A fix is available
APAR status
Closed as program error.
Error description
DFHSO0001 An abend (code 0C4/AKEA) has occurred at offset X'7048' in module DFHSOCK. DFHSO1002 CICS is unable to determine the secure state of a new connection from client IP address UNKNOWN. UNIX System Services values returned are bpx_return_value( -1 ), bpx_return_code( 1,124 ), and bpx_reason_code( X'77B77221' ). CSOL transaction retains RMLK socket links after AT-TLS failures with associated DFHSO1002 message. When the CSOL task terminates, DFHSOCK should be called for PERFORM_COMMIT on each link. A lookup is performed on the socket token held in the RMLK. This lookup should find that the token is no longer valid and take no further action. Somehow one of the socket tokens appears to still be valid, which should not be possible because the token is invalidated when it is returned to the free chain. The apparently valid token causes an invalid socket address to be returned. This invalid address is then used as the location of the socket object and that leads to the 0C4 abend. Another symptom of the problem is the following abend and message seen at CICS shutdown; DFHSO0001 applid An abend (code 0C4/AKEA) has occurred at offset X'0202' in module DFHSOS14. Additional Symptom(s) Search Keyword(s): KIXREVPAD
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS Users. * **************************************************************** * PROBLEM DESCRIPTION: DFHSO0001 An abend (code 0C4/AKEA) * * occurs at CICS shutdown due to a * * buildup of recovery manager links owned * * by the CICS socket listener (CSOL) * * task. * **************************************************************** CICS has a TCPIPSERVICE configured with SSL(ATTLSAWARE). When a new connection arrives for this TCPIPSERVICE, it is possible for the connection to be unusable even though the CSOL task was notified of this new connection being available. When CSOL was notified of the new connection it created a recovery manager link (RMLK) for the socket. In this error case, CSOL issues message DFHSO1002 and then closes and freemains the socket, but no attempt is made to delete the RMLK. When CICS shuts down the CSOL task will terminate. DFHSOCK will get called for every outstanding RMLK that is owned by the CSOL task. All of these RMLKs reference old closed sockets, so DFHSOCK should detect that the socket token is invalid and just ignore that RMLK. It is possible for a socket token instance count to have wrapped and the old token to now appear to be valid. This causes an invalid socket object address to get used. The invalid address can cause an 0C4 abend in DFHSOCK or DFHSOS14, which leads to message DFHSO0001 and a system dump.
Problem conclusion
DFHSOLS has been changed to delete the RMLK when CSOL detects that the AT-TLS connection for a new socket is no longer available.
Temporary fix
Comments
APAR Information
APAR number
PH39059
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
200
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-07-16
Closed date
2021-11-08
Last modified date
2021-12-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI77962 UI77963
Modules/Macros
DFHSOLS
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5"}]
Document Information
Modified date:
02 December 2021