Memory Leak in javax.crypto.JceSecurity

Issue

I am experiencing a memory leak related to the javax.crypto.JceSecurity class. Jenkins JVM heap utilization is unexpectedly climbing over time.

Example of Heap Dump Analysis:

The class "javax.crypto.JceSecurity", loaded by "<system class loader>", occupies 6,209,610,104 (91.15%) bytes. The memory is accumulated in one instance of "java.util.concurrent.ConcurrentHashMap$Node[]" loaded by "<system class loader>"

Environment

CloudBees CI (CloudBees Core) on Traditional Platforms
CloudBees Jenkins Distribution
CloudBees Jenkins Enterprise (CJE)
CloudBees Jenkins Enterprise - Managed controller (CJE-MM)
CloudBees Jenkins Enterprise - Operations Center (CJE-OC)
CloudBees Jenkins Team (CJT)
CloudBees Jenkins Platform - Client controller (CJP-CM)
CloudBees Jenkins Platform - Operations Center (CJP-OC)
Jenkins LTS

Resolution

This issue was recently reported by a CloudBees customer who was running an unsupported JDK, Azul Zulu JDK. The issue looks similar to an earlier reported issue within the JDK issue tracker: https://bugs.openjdk.org/browse/JDK-8168469 which appears to have been recently resolved as part of Azul Zulu’s January 2020 release notes which incorporates a fix for https://bugs.openjdk.org/browse/JDK-7107615

Using either OpenJDK or Oracle JDK resolves this issue.

Explanation

At this time, CloudBees does not support Azul Zulu JDK. Vendors like Azul Zulu go through a certification performed by the Java Community Process (JCP), which provides a Technology Compatibility Kit (TCK) and essentially marks them as compatible, but that doesn’t mean they are not different, or come with their own inherent issues.

Therefore it is recommended to always use a supported Java JDK.