APAR status
Closed as program error.
Error description
Error Message: The server application crashes. . Stack Trace: Information found in the Java core 0SECTION GPINFO subcomponent dump routine NULL ================================ 2XHOSLEVEL OS Level : Linux 3.10.0-693.21.1.el7.x86_64 2XHCPUS Processors - 3XHCPUARCH Architecture : amd64 3XHNUMCPUS How Many : 8 3XHNUMASUP NUMA is either not supported or has been disabled by user NULL 1XHEXCPCODE J9Generic_Signal_Number: 00000004 1XHEXCPCODE Signal_Number: 0000000B 1XHEXCPCODE Error_Value: 00000000 1XHEXCPCODE Signal_Code: 00000001 1XHEXCPCODE Handler1: 00007FB498198770 1XHEXCPCODE Handler2: 00007FB49398B4D0 1XHEXCPCODE InaccessibleAddress: 0000000000000000 NULL 1XHEXCPMODULE Module: /opt/WebSphere/AppServer/java/8.0/jre/lib/amd64/libjgskit.so 1XHEXCPMODULE Module_base_address: 00007FB44E3E2000 1XHEXCPMODULE Symbol: Java_com_ibm_crypto_plus_provider_icc_NativeInterface_HMAC_1upda te 1XHEXCPMODULE Symbol_address: 00007FB44E3EF90B NULL 1XHREGISTERS Registers: 2XHREGISTER RDI: 0000000000000000 2XHREGISTER RSI: 00007FB4993CBA00 2XHREGISTER RAX: 0000000000000000 . The crash occurs after some time in a simulated concurrent users stress test environment establishing and terminating HTTPS connections. The Application used JCEPlus provider for HTTPS connection (including SSL-handshake). When the Liberty based Application server crashed , the work load was as follows: 150 concurrent VU (virtual user) to do store logon/logoff with zero think time (stress). It takes about 10 minutes (average, not fixed) for the crash issue to happen. The above test works with IBMJCE provider.
Local fix
Problem summary
"Using IBMJCEPlus provider causes WebSphere Commerce Server running on a Liberty WAS server to crash"
Problem conclusion
The JVM 8.0 was updated to add synchronization to RSA, HMAC and EC crypto Java methods that interface between the IBMJCEPlus provider and the underlying "C" crypto module. The GIT issue associated with this change is 165 The RTC Problem report associated with this change is 139646 The affected IBM JVM's are: 8.0 The affected jar file is ibmjceplus.jar. The build level of the updated IBMJCEPlus jar file is: 20181107 Since the synchronization was needed to maintain correctness, there may be an impact in performance when RSA, EC and HMAC crypto operations are performed. The ibmjceplus.jar was signed with a new code signing alias and therefore will require 80sr5fp20 or later. . This APAR will be fixed in the following Java Releases: 8 SR5 FP30 (8.0.5.30) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IJ11279
Reported component name
SECURITY
Reported component ID
620700125
Reported release
270
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-11-13
Closed date
2018-11-28
Last modified date
2018-11-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"270","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020