Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0573 Memory leak in WAS 8.5.x J2C PoolManager 23 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Application Server Publisher: IBM Operating System: z/OS Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21670448 - --------------------------BEGIN INCLUDED TEXT-------------------- Memory leak in WAS 8.5.x J2C PoolManager Document information More support for: WebSphere Application Server Out of Memory Software version: 8.5, 8.5.5 Operating system(s): AIX, HP-UX, IBM i, Linux, Mac OS, Solaris, Windows, i5/OS, z/OS Reference #: 1670448 Modified date: 2014-04-21 Flash (Alert) Abstract High Garbage Collection overhead and possible Out Of Memory condition when using the MQ JMS Resource adapter on WebSphere Application Server V8.5.x Content A memory leak in the J2C PoolManager can potentially lead to an OutOfMemory (OOM) condition. Symptoms may include high CPU usage and the following FFDC: FFDC Exception:java.lang.Exception SourceId:com.ibm.ejs.j2c.PoolManager$2 ProbeId:50 Reporter:com.ibm.ejs.j2c.PoolManager$@ab1234ef java.lang.Exception: WSThreadLocal: instance count = 200 ; potential memory leak; verify usage. Heapanalyzer might show a leak suspect with a stack trace similar to this: A Linked List Data Structure Detected. 1,981,662,352 bytes (47.28 %) of Java heap is used by 44 instances of java/util/concurrent/ConcurrentSkipListMap$Index Contains the following object:- 44 instances of java/util/concurrent/ConcurrentSkipListMap$Node holding 5,366,608 bytes TotalSize [ObjectSize] NumberOfChildObject(249,874) ObjectName Address |- 1,981,966,928 [24] 1 java/util/concurrent/ConcurrentSkipListMap$HeadIndex 0xf7766298 |- 1,981,966,904 [24] 2 java/util/concurrent/ConcurrentSkipListMap$HeadIndex 0xf180b1b8 |- 1,981,966,544 [24] 3 java/util/concurrent/ConcurrentSkipListMap$Index 0xffa75200 |- 1,453,166,232 [24] 3 java/util/concurrent/ConcurrentSkipListMap$Index 0xffa751e8 |- 528,679,664 [24] 3 java/util/concurrent/ConcurrentSkipListMap$Index 0x1055a3258 |- 120,624 [24] 3 java/util/concurrent/ConcurrentSkipListMap This memory leak specifically manifests itself when applications use the JMS Queue Connection Factory where each JMS Managed Connection has an associated JMS Connection pool and JMS Session pool. When the Managed connection is destroyed due to unused or aged timeouts or the connection is stale, then the associated JMS Session pool will be stopped/destroyed and the reaper alarms associated with the PoolManager should also be cancelled. The Session pool is being stopped, however, the PoolManager instances registered in the alarms never get destroyed and the alarms are repeatedly created and cancelled for every reap cycle. This causes the PoolManager objects and its associated reaper alarm objects to stay on the heap forever, potentially leading to OOM conditions. This memory leak problem is addressed by APAR PI14746 which is targetted for inclusion in WebSphere Application Server fixpack v8.5.5.3. Cross reference information Segment Product Platform Version Application Servers WebSphere Application Server for z/OS z/OS 8.5.5, 8.5 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU1dJfBLndAQH1ShLAQIF1w/9GUrkirqk57fTaKTyFicy1sfGgwrtBkWE KB5721qkQgDvAjXJ3SEz7LjWAOrnkdPDitAHHmJ1fzJBpUcjmQpNmlUuMC6xrq6g LiqncMIIm6A2r2EC2cR81z5nE77DDYuLUEix2Z3GVF3YAfqxsELBI0B4OXoFZpdb JxogH2lua8DbQvYOjIx2IB+sQjGXV7Rf4jpbVOI57IGqnsDr4KZ6BeI2+T69gCTB qrUncSF5M7MYVtQQAzJdM4PllcduVbyhTgUBWzAWSxdwIcifm0q3iqoIJ///Xwj0 tgHpP91PTyVwXoHu/U1XUiEcFHhS7RVeOEb6EDmZtj5J0ag8MBa/ZcHBAxKUJhtb 3P9SILrGP5Ui/una7igBYq69lUsDACaG7VB8nshmXqhNYVEuUTy6Sq4tfiQxJx8V sozorKR61WM7p6mhuB6l4Tv7htZSoO3UwyguymoNgq/n90PjxupzBZ6UZcBUXuW6 yVfan+oXGltgWxnogT6Y+upWp8X4qjxpVKczBZ0xVKkDJr26LfODOPvgKQ9/dtWe 41YBNIWe0xsSg/JxbSMh9wqigLrs1AdwHOEEHEuDSLuCRJcEUqHC7pf0R2V0dY/+ cE51CZKU31p/rJh+ydXhnv6SgtxonLbzxH79+2/nbqA0EyCDTjIKBW7QdsUyG3H9 9fWB7cUBryk= =Lys/ -----END PGP SIGNATURE-----