[JIRA] (JENKINS-61990) StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

[cyainh3ll@gmail.com (JIRA)]

Sir Tumbleweed updated an issue

Jenkins / JENKINS-61990 StackOverflowError on boot related to QueueItemAuthenticatorConfiguration Change By: Sir Tumbleweed Summary: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

[cyainh3ll@gmail.com (JIRA)]

Sir Tumbleweed updated an issue

Jenkins / JENKINS-61990 StackOverflowError on boot related to QueueItemAuthenticatorConfiguration Change By: Sir Tumbleweed

After latest container (LTS) and plugin updates, booting the jenkins results in huge stacktraces caused by a stackoverflow error. The result is that the Jenkins seems available, the queue is filled but items cannot be worked on, because a class has not been properly loaded on boot: {noformat} java.lang.IllegalStateException: The class jenkins.security.QueueItemAuthenticatorConfiguration was not found, potentially not yet loadedjava.lang.IllegalStateException: The class jenkins.security.QueueItemAuthenticatorConfiguration was not found, potentially not yet loaded at hudson.ExtensionList.getInstance(ExtensionList.java:166) at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:61) at jenkins.security.QueueItemAuthenticatorConfiguration$ProviderImpl.getAuthenticators(QueueItemAuthenticatorConfiguration.java:70) at jenkins.security.QueueItemAuthenticatorProvider$IteratorImpl.hasNext(QueueItemAuthenticatorProvider.java:44) at hudson.model.Queue$Item.authenticate(Queue.java:2332) {noformat} The relevant source of evil is the following stacktrace which I will attach in full as a file. To make this pop up in searches I paste an excerpt of the stack trace here. {noformat} at sun.reflect.GeneratedMethodAccessor13.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.thoughtworks.xstream.converters.reflection.SerializationMethodInvoker.callReadResolve(SerializationMethodInvoker.java:66) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:268) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:390) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:328) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.readItem(AbstractCollectionConverter.java:71) at hudson.util.CopyOnWriteList$ConverterImpl.unmarshal(CopyOnWriteList.java:197) at hudson.util.DescribableList$ConverterImpl.unmarshal(DescribableList.java:275) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:390) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:328) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1189) at hudson.util.XStream2.unmarshal(XStream2.java:161) at hudson.util.XStream2.unmarshal(XStream2.java:132) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1173) at hudson.XmlFile.unmarshal(XmlFile.java:180) at hudson.XmlFile.unmarshal(XmlFile.java:163) at hudson.model.Descriptor.load(Descriptor.java:914) at sun.reflect.GeneratedMethodAccessor12.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at hudson.ExtensionFinder$GuiceFinder$SezpozModule.onProvision(ExtensionFinder.java:601) at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:126) at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:68) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:87) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:267) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145) at hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:440) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41) at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103) at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012) at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:402) at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393) at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:344) at hudson.ExtensionList.load(ExtensionList.java:381) at hudson.ExtensionList.ensureLoaded(ExtensionList.java:317) at hudson.ExtensionList.getComponents(ExtensionList.java:183) at hudson.DescriptorExtensionList.load(DescriptorExtensionList.java:194) at hudson.ExtensionList.ensureLoaded(ExtensionList.java:317) at hudson.ExtensionList.iterator(ExtensionList.java:172) at hudson.ExtensionList.getInstance(ExtensionList.java:162) at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:61) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:178) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:190) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:186) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:176) at sun.reflect.GeneratedMethodAccessor13.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.thoughtworks.xstream.converters.reflection.SerializationMethodInvoker.callReadResolve(SerializationMethodInvoker.java:66) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:268) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:390) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:328) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.readItem(AbstractCollectionConverter.java:71) at hudson.util.CopyOnWriteList$ConverterImpl.unmarshal(CopyOnWriteList.java:197) at hudson.util.DescribableList$ConverterImpl.unmarshal(DescribableList.java:275) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:390) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:328) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1189) at hudson.util.XStream2.unmarshal(XStream2.java:161) at hudson.util.XStream2.unmarshal(XStream2.java:132) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1173) at hudson.XmlFile.unmarshal(XmlFile.java:180) at hudson.XmlFile.unmarshal(XmlFile.java:163) at hudson.model.Descriptor.load(Descriptor.java:914) at sun.reflect.GeneratedMethodAccessor12.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at hudson.ExtensionFinder$GuiceFinder$SezpozModule.onProvision(ExtensionFinder.java:601) at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:126) at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:68) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:87) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:267) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145) at hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:440) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41) at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103) at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012) at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:402) at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393) at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:344) at hudson.ExtensionList.load(ExtensionList.java:381) at hudson.ExtensionList.ensureLoaded(ExtensionList.java:317) at hudson.ExtensionList.getComponents(ExtensionList.java:183) at hudson.DescriptorExtensionList.load(DescriptorExtensionList.java:194) at hudson.ExtensionList.ensureLoaded(ExtensionList.java:317) at hudson.ExtensionList.iterator(ExtensionList.java:172) at hudson.ExtensionList.getInstance(ExtensionList.java:162) at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:61) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:178) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:190) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:186) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:176) at sun.reflect.GeneratedMethodAccessor13.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.thoughtworks.xstream.converters.reflection.SerializationMethodInvoker.callReadResolve(SerializationMethodInvoker.java:66) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:268) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:390) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:328) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.readItem(AbstractCollectionConverter.java:71) at hudson.util.CopyOnWriteList$ConverterImpl.unmarshal(CopyOnWriteList.java:197) at hudson.util.DescribableList$ConverterImpl.unmarshal(DescribableList.java:275) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at hudson.util.RobustReflectionConverter.unmarshalField(RobustReflectionConverter.java:390) at hudson.util.RobustReflectionConverter.doUnmarshal(RobustReflectionConverter.java:328) at hudson.util.RobustReflectionConverter.unmarshal(RobustReflectionConverter.java:267) at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72) at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:65) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66) at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50) at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1189) at hudson.util.XStream2.unmarshal(XStream2.java:161) at hudson.util.XStream2.unmarshal(XStream2.java:132) at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1173) at hudson.XmlFile.unmarshal(XmlFile.java:180) at hudson.XmlFile.unmarshal(XmlFile.java:163) at hudson.model.Descriptor.load(Descriptor.java:914) at sun.reflect.GeneratedMethodAccessor12.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at hudson.ExtensionFinder$GuiceFinder$SezpozModule.onProvision(ExtensionFinder.java:601) at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:126) at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:68) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:87) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:267) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145) at hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:440) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41) at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103) at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012) at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:402) at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393) at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:344) at hudson.ExtensionList.load(ExtensionList.java:381) at hudson.ExtensionList.ensureLoaded(ExtensionList.java:317) at hudson.ExtensionList.getComponents(ExtensionList.java:183) {noformat} {color:red}Important note:{color} I "fixed" my jenkins by manually emptying the queue and moving my init.groovy away. I.e., only this snippet (which has been working until now) is now causing this behavior: {noformat} import hudson.model.AbstractItem; import jenkins.model.Jenkins; for (item in Jenkins.instance.getAllItems(AbstractItem.class)) {   if (item instanceof jenkins.branch.OrganizationFolder) {     item.doBuild()     println("Triggered on-boot organization folder scan for " + item.fullName)   } } {noformat}

Add Comment

[cyainh3ll@gmail.com (JIRA)]

After a reboot without this hook, everything works as expected. However, I really need this hook as a workaround for another bug in a different plugin. And as I said - this has been working for months before.

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration What does this have to do with matrix-auth plugin and/or matrix-project plugin?

Add Comment

[cyainh3ll@gmail.com (JIRA)]

Sir Tumbleweed commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

I assumed a connetion due to

at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:61) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:178) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:190) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:186) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:176)

but I might be wrong. I am not familiar with the numerous components.

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck assigned an issue to Unassigned

That's yet another plugin, but likely unrelated too.

Jenkins / JENKINS-61990

StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

Change By: Daniel Beck Component/s: core Component/s: matrix-auth-plugin Component/s: matrix-project-plugin Assignee: Daniel Beck

Add Comment

[cyainh3ll@gmail.com (JIRA)]

Sir Tumbleweed commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration One more thing that points me in this direction (or this 'other' plugin's direction): I thought moving out my init.groovy fixed the issue for me, but after next reboot the stackoverflow returned. So I continued digging and disabled the following block from an organization folder config brought the actual relief. <com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty> <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/> <permission>hudson.model.Item.Discover:myldapgroup</permission> <permission>hudson.model.Item.Read:myldapgroup</permission> <permission>hudson.model.Item.Workspace:myldapgroup</permission> <permission>hudson.model.View.Read:myldapgroup</permission> </com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty> There seems to be a circle in this per-project authorization configuration. But it's not clear to me why. After disabling this, my init.groovy also started working again, so I'll remove that hint from the original issue description.

Add Comment

[cyainh3ll@gmail.com (JIRA)]

Sir Tumbleweed updated an issue

Jenkins / JENKINS-61990

StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

Change By: Sir Tumbleweed

at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:61) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:178) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:190) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:186) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:176)

at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:61) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:178) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:190) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:186) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:176)

- {color: red #FF0000 }Important note:{color} I "fixed" my jenkins by manually emptying the queue and moving my init.groovy away. I.e., only this snippet (which has been working until now) is now causing this behavior: -

{noformat} import hudson.model.AbstractItem; import jenkins.model.Jenkins; for (item in Jenkins.instance.getAllItems(AbstractItem.class)) {   if (item instanceof jenkins.branch.OrganizationFolder) {     item.doBuild()

println("Triggered on - boot organization folder scan for " + item.fullName) …-   } } {noformat} - After a reboot without this hook, everything works as expected. However, I really need this hook as a workaround for another bug in a different plugin. And as I said - this has been working for months before. -

Add Comment

[cyainh3ll@gmail.com (JIRA)]

Sir Tumbleweed edited a comment on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

One more thing that points me in this direction (or this 'other' plugin's direction): I thought moving out my init.groovy fixed the issue for me, but after next reboot the stackoverflow returned. So I continued digging and disabled the following block from an organization folder config brought the actual relief.

{noformat}

<com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>       <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>       <permission>hudson.model.Item.Discover:myldapgroup</permission>       <permission>hudson.model.Item.Read:myldapgroup</permission>       <permission>hudson.model.Item.Workspace:myldapgroup</permission>       <permission>hudson.model.View.Read:myldapgroup</permission>     </com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>

{noformat}

There seems to be a circle in this per-project authorization configuration. But it's not clear to me why. After disabling this, my init.groovy also started working again, so I'll remove that hint from the original issue description.

Edit: I think I narrowed it down to the Discover permission, which is implied by Item.Read and the validator in the frontend disallows selecting Discover when Item.Read is selected. Would be nice if there was a more tolerant handling to avoid this stack overflow of Jenkins though.

Add Comment

[cyainh3ll@gmail.com (JIRA)]

Sir Tumbleweed commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

My last assumptions were wrong. The error still kept popping up, but it was hard to reproduce. Sometimes it showed after reboot without any prior config change. Sometimes it appeared despite there was a configuration in place, that seemed to work before. My latest theory, after I also reproduced this error without my additional LDAP group/user permissions, is a collision between different privileges for anonymous users (global) and in the per-project matrix. We use the InheritParentStrategy (but it also happens with the InheritGlobalStrategy) and for whatever reason when you enable the per-project matrix, it automatically adds the anonymous user without any privileges and you cannot remove this. It's a contrast to our global permissions, though, which grant anonymous users the ViewStatus privilege. It seems like (sometimes) Jenkins cannot resolve this contradiction. My latest workaround is to also grant the anonymous user this ViewStatus privilege in my per-project matrix to avoid this contradiction and since then I couldn't reproduce the stack overflow anymore. To summarize: give the anonymous user some privilege other than nothing at all activate a per-project matrix leave all checkboxes for the anonymous user empty, i.e. produce a contradiction between global and per-project permission what's weird - we had such configuration before on a different organization folder and it didn't cause this circle which makes it feel non-deterministic but there's probably a logic to it

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

it automatically adds the anonymous user without any privileges and you cannot remove this. It's a contrast to our global permissions, though, which grant anonymous users the ViewStatus privilege.

It seems like (sometimes) Jenkins cannot resolve this contradiction.

The UI doesn't matter here, table rows (i.e. users/groups) without any permissions granted aren't saved, you can see that in config.xml that will not have entries for anonymous unless you grant permissions.

Add Comment

[andre.szuenstein@steag.com (JIRA)]

Andre Szünstein commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

We have this issue too. I have tracked down the problem and it seems to be caused by the security check in the deserialization of AuthorizeProjectStrategy.java During deserialization of the configuration, the method  readResolve() is called and this method will call checkUnsecuredConfiguration(). If current authentication is not ACL.SYSTEM, ProjectQueueItemAuthenticator.isConfigured() will get called and the infinite loop begins, since this method will try to deserialize the configuration again ...   I do not know why the authentication is not ACL.SYSTEM at this time, but maybe it is an issue with scheduled jobs? The problem was introduced when refactoring readResolve() in commit https://github.com/jenkinsci/authorize-project-plugin/commit/c0aae28565e5e5e7b96c127c5399aa2b8d6b746c   Please fix this issue, since it is not possible to configure a global strategy without loosing the ability to restart jenkins properly.

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

Andre Szünstein I have tracked down the problem and it seems to be caused by the security check in the deserialization … The problem was introduced when refactoring readResolve() in commit Could you clarify whether you're saying this issue has been present for three years, undetected, or whether it's just now apparent due to recent core changes?

Add Comment

[andre.szuenstein@steag.com (JIRA)]

Andre Szünstein commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

The problem does not occur with an older jenkins version (around 2.190), and so I believe the bug does appear now due to some changes in the core. I did only a static analyzation of the generated call stack by folling the source code, no debugging ... I do not know why the first check does not suceed before the configuration is loaded at startup. And yes, the possibility for the loop itself is in the code for 3 years. Checking the authorization in a method that is called when reading the authorization configuration is not a good idea, if the check will result in reading the config again ... Here are some log lines, when starting jenkins ... I have shortened the call stacks. Maybe this will help to get down to the problem ... 2020-04-29 07:14:31.980+0000 [id=34] INFO jenkins.InitReactorRunner$1#onAttained: Prepared all plugins 2020-04-29 07:14:31.980+0000 [id=34] INFO jenkins.InitReactorRunner$1#onAttained: Prepared all plugins 2020-04-29 07:14:31.984+0000 [id=29] INFO jenkins.model.Jenkins$5#runTask: Took 0ms for null by pool-6-thread-1 2020-04-29 07:14:31.984+0000 [id=29] INFO jenkins.model.Jenkins$5#runTask: Took 0ms for null by pool-6-thread-1 2020-04-29 07:14:31.992+0000 [id=31] INFO jenkins.model.Jenkins$5#runTask: Took 8ms for Contributed.load by pool-6-thread-3 2020-04-29 07:14:32.117+0000 [id=34] INFO jenkins.model.Jenkins$5#runTask: Took 133ms for Resolving Dependent Plugins Graph by pool-6-thread-6 2020-04-29 07:14:33.204+0000 [id=39] WARNING hudson.model.Descriptor#load: Failed to load D:\Jenkins\jenkins.security.QueueItemAuthenticatorConfiguration.xml java.lang.StackOverflowError at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:344) ...

at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:344) at hudson.ExtensionList.load(ExtensionList.java:381)

Caused: java.io.IOException: Unable to read D:\Jenkins\jenkins.security.QueueItemAuthenticatorConfiguration.xml at hudson.XmlFile.unmarshal(XmlFile.java:183)

at hudson.XmlFile.unmarshal(XmlFile.java:163) at hudson.model.Descriptor.load(Descriptor.java:914)

... at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393)

at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393) at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:344) at hudson.ExtensionList.load(ExtensionList.java:381) at hudson.ExtensionList.ensureLoaded(ExtensionList.java:317) at hudson.ExtensionList.getComponents(ExtensionList.java:183) at hudson.DescriptorExtensionList.load(DescriptorExtensionList.java:194) at hudson.ExtensionList.ensureLoaded(ExtensionList.java:317) at hudson.ExtensionList.iterator(ExtensionList.java:172) at hudson.ExtensionList.getInstance(ExtensionList.java:162) at jenkins.security.QueueItemAuthenticatorConfiguration.get(QueueItemAuthenticatorConfiguration.java:61) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.getConfigured(ProjectQueueItemAuthenticator.java:178) at org.jenkinsci.plugins.authorizeproject.ProjectQueueItemAuthenticator.isConfigured(ProjectQueueItemAuthenticator.java:190) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.checkUnsecuredConfiguration(AuthorizeProjectStrategy.java:186) at org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy.readResolve(AuthorizeProjectStrategy.java:176)

...   Kind regards,

Add Comment

[dbeck@cloudbees.com (JIRA)]

Daniel Beck commented on JENKINS-61990

Re: StackOverflowError on boot related to QueueItemAuthenticatorConfiguration

Would be interesting to know in which Jenkins version this broke. My guess is that 2.220 is a good candidate (i.e. it still worked in 2.219).

Add Comment