PM39363: HIGH CPU DUE TO GC CAUSED BY EXCESSIVE INSTANCES OF JAVA OBJECT COM.IBM.ISECURITYLOCALOBJECTCSIV2UTILITYIMPL.SESSIONMANAGER

Fixes are available

APAR status

Closed as program error.

Error description

When the customer sets
com.ibm.websphere.security.util.csiv2SessionCacheLimitEnabled to
true, the CSIv2 Session Cache can grow without limit.

Customer automation detects excessive CPU consumption in a
WebSphere Servant region.  VerboseGC report shows GC happening
every second.  Java heap analysis reports

One instance of "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.

SessionManager" loaded by "<system class loader>" occupies
186,574,312 (53.90%) bytes. The memory is accumulated in one
instance of "java.util.Hashtable$Entry[]" loaded by
"<system
class loader>".

Keywords
java.util.Hashtable$Entry[]
com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager


 Shortest Paths To the Accumulation Point
Class Name Shallow Heap Retained Heap
java.util.Hashtable$Entry[4] @ 0x378dcca8 32 186,571,552
com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ConnectionTable @
0x378d42a8 40 186,571,592
com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager @
0x378c7290 64 186,574,312
com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl @ 0x37889328
64 584
com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl @
0x49e72188

Eventually the growth in these objects would lead to OOM
java.lang.OutOfMemoryError.

Customer expects only 1000 of these SessionManager objects
because they have set
com.ibm.websphere.security.util.csiv2SessionCacheIdleTime=60000
com.ibm.websphere.security.util.csiv2SessionCacheLimitEnabled=tr
ue
com.ibm.websphere.security.util.csiv2SessionCacheMaxSize=1000

cache idle time is 60000 milliseconds.
session cache limit is enabled.
session cache max size is 1000

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server V6.1 and V8.0                        *
****************************************************************
* PROBLEM DESCRIPTION: CSIv2 Session objects in Session Cache  *
*                      might not be evicted even they meet     *
*                      eviction criteria.                      *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When the custom property
com.ibm.websphere.security.util.csiv2SessionCacheLimitEnabled
is set to true, there was no code path which checks the size
of cache and evicts cache entry upon inserting cache entry to
make sure the number of cache entris was with the limit. As a
result, number of cache enries kept increasing.

Problem conclusion

With this fix, prior to insert cache entry, the code checks
number of cache entries, and if it's on the limit, remove an
entry which is not used for the longest time to make sure that
number of cache entry is within the specified limit.

APAR PM39363 is currently targeted for inclusion in Service
Level (Fix Pack) 6.1.0.43 of WebSphere Application Server V6.1
and Fix Pack 8.0.0.2 of WebSphere Application Server V8.0.

The fix will also be delivered as sysrouted APAR PM39440 in
WebSphere Application Server V7.0 Fix Pack 7.0.0.21.

Please refer to URL:
//www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
for Fix Pack availability.

Temporary fix

Comments

APAR Information

APAR number
PM39363
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-05-17
Closed date
2011-09-27
Last modified date
2012-04-03

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

PM39440

Fix information

Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500

Applicable component levels

R610 PSY UK76696
UP12/03/18 P F203

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 October 2021

Tips

PM39363: HIGH CPU DUE TO GC CAUSED BY EXCESSIVE INSTANCES OF JAVA OBJECT COM.IBM.ISECURITYLOCALOBJECTCSIV2UTILITYIMPL.SESSIONMANAGER

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R610 PSY UK76696

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

Document Information

Share your feedback

Need support?