search

timja / jenkins-gh-issues-poc-06-18

0 stars 0 forks source link

[JENKINS-60644] Jenkins resource loading issue in AntClassloader. scriptsecurity.sandbox.whitelists.StaticWhitelist NoClassDefFoundError #4758

Closed timja closed 4 years ago

timja commented 4 years ago

java.lang.NoClassDefFoundError: Could not initialize class org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:183)
at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:189)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:193)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:100)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
at WorkflowScript.run(WorkflowScript)
at __cps.transform__(Native Method)
at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:86)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:113)
at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixName(FunctionCallBlock.java:78)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
at com.cloudbees.groovy.cps.Next.step(Next.java:83)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129)
at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268)
at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:51)
at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:185)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:405)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$400(CpsThreadGroup.java:96)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:317)
at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:281)
at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:67)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

Originally reported by kpop, imported from: Jenkins resource loading issue in AntClassloader. scriptsecurity.sandbox.whitelists.StaticWhitelist NoClassDefFoundError
  • assignee: jglick
  • status: Resolved
  • priority: Blocker
  • resolution: Fixed
  • resolved: 2020-01-06T18:53:08+00:00
  • imported: 2022/01/10
timja commented 4 years ago

oleg_nenashev:

I suspect it is a regression after https://github.com/jenkinsci/jenkins/pull/4254 in 2.112, CC jsoref. I am working on it

timja commented 4 years ago

oleg_nenashev:

In my case the JVM just hangs when I try to reproduce this issue. Not sure why, it should not happen in this way

timja commented 4 years ago

jglick:

I was able to reproduce this just by starting Jenkins (master) on a fresh home dir, installing suggested plugins, making a trivial Pipeline job, and running it. Root cause:

java.lang.NullPointerException
    at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.loadBlacklist(StaticWhitelist.java:317)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.(StaticWhitelist.java:323)

pointing here and suggesting a resource loading problem.

timja commented 4 years ago

jglick:

Verified that #4254 is responsible by bisecting using WorkflowPluginTest.linearFlow. So far I have not found a mistake by code inspection.

timja commented 4 years ago

oleg_nenashev:

jglick my theory is a race condition in the collection. The code changed from thread-safe Vector implementation to unsafe Array list. I did review the code before merging and it did not seem to be a problem, but this is my best bet at the moment

timja commented 4 years ago

batmat:

Could we maybe add a simple test in ATH SmokeTest set or so that would have caught this? Thanks

timja commented 4 years ago

jglick:

Tracked the problem down to a bad refactoring of a loop (took me a long time to notice this in the diff!). Will try to verify the fix using JTH.

batmat regarding ATH @SmokeTest’s I think the issue is that they only include tests which do not use any plugins. Adding plugins to the mix would make the test run nondeterministic unless we also pinned versions rather than using the latest from the UC.

timja commented 4 years ago

jglick:

Ah and the problem only affects plugins which include some sort of library (i.e., non-hpi dependency).

timja commented 4 years ago

catjavabean:

Is there a timeline for the release of 2.213?

timja commented 4 years ago

jglick:

I have notified kohsuke that we would like it to be cut ASAP.

timja commented 4 years ago

oleg_nenashev:

The release it out. It may take a while for mirrors, Docker packages and the website to be updated, but it is possible to download the WAR file from https://repo.jenkins-ci.org/webapp/#/artifacts/browse/tree/General/releases/org/jenkins-ci/main/jenkins-war/2.213/jenkins-war-2.213.war

 

Changelog update: https://github.com/jenkins-infra/jenkins.io/pull/2743

timja commented 4 years ago

kpop:

Many thanks for the quick response and new release. It's working fine on my installation.

timja commented 4 years ago

caboose89:

Also confirming latest release has corrected this for us

timja commented 2 years ago

[Originally duplicated by: JENKINS-60641]

timja commented 2 years ago

[Originally duplicated by: JENKINS-60648]