PQ86340: ABENDOC4 in GSKSSL gsk_secure_socket_write under heavy load

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Application server under a heavy load receives ABEND0C4:
in module GSKSSL  /gsk_secure_socket_write

In the controller of the application server, the traceback for
the failing thread shows:

gsk_secure_socket_write
do_ssl_write_v1r2(_gsk_soc_data*,void*,int)
securitySessionSend(SessionHandle*,int,char*,int*,int,int*,int*)
ClientSSLSession::send_msg(char*,int*,unsigned long*,int*,int*)
ORB_Request::send_message(ORB_Request*,ORB_Request::ORBR_ReturnA
   rea&,SessionHandle*,char*,i...
ORB_Request::comm_cr_sclt_locate_request(ORB_Request::Outbound_L
   ocate_Status*)
ORB_Request::comm_outbound_locate()
ORB_Request::comm_inbound_response(GIOP_Message*,unsigned char)
ACR_ExecutionThread::ProcessInboundResponse(acrwObj*)

In addition, there is another thread with traceback:

BBOSSKRD
ssl_skread
io_read
gsk_read_v3_record
gsk_perform_v3_client_handshake
gsk_secure_socket_init
do_ssl_soc_init_v1r2(_gsk_soc_init_data*,char*)
secure_socket_init(SessionHandle*)
SessionManagerProtocolSSL::getSSLSessionHandle(BOSS_IOR*,Session
    Handle*,sessCallerType,unsi...
SecurityManager::initializeSessionSecurity(BOSS_IOR*,SessionHand
    le*,void*&,sessCallerType,u...
ORB_Request::comm_cr_sclt_locate_request(ORB_Request::Outbound_L
    ocate_Status*)
ORB_Request::comm_outbound_locate()
ORB_Request::comm_inbound_response(GIOP_Message*,unsigned char)
ACR_ExecutionThread::ProcessInboundResponse(acrwObj*)


The first thread is trying to use SSLSession that is not fully
initialized.  The second thread is in the process of
initializing the SSL Sssion.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Customer reports an ABENDOC4 in GSKSSL  *
*                      gsk_secure_socket_write under heavy     *
*                      load  when running WebSphere            *
*                      Application Server V5.0 for z/OS.       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Customer is running WebSphere Application Server V5.0 for z/OS
and receiving the following abend:
IEA794I SVC DUMP HAS CAPTURED:  023
DUMPID=007 REQUESTED BY JOB (PPT5S1A )
DUMP TITLE=COMPON=WEBSPHERE Z/OS,
COMPID=5655I3500,ISSUER=BBORLEXT,
ABEND IN GSKSSL  /gsk_secure_socket_write

The dump shows the ABEND0C4 is in routine
gsk_secure_socket_write. The abend occurs when SSL tries to
check to see if the incoming session handle has the GSKSOC
eyecatcher.  The CLC to check this fails because the session
handle address is bad.  The problem is due to the fact that a
SSL session is made available before the SSL handshake is
completed; therefore passing "bad data" into GSKSSL.

This also explains why it's only seen during heavy load.  A
request comes in but there are no available SSLSessions, so
it's creating one. In the meantime, another request comes in
that also needs an SSLSession. There is a short time gap when
a SSLSession is made available before a successful SSL
handshake, and that's when the second request grabs it and
later fails with.
Problem conclusion
Added code to make sure that the SSL Session is made available
after it's completely initialized.

APAR PQ86340 is associated with SERVICE LEVEL W502006 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ86340
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-03-18
Closed date 2004-04-08
Last modified date 2004-05-14

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ88873

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ87201    UP04/04/19 P F404

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ86340.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ86340
IBM Group: Software Group
Modified date: May 14, 2004