[SOLVED] VirtualBox processes instantly segfaulting

[codemonkey672342]

Hey!

Today I upgraded VirtualBox from 5.0.26 to 5.1.10. I am running gentoo linux with kernel 4.7.10.
Unfortunately vboxwebsrv and VBoxManage just segfault rather instantly.

Code: Select all

tomb ~ # VBoxManage list vms
Segmentation fault
tomb ~ # vboxwebsrv
Oracle VM VirtualBox web service Version 5.1.10
(C) 2007-2016 Oracle Corporation
All rights reserved.
VirtualBox web service 5.1.10 r112026 linux.amd64 (Nov 21 2016 17:41:59) release log
00:00:00.000115 main     Log opened 2016-12-10T19:17:33.193726000Z
00:00:00.000117 main     Build Type: release
00:00:00.000120 main     OS Product: Linux
00:00:00.000122 main     OS Release: 4.7.10-hardened
00:00:00.000123 main     OS Version: #1 SMP Sat Dec 10 14:30:44 CET 2016
00:00:00.000152 main     DMI Product Name: System Product Name
00:00:00.000160 main     DMI Product Version: System Version
00:00:00.000232 main     Host RAM: 16017MB (15.6GB) total, 15216MB (14.8GB) available
00:00:00.000238 main     Executable: /opt/VirtualBox/vboxwebsrv
00:00:00.000239 main     Process ID: 16560
00:00:00.000240 main     Package type: LINUX_64BITS_GENERIC
00:00:00.008421 main     IPC socket path: /tmp/.vbox-root-ipc/ipcd
Segmentation fault
tomb ~ #

I did an strace on vboxwebsrv:

Code: Select all

tomb ~ # strace vboxwebsrv
execve("/opt/bin/vboxwebsrv", ["vboxwebsrv"], [/* 22 vars */]) = 0
brk(0)                                  = 0x666b09c530
[...]
stat("/opt/VirtualBox/components/VBoxNetDHCP.so", {st_mode=S_IFREG|0644, st_size=159576, ...}) = 0
stat("/opt/VirtualBox/components/VBoxNetDHCP.so", {st_mode=S_IFREG|0644, st_size=159576, ...}) = 0
open("/opt/VirtualBox/components/VBoxNetDHCP.so", O_RDONLY|O_CLOEXEC) = 9
read(9, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\224\0\0\0\0\0\0"..., 832) = 832
fstat(9, {st_mode=S_IFREG|0644, st_size=159576, ...}) = 0
mmap(NULL, 2254912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 9, 0) = 0x3ea74c8f000
mprotect(0x3ea74cb2000, 2097152, PROT_NONE) = 0
mmap(0x3ea74eb2000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 9, 0x23000) = 0x3ea74eb2000
close(9)                                = 0
mprotect(0x3ea74eb2000, 4096, PROT_READ) = 0
stat("/opt/VirtualBox/components/VBoxREM.so", {st_mode=S_IFREG|0644, st_size=715040, ...}) = 0
stat("/opt/VirtualBox/components/VBoxREM.so", {st_mode=S_IFREG|0644, st_size=715040, ...}) = 0
open("/opt/VirtualBox/components/VBoxREM.so", O_RDONLY|O_CLOEXEC) = 9
read(9, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\257\0\0\0\0\0\0"..., 832) = 832
fstat(9, {st_mode=S_IFREG|0644, st_size=715040, ...}) = 0
close(9)                                = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x50} ---
+++ killed by SIGSEGV +++
Segmentation fault
tomb ~ #

And i ran it through gdb:

Code: Select all

tomb ~ # gdb /opt/VirtualBox/vboxwebsrv
GNU gdb (Gentoo 7.10.1 vanilla) 7.10.1
Copyright (C) 2015 Free Software Foundation, Inc.
[...]
Reading symbols from /opt/VirtualBox/vboxwebsrv...(no debugging symbols found)...done.
(gdb) run
Starting program: /opt/VirtualBox/vboxwebsrv
warning: Cannot call inferior functions, Linux kernel PaX protection forbids return to non-executable pages!
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x36241e51700 (LWP 16695)]
[New Thread 0x36241650700 (LWP 16696)]
[Thread 0x36241650700 (LWP 16696) exited]
[Thread 0x36241e51700 (LWP 16695) exited]
Oracle VM VirtualBox web service Version 5.1.10
(C) 2007-2016 Oracle Corporation
All rights reserved.
VirtualBox web service 5.1.10 r112026 linux.amd64 (Nov 21 2016 17:41:59) release log
00:00:00.000121 main     Log opened 2016-12-10T19:22:07.575784000Z
00:00:00.000123 main     Build Type: release
00:00:00.000132 main     OS Product: Linux
00:00:00.000134 main     OS Release: 4.7.10-hardened
00:00:00.000135 main     OS Version: #1 SMP Sat Dec 10 14:30:44 CET 2016
00:00:00.000170 main     DMI Product Name: System Product Name
00:00:00.000181 main     DMI Product Version: System Version
00:00:00.000254 main     Host RAM: 16017MB (15.6GB) total, 15195MB (14.8GB) available
00:00:00.000262 main     Executable: /opt/VirtualBox/vboxwebsrv
00:00:00.000263 main     Process ID: 16690
00:00:00.000264 main     Package type: LINUX_64BITS_GENERIC
00:00:00.016690 main     IPC socket path: /tmp/.vbox-root-ipc/ipcd
[New Thread 0x36244152700 (LWP 16703)]
[New Thread 0x36244131700 (LWP 16704)]

Program received signal SIGSEGV, Segmentation fault.
0x0000036243f58163 in ?? () from /lib64/ld-linux-x86-64.so.2
(gdb) bt full
#0  0x0000036243f58163 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#1  0x0000036243f60bf1 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#2  0x0000036243f5bd41 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#3  0x0000036243f600c2 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#4  0x0000036242152002 in ?? () from /lib64/libdl.so.2
No symbol table info available.
#5  0x0000036243f5bd41 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#6  0x00000362421526a9 in ?? () from /lib64/libdl.so.2
No symbol table info available.
#7  0x00000362421520b2 in dlopen () from /lib64/libdl.so.2
No symbol table info available.
#8  0x0000036243357daa in VBoxNsprPR_LoadLibraryWithFlags () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#9  0x0000036243357ea7 in VBoxNsprPR_LoadLibrary () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#10 0x000003624330ce24 in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#11 0x0000036243323d0f in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#12 0x0000036243324991 in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#13 0x0000036243325fdb in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#14 0x000003624332446a in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#15 0x00000362433242d6 in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#16 0x0000036243327fab in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#17 0x0000036243328395 in ?? () from /opt/VirtualBox/VBoxXPCOM.so
No symbol table info available.
#18 0x0000000000ee39a8 in ?? ()
No symbol table info available.
#19 0x000000000040a3c3 in ?? ()
No symbol table info available.
#20 0x00000362429cd734 in __libc_start_main () from /lib64/libc.so.6
No symbol table info available.
#21 0x0000000000407559 in ?? ()
No symbol table info available.
#22 0x000003c8b16192f8 in ?? ()
No symbol table info available.
#23 0x000000000000001c in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

Because the kernel on the system has grsec/PaX enabled, i wanted to switch off all the checks on the executable, but:

Code: Select all

tomb ~ # paxctl -v /opt/VirtualBox/vboxwebsrv
PaX control v0.9
Copyright 2004,2005,2006,2007,2009,2010,2011,2012,2014 PaX Team <pageexec@freemail.hu>

file /opt/VirtualBox/vboxwebsrv is not a valid ELF executable (invalid PT_ entry:8)
tomb ~ #

I read on some forum on the internet, that paxctl does rather thorough checking on the ELF headers. Entry eight should be the one that's causing the issue:

Code: Select all

tomb ~ # readelf -l /opt/VirtualBox/vboxwebsrv

Elf file type is EXEC (Executable file)
Entry point 0x407530
There are 9 program headers, starting at offset 64

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  PHDR           0x0000000000000040 0x0000000000400040 0x0000000000400040
                 0x00000000000001f8 0x00000000000001f8  R E    8
  INTERP         0x0000000000000238 0x0000000000400238 0x0000000000400238
                 0x000000000000001c 0x000000000000001c  R      1
      [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
  LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000
                 0x0000000001151e6c 0x0000000001151e6c  R E    200000
  LOAD           0x0000000001152a38 0x0000000001752a38 0x0000000001752a38
                 0x0000000000003618 0x0000000000003a28  RW     200000
  DYNAMIC        0x0000000001153d90 0x0000000001753d90 0x0000000001753d90
                 0x00000000000001f0 0x00000000000001f0  RW     8
  NOTE           0x0000000000000254 0x0000000000400254 0x0000000000400254
                 0x0000000000000020 0x0000000000000020  R      4
  GNU_EH_FRAME   0x0000000000e8af00 0x000000000128af00 0x000000000128af00
                 0x0000000000000008 0x0000000000000008  R      4
  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000000000 0x0000000000000000  RW     8
  GNU_RELRO      0x0000000001152a38 0x0000000001752a38 0x0000000001752a38
                 0x0000000000001548 0x0000000000001538  R      1

 Section to Segment mapping:
  Segment Sections...
   00
   01     .interp
   02     .interp .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame .gcc_except_table
   03     .ctors .dtors .jcr .data.rel.ro .dynamic .got .got.plt .data .bss
   04     .dynamic
   05     .note.ABI-tag
   06     .eh_frame_hdr
   07
   08     .ctors .dtors .jcr .data.rel.ro
tomb ~ #

GNU_RELRO 0x0000000001152a38 0x0000000001752a38 0x0000000001752a38
0x0000000000001548 0x0000000000001538 R 1
this was the entry that paxctl complained about, and for a good
reason: filesz > memsz which while causes no apparent problem on
loading the binary, is still not good because it means the linker
put something into the file which will not be loaded into memory
at runtime (or rather, it will be in this particular case, but it
still points at a bug somewhere in the linker).

Currently I don't see any way for getting VirtualBox running on a PaX enabled system. Or am I missing something? Are the segfaults even related to PaX?
I'll gladly provide more information if needed!

Thanks for your help!

[codemonkey672342]

I got some update on the problem.
I tried some older VirtualBox versions and found the same problem (at least segfaults with vboxwebsrv) for all 5.1.x versions available in gentoo portage. That's 5.1.6, 5.1.8 and 5.1.10.
The latest available 5.0.x version is working fine, which is 5.0.30.

paxctl is complaining about "not valid ELF executable" with vboxwebsrv even with 5.0.30 binaries. This leads me to the conclusion that this is not a PaX related issue.
This seems to be confirmed by grsec just detecting a segfault, but not logging that it actively shut down/killed the processes:

Code: Select all

Dec 10 20:13:43 tomb kernel: [17784.847988] grsec: From 10.0.10.149: Segmentation fault occurred at 0000000000000050 in /opt/VirtualBox/vboxwebsrv[vboxwebsrv:16407] uid/euid:1001/1001 gid/egid:121/121, parent /bin/bash[bash:16403] uid/euid:1001/1001 gid/egid:121/121

But still: Why is it even segfaulting?

[frank]

First, the GNU_RELRO with the weird MemSiz / FileSiz values is created when stripping the original binary with strip. We build the .run packages on EL5.11 which has 2.17.50.0.6-26.el5 installed. objcopy -S creates the same stripped binary with the weird MemSiz / FileSiz values. But I doubt that these values are the reason for the crash.

I've uploaded the debug symbols of the 5.1.10 Linux/64-bit package here. Could you install this package with

Code: Select all

tar -C / -xjf VirtualBox-dbg-5.1.10-Linux_amd64.tar.bz2

and then do your gdb investigation again? Does it create better backtrace then?

EDIT: Fixed the URL and the tar command line

[codemonkey672342]

Hi Frank,

Thank you very much for your reply and your explanations about GNU_RELRO.

I just downloaded the symbols (your url and tar command were broken btw), reinstalled 5.1.10 and debugged it again. This is the output gdb now gives:

Code: Select all

vbox@tomb ~ $ gdb /opt/VirtualBox/vboxwebsrv
GNU gdb (Gentoo 7.10.1 vanilla) 7.10.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /opt/VirtualBox/vboxwebsrv...Reading symbols from /usr/lib64/debug//opt/VirtualBox/vboxwebsrv...done.
done.
(gdb) run
Starting program: /opt/VirtualBox/vboxwebsrv
warning: Cannot call inferior functions, Linux kernel PaX protection forbids return to non-executable pages!
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x3cf9e5ca700 (LWP 21008)]
[Thread 0x3cf9e5ca700 (LWP 21008) exited]
Oracle VM VirtualBox web service Version 5.1.10
(C) 2007-2016 Oracle Corporation
All rights reserved.
VirtualBox web service 5.1.10 r112026 linux.amd64 (Nov 21 2016 17:41:59) release log
00:00:00.000108 main     Log opened 2016-12-13T20:16:02.188064000Z
00:00:00.000118 main     Build Type: release
00:00:00.000121 main     OS Product: Linux
00:00:00.000122 main     OS Release: 4.7.10-hardened
00:00:00.000122 main     OS Version: #1 SMP Sat Dec 10 14:30:44 CET 2016
00:00:00.000143 main     DMI Product Name: System Product Name
00:00:00.000148 main     DMI Product Version: System Version
00:00:00.000186 main     Host RAM: 16017MB (15.6GB) total, 14934MB (14.5GB) available
00:00:00.000200 main     Executable: /opt/VirtualBox/vboxwebsrv
00:00:00.000201 main     Process ID: 21001
00:00:00.000201 main     Package type: LINUX_64BITS_GENERIC
00:00:00.018151 main     IPC socket path: /tmp/.vbox-vbox-ipc/ipcd
[New Thread 0x3cfa08cb700 (LWP 21010)]
[New Thread 0x3cfa08aa700 (LWP 21011)]

Program received signal SIGSEGV, Segmentation fault.
0x000003cfa06d1163 in ?? () from /lib64/ld-linux-x86-64.so.2
(gdb) bt full
#0  0x000003cfa06d1163 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#1  0x000003cfa06d9bf1 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#2  0x000003cfa06d4d41 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#3  0x000003cfa06d90c2 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#4  0x000003cf9e8cb002 in ?? () from /lib64/libdl.so.2
No symbol table info available.
#5  0x000003cfa06d4d41 in ?? () from /lib64/ld-linux-x86-64.so.2
No symbol table info available.
#6  0x000003cf9e8cb6a9 in ?? () from /lib64/libdl.so.2
No symbol table info available.
#7  0x000003cf9e8cb0b2 in dlopen () from /lib64/libdl.so.2
No symbol table info available.
#8  0x000003cf9fad0daa in pr_LoadLibraryByPathname (flags=1,
    name=0x1d82d98 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:1113
        dl_flags = <optimized out>
        h = <optimized out>
        lm = 0x1d82eb0
        result = 0x0
        oserr = <optimized out>
#9  VBoxNsprPR_LoadLibraryWithFlags (libSpec=..., flags=1)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:674
No locals.
#10 0x000003cf9fad0ea7 in VBoxNsprPR_LoadLibrary (name=0x1d82d98 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:698
        libSpec = {type = PR_LibSpec_Pathname, value = {
            pathname = 0x1d82d98 "/opt/VirtualBox/components/VBoxREM.so", mac_named_fragment = {
              fsspec = 0x1d82d98, name = 0x1d82cc0 "\020\006\321\237\317\003"}, mac_indexed_fragment = {
              fsspec = 0x1d82d98, index = 30944448}}}
#11 0x000003cf9fa85e24 in nsLocalFile::Load (this=<optimized out>, _retval=0x1d82de8)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/io/nsLocalFileUnix.cpp:1542
No locals.
#12 0x000003cf9fa9cd0f in nsDll::Load (this=0x1d82de0)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/xcDll.cpp:248
        manager = {<nsCOMPtr_base> = {mRawPtr = 0x1d41860}, <No data fields>}
        extraData = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                mVTable = 0x3cf9fd0c530 <vtable for nsObsoleteACStringThunk+16>,
                mData = 0x3cf9fadc6e0 <gNullChar> "", mLength = 0,
                mFlags = 3}, <No data fields>}, <No data fields>}, <No data fields>}
        dependentLibArray = {_vptr.nsVoidArray = 0x3cf9fd0d570 <vtable for nsVoidArray+16>, mImpl = 0x0}
        lf = {<nsCOMPtr_base> = {mRawPtr = 0x1d82cc0}, <No data fields>}
#13 0x000003cf9fa9d991 in nsNativeComponentLoader::SelfRegisterDll (this=0x1d4e070, dll=0x1d82de0,
    registryLocation=0x1d652b0 "rel:VBoxREM.so", deferred=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:393
        res = 0
        serviceMgr = {<nsCOMPtr_base> = {mRawPtr = 0x1d41838}, <No data fields>}
        fs = {<nsCOMPtr_base> = {mRawPtr = 0x3eced34e374}, <No data fields>}
        mobj = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#14 0x000003cf9fa9efdb in nsNativeComponentLoader::AutoRegisterComponent (this=0x1d4e070,
    when=<optimized out>, component=<optimized out>, registered=0x3eced34e374)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:941
        rv = 0
        key = {<nsHashKey> = {_vptr.nsHashKey = 0x3cf9fd0fd90 <vtable for nsCStringKey+16>},
          mStr = 0x1d652b0 "rel:VBoxREM.so", mStrLen = 14, mOwnership = nsCStringKey::OWN_CLONE}
        res = <optimized out>
        cchLeafName = <optimized out>
        persistentDescriptor = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                mVTable = 0x3cf9fd0c530 <vtable for nsObsoleteACStringThunk+16>,
                mData = 0x1d652b0 "rel:VBoxREM.so", mLength = 14,
                mFlags = 9}, <No data fields>}, <No data fields>}, <No data fields>}
        s_szSuff = ".so"
        s_szSuffInvalid = "-x86.so"
        strLeafName = {<nsFixedCString> = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                  mVTable = 0x3cf9fd0c530 <vtable for nsObsoleteACStringThunk+16>,
                  mData = 0x3eced34e1a8 "VBoxREM.so", mLength = 10,
                  mFlags = 65553}, <No data fields>}, <No data fields>}, mFixedCapacity = 63,
            mFixedBuf = 0x3eced34e1a8 "VBoxREM.so"},
          mStorage = "VBoxREM.so\000.so\000rs.so\000o\000\000\020|\327\001\000\000\000\000\060|\327\001\000\000\000\000\000\005\000\000\000\000\000\000\"|\327\001\000\000\000\000 \342\064\355\354\003\000"}
        obsoleteManager = {<nsCOMPtr_base> = {mRawPtr = 0x1d41870}, <No data fields>}
        dll = 0x1d82de0
#15 0x000003cf9fa9d46a in nsNativeComponentLoader::RegisterComponentsInDir (this=0x1d4e070, when=0,
    dir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:251
        registered = 0
        rv = <optimized out>
        isDir = 0
        dirIterator = {<nsCOMPtr_base> = {mRawPtr = 0x1d5f400}, <No data fields>}
        dirEntry = {<nsCOMPtr_base> = {mRawPtr = 0x1d82cc0}, <No data fields>}
        more = 1
#16 0x000003cf9fa9d2d6 in nsNativeComponentLoader::AutoRegisterComponents (this=<optimized out>,
    aWhen=<optimized out>, aDirectory=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:184
        rv = 4
#17 0x000003cf9faa0fab in nsComponentManagerImpl::AutoRegisterImpl (this=0x1d41830, when=0, inDirSpec=0x0,
    fileIsCompDir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3157
        dir = {<nsCOMPtr_base> = {mRawPtr = 0x1d62df0}, <No data fields>}
        rv = <optimized out>
        iim = {<nsCOMPtr_base> = {mRawPtr = 0x1d5db80}, <No data fields>}
        loaderEnum = {<nsCOMPtr_base> = {mRawPtr = 0x1d36d38}, <No data fields>}
        hasMore = <optimized out>
#18 0x000003cf9faa1395 in nsComponentManagerImpl::AutoRegister (this=0x1d41830, aSpec=0x0)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3375
        directory = 975
#19 0x0000000000ee39a8 in com::Initialize (fGui=<optimized out>, fAutoRegUpdate=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/glue/initterm.cpp:529
        registrar = {<nsCOMPtr_base> = {mRawPtr = 0x1d41840}, <No data fields>}
        serviceManager = {<nsCOMPtr_base> = {mRawPtr = 0x1d41838}, <No data fields>}
        szAppHomeDir = "/opt/VirtualBox", '\000' <repeats 1961 times>...
        szCompDir = "/opt/VirtualBox/components", '\000' <repeats 4073 times>
        dsProv = {<nsCOMPtr_base> = {mRawPtr = 0x1d33f30}, <No data fields>}
        appDir = {<nsCOMPtr_base> = {mRawPtr = 0x1d34010}, <No data fields>}
        rc2 = <optimized out>
        i = <optimized out>
        vrc = <optimized out>
        rc = 0
        szCompReg = "/home/vbox/.VirtualBox/compreg.dat", '\000' <repeats 1958 times>...
        szXptiDat = "/home/vbox/.VirtualBox/xpti.dat", '\000' <repeats 1369 times>...
#20 0x000000000040a3c3 in main (argc=<optimized out>, argv=0x1d1c460)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/webservice/vboxweb.cpp:1258
        c = <optimized out>
        pszPidFile = 0x0
        ValueUnion = {pDef = 0x0, psz = 0x0, i8 = 0 '\000', u8 = 0 '\000', i16 = 0, u16 = 0, i32 = 0,
          u32 = 0, i64 = 0, u64 = 0, MacAddr = {au8 = "\000\000\000\000\000", au16 = {0, 0, 0}}, Uuid = {
            au8 = "\000\000\000\000\000\000\000\000\000\355@\000\000\000\000", au16 = {0, 0, 0, 0, 60672,
              64, 0, 0}, au32 = {0, 0, 4254976, 0}, au64 = {0, 4254976}, Gen = {u32TimeLow = 0,
              u16TimeMid = 0, u16TimeHiAndVersion = 0, u8ClockSeqHiAndReserved = 0 '\000',
              u8ClockSeqLow = 237 '\355', au8Node = "@\000\000\000\000"}}, f = false}
        szError = "unknown error", '\000' <repeats 4214 times>
        hrc = <optimized out>
        vboxClientListener = {m_p = 0x3eced354a20}
        rc = <optimized out>
        pszLogFile = 0x0
        GetState = {iNext = 1, argv = 0x1d1c460, argc = 1, paOptions = 0xee9040 <g_aOptions>, cOptions = 22,
          pszNextShort = 0x0, pDef = 0x0, uIndex = 4294967295, fFlags = 0, cNonOptions = 0}
(gdb)

I'll gladly provide more information if needed.

[frank]

Weird. It seems that dlopen() crashes. Could you also post the output of disassembler along with the output of info registers for frame 0?

[codemonkey672342]

Sure, here you go. I chose some range of addresses because disassemble doesn't know about functions in ld-linux.so.

Code: Select all

Program received signal SIGSEGV, Segmentation fault.
0x000003878efce163 in ?? () from /lib64/ld-linux-x86-64.so.2
(gdb) bt
#0  0x000003878efce163 in ?? () from /lib64/ld-linux-x86-64.so.2
#1  0x000003878efd6bf1 in ?? () from /lib64/ld-linux-x86-64.so.2
#2  0x000003878efd1d41 in ?? () from /lib64/ld-linux-x86-64.so.2
#3  0x000003878efd60c2 in ?? () from /lib64/ld-linux-x86-64.so.2
#4  0x000003878d1c8002 in ?? () from /lib64/libdl.so.2
#5  0x000003878efd1d41 in ?? () from /lib64/ld-linux-x86-64.so.2
#6  0x000003878d1c86a9 in ?? () from /lib64/libdl.so.2
#7  0x000003878d1c80b2 in dlopen () from /lib64/libdl.so.2
#8  0x000003878e3cddaa in pr_LoadLibraryByPathname (flags=1,
    name=0x26baf18 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:1113
#9  VBoxNsprPR_LoadLibraryWithFlags (libSpec=..., flags=1)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:674
#10 0x000003878e3cdea7 in VBoxNsprPR_LoadLibrary (name=0x26baf18 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:698
#11 0x000003878e382e24 in nsLocalFile::Load (this=<optimized out>, _retval=0x26baf68)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/io/nsLocalFileUnix.cpp:1542
#12 0x000003878e399d0f in nsDll::Load (this=0x26baf60)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/xcDll.cpp:248
#13 0x000003878e39a991 in nsNativeComponentLoader::SelfRegisterDll (this=0x26861f0, dll=0x26baf60,
    registryLocation=0x269d430 "rel:VBoxREM.so", deferred=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:393
#14 0x000003878e39bfdb in nsNativeComponentLoader::AutoRegisterComponent (this=0x26861f0, when=<optimized out>,
    component=<optimized out>, registered=0x3da24370a14)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:941
#15 0x000003878e39a46a in nsNativeComponentLoader::RegisterComponentsInDir (this=0x26861f0, when=0,
    dir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:251
#16 0x000003878e39a2d6 in nsNativeComponentLoader::AutoRegisterComponents (this=<optimized out>,
    aWhen=<optimized out>, aDirectory=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:184
#17 0x000003878e39dfab in nsComponentManagerImpl::AutoRegisterImpl (this=0x26799b0, when=0, inDirSpec=0x0,
    fileIsCompDir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3157
#18 0x000003878e39e395 in nsComponentManagerImpl::AutoRegister (this=0x26799b0, aSpec=0x0)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3375
#19 0x0000000000ee39a8 in com::Initialize (fGui=<optimized out>, fAutoRegUpdate=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/glue/initterm.cpp:529
#20 0x000000000040a3c3 in main (argc=<optimized out>, argv=0x26545e0)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/webservice/vboxweb.cpp:1258
(gdb) disassemble
No function contains program counter for selected frame.
(gdb) disassemble 0x000003878efce100,0x000003878efce190
Dump of assembler code from 0x3878efce100 to 0x3878efce190:
   0x000003878efce100:  faddl  (%rbx)
   0x000003878efce102:  add    %al,(%rax)
   0x000003878efce104:  cmp    $0x7,%r12
   0x000003878efce108:  je     0x3878efce4e0
   0x000003878efce10e:  lea    -0x11(%r12),%rax
   0x000003878efce113:  cmp    $0x1,%rax
   0x000003878efce117:  setbe  %r9b
   0x000003878efce11b:  cmp    $0x24,%r12
   0x000003878efce11f:  sete   %al
   0x000003878efce122:  or     %eax,%r9d
   0x000003878efce125:  cmp    $0x5,%r12
   0x000003878efce129:  movzbl %r9b,%r9d
   0x000003878efce12d:  je     0x3878efce4f0
   0x000003878efce133:  xor    %eax,%eax
   0x000003878efce135:  cmp    $0x6,%r12
   0x000003878efce139:  sete   %al
   0x000003878efce13c:  shl    $0x2,%eax
   0x000003878efce13f:  and    $0x7fff,%edx
   0x000003878efce145:  or     %eax,%r9d
   0x000003878efce148:  mov    %r14,0x3f8(%r15)
   0x000003878efce14f:  lea    (%rdx,%rdx,2),%rdx
   0x000003878efce153:  mov    %r9d,0x400(%r15)
   0x000003878efce15a:  lea    (%rcx,%rdx,8),%r8
   0x000003878efce15e:  test   %r8,%r8
   0x000003878efce161:  je     0x3878efce172
=> 0x000003878efce163:  mov    0x8(%r8),%edi
   0x000003878efce167:  mov    $0x0,%eax
   0x000003878efce16c:  test   %edi,%edi
   0x000003878efce16e:  cmove  %rax,%r8
   0x000003878efce172:  mov    (%r14),%edi
   0x000003878efce175:  mov    %r15,%rsi
   0x000003878efce178:  pushq  $0x0
   0x000003878efce17a:  mov    -0xb0(%rbp),%rcx
   0x000003878efce181:  pushq  $0x1
   0x000003878efce183:  mov    -0xe8(%rbp),%rdx
   0x000003878efce18a:  mov    %r10,-0xd0(%rbp)
End of assembler dump.
(gdb) info registers
rax            0x4      4
rbx            0x3878850b618    3880642459160
rcx            0x0      0
rdx            0x9      9
rsi            0x3878881b780    3880645670784
rdi            0x387884f62e8    3880642372328
rbp            0x3da2436fbd0    0x3da2436fbd0
rsp            0x3da2436fab0    0x3da2436fab0
r8             0x48     72
r9             0x4      4
r10            0x387884f3000    3880642359296
r11            0x3878850cbc0    3880642464704
r12            0x6      6
r13            0x3878881bf38    3880645672760
r14            0x387884f6498    3880642372760
r15            0x26b9040        40603712
rip            0x3878efce163    0x3878efce163
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0
(gdb)

[frank]

This shows that the segfault is most likely not caused by memory corruption but rather some bug in the dlopen() function. Of course this could be some unexpected format in the library it attempt to open but the dynamic linker should not crash then. It could be interesting as well to have the debug symbols of ld-linux-x86_64.so.2 installed (probably the debug symbols of libc6) to the source code of the crash.

[codemonkey672342]

Sorry for the delay. I've been to Germany for a few days.

So I just recompiled glibc and kept the debug symbols. Now this is the stack trace with symbols for everything:

Code: Select all

vbox@tomb ~ $ gdb /opt/VirtualBox/vboxwebsrv
GNU gdb (Gentoo 7.10.1 vanilla) 7.10.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /opt/VirtualBox/vboxwebsrv...Reading symbols from /usr/lib64/debug//opt/VirtualBox/vboxwebsrv...done.
done.
(gdb) run
Starting program: /opt/VirtualBox/vboxwebsrv
warning: Cannot call inferior functions, Linux kernel PaX protection forbids return to non-executable pages!
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x3e56ebec700 (LWP 6014)]
[Thread 0x3e56ebec700 (LWP 6014) exited]
Oracle VM VirtualBox web service Version 5.1.10
(C) 2007-2016 Oracle Corporation
All rights reserved.
VirtualBox web service 5.1.10 r112026 linux.amd64 (Nov 21 2016 17:41:59) release log
00:00:00.000122 main     Log opened 2016-12-19T17:56:37.319538000Z
00:00:00.000124 main     Build Type: release
00:00:00.000129 main     OS Product: Linux
00:00:00.000130 main     OS Release: 4.7.10-hardened
00:00:00.000132 main     OS Version: #1 SMP Sat Dec 10 14:30:44 CET 2016
00:00:00.000167 main     DMI Product Name: System Product Name
00:00:00.000177 main     DMI Product Version: System Version
00:00:00.000251 main     Host RAM: 16017MB (15.6GB) total, 14771MB (14.4GB) available
00:00:00.000259 main     Executable: /opt/VirtualBox/vboxwebsrv
00:00:00.000260 main     Process ID: 6009
00:00:00.000261 main     Package type: LINUX_64BITS_GENERIC
00:00:00.027577 main     IPC socket path: /tmp/.vbox-vbox-ipc/ipcd
[New Thread 0x3e570eed700 (LWP 6016)]
[New Thread 0x3e570ecc700 (LWP 6017)]

Program received signal SIGSEGV, Segmentation fault.
0x000003e570cf3163 in elf_machine_rela (reloc=0x3e566049618, reloc=0x3e566049618, skip_ifunc=33554432,
    reloc_addr_arg=0x3e566359f38, version=<optimized out>, sym=0x3e566034498, map=0x530e930)
    at ../sysdeps/x86_64/dl-machine.h:281
281     ../sysdeps/x86_64/dl-machine.h: No such file or directory.
(gdb) bt full
#0  0x000003e570cf3163 in elf_machine_rela (reloc=0x3e566049618, reloc=0x3e566049618, skip_ifunc=33554432,
    reloc_addr_arg=0x3e566359f38, version=<optimized out>, sym=0x3e566034498, map=0x530e930)
    at ../sysdeps/x86_64/dl-machine.h:281
        _lr = <optimized out>
        _tc = 4
        v = 0x0
        refsym = 0x3e566034498
        sym_map = <optimized out>
        value = <optimized out>
        reloc_addr = 0x3e566359f38
        r_type = 6
#1  elf_dynamic_do_Rela (skip_ifunc=33554432, lazy=<optimized out>, nrelative=<optimized out>, relsize=<optimized out>,
    reladdr=<optimized out>, map=0x530e930) at do-rel.h:137
        ndx = <optimized out>
        version = <optimized out>
        symtab = <optimized out>
        relative = <optimized out>
        end = <optimized out>
        l_addr = <optimized out>
        r2 = 0x0
        r = 0x3e566049618
        end2 = 0x0
#2  _dl_relocate_object (scope=<optimized out>, reloc_mode=reloc_mode@entry=1, consider_profiling=<optimized out>,
    consider_profiling@entry=0) at dl-reloc.c:258
        ranges_index = <optimized out>
        ranges = {{start = 4283793967664, size = 8592, nrelative = 127, lazy = 0}, {start = 0, size = 0, nrelative = 0,
            lazy = 0}}
        edr_lazy = 6
        textrels = <optimized out>
        errstring = 0x0
        lazy = <optimized out>
        skip_ifunc = 0
#3  0x000003e570cfbbf1 in dl_open_worker (a=a@entry=0x3f71bea3398) at dl-open.c:424
        i = 1
        args = 0x3f71bea3398
        file = <optimized out>
        mode = -2147483647
        call_map = <optimized out>
        dst = <optimized out>
        new = 0x52f2020
        __PRETTY_FUNCTION__ = "dl_open_worker"
        r = <optimized out>
        reloc_mode = 1
        nmaps = <optimized out>
        l = <optimized out>
        maps = 0x3f71bea3160
        relocation_in_progress = <optimized out>
        any_tls = <optimized out>
        first_static_tls = <optimized out>
#4  0x000003e570cf6d41 in _dl_catch_error (objname=objname@entry=0x3f71bea3388, errstring=errstring@entry=0x3f71bea3390,
    mallocedp=mallocedp@entry=0x3f71bea3387, operate=operate@entry=0x3e570cfb710 <dl_open_worker>,
    args=args@entry=0x3f71bea3398) at dl-error.c:187
        errcode = 2
        c = {objname = 0x3f71bea3388, errstring = 0x3f71bea3390, malloced = 0x3f71bea3387, errcode = 0x3f71bea3264, env = {{
              __jmpbuf = {4359860139176, 8006935515756175827, 2147483649, 87099400, 4283962437034, 4283977211904,
                8006935515798118867, 8014875886279926227}, __mask_was_saved = 468333232, __saved_mask = {__val = {
                  4283977217024, 2, 4359860138768, 87095984, 4359860138799, 4283977211904, 4359860139024, 4283975053978,
                  8007528159407661411, 8241983636739351920, 7162247753406375013, 3386818436081786996, 8390884874628919407,
                  87095312, 98, 4283956120448}}}}}
        catchp = 0x3e570eef718
        old = <optimized out>
#5  0x000003e570cfb0c2 in _dl_open (file=0x5310808 "/opt/VirtualBox/components/VBoxREM.so", mode=-2147483647,
    caller_dlopen=0x3e5700f2daa <VBoxNsprPR_LoadLibraryWithFlags+184>, nsid=-2, argc=<optimized out>, argv=<optimized out>,
    env=0x52c1b70) at dl-open.c:649
        args = {file = 0x5310808 "/opt/VirtualBox/components/VBoxREM.so", mode = -2147483647,
          caller_dlopen = 0x3e5700f2daa <VBoxNsprPR_LoadLibraryWithFlags+184>,
          caller_dl_open = 0x3e56eeed002 <dlopen_doit+114>, map = 0x52f2020, nsid = 0, argc = 1, argv = 0x3f71beaa668,
          env = 0x52c1b70}
        objname = 0x3e570ce75c8 ""
        errstring = 0x3f71bea34b0 "H\224*\005"
        malloced = false
        errcode = <optimized out>
        __PRETTY_FUNCTION__ = "_dl_open"
#6  0x000003e56eeed002 in dlopen_doit (a=a@entry=0x3f71bea35e0) at dlopen.c:66
        args = 0x3f71bea35e0
#7  0x000003e570cf6d41 in _dl_catch_error (objname=0x52a9440, errstring=0x52a9448, mallocedp=0x52a9438,
    operate=0x3e56eeecf90 <dlopen_doit>, args=0x3f71bea35e0) at dl-error.c:187
        errcode = 1015
        c = {objname = 0x52a9440, errstring = 0x52a9448, malloced = 0x52a9438, errcode = 0x3f71bea34a4, env = {{__jmpbuf = {
                0, 8006935515848450515, 4283943538576, 4359860139488, 0, 4359860141980, 8006935515856839123,
                8014875886279926227}, __mask_was_saved = 15, __saved_mask = {__val = {14, 4283962465137, 0, 4283962243358,
                  73, 4283962431859, 87099184, 4283961995180, 0, 1879626406, 4359860141980, 40, 4359860139536, 86676528,
                  4283943538576, 4359860139488}}}}}
        catchp = 0x3e570eef718
        old = <optimized out>
#8  0x000003e56eeed6a9 in _dlerror_run (operate=operate@entry=0x3e56eeecf90 <dlopen_doit>, args=args@entry=0x3f71bea35e0)
    at dlerror.c:163
        result = 0x52a9430
#9  0x000003e56eeed0b2 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:87
        args = {file = 0x5310808 "/opt/VirtualBox/components/VBoxREM.so", mode = 1, new = 0x5310858,
          caller = 0x3e5700f2daa <VBoxNsprPR_LoadLibraryWithFlags+184>}
#10 0x000003e5700f2daa in pr_LoadLibraryByPathname (flags=1, name=0x5310808 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:1113
        dl_flags = <optimized out>
        h = <optimized out>
        lm = 0x5310920
        result = 0x0
        oserr = <optimized out>
#11 VBoxNsprPR_LoadLibraryWithFlags (libSpec=..., flags=1)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:674
No locals.
#12 0x000003e5700f2ea7 in VBoxNsprPR_LoadLibrary (name=0x5310808 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:698
        libSpec = {type = PR_LibSpec_Pathname, value = {pathname = 0x5310808 "/opt/VirtualBox/components/VBoxREM.so",
            mac_named_fragment = {fsspec = 0x5310808, name = 0x5310730 "\020&3p\345\003"}, mac_indexed_fragment = {
              fsspec = 0x5310808, index = 87099184}}}
#13 0x000003e5700a7e24 in nsLocalFile::Load (this=<optimized out>, _retval=0x5310858)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/io/nsLocalFileUnix.cpp:1542
No locals.
#14 0x000003e5700bed0f in nsDll::Load (this=0x5310850)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/xcDll.cpp:248
        manager = {<nsCOMPtr_base> = {mRawPtr = 0x52cf2d0}, <No data fields>}
        extraData = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                mVTable = 0x3e57032e530 <vtable for nsObsoleteACStringThunk+16>, mData = 0x3e5700fe6e0 <gNullChar> "",
                mLength = 0, mFlags = 3}, <No data fields>}, <No data fields>}, <No data fields>}
        dependentLibArray = {_vptr.nsVoidArray = 0x3e57032f570 <vtable for nsVoidArray+16>, mImpl = 0x0}
        lf = {<nsCOMPtr_base> = {mRawPtr = 0x5310730}, <No data fields>}
#15 0x000003e5700bf991 in nsNativeComponentLoader::SelfRegisterDll (this=0x52dbae0, dll=0x5310850,
    registryLocation=0x52f2d20 "rel:VBoxREM.so", deferred=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:393
        res = 0
        serviceMgr = {<nsCOMPtr_base> = {mRawPtr = 0x52cf2a8}, <No data fields>}
        fs = {<nsCOMPtr_base> = {mRawPtr = 0x3f71bea3f94}, <No data fields>}
        mobj = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#16 0x000003e5700c0fdb in nsNativeComponentLoader::AutoRegisterComponent (this=0x52dbae0, when=<optimized out>,
    component=<optimized out>, registered=0x3f71bea3f94)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:941
        rv = 0
        key = {<nsHashKey> = {_vptr.nsHashKey = 0x3e570331d90 <vtable for nsCStringKey+16>},
          mStr = 0x52f2d20 "rel:VBoxREM.so", mStrLen = 14, mOwnership = nsCStringKey::OWN_CLONE}
        res = <optimized out>
        cchLeafName = <optimized out>
        persistentDescriptor = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                mVTable = 0x3e57032e530 <vtable for nsObsoleteACStringThunk+16>, mData = 0x52f2d20 "rel:VBoxREM.so",
                mLength = 14, mFlags = 9}, <No data fields>}, <No data fields>}, <No data fields>}
        s_szSuff = ".so"
        s_szSuffInvalid = "-x86.so"
        strLeafName = {<nsFixedCString> = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                  mVTable = 0x3e57032e530 <vtable for nsObsoleteACStringThunk+16>, mData = 0x3f71bea3dc8 "VBoxREM.so",
                  mLength = 10, mFlags = 65553}, <No data fields>}, <No data fields>}, mFixedCapacity = 63,
            mFixedBuf = 0x3f71bea3dc8 "VBoxREM.so"},
          mStorage = "VBoxREM.so\000.so\000rs.so\000o\000\000\200V0\005\000\000\000\000\240V0\005\000\000\000\000\000\005\000\000\000\000\000\000\222V0\005\000\000\000\000@>\352\033\367\003\000"}
        obsoleteManager = {<nsCOMPtr_base> = {mRawPtr = 0x52cf2e0}, <No data fields>}
        dll = 0x5310850
#17 0x000003e5700bf46a in nsNativeComponentLoader::RegisterComponentsInDir (this=0x52dbae0, when=0, dir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:251
        registered = 0
        rv = <optimized out>
        isDir = 0
        dirIterator = {<nsCOMPtr_base> = {mRawPtr = 0x52ece70}, <No data fields>}
        dirEntry = {<nsCOMPtr_base> = {mRawPtr = 0x5310730}, <No data fields>}
        more = 1
#18 0x000003e5700bf2d6 in nsNativeComponentLoader::AutoRegisterComponents (this=<optimized out>, aWhen=<optimized out>,
    aDirectory=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:184
        rv = 4
#19 0x000003e5700c2fab in nsComponentManagerImpl::AutoRegisterImpl (this=0x52cf2a0, when=0, inDirSpec=0x0,
    fileIsCompDir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3157
        dir = {<nsCOMPtr_base> = {mRawPtr = 0x52f0860}, <No data fields>}
        rv = <optimized out>
        iim = {<nsCOMPtr_base> = {mRawPtr = 0x52eb5f0}, <No data fields>}
        loaderEnum = {<nsCOMPtr_base> = {mRawPtr = 0x52c47a8}, <No data fields>}
        hasMore = <optimized out>
#20 0x000003e5700c3395 in nsComponentManagerImpl::AutoRegister (this=0x52cf2a0, aSpec=0x0)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3375
        directory = 997
#21 0x0000000000ee39a8 in com::Initialize (fGui=<optimized out>, fAutoRegUpdate=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/glue/initterm.cpp:529
        registrar = {<nsCOMPtr_base> = {mRawPtr = 0x52cf2b0}, <No data fields>}
        serviceManager = {<nsCOMPtr_base> = {mRawPtr = 0x52cf2a8}, <No data fields>}
        szAppHomeDir = "/opt/VirtualBox", '\000' <repeats 1961 times>...
        szCompDir = "/opt/VirtualBox/components", '\000' <repeats 4073 times>
        dsProv = {<nsCOMPtr_base> = {mRawPtr = 0x52c19a0}, <No data fields>}
        appDir = {<nsCOMPtr_base> = {mRawPtr = 0x52c1a80}, <No data fields>}
        rc2 = <optimized out>
        i = <optimized out>
        vrc = <optimized out>
        rc = 0
        szCompReg = "/home/vbox/.VirtualBox/compreg.dat", '\000' <repeats 1958 times>...
        szXptiDat = "/home/vbox/.VirtualBox/xpti.dat", '\000' <repeats 1369 times>...
#22 0x000000000040a3c3 in main (argc=<optimized out>, argv=0x52a9ed0)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/webservice/vboxweb.cpp:1258
        c = <optimized out>
        pszPidFile = 0x0
        ValueUnion = {pDef = 0x0, psz = 0x0, i8 = 0 '\000', u8 = 0 '\000', i16 = 0, u16 = 0, i32 = 0, u32 = 0, i64 = 0,
          u64 = 0, MacAddr = {au8 = "\000\000\000\000\000", au16 = {0, 0, 0}}, Uuid = {
            au8 = "\000\000\000\000\000\000\000\000\000\355@\000\000\000\000", au16 = {0, 0, 0, 0, 60672, 64, 0, 0},
            au32 = {0, 0, 4254976, 0}, au64 = {0, 4254976}, Gen = {u32TimeLow = 0, u16TimeMid = 0, u16TimeHiAndVersion = 0,
              u8ClockSeqHiAndReserved = 0 '\000', u8ClockSeqLow = 237 '\355', au8Node = "@\000\000\000\000"}}, f = false}
        szError = "unknown error", '\000' <repeats 4214 times>
        hrc = <optimized out>
        vboxClientListener = {m_p = 0x3f71beaa640}
        rc = <optimized out>
        pszLogFile = 0x0
        GetState = {iNext = 1, argv = 0x52a9ed0, argc = 1, paOptions = 0xee9040 <g_aOptions>, cOptions = 22,
          pszNextShort = 0x0, pDef = 0x0, uIndex = 4294967295, fFlags = 0, cNonOptions = 0}
(gdb)

Although this looks like maybe too hardcore for me, I'm going to do some research on the net if this might be a known issue for glibc...

[frank]

Thanks. Which version of glibc is installed on your Gentoo system?

[codemonkey672342]

I had glibc 2.22 (gentoo package 2.22-r4) installed and now upgraded to glibc 2.23 (gentoo package 2.23-r3).

Code: Select all

=================================================================
                        Package Settings
=================================================================

sys-libs/glibc-2.23-r3::gentoo was built with the following:
USE="gd hardened (multilib) (pie) rpc (ssp) -audit -caps -debug -nscd (-profile) (-selinux) -suid -systemtap -vanilla" ABI_X86="64"
CFLAGS="-march=core2 -g -O2 -fno-strict-aliasing -fno-stack-protector"
CXXFLAGS="-march=core2 -g -O2 -fno-strict-aliasing -fno-stack-protector"

However, there seems to be exactly the same segfault happening:

Code: Select all

vbox@tomb ~ $ gdb /opt/VirtualBox/vboxwebsrv
GNU gdb (Gentoo 7.10.1 vanilla) 7.10.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /opt/VirtualBox/vboxwebsrv...Reading symbols from /mnt/unsafe/debug//opt/VirtualBox/vboxwebsrv...done.
done.
(gdb) run
Starting program: /opt/VirtualBox/vboxwebsrv
warning: Cannot call inferior functions, Linux kernel PaX protection forbids return to non-executable pages!
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x3ae44530700 (LWP 27358)]
[Thread 0x3ae44530700 (LWP 27358) exited]
Oracle VM VirtualBox web service Version 5.1.10
(C) 2007-2016 Oracle Corporation
All rights reserved.
VirtualBox web service 5.1.10 r112026 linux.amd64 (Nov 21 2016 17:41:59) release log
00:00:00.000135 main     Log opened 2016-12-20T19:08:34.490113000Z
00:00:00.000138 main     Build Type: release
00:00:00.000143 main     OS Product: Linux
00:00:00.000155 main     OS Release: 4.7.10-hardened
00:00:00.000156 main     OS Version: #1 SMP Sat Dec 10 14:30:44 CET 2016
00:00:00.000192 main     DMI Product Name: System Product Name
00:00:00.000202 main     DMI Product Version: System Version
00:00:00.000292 main     Host RAM: 16017MB (15.6GB) total, 14776MB (14.4GB) available
00:00:00.000299 main     Executable: /opt/VirtualBox/vboxwebsrv
00:00:00.000300 main     Process ID: 27353
00:00:00.000301 main     Package type: LINUX_64BITS_GENERIC
00:00:00.030576 main     IPC socket path: /tmp/.vbox-vbox-ipc/ipcd
[New Thread 0x3ae46835700 (LWP 27364)]
[New Thread 0x3ae46814700 (LWP 27365)]

Program received signal SIGSEGV, Segmentation fault.
0x000003ae466391d3 in elf_machine_rela (reloc=0x3ae3baec618, reloc=0x3ae3baec618, skip_ifunc=33554432,
    reloc_addr_arg=0x3ae3bdfcf38, version=<optimized out>, sym=0x3ae3bad7498, map=0x24cd900)
    at ../sysdeps/x86_64/dl-machine.h:301
301     ../sysdeps/x86_64/dl-machine.h: No such file or directory.
(gdb) bt full
#0  0x000003ae466391d3 in elf_machine_rela (reloc=0x3ae3baec618, reloc=0x3ae3baec618, skip_ifunc=33554432,
    reloc_addr_arg=0x3ae3bdfcf38, version=<optimized out>, sym=0x3ae3bad7498, map=0x24cd900)
    at ../sysdeps/x86_64/dl-machine.h:301
        _lr = <optimized out>
        _tc = 4
        v = 0x0
        refsym = 0x3ae3bad7498
        sym_map = <optimized out>
        value = <optimized out>
        reloc_addr = 0x3ae3bdfcf38
        r_type = 6
#1  elf_dynamic_do_Rela (skip_ifunc=33554432, lazy=<optimized out>, nrelative=<optimized out>,
    relsize=<optimized out>, reladdr=<optimized out>, map=0x24cd900) at do-rel.h:137
        ndx = <optimized out>
        version = <optimized out>
        symtab = <optimized out>
        relative = <optimized out>
        end = <optimized out>
        l_addr = <optimized out>
        r2 = 0x0
        r = 0x3ae3baec618
        end2 = 0x0
#2  _dl_relocate_object (scope=<optimized out>, reloc_mode=reloc_mode@entry=1,
    consider_profiling=<optimized out>, consider_profiling@entry=0) at dl-reloc.c:258
        ranges_index = <optimized out>
        ranges = {{start = 4046860499504, size = 8592, nrelative = 127, lazy = 0}, {start = 0, size = 0,
            nrelative = 0, lazy = 0}}
        edr_lazy = 6
        textrels = <optimized out>
        errstring = 0x0
        lazy = <optimized out>
        skip_ifunc = 0
#3  0x000003ae46641d71 in dl_open_worker (a=a@entry=0x3d9c42d5b20) at dl-open.c:424
        i = 1
        args = 0x3d9c42d5b20
        file = <optimized out>
        mode = -2147483647
        call_map = <optimized out>
        dst = <optimized out>
        new = 0x24b1040
        __PRETTY_FUNCTION__ = "dl_open_worker"
        r = <optimized out>
        reloc_mode = 1
        nmaps = <optimized out>
        l = <optimized out>
        maps = 0x3d9c42d58d0
        relocation_in_progress = <optimized out>
        any_tls = <optimized out>
        first_static_tls = <optimized out>
#4  0x000003ae4663ce61 in _dl_catch_error (objname=objname@entry=0x3d9c42d5b10,
    errstring=errstring@entry=0x3d9c42d5b18, mallocedp=mallocedp@entry=0x3d9c42d5b0f,
    operate=operate@entry=0x3ae46641890 <dl_open_worker>, args=args@entry=0x3d9c42d5b20) at dl-error.c:187
        errcode = 2
        c = {objname = 0x3d9c42d5b10, errstring = 0x3d9c42d5b18, malloced = 0x3d9c42d5b0f,
          errcode = 0x3d9c42d59dc, env = {{__jmpbuf = {4233834093632, -3072898348967441096, 2147483649,
                38598696, 4047027543466, 4047042322432, -3072898349082784456, -3047288063886799560},
              __mask_was_saved = 38591576, __saved_mask = {__val = {4233834093104, 4047042327520, 2,
                  4233834093200, 38595312, 4233834093231, 4047042322432, 4233834093472, 4047040156698,
                  8007528159407661411, 8241983636739351920, 7162247753406375013, 3386818436081786996,
                  8390884874628919407, 7147063552911368565, 8389754680828259695}}}}}
        catchp = 0x3ae46837718
        old = <optimized out>
#5  0x000003ae46641245 in _dl_open (file=0x24cf828 "/opt/VirtualBox/components/VBoxREM.so",
    mode=-2147483647, caller_dlopen=0x3ae45a39daa <VBoxNsprPR_LoadLibraryWithFlags+184>, nsid=-2,
    argc=<optimized out>, argv=<optimized out>, env=0x2480b40) at dl-open.c:649
        args = {file = 0x24cf828 "/opt/VirtualBox/components/VBoxREM.so", mode = -2147483647,
          caller_dlopen = 0x3ae45a39daa <VBoxNsprPR_LoadLibraryWithFlags+184>,
          caller_dl_open = 0x3ae44838002 <dlopen_doit+114>, map = 0x24b1040, nsid = 0, argc = 1,
          argv = 0x3d9c42dce08, env = 0x2480b40}
        objname = 0x3d9c42d5b64 ""
        errstring = 0x3ae4662d5f0 ""
        malloced = false
        errcode = <optimized out>
        __PRETTY_FUNCTION__ = "_dl_open"
#6  0x000003ae44838002 in dlopen_doit (a=a@entry=0x3d9c42d5d80) at dlopen.c:66
        args = 0x3d9c42d5d80
#7  0x000003ae4663ce61 in _dl_catch_error (objname=0x2468000, errstring=0x2468008, mallocedp=0x2467ff8,
    operate=0x3ae44837f90 <dlopen_doit>, args=0x3d9c42d5d80) at dl-error.c:187
        errcode = 985
        c = {objname = 0x2468000, errstring = 0x2468008, malloced = 0x2467ff8, errcode = 0x3d9c42d5c3c,
          env = {{__jmpbuf = {0, -3072898348921303752, 4047008661392, 4233834093952, 0, 4233834096444,
                -3072898349003092680, -3047288063886799560}, __mask_was_saved = 38330992, __saved_mask = {
                __val = {15, 14, 4047027571569, 0, 4047027349790, 73, 4047027538291, 38598480,
                  4047027101612, 0, 1167934118, 4233834096444, 40, 4233834094000, 38174704,
                  4047008661392}}}}}
        catchp = 0x3ae46837718
        old = <optimized out>
#8  0x000003ae448386a9 in _dlerror_run (operate=operate@entry=0x3ae44837f90 <dlopen_doit>,
    args=args@entry=0x3d9c42d5d80) at dlerror.c:163
        result = 0x2467ff0
#9  0x000003ae448380b2 in __dlopen (file=<optimized out>, mode=<optimized out>) at dlopen.c:87
        args = {file = 0x24cf828 "/opt/VirtualBox/components/VBoxREM.so", mode = 1, new = 0x24cf878,
          caller = 0x3ae45a39daa <VBoxNsprPR_LoadLibraryWithFlags+184>}
#10 0x000003ae45a39daa in pr_LoadLibraryByPathname (flags=1,
    name=0x24cf828 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:1113
        dl_flags = <optimized out>
        h = <optimized out>
        lm = 0x24cf940
        result = 0x0
        oserr = <optimized out>
#11 VBoxNsprPR_LoadLibraryWithFlags (libSpec=..., flags=1)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:674
No locals.
#12 0x000003ae45a39ea7 in VBoxNsprPR_LoadLibrary (name=0x24cf828 "/opt/VirtualBox/components/VBoxREM.so")
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/nsprpub/pr/src/linking/prlink.c:698
        libSpec = {type = PR_LibSpec_Pathname, value = {
            pathname = 0x24cf828 "/opt/VirtualBox/components/VBoxREM.so", mac_named_fragment = {
              fsspec = 0x24cf828, name = 0x24cf750 "\020\226\307E\256\003"}, mac_indexed_fragment = {
              fsspec = 0x24cf828, index = 38598480}}}
#13 0x000003ae459eee24 in nsLocalFile::Load (this=<optimized out>, _retval=0x24cf878)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/io/nsLocalFileUnix.cpp:1542
No locals.
#14 0x000003ae45a05d0f in nsDll::Load (this=0x24cf870)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/xcDll.cpp:248
        manager = {<nsCOMPtr_base> = {mRawPtr = 0x248e2a0}, <No data fields>}
        extraData = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                mVTable = 0x3ae45c75530 <vtable for nsObsoleteACStringThunk+16>,
                mData = 0x3ae45a456e0 <gNullChar> "", mLength = 0,
                mFlags = 3}, <No data fields>}, <No data fields>}, <No data fields>}
        dependentLibArray = {_vptr.nsVoidArray = 0x3ae45c76570 <vtable for nsVoidArray+16>, mImpl = 0x0}
        lf = {<nsCOMPtr_base> = {mRawPtr = 0x24cf750}, <No data fields>}
#15 0x000003ae45a06991 in nsNativeComponentLoader::SelfRegisterDll (this=0x249aab0, dll=0x24cf870,
    registryLocation=0x24ceaa0 "rel:VBoxREM.so", deferred=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:393
        res = 0
        serviceMgr = {<nsCOMPtr_base> = {mRawPtr = 0x248e278}, <No data fields>}
        fs = {<nsCOMPtr_base> = {mRawPtr = 0x3d9c42d6734}, <No data fields>}
        mobj = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
#16 0x000003ae45a07fdb in nsNativeComponentLoader::AutoRegisterComponent (this=0x249aab0,
    when=<optimized out>, component=<optimized out>, registered=0x3d9c42d6734)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:941
        rv = 0
        key = {<nsHashKey> = {_vptr.nsHashKey = 0x3ae45c78d90 <vtable for nsCStringKey+16>},
          mStr = 0x24ceaa0 "rel:VBoxREM.so", mStrLen = 14, mOwnership = nsCStringKey::OWN_CLONE}
        res = <optimized out>
        cchLeafName = <optimized out>
        persistentDescriptor = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                mVTable = 0x3ae45c75530 <vtable for nsObsoleteACStringThunk+16>,
                mData = 0x24ceaa0 "rel:VBoxREM.so", mLength = 14,
                mFlags = 9}, <No data fields>}, <No data fields>}, <No data fields>}
        s_szSuff = ".so"
        s_szSuffInvalid = "-x86.so"
        strLeafName = {<nsFixedCString> = {<nsCString> = {<nsCSubstring> = {<nsACString> = {
                  mVTable = 0x3ae45c75530 <vtable for nsObsoleteACStringThunk+16>,
                  mData = 0x3d9c42d6568 "VBoxREM.so", mLength = 10,
                  mFlags = 65553}, <No data fields>}, <No data fields>}, mFixedCapacity = 63,
            mFixedBuf = 0x3d9c42d6568 "VBoxREM.so"},
          mStorage = "VBoxREM.so\000.so", '\000' <repeats 42 times>, "\377\000\000\000\000\000\000"}
        obsoleteManager = {<nsCOMPtr_base> = {mRawPtr = 0x248e2b0}, <No data fields>}
        dll = 0x24cf870
#17 0x000003ae45a0646a in nsNativeComponentLoader::RegisterComponentsInDir (this=0x249aab0, when=0,
    dir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:251
        registered = 0
        rv = <optimized out>
        isDir = 0
        dirIterator = {<nsCOMPtr_base> = {mRawPtr = 0x24abe40}, <No data fields>}
        dirEntry = {<nsCOMPtr_base> = {mRawPtr = 0x24cf750}, <No data fields>}
        more = 1
#18 0x000003ae45a062d6 in nsNativeComponentLoader::AutoRegisterComponents (this=<optimized out>,
    aWhen=<optimized out>, aDirectory=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsNativeComponentLoader.cpp:184
        rv = 4
#19 0x000003ae45a09fab in nsComponentManagerImpl::AutoRegisterImpl (this=0x248e270, when=0, inDirSpec=0x0,
    fileIsCompDir=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3157
        dir = {<nsCOMPtr_base> = {mRawPtr = 0x24adf50}, <No data fields>}
        rv = <optimized out>
        iim = {<nsCOMPtr_base> = {mRawPtr = 0x24aa5c0}, <No data fields>}
        loaderEnum = {<nsCOMPtr_base> = {mRawPtr = 0x2483778}, <No data fields>}
        hasMore = <optimized out>
#20 0x000003ae45a0a395 in nsComponentManagerImpl::AutoRegister (this=0x248e270, aSpec=0x0)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/libs/xpcom18a4/xpcom/components/nsComponentManager.cpp:3375
        directory = 942
#21 0x0000000000ee39a8 in com::Initialize (fGui=<optimized out>, fAutoRegUpdate=<optimized out>)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/glue/initterm.cpp:529
        registrar = {<nsCOMPtr_base> = {mRawPtr = 0x248e280}, <No data fields>}
        serviceManager = {<nsCOMPtr_base> = {mRawPtr = 0x248e278}, <No data fields>}
        szAppHomeDir = "/opt/VirtualBox", '\000' <repeats 1689 times>...
        szCompDir = "/opt/VirtualBox/components", '\000' <repeats 4073 times>
        dsProv = {<nsCOMPtr_base> = {mRawPtr = 0x2480970}, <No data fields>}
        appDir = {<nsCOMPtr_base> = {mRawPtr = 0x2480a50}, <No data fields>}
        rc2 = <optimized out>
        i = <optimized out>
        vrc = <optimized out>
        rc = 0
        szCompReg = "/home/vbox/.VirtualBox/compreg.dat", '\000' <repeats 1766 times>...
        szXptiDat = "/home/vbox/.VirtualBox/xpti.dat", '\000' <repeats 1113 times>...
#22 0x000000000040a3c3 in main (argc=<optimized out>, argv=0x2468a90)
    at /home/vbox/tinderbox/5.1-lnx64-rel/src/VBox/Main/webservice/vboxweb.cpp:1258
        c = <optimized out>
        pszPidFile = 0x0
        ValueUnion = {pDef = 0x0, psz = 0x0, i8 = 0 '\000', u8 = 0 '\000', i16 = 0, u16 = 0, i32 = 0,
          u32 = 0, i64 = 0, u64 = 0, MacAddr = {au8 = "\000\000\000\000\000", au16 = {0, 0, 0}}, Uuid = {
            au8 = "\000\000\000\000\000\000\000\000\000\355@\000\000\000\000", au16 = {0, 0, 0, 0, 60672,
              64, 0, 0}, au32 = {0, 0, 4254976, 0}, au64 = {0, 4254976}, Gen = {u32TimeLow = 0,
              u16TimeMid = 0, u16TimeHiAndVersion = 0, u8ClockSeqHiAndReserved = 0 '\000',
              u8ClockSeqLow = 237 '\355', au8Node = "@\000\000\000\000"}}, f = false}
        szError = "unknown error", '\000' <repeats 4214 times>
        hrc = <optimized out>
        vboxClientListener = {m_p = 0x3d9c42dcde0}
        rc = <optimized out>
        pszLogFile = 0x0
        GetState = {iNext = 1, argv = 0x2468a90, argc = 1, paOptions = 0xee9040 <g_aOptions>, cOptions = 22,
          pszNextShort = 0x0, pDef = 0x0, uIndex = 4294967295, fFlags = 0, cNonOptions = 0}
(gdb)

[codemonkey672342]

Ok, I finally had enough time to figure out the problem myself.

Short version: I set up a second gentoo hardened machine B for troubleshooting, set all the security and kernel settings as they are on my regular machine A.
Strangely enough, the virtualbox processes seemed to be working just fine. So I started to look for differences...
After doing some debugging, LD_DEBUG stuff and source code analysis, comparing it between machine A and B, I was able to drill it down to the cause.
On machine A, there was some residue from some ancient virtualbox installation. This made my /opt/VirtualBox/components look like this:

Code: Select all

tomb ~ # ls -l /opt/VirtualBox/components/ 
total 4152 
-rw-r--r-- 1 root root 3946496 Jan  7 22:09 VBoxC.so 
lrwxrwxrwx 1 root root      25 Apr  6  2011 VBoxDD.so -> /opt/VirtualBox/VBoxDD.so 
lrwxrwxrwx 1 root root      26 Apr  6  2011 VBoxDD2.so -> /opt/VirtualBox/VBoxDD2.so 
lrwxrwxrwx 1 root root      26 Jan  7 22:09 VBoxDDU.so -> /opt/VirtualBox/VBoxDDU.so 
lrwxrwxrwx 1 root root      26 Apr  6  2011 VBoxDbg.so -> /opt/VirtualBox/VBoxDbg.so 
lrwxrwxrwx 1 root root      38 Apr  6  2011 VBoxGuestControlSvc.so -> /opt/VirtualBox/VBoxGuestControlSvc.so 
lrwxrwxrwx 1 root root      35 Apr  6  2011 VBoxGuestPropSvc.so -> /opt/VirtualBox/VBoxGuestPropSvc.so 
lrwxrwxrwx 1 root root      31 Apr  6  2011 VBoxHeadless.so -> /opt/VirtualBox/VBoxHeadless.so 
lrwxrwxrwx 1 root root      30 Apr  6  2011 VBoxNetDHCP.so -> /opt/VirtualBox/VBoxNetDHCP.so 
lrwxrwxrwx 1 root root      36 Apr  6  2011 VBoxOGLhostcrutil.so -> /opt/VirtualBox/VBoxOGLhostcrutil.so 
lrwxrwxrwx 1 root root      38 Apr  6  2011 VBoxOGLhosterrorspu.so -> /opt/VirtualBox/VBoxOGLhosterrorspu.so 
lrwxrwxrwx 1 root root      35 Apr  6  2011 VBoxOGLrenderspu.so -> /opt/VirtualBox/VBoxOGLrenderspu.so 
lrwxrwxrwx 1 root root      29 Apr  6  2011 VBoxPython.so -> /opt/VirtualBox/VBoxPython.so 
lrwxrwxrwx 1 root root      32 Apr  6  2011 VBoxPython2_6.so -> /opt/VirtualBox/VBoxPython2_6.so 
lrwxrwxrwx 1 root root      26 Jan  7 22:09 VBoxREM.so -> /opt/VirtualBox/VBoxREM.so 
lrwxrwxrwx 1 root root      25 Jan  7 22:09 VBoxRT.so -> /opt/VirtualBox/VBoxRT.so 
lrwxrwxrwx 1 root root      26 Apr  6  2011 VBoxSDL.so -> /opt/VirtualBox/VBoxSDL.so 
-rw-r--r-- 1 root root   14736 Jan  7 22:09 VBoxSVCM.so 
lrwxrwxrwx 1 root root      38 Apr  6  2011 VBoxSharedClipboard.so -> /opt/VirtualBox/VBoxSharedClipboard.so 
lrwxrwxrwx 1 root root      37 Apr  6  2011 VBoxSharedCrOpenGL.so -> /opt/VirtualBox/VBoxSharedCrOpenGL.so 
lrwxrwxrwx 1 root root      36 Apr  6  2011 VBoxSharedFolders.so -> /opt/VirtualBox/VBoxSharedFolders.so 
lrwxrwxrwx 1 root root      26 Jan  7 22:09 VBoxVMM.so -> /opt/VirtualBox/VBoxVMM.so 
lrwxrwxrwx 1 root root      27 Apr  6  2011 VBoxVRDP.so -> /opt/VirtualBox/VBoxVRDP.so 
lrwxrwxrwx 1 root root      28 Jan  7 22:09 VBoxXPCOM.so -> /opt/VirtualBox/VBoxXPCOM.so 
-rw-r--r-- 1 root root   25931 Jan  7 22:09 VBoxXPCOMBase.xpt 
lrwxrwxrwx 1 root root      29 Apr  6  2011 VBoxXPCOMC.so -> /opt/VirtualBox/VBoxXPCOMC.so 
-rw-r--r-- 1 root root  134912 Jan  7 22:09 VBoxXPCOMIPCC.so 
lrwxrwxrwx 1 root root      27 Apr  6  2011 VRDPAuth.so -> /opt/VirtualBox/VRDPAuth.so 
lrwxrwxrwx 1 root root      33 Apr  6  2011 VRDPAuthSimple.so -> /opt/VirtualBox/VRDPAuthSimple.so 
lrwxrwxrwx 1 root root      29 Apr  6  2011 VirtualBox.so -> /opt/VirtualBox/VirtualBox.so 
-rw-r--r-- 1 root root   92916 Jan  7 22:09 VirtualBox_XPCOM.xpt 
-rw-r--r-- 1 root root    1184 Apr  8  2011 compreg.dat 
-rw-r--r-- 1 root root   19109 Apr  8  2011 xpti.dat 
tomb ~ #  

Bottom line: Having the VBoxDbg.so in the components directory and thus automatically loading/registering it during startup through VBoxXPCOM.so iirc is causing the segfault described in my opening post.
I could recreate the issue by creating this symlink on machine B.

I didn't analyze any further what causes the segfault in detail. In this case it's simply: Working system => happy.