PK12045: CONTROL REGION OPI MEMORY LEAKS OCCUR IN SMALL SUBSET OF REQUESTS THAT RUN IN THE CR

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
The server control region (CR) will grow in size.  Analysis of a
CR dump will show OPI records in the growing areas.  This
problem is specific to requests that run only within the CR,
not the servant region (SR).  The following trace can be used
to help determine what is happening:
   F <server_name>,tracedetail=(3,4,E)
   F <server_name>,tracejava='com.ibm.ws.security.*=all=enabled'
   F <server_name>,tracejava='com.ibm.ws390.orb.*=all=enabled'
This can be dynmically enabled to capture just a few requests
rather than leaving itenable for long periods of time.  In the
trace entries look for this pattern of entries:
Trace: 2005/09/04 09:57:24.995 01 t=9CF598 c=UNK key=S2
(13007002)
   FunctionName: com.ibm.ws.security.localOSORB.SecurityORBImpl
   SourceId: com.ibm.ws.security.localOSORB.SecurityORBImpl
   Category: ENTRY
   ExtendedMessage: connectReceivedCredential, with NSC:
1219977952 and UserID: XXYY and identityType nn
.
Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2
(13007002)
   FunctionName: com.ibm.ws.security.localOSORB.SecurityORBImpl
   SourceId: com.ibm.ws.security.localOSORB.SecurityORBImpl
   Category: DEBUG
   ExtendedMessage: built WS390CredentialToken
.
 Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2
(13007002)
   FunctionName: com.ibm.ws.security.auth.WS390CredentialToken
   SourceId: com.ibm.ws.security.auth.WS390CredentialToken
   Category: DEBUG
   ExtendedMessage: Clone for Controller
 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01B16C)
   Description: Entry to EJBRUNAS::cloneNSCToken
   input NSC token: : 1219977952
 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01A12C)
   Description: Entry to RUNAS::cloneNSCToken
   input NSC token: : 1219977952
 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01A131)
   Description: Exit from RUNAS::cloneNSCToken
   output NSC token: : 1219992512
 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01B176)
   Description: Exit from EJBRUNAS::cloneNSCToken
   output NSC token: : 1219992512
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Memory leak in the controller region    *
*                      for requests that only run within the   *
*                      controller region. Security OPI records *
*                      are filling the growing areas of        *
*                      storage subpool 2 with key 2. The       *
*                      subpool is an area of virtual storage   *
*                      created by MVS.                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Requests dispatched in the controller region cause an increase
in memory usage due to unreleased Security OPI structures in
that region.  During a JAAS login, the credential token would be
cloned, but the cloned token was not being classified as such.
As a result, Security OPI structures were not being released
from subpool storage.

For a request that only gets dispatched in the
controller region, a trace like the following one is displayed
if debug tracing is enabled for com.ibm.ws.security.*:

Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2
(13007002)
FunctionName: com.ibm.ws.security.localOSORB.SecurityORBImpl
SourceId: com.ibm.ws.security.localOSORB.SecurityORBImpl
Category: DEBUG
ExtendedMessage: built WS390CredentialToken

Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2
(13007002)
FunctionName: com.ibm.ws.security.auth.WS390CredentialToken
SourceId: com.ibm.ws.security.auth.WS390CredentialToken
Category: DEBUG
ExtendedMessage: Clone for Controller
Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01B16C)
Description: Entry to EJBRUNAS::cloneNSCToken
input NSC token: : 1219977952
Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01A12C)
Description: Entry to RUNAS::cloneNSCToken
input NSC token: : 1219977952
Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01A131)
Description: Exit from RUNAS::cloneNSCToken
output NSC token: : 1219992512
Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2
(0E01B176)
Description: Exit from EJBRUNAS::cloneNSCToken
output NSC token: : 1219992512
Problem conclusion
Properly classified the cloned credential token during a JAAS
login and modified the WS390CredentialToken to correctly
copy the classification of a credential token to be cloned.
This allows the Security OPI structures to be released
from subpool storage and eliminates the memory leak.

APAR PK12045 is associated with SERVICE LEVEL W502039 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PK12045
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention YesSpecatt / Pervasive
Submitted date 2005-09-16
Closed date 2006-03-20
Last modified date 2006-04-05

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
UK12774

Modules/Macros
BBOCHSES BBOCHSSS BBOUBINF BBOWSCMD BBOWSCM2 BBOZ1119
BBOZ1120 BBOZ1121 BBOZ1122 BBOZ1123 BBOZ1124 BBOZ11
***This field was truncated. To obtain
the full apar record, please contact
your local support center.***    

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UK12774    UP06/03/24 P F603

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PK12045.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK12045
IBM Group: Software Group
Modified date: Apr 5, 2006