Aaron Ogburn created CXF-9171:
---------------------------------
Summary: DelayedCachedOutputStreamCleaner thread accumulation
after CVE-2025-23184 fix
Key: CXF-9171
URL: https://issues.apache.org/jira/browse/CXF-9171
Project: CXF
Issue Type: Bug
Components: Core
Affects Versions: 4.0.6, 3.6.5, 3.5.10, 4.1.0
Environment: JBoss/Wildfly
Reporter: Aaron Ogburn
After the CVE-2025-23184 fix (CXF-7396), DelayedCachedOutputStreamCleaner timer
threads can be problematic and can contribute to unwanted thread growth and
possibly classloader leaks potentially to the point of thread OOMEs or
metaspace OOMEs. This now creates a unique Timer and thread for every bus
instance created just to handle a single 30 min default interval task even if
there is no closeable yet registered so this seems excessive and a bus is a
much more leaky object as a result. The created Timer thread will also inherit
contextClassLoaders and that may then preserve some app classloader reference
to possibly influence additional classloader leaks.
For instance, in the context of WildFly/JBoss it maintains a WeakHashMap
storing busses with a bus keyed off a classloader. But the bus can now
maintain a strong reference to that classloader through the
DelayedCachedOutputStreamCleaner TimerThread's contextClassLoader so this
WeakHashMap can no longer self clean:
{code:java}
Class Name
| Ref. Objects |
Shallow Heap | Ref. Shallow Heap | Retained Heap
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[5] class org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory @
0x5d513a898 | 1
| 8 | 96 | 24,503,336
'- classLoaderBusses java.util.WeakHashMap @ 0x5f846cd30
| 1 |
48 | 96 | 24,503,328
'- table java.util.WeakHashMap$Entry[32] @ 0x5d6af4dd0
| 1 |
144 | 96 | 24,503,232
'- [28] java.util.WeakHashMap$Entry @ 0x5d6af4e60
| 1 |
40 | 96 | 3,793,016
'- value org.apache.cxf.bus.extension.ExtensionManagerBus @
0x5d6af4e88 |
1 | 56 | 96 | 3,792,976
'- extensions java.util.concurrent.ConcurrentHashMap @ 0x5d6af5080
| 1 |
64 | 96 | 3,616
'- table java.util.concurrent.ConcurrentHashMap$Node[64] @
0x5d6af50c0 |
1 | 272 | 96 | 3,552
'- [2] java.util.concurrent.ConcurrentHashMap$Node @
0x5d6e93778 |
1 | 32 | 96 | 32
'- val org.apache.cxf.io.DelayedCachedOutputStreamCleaner
@ 0x5d6e89398 | 1 |
24 | 96 | 256
'- cleaner
org.apache.cxf.io.DelayedCachedOutputStreamCleaner$DelayedCleanerImpl @
0x5d6e893b0 | 1 | 32 |
96 | 232
'- timer java.util.Timer @ 0x5d6e89498
| 1 |
24 | 96 | 720
'- thread java.util.TimerThread @ 0x5cf230188
DelayedCachedOutputStreamCleaner | 1 |
128 | 96 | 144
'- contextClassLoader
org.jboss.ws.common.utils.DelegateClassLoader @ 0x5cf1e9b68
| 1 | 72 | 96 | 560
'- parent, parent my.app.ClassLoader @
0x5cf1e8af0| 1 | 96 | 96 | 11,565,128
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
