PROBLEM: (82103) (PATCH ID: OSF510-070) ******** This patch fixes an NFS file locking race. When granting a file lock to an external NFS client, the NFS server kernel sends a KLM_GRANTED message to the rpc.lockd daemon that's running at the NFS server. This message is sent via UDP, and it's possible that either the message, or it's reply could be lost. This patch enables the UDP reply cache for klm granted replies. PROBLEM: (STL148903, HPAQC15VM, HPAQC1H38, BE_G01081) (PATCH ID: OSF510-135) ******** This patch corrects the following error seen while trying to do a write to a soft mounted NFS filesystem: Jun 5 10:38:35 fchelp vmunix: NFS3 RFS3_WRITE failed for server ncinfs: RPC: Server can't decode arguments Jun 5 10:38:35 fchelp vmunix: NFS3 write error 5 on host ncinfs PROBLEM: (BCGMA1NFM, HPAQ11RSG, EVT0587933, GB_G01162) (PATCH ID: OSF510-174) ******** This patch fixes a problem where a race condition in NFS code could result in a kernel memory fault. A typical stack trace looks like: . . . 5 panic 6 trap 7 _XentMM 8 nfs3_getpage 9 rw3vp_cache 10 rw3vp 11 nfs3_rdwr 12 vn_read 13 rwuio 14 read PROBLEM: (HGO073056) (PATCH ID: OSF510-173) ******** This patch fixes a problem where threads can hang while renaming files on nfs mounted filesystems. This can occur when two threads are renaming files, one from directory "a" to directory "b" and the other from directory "b" to "a". A typical stack trace for a hung thread looks like: 0 thread_block 1 lock_write 2 nfs3_rename 3 rename 4 syscall PROBLEM: (82133) (PATCH ID: OSF510-025) ******** This patch avoids tagged-file induced auto mount requests in AutoFS. PROBLEM: (81943) (PATCH ID: OSF510-042) ******** This patch is required for support of the SuperDLT1 tape drive. If the patch is not present, opening the tape will fail. PROBLEM: (82100, 82161) (PATCH ID: OSF510-048) ******** This fixes a problem encountered on a heavily loaded HSG80, in which a device may become unavailable to other cluster members if a cluster node crashes at the same time an error occurs on that device. PROBLEM: (81814) (PATCH ID: OSF510-010) ******** This patch prevents panics from occurring if AdvFS detects corruption in the per-fileset frags file and attempts to work around the corruption. The problem would occur only after the following message/event were registered: Warning: AdvFS has detected an inconsistency in a frag metadata file free list. PROBLEM: (81258) (PATCH ID: OSF510-014) ******** AdvFS filesets mounted with the -o noatimes option or the -o ro (readonly) option should not update the file access times as seen using the "ls -lu" command. Prior to this patch, memory mapped files were having their access times updated even if the noatimes or readonly mount options were specified. This patch corrects that problem. PROBLEM: (79769) (PATCH ID: OSF510-015) ******** A kernel memory fault can occur on an smp machine when one thread is extending a clone frags file and another thread does a stat system call on a file with a frag. The stack trace is as follows: 5 panic src/kernel/bsd/subr_prf.c : 804 6 trap src/kernel/arch/alpha/trap.c : 1762 7 _XentMM src/kernel/arch/alpha/locore.s : 1748 8 x_page_to_blk src/kernel/msfs/bs/bs_stg.c : 6191 9 x_page_to_blkmap src/kernel/msfs/bs/bs_stg.c : 5928 10 x_page_mapped src/kernel/msfs/bs/bs_stg.c : 6281 11 bs_frag_has_stg src/kernel/msfs/bs/bs_bitfile_sets.c : 2229 12 msfs_getattr src/kernel/msfs/osf/msfs_vnops.c : 1525 13 vn_stat src/kernel/vfs/vfs_vnops.c : 1277 14 stat1 src/kernel/vfs/vfs_syscalls.c : 3056 15 lstat src/kernel/vfs/vfs_syscalls.c : 3034 16 syscall src/kernel/arch/alpha/syscall_trap.c : 627 17 _Xsyscall src/kernel/arch/alpha/locore.s : 1512 PROBLEM: (81251, 83087) (PATCH ID: OSF510-087) ******** This patch provides an improvement to AdvFS performance when the first bytes of user data (and subsequent storage requests) is written to a domain. PROBLEM: (82689) (PATCH ID: OSF510-060) ******** This patch corrects read-ahead behavior for AdvFS for both local and NFS reads. Read performance is increased by approximately 10% with the addition of this patch. This patch does not include any 'correctness' fixes. This read performance fix can be detected by timing the read requests or by monitoring internal kernel paths. PROBLEM: (#, -----, 81882, BUG) (PATCH ID: OSF510-011) ******** Under a specific set of unlikely circumstances it is possible for revision 4 PCA hardware to falsely report PCI hung bus errors, which will cause a uncorrectable hardware machine check and operating system panic. The following console error messages indicate this problem has occurred. The "PCI bus hung during Fault" text in the error message is the key to detecting this error. Note: the false PCI bus hung error only occurs with revision 4 PCA hardware. iop: ioa_err_sum = 0x100000000 Bit 32: Hose 0 PCA reported an Uncorrectable Error pca: pca_whatami = 0x8000034 Bit 2: ASIC revision Bit 4: Backplane revision Bit 5: Backplane revision Bit 27: Microprocessor present pca: pca_err_sum = 0x8000 Bit 15: PCI bus hung during Fault pca: ne_whatami = 0x100000302 pca: fe_whatami = 0x100000202 pca: pci0_err_sum = 0x10068000 Bit 15: PCI bus hung during Fault Bit 17: Failing PCI command Bit 18: Failing PCI command Bit 28: PCA was PCI initiator when bus was hung pca: pci0_err_addr = 0x2030000 pca: pci1_err_sum = 0x4060000 Bit 17: Failing PCI command Bit 18: Failing PCI command Bit 26: PCI slot that was active during the failure pca: pci1_err_addr = 0xc0011500 Machine Check SYSTEM Fatal Abort Machine check code = 0x100000202 Ibox Status = 0000000000000000 Dcache Status = 0000000000000000 Cbox Address = 0000000000000000 Fill Syndrome 1 = 0000000000000000 Fill Syndrome 0 = 0000000000000000 Cbox Status = 0000000000000000 EV6 captured status of Bcache mode = 0000000000000000 EV6 Exception Address = fffffc000097aff0 EV6 Interrupt Enablement and Current Processor mode = 0000007ee0000000 EV6 Interrupt Summary Register = 0000002000000000 EV6 TBmiss or Fault status = 0000000000000000 EV6 PAL Base Address = 0000000000020000 EV6 Ibox control = fffffffc0c306396 EV6 Ibox Process_context = 0000718000000004 Cpu Fault Summary = 0x1 QBB bit-directed reg. dump QBB 0 CSRs to be logged summary = 0x1100 QBB 1 CSRs to be logged summary = 0x0 QBB 2 CSRs to be logged summary = 0x0 QBB 3 CSRs to be logged summary = 0x0 QBB 4 CSRs to be logged summary = 0x0 QBB 5 CSRs to be logged summary = 0x0 QBB 6 CSRs to be logged summary = 0x0 QBB 7 CSRs to be logged summary = 0x0 panic (cpu 0): System Uncorrectable Machine Check PROBLEM: (82320) (PATCH ID: OSF510-032) ******** This patches fixes a kernel memory fault which can occur during scheduler load balancing on a NUMA system. The problem can be identified by a stack trace which will start with a syscall to routine numa_move_current_thread and end with the memory fault in routine u_map_is_locked (~line 2770). PROBLEM: (82179) (PATCH ID: OSF510-006) ******** This patch fixes a panic that occurs in madvise() when called with MADV_DONTNEED when running in lockmode 4. The panic string would be "lock_done: lock not currently owned" PROBLEM: (81478) (PATCH ID: OSF510-007) ******** This patch fixes a performance problem when HPTC programs on NUMA machines migrate threads betwen QBBs. PROBLEM: (82131) (PATCH ID: OSF510-008) ******** This patch fixes a Kernel Memory Fault which can happen when all of physical memory is in use. This problem can be identified by the stacktrace of the offending thread, which will show that the illegal memory reference occurred in vm_map_entry_split(). This will probably appear as line 2706 of vm_map.c. PROBLEM: (82198, 82050) (PATCH ID: OSF510-049) ******** This patch fixes two problems. - A problem seen in a cluster when one member whose boot partition is on a device whose scsi wid changes while the node is down. - This also corrects a failure that is seen as a user_cmd timeout. "Cannot invoke dsfmgr from kernel: run /sbin/dn_setup -boot to synchronize dsfmgr with kernel" PROBLEM: (82124) (PATCH ID: OSF510-030) ******** The patch fixes a kernel memory fault when accessing a shared text segment after or during scheduler load balancing on a NUMA system. There are two different stack traces associated with the failure. The most common trace starts with routine vm_fault and ends with a memory fault in routine pmap_seg_enter (~line 6059). The second trace begins with routine numa_move_current_thread and ends with a memory fault in routine pmap_collect (~line 4094). PROBLEM: (MGO85573B, N/A) (PATCH ID: OSF510-012) ******** This patch fixes a bug such that when 'fuser -k' is issued on a dismounted NFS mount point in which some process is running, a hang will occur. A new flag, -p, has been introduced. When the -p flag is used with the -c flag, as in 'fuser -c -p -k /mnt', the parent directories are ignored and the processes are gracefully killed. PROBLEM: (82347, SSRT0700U) (PATCH ID: OSF510-023) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (81933, 82226, 82278) (PATCH ID: OSF510-047) ******** This patch improves webserver performance, fixes an IPV6 related crash and a hang in soclose(). PROBLEM: (80225, 81884, 82170, 82273, 82309) (PATCH ID: OSF510-039) ******** This patch for Compaq POSIX Threads Library fixes the following problems: 1. A threaded applications may not recover the use of a CPU following an offline/online procedure. 2. User threads blocked in the kernel against a specific VP may never unblock. 3. Problems with libpthread tracing for Totalview debugger 4. User threads are not bound to the correct RAD upon returning from pthread_rad_attach. PROBLEM: (82700) (PATCH ID: OSF510-059) ******** Prior to this patch, /sbin/dd was dependent on the threads package. This dependency caused problems when installing patches that affected the thread package. So this patch eliminates the dependency by making /sbin/dd non-threaded. PROBLEM: (82705) (PATCH ID: OSF510-065) ******** This patch fixes SPECweb99 httpd hangs in umc_get_page() routine waiting for the page. The stack on a hung process is: crash> set fffffc00324a0380 CONTEXT: CURRENT PID: 780 COMMAND: "zeus.web" THREAD: fffffc00324a0380 CPU: 3 RAD: 0 EVENT: fffffc000a27fa80 STATE: WAIT crash> st CPU: 3 PID: 780 THREAD: fffffc00324a0380 COMMAND: "zeus.web" 1: umc_get_page+356: thread_block() 2: sosend+1172: umc_get_page(0xfffffc004f0dae00, 0xa0c58000, 0xfffffc000 07b01e8) 3: rwuio+212: sosend(0xfffffc00f1ac6700, 0x0, 0xfffffe0689d2f7a0, 0x0, 0x0, 0xfffffe0689d2f690) 4: writev+236: rwuio(???, ???, 0xfffffe0689d2f8a8, 0xfffffe0689d2f7a0, 0x1) 5: syscall+592: writev(0xfffffc000c846cc0, 0xfffffe0689d2f8b8, 0xfffffe0 689d2f8a8) 6: _Xsyscall+92: syscall(0x0) PROBLEM: (82585) (PATCH ID: OSF510-073) ******** This patch includes performance fixes for systems doing raw I/O, raw async I/O, and systems with large disk farms (high disk count). PROBLEM: (QAR82396) (PATCH ID: OSF510-084) ******** This patch enables the "getconf VENDOR_ABBREV" command to return the correct abbreviated vendor name, for example, "COMPAQ" instead of "Compaq Computer Corporation" in a Tru64 UNIX system. PROBLEM: (none) (PATCH ID: OSF510-063) ******** This patch provides the device driver for a new graphics card. PROBLEM: (HPAQ418B4) (PATCH ID: OSF510-053) ******** This patch fixes a problem where some network based multimedia applications will cause a kernel memory fault when exiting. A sample stack trace is as follows: 1 panic(s = 0xfffffc00007d10a0 = "kernel memory fault") 2 trap 3 _XentMM 4 igmp_leavegroup 5 in_delmulti 6 ip_freemoptions 7 in_pcbfree 8 in_pcbdetach 9 udp_usrreq 10 soclose 11 soo_close 12 closef 13 close_ufe 14 exit 15 rexit 16 syscall 17 _Xsyscall PROBLEM: (none) (PATCH ID: OSF510-050) ******** This patch provides support for the DEGPA-TA (1000BaseT) Gigabit Ethernet device. PROBLEM: (BCGMA09HM) (PATCH ID: OSF510-064) ******** This patch fixes a potential deadlock on systems using shared memory segments and granularity hints. This can occur when allocating a gh region larger then the available free memory. Example stack traces for deadlocked threads from a forced crash: 0 thread_block 1 gh_collect 2 gh_free_list 3 gh_free_granhint 4 u_shm_oop_deallocate 5 vm_map_entry_delete 6 u_map_delete 0 thread_block 1 gh_collect 2 gh_free_list 3 alloc_gh_phys 4 nshmget 5 syscall 6 _Xsyscall PROBLEM: (82227) (PATCH ID: OSF510-035) ******** This patch improves UDP performance by removing an unneeded lock from the UDP output path. PROBLEM: (BCSM412FX) (PATCH ID: OSF510-062) ******** This patch fixes a panic in in_pcbfree() when NFS is implemented over TCP. If an NFS server stops servicing requests to clients and the server is rebooted to clear the NFS problem, the clients panic in in_pcbfree(). A typical client stack trace is: panic in_pcbfree tcp_input ipintr PROBLEM: (BCGMA0M0S) (PATCH ID: OSF510-089) ******** This patch fixes a lock contention for multiple writers which would use 100% of CPU time. This problem has been seen when running Oracle database doing 'Table Creates'. Tru64 UNIX continues to add UBC buffers which causes their free memory to go from 6 gb to 200 mb, and does not release them back. The Oracle database has to be shut down to recover UBC buffers. PROBLEM: (81889, n/a) (PATCH ID: OSF510-095) ******** This patch resolves hang-like behavior when LSM volumes are used to create AdvFS domain volumes. With some systems the default preferred IO byte transfer size for read and write requests is initially set too high. Run the "chvol" command on the domain volumes and see if the rblks or wblks field is very large. These are the sizes of the read and write IO transfer size that AdvFS uses to issue reads or writes, respectively. In some cases, the transfer size converted to bytes may be as large as 1GB or 2GB's. The patch will cause AdvFS during domain activation to check if an AdvFS volume's underlying driver is LSM. If the default "preferred" IO byte transfer size is 64MB's or larger for LSM drivers, then AdvFS will instead use a lower size of 256KB's (512 blocks). If a larger value is desirable, then you can still use "chvol" to change the transfer size for reads or writes. "chvol -l" command will display the preferred, maximum and minimum transfer sizes. The patch also eliminates confusing warning messages about exceeding the preferred read or write transfer size seen when the IO transfer size has been set higher than the preferred transfer size default. PROBLEM: (none) (PATCH ID: OSF510-094) ******** This patch fixes periodic slowdowns seen on large systems that are consuming large amounts of memory due to file I/O. These changes make the reclaiming of memory in use for file buffers more efficient. There is also a fix for a lock timeout seen on the vdIoLock because of a large number of buffers on the smoothsync queues. PROBLEM: (83490) (PATCH ID: OSF510-101) ******** This patch fixes a race condition introduced in v51supportos-94-beltz and should be applied with that patch. PROBLEM: (HPAQ30LKL) (PATCH ID: OSF510-097) ******** This patch fixes inaccuracy problems when using setrlimit/getrlimit with a threaded application. PROBLEM: (81007, 82961) (PATCH ID: OSF510-119) ******** This patch addresses multiple issues for the KZPCC family of RAID Array 2000 (RA2000) controllers. - Errors seen when concurrent opens are issued to separate logical partitions on the same logical device. - Change to the preferred chunk size from 16 KB to 64 KB which may increase data transfer rates. PROBLEM: (BCGM919P3, EVT376821B, EVT376821, 82934) (PATCH ID: OSF510-110) ******** This patch fixes a hang seen while running collect and the vdump utility. This patch prevents the hang in tok_wait from occurring. PROBLEM: (83842) (PATCH ID: OSF510-124) ******** This patch prevents stat(), lstat(), fstat(), statfs(), fstatfs(), getmntinfo(), and getfsstat() from returning EOVERFLOW errors for programs compiled on Tru64 UNIX v4.0* or earlier. A program that is compiled on v4.0* or earlier and was linked static (cc -non_shared) and calls the getcwd() or statvfs() functions can fail. Any program that was compiled on v4.0* or earlier that calls statfs(), fstatfs(), getmntinfo(), or getfsstat() could fail, such as the Oracle 8.1.7 install. PROBLEM: (MGO10736A, EVT0396650, TPOB36405, BCSM10NZK) (PATCH ID: OSF510-175) ******** This patch fixes a problem where threads can hang in x_load_inmem_xtnt_map() when called from x_page_to_blkmap(). A typical hung thread will have the following calls at the top of its stack trace: 0 thread_block 1 lock_read 2 x_load_inmem_xtnt_map 3 x_page_to_blkmap 4 x_page_to_iolist 5 blkmap PROBLEM: (82597) (PATCH ID: OSF510-078) ******** This patch fixes a kernel memory fault when writing to /proc. This issue can be seen as a kernel memory fault or possibly other failures in u_anon_rss_enforce. This issue is predominently seen as a KMF, the condition only occurs when anon_rss_enforce is set to 2 (HARD LIMIT). A typical stack trace is as follows: ... 4 panic src/kernel/bsd/subr_prf.c : 1339 5 trap src/kernel/arch/alpha/trap.c : 2262 6 _XentMM src/kernel/arch/alpha/locore.s : 2126 7 u_anon_rss_enforce src/kernel/vm/u_mape_anon.c : 4666 8 u_anon_fault src/kernel/vm/u_mape_anon.c : 1277 9 u_map_copy_overwrite src/kernel/vm/vm_umap.c : 2084 10 procfs_write src/kernel/procfs/procfs_vnops.c : 2222 11 vn_write src/kernel/vfs/vfs_vnops.c : 1372 12 rwuio src/kernel/bsd/sys_generic.c : 2257 13 write src/kernel/bsd/sys_generic.c : 2179 14 syscall src/kernel/arch/alpha/syscall_trap.c : 719 15 _Xsyscall src/kernel/arch/alpha/locore.s : 1796 Typical reproduction of this issue can be seen by doing the following: 1) Add "anon_rss_enforce=2" to the vm section of /etc/sysconfigtab 2) Reboot with new setting 3) Run dbx on any a.out file "$ dbx a.out" PROBLEM: (VNO65701A) (PATCH ID: OSF510-159) ******** This patch fixes an issue with lightweight wiring of pages and shared memory regions. This problem can occur when running Oracle and may cause ORA-01034: Oracle not available" errors when attempting to connect to Oracle databases. PROBLEM: (83520, 83540, 83568, 83645, 83725, 83862) (PATCH ID: OSF510-196) ******** This patch fixes a system panic when the system has at least one AdvFS domain and the system is configured for lockmode=4 kernel lock statistics collection. The system panic message will be: panic (cpu 0): lock_read: hierarchy violation The crash-data file will show (typical example): lock_read: hierarchy violation pc of caller: 0xffffffff00183ccc lock address: 0xfffffc000757eb30 lock info addr: 0xfffffc0000f582a0 lock class name: bfAccessT.putpage_lk class already locked: vdT.mcell_lk current spl level: 0 with a stack trace that always includes "msfs_putpage": 4 panic(s = (unallocated - symbol optimized away)) ["../../../../src/kernel/bsd/subr_prf.c"] 5 lock_fault(lp = (unallocated - symbol optimized away), ["../../../../src/kernel/kern/lock.c"] 6 lock_read(l = (unallocated - symbol optimized away)) ["../../../../src/kernel/kern/lock.c"] 7 msfs_putpage(0xfffffc00039af100, ...) ["../../../../src/kernel/msfs/osf/msfs_misc.c"] 8 ubc_page_alloc(0x0, ...) ["../../../../src/kernel/vfs/vfs_ubc.c"] In all cases the "lock class name" is "bfAccessT.putpage_lk" but the "class already locked" may be other locks such as: class already locked: vdT.del_list_lk class already locked: vdT.stgMap_lk class already locked: bfAccessT.xtntMap_lk PROBLEM: (83930) (PATCH ID: OSF510-107) ******** This change corrects some I/O rate fluctuations and thread unresponsiveness that had been seen when vm free pages dropped to a low level and used pages were being recycled. PROBLEM: (84601) (PATCH ID: OSF510-126) ******** If Oracle customers are running one of the affected Oracle configurations, Oracle may have already detected an inconsistency in the database and reported errors similar to the following in the alert log and trace file: ORA-01578: ORACLE data block corrupted (file # 1, block # 100) ORA-01119: data file 1: '/scratch/820/qa/dbs/t_db1.f' or ORA-00368: checksum error in redo block ORA-00354: Log corruption near block #231 Oracle customers that have run the dbverify (dbv) utility may have encountered an error message similar to the following: *** Corrupt block relative dba: 0x0040900b (file 0, block 36875) Bad header found during dbv: Data in bad block - type: 27 format: 2 rdba: 0x0040900d last change scn: 0x0000.0001349a seq: 0x2 flg: 0x04 consistency value in tail: 0x349a1b02 check value in block header: 0xa377, computed block checksum: 0x0 spare1: 0x0, spare2: 0x0, spare3: 0x0 *** PROBLEM: (85230, 85345) (PATCH ID: OSF510-182) ******** This patch addresses two types of system crashes: - Crash caused by VM hash corruption, kernel memory fault. A typical stack trace would be as follows: 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1326 1 panic src/kernel/bsd/subr_prf.c : 1296 2 event_timeout src/kernel/arch/alpha/cpu.c : 2186 3 printf src/kernel/bsd/subr_prf.c : 981 4 panic src/kernel/bsd/subr_prf.c : 1353 5 trap src/kernel/arch/alpha/trap.c : 2266 6 _XentMM src/kernel/arch/alpha/locore.s : 2143 7 ubc_wire src/kernel/vfs/vfs_ubc.c : 5372 8 u_vp_oop_pagecontrol src/kernel/vm/u_mape_vp.c : 1219 9 u_anon_faultpage src/kernel/vm/u_mape_anon.c : 2046 10 u_anon_fault src/kernel/vm/u_mape_anon.c : 1410 11 u_anon_lockop src/kernel/vm/u_mape_anon.c : 3053 12 u_map_lockvas src/kernel/vm/vm_umap.c : 1526 13 memlk src/kernel/bsd/kern_mman.c : 2309 14 syscall src/kernel/arch/alpha/syscall_trap.c : 722 15 _Xsyscall src/kernel/arch/alpha/locore.s : 1814 - Crash caused by lock hierarchy problem violation. A typical stack trace would be as follows: 4 panic() 5 simple_lock_fault() 6 mcs_lock_hierarchy_violation() 7 free() 8 _ms_free() 9 msfs_fs_cleanup() 10 vop_page_lookup() 11 ubc_page_alloc() 12 ubc_lookup() 13 bs_pinpg_one_int() 14 bs_pinpg_clone() 15 bs_pinpg() 16 fs_write() 17 msfs_write() 18 vn_write() 19 rwuio() 20 write() 21 syscall() 22 _Xsyscall() PROBLEM: (85404) (PATCH ID: OSF510-201) ******** This patch fixes a problem with the driver for Gigabit Ethernet adapters (DEGPA-FA and DEGPA-TA) which prevented its use in a NetRAIN (Redundant Array of Independent Network Adapters) set. In order to add an interface to a NetRAIN set, the interface must not be busy. However, even when the Gigabit Ethernet interface ("alt") is not explicitly started by the system administrator or by a startup script, sometimes the interface will be started automatically as a result of activity on the network. If an attempt is then made to add this interface to a NetRAIN set, NetRAIN will report that the device is busy and thus cannot be used. This patch corrects the Gigabit Ethernet driver so that it will not start unless explicity told to do so by either the system administrator or by a startup script. PROBLEM: (83661, 85312, STL111443) (PATCH ID: OSF510-213) ******** This patch fixes a problem where the setgid bit of a directory was not being set when created, if its parent directory has the setgid bit set. PROBLEM: (84908, 84911) (PATCH ID: OSF510-168) ******** This patch fixes issues with memory allocation attributes. PROBLEM: (83270) (PATCH ID: OSF510-212) ******** The context switch code would only clear the floating point enable bit when context switching away from a thread which was not terminated. If the terminated thread had enabled the floating point unit, the newly context-switched-to thread would be using its floating point state instead of its saved state. PROBLEM: (85447, 85450, MGO07072A, NWO42386A) (PATCH ID: OSF510-211) ******** This patch fixes several virtual memory algorithms related to the allocation and freeing of pages within the kernel. PROBLEM: (83169, 83608, 83745) (PATCH ID: OSF510-111) ******** These changes address panics which can occur if a signal is sent to a multi-threaded task in which one or more threads are calling exit() or exec(). The panic is invariably a kernel memory fault whose faulting virtual address is usually 0x50. The following panic message is typical: trap: invalid memory read access from kernel mode faulting virtual address: 0x0000000000000050 pc of faulting instruction: 0xfffffc0000283bc0 ra contents at time of fault: 0xfffffc0000283bb4 sp contents at time of fault: 0xfffffe0450d77360 PROBLEM: (83309, BCGMA1FFX) (PATCH ID: OSF510-184) ******** This patch fixes the corruption of the CAM hardware database when using hwmgr. This typically can result in a kernel memory fault when the database is being written to disk after a hwmgr operation. > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1003 1 panic src/kernel/bsd/subr_prf.c : 1222 2 event_timeout src/kernel/arch/alpha/cpu.c : 1668 3 xcpu_puts src/kernel/bsd/subr_prf.c : 1357 4 printf src/kernel/bsd/subr_prf.c : 892 5 panic src/kernel/bsd/subr_prf.c : 1287 6 afault_trap (source file cannot be determined) 7 _XentUna src/kernel/arch/alpha/locore.s : 2337 8 kds_offset_next src/kernel/io/common/kds.c : 4674 9 kds_offset_next src/kernel/io/common/kds.c : 4695 10 kds_offset_next src/kernel/io/common/kds.c : 4695 11 kds_offset_lock src/kernel/io/common/kds.c : 4818 12 camdb_write_status src/kernel/io/cam/camdb.c : 4113 13 camdb_write_asynchronous src/kernel/io/cam/camdb.c : 4164 PROBLEM: (GB_G00942) (PATCH ID: OSF510-188) ******** This patch corrects an AdvFS panic which can occur during a rmfset operation. The panic string: "rbf_delete_int: can't find bf attributes" PROBLEM: (78804) (PATCH ID: OSF510-099) ******** This patch fixes an issue with some remote ioctls for tape/changer drivers not working in a cluster. PROBLEM: (82879, 81918, 84896) (PATCH ID: OSF510-149) ******** This patch fixes a panic which comes from a page fault on a user buffer while we are already holding the write lock. A representative stack trace for the original hung thread looks like: 0 thread_block 1 lock_wait 2 lock_read 3 msfs_getpage 4 u_vp_fault 5 u_map_fault 6 vm_fault 7 trap 8 _XentMM 9 old_bcopy 10 copyin 11 uiomove 12 fs_write 13 vn_write 14 rwuio 15 write 16 syscall 17 _Xsyscall PROBLEM: (117-1-16330) (PATCH ID: OSF510-206) ******** This problem occurs when using the user level context switching (ucontext) routines and switching a thread's stack. The result is that the pthread mutex API routines can return EINVAL because we were unable to validate the mutex. This problem has been corrected by this patch. PROBLEM: (117-2-203) (PATCH ID: OSF510-136) ******** This modification fixes a problem in which the system panicked with a kernel memory fault while the class scheduler was being configured. PROBLEM: (85651) (PATCH ID: OSF510-209) ******** This patch fixes cluster hangs where I/O stops, and a hwmgr -view -clu command does not return. However, the systems will respond to pings. This is caused by the ubc_memory_purge in routine cfs_putpage being blocked when doing FSOP_PUTPAGE. An example stack trace is as follows: THREAD: fffffc01ffdb1500 1: sleep_prim+616: thread_block() 2: mpsleep+28: sleep_prim() 3: icscli_wait+284: mpsleep() 4: icstnc_cli_rcall+452: icscli_wait() 5: tnc_rcall+208: icstnc_cli_rcall() 6: rcfscall_service+220: tnc_rcall() 7: rcfscall+44: rcfscall_service() 8: cfscall_fsync+344: rcfscall() 9: cfs_putpage+760: cfscall_fsync() 10: ubc_memory_purge+2192: cfs_putpage() 11: ubc_purge_thread+180: ubc_memory_purge() crash> last -s | grep fffffc01ffdb1500 00:16:51 4 1048576 fffffc01ffdb1500 [ubc_purge_thread] This thread has been blocked for 16+sec. PROBLEM: (84103, 82583, 81968) (PATCH ID: OSF510-140) ******** This patch fixes the following system panics: - A "simple_lock: lock already owned by cpu" panic when anon_rss_enforce is non-zero and lockmode is set to 4. This remove occurs when a process, whose RSS (resident set size; the number of pages a process can have in memory) limit is exceeded, tries to expand its heap. An example stack trace is as follows: 1 panic() 2 simple_lock_fault() 3 simple_lock_state_violation() 4 pmap_clear_reference() 5 u_anon_rss_purge() 6 u_anon_rss_enforce() 7 u_anon_fault() 8 u_map_fault() 9 vm_fault() 10 trap() - A " panic: vm_page_activate: already active" panic that can occur on a system during memory shortages An example stack trace is as follows: 14 panic() 15 vm_page_activate() 16 vm_pageout_scan() 17 vm_pageout() - A "mcs_lock: no queue entries available" panic that can occur on a GS160 system. This is caused by an abandoned page mistakenly being reclaimed off the the 0/O hash. The page is then removed off a UBC free list where two stale page pointers were connected, hereby connecting the ACTIVE and INACTIVE list. When attempting to deactivate pages (move them from the ACTIVE queue to the INACTIVE queue) we encounter an INACTIVE page, which causes an inadvertant failure to unlock the page. Continued attempts to deactivate INACTIVE pages results in the lock queue being filled. This can also cause a "kernel memory fault" panic. An example stack trace is as follows: 1 panic() 2 event_timeout() 3 printf () 4 panic() 5 simple_lock_fault() 6 mcs_lock_entry_violation() 7 vm_pagelru_approximation() 8 vm_pageout() PROBLEM: (82138, 82611, 83447) (PATCH ID: OSF510-117) ******** This patch fixes a problem in which a heavy load placed on an HSG80 can disable the device. PROBLEM: (ALC-2-076) (PATCH ID: OSF510-192) ******** This patch fixes a timing window where flushing data to disk can be incomplete when a system is going down. Note this can only occur if all of these conditions are true: o More than one thread calls the reboot() system call without first going through shutdown, /sbin/reboot, or /sbin/halt (note the operating system itself does not do this, it would have to be an application program which is calling reboot()). o O_SYNC is not in use. o AdvFS data logging is not in use. PROBLEM: (84151) (PATCH ID: OSF510-163) ******** The compiler can generate code that tries to place the pages of an ALLOCATABLE (heap) array, before the pages are actually allocated. The placement is done with calls to nmadvise. This can cause the system to crash. PROBLEM: (82489, SSRT0676U) (PATCH ID: OSF510-155) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. SYNOPSIS mountd [-d] [-i] [-n] [-s] [-r] [-R] [exportsfile] FLAGS ... -r Have mountd listen for requests on a reserved port. This is the default behavior. -R mountd may listen on an unreserved port. PROBLEM: (BCGMC0X62) (PATCH ID: OSF510-194) ******** This patch eliminates a kernel memory fault in AdvFS that has the following footprint: crash> tf > 0 boot src/kernel/arch/alpha/machdep.c : 2774 1 panic src/kernel/bsd/subr_prf.c : 1334 2 trap src/kernel/arch/alpha/trap.c : 2259 3 _XentMM src/kernel/arch/alpha/locore.s : 2115 4 bs_derefpg src/kernel/msfs/bs/bs_buffer2.c : 3564 5 get_quota_blks_used src/kernel/msfs/fs/fs_quota.c : 2972 6 quota_activate src/kernel/msfs/fs/fs_quota.c : 3391 7 advfs_mountfs src/kernel/msfs/osf/msfs_vfsops.c : 3255 8 msfs_mount src/kernel/msfs/osf/msfs_vfsops.c : 2882 9 local_mount src/kernel/vfs/vfs_syscalls.c : 1453 10 mount1 src/kernel/vfs/vfs_syscalls.c : 1611 11 syscall src/kernel/arch/alpha/syscall_trap.c : 713 12 _Xsyscall src/kernel/arch/alpha/locore.s : 1785 (dbx) p kernel_memory_fault_data struct { fault_va = 0xc0 fault_pc = 0xffffffff0010e900 fault_ra = 0xffffffff00166258 fault_sp = 0xfffffe0e25db72c0 crash> 0xffffffff0010e900/i (dbx) 0xffffffff0010e900/i [bs_derefpg:3568, 0xffffffff0010e900] ldq t0, 192(s0) Here's where we panic in bs_derefpg(): 3567 /* Update statistics counters. */ 3568 if (bp->bfAccess->dataSafety == BFD_FTX_AGENT ) { PROBLEM: (83207, 83660, 83372, 83770, 83668, 76843, 83207, 81784, 76147) (PATCH ID: OSF510-122) ******** This patch fixes multiple problems with SCSI tape handling including improvements to backup procedures, SCSI passthrough, an increase to the local IO size for transfers, a fix for a system crash that can occur during a bus reset and a fix for a panic with the following panic string: "PWS_CCB_QUE_REMOVE: CCB NOT ON ANY LIST" PROBLEM: (BCPMB0MC4, 117-2-306, 84332, 82443) (PATCH ID: OSF510-157) ******** This patch fixes a system hang caused by netisr queue corruption due to a race condition that is primarily encountered by third party drivers and layered products that call schednetisr_nospl(). This patch also fixes a lockmode 4 panic in netisr_del_rad where netisr_del_rad attempted to release a lock it did not hold. PROBLEM: (84435, 84148, 84634, 82059) (PATCH ID: OSF510-134) ******** mixed speed cpu system from hanging a test suite Fixes a performance problem with 100% cpu usage nmadvise placed memory pages sometimes ignored. nmadvise performance enhancements. PROBLEM: (83859, 83567, BCGMA0MX9) (PATCH ID: OSF510-129) ******** This patch fixes a problem seen when trying to write out coredumps to fibrechannel devices. Previously, the fibrechannel-specific code would make calls to non high IPL-safe routines. This patch fixes the fibre code to only call routines which will not lower the IPL. This was more likely to occur on active systems than inactive. PROBLEM: (83399) (PATCH ID: OSF510-181) ******** This patch fixes a kernel memory fault and invalid memory ifetch panic which can occur in AlphaServer SC systems running Quadrics' RMS software. A typical panic follows, where the faulting virtual address and faulting pc are both zero: trap: invalid memory ifetch access from kernel mode faulting virtual address: 0x0000000000000000 pc of faulting instruction: 0x0000000000000000 ra contents at time of fault: 0xfffffc00005bde78 sp contents at time of fault: 0xfffffe05449bf760 panic (cpu 3): kernel memory fault PROBLEM: (83943) (PATCH ID: OSF510-109) ******** This patch fixes a bug in the POSIX Threads Library for Tru64 UNIX V5.1 that would result in a DECthreads Bugcheck and process termination. Threaded applications might encounter this problem when pthread_kill() is used on a thread that is marked as blocked in the kernel. This problem is identified by a stack trace similar to the following, where the __errBugcheck frame occurs right after the _schReadyForInterrupt frame: 0 __nxm_thread_kill(0x3ff800e3834, 0x20002225038, 0x3ff805ce968, ... 1 __sigAbortProcess(0x20, 0x0, 0x0, 0x0, 0x20002227600) [0x3ff805b752c] ... 2 __errBugcheck(0x3ff805934b8, 0x3, 0x20002227600, 0x20001bf7cc2, ... 3 __schReadyForInterrupt(0x1e, 0x20002227600, 0x3ffc01b5050, 0x0, ... 4 pthread_kill(0x3ffbfdf43d8, 0x3ffbfdf4388, 0xe, 0x177db030, ... ... PROBLEM: (83392) (PATCH ID: OSF510-180) ******** This patch corrects the behavior of the FIONBIO, FIOASYNC, and FIONREAD ioctl's in a cluster environment. These commands would fail, returning ENOTTY when they should have succeeded. PROBLEM: (BCGMA0VHK) (PATCH ID: OSF510-092) ******** This patch fixes a problem in which the system call fcntl(fd, F_DUPFD, 15) fails with "too many files" even after fd limits have been increased. PROBLEM: (HPAQB1GH8, BCGMC0SKX, 84064, 84731) (PATCH ID: OSF510-167) ******** This patch corrects two problems with the scheduler. - Enables NUMA load balancing in other processor sets then the default processor set (pset 0). - Enables the processor to do load balancing for multi-threaded applications. PROBLEM: (ALC-2-076) (PATCH ID: OSF510-158) ******** This patch provides support for activating temporary atomic write data logging on all files within the mount point. The data logging is turned off when the fileset is unmounted. PROBLEM: (78704) (PATCH ID: OSF510-179) ******** This patch fixes a hang in the ufs filesystem. PROBLEM: (BCPMA1QJ4, 83367) (PATCH ID: OSF510-178) ******** This patch fixes kernel build failures due to an undefined ss_sched function. PROBLEM: (81620, n/a) (PATCH ID: OSF510-068) ******** Execution of an interpreter (e.g., file beginning with #!/bin/csh) can fail if the total number of characters in environment variables is approximately one 8K or other page size multiple. It is unusual to use so much environment variable space, and unlikely for the size of the space to be very close to a multiple of the page size. If the problem does occur, and the execution of an interpreter file will fail with "file not found". For example: /updmnt/isl/updeng: /updmnt/sbin/it.d/bin/install_ap: not found PROBLEM: (83442, 85273, 84454) (PATCH ID: OSF510-199) ******** This patch provides full KZPCC support in version 2.0 of the i2o block storage driver. RESTRICTION: For TCR-V5.1 installations, KZPCC support is restricted to data-only service; devices on the KZPCC controller cannot be used for system or boot partitions in a cluster. Additionally, this patch fixes the problem where extraneous console messages will appear when hardware is added or deleted. PROBLEM: (SOO01415A, NWO41533A, SOO15249B, SOO09843A, BCGMA0M0S, n/a) (PATCH ID: OSF510-156) ******** This patch fixes a performance problem with v5.1 where threads doing large IO transfers could spend excess time in ubc_page_alloc(). PROBLEM: (84826) (PATCH ID: OSF510-169) ******** This patch fixes nmadvise with a modification to VM to allow migration of shared memory PROBLEM: (82423) (PATCH ID: OSF510-162) ******** This patch provides functionality to support EMC storage boxes that support Persistent Reserves (SCSI command set) as defined by the final SCSI specification. PROBLEM: (83129, 84172) (PATCH ID: OSF510-200) ******** On wildfires with PCI adapters of mixed revision, the PCA registers are set up incorrectly. This leads to kernel memory faults of variable characteristics. While this is not a configuration which is sold, it may exist in the field, and will certainly exist in-house. PCA and their revisions may be identified by their model numbers: PCA4 (B4171-AC) PCA3 (B4171-AA E02 or B4171-AB - doesn't matter) PROBLEM: (84104, 86180) (PATCH ID: OSF510-224) ******** PROBLEM: This patch fixes two issues seen on the GS320/160/80 AlphaServers: - A "u_anon_free: page_busy" system panic when using System V shared memory locked by a single process. This is seen when attempting to delete a user process' map. An example stack trace is as follows: 4: panic() 5: u_anon_free() 6: u_anon_oop_deallocate() 7: vm_map_entry_delete() 8: u_map_delete() 9: vm_map_exit() Examination of the suspect page revelas a negative wire count. px ((vm_page *))->pg_wire_count 0xffff - Failures ranging from unitialized simple lock panics, kernel memory fault panics, and process hangs, on GS320/160/80 systems configured with at least one memory less quad. The "simple_lock: uninitialized lock" or "kernel memory fault" panics originating in get_free_ptepage. These panics are a result of either attempting to obtain a free_page_table lock (fp) using an ID of a non-existent MAD, or attempting to dereference the MAD associated with the non-existent MAD. The process hangs are caused when the hanging process thread_blocks waiting for a ptpage request to be filled. The request will never be serviced because it has been made to a non-existent MAD. Identification of this hang condition can be done as follows: crash> *thread.wait_mesg
= "ptpage" PROBLEM: (84948, 83827) (PATCH ID: OSF510-144) ******** This patch fixes the automount handling of the "nogrpid" option. L PROBLEM: (82767) (PATCH ID: OSF510-069) ******** This patch fixes a network problem where a system can hang during a route command. PROBLEM: (83662, 83714) (PATCH ID: OSF510-125) ******** The receiver on the DE60x will hang. Packets can be sent from the interface but are never received. "netstat -s -i" will typically show a high number of data overruns for the affected interface. Running "ifconfig down" followed by "ifconfig up" will restart the receiver, as will rebooting. lan_config behavior was not as expected with previous versions of the DE60x driver. There are two options to lan_config, -s (speed) and -x (mode). "lan_config -s100" would revert the mode to half-duplex, since "-x" was omitted. Conversely, "lan_config -x1" would revert the speed to 10, since "-s" was omitted. A workaround is to always specify "-s" and "-x" on the lan_config command-line. PROBLEM: (81635, 85025, 85286) (PATCH ID: OSF510-204) ******** PROBLEM: Dynamic drivers are not getting unloaded and reloaded correctly because their ctlr_unattach() routines do not get called when unloaded. Additionally, upon subsequent loads and reloads, their probe() routines do not get called. PROBLEM: Dynamic drivers find that with subsequent loads and reloads, their controller number creeps upward. PROBLEM: (82432, 84561, 86724, EVT43680A) (PATCH ID: OSF510-351) ******** This patch fixes problems in NFS that can cause a kernel memory fault during NFS server shutdown. A stack trace of one of the problems may look like the following: > 0 stop_secondary_cpu(do_lwc = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/cpu.c":1326, 0xfffffc0000658ae0] 1 panic(s = 0xfffffc0000b089c0 = "event_timeout: panic request") ["../../../../src/kernel/bsd/subr_prf.c":1296, 0xfffffc000029a7d4] 2 event_timeout(func = 0xfffffc000029ac90, arg = 0xfffffc00027d02f8, timeout = (unallocated -symbol optimized away)) ["../../../../src/kernel/arch/alpha/cpu.c":2186, 0xfffffc0000659f0c] 3 printf(fmt = 0x5) ["../../../../src/kernel/bsd/subr_prf.c":981, 0xfffffc0000299b48] 4 panic(s = 0xfffffc0000b082b0 = "kernel memory fault") ["../../../../src/kernel/bsd/subr_prf.c":1353, 0xfffffc000029a924] 5 trap(a0 = (...), a1 = (...), a2 = (...), code = 0x32, exc_frame = 0xfffffe0450ba7870) ["../../../../src/kernel/arch/alpha/trap.c":2266, 0xfffffc000064d1c0] 6 _XentMM(0x0, 0xfffffc000053fb54, 0xfffffc0000a4c3d0, 0x7fff, 0xfffffc003b50b000)["../../../../src/kernel/arch/alpha/locore.s":2143, 0xfffffc0000646d94] 7 nfs_input(m = 0xfffffc003b50b000) ["../../../../src/kernel/nfs/ nfs_server.c":7076,0xfffffc000053fb54] 8 nfs_thread(radid = 0x7fff) ["../../../../src/kernel/nfs/nfs_server.c":6383, 0xfffffc000053ed84] The next stack trace could be indicative of the other problem: > 0 stop_secondary_cpu(do_lwc = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/cpu.c":1205, 0xfffffc0000616110] 1 panic(s = (unallocated - symbol optimized away)) ["../../../../src/kernel/bsd/subr_prf.c":1252, 0xfffffc00002946a4] 2 event_timeout(func = (unallocated - symbol optimized away), arg = (unallocated - symboloptimized away), timeout = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/cpu.c":1971, 0xfffffc0000617344] 3 printf(fmt = (unallocated - symbol optimized away)) ["../../../../src/kernel/bsd/subr_prf.c":940, 0xfffffc0000293a58] 4 panic(s = (unallocated - symbol optimized away)) ["../../../../src/kernel/bsd/subr_prf.c":1309, 0xfffffc00002947d8] 5 trap(a0 = (...), a1 = (...), a2 = (...), code = (unallocated - symbol optimized away),exc_frame = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/trap.c":2259, 0xfffffc000060ad50] 6 _XentMM(0x4, 0xfffffc0000601b14, 0xfffffc00009b7660, 0xfffffe0401904048, 0xfffffc007b287000) ["../../../../src/kernel/arch/alpha/locore.s":2115, 0xfffffc0000604d94] 7 simple_lock(0x4, 0xfffffc0000601b14, 0xfffffc00009b7660, 0xfffffe0401904048, 0xfffffc007b287000) ["../../../../src/kernel/arch/alpha/lockprim.s":698, 0xfffffc0000601b14] 8 rfsputxprt(xhp = (unallocated - symbol optimized away), rx = (unallocated - symbol optimized away)) ["../../../../src/kernel/nfs/nfs_server.c":8257, 0xfffffc000050e3ac] 9 m_free(0xfffffc00002a97e0, 0xfffffe0400e78000, 0xfffffe0400e7be60, 0x91, 0xfffffc000402f300) ["../../../../src/kernel/bsd/uipc_mbuf.c":606, 0xfffffc00002a973c] 10 m_freem(0xfffffe0400e7be60, 0x91, 0xfffffc000402f300, 0xfffffe04a1b374b0, 0xfffffc0000758fc8) ["../../../../src/kernel/bsd/uipc_mbuf.c":637, 0xfffffc00002a97dc] 11 ftatint(0xfffffc007b4c6000, 0x0, 0xfffffc000402f3ac, 0xffffffffbdf80000, 0x50) ["../../../../src/kernel/io/dec/netif/if_fta.c":5913, 0xfffffc0000758fc4] 12 ftaoutput(0x2a, 0x0, 0x800, 0x0, 0xfffffc000402f300) ["../../../../src/kernel/io/dec/netif/if_fta.c":5408, 0xfffffc0000758440] 13 ftastart(0xfffffc000402f300, 0xfffffe04a1b37554, 0xfffffc00004886cc, 0xfffffe0400e78000, 0xfffffe0400000004) ["../../../../src/kernel/io/dec/netif/if_fta.c":1989, 0xfffffc0000753ff4] 14 ether_output(0x38, 0x0, 0x0, 0x0, 0xfffffc007b4c6200) ["../../../../src/kernel/net/if_ethersubr.c":1417, 0xfffffc00004886c8] 15 ip_output(0x0, 0xfffffc007b4c6000, 0xfffffe04a1b37550, 0xfffffc0000000000, 0xcbb02010) ["../../../../src/kernel/netinet/ip_output.c":1127, 0xfffffc00004b2fac] 16 icmp_reflect(0xfffffc000b1b4f58, 0x0, 0xfffffc000402f300, 0x0, 0xb275) ["../../../../src/kernel/netinet/ip_icmp.c":864, 0xfffffc00004aa594] 17 icmp_error(0x6, 0x2, 0xfffffc000b1b4f6e, 0xfffffc0000b77660, 0x0) ["../../../../src/kernel/netinet/ip_icmp.c":420, 0xfffffc00004a9c48] 18 udp_input_common(m = (unallocated - symbol optimized away), offset = (unallocated - symbol optimized away), src = (unallocated - symbol optimized away), dst = (unallocated - symbol optimized away), netlayer = (unallocated - symbol optimized away), rx = (unallocated - symbol optimized away)) ["../../../../src/kernel/netinet/udp_usrreq.c":1329, 0xfffffc00004c8be4] 19 udp_input(m = (unallocated - symbol optimized away), iphlen = 0x7b287000) ["../../../../src/kernel/netinet/udp_usrreq.c":759, 0xfffffc00004c7654] 20 ipintr(0x1, 0xfffffc0001136000, 0xfffffc007fe1a480, 0x1, 0xfffffc0000000004) ["../../../../src/kernel/netinet/ip_input.c":1749, 0xfffffc00004ac254] 21 netisr_thread() ["../../../../src/kernel/net/netisr.c":1828, 0xfffffc00002eb17c] crash> PROBLEM: (GOZ48787C) (PATCH ID: OSF510-343) ******** This patch corrects a problem with ICMP redirect processing which resulted in incorrect ICMP redirect messages. PROBLEM: (87773, 87919, BCGM51JRJ) (PATCH ID: OSF510-275) ******** The problem is that the changes to the AIO layer did not properly handle AIO to sockets. Thus, when doing raw AIO over sockets, the result would be a kernel memory fault. A typical stack trace looks like the following: 0 boot src/kernel/arch/alpha/machdep.c : 2774 1 panic src/kernel/bsd/subr_prf.c : 1334 2 trap src/kernel/arch/alpha/trap.c : 2262 3 _XentMM src/kernel/arch/alpha/locore.s : 2115 4 aio_rw src/kernel/bsd/kern_aio.c : 3118 5 syscall src/kernel/arch/alpha/syscall_trap.c : 713 6 _Xsyscall src/kernel/arch/alpha/locore.s : 1785 PROBLEM: (87578, 84358, 84926, 86046, 87027, 87578) (PATCH ID: OSF510-277) ******** Below are descriptions of problems that have been fixed with this patch: - There is performance related problem with applications that use mutexes which are allocated in shared memroy. This problem manifests itself when trying to allocate large quantitiies of mutexes in shared memory. - When developing applications that use mutexes which are allocated in shared memeory, unexpected EINVAL errors would appear if these mutexes and their condition variables were not in the same shared memory regions. PROBLEM: (88833) (PATCH ID: OSF510-313) ******** This patch fixes a problem with sendmsg and rcvmsg that prevented 9i/RAC from being able to use UDP as its transport. With this patch, correct operation of sendmsg and rcvmsg is restored when dealing with atomic protocols by not truncating send but to treat as a 32 bit length. PROBLEM: (83217) (PATCH ID: OSF510-362) ******** This patch fixes a kernel memory fault in "mount -o extend." PROBLEM: (HPAQ507XC, SOO21324A, 86870) (PATCH ID: OSF510-377) ******** This patch provides a script that will allow a user to remove the directio cloning patch after the version switch has been thrown by running clu_upgrade -switch. This script will set back the version identifiers and request a cluster shutdown and reboot to finish the deletion of the patch. Another rolling upgrade will be required to delete the patch with dupatch. The /usr/sbin/clone_versw_undo script must be run by root in multiuser mode after the directio cloning patch has been completely rolled in and before another rolling upgrade has begun. A system or cluster shutdown will be required to remove the directio cloning patch. ************************** IMPORTANT **************************** Since the removal of a version switched patch requires a cluster shutdown, only run this script when you are absolutely sure that this patch is the cause of your problem. This script must be run by root in multiuser mode after completing the rolling upgrade that installed the patch and before starting another rolling upgrade. The final removal of the patch can only be accomplished by rebooting the system or cluster after this script completes its processing. This script will offer to shutdown your system or cluster at the end of its processing. If you choose to wait, it is your responsiblity to execute the shutdown of the system or cluster. DO NOT FORGET OR WAIT FOR AN EXTENDED PERIOD OF TIME BEFORE SHUTTING DOWN THE CLUSTER. CLUSTER MEMBERS WHICH ATTEMPT TO REBOOT BEFORE THE ENTIRE CLUSTER IS SHUTDOWN CAN EXPERIENCE PANICS OR HANGS. PROBLEM: (88013) (PATCH ID: OSF510-353) ******** This patch fixes a rare panic in the driver for the DE600/DE602 10/100 Ethernet adapter. The panic is the result of a kernel memory fault that occurs when an ioctl is sent to the driver (for instance using "ifconfig"), or when a machine is shutting down to reboot. Typically it will only occur when there is high traffic on the network. The stack trace may show ee_rint as the routine in which the kernel memory fault occurred: 1 panic() 2 trap() 3 _XentMM() 4 ee_rint() 5 ee_rx_intr_work_thread() The stack trace may alternatively show ee_add_rfd_buf as the routine in which the kernel memory fault occurred: 1 panic() 2 trap() 3 _XentMM() 4 ee_add_rfd_buf() PROBLEM: (EVT0403573, 83149, EVT0683537) (PATCH ID: OSF510-229) ******** This patch fixes data inconsistency problems that can be seen on clusters that are NFS clients. PROBLEM: (89091) (PATCH ID: OSF510-302) ******** Change vm_free_min to vm_free_target when reconfiguring vm_page_free_target. There is performance related problem. This patch fixes a miss-configuration of vm_free_target at the boot time when this parameter is added to /etc/sysconfigtab. PROBLEM: (81635, 85286) (PATCH ID: OSF510-232) ******** Dynamic drivers are not getting unloaded and reloaded correctly because their ctlr_unattach() routines do not get called when unloaded. Additionally, upon subsequent loads and reloads, their probe() routines do not get called. PROBLEM: (HPAQ40PHP, BCPM11RCX, HPAQ3028L) (PATCH ID: OSF510-251) ******** This patch fixes a kernel memory fault in tcp_rad_slowtimo. This patch also fixes a kernel memory fault in soclose() before calling soabort for listener sockets. 0 boot src/kernel/arch/alpha/machdep.c : 2645 1 panic src/kernel/bsd/subr_prf.c : 1401 2 in_pcbfree src/kernel/netinet/in_pcb.c : 2760 3 tcp_rad_slowtimo src/kernel/netinet/tcp_timer.c : 1130 PROBLEM: (89491) (PATCH ID: OSF510-365) ******** This fixes an invalid pointer access panic in AdvFS. This happens after AdvFS has encountered various I/O errors that cause AdvFS to put a filesystem into its domain panic state. AdvFS error handling was not properly initializing a fileset pointer variable to NULL. During cleanup, the non-null variable would falsely indicate a filesystem fileset needed to be closed and would panic due to a bad fileset pointer. Several code paths may show this behavior but the following is an example: > 0 stop_secondary_cpu 1 panic 2 event_timeout 3 printf 4 panic 5 trap 6 _XentMM 7 bs_bfs_close 8 quotaUndo 9 ftx_fail_2 10 fs_write_add_stg 11 fs_write 12 cfs_comm_write 13 cfs_pfscachewrite 14 cfs_write 15 rfs3_writeg 16 rfs3_write 17 rfs_dispatch 18 nfs_rpc_recv 19 nfs_rpc_input 20 nfs_input 21 nfs_thread PROBLEM: (87422) (PATCH ID: OSF510-341) ******** This patch fixes a time loss problem seen on DS systems (TSUNAMI) only when using console callbacks. The patch resynchronizes the clock when a time loss is detected. PROBLEM: (BE_G01325) (PATCH ID: OSF510-241) ******** This patch prevents the error message "local HSM Error: msgsvc: socket close failed" from being generated when an application closes the socket with return state 0. PROBLEM: (82980, 85656, 83888, 85584, 82596, 84575, 82980) (PATCH ID: OSF510-218) ******** If a disk that is controlled by an HSG80 is removed and then re-inserted, activity to that disk will be hung. PROBLEM: (85744, GB_G01025, GB_G01337) (PATCH ID: OSF510-321) ******** This patch prevents a potential hang due to external NFS servers. The hang happens when an NFS server becomes unaccessible. However instead of only the NFS filesystems being served by that server become unavailable, it effects ALL NFS mounted filesystems. PROBLEM: (87597) (PATCH ID: OSF510-294) ******** When setting atomic-write data-logging, AdvFS needs to flush all dirty buffers on the file before setting the UBC_NOFLUSH flag on the object. This was done by calling bfflush() with parameters to flush all pages. However, there were 2 problems. First, bfflush() has an optimization to avoid flushing pre-allocated pages. Second, there was no provision for flushing dirty pages that do not appear on the bfap->dirtyBufList because they were dirtied via mmapping. To fix the first issue, I added a flag to bfflush() that tells it to skip the optimization and flush all dirty pages. To address the second issue, we now call ubc_flush_dirty() to get any previously-mmapped pages onto our dirty list, and bfflush() to flush them out. PROBLEM: (87646) (PATCH ID: OSF510-360) ******** This patch fixes a problem where when using VX1 graphics module, mouse cursor disappears when moved along left and top most edge. PROBLEM: (89088, TKT205463) (PATCH ID: OSF510-345) ******** This patch fixes a system panic with "malloc_check_checksum: memory pool corrution" A vnode is being referenced after it has been freed and return to kmem. The pmsgbuf has the bucket infomation: memory pool corruption memory address: 0xfffffc00807fafc0 memory size: 0x240 ra of last caller freeing memory: 0xfffffc00004a477c panic (cpu 0): malloc_check_checksum: memory pool corruption The memory address shows that the last locker was wait_for_vxlock: (dbx) 0xfffffc00807fafc0/10X 0xfffffc00807fafc0: 0xfffffc00004a35ae 0xdeadbeefdeadbeef 0xfffffc00807fafd0: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef 0xfffffc00807fafe0: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef 0xfffffc00807faff0: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef 0xfffffc00807fb000: 0xdeadbeefdeadbeef 0xdeadbeefdeadbeef crash> 0xfffffc00004a35ae/i (dbx) 0xfffffc00004a35ae/i [wait_for_vxlock:1000, 0xfffffc00004a35ac] bsr ra, simple_unlock(line 1497) PROBLEM: (LACCH0001, 87717, 85433, 80908) (PATCH ID: OSF510-259) ******** This patch corrects several problems in kernel routing: - Fix panic when deleting an IP address. - Fix panic when performing IP re-configuration. - Fix to add interface route on address configuration. PROBLEM: (88653, HPAQ507XC) (PATCH ID: OSF510-299) ******** This patch corrects a problem in the virtual file system that could cause panic with the panic string "kernel memory fault." PROBLEM: (89626) (PATCH ID: OSF510-372) ******** This patch fix bug between mcs_unlock and mcs_lock_try on the same cpu. PROBLEM: (86181) (PATCH ID: OSF510-231) ******** If a file is opened for O_DIRECTIO and O_APPEND, and several threads write data to the file expecting the data to be appended to the file, it is possible that two threads will write their data to the same offset in the file. If this happens, the data from the second thread will overwrite the data from the first. This fix ensures that the threads are properly synchronized and that all data is appended to the end of the file. PROBLEM: (87647, 88665, HPAQ617CN) (PATCH ID: OSF510-296) ******** This problem can occur if the vm_swap_wcluster parameter is not set to a page multiple. A typical stack trace my look like the following: > 0 stop_secondary_cpu 1 panic 2 event_timeout 3 printf 4 panic 5 trap 6 _XentMM 7 vm_swap_async_done 8 lwc_schedule 9 thread_block 10 xpt_callback_thread PROBLEM: (88057) (PATCH ID: OSF510-339) ******** This patch fixes a condition where the smoothsync thread, in attempting to flush dirty buffers for memory-mapped files, would also flush buffers for non-memory-mapped files. This did not cause any errors, but could cause more IO than necessary to be done. Occasionally, buffers that are scheduled to be lazily written to disk get written before the normal smooth-sync scheduling. This was discovered in the routine responsible for flushing dirty memory-mapped buffers which can also flush dirty buffers for non-memory-mapped buffers. This would happen at 'smoothsync_age' intervals, which is every 30 seconds by default. PROBLEM: (88778) (PATCH ID: OSF510-293) ******** There are 2 scenarios that needed to be fixed. Scenario 1: A file with a hole at page 10 is opened for cached IO and the hole is filled. Then this file is closed and opened for directIO, and page 10 is written successfully. If the system crashes before the log page describing the addition of the hole storage has been flushed to disk, then after recovery, the data written via directIO to page 10 will be lost since it will be reverted to a hole. This is an error for directIO since the write is considered "to disk", and should not return success unless the metadata has been flushed to disk. Scenario 2: This is the same scenario as above, but the thread that opens the file for directIO is a CFS client. CFS retrieves the extent maps (which are in memory only) and writes to page 10 successfully. The system then crashes and, after recovery, page 10 does not exist because the extent maps were never flushed to disk. The first scenario was fixed by setting the dirty_alloc bit in the file context when storage is added via the directIO code. This is detected in fs_write() and ensures that both the file stats and the log pages are flushed to disk before returning to the caller. This is the same as if the file were opened with the O_SYNC flag. The second scenario was fixed by modifying msfs_open() to flush the log when a file is opened for directIO iff it is being opened for a CFS file, and there is an outstanding allocation that needs to be written to disk. PROBLEM: (85224) (PATCH ID: OSF510-304) ******** This patch fixes a kernel panic with: "bs_invalidate_rsvd_access_struct: bad access struct" PROBLEM: (BCSMB1H33, BCGM21TMQ) (PATCH ID: OSF510-230) ******** This AdvFS correction makes the balance and rmvol programs more interruptible by supplying a new option (-i). It also avoids wasting extentmap entries and avoids a kmf in routine 'overlay_xtnt_map' (footprint follows): trap: invalid memory read access from kernel mode faulting virtual address: 0xfffffe0400c79ff4 pc of faulting instruction: 0xffffffff001e6d6c ra contents at time of fault: 0xffffffff001e5a48 sp contents at time of fault: 0xfffffe0427b9f1c0 5 _XentMM 6 overlay_xtnt_map 7 switch_stg 8 migrate_normal 9 migrate_normal_one_disk 10 mig_migrate 11 bs_migrate PROBLEM: (89056, 88842) (PATCH ID: OSF510-354) ******** This patch fixes the following problems: - The system may hang while attempting to replace a component that is used in a redundant configuration. When an I/O path is removed, the system may hang while attempting failover to the redundant path. - The system may experience a kernel memory fault when an I/O path is removed. Just before the panic occurs, you may see: Jun 24 16:21:05 tstsys vmunix: DDR - Warning: Device has no "name" - for Jun 24 16:21:05 tstsys vmunix: Vendor ID : Product ID: PROBLEM: (88175) (PATCH ID: OSF510-305) ******** This patch fixed kernel memory fault when use open a command hwmgr -delete component -id 3. PROBLEM: (82567) (PATCH ID: OSF510-228) ******** This patch fixes a problem that would cause a process to hang because the process was unable to exit. PROBLEM: (86623, 85180, 84925, 84413) (PATCH ID: OSF510-355) ******** This patch eliminates superfluous AutoFS auto-mount attempts during rolling upgrade. These attempted auto-mounts slow down certain operations and leave the AutoFS namespace polluted with directories prefexed with ".Old.." Also, this patch fixes a couple of problems with the "mkdir -p" command when executed on automount directories. PROBLEM: (TKTB10063) (PATCH ID: OSF510-237) ******** This patch fixes a problem where a long-running kernel thread in AdvFS could cause a cluster timeout and subsequent panic. The panic string is "CNX QDISK: Yielding to foreign owner with quorum." It also fixes a simple_lock timeout panic. PROBLEM: (GOZ17675B, BCGM218D2, BCSM30N8X) (PATCH ID: OSF510-227) ******** This patch corrects a problem with the network code which resulted in some tcp packets having the wrong checksums. This could result in dropped connections. PROBLEM: (86244, 88931, HPAQ21NL3, 86987, 87977, BCSM51NH2) (PATCH ID: OSF510-306) ******** This patch fixes ubc performance problems and lock timeout issues. PROBLEM: (BCGM10S95, QAR82871) (PATCH ID: OSF510-202) ******** This patch fixes a problem that dual mounting causes panic. The panic string would be; "bs_access: domain different from ftx domain." PROBLEM: (HGO091469, 87558) (PATCH ID: OSF510-383) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This could result in a panic with the string: "lock_clear_recursive: recursion not enabled." Compaq has corrected this potential vulnerability. PROBLEM: (87786, 88705) (PATCH ID: OSF510-282) ******** Insertion of an element on to the dynamic hash table can cause a message to be sent to the hash table kernel thread indicating that the chain that was inserted on needs to be split. The kernel thread will either split the chain amongst its siblings or double the table if the chain does not have any siblings. The message included a pointer to the controlling bucket and a bucket number. the bucket number in this case corresponded to a sibling bucket. It was though that the kernel thread could just use the sibling bucket number to locate all the siblings. The error here was that during the time it took for the kernel thread to recieve this message, the chain split and the table doubled. So when the thread got the message it looked like the chain did need to split however the bucket number was no longer a valid sibling. The thread then incorrectly began working on the wrong hash bucket. Having the chain split and the table double in this time is a rare event. This is the first report of this bug since the code was created back in 1997. The fix is to now store the bucket number in the bucket itself. Since the buckets were padded out 3 long words this will not consume any more memory. Also the number is automatically copied correctly when the table doubles so it only needs updating at split time. PROBLEM: (87096, 86083, 85609, 86010) (PATCH ID: OSF510-272) ******** This patch fixes a kernel memory fault caused by AutoFS. The AUTOFS_HASH macro was doing signed arithmetic in calculating an index into a hash table. This could result in negative indices into the hash table. The stack trace of the crash is: > 0 stop_secondary_cpu(do_lwc = (unallocated - symbol optimized away)) 1 panic(s = (unallocated - symbol optimized away)) 2 event_timeout(func = (unallocated - symbol optimized away), arg = (unalloca ted - symbol optimized away), timeout = (unallocated - symbol optimized away)) 3 printf(fmt = (unallocated - symbol optimized away)) 4 panic(s = (unallocated - symbol optimized away)) 5 trap(a0 = (...), a1 = (...), a2 = (...), code = (unallocated - symbol optim ized away), exc_frame = (unallocated - symbol optimized away)) 6 _XentMM(0x0, 0xfffffc00004de398, 0xfffffc00009a0a50, 0xfffffc00ffe20900, 0x 33362038) 7 autofs_rmhash(np = (unallocated - symbol optimized away), mp = 0x33362038) 8 autofs_dirremove(np = (unallocated - symbol optimized away), mp = (unalloca ted - symbol optimized away)) 9 autofs_rmdir(ndp = (unallocated - symbol optimized away)) 10 cfs_comm_rmdir(dhp = (unallocated - symbol optimized away), rmhp = (unalloc ated - symbol optimized away), ndp = (unallocated - symbol optimized away), cred = (unallocated - symbol optimized away), retry_svr_fail = 10226256) 11 cfs_rmdir(ndp = (unallocated - symbol optimized away)) 12 rmdir(0xfffffc00971aa000, 0xfffffe054580f8bc, 0xfffffc00005e0394, 0x89, 0xf ffffc000097f850) 13 syscall(0x0, 0x0, 0x1, 0x0, 0xfffffc00a0734000) 14 _Xsyscall(0x8, 0x3ff801153d8, 0x1400093b0, 0x11fffbd18, 0x140011200) PROBLEM: (84959, 87086, MGO00009A) (PATCH ID: OSF510-352) ******** The table() system will not abort connections properly if a tcb hash table number is greater than 1. PROBLEM: (HPAQ21947) (PATCH ID: OSF510-287) ******** This patch corrects an "mcs_lock: time limit exceeded" panic when moving processors to/from processor_sets. The system panics with the following stack trace, faulting against a thread lock. 0 stop_secondary_cpu 1 panic 2 event_timeout 3 printf 4 panic 5 simple_lock_fault 6 mcs_lock_time_violation 7 processor_doaction 8 action_thread PROBLEM: (HPAQ90Q79, BCSM40W91, 64343, 87051) (PATCH ID: OSF510-316) ******** This patch fixes a bug that can cause performance problems for certain applications when the sysconfigtab parmaeter ipc:sem_broadcast_wakeup is set to 0. Otherwise, the original behavior is preserved, which is to wake-up all threads waiting on a semaphore value change. PROBLEM: (88669) (PATCH ID: OSF510-311) ******** Several symptoms: 1. live_dump: aio_run_completion: ACQ_UNREF not set 2. vmunix: trap: invalid memory write access from kernel mode stack trace: _XentMM src/kernel/arch/alpha/locore.s : 2115 dequeue_head src/kernel/kern/queue.c : 148 aio_run_completion src/kernel/bsd/kern_aio.c : 1946 aio_rw src/kernel/bsd/kern_aio.c : 2521 syscall src/kernel/arch/alpha/syscall_trap.c : 713 _Xsyscall src/kernel/arch/alpha/locore.s : 1785 3. Have not seen this, but there is the potential to see a thread hang waiting to reclaim a vnode with its vnode->v_numoutput being non-zero. PROBLEM: (88816, 89170, 83043, 89185, 89301, 89352) (PATCH ID: OSF510-346) ******** This patch fixes the following Virtual Memory problems. The first three are seen on NUMA systems only, and the forth problem can be seen on any system type: Problem 1: ----------- A "vm_pg_alloc: page not free" system panic that occurs during process migration. This panic occurs because during kernel stack migration, some of the steps involved in allocating a new stack page, copying the contents from the current page, and disposing of the current page were being done in the incorrect order. Problem 2: ------------ A "vm_pageout_activate: page already active" system panic that occurs if one thread is unlocking some pages in memory while another thread is migrating them. An example stack trace would be as follows: 4 panic src/kernel/bsd/subr_prf.c : 1353 5 vm_pageout_activate src/kernel/vm/vm_pagelru.c : 2146 6 u_anon_faultpage src/kernel/vm/u_mape_anon.c : 1978 7 u_anon_fault src/kernel/vm/u_mape_anon.c : 1463 8 u_anon_lockop src/kernel/vm/u_mape_anon.c : 3147 9 u_map_lockvas src/kernel/vm/vm_umap.c : 1540 10 memlk src/kernel/bsd/kern_mman.c : 2360 11 syscall src/kernel/arch/alpha/syscall_trap.c : 725 12 _Xsyscall src/kernel/arch/alpha/locore.s : 1814 or: 4 panic src/kernel/bsd/subr_prf.c : 1353 5 vm_pageout_activate src/kernel/vm/vm_pagelru.c : 2146 6 u_anon_faultpage src/kernel/vm/u_mape_anon.c : 1978 7 u_anon_fault src/kernel/vm/u_mape_anon.c : 1463 8 u_map_fault src/kernel/vm/vm_umap.c : 756 9 vm_fault src/kernel/vm/vm_fault.c : 176 10 trap src/kernel/arch/alpha/trap.c : 2329 11 _XentMM src/kernel/arch/alpha/locore.s : 2143 Problem 3: ----------- Memory inconsistancies caused by fault path for large shared memory regions prematurely releasing a hold on a page it just locked. This can cause variety of problems including user program errors and system panics. The conditions under which this corruption can happen are unique. The system must be a NUMA machine in which SSM migration is enabled (it is enabled by default). Users of large shared memory regions (must be 8 MB or larger) that are also locking the shared memory while the memory is migrating could create the right set of conditions that would result in this problem. Problem 4: ------------ A "simple_lock: time limit exceeded" system panic that occurs if very large (8MB or larger) System V Shared memory regions are in use. An example stack trace would be as follows: 4 panic src/kernel/bsd/subr_prf.c : 1309 5 simple_lock_fault src/kernel/kern/lock.c : 2805 6 simple_lock_time_violation src/kernel/kern/lock.c : 2938 7 pmap_ssm_enter src/kernel/arch/alpha/pmap.c : 7827 8 u_ssm_fault src/kernel/vm/u_mape_ssm.c : 2386 9 u_map_fault src/kernel/vm/vm_umap.c : 740 10 vm_fault src/kernel/vm/vm_fault.c : 168 11 trap src/kernel/arch/alpha/trap.c : 2325 12 _XentMM src/kernel/arch/alpha/locore.s : 2115 PROBLEM: (HPAQ11G64, HPAQ41Q65, 86633) (PATCH ID: OSF510-314) ******** This patch corrects the problem of a simple lock timeout due to posix timers and it also corrects some inaccuracies of the posix realtime timers. PROBLEM: (BCPM205PB) (PATCH ID: OSF510-356) ******** This fixes a kernel memory fault panic in msg_rpc_trap(). An example stack trace would be: panic() trap() _XentMM() msg_rpc_trap() _Xsyscall() PROBLEM: (BCGM5280J) (PATCH ID: OSF510-303) ******** This patch fixes a problem where the IO transfer rate writing to a file in an AdvFS domain can suddenly drop. All of the following conditions must be met in order for this problem to occur. 1. The file must be on a multi-volume AdvFS domain. 2. The file must be sparse. That is, it must have unwritten areas within the file. 3. The file must fill its initial volume while still sparse. 4. All writes to the interior of the file will exhibit the problem after step 3. 5. All writes to the end of the file will not exhibit the problem. This problem is only seen on the specific file or files meeting the above criteria. All other files will perform normally. PROBLEM: (87751, 87526) (PATCH ID: OSF510-295) ******** This patch fixes a panic with the following error message: panic: cfsdb_assert PROBLEM: (86617) (PATCH ID: OSF510-335) ******** This patch will prevent a hang in msfs_cfs_flush_and_invalidate() when running defragment on a cluster. Without this patch, the call to ubc_flush_dirty() would hang since that function cannot flush dirty metadata pages. PROBLEM: (ISV-2-265, ISV-2-265) (PATCH ID: OSF510-291) ******** This patch fixes a problem such that applications that directly manipulate memory buffer pointers get correct results. This problem is exhibited when using Tarantella Enterprise 3 application server software to run applications; the UNIX system will hang requiring a power shutdown and system reboot to recover. PROBLEM: (86357) (PATCH ID: OSF510-281) ******** This patch will fix panics generated by whole-file flushes of metadata files. Symptoms include CLUSTER BOOT PANIC: SIMPLE_LOCK: UNINITIALIZED LOCK KMF IN ADVFS_PAGE_BUSY() DURING RECOVERY PROCESSING PANIC WHEN MOUNTING ADVFS FILE SYSTEM ADVFS CLUSTER ROOT DOMAIN GOT CORRUPTED ADVFS EXCEPTION PANIC ON WILDCAT NIGHTLY (REV 336) BOOTING NEWLY CREATED CLUSTER KERNEL TRASHES BASE OS ADVFS CLUSTER ROOT DOMAIN GOT CORRUPTED Change bfflush() to use the access structure's nextPage field instead of the file_size field. The latter is not maintained for metadata files. PROBLEM: (85654, 84990, 87334) (PATCH ID: OSF510-279) ******** This patch fixes three problems: - replaces the system panics caused by "Can't clear bit twice" with a domain panic. Panic strings include: "bad v0 frag free list" "get bf set attr failed." "invalid fragSlot" "bs_frag_alloc: invalid frag" "bs_frag_alloc: invalid frag group - mkfdmn command now works with the -V3 and -p options. This prevents a core dump from being generated. This is a rare situation that was seen by code inspection. - domain panics that were inadvertently removed from bs_frag_alloc() have been replaced. Now, instead of a system crash with a panic string like dealloc_bits_page (path 2): can't clear a bit twice! dmnId = %08x.%08x, vd = %d, pg = %u, wd = %u, mask = %08x\n" the domain will panic. PROBLEM: (SSRT0742U) (PATCH ID: OSF510-320) ******** A potential security vulnerability has been discovered in the kernel, where under certain circumstances a race condition can occur that could allow a non-root user to modify any file and possibly gain root access. PROBLEM: (TPO045010) (PATCH ID: OSF510-243) ******** This patch fixes a problem in which netisr_add() can erroneously return an EEXIST error.This problem can maifest as "Framework error: connection problems" messages from X.25 applications. PROBLEM: (87183, 87097) (PATCH ID: OSF510-278) ******** This patch addresses a panic situation in IN_PCBREF and a change to tcp_deletetcb to prevent a crash.Basically,it prevents a panic that could result from an inp disappearing when the listen socket is in the process of closing at the same time a new connection is establishing. PROBLEM: (87884, 83022, 84591, 84891) (PATCH ID: OSF510-288) ******** This patch corrects several CAM errors including: passthru IOCTL fails with EIO (CAM_BUSY) problem; RESERVATION CONFLICT driver BUSY problem; enforce super user only access for SCSI passthru. PROBLEM: (SOO30367A) (PATCH ID: OSF510-263) ******** This patch fixes a cluster problem where opening a file after open/close of its clone deadlocks the AdvFS thread. A hang thread may have a stack trace as follows: 1 thread_sleep 2 _cond_wait 3 _lk_wait_while (-> wait while bfap->stateLk.state == ACC_INIT_TRANS) 4 bs_close_one(bfap = {address} ............. 5 bs_close : 6 msfs_inactive : 7 vrele : NOTE : same "bfAccess" 8 svrtok_relse : structure at 9 cinactive : stack level 4 10 cfs_reclaim : and at 11 vclean : stack level 14 12 vgone : 13 getnewvnode : 14 get_n_setup_new_vnode(bfap = {address} ...: 15 bs_access_one (-> set bfap->stateLk.state = ACC_INIT_TRANS) 16 bs_access 17 bf_get_l 18 msfs_lookup 19 cfs_fast_namei 20 crfs_lookup_0 21 icstnc_rpc_dispatch 22 icstnc_svr_rcall 23 icssvr_daemon_from_pool PROBLEM: (HPAQ50BD4) (PATCH ID: OSF510-255) ******** This patch adds unified wait support in conjunction with clustered RDG multichannel wait flag fix to allow for more efficient processing by Oracle processes. PROBLEM: (BCGM7243T, TKT194594) (PATCH ID: OSF510-248) ******** This patch fixes a problem where network interfaces can appear unresponsive to network traffic. PROBLEM: (SOO21324A, HPAQ507XC) (PATCH ID: OSF510-268) ******** This patch corrects a CFS problem where the data on an AdvFS clone fileset may get overwritten as an unexpected side effect of using directio. The problem occurs when the program issuing the directio open is running on a CFS client AND the fileset involved has been cloned AND a rewrite occurs involving pages not yet modified since the creation of the clone. A read of the file via the clone would present the new data instead of the original data. PROBLEM: (85263, 84086) (PATCH ID: OSF510-369) ******** This patch fix mbuf memory corruption when using ICS/TCP PROBLEM: (LU_G01229) (PATCH ID: OSF510-357) ******** This fixes a problem with vm_faults against anon objects mapped by multiple map entires. PROBLEM: (BCSM80J37) (PATCH ID: OSF510-374) ******** This patch corrects the problem of a thread deadlocking against itself under the following conditions: o Running in a cluster. o Opening (and then closing) a directory that has an index file. o Trying to open the index file through .tags (e.g. defragment does that) and by coincidence getting the vnode that pointed to the directory that the index file is attached to. PROBLEM: (89177, 87242, ZUO61276A) (PATCH ID: OSF510-332) ******** This patch fixes a performance problem and the results are large performance increases in configurations where more than 8 tapes are supported on a fibre channel (usually behind an MDR or FCTCII). PROBLEM: (84846) (PATCH ID: OSF510-310) ******** Fixes a problem in kernel threads where multi-threaded applications were allowed to start running prior to virtual memory mapping swapin. This was prevented by adding a flag to mark when the map is swapped out and no thread swapins can occur until this flag is cleared. PROBLEM: (89350) (PATCH ID: OSF510-364) ******** This patch fixes the following Virtual Memory problem: One or more processes on a NUMA system appear to hang and cannot be killed. If a debugger is attached to any of these hung processes, a traceback similar to the following will be seen (especially the top three frames): 0 thread_block src/kernel/kern/sched_prim.c : 3102 1 u_anon_faultpage src/kernel/vm/u_mape_anon.c : 1604 2 u_anon_fault src/kernel/vm/u_mape_anon.c : 1423 3 vl_wire src/kernel/vm/vm_vlock.c : 221 4 u_map_wire src/kernel/vm/vm_umap.c : 1331 PROBLEM: (HPAQ40KPJ) (PATCH ID: OSF510-333) ******** This patch contains fixes that ensure fiberchannel system configurations can properly identify boot and swap devices required to obtain crash dumps. This patch requires that fiberchanel systems which utilize fiberchannel devices for boot and swap be properly configured. Refer to the Release Notes for more information. PROBLEM: (HPAQ507XC) (PATCH ID: OSF510-358) ******** This fixes a panic of "malloc_leak: free with wrong type" when using kmem-debug-protect. An example stack trace: panic() malloc_leak() malloc_debug() free() PROBLEM: (BCSM425K2, HPAQ501N7, SQO83130A) (PATCH ID: OSF510-271) ******** This patch fixes an issue where Sybase 11.9.x and 12.0 reports "Error: 1613" and "host process disconnected" errors. When Sybase sees extraneous: o "soc_smigrate" errors, Sybase reports "Cannot read, host process disconnected" o "1621" errors, Sybase reports "nclose: close, Invalid argument", "Error 1613, Severity: 21, State: 1" "Could not close network 0 connection for server process 9" "nclose: close, Bad file number" PROBLEM: (84273) (PATCH ID: OSF510-290) ******** A threaded section of application code can crash when using grainuality hints ( GH). PROBLEM: (84916) (PATCH ID: OSF510-235) ******** This patch ensures that certain invariants within the kernel concerning clone maps are maintained. It maintains consistency and correctness of the clone maps. PROBLEM: (NWO43591A, BCPM41BKV, EVT0809784, HPAQ622FV) (PATCH ID: OSF510-298) ******** This patch fixes a problem which can cause a "kernel memory fault" panic in load_from_shadow_rec(). The panic can occur when accessing AdvFS domains in v5.x systems which have the "old" v3 ondisk format and where files are badly fragmented. The stack trace of the panicing thread will look like the following. panic string = "kernel memory fault" 0 boot 1 panic 2 trap 3 _XentMM 4 load_from_shadow_rec 5 load_inmem_xtnt_map 6 x_create_inmem_xtnt_map 7 bs_map_bf 8 bs_access_one 9 bs_access 10 bf_get_l 11 msfs_lookup 12 namei 13 _F64_stat1 14 syscall 15 _Xsyscall PROBLEM: (85454) (PATCH ID: OSF510-326) ******** This patch fixes a Fix incorrect usage of UNMOUNT_TRY_READ in Autofs PROBLEM: (87175, BCPM41T19, 87301) (PATCH ID: OSF510-269) ******** A system detected a power issue and attempted to shutdown. It ran the powerdown_thread, which is not bound to a specific cpu. Eventually resettodr, which requires execution on the master cpu, was called. The powerdown thread started on cpu 2 and did not move from there. Thus, the system panic'd when the code in resettodr checked the cpu number. The stack trace is below: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 614 1 panic src/kernel/bsd/subr_prf.c : 751 2 event_timeout src/kernel/arch/alpha/cpu.c : 1183 3 xcpu_puts src/kernel/bsd/subr_prf.c : 895 4 printf src/kernel/bsd/subr_prf.c : 423 5 panic src/kernel/bsd/subr_prf.c : 804 6 resettodr src/kernel/arch/alpha/clock.c : 379 7 boot src/kernel/arch/alpha/machdep.c : 1991 8 powerdown_thread src/kernel/arch/alpha/machdep.c : 4274 PROBLEM: (83050, 85252, 86131, 86338, 87373, 87030, 86518) (PATCH ID: OSF510-249) ******** This patch fixes the following problems using hwmgr command: - KMF FTX_DONE_URDR: BAD FTX - UNALIGNED KERNEL SPACE ACCESS FROM KERNEL MODE - KMF FROM HWC_LOOKUP_DEVT_SAFE - HWCC_JACKET_RTN: BAD CALL TO KCH - HWCC_EVAL_REQUEST: INFALLIBLE PROPOSAL RETURNED ERROR - HWCC_JACKET_RTN: INFALLIBLE PROPOSAL RETURNED ERROR PROBLEM: (86780) (PATCH ID: OSF510-350) ******** This patch prevents lock hierarchy violations due to putpage/migrate interaction. Lock hierarchy violation may be seen in x_load_inmem_xtnt_map() when running defragment. PROBLEM: (88709) (PATCH ID: OSF510-337) ******** This patch fixes a problem where an AdvFS Direct I/O read could Kernel Memory Fault, if one of the pages could not be read and the I/O request was not an even multiple of 512 bytes. The crash signiture looks like the following: trap: invalid memory write access from kernel mode faulting virtual address: 0xfffffe0412876000 pc of faulting instruction: 0xfffffc00005de050 ra contents at time of fault: 0xfffffc000028b580 sp contents at time of fault: 0xfffffe057b707650 Stack trace: 0 stop_secondary_cpu 1 panic 2 event_timeout 3 printf 4 panic 5 trap 6 _XentMM 7 _OtsMove PROBLEM: (FR_G01276, 86827) (PATCH ID: OSF510-323) ******** This patch allows POSIX semaphores/msg queues to operate properly on a CFS client. These mechanisms are not "clusterized" and cannot be used across nodes but any application using semaphores or message that works on a base system should also work when run on a single node in a cluster (client or server). PROBLEM: (85229) (PATCH ID: OSF510-264) ******** This patch fixes a problem in which issuing a "quot -h" command causes a memory fault when the /etc/fstab file contains a mount point that is not mounted. PROBLEM: (87205, MGO81177A) (PATCH ID: OSF510-307) ******** This patch fixes a system panic with panic string: "lock_terminate: lock held". This is being caused by the table call which, when accessing an open file table from another task, was not doing the proper locking. An example stack trace is as follows: _panic_string: 0xfffffc00006642a8 = "lock_terminate: lock held" Begin Trace for machine_slot[paniccpu].cpu_panic_thread: > 0 stop_secondary_cpu(do_lwc = 0x0) ... 1 panic(0x3ae55dd2, 0x1f, 0x60000, 0x0, 0x1) ... 2 event_timeout(func = 0xfffffc000028fef0, ... 3 xcpu_puts(0xfffffc000028fef0, 0xfffffc00007672a0, ... 4 printf(0xfffffc0000662d08, 0x3, 0xfffffc00006642a8, ... 5 panic(0x0, 0x1, 0x0, 0x0, 0x0) ... 6 lock_terminate(l = 0xfffffc0291e9e4e0) ... 7 procfs_inactive(vp = 0xfffffc0291e9e400) ... 8 vrele(vp = 0xfffffc0291e9e400) ... 9 vn_close(0xfffffc000026a284, 0xfffffc00de7810c0, ... 10 closef(0x0, 0xfffffffeeffe78f0, 0xfffffc000026971c, ... 11 close(0xfffffc00de7810c0, 0xfffffc02990ecca0, ... 12 syscall(0x11ffff670, 0x1, 0xc38, 0x9603600000003, ... 13 _Xsyscall(0x8, 0x3ff800d5928, 0x140076c30, 0xa, ... End Trace for machine_slot[paniccpu].cpu_panic_thread: PROBLEM: (SSRT0740U) (PATCH ID: OSF510-389) ******** A potential security vulnerability has been discovered in the networking, where under certain circumstances a remote system can take over packets destined for another host. PROBLEM: (89949, SEARS-455, SEARS-471) (PATCH ID: OSF510-388) ******** This patch fixes a problem where the ubc subsystem fails to purge pages because of bound purge_thread. PROBLEM: (84361, 89376, 89912, BCPM90KZ9, MGO37358A) (PATCH ID: OSF510-386) ******** This patch fixes the following system panics: 1.) 'Kernel Memory Fault' in function sth_close_fifo() when closing a vnode that belongs to a FIFO. An example stack trace is as follows: With "fdetach" 11 boot src/kernel/arch/alpha/machdep.c : 199 0 12 panic src/kernel/bsd/subr_prf.c : 842 13 trap src/kernel/arch/alpha/trap.c : 1763 14 _XentMM src/kernel/arch/alpha/locore.s : 1741 15 sth_close_fifo src/kernel/streams/str_filesys.c : 55 5 16 ffm_unmount src/kernel/ffm/ffm_vfsops.c : 620 17 dounmount src/kernel/vfs/vfs_syscalls.c : 1454 18 unmount src/kernel/vfs/vfs_syscalls.c : 1357 19 syscall src/kernel/arch/alpha/syscall_trap.c : 627 20 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 With "Advanced Server for Digital Unix (ASDU)": 0 boot src/kernel/arch/alpha/machdep.c : 2031 1 panic src/kernel/bsd/subr_prf.c : 842 2 trap src/kernel/arch/alpha/trap.c : 1763 3 _XentMM src/kernel/arch/alpha/locore.s : 1741 4 sth_close_fifo src/kernel/streams/str_filesys.c : 555 5 vn_close src/kernel/vfs/vfs_vnops.c : 1534 6 closef src/kernel/bsd/kern_descrip.c : 1989 7 close src/kernel/bsd/kern_descrip.c : 1649 8 syscall src/kernel/arch/alpha/syscall_trap.c : 627 9 _Xsyscall src/kernel/arch/alpha/locore.s : 1505 2.) "simple_lock: time limit exceeded" in "spec_reclaim". An example stack trace is as follows: panic simple_lock_fault simple_lock_time_violation spec_reclaim ["spec_vnops.c":1528] vclean(vp = 0xfffffc01b86d4600, ...) ["vfs_subr.c" : 2782] vgone ["vfs_subr.c" : 2885] getnewvnode ["vfs_subr.c" : 1924] vdealloc ["vfs_subr.c" : 1380] vrele ["vfs_subr.c" : 2426] namei unp_connect uipc_usrreq sosend sendit sendto syscall _Xsyscall PROBLEM: (BCGM80NF5) (PATCH ID: OSF510-387) ******** This patch fixes a problem in which a tcp socket can continue to receive data with no application running. PROBLEM: (CA1Q62704, 89522) (PATCH ID: OSF510-390) ******** This patch corrects a problem where the network subsystem sometimes sends a null TCP packet when a connection is reset. PROBLEM: (DE_G02243, DE_G02261) (PATCH ID: OSF510-413) ******** A check for managed address may return an invalid value when called with the address of a gh region not on rad 0. A panic may occur with the following stack trace: 0 stop_secondary_cpu 1 panic 2 event_timeout 3 printf 4 panic 5 trap 6 _XentMM 7 mcs_lock_try 8 pmap_dup 9 vm_dup_va 10 volkiomem_iter 11 volkiocopyout 12 volsio_unstabilize 13 vol_mv_wrback_done 14 voliod_iohandle 15 voliod_loop PROBLEM: (89288) (PATCH ID: OSF510-402) ******** Fix for internal kernel panic "xfer_hole_stg: unaligned kernel access" -or- "xfer_hole_stg: kernel memory fault" PROBLEM: (90156, 90525, 90580) (PATCH ID: OSF510-439) ******** This patch fix a "RDG unwire panic" when running with RDG and GH chunks. This problem is likely to happen when running Oracle 9i, although it can happen at other times as well. PROBLEM: (90575) (PATCH ID: OSF510-438) ******** This patch allows new versions of Emulex fibre channel adapter to be recognized automatically. PROBLEM: (87242, 90632) (PATCH ID: OSF510-440) ******** This patch fixes the following tape drive problems: - a problem where tape devices spuriously rewind or go offline. It will only allow one HBA to be selected for tape I/O because using more than one path causes a problem with the MDR queuing up Unit Attentions on more paths than the tape driver is prepared to handle. - When executing the following commands; mt -f /dev/tape/tape1_d1 rewind vdump -0 -f /dev/tape/tape1_d1 -D /etc vdump fails to close and displays the following message: vdump: unable to properly close device ; [5] I/O error An example output would be: > # mt -f /dev/tape/tape1_d1 rewind > # vdump -0 -f /dev/tape/tape1_d1 -D /etc > path : /etc > dev/fset : cluster_root#root > type : advfs > advfs id : 0x3aedd0ed.000452ac.1 > vdump: Date of last level 0 dump: the start of the epoch > vdump: Dumping directories > vdump: Dumping 2749504 bytes, 69 directories, 1062 files > vdump: Dumping regular files > vdump: Rewinding and unloading tape > > vdump: unable to properly close device ; [5] I/O error > > vdump: Status at Fri Nov 2 15:52:20 2001 > vdump: Dumped 2846062 of 2749504 bytes; 103.5% completed > vdump: Dumped 69 of 69 directories; 100.0% completed > vdump: Dumped 1062 of 1062 files; 100.0% completed > vdump: Dump completed at Fri Nov 2 15:52:20 2001 PROBLEM: (85366) (PATCH ID: OSF510-185) ******** sys_check generates spurious error messages when nfs is not configured. PROBLEM: (BCGMA1D6Z) (PATCH ID: OSF510-112) ******** sys_check is incorrectly evaluating the number of HSG controllers connected to a system, especially in a multipath configuration on v5.0a/V5.1. Doing so causes sys_check to run considerably longer. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF510-317) ******** A potential security vulnerability has been discovered, where under certain circumstances, users can clobber temporary files created by shell commands and utilities (e.g. under /sbin, /usr/sbin, /usr/bin, and /etc). Compaq has corrected this potential vulnerability. PROBLEM: (87037) (PATCH ID: OSF510-331) ******** This patch provides the /usr/lbin/mkstemp program which allows the mechanism to create a secure temporary file. PROBLEM: (84401, MGO35023A, 78934, 79892) (PATCH ID: OSF510-139) ******** This patch corrects a hang that can be seen on multi-cpu systems using NFS-over-TCP. THE SMP race is seen between the 'nfs_tcp_input' and the 'nfs_tcp_thread' functions. The stack of the netisr_thread may look like: (kdbx) tset 0xfffffc003cf38e00 (kdbx) t > 0 thread_block 1 lock_wait 2 lock_write 3 solock 4 soclose 5 tsp_unref 6 nfs_tcp_input 7 sbwakeup 8 sowakeup 9 tcp_close 10 tcp_input_common 11 tcp_input 12 ipintr 13 netisr_thread PROBLEM: (HPAQ2144F) (PATCH ID: OSF510-045) ******** This change fixes a problem with the btcreate command to adjust the sleep time for slower robot tape changers to replace a tape. PROBLEM: (82269) (PATCH ID: OSF510-029) ******** This patch fixes a kernel panic caused by btcreate when it generated scripts to recreate LSM volumes on restore operations. The panic string would be similar to this: trap: invalid memory read access from kernel mode faulting virtual address: 0x00000000000000c8 pc of faulting instruction: 0xfffffc00006519a4 ra contents at time of fault: 0xfffffc0000651980 sp contents at time of fault: 0xfffffe040595f290 panic (cpu 0): kernel memory fault The routine corresponding to the PC is voldiskiostart in src/kernel/lsm/dec/diskio.c. PROBLEM: (82949) (PATCH ID: OSF510-085) ******** This patch fixes a problem where in the device special files are not being created by btextract. Btextract has been modified to setup another user_config point to create device special files in the miniroot. PROBLEM: (CA1Q20449, 86317, 88209) (PATCH ID: OSF510-342) ******** This patch fixes a problem with the 400ms delay upon network cable reinsertion which could lead to temporarily held drivers. PROBLEM: (81170) (PATCH ID: OSF510-024) ******** This patch fixes the processing of export lists with '/' in them. PROBLEM: (90640) (PATCH ID: OSF510-508) ******** This patch fixes a situation where a failed open to a device will cause an error that the device cannot be deleted using hwmgr. The following is an example of how to reproduce the problem: Physically remove a disk like dsk2 hwmgr -scan scsi hwmgr -show scsi (there should be no path to dsk2) disklabel -r dsk2 (forces an open to the device, should get no such device error) hwmgr -delete scsi -did 2 (did for dsk2, should get an error here) This patch will allow the hwmgr -delete command above to complete successfully. PROBLEM: (90548, 89701, AT_G01933) (PATCH ID: OSF510-435) ******** This patch corrects a problem that is encountered when trying to create an Oracle database on a wildfire system that has a memoryless QBB. Without this patch, direct i/o to to an advfs file using asynchronous i/o will hang if it is completed on a memoryless QBB. 1. Error Message Creation of a Oracle (8.1.7.2) database fails when datafiles or redologfiles are created. Message: WARNING: aio_results_np timed out 1 times, waited 120 secs WARNING: aio_results_np timed out 1 times, waited 590 secs 2. Symptoms Oracle processes hang after this message. They can't be killed, system has to be rebootet. 3. Process leading to the symptom. Creation of a Oracle database. PROBLEM: (90214, 90549) (PATCH ID: OSF510-437) ******** This patch fixes a kernel memory fault due to a bug in kernel code. A typical stack trace that could be an indication of this problem appears as the following: > 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1346 1 panic src/kernel/bsd/subr_prf.c : 1296 2 event_timeout src/kernel/arch/alpha/cpu.c : 2212 3 printf src/kernel/bsd/subr_prf.c : 981 4 panic src/kernel/bsd/subr_prf.c : 1353 5 trap src/kernel/arch/alpha/trap.c : 2266 6 _XentMM src/kernel/arch/alpha/locore.s : 2143 7 free src/kernel/bsd/kern_malloc.c : 2164 8 semop src/kernel/bsd/svipc_sem.c : 1424 9 syscall src/kernel/arch/alpha/syscall_trap.c : 725 10 _Xsyscall src/kernel/arch/alpha/locore.s : 1814 PROBLEM: (HPAQ90VL6, 90457) (PATCH ID: OSF510-431) ******** This patch corrects the problem where attempts to delete psets can hang the system. PROBLEM: (90031) (PATCH ID: OSF510-396) ******** This patch fixes a "u_shm_oop_deallocate: reference count mismatch" due to a bug in locking mechanism when gh_chunks are in use. PROBLEM: (85196) (PATCH ID: OSF510-528) ******** This corrects problems with USB causing panics under heavily stressed systems. PROBLEM: (89930) (PATCH ID: OSF510-404) ******** Corrects kernel memory corruption against the 4096-byte bucket when SWCC is running and a control port is deleted. This corruption can lead to various kernel memory fault panics. PROBLEM: (83446, 82343) (PATCH ID: OSF510-366) ******** This patch fixes a timing window that caused queue corruption. PROBLEM: (BCGM21ZXL, 86314, BCGMB0PS8) (PATCH ID: OSF510-443) ******** This patch corrects an issue with mmap()ed files on a NFS mounted filesystem. Changes to an mmap()ed file were not being immediately seen. PROBLEM: (83634, 84111, 84423, 117-1-15753, 88228, 88707, 87770, 88077, 89681, 87963, 82569, 86505, 87180, 87497, 86504) (PATCH ID: OSF510-512) ******** This patch installs DECthreads V3.18-138 which fixes problems that may affect threaded programs running on Tru64 UNIX V5.1. Problems include: The fork() system call may fail when a threaded process has several threads and uses thread local storage. The child process terminates immediately with a SEGV. pthread_rad_bind may fail with a SEGV. DECthreads library may fail reporting a krnMcsLock deadlock bugcheck. Data corruption errors might occur during thread creation. DECthreads library may fail reporting a pthread_rwlock_tryrdlock bugcheck. SCS threads don't go into baby child mode, causing errors in the ladebug debugger. The close() system call may hang in the child of a forked threaded process. pthread_mutex_destroy may return EBUSY when trying to delete a mutex that is no longer used. PROBLEM: (85933, HPALA1VFH) (PATCH ID: OSF510-506) ******** This patch prevents a potential panic with non-StorageWorks raid controllers that used the same name for a controller and a disk drive. This conflict was resolved in a prior release but left open the possibility that any attempt to access this disk drive by the kernel could result in a system panic caused by a kernel memory fault. PROBLEM: (89086) (PATCH ID: OSF510-462) ******** This patch is in support of a cluster patch. PROBLEM: (87391, 89027, 84361, 89376, 89775) (PATCH ID: OSF510-497) ******** This patch fixes the following problems: - KMF while unmounting cfs file system - panic with "simple lock: minumum_spl violation" - panic with "simple lock: time limit exceeded" in "spec_reclaim" - specalias structures not being freed - mount command with the extend -u option caused panic PROBLEM: (AT_G02038) (PATCH ID: OSF510-461) ******** This patch fixes a problem which can result in a panic, hang, or corruption from vnode deallocation during an unmount. This could also result in a cluster ICS panic if it freezes up the cluster heartbeats from being sent, such as ics_unable_to_make_progress: timeout callbacks not happening. PROBLEM: (89245, 90061, 90685, 90503, 91148, 91287, 91302, BCGMC175K, ACXIOM536, DE_G02949, ACXIOM537, BCGMB26SC, BCGMA27CZ) (PATCH ID: OSF510-521) ******** This patch fixes the following problems: - prevents HSG80 controller crashes. - fixes cam_logger error message problems during cluster boot. - fixes DRD problems and persistent reservation problems. PROBLEM: (89964, 85632, 85344) (PATCH ID: OSF510-448) ******** This problem typically manifests itself as a kernel memory fault in bs_io_thread. The problem can be exacerbated by setting kmem_debug=0x40 and kmem_protect=4096. PROBLEM: (87008) (PATCH ID: OSF510-421) ******** This problem is seen when debugging kernel crash dumps. The corruption is always page-aligned and usually in the sparse VM "managed" space. "kmem -v" under the "crash" analysis tool may identify this type of corruption, however this problem is not limited to kmem allocations. The corruption can take any form -- application data, kernel data, database -- depending on which wrong page happens to be selected. PROBLEM: (88985) (PATCH ID: OSF510-409) ******** Processes triggering stack growth with anon_rss_enforce set to 2, and exceeding the set resident memory limit hang (lockmode < 4) or panic (lockmode 4). A panic triggered by this problem will have the following section in its trace: panic lock_read u_anon_rss_enforce u_anon_fault u_stack_fault vm_fault PROBLEM: (MGO94097A) (PATCH ID: OSF510-423) ******** During Filesystem relocation the system may panic due to a kernel memory fault when a directory larger than 8192 bytes has been deleted while simultaneously being accessed by another thread. PROBLEM: (83741, 82017, 85256, 87435, 80379) (PATCH ID: OSF510-449) ******** This patch fixes several problems with AutoFS. 1. An uninitialized variable leads to a panic in Clusters. The resulting dump will show a panic in the cfs_vget_fhp() routine. 2. Intercept points were not created when the mounton directory was seen to be busy during autofsmount. Before this patch, if an application had transiently or erroneously busied a mounton directory corresponding to an auto-mount map entry, then no intercept point would be created by autofsmount. Expected auto-mounts would therefor not occur. 3. When a map entry is served locally, "autofsmount -u" would erroneously unmount any locally-mounted file system mounted at the auto-mount mounton directory. An example would be if "foo#bar" was mounted at /mnt, and there was a direct auto-mount map entry : "/foobar host:/mnt" where "host" is the local system. When the auto-mount occurs, /foobar becomes a symlink to /mnt. Before the patch, "autofsmount -u" would have caused foo#bar to be unmounted. 4. An error during auto-mount may render an intercept point unusable. The symptom would be an intercept point that appears to exist as expected, but auto-mounts simply do not occur. PROBLEM: (90713) (PATCH ID: OSF510-459) ******** Using vdump to illustate both problems, if "/foo/bar" was an indirect map entry intercept, executing "vdump -D /foo/bar" would result in an error vdump: error accessing file system ; [2] No such file or directory since an auto-mount would not be induced. After the auto-mount was induced, execution of the command would yield: vdump: error reading extend attributes for directory <.> PROBLEM: (90140, 88033, 87259) (PATCH ID: OSF510-518) ******** This patch fixes a problem where opens would fail when running under heavy IO load with the KZPCC PROBLEM: (TKT262782) (PATCH ID: OSF510-470) ******** This patch corrects a problem whereby clocks on systems could move backwards after subsequent relocations of the root file system using cfsmgr. PROBLEM: (90452) (PATCH ID: OSF510-425) ******** A panic may be seen in bs_derefp during an I/O error. The problem arises because the I/O error was not being handled correctly. A sample crash may look like: 4 panic 5 trap 6 _XentMM 7 bs_derefpg 8 bmtr_scan_mcells 9 bmtr_get_rec_n_lk PROBLEM: (90599) (PATCH ID: OSF510-491) ******** This patch fixes a problem where the tape changer is only accessible from member that's the drd server for the changer. PROBLEM: (90130) (PATCH ID: OSF510-415) ******** This change is a fix for locking on retry case for multi-threaded select/poll. A panic with the following stack trace is indicative of this problem: PANIC: "thread_block: simple lock owned" panic thread_block() lock_wait lock_write solock soclose soo_close closef selscan do_scan select syscall _Xsyscall PROBLEM: (HPAQ11R1R, 85560) (PATCH ID: OSF510-505) ******** This patch corrects a problem relating to the negative lookup cache behaviour that causes a negative lookup result to hide the results of a successful create operation. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF510-525) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (89383, 89386, CA1Q70856) (PATCH ID: OSF510-368) ******** This patch prevents the error 'No such file or directory' from autofsd when the character '*' is used. An example of a map entry is: * alpha:/home/& Entries in the daemon.log file will be similiar to the following: Jul 12 12:22:35 omega autofsd[18644]: exiting with status 2 Jul 12 12:22:35 omega autofsd[407]: PID 18644 exited with status 2 PROBLEM: (81985, 85462, 85468) (PATCH ID: OSF510-513) ******** From an NFS client, if a blocking file lock request (ie, fcntl() syscall) is interrupted by a signal, it's possible that under certain rare situations, the "pending" lock request may persist at the NFS server. Eventually, the NFS server may grant the lock, even though the originating process may be long gone. Thus, any process that subsequently requests a conflicting lock (either running locally at the NFS server, or via an NFS client) will block indefinitely. PROBLEM: (85223, 84579) (PATCH ID: OSF510-410) ******** This patch corrects an NFS hang when the delayed option is used with the mount command. PROBLEM: (88700) (PATCH ID: OSF510-478) ******** This patch eliminates AdvFS domain panics for filesystems served remotely on a local disk, when the server node is shut down. Representative console messages are as follows: 21/Jun/2001 11:09:12 AdvFS I/O error: 21/Jun/2001 11:09:12 Volume: /dev/disk/dsk26d 21/Jun/2001 11:09:12 Tag: 0xfffffff7.0000 21/Jun/2001 11:09:12 Page: 158 21/Jun/2001 11:09:12 Block: 4944864 21/Jun/2001 11:09:12 Block count: 16 21/Jun/2001 11:09:12 Type of operation: Write 21/Jun/2001 11:09:12 Error: 5 21/Jun/2001 11:09:12 EEI: 0x0 21/Jun/2001 11:09:12 21/Jun/2001 11:09:12 bs_osf_complete: metadata write failed 21/Jun/2001 11:09:13 AdvFS Domain Panic; Domain root11_local Id 0x3b158067.0009dfb0 21/Jun/2001 11:09:13 An AdvFS domain panic has occurred due to either a metadata write error or an internal inconsistency. This domain is being rendered inaccessible. PROBLEM: (SSRT0759U) (PATCH ID: OSF510-468) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of file corruption due to the manner in which setuid/setgid programs core dump. Compaq has corrected this potential vulnerability. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF510-538) ******** PROBLEM: (90927) (PATCH ID: ) A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (87371) (PATCH ID: OSF510-418) ******** This patch corrects locking problems in vclean(). PROBLEM: (91440) (PATCH ID: OSF510-545) ******** The corruption found was traced to error handling in certain conditions when multiple volumes are full. AdvFS would rearrange the last extent because it thought there was a hole. All cases will have a sub extent map with a hole descriptor whose page number is greater than the following extent's page number. This is not allowed under any circumstances and is a corruption of the extent map and therefore a corruption of the domain. An example you would see would look like: submap vd# Offset Cnt extentCnt bsPage vdBlk ====================================================== [11] 4 71 5 4 71 276672 72 260672 75 276960 76 -1 updateStart [12] 4 71 5 4 71 276672 72 260672 75 276960 76 -1 [13] 3 76 1 2 76 3550320 77 -1 [14] 12 77 3 3 77 -1 <--- error out of order 76 619223 79 -1 PROBLEM: (88758) (PATCH ID: OSF510-403) ******** The routine msfs_unmount() could cause a hang if the underlying filesystem is currently busy. PROBLEM: (89728) (PATCH ID: OSF510-502) ******** This patch corrects a CFS problem that could cause a panic with the panic string of "CFS_INFS full". Note, this problem only exists when running in a cluster environment. PROBLEM: (MXOM80005) (PATCH ID: OSF510-471) ******** This patch fixes a problem where socket based applications can hang in soclose() PROBLEM: (TKT232044) (PATCH ID: OSF510-519) ******** NetRAIN virtual interface counters are not maintained properly, which affects reporting via netstat and snmp, and affects the proper operation of NetRAIN. PROBLEM: (86861) (PATCH ID: OSF510-444) ******** System will panic and/or data corruption may occur by changing fifo parameter pipe-databuf-size while fifo operations are in flight. Panic information: (dbx) t > 0 boot(reason = (unallocated - symbol optimized away), howto = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/machdep.c":2644, 0xfffffc000067b854] 1 panic(s = (unallocated - symbol optimized away)) ["../../../../src/kernel/ bsd/subr_prf.c":1401, 0xfffffc000029f4a0] 2 trap(a0 = (...), a1 = (...), a2 = (...), code = (unallocated - symbol optimized away), exc_frame = (unallocated - symbol optimized away)) ["../../../../src/kernel/arch/alpha/trap.c":2266, 0xfffffc00006696e0] 3 _XentMM(0x1, 0xfffffc00005d0fc0, 0xfffffc00008409a0, 0xfffffc0059d72400, 0x0) ["../../../../src/kernel/arch/alpha/locore.s":2143, 0xfffffc0000663154] 4 fifo_write(vp = (unallocated - symbol optimized away), uiop = (unallocated - symbol optimized away), ioflag = (unallocated - symbol optimized away), cred = (unallocated - symbol optimized away)) ["../../../../src/kernel/vfs/ fifo_vnops.c":1161, 0xfffffc00005d0fc0] 5 nfsfifo_write(0xfffffc00005f7044, 0xfffffc00927b00c0, 0xfffffe04a223f878, 0xfffffc0030481d40, 0xfffffe04a223f878) ["../../../../src/kernel/nfs/ nfs_vnodeops.c":3939, 0xfffffc0000533e38] 6 vn_write(0xfffffc00002b3230, 0xfffffe04a223f878, 0xfffffc004dd7f200, 0x0, 0x4000) ["../../../../src/kernel/vfs/vfs_vnops.c":1427, 0xfffffc00005f7040] 7 rwuio(0xfffffe04a2238000, 0xfffffc000cbc9880, 0xfffffc00927b00c0, 0xfffffe04a223f8f0, 0x1) ["../../../../src/kernel/bsd/sys_generic.c":2257, 0xfffffc00002b3284] 8 write(0xb4000, 0xfffffc0000000001, 0x4000, 0x100000000, 0xffffffff00000002) ["../../../../src/kernel/bsd/sys_generic.c":2179, 0xfffffc00002b3118] 9 syscall(0x4000, 0x0, 0x0, 0x1200012fc, 0x0) ["../../../../src/kernel/arch/ alpha/syscall_trap.c":725, 0xfffffc000065f700] 10 _Xsyscall(0x8, 0x3ff800d1d18, 0x1400080b0, 0x3, 0x11fff8000) ["../../../.. /src/kernel/arch/alpha/locore.s":1814, 0xfffffc0000662edc] PROBLEM: (HPAQA29D5) (PATCH ID: OSF510-428) ******** Threaded realtime applications which create system contention scope threads may block indefinitely in pthread_cond_timedwait() calls if the priority of a given user thread exceeds that of the manager thread. The manager thread is a kernel thread created by the threads library to provide support for timed condition waits as well as other library support functions. If the kernel fails to elevate the priority of the manager thread to at least that of the highest priority user thread, its execution can be indefinitely postponed thereby prohibiting it from notifying the library scheduler that timeouts have expired. The run-time manifestation can be performance degradation or process hangs. PROBLEM: (90118, BCGM91KNL) (PATCH ID: OSF510-420) ******** Fix problem seen in low-memory situations within task swapping code This would most frequently be seen as a panic from within thread_continue(), with a message in the pmsgbuf looking like: thread_continue: thread 0x7fe38380 in state 0x15 panic (cpu 1): thread_continue Examining the trace back of the noted thread (which is also the first argument to thread_continue()), one will find a blocking idle_thread, that looks like something along the lines of this: crash> tf > 0 thread_block src/kernel/kern/sched_prim.c : 3102 1 lock_wait src/kernel/kern/lock.c : 852 2 lock_write src/kernel/kern/lock.c : 947 3 k_map_delete src/kernel/vm/vm_kmap.c : 1419 4 kmem_stack_free src/kernel/vm/vm_kmap.c : 1151 5 stack_free src/kernel/vm/vm_kmap.c : 1288 6 thread_deallocate src/kernel/kern/thread.c : 1900 7 thread_continue src/kernel/kern/sched_prim.c : 3284 8 thread_block src/kernel/kern/sched_prim.c : 3101 9 idle_thread src/kernel/kern/sched_prim.c : 4518 PROBLEM: (BCGMB0G74/90845) (PATCH ID: OSF510-457) ******** System panics with kernel memory fault. Typical stack trace were ubc page being released faults because the lru is corrupt. cpu 1 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1205 1 panic src/kernel/bsd/subr_prf.c : 1252 2 event_timeout src/kernel/arch/alpha/cpu.c : 1971 3 printf src/kernel/bsd/subr_prf.c : 940 4 panic src/kernel/bsd/subr_prf.c : 1309 5 trap src/kernel/arch/alpha/trap.c : 2262 6 _XentMM src/kernel/arch/alpha/locore.s : 2115 7 ubc_page_release src/kernel/vfs/vfs_ubc.c : 4852 8 cfs_rwvp_cache src/kernel/tnc_common/tnc_cfe/alpha/cfs_vm_alpha.c : 1837 9 cfs_cacheread src/kernel/tnc_common/tnc_cfe/alpha/cfs_vm_alpha.c : 1502 10 cfs_read src/kernel/tnc_common/tnc_cfe/cfs_vm_osi.c : 995 11 vn_read src/kernel/vfs/vfs_vnops.c : 1250 12 rwuio src/kernel/bsd/sys_generic.c : 2264 13 read src/kernel/bsd/sys_generic.c : 2213 14 syscall src/kernel/arch/alpha/syscall_trap.c : 713 15 _Xsyscall src/kernel/arch/alpha/locore.s : 1785 Second cpu stack trace is in ubc_written_kluster 0 stop_secondary_cpu src/kernel/arch/alpha/cpu.c : 1205 1 panic src/kernel/bsd/subr_prf.c : 1294 2 event_timeout src/kernel/arch/alpha/cpu.c : 1971 3 mcs_lock_miss src/kernel/arch/alpha/lockprim.s : 3973 4 ubc_written_kluster_do_ubcpages src/kernel/vfs/vfs_ubc.c : 5805 5 ubc_written_kluster src/kernel/vfs/vfs_ubc.c : 5969 6 cfs_putpage src/kernel/tnc_common/tnc_cfe/alpha/cfs_vm_alpha.c : 1314 7 ubc_page_alloc src/kernel/vfs/vfs_ubc.c : 3773 8 ubc_clean_page src/kernel/vfs/vfs_ubc.c : 5631 9 ubc_kluster src/kernel/vfs/vfs_ubc.c : 5734 10 cfs_getapage src/kernel/tnc_common/tnc_cfe/alpha/cfs_vm_alpha.c : 846 11 cfs_getpages src/kernel/tnc_common/tnc_cfe/alpha/cfs_vm_alpha.c : 60 12 cfs_getpage src/kernel/tnc_common/tnc_cfe/cfs_vm_osi.c : 1563 13 cfs_rwvp_cache src/kernel/tnc_common/tnc_cfe/alpha/cfs_vm_alpha.c : 191 14 cfs_cacheread src/kernel/tnc_common/tnc_cfe/alpha/cfs_vm_alpha.c : 102 15 cfs_read src/kernel/tnc_common/tnc_cfe/cfs_vm_osi.c : 995 16 vn_read src/kernel/vfs/vfs_vnops.c : 1250 17 rwuio src/kernel/bsd/sys_generic.c : 2264 18 read src/kernel/bsd/sys_generic.c : 2213 19 syscall src/kernel/arch/alpha/syscall_trap.c : 713 20 _Xsyscall src/kernel/arch/alpha/locore.s : 1785 PROBLEM: (87654, 90761, FR_G02688) (PATCH ID: OSF510-526) ******** This patch fixes a problem that causes bugchecks from applications running decthreads. PROBLEM: (BCPM31K0S, 117-2-510, DE_G01915, 88100) (PATCH ID: OSF510-484) ******** This patch fixes a problem with poor interactive performance including hanging commands and logins, and random drops in IO rates when writing many large files. PROBLEM: (81166) (PATCH ID: OSF510-504) ******** A panic can occure in calc_extentmap() when there are more extents than arraysize. This causes the current extentmap and offset to not be correctly calculated. A typical stack trace look like this: > 0 boot src/kernel/arch/alpha/machdep.c : 2774 1 panic src/kernel/bsd/subr_prf.c : 1334 2 trap src/kernel/arch/alpha/trap.c : 2262 3 _XentMM src/kernel/arch/alpha/locore.s : 2115 4 calc_extentmap src/kernel/ufs/ufs_vnops.c : 2760 5 get_extentmap src/kernel/ufs/ufs_vnops.c : 2817 6 get_extentmap src/kernel/ufs/ufs_vnops.c : 2842 7 get_extentmap src/kernel/ufs/ufs_vnops.c : 2842 8 ufs_get_extentmap src/kernel/ufs/ufs_vnops.c : 2930 9 vn_ioctl src/kernel/vfs/vfs_vnops.c : 1644 10 fioctl src/kernel/bsd/kern_descrip.c : 2153 11 fcntl src/kernel/bsd/kern_descrip.c : 1922 12 syscall src/kernel/arch/alpha/syscall_trap.c : 713 13 _Xsyscall src/kernel/arch/alpha/locore.s : 1785 PROBLEM: (none) (PATCH ID: OSF510-476) ******** This patch adds code and bug fixes needed Encore Real Time Computing Inc software to run on Tru64 UNIX. PROBLEM: (TKT242756) (PATCH ID: OSF510-514) ******** This patch fixes a problem where I/O writes may not update attributes properly. There are times when we must ensure that all IO is complete on a file before performing an operation to ensure that attributes are updated appropriately. PROBLEM: (90560) (PATCH ID: OSF510-500) ******** This patch fixes the CEH bus/target and lun number when lun > 127. PROBLEM: (89494, 89457, 89699, BCGM8198G) (PATCH ID: OSF510-405) ******** This patch corrects a kernel memory fault on multiple cpu systems when two or more cpus find an AdvFS problem at the same time. PROBLEM: (AT_G02174, 90034) (PATCH ID: OSF510-498) ******** This problem causes ADVFS to access kernel memory which has been freed. If that memory was reallocated to another subsystem, the panic may occur in a subsystem other than ADVFS. This problem will usually result in the message: PANIC: 'kernel memory fault' A typical ADVFS stack trace is: 4 panic src/kernel/bsd/subr_prf.c : 1309 5 trap src/kernel/arch/alpha/trap.c : 2262 6 _XentMM src/kernel/arch/alpha/locore.s : 2115 7 advfs_ubc_page_hold src/kernel/vfs/vfs_ubc.c : 2987 8 advfs_page_hold src/kernel/msfs/bs/bs_buffer2.c : 2071 9 bfflush_start src/kernel/msfs/bs/bs_qio.c : 3746 10 bs_bf_flush_nowait src/kernel/msfs/bs/bs_qio.c : 4395 11 cp_copy_page_range src/kernel/msfs/bs/bs_copy.c : 309 12 migrate_normal src/kernel/msfs/bs/bs_migrate.c : 1648 13 migrate_normal_one_disk src/kernel/msfs/bs/bs_migrate.c : 1275 14 mig_migrate src/kernel/msfs/bs/bs_migrate.c : 1050 15 bs_migrate src/kernel/msfs/bs/bs_migrate.c : 933 16 msfs_syscall_op_migrate src/kernel/msfs/bs/bs_misc.c : 5749 17 msfs_real_syscall src/kernel/msfs/bs/bs_misc.c : 3637 18 msfs_syscall src/kernel/msfs/osf/msfs_syscalls.c : 145 PROBLEM: (90937) (PATCH ID: OSF510-453) ******** This patch fixes a potential race condition in the Virtual Memory subsystem. There is code in the vm_page_clean() routine that modifies a vm_page pg_busy and pg_reserved fields without the page lock being held. This might lead to potential vm_page list corruption in the kernel. This patch corrects the code to properly modify those fields while the vm_page lock is held. PROBLEM: (87030, 85245) (PATCH ID: OSF510-527) ******** This patch fixes a crash in hwc space when lockmode is equal 4 and add support to get devt information from user space. PROBLEM: (90551) (PATCH ID: OSF510-517) ******** Patch adds ECC information to error log. PROBLEM: (90366) (PATCH ID: OSF510-533) ******** This patch fixes reservation conflicts in cdisk_rec_tur_done. PROBLEM: (94038, 83547) (PATCH ID: OSF510-466) ******** PROBLEM: A potential data corruption problem has been discovered in which stale data (data which is out-of-date)may be returned to an application running on a CFS client when it reads data from a file on a CFS server. Compaq has corrected this problem. PROBLEM: An fsync() or synchronous write may return to the application before some data has been flushed to disk. The data will still be queued to go out to disk but if the system crashes before it does, the update will be lost. The amount of data that will be lost will be no greater than 8192 bytes. Compaq has corrected this problem. PROBLEM: An fsync() or fsyncdata() may return to the application before some data has been flushed to disk. The data will still be queued to go out to disk but if the system crashes before it does, the update will be lost. This is essentially the same symptom of the previous problem but the window of time in which the supposedly synced data is still in memory is actually smaller than that of the previous problem. Compaq has corrected this problem. PROBLEM: (BCGMA1Q9S, 89434) (PATCH ID: OSF510-483) ******** This patch fixes a problem where decreasing the smoothsync_age does not always have an effect. PROBLEM: (IT_G01812, SSRT0756U) (PATCH ID: OSF510-488) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (BE_G01949, 81659) (PATCH ID: OSF510-474) ******** This patch fixes a problem that causes a system panic when a program calls sendfile(2) to access a file via NFS. A typical stack trace would look like this: 1 panic 2 trap 3 _XentMM 4 crhold 5 nfs3_getpage 6 umc_getobj_page 7 so_sendfile 8 sendfile 9 syscall 10 _Xsyscall PROBLEM: (SEARS-479) (PATCH ID: OSF510-436) ******** This change fixes a problem where tape and changer devices on fibre could occassionally return an incorrect offline status. This happens when there are more than 2 unit attentions presently queued up for the device. PROBLEM: (SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF510-522) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. PROBLEM: (none) (PATCH ID: OSF510-549) ******** This patch introduces a switch by which "unsafe symlink" resolution can be disabled. Unsafe symlinks are those symlinks residing in public- writable directories and are not owned by root, the current user, or the owner of the parent directory. Enabling this behavior can break applications which rely on "unsafe symlinks". PROBLEM: (90185, 90558) (PATCH ID: OSF510-446) ******** A vfs bug was introduced in Compaq UNIX v5.1 which causes a directory look up problem in applications such as ssh. ssh v2.4.0 and v2.4.1 running on Compaq Tru64 UNIX V5.1 and later, user will see the problem when doing "ls" in sftp and when uploading public key using ssh-pubkeymgr. The problem results in an indefinite output display of effected commands. File systems which use the "new" directory format are impacted. These include NFSv3, autofs, dvdfs and cdfs. PROBLEM: (82888, 81130, 90772, none) (PATCH ID: OSF510-445) ******** This patch adds support to AutoFS for an abbreviated syntax to support replicated servers in auto-mount maps. It also provides a fix for a problem wherein mount options specified in an auto-mount map file are not applied to all replicated servers in a list, when the existing syntax is used. PROBLEM: (86377, 87380, 90190, TKTB30117, BCGM40Z3J, TKT216655, SE_G02157) (PATCH ID: OSF510-492) ******** This patch corrects problems with NFS server V3 and AdvFS. Specifically NFS V3 can use large buffers and without this correction hangs could occur. Additionally, AdvFS could return EIO errors under certain conditions which have been fixed with this patch. PROBLEM: (83371) (PATCH ID: OSF510-546) ******** when the an object selection audit style (auditmask -s obj_sel) is enabled files removed from, or added to a directory which is flagged ("auditmask -x dir") to be monitored when accessed or modified does not generate an audit event. PROBLEM: (BCSMC22DM, TPO073157, FR_G02923, DJO333030) (PATCH ID: OSF510-536) ******** This patch corrects a problem where multi-volume AdvFS v3 domains exhibit I/O errors (not attributable to hardware). The same problem also causes a failed mkfset due to ENO_XTNTS. PROBLEM: (72225, 82023) (PATCH ID: OSF510-494) ******** This patch corrects a race condition which could result in a failure to set the modification time of a file. This occurs only on a ufs filesystem. PROBLEM: (85887) (PATCH ID: OSF510-490) ******** This patch addresses a fix that is required if a system crashes while a volume is being removed from one of the AdvFS domains. If that crash occurs while a specific portion of code is being executed, the subsequent recovery of that domain will fail. This patch removes that window. The resulting domain panic will yield the following stack trace: 7 domain_panic 8 ftx_bfmeta_rec_redo 9 ftx_recovery_pass 10 ftx_bfdmn_recovery 11 bs_bfdmn_activate 12 bs_bfdmn_tbl_activate 13 bs_get_dmntbl_params 14 msfs_real_syscall 15 msfs_syscall 16 syscall PROBLEM: (BCGM51RKR) (PATCH ID: OSF510-479) ******** This addresses a kernel memory fault panic in malloc_thread(). panic() trap() _XentMM() malloc_thread() PROBLEM: (BCGMB1N21) (PATCH ID: OSF510-482) ******** This patch fixes a kernel memory fault in wait_to_readyq(), or advfs_page_busy(), or potentially other routines which may reference a vm_page, bsBuf, or ioDesc that has been freed prematurely. The following events need to be present to cause this panic. (a) It has to be on a cluster. (b) A thread has to be opening the quota.user or quota.group file with the O_DIRECTIO option . (c) At the same time the thread in (b) is opening the quota.user or quota.group file, there has to be another thread adding or deleting storage to another file on the same domain#fileset. A typical stack trace for the panicing thread is the following. 4 panic src/kernel/bsd/subr_prf.c : 1309 5 trap src/kernel/arch/alpha/trap.c : 2262 6 _XentMM src/kernel/arch/alpha/locore.s : 2115 7 wait_to_readyq src/kernel/msfs/bs/bs_qio.c : 2590 8 check_cont_bits src/kernel/msfs/bs/bs_qio.c : 1932 9 bs_io_thread src/kernel/msfs/bs/bs_qio.c : 5835 PROBLEM: (90110, ES_G02301) (PATCH ID: OSF510-463) ******** This patch fixes a crash that occurs when disk controllers are restarted repeatedly. This occurs when memory associated with the disk controller is unallocated more than once. The following message is displayed: PANIC: "malloc_leak: free with wrong type" PROBLEM: (86308, BCSM3169H) (PATCH ID: OSF510-503) ******** This patch fixes a potential problem where system responsiveness may be impacted. In certain situations, this impact may prevent other processes from running for several seconds. This problem can occur during a filesystem synch when there are many filesystems where each contains several hundred thousand files. Note that AdvFS filesystems do not exhibit this problem. PROBLEM: (89295, 89838) (PATCH ID: OSF510-537) ******** PROBLEM: (89295, 89838) (PATCH ID: ) DEGPA and NetRAIN ----------------- DEGPA adapters will cease to communicate occasionally in a NetRAIN configuration. Investigation via ifconfig will reveal the MAC (HWaddr) addresses are the same, which is not a valid configuration. # ifconfig -va alt0: flags=c63 NetRAIN Virtual Interface: nr1 NetRAIN Attached Interfaces: ( alt0 alt1 ) Active Interface: ( alt0 ) HWaddr 0:60:6d:21:24:7b alt1: flags=c63 NetRAIN Virtual Interface: nr1 NetRAIN Attached Interfaces: ( alt0 alt1 ) Active Interface: ( alt0 ) HWaddr 0:60:6d:21:24:7b DEGPA and vMAC -------------- DEGPA adapters have not previously supported vMAC (for example with cluster alias). Clients within same subnet as cluster alias are not able to ping nor telnet their cluster alias due to the vMAC address not responding. PROBLEM: (BCGM72B9W, BCGM713NZ) (PATCH ID: OSF510-496) ******** Two problems are corrected for non-NUMA systems: 1. A kernel stack not valid halt on a cpu, which will trigger a "PANIC TB_SHOOT ACK TIMEOUT" or lock timeout. >From /var/adm/messages ---------------------- Jul 24 05:49:32 drpesdb02 vmunix: pmap_update_send: missing ack from cpu 9 Jul 24 05:49:32 drpesdb02 vmunix: panic (cpu 0): tb_shoot ack timeout REVISION: 2.2 DUMPFILE: vmzcore.7 NAMELIST: vmunix.7 NOTE: compressed dumpfile NOTE: kmem_debug 0x26 NOTE: CPU 9 has a haltcode of 2: kernel stack not valid PANIC: "tb_shoot ack timeout" CPUS: 10 VERSION: V5.1 (Rev. 732) MACHINE: Compaq AlphaServer GS140 6/700 2. A simple lock timeout, or a panic due to holding a simple lock during a context switch. 0 thread_block 1 lock_wait 2 lock_read 3 k_map_fault 4 vm_fault 5 trap 6 _XentMM 7 pmap_dup 8 vm_dup_va 9 aio_init 10 syscall 11 _Xsyscall PROBLEM: (CA1Q42519, 87847, 87644) (PATCH ID: OSF510-509) ******** This patch corrects a race condition in the class scheduler that could cause a Kernel Memory Fault. An example stack trace would look like: crash> tf > 0 boot src/kernel/arch/alpha/machdep.c : 2774 1 panic src/kernel/bsd/subr_prf.c : 1255 2 trap src/kernel/arch/alpha/trap.c : 2259 3 _XentMM src/kernel/arch/alpha/locore.s : 2115 4 clock_tick src/kernel/bsd/kern_clock.c : 1469 5 hardclock src/kernel/bsd/kern_clock.c : 1298 6 _XentInt src/kernel/arch/alpha/locore.s : 1547 7 free src/kernel/bsd/kern_malloc.c : 2111 8 drvr_flush src/kernel/io/common/driver_support.c : 4253 9 boot src/kernel/arch/alpha/machdep.c : 2870 10 panic src/kernel/bsd/subr_prf.c : 1255 11 trap src/kernel/arch/alpha/trap.c : 2259 12 _XentMM src/kernel/arch/alpha/locore.s : 2115 13 clock_tick src/kernel/bsd/kern_clock.c : 1469 14 hardclock src/kernel/bsd/kern_clock.c : 1298 15 _XentInt src/kernel/arch/alpha/locore.s : 1547 16 swap_ipl src/kernel/arch/alpha/spl.s : 232 17 boot src/kernel/arch/alpha/machdep.c : 2666 18 panic src/kernel/bsd/subr_prf.c : 1334 19 trap src/kernel/arch/alpha/trap.c : 2259 20 _XentMM src/kernel/arch/alpha/locore.s : 2115 21 clock_tick src/kernel/bsd/kern_clock.c : 1469 22 hardclock src/kernel/bsd/kern_clock.c : 1298 23 _XentInt src/kernel/arch/alpha/locore.s : 1547 PROBLEM: (79198, 83058) (PATCH ID: OSF510-507) ******** In the case of the portmapper problem, port mappings could erroneously be deleted, and the result would be that external nodes would not be able to contact registered services. The mountd problem is scalability issue. Previous to this change, the mountd daemon was registering with Cluster Alias as a single instance daemon, hence all NFS mount requests coming into the cluster were being funneled to a single instance of the mountd daemon. PROBLEM: (86622, 86539, 85972, 86712, 86880, 86788, 86880, 87032, 87746, BCGM303TC) (PATCH ID: OSF510-348) ******** This patch contains several fixes to the disk driver. - It corrects an panic due to an IO barrier failure. - It corrects memory corruption due to the use of a path structure that is deleted before being used. - It corrects a problem where path lists could become unstable if driver recovery was in progress. - It corrects a panic due to a lock hierarchy odering problem. PROBLEM: (91142) (PATCH ID: OSF510-542) ******** This fix addresses a data inconsistency that can occur when a CFS client reads using direct I/O a file that was recently written to. Stale data can be returned to the client. PROBLEM: (EVT0496318B, 87204) (PATCH ID: OSF510-424) ******** This patch is to correct the problem where the DLI queue stalls when there is no traffic in the TCP/IP or HDLC stacks. In order to enable this fix, one needs to set the netisrwakeupthreshold = 0 as this will allow more than one netisr to be run by a user process. PROBLEM: (86332) (PATCH ID: OSF510-380) ******** Prior to this modification, storage allocation for a file opened for directIO could, depending on the write sizes requested, have large extent maps even though the disk is not fragmented. Although the file function correctly, performance is reduced by the numerous extent maps. This fix reduces the number of extent maps generated, and subsequently gives better IO performance on the resulting file. Extent maps for a file can be seen by using the showfile utility. PROBLEM: () (PATCH ID: OSF510-469) ******** This patch fixes the predictable TCP Sequence Number. PROBLEM: (90178, BCGM918KQ) (PATCH ID: OSF510-442) ******** Fix potential CFS deadlock. PROBLEM: (88969, 89105, BCGM61PTB) (PATCH ID: OSF510-376) ******** This patch fixes an incorrect priority return value from sched_getparam(). PROBLEM: (SANGER_563, 91593) (PATCH ID: OSF510-550) ******** This patch fixes a problem with device descriptor references in clusters. The halting of one cluster node would cause the entire cluster to crash. PROBLEM: (90244) (PATCH ID: OSF510-541) ******** If a metadata page is about to be put onto the blocking queue, we need to first check to see if the log needs to be flushed in order to maintain the log write-ahead rule. PROBLEM: (QAR82406, QAR83439, QAR84376) (PATCH ID: OSF510-106) ******** This patch fixes a set of problems that are specific to the zh_CN.GB18030 locale under the C shell. Certain command sequence will generate errors such as "No match" and "Variable syntax". PROBLEM: (82204, SSRT0690U) (PATCH ID: OSF510-044) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (TKTRB0023) (PATCH ID: OSF510-115) ******** This patch fixes a multibyte character boundary condition handling bug in ksh. This problem happens only when MB_CUR_MAX of the multibyte locale is greater than 2 and a 2-byte character is divided into two parts on a 1024-byte block boundary. In this case, additional bytes may be skipped leading to incorrect execution of the ksh script. PROBLEM: (TKTBC0080, TKTB10082) (PATCH ID: OSF510-165) ******** This patch fixes two ksh problems. 1. ksh command line editing may not work correctly in emacs mode when the LANG environment variable is set to a multi-byte Asian locale. 2. ksh script may crash if the script changes the LANG environment variable to a multi-byte Asian locale. PROBLEM: (SSRT1-40U, SSRT1-48U) (PATCH ID: OSF510-239) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. PROBLEM: (STL226954, 87527, 87856) (PATCH ID: OSF510-267) ******** This patch corrects the problem in which /usr/bin/ksh hangs for certain scripts that contain wait(1). PROBLEM: (90369, FR_G02425) (PATCH ID: OSF510-451) ******** This patch fixes a problem with ksh. When a ksh menu is started from within user's .profile, ksh will not stop when the telnet session is stopped. PROBLEM: (88474, 89240, HPAQ610G9) (PATCH ID: OSF510-373) ******** This patch fixes a problem with the c shell (csh) so that it now correctly recognizes the backslash ('\') meta character. PROBLEM: (89814, 117-1-18182) (PATCH ID: OSF510-447) ******** This patch corrects a problem in which ksh fails to substitute the tilde (~) character for a user's home directory after an assignment using the "#" or "%" characters has been used. PROBLEM: (74585, BCSM41PFG, BCSM9074, 89294, 81376, HPAQ70PN3) (PATCH ID: OSF510-382) ******** This patch corrects two problems with csh(1): 1. The first problem with csh(1) is if a non-root user performed an ls(1) with wild card characters on a directory having permission 700, then it would display the invalid error message, "Glob aborted." Now it displays the correct error message of "Permission denied". 2. The second problem with csh(1) is when nonomatch is set and a user performs an ls(1) with one of the patterns as ?, it would not list any matched patterns but return "ls: ? not found". Now it returns that message as well as any matched patterns. PROBLEM: (90927, SSRT1-40U, SSRT1-41U, SSRT1-42U, SSRT1-45U, SSRT1-48U) (PATCH ID: OSF510-524) ******** A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file access. Compaq has corrected this potential vulnerability. In addition the following changes were made: - shell inline input files are more secure - sh noclobber and new constructs added - updated mkdir system call Updated sh, csh and ksh ----------------------- The updated shells in this kit all implement the following changes when processing shell inline input files: - File permissions allow only read and write for owner - If excessive inline input file name collisions occur the the following error message will be returned: "Unable to create temporary file" sh noclobber option and >| , >>| constructs added ------------------------------------------------- A noclobber option similar to that already available with csh and ksh has been added to the Bourne shell. When the noclobber option is used (set -C), the shell behavior for the redirection operators > and >> changes as follows: - For > with noclobber set, sh will return an error rather than overwrite an existing file. If the specified filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and sh returns an error. The >| construct will suppress these checks and create the file. - For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink whose target does not exist, sh returns an error rather than create the file. The >>| construct will suppress these checks and create the file. ksh noclobber behavior clarified -------------------------------- For > with noclobber set, ksh returns an error rather than overwrite an existing file. If the filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and ksh returns an error. The >| construct will suppress these checks and create the file. For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink to a non-existent file, ksh returns an error. csh noclobber behavior clarified -------------------------------- For > with noclobber set, csh returns an error rather than overwrite an existing file. If the filename is actually a symlink, the presence of the symlink satisfies the criteria "file exists" whether or not the symlink target exists, and csh returns an error. The >! construct will suppress these checks and create the file. For >> with noclobber set, output is appended to the tail of an existing file. If the filename is actually a symlink to a non-existant file, csh returns an error. The >>! construct will suppress these checks and create the file. Updated mkdir system call and command ------------------------------------- This kit reverts the mkdir system call, and thus the mkdir command, to its Tru64 UNIX V4.n behavior with respect to symlinks. For the unusual case where a symlink is used as the very last elment of a mkdir path, the mkdir syscall nows returns an error than create the target. If, for some reason, you want mkdir to follow the symlink you can do so by making the last character of the mkdir pathname a slash. The following example depicts how to get mkdir to follow the symlink: - If /var/tmp/foo is a symlink to /usr/xxx, which does not exist, then mkdir("/var/tmp/foo",0644) will return an error but mkdir("var/tmp/foo/",0644) will create /usr/xxx. Mkdir behavior can also be controlled systemwide by an addition to the sysconfig options for the vfs subsystem. The new sysconfig option "follow_mkdir_symlinks" defaults to 0, specifying the secure symlink behavior. Changing this option to 1, which Compaq strongly discourages, will cause mkdir to follow symlinks. PROBLEM: (TKT244440) (PATCH ID: OSF510-397) ******** While in an Asian locale (such as Japanese) and executing a ksh command that deals with directories with Asian language names, a segmentation fault and core dump may occur. This patch fixes this problem. PROBLEM: (90755) (PATCH ID: OSF510-565) ******** This patch fixes a domain panic in a cluster when a file system is mounted on a disk accessed remotely over the cluster interconnect. PROBLEM: (DEK063069, BE_G01725, BCSM20DQH, STL351462, BCSM20RBF, HPAQC1VVB, 91815, HPAQ12S9K, BE_G03046) (PATCH ID: OSF510-568) ******** This patch fixes a problem with multi-threaded applications that can cause the application to consume 100% of the CPU usage time. The problem is two-fold: (1) a race condition in posting and delivering signals exists and (2) nxm_idle() fails to clear a condition that keeps it from ultimately blocking as it should when invoked by an idle scheduler thread. PROBLEM: (92369) (PATCH ID: OSF510-607) ******** This patch is required to allow the undo of the cloned version switch patch when it has been installed using the non-roll patch method. If this patch is not installed the undo will not properly update version indentifiers leaving the cluster with new functionality still enabled.