mercredi 20 mars 2019

SecureRandom locking NativePRNG on jsch

I have an application on production that creates about 150 threads that complete in about 45 seconds. Recently we started to have memory problems. Turns out that threads never complete and add up over time because of locked NativePRNG.

We only have that problem for our test/backup machine. Production machine runs the same jar without a problem.

Here's the stack trace of a thread

"VSGADNE01" #923 prio=5 os_prio=0 tid=0x00007f7698e41800 nid=0x2b32 runnable 
[0x00007f7601ac3000]
   java.lang.Thread.State: RUNNABLE
    at java.util.Arrays.copyOfRange(Arrays.java:3520)
    at sun.security.provider.NativePRNG$RandomIO.implNextBytes(NativePRNG.java:553)
    - locked <0x00000005cdf9c660> (a java.lang.Object)
    at sun.security.provider.NativePRNG$RandomIO.access$400(NativePRNG.java:331)
    at sun.security.provider.NativePRNG.engineNextBytes(NativePRNG.java:220)
    at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
    at com.jcraft.jsch.jce.Random.fill(Random.java:78)
    at com.jcraft.jsch.Packet.padding(Packet.java:59)
    - locked <0x00000005cde992d0> (a com.jcraft.jsch.jce.Random)
    at com.jcraft.jsch.Session.encode(Session.java:885)
    at com.jcraft.jsch.Session._write(Session.java:1366)
    - locked <0x000000064974f720> (a java.lang.Object)
    at com.jcraft.jsch.Session.write(Session.java:1335)
    at com.jcraft.jsch.ChannelSftp.sendPacketPath(ChannelSftp.java:2575)
    at com.jcraft.jsch.ChannelSftp.sendPacketPath(ChannelSftp.java:2559)
    at com.jcraft.jsch.ChannelSftp.sendCLOSE(ChannelSftp.java:2538)
    at com.jcraft.jsch.ChannelSftp._sendCLOSE(ChannelSftp.java:2464)
    at com.jcraft.jsch.ChannelSftp._get(ChannelSftp.java:1155)
    at com.jcraft.jsch.ChannelSftp.get(ChannelSftp.java:961)
    at com.jcraft.jsch.ChannelSftp.get(ChannelSftp.java:873)
    at com.ngss.vodafone.oss.ebm.Controller.SftpUtils.getFiles(SftpUtils.java:141)
    at com.ngss.vodafone.oss.ebm.Controller.SftpUtils.download(SftpUtils.java:187)
    at com.ngss.vodafone.oss.ebm.Controller.Host.downloadFiles(Host.java:108)
    at com.ngss.vodafone.oss.ebm.Controller.Host.run(Host.java:86)
    at java.lang.Thread.run(Thread.java:748)

Things that i tried with no success:

  • Setting securerandom.source=file:/dev/./urandom in java.security
  • Running the jar with option -Djava.security.egd=file:/dev/./urandom
  • Linking /dev/random to /dev/urandom



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)