This seems to be a regression caused by
HBASE-4791 wherein we check if secure zookeeper is enabled and if so we make use of saslLatch to verify security handshake is completed. But in the case of MR, we won't be negotiating a secure connection thus we end up waiting forever for the saslLatch.
Since the bug the saslLatch workaround is trying to fix (
ZOOKEEPER-1437) is already fixed in zookeeper-3.4.5. Removal of the workaround fixes the problem.