Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31192

Subversion HTTPS + PKCS12 Certificate in CPU infinite loop

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • subversion-plugin
    • Jenkins LTS 1.625.1, Subversion plugin 2.5.3 (svnkit 1.8.6), Java 8u60, Debian GNU/Linux Jessie 8.2

      After upgrading to Jenkins 1.625.1 and switching to Java 8u60,
      one of our job configured to use mutual SSL authentication against a HTTPS Subversion repository produces the following behaviour:

      • the polling SCM thread consumes 100% in "endless" sun.security.pkcs12.PKCS12KeyStore.engineGetKey method
      • because of the lock hudson.scm.SubversionSCM$ModuleLocation held there, all SCM commit notification threads get stuck
      • as a result, the SCM thread pool gets exhausted and management page displays a warning

      In production, everything get stuck for 12 hours before we had to restart Jenkins master.
      In test environment, we reproduced with both Java 7u80 and Java 8u60.
      The issue persists even after replacing default "Sun" security provider by "BouncyCastle" to use alternate PKCS#12, SHA and DES implementations.

        1. thread-scm-https-pkcs12-credentials-loop.log
          5 kB
          Yves Martin
        2. VisualVM_CpuSampling.png
          43 kB
          Yves Martin
        3. VisualVM_Monitor.png
          23 kB
          Yves Martin

            ymartin1040 Yves Martin
            ymartin1040 Yves Martin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: