gdb在运行maintenance info program-spaces命令时coredump

coredump时的信息:

(gdb) maintenance info program-spaces 
*** Error in `gdb': free(): invalid pointer: 0x0000000003c6bcf0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7d1fd)[0x7fc875c0d1fd]
gdb(find_pc_section+0x99)[0x605089]
gdb(lookup_minimal_symbol_by_pc_section+0x1d)[0x60898d]
gdb(find_pc_sect_symtab+0x29)[0x59eba9]
gdb(select_frame+0x71)[0x699a11]
gdb(get_selected_frame+0x39)[0x699a89]
gdb(get_current_arch+0x27)[0x5e5447]
gdb[0x52ba1e]
gdb(registry_clear_data+0x93)[0x6bea63]
gdb(registry_container_free_data+0xf)[0x6beadf]
gdb[0x6ba8b2]
gdb(prune_program_spaces+0x4c)[0x6ba99c]
gdb[0x6ba9de]
gdb(execute_command+0x2aa)[0x6901ba]
gdb[0x5d85d1]
gdb[0x5d8a8c]
/lib64/libreadline.so.6(rl_callback_read_char+0x8e)[0x7fc877b57c6e]
gdb[0x5d8639]
gdb[0x5d71f4]
gdb(gdb_do_one_event+0xa7)[0x5d7587]
gdb(start_event_loop+0x57)[0x5d77b7]
gdb[0x5d0623]
gdb(catch_errors+0x8a)[0x5cee0a]
gdb[0x5d12d6]
gdb(catch_errors+0x8a)[0x5cee0a]
gdb(gdb_main+0x24)[0x5d1f04]
gdb(main+0x3e)[0x4572ee]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fc875bb1af5]
gdb[0x457331]
======= Memory map: ========
00400000-00a02000 r-xp 00000000 08:01 1969692                            /usr/bin/gdb
00c01000-00c02000 r--p 00601000 08:01 1969692                            /usr/bin/gdb
00c02000-00c19000 rw-p 00602000 08:01 1969692                            /usr/bin/gdb
00c19000-00c3c000 rw-p 00000000 00:00 0 
02aee000-04636000 rw-p 00000000 00:00 0                                  [heap]
7fc871e78000-7fc871e7f000 r-xp 00000000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so
7fc871e7f000-7fc87207e000 ---p 00007000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so
7fc87207e000-7fc87207f000 r--p 00006000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so
7fc87207f000-7fc872080000 rw-p 00007000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so
7fc872080000-7fc8722d7000 rw-p 00000000 00:00 0 
7fc872327000-7fc8723a0000 r-xp 00000000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so
7fc8723a0000-7fc87259f000 ---p 00079000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so
7fc87259f000-7fc8725a1000 r--p 00078000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so
7fc8725a1000-7fc8725a2000 rw-p 0007a000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so
7fc8725a2000-7fc8725a6000 rw-p 00000000 00:00 0 
7fc8725a6000-7fc872657000 r-xp 00000000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.6
7fc872657000-7fc872856000 ---p 000b1000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.6
7fc872856000-7fc872858000 r--p 000b0000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.6
7fc872858000-7fc87285b000 rw-p 000b2000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.6
7fc87285b000-7fc872897000 r-xp 00000000 08:01 1984568                    /usr/lib64/libsoftokn3.so
7fc872897000-7fc872a96000 ---p 0003c000 08:01 1984568                    /usr/lib64/libsoftokn3.so
7fc872a96000-7fc872a97000 r--p 0003b000 08:01 1984568                    /usr/lib64/libsoftokn3.so
7fc872a97000-7fc872a98000 rw-p 0003c000 08:01 1984568                    /usr/lib64/libsoftokn3.so
7fc872a98000-7fc872aa3000 r-xp 00000000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so
7fc872aa3000-7fc872ca2000 ---p 0000b000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so
7fc872ca2000-7fc872ca3000 r--p 0000a000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so
7fc872ca3000-7fc872ca4000 rw-p 0000b000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so
7fc872ca4000-7fc872cab000 r-xp 00000000 08:01 1964029                    /usr/lib64/librt-2.17.so
7fc872cab000-7fc872eaa000 ---p 00007000 08:01 1964029                    /usr/lib64/librt-2.17.so
7fc872eaa000-7fc872eab000 r--p 00006000 08:01 1964029                    /usr/lib64/librt-2.17.so
7fc872eab000-7fc872eac000 rw-p 00007000 08:01 1964029                    /usr/lib64/librt-2.17.so
7fc872eac000-7fc872eb0000 r-xp 00000000 08:01 1964476                    /usr/lib64/libattr.so.1.1.0
7fc872eb0000-7fc8730af000 ---p 00004000 08:01 1964476                    /usr/lib64/libattr.so.1.1.0
7fc8730af000-7fc8730b0000 r--p 00003000 08:01 1964476                    /usr/lib64/libattr.so.1.1.0
7fc8730b0000-7fc8730b1000 rw-p 00004000 08:01 1964476                    /usr/lib64/libattr.so.1.1.0
7fc8730b1000-7fc8730ea000 r-xp 00000000 08:01 2003551                    /usr/lib64/libnspr4.so
7fc8730ea000-7fc8732ea000 ---p 00039000 08:01 2003551                    /usr/lib64/libnspr4.so
7fc8732ea000-7fc8732eb000 r--p 00039000 08:01 2003551                    /usr/lib64/libnspr4.so
7fc8732eb000-7fc8732ed000 rw-p 0003a000 08:01 2003551                    /usr/lib64/libnspr4.so
7fc8732ed000-7fc8732ef000 rw-p 00000000 00:00 0 
7fc8732ef000-7fc8732f2000 r-xp 00000000 08:01 2003553                    /usr/lib64/libplds4.so
7fc8732f2000-7fc8734f1000 ---p 00003000 08:01 2003553                    /usr/lib64/libplds4.so
7fc8734f1000-7fc8734f2000 r--p 00002000 08:01 2003553                    /usr/lib64/libplds4.so
7fc8734f2000-7fc8734f3000 rw-p 00003000 08:01 2003553                    /usr/lib64/libplds4.so
7fc8734f3000-7fc8734f7000 r-xp 00000000 08:01 2003552                    /usr/lib64/libplc4.so
7fc8734f7000-7fc8736f6000 ---p 00004000 08:01 2003552                    /usr/lib64/libplc4.so
7fc8736f6000-7fc8736f7000 r--p 00003000 08:01 2003552                    /usr/lib64/libplc4.so
7fc8736f7000-7fc8736f8000 rw-p 00004000 08:01 2003552                    /usr/lib64/libplc4.so
7fc8736f8000-7fc87371d000 r-xp 00000000 08:01 1971387                    /usr/lib64/libnssutil3.so
7fc87371d000-7fc87391d000 ---p 00025000 08:01 1971387                    /usr/lib64/libnssutil3.so
7fc87391d000-7fc873923000 r--p 00025000 08:01 1971387                    /usr/lib64/libnssutil3.so
7fc873923000-7fc873924000 rw-p 0002b000 08:01 1971387                    /usr/lib64/libnssutil3.so
7fc873924000-7fc873ad8000 r-xp 00000000 08:01 1964466                    /usr/lib64/libdb-5.3.so
7fc873ad8000-7fc873cd8000 ---p 001b4000 08:01 1964466                    /usr/lib64/libdb-5.3.so
7fc873cd8000-7fc873cdf000 r--p 001b4000 08:01 1964466                    /usr/lib64/libdb-5.3.so
7fc873cdf000-7fc873ce2000 rw-p 001bb000 08:01 1964466                    /usr/lib64/libdb-5.3.so
7fc873ce2000-7fc873d0e000 r-xp 00000000 08:01 1964523                    /usr/lib64/liblua-5.1.so
7fc873d0e000-7fc873f0d000 ---p 0002c000 08:01 1964523                    /usr/lib64/liblua-5.1.so
7fc873f0d000-7fc873f0f000 r--p 0002b000 08:01 1964523                    /usr/lib64/liblua-5.1.so
7fc873f0f000-7fc873f10000 rw-p 0002d000 08:01 1964523                    /usr/lib64/liblua-5.1.so
7fc873f10000-7fc873f17000 r-xp 00000000 08:01 1964490                    /usr/lib64/libacl.so.1.1.0
7fc873f17000-7fc874117000 ---p 00007000 08:01 1964490                    /usr/lib64/libacl.so.1.1.0
7fc874117000-7fc874118000 r--p 00007000 08:01 1964490                    /usr/lib64/libacl.so.1.1.0
7fc874118000-7fc874119000 rw-p 00008000 08:01 1964490                    /usr/lib64/libacl.so.1.1.0
7fc874119000-7fc87411d000 r-xp 00000000 08:01 1964479                    /usr/lib64/libcap.so.2.22
7fc87411d000-7fc87431c000 ---p 00004000 08:01 1964479                    /usr/lib64/libcap.so.2.22
7fc87431c000-7fc87431d000 r--p 00003000 08:01 1964479                    /usr/lib64/libcap.so.2.22
7fc87431d000-7fc87431e000 rw-p 00004000 08:01 1964479                    /usr/lib64/libcap.so.2.22
7fc87431e000-7fc874327000 r-xp 00000000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.0
7fc874327000-7fc874526000 ---p 00009000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.0
7fc874526000-7fc874527000 r--p 00008000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.0
7fc874527000-7fc874528000 rw-p 00009000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.0
7fc874528000-7fc87453d000 r-xp 00000000 08:01 1998086                    /usr/lib64/libelf-0.160.so
7fc87453d000-7fc87473c000 ---p 00015000 08:01 1998086                    /usr/lib64/libelf-0.160.so
7fc87473c000-7fc87473d000 r--p 00014000 08:01 1998086                    /usr/lib64/libelf-0.160.so
7fc87473d000-7fc87473e000 rw-p 00015000 08:01 1998086                    /usr/lib64/libelf-0.160.so
7fc87473e000-7fc87474d000 r-xp 00000000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.6
7fc87474d000-7fc87494c000 ---p 0000f000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.6
7fc87494c000-7fc87494d000 r--p 0000e000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.6
7fc87494d000-7fc87494e000 rw-p 0000f000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.6
7fc87494e000-7fc874a6c000 r-xp 00000000 08:01 1973518                    /usr/lib64/libnss3.so
7fc874a6c000-7fc874c6b000 ---p 0011e000 08:01 1973518                    /usr/lib64/libnss3.so
7fc874c6b000-7fc874c70000 r--p 0011d000 08:01 1973518                    /usr/lib64/libnss3.so
7fc874c70000-7fc874c72000 rw-p 00122000 08:01 1973518                    /usr/lib64/libnss3.so
7fc874c72000-7fc874c74000 rw-p 00000000 00:00 0 
7fc874c74000-7fc874c9c000 r-xp 00000000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.0
7fc874c9c000-7fc874e9b000 ---p 00028000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.0
7fc874e9b000-7fc874e9d000 r--p 00027000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.0
7fc874e9d000-7fc874e9f000 rw-p 00029000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.0
7fc874e9f000-7fc874ea1000 rw-p 00000000 00:00 0 
7fc874ea1000-7fc874f01000 r-xp 00000000 08:01 1967718                    /usr/lib64/librpm.so.3.2.0
7fc874f01000-7fc875101000 ---p 00060000 08:01 1967718                    /usr/lib64/librpm.so.3.2.0
7fc875101000-7fc875104000 r--p 00060000 08:01 1967718                    /usr/lib64/librpm.so.3.2.0
7fc875104000-7fc875107000 rw-p 00063000 08:01 1967718                    /usr/lib64/librpm.so.3.2.0
7fc875107000-7fc875108000 rw-p 00000000 00:00 0 
7fc875108000-7fc87510b000 r-xp 00000000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so
7fc87510b000-7fc87530a000 ---p 00003000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so
7fc87530a000-7fc87530b000 r--p 00002000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so
7fc87530b000-7fc87530d000 rw-p 00003000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so
7fc87530d000-7fc875315000 r-xp 00000000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so
7fc875315000-7fc875515000 ---p 00008000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so
7fc875515000-7fc875516000 r--p 00008000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so
7fc875516000-7fc875518000 rw-p 00009000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so
7fc875518000-7fc87551e000 r-xp 00000000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so
7fc87551e000-7fc87571d000 ---p 00006000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so
7fc87571d000-7fc87571e000 r--p 00005000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so
7fc87571e000-7fc875720000 rw-p 00006000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so
7fc875720000-7fc87572a000 r-xp 00000000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so
7fc87572a000-7fc875929000 ---p 0000a000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so
7fc875929000-7fc87592a000 r--p 00009000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so
7fc87592a000-7fc87592f000 rw-p 0000a000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so
7fc87592f000-7fc87598e000 r-xp 00000000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.0
7fc87598e000-7fc875b8e000 ---p 0005f000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.0
7fc875b8e000-7fc875b8f000 r--p 0005f000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.0
7fc875b8f000-7fc875b90000 rw-p 00060000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.0
7fc875b90000-7fc875d46000 r-xp 00000000 08:01 1963631                    /usr/lib64/libc-2.17.so
7fc875d46000-7fc875f46000 ---p 001b6000 08:01 1963631                    /usr/lib64/libc-2.17.so
7fc875f46000-7fc875f4a000 r--p 001b6000 08:01 1963631                    /usr/lib64/libc-2.17.so
7fc875f4a000-7fc875f4c000 rw-p 001ba000 08:01 1963631                    /usr/lib64/libc-2.17.so
7fc875f4c000-7fc875f51000 rw-p 00000000 00:00 0 
7fc875f51000-7fc875f66000 r-xp 00000000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.1
7fc875f66000-7fc876165000 ---p 00015000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.1
7fc876165000-7fc876166000 r--p 00014000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.1
7fc876166000-7fc876167000 rw-p 00015000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.1
7fc876167000-7fc87618b000 r-xp 00000000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.99
7fc87618b000-7fc87638a000 ---p 00024000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.99
7fc87638a000-7fc87638b000 r--p 00023000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.99
7fc87638b000-7fc87638c000 rw-p 00024000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.99
7fc87638c000-7fc8763b3000 r-xp 00000000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.0
7fc8763b3000-7fc8765b3000 ---p 00027000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.0
7fc8765b3000-7fc8765b5000 r--p 00027000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.0
7fc8765b5000-7fc8765b6000 rw-p 00029000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.0
7fc8765b6000-7fc87672e000 r-xp 00000000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.0
7fc87672e000-7fc87692e000 ---p 00178000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.0
7fc87692e000-7fc87692f000 r--p 00178000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.0
7fc87692f000-7fc87696d000 rw-p 00179000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.0
7fc87696d000-7fc87697c000 rw-p 00000000 00:00 0 
7fc87697c000-7fc87697e000 r-xp 00000000 08:01 1963665                    /usr/lib64/libutil-2.17.so
7fc87697e000-7fc876b7d000 ---p 00002000 08:01 1963665                    /usr/lib64/libutil-2.17.so
7fc876b7d000-7fc876b7e000 r--p 00001000 08:01 1963665                    /usr/lib64/libutil-2.17.so
7fc876b7e000-7fc876b7f000 rw-p 00002000 08:01 1963665                    /usr/lib64/libutil-2.17.so
7fc876b7f000-7fc876b95000 r-xp 00000000 08:01 1963657                    /usr/lib64/libpthread-2.17.so
7fc876b95000-7fc876d95000 ---p 00016000 08:01 1963657                    /usr/lib64/libpthread-2.17.so
7fc876d95000-7fc876d96000 r--p 00016000 08:01 1963657                    /usr/lib64/libpthread-2.17.so
7fc876d96000-7fc876d97000 rw-p 00017000 08:01 1963657                    /usr/lib64/libpthread-2.17.so
7fc876d97000-7fc876d9b000 rw-p 00000000 00:00 0 
7fc876d9b000-7fc876d9e000 r-xp 00000000 08:01 1964022                    /usr/lib64/libdl-2.17.so
7fc876d9e000-7fc876f9d000 ---p 00003000 08:01 1964022                    /usr/lib64/libdl-2.17.so
7fc876f9d000-7fc876f9e000 r--p 00002000 08:01 1964022                    /usr/lib64/libdl-2.17.so
7fc876f9e000-7fc876f9f000 rw-p 00003000 08:01 1964022                    /usr/lib64/libdl-2.17.so
7fc876f9f000-7fc8770a0000 r-xp 00000000 08:01 1964023                    /usr/lib64/libm-2.17.so
7fc8770a0000-7fc87729f000 ---p 00101000 08:01 1964023                    /usr/lib64/libm-2.17.so
7fc87729f000-7fc8772a0000 r--p 00100000 08:01 1964023                    /usr/lib64/libm-2.17.so
7fc8772a0000-7fc8772a1000 rw-p 00101000 08:01 1964023                    /usr/lib64/libm-2.17.so
7fc8772a1000-7fc8772b6000 r-xp 00000000 08:01 1964070                    /usr/lib64/libz.so.1.2.7
7fc8772b6000-7fc8774b5000 ---p 00015000 08:01 1964070                    /usr/lib64/libz.so.1.2.7
7fc8774b5000-7fc8774b6000 r--p 00014000 08:01 1964070                    /usr/lib64/libz.so.1.2.7
7fc8774b6000-7fc8774b7000 rw-p 00015000 08:01 1964070                    /usr/lib64/libz.so.1.2.7
7fc8774b7000-7fc8774dc000 r-xp 00000000 08:01 1963963                    /usr/lib64/libtinfo.so.5.9
7fc8774dc000-7fc8776dc000 ---p 00025000 08:01 1963963                    /usr/lib64/libtinfo.so.5.9
7fc8776dc000-7fc8776e0000 r--p 00025000 08:01 1963963                    /usr/lib64/libtinfo.so.5.9
7fc8776e0000-7fc8776e1000 rw-p 00029000 08:01 1963963                    /usr/lib64/libtinfo.so.5.9
7fc8776e1000-7fc877707000 r-xp 00000000 08:01 1963953                    /usr/lib64/libncurses.so.5.9
7fc877707000-7fc877906000 ---p 00026000 08:01 1963953                    /usr/lib64/libncurses.so.5.9
7fc877906000-7fc877907000 r--p 00025000 08:01 1963953                    /usr/lib64/libncurses.so.5.9
7fc877907000-7fc877908000 rw-p 00026000 08:01 1963953                    /usr/lib64/libncurses.so.5.9
7fc877908000-7fc877929000 r-xp 00000000 08:01 1964067                    /usr/lib64/libselinux.so.1
7fc877929000-7fc877b29000 ---p 00021000 08:01 1964067                    /usr/lib64/libselinux.so.1
7fc877b29000-7fc877b2a000 r--p 00021000 08:01 1964067                    /usr/lib64/libselinux.so.1
7fc877b2a000-7fc877b2b000 rw-p 00022000 08:01 1964067                    /usr/lib64/libselinux.so.1
7fc877b2b000-7fc877b2d000 rw-p 00000000 00:00 0 
7fc877b2d000-7fc877b69000 r-xp 00000000 08:01 1964218                    /usr/lib64/libreadline.so.6.2
7fc877b69000-7fc877d69000 ---p 0003c000 08:01 1964218                    /usr/lib64/libreadline.so.6.2
7fc877d69000-7fc877d6b000 r--p 0003c000 08:01 1964218                    /usr/lib64/libreadline.so.6.2
7fc877d6b000-7fc877d71000 rw-p 0003e000 08:01 1964218                    /usr/lib64/libreadline.so.6.2
7fc877d71000-7fc877d73000 rw-p 00000000 00:00 0 
7fc877d73000-7fc877d94000 r-xp 00000000 08:01 1963623                    /usr/lib64/ld-2.17.so
7fc877da8000-7fc877e39000 rw-p 00000000 00:00 0 
7fc877e41000-7fc877f80000 rw-p 00000000 00:00 0 
7fc877f80000-7fc877f89000 r--p 00010000 08:01 786974                     /home/xuzhina/code/xerces/sample/new_address
7fc877f89000-7fc877f91000 r--p 00008000 08:01 786974                     /home/xuzhina/code/xerces/sample/new_address
7fc877f91000-7fc877f94000 rw-p 00000000 00:00 0 
7fc877f94000-7fc877f95000 r--p 00021000 08:01 1963623                    /usr/lib64/ld-2.17.so
7fc877f95000-7fc877f96000 rw-p 00022000 08:01 1963623                    /usr/lib64/ld-2.17.so
7fc877f96000-7fc877f97000 rw-p 00000000 00:00 0 
7ffc6acdc000-7ffc6acfd000 rw-p 00000000 00:00 0                          [stack]
7ffc6adfe000-7ffc6ae00000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Aborted (core dumped)

gdb的版本号:

(gdb) show version 
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.


看一下堆栈:

[xuzhina@localhost sample]$ gdb /usr/bin/gdb core-gdb-4332-1436781341-6 
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/gdb...Reading symbols from /usr/bin/gdb...(no debugging symbols found)...done.
(no debugging symbols found)...done.
[New LWP 4332]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `gdb new_address'.
Program terminated with signal 6, Aborted.
#0  0x00007fc875bc55d7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install gdb-7.6.1-64.el7.x86_64
(gdb) bt
#0  0x00007fc875bc55d7 in raise () from /lib64/libc.so.6
#1  0x00007fc875bc6cc8 in abort () from /lib64/libc.so.6
#2  0x00007fc875c05e07 in __libc_message () from /lib64/libc.so.6
#3  0x00007fc875c0d1fd in _int_free () from /lib64/libc.so.6
#4  0x0000000000605089 in find_pc_section ()
#5  0x000000000060898d in lookup_minimal_symbol_by_pc_section ()
#6  0x000000000059eba9 in find_pc_sect_symtab ()
#7  0x0000000000699a11 in select_frame ()
#8  0x0000000000699a89 in get_selected_frame ()
#9  0x00000000005e5447 in get_current_arch ()
#10 0x000000000052ba1e in py_free_pspace ()
#11 0x00000000006bea63 in registry_clear_data ()
#12 0x00000000006beadf in registry_container_free_data ()
#13 0x00000000006ba8b2 in release_program_space ()
#14 0x00000000006ba99c in prune_program_spaces ()
#15 0x00000000006ba9de in maintenance_info_program_spaces_command ()
#16 0x00000000006901ba in execute_command ()
#17 0x00000000005d85d1 in command_handler ()
#18 0x00000000005d8a8c in command_line_handler ()
#19 0x00007fc877b57c6e in rl_callback_read_char () from /lib64/libreadline.so.6
#20 0x00000000005d8639 in rl_callback_read_char_wrapper ()
#21 0x00000000005d71f4 in process_event ()
#22 0x00000000005d7587 in gdb_do_one_event ()
#23 0x00000000005d77b7 in start_event_loop ()
#24 0x00000000005d0623 in captured_command_loop ()
#25 0x00000000005cee0a in catch_errors ()
#26 0x00000000005d12d6 in captured_main ()
#27 0x00000000005cee0a in catch_errors ()
#28 0x00000000005d1f04 in gdb_main ()
#29 0x00000000004572ee in main ()

从堆栈能够看到。是在释放内存时出现故障,那么出现故障的地方应该是第4祯,find_pc_section函数里。

跳转到第4祯:

(gdb) frame 4
#4  0x0000000000605089 in find_pc_section ()

看一下汇编:

(gdb) disassemble 
Dump of assembler code for function find_pc_section:
   0x0000000000604ff0 <+0>:	push   %r15
   0x0000000000604ff2 <+2>:	push   %r14
   0x0000000000604ff4 <+4>:	push   %r13
   0x0000000000604ff6 <+6>:	push   %r12
   0x0000000000604ff8 <+8>:	push   %rbp
   0x0000000000604ff9 <+9>:	push   %rbx
   0x0000000000604ffa <+10>:	sub    $0x98,%rsp
   0x0000000000605001 <+17>:	mov    %rdi,0x88(%rsp)
   0x0000000000605009 <+25>:	callq  0x5a8830 <find_pc_mapped_section>
   0x000000000060500e <+30>:	test   %rax,%rax
   0x0000000000605011 <+33>:	je     0x605028 <find_pc_section+56>
   0x0000000000605013 <+35>:	add    $0x98,%rsp
   0x000000000060501a <+42>:	pop    %rbx
   0x000000000060501b <+43>:	pop    %rbp
   0x000000000060501c <+44>:	pop    %r12
   0x000000000060501e <+46>:	pop    %r13
   0x0000000000605020 <+48>:	pop    %r14
   0x0000000000605022 <+50>:	pop    %r15
   0x0000000000605024 <+52>:	retq   
   0x0000000000605025 <+53>:	nopl   (%rax)
   0x0000000000605028 <+56>:	mov    0x635fb1(%rip),%rdi        # 0xc3afe0 <current_program_space>
   0x000000000060502f <+63>:	callq  0x6043e0 <get_objfile_pspace_data>
   0x0000000000605034 <+68>:	mov    0x10(%rax),%edi
   0x0000000000605037 <+71>:	mov    %rax,0x78(%rsp)
   0x000000000060503c <+76>:	test   %edi,%edi
   0x000000000060503e <+78>:	jne    0x60505b <find_pc_section+107>
   0x0000000000605040 <+80>:	mov    0xc(%rax),%esi
   0x0000000000605043 <+83>:	test   %esi,%esi
   0x0000000000605045 <+85>:	je     0x60513b <find_pc_section+331>
   0x000000000060504b <+91>:	mov    0x78(%rsp),%rax
   0x0000000000605050 <+96>:	mov    0x14(%rax),%ecx
   0x0000000000605053 <+99>:	test   %ecx,%ecx
   0x0000000000605055 <+101>:	jne    0x60513b <find_pc_section+331>
   0x000000000060505b <+107>:	mov    0x635f7e(%rip),%rbx        # 0xc3afe0 <current_program_space>
   0x0000000000605062 <+114>:	mov    %rbx,%rdi
   0x0000000000605065 <+117>:	callq  0x6043e0 <get_objfile_pspace_data>
   0x000000000060506a <+122>:	mov    0x10(%rax),%edx
   0x000000000060506d <+125>:	test   %edx,%edx
   0x000000000060506f <+127>:	jne    0x60507c <find_pc_section+140>
   0x0000000000605071 <+129>:	mov    0xc(%rax),%eax
   0x0000000000605074 <+132>:	test   %eax,%eax
---Type <return> to continue, or q <return> to quit---
   0x0000000000605076 <+134>:	je     0x6055d5 <find_pc_section+1509>
   0x000000000060507c <+140>:	mov    0x78(%rsp),%rax
   0x0000000000605081 <+145>:	mov    (%rax),%rdi
   0x0000000000605084 <+148>:	callq  0x6bd1b0 <xfree>
=> 0x0000000000605089 <+153>:	mov    0x40(%rbx),%r8
   0x000000000060508d <+157>:	test   %r8,%r8
   0x0000000000605090 <+160>:	je     0x60510f <find_pc_section+287>
   0x0000000000605092 <+162>:	mov    0x61bbd4(%rip),%edi        # 0xc20c6c <overlay_debugging>
   0x0000000000605098 <+168>:	xor    %ecx,%ecx
   0x000000000060509a <+170>:	nopw   0x0(%rax,%rax,1)
   0x00000000006050a0 <+176>:	mov    0x80d8(%r8),%rax
   0x00000000006050a7 <+183>:	mov    0x80e0(%r8),%r9
   0x00000000006050ae <+190>:	cmp    %r9,%rax
   0x00000000006050b1 <+193>:	jae    0x6050f8 <find_pc_section+264>
   0x00000000006050b3 <+195>:	mov    0x48(%r8),%r10
   0x00000000006050b7 <+199>:	nopw   0x0(%rax,%rax,1)
   0x00000000006050c0 <+208>:	mov    (%rax),%rdx
   0x00000000006050c3 <+211>:	test   %edi,%edi
   0x00000000006050c5 <+213>:	mov    0x30(%rdx),%rsi
   0x00000000006050c9 <+217>:	je     0x6050e0 <find_pc_section+240>
   0x00000000006050cb <+219>:	test   %rsi,%rsi
   0x00000000006050ce <+222>:	je     0x6050e0 <find_pc_section+240>
   0x00000000006050d0 <+224>:	cmp    0x28(%rdx),%rsi
   0x00000000006050d4 <+228>:	je     0x6050e0 <find_pc_section+240>
   0x00000000006050d6 <+230>:	testb  $0x8,0x55(%r10)
   0x00000000006050db <+235>:	je     0x6050ef <find_pc_section+255>
   0x00000000006050dd <+237>:	nopl   (%rax)
   0x00000000006050e0 <+240>:	mov    0x20(%rdx),%edx
   0x00000000006050e3 <+243>:	and    $0x400,%edx
   0x00000000006050e9 <+249>:	cmp    $0x1,%edx
   0x00000000006050ec <+252>:	adc    $0x0,%ecx
   0x00000000006050ef <+255>:	add    $0x18,%rax
   0x00000000006050f3 <+259>:	cmp    %r9,%rax
   0x00000000006050f6 <+262>:	jb     0x6050c0 <find_pc_section+208>
   0x00000000006050f8 <+264>:	mov    (%r8),%r8
   0x00000000006050fb <+267>:	test   %r8,%r8
   0x00000000006050fe <+270>:	jne    0x6050a0 <find_pc_section+176>
   0x0000000000605100 <+272>:	test   %ecx,%ecx
   0x0000000000605102 <+274>:	mov    %ecx,0x84(%rsp)
   0x0000000000605109 <+281>:	jne    0x6051b0 <find_pc_section+448>
   0x000000000060510f <+287>:	mov    0x78(%rsp),%rax
   0x0000000000605114 <+292>:	xor    %ebx,%ebx

coredump位置在这一段汇编:

  0x000000000060507c <+140>:	mov    0x78(%rsp),%rax
   0x0000000000605081 <+145>:	mov    (%rax),%rdi
   0x0000000000605084 <+148>:	callq  0x6bd1b0 <xfree>
=> 0x0000000000605089 <+153>:	mov    0x40(%rbx),%r8

看一下代码,下载gdb-7.6.1代码来看,在objfiles.c里有定义find_pc_section

struct obj_section *
find_pc_section (CORE_ADDR pc)
{
  struct objfile_pspace_info *pspace_info;
  struct obj_section *s, **sp;

  /* Check for mapped overlay section first.  */
  s = find_pc_mapped_section (pc);
  if (s)
    return s;

  pspace_info = get_objfile_pspace_data (current_program_space);
  if (pspace_info->objfiles_changed_p != 0)
    {
      update_section_map (current_program_space,
			  &pspace_info->sections,
			  &pspace_info->num_sections);

      /* Don't need updates to section map until objfiles are added,
         removed or relocated.  */
      pspace_info->objfiles_changed_p = 0;
    }

  /* The C standard (ISO/IEC 9899:TC2) requires the BASE argument to
     bsearch be non-NULL.  */
  if (pspace_info->sections == NULL)
    {
      gdb_assert (pspace_info->num_sections == 0);
      return NULL;
    }

  sp = (struct obj_section **) bsearch (&pc,
					pspace_info->sections,
					pspace_info->num_sections,
					sizeof (*pspace_info->sections),
					bsearch_cmp);
  if (sp != NULL)
    return *sp;
  return NULL;
}

但似乎没看到哪里有调用xfree.

再看一下出问题的地址上面的汇编:

   0x0000000000604ff0 <+0>:	push   %r15
   0x0000000000604ff2 <+2>:	push   %r14
   0x0000000000604ff4 <+4>:	push   %r13
   0x0000000000604ff6 <+6>:	push   %r12
   0x0000000000604ff8 <+8>:	push   %rbp
   0x0000000000604ff9 <+9>:	push   %rbx
   0x0000000000604ffa <+10>:	sub    $0x98,%rsp
   0x0000000000605001 <+17>:	mov    %rdi,0x88(%rsp)
   0x0000000000605009 <+25>:	callq  0x5a8830 <find_pc_mapped_section>
   0x000000000060500e <+30>:	test   %rax,%rax
   0x0000000000605011 <+33>:	je     0x605028 <find_pc_section+56>
   0x0000000000605013 <+35>:	add    $0x98,%rsp
   0x000000000060501a <+42>:	pop    %rbx
   0x000000000060501b <+43>:	pop    %rbp
   0x000000000060501c <+44>:	pop    %r12
   0x000000000060501e <+46>:	pop    %r13
   0x0000000000605020 <+48>:	pop    %r14
   0x0000000000605022 <+50>:	pop    %r15
   0x0000000000605024 <+52>:	retq   
   0x0000000000605025 <+53>:	nopl   (%rax)
   0x0000000000605028 <+56>:	mov    0x635fb1(%rip),%rdi        # 0xc3afe0 <current_program_space>
   0x000000000060502f <+63>:	callq  0x6043e0 <get_objfile_pspace_data>
   0x0000000000605034 <+68>:	mov    0x10(%rax),%edi
   0x0000000000605037 <+71>:	mov    %rax,0x78(%rsp)
   0x000000000060503c <+76>:	test   %edi,%edi
   0x000000000060503e <+78>:	jne    0x60505b <find_pc_section+107>
   0x0000000000605040 <+80>:	mov    0xc(%rax),%esi
   0x0000000000605043 <+83>:	test   %esi,%esi
   0x0000000000605045 <+85>:	je     0x60513b <find_pc_section+331>
   0x000000000060504b <+91>:	mov    0x78(%rsp),%rax
   0x0000000000605050 <+96>:	mov    0x14(%rax),%ecx
   0x0000000000605053 <+99>:	test   %ecx,%ecx
   0x0000000000605055 <+101>:	jne    0x60513b <find_pc_section+331>
   0x000000000060505b <+107>:	mov    0x635f7e(%rip),%rbx        # 0xc3afe0 <current_program_space>
   0x0000000000605062 <+114>:	mov    %rbx,%rdi
   0x0000000000605065 <+117>:	callq  0x6043e0 <get_objfile_pspace_data>
   0x000000000060506a <+122>:	mov    0x10(%rax),%edx
   0x000000000060506d <+125>:	test   %edx,%edx
   0x000000000060506f <+127>:	jne    0x60507c <find_pc_section+140>
   0x0000000000605071 <+129>:	mov    0xc(%rax),%eax
   0x0000000000605074 <+132>:	test   %eax,%eax

能够看到,在这几行汇编里:

0x0000000000605009 <+25>:	callq  0x5a8830 <find_pc_mapped_section>

 0x000000000060502f <+63>:	callq  0x6043e0 <get_objfile_pspace_data>

 0x0000000000605065 <+117>:	callq  0x6043e0 <get_objfile_pspace_data>

依次调用了find_pc_mapped_section,get_objfile_pspace_data。get_objfile_pspace_data

再看一下第一次调用get_objfile_pspace_data的汇编片段:

 0x000000000060502f <+63>:    callq  0x6043e0 <get_objfile_pspace_data>
   0x0000000000605034 <+68>:    mov    0x10(%rax),%edi
   0x0000000000605037 <+71>:    mov    %rax,0x78(%rsp)
   0x000000000060503c <+76>:    test   %edi,%edi
   0x000000000060503e <+78>:    jne    0x60505b <find_pc_section+107>
   0x0000000000605040 <+80>:    mov    0xc(%rax),%esi
   0x0000000000605043 <+83>:    test   %esi,%esi
   0x0000000000605045 <+85>:    je     0x60513b <find_pc_section+331>
   0x000000000060504b <+91>:    mov    0x78(%rsp),%rax
   0x0000000000605050 <+96>:    mov    0x14(%rax),%ecx
   0x0000000000605053 <+99>:    test   %ecx,%ecx
   0x0000000000605055 <+101>:    jne    0x60513b <find_pc_section+331>
   0x000000000060505b <+107>:    mov    0x635f7e(%rip),%rbx        # 0xc3afe0 <current_program_space>

可见,

=> 0x0000000000605089 <+153>:    mov    0x40(%rbx),%r8

不是由

   0x0000000000605045 <+85>:    je     0x60513b <find_pc_section+331>
   0x0000000000605055 <+101>:    jne    0x60513b <find_pc_section+331>
跳转过去的。

那么。coredump地址应该是位于这一段代码里:

 if (pspace_info->objfiles_changed_p != 0)
    {
      update_section_map (current_program_space,
			  &pspace_info->sections,
			  &pspace_info->num_sections);

      /* Don't need updates to section map until objfiles are added,
         removed or relocated.  */
      pspace_info->objfiles_changed_p = 0;
    }

考虑到编译器可能会进行代码优化,把一些仅仅调用一次的static函数内联。

看一下update_section_map(假设用source insight看,这个函数确实仅仅被find_pc_section调用。并且仅仅调用一次。

)

static void
update_section_map (struct program_space *pspace,
		    struct obj_section ***pmap, int *pmap_size)
{
  int alloc_size, map_size, i;
  struct obj_section *s, **map;
  struct objfile *objfile;

  gdb_assert (get_objfile_pspace_data (pspace)->objfiles_changed_p != 0);

  map = *pmap;
  xfree (map);

  alloc_size = 0;
  ALL_PSPACE_OBJFILES (pspace, objfile)
    ALL_OBJFILE_OSECTIONS (objfile, s)
      if (insert_section_p (objfile->obfd, s->the_bfd_section))
	alloc_size += 1;

  /* This happens on detach/attach (e.g. in gdb.base/attach.exp).  */
  if (alloc_size == 0)
    {
      *pmap = NULL;
      *pmap_size = 0;
      return;
    }

  map = xmalloc (alloc_size * sizeof (*map));

  i = 0;
  ALL_PSPACE_OBJFILES (pspace, objfile)
    ALL_OBJFILE_OSECTIONS (objfile, s)
      if (insert_section_p (objfile->obfd, s->the_bfd_section))
	map[i++] = s;

  qsort (map, alloc_size, sizeof (*map), qsort_cmp);
  map_size = filter_debuginfo_sections(map, alloc_size);
  map_size = filter_overlapping_sections(map, map_size);

  if (map_size < alloc_size)
    /* Some sections were eliminated.  Trim excess space.  */
    map = xrealloc (map, map_size * sizeof (*map));
  else
    gdb_assert (alloc_size == map_size);

  *pmap = map;
  *pmap_size = map_size;
}

在这里。有这么一段代码:

  map = *pmap;
  xfree (map);

可见,coredump是发生在这一行代码。


那么,到底是什么原因导致coredump。

看一下coredump的那段汇编:

   0x000000000060507c <+140>:	mov    0x78(%rsp),%rax
   0x0000000000605081 <+145>:	mov    (%rax),%rdi
   0x0000000000605084 <+148>:	callq  0x6bd1b0 <xfree>
=> 0x0000000000605089 <+153>:	mov    0x40(%rbx),%r8

因为在x86 64-bit,非常多时候为了安全和高速,传參数是用rdi寄存器来传。但在这里。rdi,rax可能会变。所以看一下rsp的内容:

(gdb) x /gx $rsp+0x78
0x7ffc6acfb3d8:	0x0000000003019e60
(gdb) x /gx 0x0000000003019e60
0x3019e60:	0x0000000003c6bcf0

PS:用/gx是由于要查看64地址的原因。


能够看到,0x0000000003c6bcf0和

(gdb) maintenance info program-spaces 
*** Error in `gdb': free(): invalid pointer: 0x0000000003c6bcf0 ***

的地址是一样的。

那么,先看一下0x0000000003c6bcf0的内容:

(gdb) x /gx 0x0000000003c6bcf0
0x3c6bcf0:	0x000000000003ca90

有内容。说明地址是有效啊。为什么无法释放呢?

依据最開始的coredump信息来看:

(gdb) maintenance info program-spaces 
*** Error in `gdb': free(): invalid pointer: 0x0000000003c6bcf0 ***
它所信息打印的代码是在glibc里malloc.c的_int_free函数里的这一段:

 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
      || __builtin_expect (misaligned_chunk (p), 0))
    {
      errstr = "free(): invalid pointer";


在malloc.c里面,一个内存块的定义是这种:

struct malloc_chunk {

  INTERNAL_SIZE_T      prev_size;  /* Size of previous chunk (if free).  */
  INTERNAL_SIZE_T      size;       /* Size in bytes, including overhead. */

  struct malloc_chunk* fd;         /* double links -- used only if free. */
  struct malloc_chunk* bk;

  /* Only used for large blocks: pointer to next larger size.  */
  struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */
  struct malloc_chunk* bk_nextsize;
};

当中INTERNAL_SIZE_T的定义例如以下:

#define INTERNAL_SIZE_T size_t

在x86 64位Linux系统里,size_t是8个字节。也就是说,0x0000000003c6bcf0地址向前-16,才是真实内存块地址。

(gdb) x /4gx 0x0000000003c6bcf0-16
0x3c6bce0:	0x0000000000000000	0x0000000000000000
0x3c6bcf0:	0x000000000003ca90	0x0000000000000020
可见,0x0000000003c6bcf0所在的内存块的头部已经被抹掉了。到底是哪里被抹掉。

由update_section_map可知,是pmap的问题。而pmap又是由&pspace_info->sections得来的。

也就是说,sections的内容有可能是因为pspace的上一个或上几个元素使用memset之类给覆盖了。

而pspace_info对象所属的结构体objfile_pspace_info仅仅定义在objfiles.c:

struct objfile_pspace_info
{
  int objfiles_changed_p;
  struct obj_section **sections;
  int num_sections;
};

而唯一初始化这个结构体对象的函数是:

static struct objfile_pspace_info *
get_objfile_pspace_data (struct program_space *pspace)
{
  struct objfile_pspace_info *info;

  info = program_space_data (pspace, objfiles_pspace_data);
  if (info == NULL)
    {
      info = XZALLOC (struct objfile_pspace_info);
      set_program_space_data (pspace, objfiles_pspace_data, info);
    }

  return info;
}

中的

set_program_space_data (pspace, objfiles_pspace_data, info);
也就是说。sections的内容应该是在set_program_space_data里面分配。由它的分配和初始化。有可能会找到sections所指向的内存块的上一块内存块所使用的程序。


但因为在gdb的代码中。找不到set_program_space_data的定义。


因为问题比較难重现,对gdb代码也不熟悉,否则。能够在sections分配之后打数据断点。watchpoint来跟踪。


转载于:https://www.cnblogs.com/lcchuguo/p/5354449.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值