gdb在执行maintenance info program-spaces命令时coredump

来源：互联网发布：淘宝进入卖家中心页面编辑：程序博客网时间：2024/05/21 15:42

coredump时的信息：

(gdb) maintenance info program-spaces *** Error in `gdb': free(): invalid pointer: 0x0000000003c6bcf0 ***======= Backtrace: =========/lib64/libc.so.6(+0x7d1fd)[0x7fc875c0d1fd]gdb(find_pc_section+0x99)[0x605089]gdb(lookup_minimal_symbol_by_pc_section+0x1d)[0x60898d]gdb(find_pc_sect_symtab+0x29)[0x59eba9]gdb(select_frame+0x71)[0x699a11]gdb(get_selected_frame+0x39)[0x699a89]gdb(get_current_arch+0x27)[0x5e5447]gdb[0x52ba1e]gdb(registry_clear_data+0x93)[0x6bea63]gdb(registry_container_free_data+0xf)[0x6beadf]gdb[0x6ba8b2]gdb(prune_program_spaces+0x4c)[0x6ba99c]gdb[0x6ba9de]gdb(execute_command+0x2aa)[0x6901ba]gdb[0x5d85d1]gdb[0x5d8a8c]/lib64/libreadline.so.6(rl_callback_read_char+0x8e)[0x7fc877b57c6e]gdb[0x5d8639]gdb[0x5d71f4]gdb(gdb_do_one_event+0xa7)[0x5d7587]gdb(start_event_loop+0x57)[0x5d77b7]gdb[0x5d0623]gdb(catch_errors+0x8a)[0x5cee0a]gdb[0x5d12d6]gdb(catch_errors+0x8a)[0x5cee0a]gdb(gdb_main+0x24)[0x5d1f04]gdb(main+0x3e)[0x4572ee]/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fc875bb1af5]gdb[0x457331]======= Memory map: ========00400000-00a02000 r-xp 00000000 08:01 1969692                            /usr/bin/gdb00c01000-00c02000 r--p 00601000 08:01 1969692                            /usr/bin/gdb00c02000-00c19000 rw-p 00602000 08:01 1969692                            /usr/bin/gdb00c19000-00c3c000 rw-p 00000000 00:00 0 02aee000-04636000 rw-p 00000000 00:00 0                                  [heap]7fc871e78000-7fc871e7f000 r-xp 00000000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so7fc871e7f000-7fc87207e000 ---p 00007000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so7fc87207e000-7fc87207f000 r--p 00006000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so7fc87207f000-7fc872080000 rw-p 00007000 08:01 1964030                    /usr/lib64/libthread_db-1.0.so7fc872080000-7fc8722d7000 rw-p 00000000 00:00 0 7fc872327000-7fc8723a0000 r-xp 00000000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so7fc8723a0000-7fc87259f000 ---p 00079000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so7fc87259f000-7fc8725a1000 r--p 00078000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so7fc8725a1000-7fc8725a2000 rw-p 0007a000 08:01 1998038                    /usr/lib64/libfreeblpriv3.so7fc8725a2000-7fc8725a6000 rw-p 00000000 00:00 0 7fc8725a6000-7fc872657000 r-xp 00000000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.67fc872657000-7fc872856000 ---p 000b1000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.67fc872856000-7fc872858000 r--p 000b0000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.67fc872858000-7fc87285b000 rw-p 000b2000 08:01 1964225                    /usr/lib64/libsqlite3.so.0.8.67fc87285b000-7fc872897000 r-xp 00000000 08:01 1984568                    /usr/lib64/libsoftokn3.so7fc872897000-7fc872a96000 ---p 0003c000 08:01 1984568                    /usr/lib64/libsoftokn3.so7fc872a96000-7fc872a97000 r--p 0003b000 08:01 1984568                    /usr/lib64/libsoftokn3.so7fc872a97000-7fc872a98000 rw-p 0003c000 08:01 1984568                    /usr/lib64/libsoftokn3.so7fc872a98000-7fc872aa3000 r-xp 00000000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so7fc872aa3000-7fc872ca2000 ---p 0000b000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so7fc872ca2000-7fc872ca3000 r--p 0000a000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so7fc872ca3000-7fc872ca4000 rw-p 0000b000 08:01 1964026                    /usr/lib64/libnss_files-2.17.so7fc872ca4000-7fc872cab000 r-xp 00000000 08:01 1964029                    /usr/lib64/librt-2.17.so7fc872cab000-7fc872eaa000 ---p 00007000 08:01 1964029                    /usr/lib64/librt-2.17.so7fc872eaa000-7fc872eab000 r--p 00006000 08:01 1964029                    /usr/lib64/librt-2.17.so7fc872eab000-7fc872eac000 rw-p 00007000 08:01 1964029                    /usr/lib64/librt-2.17.so7fc872eac000-7fc872eb0000 r-xp 00000000 08:01 1964476                    /usr/lib64/libattr.so.1.1.07fc872eb0000-7fc8730af000 ---p 00004000 08:01 1964476                    /usr/lib64/libattr.so.1.1.07fc8730af000-7fc8730b0000 r--p 00003000 08:01 1964476                    /usr/lib64/libattr.so.1.1.07fc8730b0000-7fc8730b1000 rw-p 00004000 08:01 1964476                    /usr/lib64/libattr.so.1.1.07fc8730b1000-7fc8730ea000 r-xp 00000000 08:01 2003551                    /usr/lib64/libnspr4.so7fc8730ea000-7fc8732ea000 ---p 00039000 08:01 2003551                    /usr/lib64/libnspr4.so7fc8732ea000-7fc8732eb000 r--p 00039000 08:01 2003551                    /usr/lib64/libnspr4.so7fc8732eb000-7fc8732ed000 rw-p 0003a000 08:01 2003551                    /usr/lib64/libnspr4.so7fc8732ed000-7fc8732ef000 rw-p 00000000 00:00 0 7fc8732ef000-7fc8732f2000 r-xp 00000000 08:01 2003553                    /usr/lib64/libplds4.so7fc8732f2000-7fc8734f1000 ---p 00003000 08:01 2003553                    /usr/lib64/libplds4.so7fc8734f1000-7fc8734f2000 r--p 00002000 08:01 2003553                    /usr/lib64/libplds4.so7fc8734f2000-7fc8734f3000 rw-p 00003000 08:01 2003553                    /usr/lib64/libplds4.so7fc8734f3000-7fc8734f7000 r-xp 00000000 08:01 2003552                    /usr/lib64/libplc4.so7fc8734f7000-7fc8736f6000 ---p 00004000 08:01 2003552                    /usr/lib64/libplc4.so7fc8736f6000-7fc8736f7000 r--p 00003000 08:01 2003552                    /usr/lib64/libplc4.so7fc8736f7000-7fc8736f8000 rw-p 00004000 08:01 2003552                    /usr/lib64/libplc4.so7fc8736f8000-7fc87371d000 r-xp 00000000 08:01 1971387                    /usr/lib64/libnssutil3.so7fc87371d000-7fc87391d000 ---p 00025000 08:01 1971387                    /usr/lib64/libnssutil3.so7fc87391d000-7fc873923000 r--p 00025000 08:01 1971387                    /usr/lib64/libnssutil3.so7fc873923000-7fc873924000 rw-p 0002b000 08:01 1971387                    /usr/lib64/libnssutil3.so7fc873924000-7fc873ad8000 r-xp 00000000 08:01 1964466                    /usr/lib64/libdb-5.3.so7fc873ad8000-7fc873cd8000 ---p 001b4000 08:01 1964466                    /usr/lib64/libdb-5.3.so7fc873cd8000-7fc873cdf000 r--p 001b4000 08:01 1964466                    /usr/lib64/libdb-5.3.so7fc873cdf000-7fc873ce2000 rw-p 001bb000 08:01 1964466                    /usr/lib64/libdb-5.3.so7fc873ce2000-7fc873d0e000 r-xp 00000000 08:01 1964523                    /usr/lib64/liblua-5.1.so7fc873d0e000-7fc873f0d000 ---p 0002c000 08:01 1964523                    /usr/lib64/liblua-5.1.so7fc873f0d000-7fc873f0f000 r--p 0002b000 08:01 1964523                    /usr/lib64/liblua-5.1.so7fc873f0f000-7fc873f10000 rw-p 0002d000 08:01 1964523                    /usr/lib64/liblua-5.1.so7fc873f10000-7fc873f17000 r-xp 00000000 08:01 1964490                    /usr/lib64/libacl.so.1.1.07fc873f17000-7fc874117000 ---p 00007000 08:01 1964490                    /usr/lib64/libacl.so.1.1.07fc874117000-7fc874118000 r--p 00007000 08:01 1964490                    /usr/lib64/libacl.so.1.1.07fc874118000-7fc874119000 rw-p 00008000 08:01 1964490                    /usr/lib64/libacl.so.1.1.07fc874119000-7fc87411d000 r-xp 00000000 08:01 1964479                    /usr/lib64/libcap.so.2.227fc87411d000-7fc87431c000 ---p 00004000 08:01 1964479                    /usr/lib64/libcap.so.2.227fc87431c000-7fc87431d000 r--p 00003000 08:01 1964479                    /usr/lib64/libcap.so.2.227fc87431d000-7fc87431e000 rw-p 00004000 08:01 1964479                    /usr/lib64/libcap.so.2.227fc87431e000-7fc874327000 r-xp 00000000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.07fc874327000-7fc874526000 ---p 00009000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.07fc874526000-7fc874527000 r--p 00008000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.07fc874527000-7fc874528000 rw-p 00009000 08:01 1964103                    /usr/lib64/libpopt.so.0.0.07fc874528000-7fc87453d000 r-xp 00000000 08:01 1998086                    /usr/lib64/libelf-0.160.so7fc87453d000-7fc87473c000 ---p 00015000 08:01 1998086                    /usr/lib64/libelf-0.160.so7fc87473c000-7fc87473d000 r--p 00014000 08:01 1998086                    /usr/lib64/libelf-0.160.so7fc87473d000-7fc87473e000 rw-p 00015000 08:01 1998086                    /usr/lib64/libelf-0.160.so7fc87473e000-7fc87474d000 r-xp 00000000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.67fc87474d000-7fc87494c000 ---p 0000f000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.67fc87494c000-7fc87494d000 r--p 0000e000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.67fc87494d000-7fc87494e000 rw-p 0000f000 08:01 1964150                    /usr/lib64/libbz2.so.1.0.67fc87494e000-7fc874a6c000 r-xp 00000000 08:01 1973518                    /usr/lib64/libnss3.so7fc874a6c000-7fc874c6b000 ---p 0011e000 08:01 1973518                    /usr/lib64/libnss3.so7fc874c6b000-7fc874c70000 r--p 0011d000 08:01 1973518                    /usr/lib64/libnss3.so7fc874c70000-7fc874c72000 rw-p 00122000 08:01 1973518                    /usr/lib64/libnss3.so7fc874c72000-7fc874c74000 rw-p 00000000 00:00 0 7fc874c74000-7fc874c9c000 r-xp 00000000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.07fc874c9c000-7fc874e9b000 ---p 00028000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.07fc874e9b000-7fc874e9d000 r--p 00027000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.07fc874e9d000-7fc874e9f000 rw-p 00029000 08:01 1984636                    /usr/lib64/librpmio.so.3.2.07fc874e9f000-7fc874ea1000 rw-p 00000000 00:00 0 7fc874ea1000-7fc874f01000 r-xp 00000000 08:01 1967718                    /usr/lib64/librpm.so.3.2.07fc874f01000-7fc875101000 ---p 00060000 08:01 1967718                    /usr/lib64/librpm.so.3.2.07fc875101000-7fc875104000 r--p 00060000 08:01 1967718                    /usr/lib64/librpm.so.3.2.07fc875104000-7fc875107000 rw-p 00063000 08:01 1967718                    /usr/lib64/librpm.so.3.2.07fc875107000-7fc875108000 rw-p 00000000 00:00 0 7fc875108000-7fc87510b000 r-xp 00000000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so7fc87510b000-7fc87530a000 ---p 00003000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so7fc87530a000-7fc87530b000 r--p 00002000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so7fc87530b000-7fc87530d000 rw-p 00003000 08:01 691169                     /usr/lib64/python2.7/lib-dynload/_heapq.so7fc87530d000-7fc875315000 r-xp 00000000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so7fc875315000-7fc875515000 ---p 00008000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so7fc875515000-7fc875516000 r--p 00008000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so7fc875516000-7fc875518000 rw-p 00009000 08:01 656224                     /usr/lib64/python2.7/lib-dynload/operator.so7fc875518000-7fc87551e000 r-xp 00000000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so7fc87551e000-7fc87571d000 ---p 00006000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so7fc87571d000-7fc87571e000 r--p 00005000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so7fc87571e000-7fc875720000 rw-p 00006000 08:01 656182                     /usr/lib64/python2.7/lib-dynload/_collectionsmodule.so7fc875720000-7fc87572a000 r-xp 00000000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so7fc87572a000-7fc875929000 ---p 0000a000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so7fc875929000-7fc87592a000 r--p 00009000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so7fc87592a000-7fc87592f000 rw-p 0000a000 08:01 656219                     /usr/lib64/python2.7/lib-dynload/itertoolsmodule.so7fc87592f000-7fc87598e000 r-xp 00000000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.07fc87598e000-7fc875b8e000 ---p 0005f000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.07fc875b8e000-7fc875b8f000 r--p 0005f000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.07fc875b8f000-7fc875b90000 rw-p 00060000 08:01 1964054                    /usr/lib64/libpcre.so.1.2.07fc875b90000-7fc875d46000 r-xp 00000000 08:01 1963631                    /usr/lib64/libc-2.17.so7fc875d46000-7fc875f46000 ---p 001b6000 08:01 1963631                    /usr/lib64/libc-2.17.so7fc875f46000-7fc875f4a000 r--p 001b6000 08:01 1963631                    /usr/lib64/libc-2.17.so7fc875f4a000-7fc875f4c000 rw-p 001ba000 08:01 1963631                    /usr/lib64/libc-2.17.so7fc875f4c000-7fc875f51000 rw-p 00000000 00:00 0 7fc875f51000-7fc875f66000 r-xp 00000000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.17fc875f66000-7fc876165000 ---p 00015000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.17fc876165000-7fc876166000 r--p 00014000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.17fc876166000-7fc876167000 rw-p 00015000 08:01 1975512                    /usr/lib64/libgcc_s-4.8.3-20140911.so.17fc876167000-7fc87618b000 r-xp 00000000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.997fc87618b000-7fc87638a000 ---p 00024000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.997fc87638a000-7fc87638b000 r--p 00023000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.997fc87638b000-7fc87638c000 rw-p 00024000 08:01 1964052                    /usr/lib64/liblzma.so.5.0.997fc87638c000-7fc8763b3000 r-xp 00000000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.07fc8763b3000-7fc8765b3000 ---p 00027000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.07fc8765b3000-7fc8765b5000 r--p 00027000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.07fc8765b5000-7fc8765b6000 rw-p 00029000 08:01 1964215                    /usr/lib64/libexpat.so.1.6.07fc8765b6000-7fc87672e000 r-xp 00000000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.07fc87672e000-7fc87692e000 ---p 00178000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.07fc87692e000-7fc87692f000 r--p 00178000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.07fc87692f000-7fc87696d000 rw-p 00179000 08:01 1972073                    /usr/lib64/libpython2.7.so.1.07fc87696d000-7fc87697c000 rw-p 00000000 00:00 0 7fc87697c000-7fc87697e000 r-xp 00000000 08:01 1963665                    /usr/lib64/libutil-2.17.so7fc87697e000-7fc876b7d000 ---p 00002000 08:01 1963665                    /usr/lib64/libutil-2.17.so7fc876b7d000-7fc876b7e000 r--p 00001000 08:01 1963665                    /usr/lib64/libutil-2.17.so7fc876b7e000-7fc876b7f000 rw-p 00002000 08:01 1963665                    /usr/lib64/libutil-2.17.so7fc876b7f000-7fc876b95000 r-xp 00000000 08:01 1963657                    /usr/lib64/libpthread-2.17.so7fc876b95000-7fc876d95000 ---p 00016000 08:01 1963657                    /usr/lib64/libpthread-2.17.so7fc876d95000-7fc876d96000 r--p 00016000 08:01 1963657                    /usr/lib64/libpthread-2.17.so7fc876d96000-7fc876d97000 rw-p 00017000 08:01 1963657                    /usr/lib64/libpthread-2.17.so7fc876d97000-7fc876d9b000 rw-p 00000000 00:00 0 7fc876d9b000-7fc876d9e000 r-xp 00000000 08:01 1964022                    /usr/lib64/libdl-2.17.so7fc876d9e000-7fc876f9d000 ---p 00003000 08:01 1964022                    /usr/lib64/libdl-2.17.so7fc876f9d000-7fc876f9e000 r--p 00002000 08:01 1964022                    /usr/lib64/libdl-2.17.so7fc876f9e000-7fc876f9f000 rw-p 00003000 08:01 1964022                    /usr/lib64/libdl-2.17.so7fc876f9f000-7fc8770a0000 r-xp 00000000 08:01 1964023                    /usr/lib64/libm-2.17.so7fc8770a0000-7fc87729f000 ---p 00101000 08:01 1964023                    /usr/lib64/libm-2.17.so7fc87729f000-7fc8772a0000 r--p 00100000 08:01 1964023                    /usr/lib64/libm-2.17.so7fc8772a0000-7fc8772a1000 rw-p 00101000 08:01 1964023                    /usr/lib64/libm-2.17.so7fc8772a1000-7fc8772b6000 r-xp 00000000 08:01 1964070                    /usr/lib64/libz.so.1.2.77fc8772b6000-7fc8774b5000 ---p 00015000 08:01 1964070                    /usr/lib64/libz.so.1.2.77fc8774b5000-7fc8774b6000 r--p 00014000 08:01 1964070                    /usr/lib64/libz.so.1.2.77fc8774b6000-7fc8774b7000 rw-p 00015000 08:01 1964070                    /usr/lib64/libz.so.1.2.77fc8774b7000-7fc8774dc000 r-xp 00000000 08:01 1963963                    /usr/lib64/libtinfo.so.5.97fc8774dc000-7fc8776dc000 ---p 00025000 08:01 1963963                    /usr/lib64/libtinfo.so.5.97fc8776dc000-7fc8776e0000 r--p 00025000 08:01 1963963                    /usr/lib64/libtinfo.so.5.97fc8776e0000-7fc8776e1000 rw-p 00029000 08:01 1963963                    /usr/lib64/libtinfo.so.5.97fc8776e1000-7fc877707000 r-xp 00000000 08:01 1963953                    /usr/lib64/libncurses.so.5.97fc877707000-7fc877906000 ---p 00026000 08:01 1963953                    /usr/lib64/libncurses.so.5.97fc877906000-7fc877907000 r--p 00025000 08:01 1963953                    /usr/lib64/libncurses.so.5.97fc877907000-7fc877908000 rw-p 00026000 08:01 1963953                    /usr/lib64/libncurses.so.5.97fc877908000-7fc877929000 r-xp 00000000 08:01 1964067                    /usr/lib64/libselinux.so.17fc877929000-7fc877b29000 ---p 00021000 08:01 1964067                    /usr/lib64/libselinux.so.17fc877b29000-7fc877b2a000 r--p 00021000 08:01 1964067                    /usr/lib64/libselinux.so.17fc877b2a000-7fc877b2b000 rw-p 00022000 08:01 1964067                    /usr/lib64/libselinux.so.17fc877b2b000-7fc877b2d000 rw-p 00000000 00:00 0 7fc877b2d000-7fc877b69000 r-xp 00000000 08:01 1964218                    /usr/lib64/libreadline.so.6.27fc877b69000-7fc877d69000 ---p 0003c000 08:01 1964218                    /usr/lib64/libreadline.so.6.27fc877d69000-7fc877d6b000 r--p 0003c000 08:01 1964218                    /usr/lib64/libreadline.so.6.27fc877d6b000-7fc877d71000 rw-p 0003e000 08:01 1964218                    /usr/lib64/libreadline.so.6.27fc877d71000-7fc877d73000 rw-p 00000000 00:00 0 7fc877d73000-7fc877d94000 r-xp 00000000 08:01 1963623                    /usr/lib64/ld-2.17.so7fc877da8000-7fc877e39000 rw-p 00000000 00:00 0 7fc877e41000-7fc877f80000 rw-p 00000000 00:00 0 7fc877f80000-7fc877f89000 r--p 00010000 08:01 786974                     /home/xuzhina/code/xerces/sample/new_address7fc877f89000-7fc877f91000 r--p 00008000 08:01 786974                     /home/xuzhina/code/xerces/sample/new_address7fc877f91000-7fc877f94000 rw-p 00000000 00:00 0 7fc877f94000-7fc877f95000 r--p 00021000 08:01 1963623                    /usr/lib64/ld-2.17.so7fc877f95000-7fc877f96000 rw-p 00022000 08:01 1963623                    /usr/lib64/ld-2.17.so7fc877f96000-7fc877f97000 rw-p 00000000 00:00 0 7ffc6acdc000-7ffc6acfd000 rw-p 00000000 00:00 0                          [stack]7ffc6adfe000-7ffc6ae00000 r-xp 00000000 00:00 0                          [vdso]ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]Aborted (core dumped)

gdb的版本：

(gdb) show version GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7Copyright (C) 2013 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.  Type "show copying"and "show warranty" for details.This GDB was configured as "x86_64-redhat-linux-gnu".For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>.

看一下堆栈：

[xuzhina@localhost sample]$ gdb /usr/bin/gdb core-gdb-4332-1436781341-6 GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7Copyright (C) 2013 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.  Type "show copying"and "show warranty" for details.This GDB was configured as "x86_64-redhat-linux-gnu".For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>...Reading symbols from /usr/bin/gdb...Reading symbols from /usr/bin/gdb...(no debugging symbols found)...done.(no debugging symbols found)...done.[New LWP 4332][Thread debugging using libthread_db enabled]Using host libthread_db library "/lib64/libthread_db.so.1".Core was generated by `gdb new_address'.Program terminated with signal 6, Aborted.#0  0x00007fc875bc55d7 in raise () from /lib64/libc.so.6Missing separate debuginfos, use: debuginfo-install gdb-7.6.1-64.el7.x86_64(gdb) bt#0  0x00007fc875bc55d7 in raise () from /lib64/libc.so.6#1  0x00007fc875bc6cc8 in abort () from /lib64/libc.so.6#2  0x00007fc875c05e07 in __libc_message () from /lib64/libc.so.6#3  0x00007fc875c0d1fd in _int_free () from /lib64/libc.so.6#4  0x0000000000605089 in find_pc_section ()#5  0x000000000060898d in lookup_minimal_symbol_by_pc_section ()#6  0x000000000059eba9 in find_pc_sect_symtab ()#7  0x0000000000699a11 in select_frame ()#8  0x0000000000699a89 in get_selected_frame ()#9  0x00000000005e5447 in get_current_arch ()#10 0x000000000052ba1e in py_free_pspace ()#11 0x00000000006bea63 in registry_clear_data ()#12 0x00000000006beadf in registry_container_free_data ()#13 0x00000000006ba8b2 in release_program_space ()#14 0x00000000006ba99c in prune_program_spaces ()#15 0x00000000006ba9de in maintenance_info_program_spaces_command ()#16 0x00000000006901ba in execute_command ()#17 0x00000000005d85d1 in command_handler ()#18 0x00000000005d8a8c in command_line_handler ()#19 0x00007fc877b57c6e in rl_callback_read_char () from /lib64/libreadline.so.6#20 0x00000000005d8639 in rl_callback_read_char_wrapper ()#21 0x00000000005d71f4 in process_event ()#22 0x00000000005d7587 in gdb_do_one_event ()#23 0x00000000005d77b7 in start_event_loop ()#24 0x00000000005d0623 in captured_command_loop ()#25 0x00000000005cee0a in catch_errors ()#26 0x00000000005d12d6 in captured_main ()#27 0x00000000005cee0a in catch_errors ()#28 0x00000000005d1f04 in gdb_main ()#29 0x00000000004572ee in main ()

从堆栈可以看到，是在释放内存时出现问题，那么出现问题的地方应该是第４祯，find_pc_section函数里。

跳转到第4祯：

(gdb) frame 4#4  0x0000000000605089 in find_pc_section ()

看一下汇编：

(gdb) disassemble Dump of assembler code for function find_pc_section:   0x0000000000604ff0 <+0>:push   %r15   0x0000000000604ff2 <+2>:push   %r14   0x0000000000604ff4 <+4>:push   %r13   0x0000000000604ff6 <+6>:push   %r12   0x0000000000604ff8 <+8>:push   %rbp   0x0000000000604ff9 <+9>:push   %rbx   0x0000000000604ffa <+10>:sub    $0x98,%rsp   0x0000000000605001 <+17>:mov    %rdi,0x88(%rsp)   0x0000000000605009 <+25>:callq  0x5a8830 <find_pc_mapped_section>   0x000000000060500e <+30>:test   %rax,%rax   0x0000000000605011 <+33>:je     0x605028 <find_pc_section+56>   0x0000000000605013 <+35>:add    $0x98,%rsp   0x000000000060501a <+42>:pop    %rbx   0x000000000060501b <+43>:pop    %rbp   0x000000000060501c <+44>:pop    %r12   0x000000000060501e <+46>:pop    %r13   0x0000000000605020 <+48>:pop    %r14   0x0000000000605022 <+50>:pop    %r15   0x0000000000605024 <+52>:retq      0x0000000000605025 <+53>:nopl   (%rax)   0x0000000000605028 <+56>:mov    0x635fb1(%rip),%rdi        # 0xc3afe0 <current_program_space>   0x000000000060502f <+63>:callq  0x6043e0 <get_objfile_pspace_data>   0x0000000000605034 <+68>:mov    0x10(%rax),%edi   0x0000000000605037 <+71>:mov    %rax,0x78(%rsp)   0x000000000060503c <+76>:test   %edi,%edi   0x000000000060503e <+78>:jne    0x60505b <find_pc_section+107>   0x0000000000605040 <+80>:mov    0xc(%rax),%esi   0x0000000000605043 <+83>:test   %esi,%esi   0x0000000000605045 <+85>:je     0x60513b <find_pc_section+331>   0x000000000060504b <+91>:mov    0x78(%rsp),%rax   0x0000000000605050 <+96>:mov    0x14(%rax),%ecx   0x0000000000605053 <+99>:test   %ecx,%ecx   0x0000000000605055 <+101>:jne    0x60513b <find_pc_section+331>   0x000000000060505b <+107>:mov    0x635f7e(%rip),%rbx        # 0xc3afe0 <current_program_space>   0x0000000000605062 <+114>:mov    %rbx,%rdi   0x0000000000605065 <+117>:callq  0x6043e0 <get_objfile_pspace_data>   0x000000000060506a <+122>:mov    0x10(%rax),%edx   0x000000000060506d <+125>:test   %edx,%edx   0x000000000060506f <+127>:jne    0x60507c <find_pc_section+140>   0x0000000000605071 <+129>:mov    0xc(%rax),%eax   0x0000000000605074 <+132>:test   %eax,%eax---Type <return> to continue, or q <return> to quit---   0x0000000000605076 <+134>:je     0x6055d5 <find_pc_section+1509>   0x000000000060507c <+140>:mov    0x78(%rsp),%rax   0x0000000000605081 <+145>:mov    (%rax),%rdi   0x0000000000605084 <+148>:callq  0x6bd1b0 <xfree>=> 0x0000000000605089 <+153>:mov    0x40(%rbx),%r8   0x000000000060508d <+157>:test   %r8,%r8   0x0000000000605090 <+160>:je     0x60510f <find_pc_section+287>   0x0000000000605092 <+162>:mov    0x61bbd4(%rip),%edi        # 0xc20c6c <overlay_debugging>   0x0000000000605098 <+168>:xor    %ecx,%ecx   0x000000000060509a <+170>:nopw   0x0(%rax,%rax,1)   0x00000000006050a0 <+176>:mov    0x80d8(%r8),%rax   0x00000000006050a7 <+183>:mov    0x80e0(%r8),%r9   0x00000000006050ae <+190>:cmp    %r9,%rax   0x00000000006050b1 <+193>:jae    0x6050f8 <find_pc_section+264>   0x00000000006050b3 <+195>:mov    0x48(%r8),%r10   0x00000000006050b7 <+199>:nopw   0x0(%rax,%rax,1)   0x00000000006050c0 <+208>:mov    (%rax),%rdx   0x00000000006050c3 <+211>:test   %edi,%edi   0x00000000006050c5 <+213>:mov    0x30(%rdx),%rsi   0x00000000006050c9 <+217>:je     0x6050e0 <find_pc_section+240>   0x00000000006050cb <+219>:test   %rsi,%rsi   0x00000000006050ce <+222>:je     0x6050e0 <find_pc_section+240>   0x00000000006050d0 <+224>:cmp    0x28(%rdx),%rsi   0x00000000006050d4 <+228>:je     0x6050e0 <find_pc_section+240>   0x00000000006050d6 <+230>:testb  $0x8,0x55(%r10)   0x00000000006050db <+235>:je     0x6050ef <find_pc_section+255>   0x00000000006050dd <+237>:nopl   (%rax)   0x00000000006050e0 <+240>:mov    0x20(%rdx),%edx   0x00000000006050e3 <+243>:and    $0x400,%edx   0x00000000006050e9 <+249>:cmp    $0x1,%edx   0x00000000006050ec <+252>:adc    $0x0,%ecx   0x00000000006050ef <+255>:add    $0x18,%rax   0x00000000006050f3 <+259>:cmp    %r9,%rax   0x00000000006050f6 <+262>:jb     0x6050c0 <find_pc_section+208>   0x00000000006050f8 <+264>:mov    (%r8),%r8   0x00000000006050fb <+267>:test   %r8,%r8   0x00000000006050fe <+270>:jne    0x6050a0 <find_pc_section+176>   0x0000000000605100 <+272>:test   %ecx,%ecx   0x0000000000605102 <+274>:mov    %ecx,0x84(%rsp)   0x0000000000605109 <+281>:jne    0x6051b0 <find_pc_section+448>   0x000000000060510f <+287>:mov    0x78(%rsp),%rax   0x0000000000605114 <+292>:xor    %ebx,%ebx

coredump位置在这一段汇编：

  0x000000000060507c <+140>:mov    0x78(%rsp),%rax   0x0000000000605081 <+145>:mov    (%rax),%rdi   0x0000000000605084 <+148>:callq  0x6bd1b0 <xfree>=> 0x0000000000605089 <+153>:mov    0x40(%rbx),%r8

看一下代码，下载gdb-7.6.1代码来看，在objfiles.c里有定义find_pc_section

struct obj_section *find_pc_section (CORE_ADDR pc){  struct objfile_pspace_info *pspace_info;  struct obj_section *s, **sp;  /* Check for mapped overlay section first.  */  s = find_pc_mapped_section (pc);  if (s)    return s;  pspace_info = get_objfile_pspace_data (current_program_space);  if (pspace_info->objfiles_changed_p != 0)    {      update_section_map (current_program_space,  &pspace_info->sections,  &pspace_info->num_sections);      /* Don't need updates to section map until objfiles are added,         removed or relocated.  */      pspace_info->objfiles_changed_p = 0;    }  /* The C standard (ISO/IEC 9899:TC2) requires the BASE argument to     bsearch be non-NULL.  */  if (pspace_info->sections == NULL)    {      gdb_assert (pspace_info->num_sections == 0);      return NULL;    }  sp = (struct obj_section **) bsearch (&pc,pspace_info->sections,pspace_info->num_sections,sizeof (*pspace_info->sections),bsearch_cmp);  if (sp != NULL)    return *sp;  return NULL;}

但似乎没看到哪里有调用xfree.

再看一下出问题的地址上面的汇编：

   0x0000000000604ff0 <+0>:push   %r15   0x0000000000604ff2 <+2>:push   %r14   0x0000000000604ff4 <+4>:push   %r13   0x0000000000604ff6 <+6>:push   %r12   0x0000000000604ff8 <+8>:push   %rbp   0x0000000000604ff9 <+9>:push   %rbx   0x0000000000604ffa <+10>:sub    $0x98,%rsp   0x0000000000605001 <+17>:mov    %rdi,0x88(%rsp)   0x0000000000605009 <+25>:callq  0x5a8830 <find_pc_mapped_section>   0x000000000060500e <+30>:test   %rax,%rax   0x0000000000605011 <+33>:je     0x605028 <find_pc_section+56>   0x0000000000605013 <+35>:add    $0x98,%rsp   0x000000000060501a <+42>:pop    %rbx   0x000000000060501b <+43>:pop    %rbp   0x000000000060501c <+44>:pop    %r12   0x000000000060501e <+46>:pop    %r13   0x0000000000605020 <+48>:pop    %r14   0x0000000000605022 <+50>:pop    %r15   0x0000000000605024 <+52>:retq      0x0000000000605025 <+53>:nopl   (%rax)   0x0000000000605028 <+56>:mov    0x635fb1(%rip),%rdi        # 0xc3afe0 <current_program_space>   0x000000000060502f <+63>:callq  0x6043e0 <get_objfile_pspace_data>   0x0000000000605034 <+68>:mov    0x10(%rax),%edi   0x0000000000605037 <+71>:mov    %rax,0x78(%rsp)   0x000000000060503c <+76>:test   %edi,%edi   0x000000000060503e <+78>:jne    0x60505b <find_pc_section+107>   0x0000000000605040 <+80>:mov    0xc(%rax),%esi   0x0000000000605043 <+83>:test   %esi,%esi   0x0000000000605045 <+85>:je     0x60513b <find_pc_section+331>   0x000000000060504b <+91>:mov    0x78(%rsp),%rax   0x0000000000605050 <+96>:mov    0x14(%rax),%ecx   0x0000000000605053 <+99>:test   %ecx,%ecx   0x0000000000605055 <+101>:jne    0x60513b <find_pc_section+331>   0x000000000060505b <+107>:mov    0x635f7e(%rip),%rbx        # 0xc3afe0 <current_program_space>   0x0000000000605062 <+114>:mov    %rbx,%rdi   0x0000000000605065 <+117>:callq  0x6043e0 <get_objfile_pspace_data>   0x000000000060506a <+122>:mov    0x10(%rax),%edx   0x000000000060506d <+125>:test   %edx,%edx   0x000000000060506f <+127>:jne    0x60507c <find_pc_section+140>   0x0000000000605071 <+129>:mov    0xc(%rax),%eax   0x0000000000605074 <+132>:test   %eax,%eax

可以看到，在这几行汇编里：

0x0000000000605009 <+25>:callq  0x5a8830 <find_pc_mapped_section>

 0x000000000060502f <+63>:callq  0x6043e0 <get_objfile_pspace_data>

 0x0000000000605065 <+117>:callq  0x6043e0 <get_objfile_pspace_data>

依次调用了find_pc_mapped_section，get_objfile_pspace_data，get_objfile_pspace_data

再看一下第一次调用get_objfile_pspace_data的汇编片段：

 0x000000000060502f <+63>:    callq  0x6043e0 <get_objfile_pspace_data>   0x0000000000605034 <+68>:    mov    0x10(%rax),%edi   0x0000000000605037 <+71>:    mov    %rax,0x78(%rsp)   0x000000000060503c <+76>:    test   %edi,%edi   0x000000000060503e <+78>:    jne    0x60505b <find_pc_section+107>   0x0000000000605040 <+80>:    mov    0xc(%rax),%esi   0x0000000000605043 <+83>:    test   %esi,%esi   0x0000000000605045 <+85>:    je     0x60513b <find_pc_section+331>   0x000000000060504b <+91>:    mov    0x78(%rsp),%rax   0x0000000000605050 <+96>:    mov    0x14(%rax),%ecx   0x0000000000605053 <+99>:    test   %ecx,%ecx   0x0000000000605055 <+101>:    jne    0x60513b <find_pc_section+331>   0x000000000060505b <+107>:    mov    0x635f7e(%rip),%rbx        # 0xc3afe0 <current_program_space>

可见，

=> 0x0000000000605089 <+153>:    mov    0x40(%rbx),%r8

不是由

   0x0000000000605045 <+85>:    je     0x60513b <find_pc_section+331>

   0x0000000000605055 <+101>:    jne    0x60513b <find_pc_section+331>

跳转过去的。

那么，coredump地址应该是位于这一段代码里：

 if (pspace_info->objfiles_changed_p != 0)    {      update_section_map (current_program_space,  &pspace_info->sections,  &pspace_info->num_sections);      /* Don't need updates to section map until objfiles are added,         removed or relocated.  */      pspace_info->objfiles_changed_p = 0;    }

考虑到编译器可能会进行代码优化，把一些只调用一次的static函数内联。

看一下update_section_map(如果用source insight看，这个函数确实只被find_pc_section调用，而且只调用一次。)

static voidupdate_section_map (struct program_space *pspace,    struct obj_section ***pmap, int *pmap_size){  int alloc_size, map_size, i;  struct obj_section *s, **map;  struct objfile *objfile;  gdb_assert (get_objfile_pspace_data (pspace)->objfiles_changed_p != 0);  map = *pmap;  xfree (map);  alloc_size = 0;  ALL_PSPACE_OBJFILES (pspace, objfile)    ALL_OBJFILE_OSECTIONS (objfile, s)      if (insert_section_p (objfile->obfd, s->the_bfd_section))alloc_size += 1;  /* This happens on detach/attach (e.g. in gdb.base/attach.exp).  */  if (alloc_size == 0)    {      *pmap = NULL;      *pmap_size = 0;      return;    }  map = xmalloc (alloc_size * sizeof (*map));  i = 0;  ALL_PSPACE_OBJFILES (pspace, objfile)    ALL_OBJFILE_OSECTIONS (objfile, s)      if (insert_section_p (objfile->obfd, s->the_bfd_section))map[i++] = s;  qsort (map, alloc_size, sizeof (*map), qsort_cmp);  map_size = filter_debuginfo_sections(map, alloc_size);  map_size = filter_overlapping_sections(map, map_size);  if (map_size < alloc_size)    /* Some sections were eliminated.  Trim excess space.  */    map = xrealloc (map, map_size * sizeof (*map));  else    gdb_assert (alloc_size == map_size);  *pmap = map;  *pmap_size = map_size;}

在这里，有这么一段代码：

  map = *pmap;  xfree (map);

可见，coredump是发生在这一行代码。

那么，究竟是什么原因导致coredump。

看一下coredump的那段汇编：

   0x000000000060507c <+140>:mov    0x78(%rsp),%rax   0x0000000000605081 <+145>:mov    (%rax),%rdi   0x0000000000605084 <+148>:callq  0x6bd1b0 <xfree>=> 0x0000000000605089 <+153>:mov    0x40(%rbx),%r8

由于在x86 64-bit，很多时候为了安全和快速，传参数是用rdi寄存器来传，但在这里，rdi,rax可能会变。所以看一下rsp的内容：

(gdb) x /gx $rsp+0x780x7ffc6acfb3d8:0x0000000003019e60(gdb) x /gx 0x0000000003019e600x3019e60:0x0000000003c6bcf0

PS：用/gx是因为要查看64地址的原因。

可以看到，0x0000000003c6bcf0和

(gdb) maintenance info program-spaces *** Error in `gdb': free(): invalid pointer: 0x0000000003c6bcf0 ***

的地址是一样的。

那么，先看一下0x0000000003c6bcf0的内容：

(gdb) x /gx 0x0000000003c6bcf00x3c6bcf0:0x000000000003ca90

有内容，说明地址是有效啊。为什么无法释放呢？

根据最开始的coredump信息来看：

(gdb) maintenance info program-spaces *** Error in `gdb': free(): invalid pointer: 0x0000000003c6bcf0 ***

它所打印信息的代码是在glibc里malloc.c的_int_free函数里的这一段：

 if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)      || __builtin_expect (misaligned_chunk (p), 0))    {      errstr = "free(): invalid pointer";

在malloc.c里面，一个内存块的定义是这样的：

struct malloc_chunk {  INTERNAL_SIZE_T      prev_size;  /* Size of previous chunk (if free).  */  INTERNAL_SIZE_T      size;       /* Size in bytes, including overhead. */  struct malloc_chunk* fd;         /* double links -- used only if free. */  struct malloc_chunk* bk;  /* Only used for large blocks: pointer to next larger size.  */  struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */  struct malloc_chunk* bk_nextsize;};

其中INTERNAL_SIZE_T的定义如下：

#define INTERNAL_SIZE_T size_t

在x86 64位Linux系统里，size_t是8个字节。也就是说，0x0000000003c6bcf0地址向前-16，才是真实内存块地址。

(gdb) x /4gx 0x0000000003c6bcf0-160x3c6bce0:0x00000000000000000x00000000000000000x3c6bcf0:0x000000000003ca900x0000000000000020

可见，0x0000000003c6bcf0所在的内存块的头部已经被抹掉了。究竟是哪里被抹掉。

由update_section_map可知，是pmap的问题，而pmap又是由&pspace_info->sections得来的。

也就是说，sections的内容有可能是由于pspace的上一个或上几个元素使用memset之类给覆盖了。

而pspace_info对象所属的结构体objfile_pspace_info只定义在objfiles.c:

struct objfile_pspace_info
{
int objfiles_changed_p;
struct obj_section **sections;
int num_sections;
};

而唯一初始化这个结构体对象的函数是：

static struct objfile_pspace_info *get_objfile_pspace_data (struct program_space *pspace){  struct objfile_pspace_info *info;  info = program_space_data (pspace, objfiles_pspace_data);  if (info == NULL)    {      info = XZALLOC (struct objfile_pspace_info);      set_program_space_data (pspace, objfiles_pspace_data, info);    }  return info;}

中的

set_program_space_data (pspace, objfiles_pspace_data, info);

也就是说，sections的内容应该是在set_program_space_data里面分配，由它的分配和初始化，有可能会找到sections所指向的内存块的上一块内存块所使用的程序。

但由于在gdb的代码中，找不到set_program_space_data的定义。

由于问题比较难重现，对gdb代码也不熟悉，否则，可以在sections分配之后打数据断点，watchpoint来跟踪。

0 0