Enabling the "sunec" USE flag for dev-java/icedtea:7 reliably induces segfaults in various formerly stable Java applications, as described at the following upstream bug report: http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1905 On my machine, running Java-based PyCharm (dev-util/pycharm-community) appears to be the simplest means of reproducing such issue. On startup, simply open any directory containing at least one ".py" file as a new project. If this fails to induce an immediate segfault, then selecting "File" -> "Settings" typically does. Please find attached both "emerge --info" output and three error logs produced by PyCharm backtracing such segfaults. Every segfault occurs at the same "problematic frame" PL_HashTableLookupConst+0x17 of libplds4.so+0x1ea7. Moreover, register RAX always maps to SECOID_FindOIDTag_Util+0 in /usr/lib64/libnssutil3.so, the shared library for Network Security Services (NSS). Even more damningly, the SunEC-specific function sun.security.ec.ECKeyPairGenerator.generateECKeyPair() always appears on the Java stack. Relevant logfile content is as follows: # JRE version: OpenJDK Runtime Environment (7.0_71-b14) (build 1.7.0_71-b14) # Java VM: OpenJDK 64-Bit Server VM (24.65-b04 mixed mode linux-amd64 compressed oops) # Derivative: IcedTea 2.5.3 # Distribution: Gentoo Base System release 2.2, package Gentoo package icedtea-7.2.5.3 # Problematic frame: # C [libplds4.so+0x1ea7] PL_HashTableLookupConst+0x17 ... Register to memory mapping: RAX=0x000000357b615c40: SECOID_FindOIDTag_Util+0 in /usr/lib64/libnssutil3.so at 0x000000357b600000 ... Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j sun.security.ec.ECKeyPairGenerator.generateECKeyPair(I[B[B)[Ljava/lang/Object;+0 j sun.security.ec.ECKeyPairGenerator.generateKeyPair()Ljava/security/KeyPair;+55 j java.security.KeyPairGenerator$Delegate.generateKeyPair()Ljava/security/KeyPair;+23 j sun.security.ssl.ECDHCrypt.<init>(Ljava/security/spec/ECParameterSpec;Ljava/security/SecureRandom;)V+17 Either rebuilding dev-java/icedtea:7 with USE flag "sunec" disabled *OR* employing the fix detailed by both Andrew John Hughes and Dennis Schridde at such bugzilla report reliably corrects this issue. Of course, both approaches disable SunEC functionality. Since such functionality appears to be fundamentally broken (as of this bug report), this is probably a good thing. To synopsize such fix: 1. Manually edit the system-wide file "/usr/lib64/icedtea7/jre/lib/security/java.security". 2. Disable the SunEC security provider. Specifically: # Modify this... security.provider.3=sun.security.ec.SunEC # ...to resemble this. #security.provider.3=sun.security.ec.SunEC 3. Renumber all security providers following the SunEC security provider so as to preserve consecutive ordering. The resulting lines should resemble: security.provider.3=com.sun.net.ssl.internal.ssl.Provider security.provider.4=com.sun.crypto.provider.SunJCE security.provider.5=sun.security.jgss.SunProvider security.provider.6=com.sun.security.sasl.Provider security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI security.provider.8=sun.security.smartcardio.SunPCSC # the NSS security provider was not enabled for this build; it can be enabled # if NSS (libnss3) is available on the machine. The nss.cfg file may need # editing to reflect the location of the NSS installation. security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg 4. You're done. (Yay.) My uncredentialed recommendation would be to issue a revised ebuild ignoring and hence effectively disabling USE flag "sunec" until resolved by upstream. A post- installation emerge message or even Gentoo advisory might be applicable. Happily, you know better than me. Thanks for your tireless efforts, Gentoo developers. You're awesome. May the bugginess be with you. Reproducible: Always Steps to Reproduce: 1. Run PyCharm. 2. Open project. 3. Fail horribly. Actual Results: Horrible segfault. (See attached logfiles.) Expected Results: No horrible segfault. (Your mileage may vary, of course.)
Created attachment 393908 [details] emerge --info
Created attachment 393910 [details] PyCharm segfault backtrace log (#1).
Created attachment 393912 [details] PyCharm segfault backtrace log (#2).
Created attachment 393914 [details] PyCharm segfault backtrace log (#3).
# My uncredentialed recommendation would be to issue a revised ebuild ignoring and # hence effectively disabling USE flag "sunec" until resolved by upstream. Sounds like a reasonable solution. Upstream bug is assigned to gnu_andrew. Until he finds out what causes the problem, we should disable it.
Check with 2.5.4 as PR2123 was resolved there: http://bitly.com/it20504
Thanks Andrew for the link! Version 7.2.5.4 should fix this issue. Please reopen if not.
