IBM Support

IV19357: SYSTEM CRASH DUE TO FREED SOCKET WHEN SOCKETPAIR() CALL USED APPLIES TO AIX 7100-02

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When socketpair calls are used on the system we could see
    a crash in socket code path (close, send, etc.) due to
    one
    of the sockets in the freelist.
    Stack could be something like,
    
    [00009514].simple_lock+000014 ()
    [0049EB08]unp_disconnect@AF32_12+000228 (??, ??, ??, ??,
     ??)
    [0049C574]uipc_usrreq+0005D4 (??, ??, ??, ??, ??)
    [004C75A8]sodisconn+0001A8 (??)
    [004C6DE4]soclose2+000BE4 (??, ??)
    [004C8070]soclose+000010 (??)
    [004D2734]soo_close+000294 (??)
    [00630F7C]closef+00005C (??)
    [00547890]closefd+000150 (??, ??)
    [00547C44]closex+000304 (??, ??)
    [00547EBC]close+00011C (??)
    [00003850]ovlya_addr_sc_flih_main+000130 ()
    [kdb_get_virtual_memory] no real storage @ 111694A50
    [900000000B192F4]0900000000B192F4 ()
    [kdb_read_mem] no real storage @ FFFFFFFFFFF6380
    
    This is because the socket in unp_conn is already freed.
    

Local fix

Problem summary

  • System crash in a system using socketpair() with a stack
    similar to:
     00009514 .simple_lock+000014 ()
     0049EB08 unp_disconnect@AF32_12+000228 (??, ??, ??, ??,
     ??)
     0049C574 uipc_usrreq+0005D4 (??, ??, ??, ??, ??)
     004C75A8 sodisconn+0001A8 (??)
     004C6DE4 soclose2+000BE4 (??, ??)
     004C8070 soclose+000010 (??)
     004D2734 soo_close+000294 (??)
     00630F7C closef+00005C (??)
     00547890 closefd+000150 (??, ??)
     00547C44 closex+000304 (??, ??)
     00547EBC close+00011C (??)
     00003850 ovlya_addr_sc_flih_main+000130 ()
     kdb_get_virtual_memory  no real storage @ 111694A50
     900000000B192F4 0900000000B192F4 ()
     kdb_read_mem  no real storage @ FFFFFFFFFFF6380
    
    The application involved is likely to be multithreaded.
    

Problem conclusion

  • The code in socketpair() system call modifid so that in
    multithreaded environment, another thread is not able to close
    one of the sockets during critical pairing phase.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV19357

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2012-04-10

  • Closed date

    2012-06-15

  • Last modified date

    2013-02-23

  • APAR is sysrouted FROM one or more of the following:

    IV16603

  • APAR is sysrouted TO one or more of the following:

    IV21131 IV21235

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U846312

       UP12/10/26 I 1000

PTF to Fileset Mapping

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"AIX 7.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"710","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
23 February 2013