Subversion HTTPS + PKCS12 Certificate in CPU infinite loop

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major
    • Component/s: subversion-plugin
    • Environment:
      Jenkins LTS 1.625.1, Subversion plugin 2.5.3 (svnkit 1.8.6), Java 8u60, Debian GNU/Linux Jessie 8.2

      After upgrading to Jenkins 1.625.1 and switching to Java 8u60,
      one of our job configured to use mutual SSL authentication against a HTTPS Subversion repository produces the following behaviour:

      • the polling SCM thread consumes 100% in "endless" sun.security.pkcs12.PKCS12KeyStore.engineGetKey method
      • because of the lock hudson.scm.SubversionSCM$ModuleLocation held there, all SCM commit notification threads get stuck
      • as a result, the SCM thread pool gets exhausted and management page displays a warning

      In production, everything get stuck for 12 hours before we had to restart Jenkins master.
      In test environment, we reproduced with both Java 7u80 and Java 8u60.
      The issue persists even after replacing default "Sun" security provider by "BouncyCastle" to use alternate PKCS#12, SHA and DES implementations.

        1. VisualVM_CpuSampling.png
          43 kB
          Yves Martin
        2. VisualVM_Monitor.png
          23 kB
          Yves Martin
        3. thread-scm-https-pkcs12-credentials-loop.log
          5 kB
          Yves Martin

            Assignee:
            Yves Martin
            Reporter:
            Yves Martin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: