PH39059: CSOL RETAINS RMLK SOCKET LINKS AFTER AT-TLS FAILURES, MAY LEAD TO ABEND0C4 IN DFHSOCK+X'7048'

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• DFHSO0001 An abend (code 0C4/AKEA) has occurred at offset
  X'7048' in module DFHSOCK.
  
  DFHSO1002 CICS is unable to determine the secure state of a
  new connection from client IP address UNKNOWN. UNIX System
  Services values returned are bpx_return_value( -1 ),
  bpx_return_code( 1,124 ), and bpx_reason_code( X'77B77221' ).
  
  CSOL transaction retains RMLK socket links after AT-TLS failures
  with associated DFHSO1002 message. When the CSOL task
  terminates, DFHSOCK should be called for PERFORM_COMMIT on each
  link.  A lookup is performed on the socket token held in the
  RMLK.  This lookup should find that the token is no longer valid
  and take no further action.  Somehow one of the socket tokens
  appears to still be valid, which should not be possible because
  the token is invalidated when it is returned to the free chain.
  The apparently valid token causes an invalid socket address to
  be returned.  This invalid address is then used as the location
  of the socket object and that leads to the 0C4 abend.
  
  Another symptom of the problem is the following abend and
  message seen at CICS shutdown; DFHSO0001 applid An
  abend (code 0C4/AKEA) has occurred at offset X'0202' in module
  DFHSOS14.
  
  Additional Symptom(s) Search Keyword(s): KIXREVPAD
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICS Users.                              *
  ****************************************************************
  * PROBLEM DESCRIPTION: DFHSO0001 An abend (code 0C4/AKEA)      *
  *                      occurs at CICS shutdown due to a        *
  *                      buildup of recovery manager links owned *
  *                      by the CICS socket listener (CSOL)      *
  *                      task.                                   *
  ****************************************************************
  CICS has a TCPIPSERVICE configured with SSL(ATTLSAWARE).  When
  a new connection arrives for this TCPIPSERVICE, it is possible
  for the connection to be unusable even though the CSOL task
  was notified of this new connection being available.
  
  When CSOL was notified of the new connection it created a
  recovery manager link (RMLK) for the socket.  In this error
  case, CSOL issues message DFHSO1002 and then closes and
  freemains the socket, but no attempt is made to delete the RMLK.
  
  When CICS shuts down the CSOL task will terminate.  DFHSOCK will
  get called for every outstanding RMLK that is owned by the CSOL
  task.  All of these RMLKs reference old closed sockets, so
  DFHSOCK should detect that the socket token is invalid and just
  ignore that RMLK.  It is possible for a socket token instance
  count to have wrapped and the old token to now appear to be
  valid.  This causes an invalid socket object address to get
  used.  The invalid address can cause an 0C4 abend in DFHSOCK or
  DFHSOS14, which leads to message DFHSO0001 and a system dump.
  

Problem conclusion

• DFHSOLS has been changed to delete the RMLK when CSOL detects
  that the AT-TLS connection for a new socket is no longer
  available.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI77962 UI77963

Modules/Macros

• DFHSOLS
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R200 PSY UI77963

     UP21/12/01 P F111

• R300 PSY UI77962

     UP21/12/01 P F111

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.