with the following stack;
unp_eventreg+0x4
so_eventreg+0x6c
evp_dereg_objhdr+0xa0
evp_close+0x15c
call_open_close+0x1f8
closed+0xb0
spec_close+0x54
vn_close+0x48
vno_close+0x20
closef+0x64
exit+0x324
rexit+0x28
syscall+0x200
$syscallrtn+0x0
PHNE_22869:
( SR number: 4701419036 ; Defect: JAGaa93907 )
If one urgent byte is on a socket, and a
recv() is done without MSG_OOB on that
socket, the urgent byte will disappear.
Subsequent recvmsg() calls with the
MSG_OOB flag on will return EINVAL,
instead of returning the urgent byte.
( SR number: 8606160311 ; Defect: JAGad29635 )
Bringing up an interface with ifconfig
may fail occasionally. This is also
visible in errors from the ServiceGuard
daemon "cmcld" if a network cable is
rapidly and repeatedly unplugged and
plugged back in.
( SR number: 8606162823 ; Defect: JAGad32139 )
The system panics with a stack overflow.
panic+0x14
report_trap_or_int_and_panic+0x94
trap+0x9f4
nokgdb+0x8
lanc_media_control+0x10e0
hp_dlpi_ioctl+0x658
hp_dlpi_control+0x184
hp_dlpi_wput+0xb24
putnext+0xcc
ip_wput_ctl+0x13c
ip_wput_nondata+0x41c
ip_wput+0xa0
puthere+0x148
ar_entry_squery+0x140
ar_cmd_dispatch+0xb0
ar_rput+0x58
puthere+0x148
ip_newroute_ipif+0x348
ip_wput_multicast+0x218
igmp_sendpkt_defrd+0x44
ip_newroute_ipif+0x378
ip_wput_multicast+0x218
igmp_sendpkt_defrd+0x44
ip_newroute_ipif+0x378
ip_wput_multicast+0x218
igmp_sendpkt_defrd+0x44
.
.
.
ip_newroute_ipif+0x378
ip_wput_multicast+0x218
igmp_sendpkt_defrd+0x44
ip_close+0x5a0
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x22c
osr_close_subr+0x2f8
hpstreams_close_int+0x2f8
streams_close+0x14
soclose+0x214
soo_close+0x90
closef+0x178
exit+0x944
rexit+0x24
syscall+0x610
$syscallrtn+0x0
( SR number: 8606165984 ; Defect: JAGad35271 )
Panic during FIN processing on a system
experiencing memory pressure.
0x000e4450 (set_protid_registers+0x1bfc)
0x004e6ff4 (tcp_hash_insert_port+0x2c)
0x004ee800 (tcp_reinit+0x4d0)
0x004e31c8 (tcp_clean_death+0x280)
0x004f00e0 (tcp_rput+0x1838)
0x0057ea68 (csq_turnover_with_lock+0xb0)
0x0056ede0 (putnext+0x2b0)
0x0059f75c (streams_write_uio+0x204)
0x003832b0 (sosend+0x1230)
0x003783a4 (sendit+0x41c)
0x00377eac (send+0x74)
0x0031b304 (syscall+0x754)
( SR number: 8606170482 ; Defect: JAGad39746 )
Data transfer across TCP connections which involve
PMTU is extremely slow.
( SR number: 8606167240 ; Defect: JAGad36526 )
Symptom:
System panic's with;
4) putnext+0x18
5) ip_wput_local+0x528
6) ip_wput_ire+0x43c
7) ip_wput+0x458
8) csq_turnover_with_lock+0x88
9) osr_pop_subr+0x98c
10) osr_close_subr+0xb00
11) hpstreams_close_int+0xd40
12) hpstreams_close+0x2c
13) call_open_close+0x1f8
14) closed+0xb0
15) spec_close+0x54
16) vn_close+0x48
17) vno_close+0x20
18) closef+0x68
19) close+0x48
20) syscall+0x200
When using XTI programs over loopback.
PHNE_22527:
( SR number: 8606152595 ; Defect: JAGad21925 )
The following type of message fills up too much space
in the syslog file.
vmunix: tunioctl(0): Unknown ioctl <hex number>
( SR number: 8606157385 ; Defect: JAGad26717 )
Data Page Fault Panic when memory allocation has had
to be delayed.
trap+0x10f0
nokgdb+0x8
qenable+0x10
mi_ibc_qenable+0x6c
csq_protect+0x1c0
bufcall_rsrv+0xf4
str_mem_daemon+0x214
im_strmem+0x1c
DoCalllist+0xc0
( SR number: 8606158668 ; Defect: JAGad27998 )
A shutdown() called on a LISTEN socket returns
EINVAL.
( SR number: 8606159910 ; Defect: JAGad29236 )
Connections getting ETIMEDOUT errors after a
connection is established.
( SR number: 8606161281 ; Defect: JAGad30597 )
The following message repeatedly appears in the
system logfile.
"T_ERROR_ACK, ERROR_prim==1"
( SR number: 8606164864 ; Defect: JAGad34161 )
A MSG_OOB recv() on a socket which has been set
to non-blocking and for which there is no OOB data
blocks rather than returning an error.
( SR number: 8606165518 ; Defect: JAGad34812 )
Need to pre-enable the select performance code.
( SR number: 8606165729 ; Defect: JAGad35020 )
Customer is seeing RESET's during connects if the
requested MSS is smaller than the tcp_mss_min
set on the system.
( SR number: 8606159784 ; Defect: JAGad29110 )
getsockname() hangs for a SOCK_RAW socket.
PHNE_22397:
( SR number: 8606158528 ; Defect: JAGad27858 )
Customer's cannot load latest patch (PHNE_22067)
unresolved external streams_select3()
( SR number: 8606140338 ; Defect: JAGad09705 )
Applications that quickly reconnect to the same remote
port (e.g. remsh) can experience 2-second delays in
connection establishment.
( SR number: 8606160948 ; Defect: JAGad30266 )
TCP connections exhibit poor performance over
cellular-style wireless links.
PHNE_22318:
( SR number: 8606158410 ; Defect: JAGad27740 )
System or processor appears to be hung. Symptoms are
not observed in patches PHNE_21767 or earlier.
( SR number: 8606147084 ; Defect: JAGad16427 )
A client will continue to use a stale route for
a virtual IP address when that address has been
reassigned to a different server.
( SR number: 8606147559 ; Defect: JAGad16901 )
The ACKs from the receiver machine are off by many windows.
Unfortunately, the sender machine doesn't seem to notice,
and it continues to increase the number of segments in
the window with each send -- Until the ACKs *finally* fall
outside the window gap. Then the sender drops back to
begin slow-start all over again.
( SR number: 8606154650 ; Defect: JAGad23967 )
Some clients can cause TCP connections to be
set up which will cause excessive memory
consumption by data buffers.
( SR number: 8606156407 ; Defect: JAGad25744 )
An application listening on a server TCP socket
can hang if many clients are initiating connections
and then aborting them (resetting them) before
the server can complete the connection accept operation.
( SR number: 8606157574 ; Defect: JAGad26905 )
Anomalous error returns may happen
while executing the accept system call.
PHNE_22067:
( SR number: 8606134419 ; Defect: JAGad03554 )
System panics with a data page fault. Two
different stack traces are possible.
Trace 1:
crfree+0x3c
closef+0x80
close+0x48
syscall+0x480
Trace 2:
soo_select+0x10
pollscan+0xb0
poll+0x104
syscall+0x480
( SR number: 8606134761 ; Defect: JAGad03896 )
When the SO_RCVBUF socket option is
set with setsockopt() to a large value
which exceeds the maximum allowed,
no error is returned and
the actual value set (which can be
obtained with a subsequent getsockopt() call)
is 65535 instead of the maximum allowed.
( SR number: 8606137889 ; Defect: JAGad07049 )
HP-UX does not respond to unicast arp replies.
( SR number: 8606141085 ; Defect: JAGad10446 )
When an application sets up to do asynchronous I/O
(signals) on a socket and calls connect(2), if it
catches a signal during the connect(2) call,
connect(2) returns EINTR. This is a correct return.
However, if the program calls connect(2) again,
connect(2) returns EINVAL. In this case, this is
an incorrect return.
( SR number: 8606144006 ; Defect: JAGad13339 )
Non-privileged users cannot open a UDP socket
with an ephemeral port.
( SR number: 8606145162 ; Defect: JAGad14500 )
Application server hangs in recv.
( SR number: 8606146766 ; Defect: JAGad16109 )
The public domain ipfilter product cannot be installed
on 11.x due to undefined symbols (if_lookup_on_name
and ir_lookup).
PHNE_21890:
( SR number: 8606126852 ; Defect: JAGac59693 )
Select based applications slow down when moving from
10.20 to 11.00.
( SR number: 8606134574 ; Defect: JAGad03709 )
Inbound packet traffic is seen mostly on one processor.
Need enhancement to make inbound packet scheduling better.
PHNE_21767:
( SR number: 1653286641 ; Defect: JAGaa44778 )
recvmsg() returns EMSGSIZE, when the message size is
correct.
PHNE_21606:
( SR number: 8606132568 ; Defect: JAGad01717 )
The connection will hang when an out of order FIN
arrives and is never retransmitted.
( SR number: 8606134441 ; Defect: JAGad03576 )
Under special network load conditions
in which a machine is frequently making
ARP requests which do not succeed,
a memory leak occurs which can eventually
use up all system memory and cause a
system to panic. Symptoms are not observed
in patches prior to PHNE_20436, and
certain details depend upon which patch is
in place. In patches starting with PHNE_20436
but prior to PHNE_21038, the memory leak
is in the 32-byte bucket. Starting with
PHNE_21038, the leak is in the 64-byte bucket.
PHNE_21318:
( SR number: 8606127632 ; Defect: JAGac78434 )
select() can hang when called following
a connect() call that returned EINPROGRESS.
( SR number: 8606129427 ; Defect: JAGac86974 )
Double system panics occurred duing an X.25 test.
stack trace for event 0
crash event was a panic
panic+0x14
too_much_time+0x2d8
wait_for_lock+0x120
slu_retry+0x18
mp_socket_lock+0x2c
XLS_F0_a_connect_ind+0x4c
XLS_F_handler+0x6a4
XST_F_read_put+0x398
putnext+0x16c
N2Z_F0_rserv+0x2b0
sq_wrapper+0x90
str_sched_mp_daemon+0x104
str_sched_daemon+0x2b8
main+0x538
$vstart+0x34
$locore+0x90
trace event 1
stack trace for event 1
crash event was a panic
panic+0x14
wait_for_lock+0x2b4
slu_retry+0x18
mp_socket_lock+0x2c
soaccept+0x28
sodequeue+0x19c
accept+0x154
syscall+0x1c8
$syscallrtn+0x0
Defect Description:
A spinlock was not released correctly,
it cause a spinlock deadlock.
( SR number: 8606130980 ; Defect: JAGad00139 )
"Lock not held" Panic stack:
panic+0x14
sodequeue+0x530
accept+0x1b8
syscall+0x1c8
$syscallrtn+0x0
( SR number: 8606131229 ; Defect: JAGad00380 )
The HP-UX system does not respond to keepalive
requests.
( SR number: 8606125525 ; Defect: JAGac40915 )
A system can hang when applications
take away system resources by successfully
allocating extremely large buffers.
PHNE_21038:
( SR number: 5003453233 ; Defect: JAGaa95389 )
System panics when the opening of
/dev/nuls races with the closing of /dev/nuls.
This device is used by netstat.
mi_close_comm1+0x44
x_mi_close_comm+0x14
nuls_close+0x14
close_wrapper+0x38
csq_protect+0xd0
osr_pop_subr+0x1b8
osr_close_subr+0x2b8
hpstreams_close_int+0x2a0
hpstreams_close+0x24
call_open_close+0x1bc
closed+0xa0
( SR not found ; Defect: JAGab67537 )
System panic when ifconfig is running on a X.25 interface.
( SR number: 8606112028 ; Defect: JAGab84237 )
Panic during system startup ONLY on DEBUG KERNELS.
Panic message and top of stack backtrace (output
by kernel during panic) look like this:
panic: assertion failed (alloc_spinlock: spinlocks held)
at line 1844 in /ux/core/kern/sys/spinlock.c
PC-Offset Stack Trace (read down, top of stack is 1st):
0x001cb4fc (panic+0x54)
0x001cbf5c (assfail+0x3c)
0x001cc118 (_assfail+0x30)
0x001d4f74 (alloc_spinlock+0x11c)
0x00539364 (ire_create+0xec)
0x00547400 (ipif_up_arp_and_ires+0x430)
0x00546d28 (ipif_up+0x308)
0x00545d08 (ipif_loopback_init+0x110)
0x00519394 (ip_open+0x364)
( SR number: 8606114887 ; Defect: JAGac29660 )
IP addresses assigned to loopback interfaces (lo0:<N>)
can not be reached from the network.
( SR number: 8606124808 ; Defect: JAGac40200 )
T_ORDREL_REQ out of state error messages appear in
nettl.LOG file.
( SR number: 8606125177 ; Defect: JAGac40568 )
The command 'netstat -a' sometimes causes
a panic with the following stack trace.
udp_snmp_get+0x218
snmpcom_req+0x130
udp_wput_other+0x218
udp_wput+0x1c0
putnext+0x198
putmsg_subr+0x174
putmsg+0x190
syscall+0x200
$syscallrtn+0x0
( SR number: 8606125342 ; Defect: JAGac40733 )
System panics with the following stack trace.
ip_rput_local+0x21c
ip_rput+0x894
putnext+0x1a4
hp_dlpi_unitdata_in+0x5a0
hp_dlpi_mblk_intr_put+0x2d8
streams_put_release+0x2c8
hp_dlpi_mblk_intr+0x80
---
---
( SR number: 8606126203 ; Defect: JAGac56768 )
A RST is sent when a SYN is received.
Defect Description:
If TCP initial sequence numbers are messed up,
a RST packet is sent in response to a SYN received
during TCP TIME_WAIT state.
PHNE_20735:
( SR number: 8606110756 ; Defect: JAGab83504 )
Accept() threads don't exist when their process
is killed.
( SR number: 8606123969 ; Defect: JAGac39329 )
System panics when closing AF_UNIX sockets with the
following stack;
b_owns_sema+0x8
unp_discard+0x60
unp_scan+0x88
unp_dispose+0x1c
sorflush+0x90
sofree+0x8c
soclose+0x7d0
soo_close+0x7c
closef+0x64
exit+0x2f0
psig+0x220
syscall+0x914
$syscallrtn+0x0
PHNE_20633:
( SR number: 8606107486 ; Defect: JAGab77719 )
A temporary file /tmp/stcp.conf is left around
unnecessarily.
( SR number: 4701413963 ; Defect: INDaa30107 )
Ifconfig may initialize network interfaces incorrectly
during system startup.
( SR number: 4701430850 ; Defect: JAGab50646 )
When using a sendfile related application,
the system can panic.
Stack trace with vmtrace on
crash event was a panic
panic+0x14
vmtrace_kfree+0x230
kfree_common+0x2d0
getnewbuf+0x828
ogetblk+0x110
getblk1+0x290
realloccg+0x2f8
bmap+0x710
rwip+0xecc
ufs_rdwr+0x388
vno_rw+0x84
write+0x108
syscall+0x200
$syscallrtn+0x0
( SR number: 8606110207 ; Defect: JAGab82910 )
SNMP returns wrong tcpCurrEstab mib value
( SR number: 8606110239 ; Defect: JAGab82942 )
If a server receives a RESET on a socket and does not
close it, all new connections for the SAME remote
port will be dropped.
( SR number: 8606110349 ; Defect: JAGab83053 )
System panic - Data page fault
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
TPI_conn_conf+0x14
so_check_inb_conn_conf+0xc8
soo_select+0x328
select+0x12c4
syscall+0x480
$syscallrtn+0x0
( SR number: 8606112290 ; Defect: JAGab84607 )
SYNs sent to an XTI listen socket are sometimes
dropped.
PHNE_20436:
( SR not found ; Defect: JAGaa95395 )
SO_LINGER does not work.
( SR number: 1653309039 ; Defect: JAGab25258 )
Programs or subsystems (such as NFS) using large
packet sizes could see data corruption when used
on multiprocessor systems with multiple clients
sending data to the same server.
( SR not found ; Defect: JAGab32011 )
Data page fault:
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xe08
nokgdb+0x8
ip_rput_dlpi+0x1c4
ip_rput+0x6ec
putnext+0x80
LDI_F0_send_error_ack+0x78
LDI_F_error_ack+0x8c
LDI_F0_error_action+0x50
LDI_F_handler+0x2c8
LEC_F0_uwproto+0x158
LEC_F0_uwput+0x94
puthere+0x84
ip_wput_nondata+0x26c
ip_wput+0x16c
...
( SR number: 8606104338 ; Defect: JAGab71774 )
T_ORDREL_REQ out of state error messages
appear in nettl.LOG file.
( SR number: 8606106267 ; Defect: JAGab75241 )
For a connection between 10.20 and 11.00,
when the 10.20 advertises 0 window for
some period of time, 11.00 can get
hung.
( SR number: 8606106481 ; Defect: JAGab75639 )
Panic in kmalloc() called via sockname().
panic+0x14
trap+0xdb8
nokgdb+0x8
kmalloc+0x350
allocb_wait+0x290
sockname+0x54
( SR number: 8606113535 ; Defect: JAGab75825 )
When the receive side of a socketpair (AF_UNIX) is
"full" the system leaks memory and loses data.
( SR number: 8606113563 ; Defect: JAGab76769 )
When the receive side of a socketpair (AF_UNIX) contains
file descriptors and the socket is closed without reading
the data the system loses those descriptors.
( SR number: 8606113564 ; Defect: JAGab76776 )
Blocking sendmsg() returns EMSGSIZE when receive side is
close to being full. This can happen on blocking or
non-blocking.
( SR number: 8606107144 ; Defect: JAGab76839 )
A debug kernel panics when sleeping while
holding a lock.
( SR number: 8606107729 ; Defect: JAGab78013 )
Cose version of recvmsg does not get the file.
( SR number: 8606107946 ; Defect: JAGab78256 )
q4> trace event 0
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
tcp_detach+0x5b0
tcp_close+0xec
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x1f4
osr_close_subr+0xb00
hpstreams_close_int+0xc3c
streams_close+0x14
soclose+0xe8
soo_close+0x90
closef+0x68
close+0x48
syscall+0x8f0
$syscallrtn+0x0
( SR number: 8606108899 ; Defect: JAGab81600 )
By using a special scanner, TCP
Initial sequence number exposes
a small possibility of predictability.
( SR number: 8606109254 ; Defect: JAGab81953 )
memory corruption.
( SR number: 8606109950 ; Defect: JAGab82651 )
OOB data was not removed from data queue
PHNE_20041:
( SR number: 8606105057 ; Defect: JAGab72884 )
Ping still sends packets when a lan cable is disconnected.
( SR number: 8606105583 ; Defect: JAGab73749 )
When the receive side of a socketpair (AF_UNIX) is
"full" the system leaks file descriptors and loses data.
( SR number: 8606106074 ; Defect: JAGab74913 )
A non-blocking accept() call blocks in the kernel.
PHNE_19899:
( SR number: 8606104784 ; Defect: JAGab65709 )
System panic in streams write queue.
sth_putq_owned+0x124
sth_rput_slow+0x620
sth_rput+0x870
putnext+0x50
tcp_rput_other+0x4ac
tcp_rput+0x1734
putnext+0x15c
ip_rput_local+0x328
ip_rput+0x648
putnext+0x50
hp_dlpi_mblk_fast_in+0x50
hp_dlpi_mblk_intr_put+0x6d0
streams_put_release+0x154
hp_dlpi_mblk_intr+0x3clanc_ether_ics+0xf8
btlan4_process_packet+0xac
btlan4_receive_pkts+0x944
btlan4_isr+0x110
dino_isr+0x128
mp_ext_interrupt+0x33c
ivti_patch_to_nop3+0x0
lanc_ether_ics+0xf8
btlan4_process_packet+0xac
( SR number: 5003448498 ; Defect: JAGaa46666 )
getsockname() doesn't return address family
if socket is not bound.
( SR number: 8606102973 ; Defect: JAGab69105 )
The system hangs due to a timing issue.
( SR not found ; Defect: JAGab69620 )
System panics when dereferencing a null pointer.
( SR not found ; Defect: JAGab71212 )
When a heavily-loaded multiprocessor system is
running a program with multiple threads or processes
accessing the same non-blocking socket, and doing
both 'connect' and 'select' operations simultaneously,
the kernel can panic. (Seen with Netscape proxy server
as application.)
( SR number: 8606104549 ; Defect: JAGab72160 )
System TOCs due to three simultaneous MIB extractions.
PHNE_19375:
( SR not found ; Defect: JAGaa57204 )
Transfer of data over loopback connections
is slow. First data packet takes about
one second to transfer.
( SR not found ; Defect: JAGab12875 )
System panics in network interface drivers.
( SR number: 1653309237 ; Defect: JAGab25385 )
Sometimes Service Guard switch does not work.
( SR number: 4701431221 ; Defect: JAGab53651 )
ifconfig <interface> unplumb
can leave behind stale routes. If IP attempts to
use these stale routes, the system will panic.
( SR not found ; Defect: JAGab65705 )
IP multicast local switch does not work properly.
PHNE_19110:
See Defect Description
PHNE_18708:
See Defect Description
PHNE_18611:
See Defect Description
PHNE_18554:
See Defect Description
PHNE_18553:
See Defect Description
PHNE_17662:
See Defect Description
PHNE_17613:
See Defect Description
PHNE_17446:
See Defect Description
PHNE_17227:
See Defect Description
PHNE_17117:
See Defect Description
PHNE_17018:
See Defect Description
PHNE_17017:
See Defect Description
PHNE_16645:
See Defect Description
PHNE_16497:
See Defect Description
PHNE_16283:
See Defect Description
PHNE_15995:
See Defect Description
PHNE_15911:
See Defect Description
PHNE_15692:
See Defect Description
PHNE_15583:
See Defect Description
PHNE_15047:
See Defect Description
PHNE_14876:
See Defect Description
PHNE_14730:
See Defect Description
PHNE_14702:
See Defect Description
PHNE_14575:
See Defect Description
PHNE_14279:
See Defect Description
PHNE_14274:
See Defect Description
PHNE_14260:
See Defect Description
PHNE_14017:
See Defect Description
PHNE_13692:
See Defect Description
PHNE_13405:
See Defect Description
Defect Description:
PHNE_35729:
This patch replaces PHNE_33395
( SR: 8606427700 CR: JAGaf87181 )
Symptom:
The get_mib_info() function in libnm does not handle
memory properly.
Defect Description:
The get_mib_info() function does not function properly.
Resolution:
The libnm function get_mib_info() has been made more
resilient.
( SR: 8606439315 CR: JAGaf97308 )
Symptom:
A large file transferred by NFS over UDP gets
corrupted.
Defect Description:
During IP fragments reassembly if some fragments
corresponding to a packet are lost, the remaining
fragments wait in the reassembly queue for
ip_fragment_timeout value, after which they are
dropped. The default value of ip_fragment_timeout
on HPUX is 1 minute. On a 1 Gigabit interface,
IP identification number may wrap around and fill
in the holes and complete the reassembly. This
corrupt packet may be transferred to the application
on igelan drivers.
Resolution:
The code has been changed to prevent the
corrupt packet from being transferred
to application.
( SR: 8606448078 CR: JAGag05349 )
Symptom:
UDP message backlog.
Defect Description:
Certain conditions result in UDP messages not being
processed correctly, thus leading to a backlog.
Resolution:
The code has been modified to avoid the condition,
and thus the backlog.
PHNE_33395:
( SR: 8606390716 CR: JAGaf50862 )
Symptom:
System panics with the following stack trace
panic+0x6c
report_trap_or_int_and_panic+0x94
trap+0x910
nokgdb+0x8
tcp_rput_context_check+0x10
tcp_rput+0x340
puthere+0xc8
tcp_conn_ind+0x65c
tcp_rput+0x47c
puthere+0xc8
tcp_conn_ind+0x65c
tcp_rput+0x47c
puthere+0xc8
Defect Description:
In certain cases, where multiple listeners are active on a
single port, stack may overflow, causing a panic.
Resolution:
Code has been modified to fix the problem.
( SR: 8606397865 CR: JAGaf57847 )
Symptom:
Slow TCP data transfer.
Defect Description:
In some cases, TCP may not respond appropriately to zero
window probes from some Linux clients. This may cause delay
in data transfer.
Resolution:
The code has been changed for TCP to respond appropriately
to zero window probes from Linux clients.
( SR: 8606399900 CR: JAGaf59856 )
Symptom:
ICMP message handling requires modifications.
Defect Description:
The ICMP message handling mechanism needs to be modified to
handle a special set of cases.
Resolution:
The ICMP message handling mechanism has been modified.
PHNE_32041:
( SR: 8606339926 CR: JAGaf00847 )
Symptom:
System panics with following stack trace:
panic+0x54
report_trap_or_int_and_panic+0x84
trap+0xd9c
thandler+0xd24
TPI_discon_ind+0x24
sosend+0x208
soo_rw+0x88
write+0x104
syscall+0x28c
syscallinit+0x54c
Defect Description:
The socket code makes an unprotected access to a message
on the stream head. A race condition occurs wherein the
message is freed by another thread. Accessing the freed
message panics the system.
Resolution:
The socket code has been changed to eliminate the race
condition, by ensuring that access to stream head is
protected.
( SR: 8606340920 CR: JAGaf01830 )
Symptom:
An IGMP query is not answered by a host with multiple
IP addresses if the router which sends the query is
on a different subnet.
Defect Description:
If the router that sends the IGMP query is present on the
same physical link as the host receiving the query but with
an IP address that does not belong to the host's IP subnet,
and if the host has multiple IP addresses configured on the
interface then the host discards the query instead of
responding to it.
Resolution:
Code has been modified such that the host replies with an
"IGMP REPORT" message even when multiple IP addresses are
configured on the interface and both the host and the
router are on different subnets.
( SR: 8606350213 CR: JAGaf11035 )
Symptom:
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
ihandler+0x928
puthere+0x14
mi_timeout_exec+0x294
sw_service+0xb0
mp_ext_interrupt+0x144
ivti_patch_to_nop3+0x0
idle+0x430
swidle_exit+0x0
Defect Description:
Data structures related to timers are corrupted
due to a race between timer routines. Processing
these corrupted timer data structures results in a
Data Page Fault.
Resolution:
Code has been modified to avoid the race, so that
corruption of timer-related data structures is prevented.
( SR: 8606351019 CR: JAGaf11831 )
Symptom:
Panic due to Data Page Fault with the following
stack trace :
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
dupb+0xcc
tcp_xmit_mp+0x434
tcp_wput+0x7a4
tcp_timer+0x4fc
tcp_wput+0x954
puthere+0x148
mi_timeout_exec+0x294
sw_service+0xb0
mp_ext_interrupt+0x150
ivti_patch_to_nop3+0x0
idle+0xe18
swidle_exit+0x0
Defect Description:
An inadequate status check in TCP causes TCP to
access invalid memory addresses. This leads to a panic.
Resolution:
The inadequate status check in the TCP code has been
corrected.
( SR: 8606351765 CR: JAGaf12570 )
Symptom:
An application gets notification of the presence of urgent
data even when there is no urgent data.
Defect Description:
In some cases, the TCP module accepts corrupted TCP
segments with the URG flag set.
Resolution:
The code has been changed such that the TCP module
disregards the URG flag in corrupted TCP segments.
( SR: 8606358089 CR: JAGaf18788 )
Symptom:
In some cases, sendfile(2) returns 0, indicating success,
even if the connection associated with the socket is broken.
Defect Description:
In certain cases, when there is no data to be sent, and a
message indicating disconnect has arrived, sendfile(2)
returns without processing the disconnect indication.
Resolution:
Code has been modified such that sendfile(2) checks for
messages on the stream head before returning even if there
are zero bytes to be sent.
( SR: 8606366614 CR: JAGaf27178 )
Symptom:
In some cases, sendfile(2) generates SIGPIPE signal without
setting errno to EPIPE.
Defect Description:
The sendfile(2) code ignores the error condition when
sendfile(2) is invoked with a non-zero header length.
Therefore, sendfile(2) returns 0 instead of -1 when
the connection associated with the socket is closed.
Resolution:
sendfile(2) code has been modified such that it returns
EPIPE if the connection associated with the socket is
either shutdown(2) on the write side or the peer has
reset the connection.
( SR: 8606376003 CR: JAGaf36297 )
Symptom:
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
ip_reassemble+0x15c
ip_rput_local+0x1014
ip_rput+0x1a0
putnext+0xcc
hp_dlpi_mblk_fast_in+0x420
hp_dlpi_mblk_intr_put+0x960
streams_put+0xf8
hp_dlpi_mblk_intr+0x148
lanc_ether_ics+0x114
_btlan3_receive_pkts+0x588
_btlan3_isr+0x198
sapic_interrupt+0x2c
mp_ext_interrupt+0x318
ivti_patch_to_nop3+0x0
idle+0x1150
swidle_exit+0x0
Defect Description:
IP fragment chain gets corrupted leading to panic.
Resolution:
IP fragment management has been improved.
( SR: 8606349322 CR: JAGaf10143 )
Symptom:
System panics with following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
trap+0xd9c
thandler+0xd24
sbcompress+0x4c
sbappend+0x34
uipc_usrreq+0x9c
sosend+0x440
soo_rw+0x88
Defect Description:
The tail of the mbuf chain may contain an invalid
value, which may cause a panic, when a message is sent.
This problem happens with AF_UNIX sockets.
Resolution:
The tail of the mbuf chain is reset to the correct value
when freed.
( SR: 8606344720 CR: JAGaf05570 )
Symptom:
An application may hang in accept(2).
Defect Description:
Application hangs in accept(2), waiting for a
T_DISCON_IND message from TCP module,
which never arrives.
Resolution:
The accept(2) code has been modified such that it does
not wait for the T_DISCON_IND message.
( SR: 8606320479 CR: JAGae82961 )
Symptom:
send(2) returns an EWOULDBLOCK failure on a
TCP socket when the preceding poll(2) call on the
same socket had returned a POLLOUT revent.
Defect Description:
When a connection is terminated by the peer sending
a TCP RST, poll(2) will return a POLLOUT revent
on the associated socket. If it's an X/Open socket,
a subsequent send(2) on this same socket could return
an EWOULDBLOCK failure. This will happen if the
connection was flow-controlled before receiving a RST
from the peer.
Resolution:
send(2) will return EPIPE instead of EWOULDBLOCK
for the X/Open socket.
( SR: 8606317678 CR: JAGae80233 )
Symptom:
The nettl(1M) trace for NS_LS_IP and NS_LS_ICMP may lead to
memory corruption. As a result of this corruption, the
system may get a subsequent Data page fault panic. The
traced ICMP packets may then display an unknown ICMP type.
Defect Description:
The ICMP packet passed to the nettl(1M) subsystem could
be improperly formatted which results in an unknown
ICMP type in traced packets.
Resolution:
The code has been modified to properly format ICMP packets
passed to nettl(1M) subsystem.
( SR: 8606333354 CR: JAGae94443 )
Symptom:
recvfrom(2) or recv(2) performed on SOCK_DGRAM
socket with MSG_PEEK flag set returns all the
messages, when only the first message should be
returned.
Defect Description:
When recvfrom(2) or recv(2) is issued with MSG_PEEK flag set
on SOCK_DGRAM socket, only the first message should be
returned.
Resolution:
recvfrom(2) or recv(2) performed on a
SOCK_DGRAM socket with the MSG_PEEK flag set
now retrieves only the first message.
PHNE_29473:
( SR: 8606285107 CR: JAGae49049 )
Symptom:
Disrupted IGMP membership reporting.
Defect Description:
Disruption in IGMP membership reporting.
Resolution:
IGMP membership reporting has been improved.
( SR: 8606328253 CR: JAGae89895 )
Symptom:
read() returns ECONNRESET instead of ECONNREFUSED.
Defect Description:
Upon receiving an RST from the peer when establishing
connection, a read(2) performed on the socket
returns ECONNRESET instead of ECONNREFUSED.
Resolution:
After a non-blocking connect(2) is performed,
read(2) now returns ECONNREFUSED if the peer
refuses the connection.
( SR: 8606297439 CR: JAGae60941 )
Symptom:
System panics with the following stack trace:
optcom_req+0xb8
tcp_wput_proto+0xa4
tcp_wput+0x458
Defect Description:
The system may panic due to improperly aligned data in
optcom_req().
Resolution:
Code has been modified to check for proper boundary
conditions and alignment.
( SR: 8606304572 CR: JAGae67915 )
System panics with the following stack trace:
ip_bind+0x334
ip_wput_nondata+0x38
ip_wput+0x108
putnext+0xcc
tcp_connect+0x204
tcp_wput_proto+0xc4
tcp_wput+0x574
putnext+0xcc
str_async_ioctl+0x210
hpstreams_ioctl_int+0x548
streams_ioctl+0x34
soconnect+0x140
connect+0xdc
syscall+0x6f8
syscallinit+0x54c
Defect Description:
While switching from one interface to another
using the SIOCSIFADDR ioctl, a LOOPBACK IRE is
created which is never removed when the `from'
interface is unplumbed. Any subsequent operation
which accesses this IRE will now cause a DPF
and crash the system.
Resolution:
Code has been modified to ensure that a
LOOPBACK IRE is not unnecessarily created.
( SR: 8606306857 CR: JAGae69891 )
Symptom:
System panics with the following stack trace:
freeb+0x18
ire_delete_now+0x6c
ip_dfg_flush+0x158
invoke_callouts_for_self+0xc0
sw_service+0xb0
up_ext_interrupt+0x118
ihandler+0x8c4
Defect Description:
While deleting an IRE by linking it to
deferred list, no check is made to see if the IRE
already exists in deferred list.
In the absence of such a check, the same IRE may
get added to the list more than once.
Resolution:
Code has been added to check if an IRE already exists
in the deferred list. If it is present the same IRE
is not linked to the deferred list again. By doing this,
double free data page fault type panic is avoided.
( SR: 8606312501 CR: JAGae75317 )
Symptom:
Data page fault in tcp_detach() with the
following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
trap+0xd9c nokgdb+0x8
tcp_detach+0x5d8
tcp_close+0xf0
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x214
osr_close_subr+0xf50
hpstreams_close_int+0x31c
streams_close+0x14
soclose+0xf0
soo_close+0x90
closef+0x64
close+0x90
syscall+0x28c
$syscallrtn+0x0
Defect Description:
When a TCP connection is getting closed, it is possible
for a timer associated with that TCP instance to expire
and free the instance data corresponding to that TCP
connection. When the freed data is accessed, a data page
fault results as the data is stale.
Resolution:
Code has been modified to ensure that timers for a TCP
instance do not expire at the same time when its data
structures are being accessed in the close path.
( SR: 8606318794 CR: JAGae81284 )
Symptom:
Panic while closing the socket, with the following
stack trace:
panic+0x14
too_much_time+0x2e0
wait_for_lock+0x14c
slu_retry+0x1c
hpstreams_ioctl_int+0x6a4
streams_ioctl+0x34
sotocache+0x164
sounlock+0x704
mp_socket_unlock+0x10
soclose+0x964
soo_close+0x90
closef+0x64
close+0x90
syscall+0x28c
$syscallrtn+0x0
Defect Description:
A race between two threads, one inserting a stream
into socket cache and another removing a cached entry
from the socket cache causes panic.
Resolution:
Code has been modified to avoid the race between
threads while inserting and removing a stream from
the socket cache.
( SR: 8606331109 CR: JAGae92230 )
Symptom:
Unexpected memory consumption of M_DATA mblks
in 512 bytes bucket resulting in memory starvation.
Defect Description:
Mblks of type M_DATA in 512 bytes bucket are not
freed before closing the socket.
Resolution:
Code has been modified to free the queued M_DATA
mblks when the socket is being closed.
( SR: 8606248122 CR: JAGae14522 )
Symptom:
The "ifconfig lanx:y" command which is supposed to
display the current configuration of lanx:y, will display
a dummy entry for lanx:y if that interface does not exist.
Defect Description:
If the interface does not exist, the ifconfig interface
command creates a NULL entry and displays the same.
Resolution:
"ifconfig" command checks for the existence of the
interface configuration entry when asked to display
current configuration parameters. If the entry does
not exist, an error message is displayed.
( SR: 8606317300 CR: JAGae79861 )
Symptom:
Memory leak in 512 bytes bucket.
Defect Description:
Memory allocated by ip module is not
freed even after the socket is closed.
Resolution:
Memory is being freed when the socket is closed.
( SR: 8606298990 CR: JAGae62486 )
Symptom:
IREs of type IRE_LOOPBACK remain in the
system even after a RST is sent to the
peer TCP.
Defect Description:
The function that deletes the IREs after
a RST is sent to the peer TCP deletes only
IREs of type IRE_ROUTE and not IRE_LOOPBACK.
Resolution:
The code has been modified to delete IRE_LOOPBACK
IREs as well when they are no longer needed.
( SR: 8606322708 CR: JAGae85175 )
Symptom:
Route entries associated with loopback interfaces
intermittently get deleted.
Defect Description:
When a TCP connection request on a loopback
address times out, TCP notifies IP to remove
the corresponding route table entry associated
with the loopback interface (IRE_LOOPBACK).
Resolution:
The route table entry corresponding to the
loopback interface (IRE_LOOPBACK) is not
removed when the Upper Layer Protocol
notifies IP that a TCP connection timed out.
PHNE_28538:
( SR number: 8606224462 ; Defect: JAGad93550 )
Symptom:
Message getting displayed on console:
tcp_timer: strange state (-6) [5767,d425] TCP_CLOSED
Defect Description:
The tcp state was set to TCP_CLOSED without stopping
the timer.
Resolution:
When changing the tcp state to TCP_CLOSED in
the case of a connection waiting to be accepted,
the timers on the connection are now cleaned up.
( SR number: 8606257154 ; Defect: JAGae21460 )
Symptom:
connect(2) over AF_INET socket hangs. System TOC with the
following stack trace:
_swtch+0xc4
_sleep+0x318
read_sleep+0x17c
streams_getmsg+0x3c8
soconnect+0x188
connect+0xdc
syscall+0x62c
syscallinit+0x554
Defect Description:
select(2) may cause connect(2) to hang if a small window
of a race condition is met.
Resolution:
The window of race condition has been removed.
( SR number: 8606274495 ; Defect: JAGae38572 )
Symptom:
When the timestamp value passed in the timestamp option
in the TCP packet rolls over after the connection is
established, TCP connection drops packets and applications
may hang or time out.
Defect Description:
When the timestamp option is used for a tcp connection
between two nodes and a roll over of time takes place
from 0xffffffff to 0, the remote side which may receive
a packet whose time has rolled over, will drop the packet,
thinking it is old. This makes the local node to
continuously retransmit the packets.
Resolution:
Code has been modified to handle roll over time placed
in the timestamp option of the TCP packet.
( SR number: 8606283209 ; Defect: JAGae47164 )
Symptom:
Bucket allocation usage is too high when there is a TCP
traffic burst.
Defect Description:
TCP Default Queue is using too much kernel memory.
Resolution:
Default Queue memory management code has been modified
to attenuate the TCP kernel memory consumption.
( SR number: 8606283966 ; Defect: JAGae47912 )
Symptom:
System panics with the following stack
trace:
stack trace for event 0
crash event was a panic
panic+0x14
sbflush+0x130
sbrelease+0x14
sorflush+0x98
sofree+0x98
soclose+0x1b4
soo_close+0x90
closef+0x64
close+0x90
syscall+0x6f8
$syscallrtn+0x0
Defect Description:
When using AF_CCITT sockets, the system panics in sbflush
if there is a zero-length data message block in the socket's
receive buffer.
Resolution:
The socket's receive buffer can now handle zero-length data
message blocks.
( SR number: 8606286419 ; Defect: JAGae50362 )
Symptom:
send(2) may take a long time to complete for
AF_UNIX/SOCK_STREAM type of sockets.
Defect Description:
Frequent allocation and deallocation of memory may result
in longer completion time for send(2).
Resolution:
Code has been changed to reduce the number of memory
allocations and deallocations to improve performance.
( SR number: 8606292583 ; Defect: JAGae56336 )
Symptom:
When an ICMP Address Mask Request packet is sent to
a unicast address, an ICMP Address Mask Reply is sent
even though the tunable ip_respond_to_address_mask_broadcast
is turned OFF.
Defect Description:
Unsetting the ndd tunable
ip_respond_to_address_mask_broadcast will suppress the
replies to the requests sent to the broadcast address only.
Resolution:
Code has been modified to completely suppress any reply to
the address mask request when the
ip_respond_to_address_mask_broadcast tunable is turned OFF.
( SR number: 8606294788 ; Defect: JAGae58482 )
Symptom:
The number of collisions between threads executing select(2)
is exceedingly high in some cases.
Defect Description:
The number of collisions between threads executing select(2)
is more. As a result, select may take more time in some
cases.
Resolution:
The number of collisions in such cases has been reduced.
( SR number: 8606294967 ; Defect: JAGae58664 )
Symptom:
select(2) may take more time for AF_UNIX domain sockets in
some cases.
Defect Description:
The additional check was basically designed for AF_INET
sockets. It was being done also for UNIX domain sockets.
Due to this, select(2) may take more time for AF_UNIX
sockets for some cases.
Resolution:
Now, the additional check is not performed for AF_UNIX
sockets.
( SR number: 8606294977 ; Defect: JAGae58674 )
Symptom:
read(2) on a socket may return ECONNREFUSED
instead of ECONNRESET.
Defect Description:
In some cases, TCP sends a ECONNREFUSED and
read(2) returns it to the application.
Resolution:
read(2) now returns ECONNRESET whenever
it receives a ECONNREFUSED from TCP.
( SR number: 8606295188 ; Defect: JAGae58883 )
Symptom:
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x4c
interrupt+0x1e8
$ihndlr_rtn+0x0
ipc_walk+0x7c
ill_down_ind+0x118
ip_rput_dlpi+0x9b0
ip_rput+0x394
putnext+0xc4
hp_dlpi_event+0x1b0
HP1_ospif_mib_event+0x150
ospif_watchdog+0x3c
HP1_oim_timeout+0x10
invoke_callouts_for_self+0xac
sw_service+0x8c
inttr_emulate_save_fpu+0x100
drv_priv+0x0
ip_open+0x11c
open_wrapper+0x44
csq_protect+0x10c
osr_open+0xaec
pse_open+0xe4
streams_open+0x48
soclone+0x178
soaccept+0xf4
sodequeue+0xac
accept+0x204
syscall+0x6e8
$syscallrtn+0x0
Defect Description:
An IP instance data structure was inserted into
the hash array before it was initialized. As a
result if a thread tries to access any of its
fields when walking through the hash array, it
may panic.
Resolution:
Necessary checks have been added before accessing the
IP instance data structures to avoid the panic.
PHNE_27886:
( SR number: 8606244252 ; Defect: JAGae10742 )
Symptom:
Data transfer over TCP is very slow.
Defect Description:
If the receiving buffer size is reduced by the
application after the 3-way handshake, TCP window
scales down.
Resolution:
TCP window scale calculation has been corrected to
have an accurate setting.
( SR number: 8606248840 ; Defect: JAGae15237 )
Symptom:
System panics with the following stack trace
panic+0xa0
assfail+0x3c
_assfail+0x2c
b_vsema+0x36c
sounlock+0x974
mp_socket_unlock+0x10
function name is not available
pstat_socket+0x400
pstat+0x380
syscall+0x834
syscallinit+0x554
Defect Description:
A race condition exists when two threads try
to lock a pair of sockets.
Resolution:
Changes have been made in the socket locking
code to avoid the race.
( SR number: 8606272841 ; Defect: JAGae36947 )
Symptom:
It is not possible to know if the support for
RFC 1948 is enabled or disabled.
Defect Description:
The support for RFC 1948 can be enabled by setting the
ndd tunable tcp_isn_passphrase.
However, "ndd -get /dev/tcp tcp_isn_passphrase"
fails with the error:
"operation failed, Permission denied"
Resolution:
"ndd -get /dev/tcp tcp_isn_passphrase"
will now output:
0 - if the support for RFC 1948 is disabled
1 - if the support for RFC 1948 is enabled
( SR number: 8606272891 ; Defect: JAGae36997 )
Symptom:
The HP-UX 11.0 client does not transmit multicast packets
when INADDR_ANY is used.
Defect Description:
When the kernel has to choose an outgoing interface,
it does not search for the route added to a
destination multicast group. Hence, the packet is not
sent out.
Resolution:
The outgoing interface search is now done correctly
based on the destination multicast group when INADDR_ANY
is specified.
( SR number: 8606277294 ; Defect: JAGae41365 )
Symptom:
Applications using UDP via XTI or applications
using remote file locking via NFS may cause
datagram packets to be dropped.
Defect Description:
The default receive buffer size for UDP stream is reduced
to 512. So the number of inbound UDP packets that are
dropped increases if the receiving application does not
read the data fast enough.
Resolution:
The default receive buffer size for UDP has been
restored to 65536.
PHNE_27058:
( SR number: 8606226976 ; Defect: JAGad96038 )
Symptom:
Repeatedly joining and leaving various multicast
groups and rejoining already joined groups causes
the system to hang.
Defect Description:
The kernel allocates memory to copy user data into
kernel and this memory is not freed upon encountering
certain error.
Resolution:
The memory allocated by kernel to copy user data
when joining or leaving a multicast group is freed
upon encountering an error.
( SR number: 8606233305 ; Defect: JAGae02529 )
Symptom:
Application hangs in the accept(2) system call.
Defect Description:
A message is being sent to the wrong thread or process
during accept(2) processing.
Resolution:
A new ioctl for streams has been introduced to make the
connection request to TCP atomic.
( SR number: 8606238262 ; Defect: JAGae07289 )
Symptom:
Data corruption occurs in the socket structure during
a connect(2).
Defect Description:
While doing a connect(2), fields are changed in the socket
structure without holding a lock. This can result in
data corruption.
Resolution:
The socket structure is locked before its fields are
modified. This prevents race conditions and the
associated data corruption.
( SR number: 8606241187 ; Defect: JAGae08450 )
Symptom:
The system does not respond to any keystrokes or
commands and appears to hang. A Service Guard system
will perform TOC.
Defect Description:
A broadcast SYN packet is being delivered to
TCP. There is a huge buildup in the
established connection array. This causes
lookups into the array to take a long time
making the system appear to hang.
Resolution:
Inbound broadcast packets are prevented from
reaching TCP. These packets are filtered out
at the IP level.
( SR number: 8606241192 ; Defect: JAGae08455 )
Symptom:
Memory leak of timer related mblks in 512-byte bucket.
Defect Description:
Timer mblks are allocated at the time of opening
a TCP stream in 512-byte bucket. In a rare case,
these mblks are not freed on closing the TCP stream.
Resolution:
Code has been modified to ensure that the timer
related mblks are freed at the time of closing
the TCP stream.
( SR number: 8606242679 ; Defect: JAGae09914 )
Symptom:
A process appears to hang in accept(2) and cannot be
killed when there is another process doing a
getsockopt(2) on the same socket.
Defect Description:
If the remote client sends a RST before the connection
request is accepted, the T_DISCON_IND message can be
appropriated by getsockopt(2). This causes accept(2)
to wait forever.
Resolution:
TCP no longer removes the T_DISCON_IND message from
the stream head when processing the SO_ERROR socket
option from a listen socket.
( SR number: 8606247193 ; Defect: JAGae13633 )
Symptom:
System panics with either of the following stack traces:
stack trace for event 0
crash event was a panic
panic+0x14
too_much_time+0x2d4
wait_for_lock+0x120
sl_retry+0x18
ip_trash+0x18
ip_rtimer+0x38
ip_rput+0x3c0
puthere+0x140
mi_timeout_exec+0x224
sw_service+0x8c
mp_ext_interrupt+0x108
ivti_patch_to_nop3+0x0
idle+0xd5c
swidle_exit+0x0
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
ilm_lookup_exact+0x4
ip_delmulti+0x40
ilg_delete+0x90
ilg_delete_all+0x34
ip_close+0x58
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x214
osr_close_subr+0xcbc
hpstreams_close_int+0x31c
streams_close+0x14
soclose+0x308
soo_close+0x90
closef+0x64
close+0x90
syscall+0x200
$syscallrtn+0x0
Defect Description:
A multicast application which has not done a bind
calls SIOCSWITCHIFADDR to switch interface and when
it closes the socket, the system panics since multicast
interface information was not updated with the new
interface.
Resolution:
Code has been changed to search through both bound
and unbound IP streams to update the new interface
for the multicast information.
( SR number: 8606248331 ; Defect: JAGae14731 )
Symptom:
System panics during boot after building the
kernel with tcphashsz value less than 256.
Defect Description:
A hash table derived its size from the value
of tcphashsz and any value less than 256
caused the size of this hash table to be zero
resulting in panic on boot.
Resolution:
If the value specified for tcphashsz is less
than 256, default it to 256.
( SR number: 8606249571 ; Defect: JAGae15961 )
Symptom:
System panics with either of the following stack traces:
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
ip_rput_unbind_do+0x1ec
ip_rput_dlpi+0x2f4
ip_rput+0x4c0
csq_turnover_with_lock+0x84
putnext+0x258
hp_dlpi_mblk_fast_in+0x354
hp_dlpi_mblk_intr_put+0x960
streams_put+0xe8
streams_put_release+0x168
hp_dlpi_mblk_intr+0x14c
apa_intr+0x184
lanc_ether_ics+0x114
_btlan3_receive_pkts+0x588
_btlan3_isr+0x198
dino_isr+0xcc
mp_ext_interrupt+0x318
ivti_patch_to_nop3+0x0
idle+0x1054
swidle_exit+0x0
stack trace for event 0
crash event was a panic
panic+0x14
report_trap_or_int_and_panic+0x84
interrupt+0x1d4
$ihndlr_rtn+0x0
ip_rput_dlpi_up+0x550
ip_rput_dlpi+0x98
ip_rput+0x4c0
csq_turnover_with_lock+0x84
putnext+0x258
ar_client_notify+0x78
ar_rput+0x7d0
putnext+0xcc
hp_dlpi_unitdata_in+0x1504
hp_dlpi_intr_put+0x8b0
streams_put+0xe8
hp_dlpi_intr+0x214
lan2_process_packet+0x87c
lan2_int_fr_rnr+0x1b0
lan2_isr+0x164
lasi_interrupt+0x64
mp_ext_interrupt+0x318
ivti_patch_to_nop3+0x0
sounlock+0x90
mp_socket_unlock+0x10
soreceive+0x4bc
recvit+0x144
recv+0x54
syscall+0x6f8
Defect Description:
A pointer to a streams queue is retrieved
from a message and dereferenced. The validity
of this pointer depends on the type of the
message. A panic occurs when a pointer is
dereferenced from a message of incompatible
type.
Resolution:
The queue pointer will be retrieved only if
the message currently handled is of the correct
type.
( SR number: 8606250217 ; Defect: JAGae16597 )
Symptom:
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x84
trap+0xd9c
nokgdb+0x8
ill_delete+0x5c8
ip_close+0x1e4
close_wrapper+0x38
csq_protect+0x120
osr_pop_subr+0x214
osr_close_subr+0xf50
osr_unlink+0x1fc
str_plumb_ioctl+0x4a4
hpstreams_ioctl_int+0x398
hpstreams_ioctl+0x50
spec_ioctl+0xac
vno_ioctl+0x90
ioctl+0x78
syscall+0x6f8
$syscallrtn+0x0
Defect Description:
In one of the lists, messages coming from
the driver will not have a pointer to the queue
set in the mblk. The ill_delete() code assumed
that a pointer to the queue was available and
deferenced it, causing a panic.
Resolution:
While walking through the list of mblks at
the time of deletion, simply free the mblk
if it is from a driver.
( SR number: 8606257697 ; Defect: JAGae22000 )
Symptom:
System panics with the following
stack trace:
stack trace for event 0
crash event was a panic
panic+0x14
too_much_time+0x2e0
wait_for_lock+0x14c
slu_retry+0x1c
mp_socket_lock+0x2c
TPI_ok_ack+0x1a4
soaccept+0x5f4
sodequeue+0x30c
accept+0x168
syscall+0x200
$syscallrtn+0x0
Defect Description:
A spinlock is held before calling a function
that could go to sleep. In the meanwhile, if
another thread tries to acquire that spinlock,
the system panics.
Resolution:
Release the socket lock before calling the function
that could go to sleep and then reacquire it after
returning from the function.
( SR number: 8606259311 ; Defect: JAGae23629 )
Symptom:
POSIX recvmsg() returns incorrect "cmsg_len".
Defect Description:
When a 32 bit POSIX application is run on a 64 bit
kernel, necessary adjustments for certain fields
in a message header is done twice.
Resolution:
Code has been modified to ensure that the
necessary adjustments for the fields in the
message header is done only once.
PHNE_26771:
( SR number: 8606236775 ; Defect: JAGae05826 )
Defect Description:
The variable that provides the value for the flag
parameter in the SIOCATMARK ioctl is not cleared
even after an application reads past the out-of-band
data.
Resolution:
The variable that provides the value for the
flag parameter in the SIOCATMARK ioctl is set
and cleared correctly.
( SR number: 8606237266 ; Defect: JAGae06311 )
Defect Description:
connect() does not disconnect a socket when an already
connected datagram socket is passed to it.
Resolution:
Code has been modified to disconnect the socket when
invalid arguments are passed to connect() on a already
connected datagram socket.
( SR number: 8606238197 ; Defect: JAGae07224 )
Defect Description:
An application calling recv() with the MSG_OOB flag
loses part of the normal data, when only normal data
is available to be read in the stream head.
Resolution:
Appropriate code change was made to prevent the
data loss.
( SR number: 8606250322 ; Defect: JAGae16697 )
Defect Description:
There is an unnecessary compression of header
and data mblks for protocols which split their
header and data into separate mblks. This causes
recv() to fail.
Resolution:
Code has been changed to limit the fix
of JAGad58231 to AF_UNIX domain and
stream oriented sockets, thus avoiding
unnecessary compression of datagram type
sockets data.
PHNE_26445:
( SR number: 8606213513 ; Defect: JAGad82705 )
Symptom:
Systems relying on random increments for
choosing less predictable TCP ISN values,
are still vulnerable to statistical attacks.
Defect Description:
The RFC 1948 ("Defending against sequence
number attacks") is not supported.
Resolution:
The RFC 1948 is now implemented for computing TCP
ISN values.
By default, the support for RFC 1948 is turned off.
It can be turned on by using
the ndd variable, tcp_isn_passphrase <secret passphrase>.
The secret passphrase can be of any length, but only
the first 32 characters will be retained.
The passphrase, once set, should not be changed,
except possibly at reboot.
For example:
ndd -set /dev/tcp tcp_isn_passphrase "rfc 1948"
will turn on the support for RFC 1948.
( SR number: 8606218753 ; Defect: JAGad87901 )
Symptom:
System runs out of memory when it is under heavy
inbound TCP traffic.
Defect Description:
The inbound buffer for a socket is allowed
to grow without bounds if the stream head is in
use while data is being appended to the buffer.
Resolution:
Code has been modified to check if the synchronization
queue is getting too long (~1000) on the stream head. If so,
the tcp window is closed just as if the data queue on the
stream head were getting too full. This fix is dependent
on the streams tunable, streams_sqmax being set in the
next streams patch.
( SR number: 8606223127 ; Defect: JAGad92230 )
System seems to hang due to a memory leak in the 2k
bucket when sanmgr hostagent is running.
Defect Description:
When a socket joins a multicast group, the kernel
allocates memory to hold the group information. This
memory is not freed when the socket is closed.
Resolution:
Memory assigned to hold the group information when
a socket joins a multicast group, is now freed when
the socket is closed.
( SR number: 8606224045 ; Defect: JAGad93141 )
Symptom:
System runs out of memory and seems to hang.
Defect Description:
A RST signal is sent by TCP on receiving a segment,
which does not appear correct for the referenced
connection. The problem is exacerbated if there
is no valid route entry for the sender which causes
the system to invoke arp to resolve the sender's
address. If the segments continue to arrive,
and the inbound traffic is extremely high,
the arp requests and/or the RSTs will never
be transmitted.
Resolution:
The number of outstanding arp requests is
now limited.
( SR number: 8606224560 ; Defect: JAGad93648 )
Symptom:
FTP hangs when transferring files from PC DOS to HP-UX.
Defect Description:
TCP ignores a FIN that arrives with the old data (during
retransmission). This causes the TCP connection to hang
when FTP is copying files from PC DOS (NetManage PCTCP
stack) to HP-UX.
Resolution:
TCP no longer ignores a FIN which arrives with
retransmitted data.
( SR number: 8606225324 ; Defect: JAGad94412 )
Symptom:
"Communication stops" occur due to incorrect
host route in the routing table.
Defect Description:
An alternate indirect route entry was created for the
default route during interface switching. This was due
to an unintended side-effect of route lookups.
Resolution:
As indirect routes were never intended to be
supported, they are not created anymore.
( SR number: 8606228310 ; Defect: JAGad97367 )
Symptom:
read() done on a socket returned by
accept() returns the EWOULDBLOCK error.
Defect Description:
A race condition exists in accept() that is
exposed when multiple accepts are performed on the
same socket.
Resolution:
The code responsible for the race condition in
accept() has now been removed.
( SR number: 8606229279 ; Defect: JAGad98332 )
Symptom:
System panics with the following stack trace:
tcp_icmp_error+0x38
tcp_rput_other+0x518
tcp_rput+0x58
csq_turnover_with_lock+0x84
str_spu_sw_isr+0x654
sw_service+0xb0
mp_ext_interrupt+0x150
ivti_patch_to_nop3+0x0
idle+0x104
Defect Description:
A pointer associated with a packet which has been
enqueued
for delayed processing may become invalid before the
delayed
processing can commence.
Resolution:
TCP now checks if the tcp instance associated with the
packet is NULL before processing it in tcp_icmp_error().
( SR number: 8606229650 ; Defect: JAGad98702 )
Symptom:
System panics with the following stack trace:
igmp_timeout_handler+0x160
ip_rtimer+0x100
ip_rput+0x408
puthere+0x148
mi_timeout_exec+0x288
sw_service+0xb0
mp_ext_interrupt+0x150
ihandler+0x904
idle+0xe24
swidle+0x20
Defect Description:
A race condition exists when a data structure used
in the processing of multicast packets is freed
prematurely. This occurs when one thread is trying
to free the structure and another thread is trying to
handle
igmp timeout on the same structure. A DPF (Data Page
Fault)
panic occurs while trying to handle timeout for
the structure which is on the igmp timeout list.
Resolution:
Code has been modified to replace the deferred free
callback routine with a new routine which makes
sure that the bogus(freed) structure is not there
on the igmp timeout list.
( SR number: 8606230164 ; Defect: JAGad99215 )
Symptom:
Performance degradation after installing PHNE_23456.
Defect Description:
A change in the zero window probing mechanism causes
performance degradation.
Resolution:
Modified zero window probing mechanism now avoids
performance degradation.
( SR number: 8606231247 ; Defect: JAGae00485 )
Symptom:
System panics with the following stack trace:
panic+0x14
report_trap_or_int_and_panic+0x80
trap+0xdb8
nokgdb+0x8
tcp_get_ucred+0x1d4
tcp_wput_ioctl+0x160
tcp_wput+0x918
putnext+0xcc
wait_iocack+0x68
str_istr_ioctl+0x72c
hpstreams_ioctl_int+0x370
hpstreams_ioctl+0x50
spec_ioctl+0xac
vno_ioctl+0x90
ioctl+0x78
syscall+0x6f8
$syscallrtn+0x0
Defect Description:
Sendmail (or identd) probably caused this panic within
a small window of race condition.
Resolution:
The window of race condition in tcp_get_ucred()
that caused the system panic has now been removed.
( SR number: 8606231526 ; Defect: JAGae00764 )
Symptom:
System panics with the following stacks:
tcp_wput+0x58
csq_turnover_with_lock+0x84
str_spu_sw_isr+0x654
or
tcp_wput+0x58
putnext+0xcc
sth_wsrv+0x204
sq_wrapper+0x94
str_sched_up_daemon+0x1c4
str_sched_daemon+0x1a4
main+0x854
Defect Description:
There is a race between the closing of a stream
and data being put onto the stream's
synchronization queue.
Resolution:
A test for a null pointer is performed
on entering the function tcp_wput().
( SR number: 8606231951 ; Defect: JAGae01187 )
Symptom:
System panics with the following stack trace:
tcp_rsrv_comm+0x18
tcp_rput+0x3620
csq_turnover_with_lock+0x7c
str_spu_sw_isr+0x5f8
sw_service+0x8c
Defect Description:
An incorrect goto statement is executed
in an error path.
Resolution:
Changed error path code to exit the routine
using the correct goto statement.
( SR number: 8606232185 ; Defect: JAGae01421 )
Symptom:
System panics with the following stack trace:
tcp_rsrv_comm+0x18
tcp_rsrv+0x10
sq_wrapper+0x90
str_sched_mp_daemon+0x130
str_sched_daemon+0x2dc
main+0xa9c
$vstart+0x34
$locore+0x90
Defect Description:
Service routine is allowed to run on an closing queue.
Resolution:
A test for a null pointer is performed as the
service routine is entered.
( SR number: 8606232612 ; Defect: JAGae01847 )
Symptom:
If the primary route for an interface is deleted, then
a host on the same subnet is not reachable through the
secondary route, though the secondary network route
exists.
Defect Description:
For the local interface, a check is performed to
ascertain if the primary network route exists.
If not, a check is performed again to see if a host
specific route to the destination exists. Although
a secondary network route exists, the same is not
returned if there is no host route.
Resolution:
Code has been modified such that a route entry
associated with the secondary route is returned,
even if the primary route is deleted and if the host
specific route does not exist.
( SR number: 8606233090 ; Defect: JAGae02314 )
Symptom:
In some cases urgent data gets retransmitted
unnecessarily impairing performance.
Defect Description:
Packet validation inside tcp incorrectly drops
a valid packet containing urgent data.
Resolution:
Packet validation logic has been modified to
recognize valid urgent data packets.
PHNE_26412:
( SR number: 8606221602 ; Defect: JAGad90736 )
Symptom:
read() sometimes loses data and returns 0 on system
with PHNE_23456.
Defect Description:
Under certain circumstances T_ORDREL_IND message is
being passed upstream by TCP before sending any pending
eager data.
Resolution:
The fix takes care of eager data to be sent upstream.
PHNE_25423:
( SR number: 8606146239 ; Defect: JAGad15575 )
Symptom:
Intermittent hangs exhibited in close()
when using so_linger.
Defect Description:
There exists a corner case to the solution
resolved by JAGad09415 where the symptom
can still persist.
Resolution:
The window for the delay to manifest itself
has been fully closed.
( SR number: 8606160572 ; Defect: JAGad29893 )
Symptom:
When both ts option and socket cache are used,
tcp connection gets timed out.
Defect Description:
ACK WAR when using tcp_conn_strategy and TCP
RFC 1323 timestamp option
Resolution:
have tcp_t reinitialized at the end of the connection.
( SR number: 8606189015 ; Defect: JAGad58231 )
Symptom:
UNIX domain socket programme uses a large amount of CPU.
This can be observed in some cases of fast producer
and a slow consumer type of client server programmes.
Defect Description:
When a slow consumer creates a small receive window, a
fast producer peer will create a mblk of size equal to
the window size, and append that to message list. Since
there is no low-water mark concept implementation, we
will be dividing the user requested writes into smaller
sizes, depending upon window created by the consumer.
This may lead to a long linked list of small mblk's at
the socket buffer. As this list grows, appending routine
takes lots of CPU time while traversing the list for
finding the end of the list.
Resolution:
Code has been changed to pre-allocate buffer depending
upon the user requested size to write. Now instead of
creating the mblk of size equal to the receive window
and appending it to the message list we will
pre-allocate the buffer equal to the size of user
request. And in subsequent writes we will try to
compress the data if we have free buffer in the
previous mblk. This reduces the number of nodes in
the socket buffer list.
( SR number: 8606211448 ; Defect: JAGad80636 )
Symptom:
When IPSEC is active, nettl can turn on layer 4 tracing
Defect Description:
/dev/stcpmap does not return an error to nettl's ioctl()
requesting layer 4 traces when IPSEC is running.
Resolution:
/dev/stcpmap returns an error to SS_START_TRACE ioctl()
if a trace is requested for layer 4 and IPSEC is active.
( SR number: 8606217657 ; Defect: JAGad86809 )
Symptom:
ifconfig lan10000 fails, but ifconfig lan9999 succeeds.
Defect Description:
The transport code limits the ppa number to less than
10000.
Resolution:
Remove the limit checking of the ppa number in
transport code.
( SR number: 8606219937 ; Defect: JAGad89079 )
Symptom:
On UP boxes when 2 (or more) aio_reads are pending
on the same socket and ioctl(SIOCAIOABORT) is used,
a close on that socket will result in an unkillable
hung process.
Defect Description:
On UP boxes when 2 aio_reads are pending on the same
socket, the ioctl(SIOCAIOABORT) only completes one of the
pending aio_reads. So, a close on that socket results
in a hang.
Resolution:
The ioctl(SIOCAIOABORT) has been modified so that the other
aio_read cannot be left sleeping.
( SR number: 8606220568 ; Defect: JAGad89705 )
Symptom:
Sometimes telnet session initiated by W2K to
HP-UX 11.00 machine hangs.
Defect Description:
Fragmented IPSec packets may not work with
W2K's SP1. Problem is on W2K side with SP1
and SP2 installed.
Resolution:
TCP eliminates the first hop fragmentation due
to IPSec but this does not help if there is
subsequent fragmentation.
( SR number: 8606220677 ; Defect: JAGad89814 )
Symptom:
Data retransmission sometimes takes a long time.
Defect Description:
When packets get lost in a network, it takes a
long time (60 seconds or longer) to retransmit.
Resolution:
Correct the Round Trip Time initialization
so that the estimated RTO won't become too
large.
( SR number: 8606221602 ; Defect: JAGad90736 )
Symptom:
read() sometimes lose data and return 0 on system
with PHNE_23456.
Defect Description:
Under certain circumstances T_ORDREL_IND message is
being passed upstream by TCP before sending any pending
eager data.
Resolution:
The fix takes care of eager data to be sent upstream.
( SR number: 8606221777 ; Defect: JAGad90911 )
Symptom:
When setting ip_pmtu_strategy to 0 any non-local
networks have a maximum MTU of 576.
Defect Description:
The code assumes that a non-local route cannot
handle large MTU's.
Resolution:
A new value has been added to allow for no PMTU
and yet use the MAX MTU for a link. To implement
this change do the following;
ndd -set /dev/ip ip_pmtu_strategy 3
If a smaller MTU is needed for a given route
then use the above strategy and use the route
command with the pmtu option "-p".
( SR number: 8606222508 ; Defect: JAGad91621 )
Symptom:
When system memory use is very high
the accept system call returns ENOBUFS.
Defect Description:
Incorrect handling of listen backlog when
a SYN-RST pair arrives.
Resolution:
The listen backlog is now correctly updated
when a SYN-RST pair arrives. The backlog is not
decremented until the accept executes.
( SR number: 8606223947 ; Defect: JAGad93042 )
Symptom:
When loopback address, 127.n.n.n (where n can 0
to 255) is pinged and ping succeeds, netstat -rn
displays entries for each pinged address other
than 127.0.0.1
Defect Description:
Temporary loopback routes were sent from kernel
as part of netstat -rn output.
Resolution:
PHNE_25381:
( SR number: 8606215148 ; Defect: JAGad84339 )
Symptom:
System panics on sbflush panic 2:
trace event 0
stack trace for event 0
crash event was a panic
panic+0x14
sbflush+0x68
sbrelease+0x14
sorflush+0xa4
sofree+0x15c
soclose+0x23c
soo_close+0xc8
closef+0x64
close+0x90
syscall+0x6f8
$syscallrtn+0x0
Defect Description:
AF_UNIX receive socket buffer count does not match to the
real buffer size.
Resolution:
Save socket receive buffer counter before
unlock the socket and restore them back after
the socket relock.
PHNE_25135:
( SR number: 8606193755 ; Defect: JAGab72514 )
Symptom:
When using shutdown() and stack-caching the mss value
could be set to one (1) byte.
Defect Description:
New socket gets previously set variables from an
"old" socket.
Resolution:
Socket code now resets the initial socket values
correctly.
( SR number: 8606137536 ; Defect: JAGad06654 )
Symptom:
Tcpdump trace showed that sendfile sends trailer buffers
as a separate "send".
Defect Description:
Socket sendfile() always separates trailer buffer from
header and file "send".
Resolution:
If the total size of file data buffer and
trailer buffer is smaller than
MSS, send them together as one
send.
( SR number: 8606203612 ; Defect: JAGad72784 )
Symptom:
Examination of code found a problem.
Defect Description:
Incorrect parameter being used when calling soo_select().
Resolution:
Corrected the third parameter going to the
select call. Changed it from an int to
a pointer.
( SR number: 8606215148 ; Defect: JAGad84339 )
Symptom:
System panics on sbflush panic 2:
trace event 0
stack trace for event 0
crash event was a panic
panic+0x14
sbflush+0x68
sbrelease+0x14
sorflush+0xa4
sofree+0x15c
soclose+0x23c
soo_close+0xc8
closef+0x64
close+0x90
syscall+0x6f8
$syscallrtn+0x0
Defect Description:
AF_UNIX receive socket buffer count does not match to the
real buffer size.
Resolution:
Save socket receive buffer counter before
unlock the socket and restore them back after
the relock the socket.
PHNE_24715:
( SR number: 8606193754 ; Defect: JAGad62965 )
Symptom:
Customer noted that performance of ftp over
hyper-fabric was very slow when putting a file
after installing PHNE_22397.
Defect Description:
tcp has a variable, tcp_rack_abs_max, to set the
high-water-mark of the Received ACK. If the amount
of the received ACK (tcp_rack_cnt) is greater than
this high-water-mark, an immediately ACK will be
generated. Otherwise, the ACK will be deferred.
With PHNE_22397, tcp_rack_abs_max was set to
4*tcp_mss, which is very high with the large
MTU interface like hyper-fabric. (4*32K)
Then it is more likely for receiver to defer
ACK since tcp_rack_cnt is less likely to exceed
the high-water-mark.
Resolution:
tcp_rack_abs_max should not be greater than half of receive
window. (rwnd/2) tcp_rack_abs_max should be kept as
MIN(tcp_deferred_ack_max *tcp_mss, rwnd/2) With the fix,
small transfer (sub-MSS) with large MTU link (32K like
hyper-fabric) can get immediate ACK without delay.
( SR number: 8606206542 ; Defect: JAGad75715 )
Symptom:
Some packets are dropped intermittently and not
retransmitted for a long time.
Defect Description:
Retransmit timer is restarted based on deferred
ack timer in certain conditions. These conditions
were not properly handled which lead to long
delays in the retransmission of lost packets.
Resolution:
On certain conditions the retransmit timer is not
restarted based on deferred ack timer when
there is outbound data to be retransmitted.
( SR number: 8606206806 ; Defect: JAGad75979 )
Symptom:
Since PHNE_21767, all outbound datagrams have
the "Don't Fragment" bit set for Path MTU Discovery.
Defect Description:
The default value of ip_pmtu_strategy has been
changed to 1. This always sets the DF bit.
Resolution:
Option 2 of ip_pmtu_strategy is obsolete.
An EINVAL is returned when attempting to set
ip_pmtu_strategy to 2 with ndd.
( SR number: 8606139436 ; Defect: JAGad08735 )
Symptom:
system panic on X.25 socket.
The panic stack is as follows:
A possible deadlock situation
stack trace for event 0
crash event was a panic
panic+0x10
spin_deadlock_failure+0x38
deadlock_check+0x9c
sl_pre_check+0x54
spinlock+0x14
mp_socket_lock+0x34
mp_socket_lock2+0x38
XLS_F_handler+0x6c4
XSO_F_handler+0x958
XLS_F0_a_connect_ind+0x188
XLS_F_handler+0x6a4
XST_F_read_put+0x398
putnext+0x1f4
CI_touser+0x268
Rx_CALL+0x384
L2_datind+0x4ac
dlpi_rxll+0xb4
x25lrsrv+0x60
sq_wrapper+0xc8
str_sched_mp_daemon+0x33c
str_sched_daemon+0x29c
im_mpnetstr+0x28
DoCalllist+0x38
main+0x24
$vstart+0x34
$locore+0x90
Defect Description:
X.25 socket inserts a cloned socket on to
the listen socket's queue for inbound connection
causes deadlock situation
Resolution:
Remove deadlock assertion for X.25 socket, when
X.25 process inserts its cloned socket on to the
listen socket's queue.
( SR number: 8606140093 ; Defect: JAGad09415 )
Symptom:
TCP connections where both ends close at
the same time may experience an unnecessary
delay of 1.5 seconds or more. This problem
has an especially high probability of being
seen on loopback connections where one
end of the connection has the SO_LINGER
option turned on.
Defect Description:
During connection shutdown, if a FIN packet
is received while TCP is performing its
"close" operation, the FIN packet can be
discarded, causing the remote end to time out
(awaiting acknowledgement of the FIN) and
retransmit the FIN packet. This timeout
accounts for the 1.5 second (or longer) delay.
Resolution:
Processing of TCP packets arrivi |
