Trafodion

  1. Bug #1422894
  2. Comment #1

Comment 1 for bug 1422894

Revision history for this message
Mike Hanlon (mike-hanlon) wrote :

Notes on pid 5019
/local/cores/1005/core.1424198189.n020.5019.mxosrvr

#5 <signal handler called>
#6 0x00007ffff43119e9 in SQLCLI_PerformTasks(CliGlobals *, ULng32, SQLSTMT_ID *, SQLDESC_ID *, SQLDESC_ID *, Lng32, Lng32, typedef __va_list_tag __va_list_tag *, SQLCLI_PTR_PAIRS *, SQLCLI_PTR_PAIRS *) (cliGlobals=0xeea9c0, tasks=606, statement_id=0x19ee4d8,
    input_descriptor=0x0, output_descriptor=0x0, num_input_ptr_pairs=0, num_output_ptr_pairs=0, ap=0x7fffd22385d0, input_ptr_pairs=0x0,
    output_ptr_pairs=0x0) at ../cli/Cli.cpp:2943
#7 0x00007ffff431bbfb in SQLCLI_ExecDirect2(CliGlobals *, SQLSTMT_ID *, SQLDESC_ID *, Int32, SQLDESC_ID *, Lng32, typedef __va_list_tag __va_list_tag *, SQLCLI_PTR_PAIRS *) (cliGlobals=0xeea9c0, statement_id=0x19ee4d8, sql_source=<value optimized out>, prepFlags=0,
    input_descriptor=0x0, num_ptr_pairs=0, ap=0x7fffd22385d0, ptr_pairs=0x0) at ../cli/Cli.cpp:3718
#8 0x00007ffff4377bba in SQL_EXEC_ExecDirect2 (statement_id=0x19ee4d8, sql_source=0x7fffd22387c0, prep_flags=0, input_descriptor=0x0,
    num_ptr_pairs=0) at ../cli/CliExtern.cpp:2326
#9 0x00007ffff6a74e17 in SRVR::WSQL_EXEC_ExecDirect (statement_id=0x19ee4d8, sql_source=0x7fffd22387c0, input_descriptor=0x0,
    num_ptr_pairs=0) at SQLWrapper.cpp:360
#10 0x00007ffff6a6a8c0 in SRVR::EXECDIRECT (pSrvrStmt=0x19edec0) at sqlinterface.cpp:4479
#11 0x00007ffff6a2e245 in SRVR::ControlProc (pParam=0x19edec0) at csrvrstmt.cpp:757
#12 0x00007ffff6a2f008 in SRVR_STMT_HDL::ExecDirect (this=0x19edec0, inCursorName=0x0,
    inSqlString=0x1a54498 "insert into Trafodion.\"_REPOS_\".metric_query_aggr_table values(0,0,0,5019,5019,9,0,0,'15.250.48.108',0,'$Z09043E','MXID11009005019212290957943451064000000000206U3333300',CONVERTTIMESTAMP(2122909581694"..., inStmtType=<value optimized out>,
    inSqlStmtType=<value optimized out>, inSqlAsyncEnable=<value optimized out>, inQueryTimeout=0) at csrvrstmt.cpp:439
#13 0x00000000004ccb1b in SessionWatchDog (arg=<value optimized out>) at SrvrConnect.cpp:818
#14 0x00007ffff45b2851 in start_thread () from /lib64/libpthread.so.0
#15 0x00007ffff4ae890d in clone () from /lib64/libc.so.6

In Frame 6 --
(gdb) p *statement_id
$3 = {
  version = -293728816,
  name_mode = 32767,
  module = 0x2932287261686320,
  identifier = 0x0,
  handle = 0x0,
  charset = 0x0,
  identifier_len = 0,
  tag = 1819047278
}

(gdb) p statement_id->module
$6 = (const SQLMODULE_ID *) 0x2932287261686320
(gdb) p statement_id->module->module_name
Cannot access memory at address 0x2932287261686328
(gdb) p stmtInfo
$7 = (StatementInfo *) 0x0

The caller has set tasks as...
3714 ULng32 tasks = CLI_PT_GET_INPUT_DESC | CLI_PT_EXEC | CLI_PT_FETCH |
3715 CLI_PT_CLOSE |CLI_PT_SPECIAL_END_PROCESS | CLI_PT_EPILOGUE;

The statement_id param is definitely corrupt.But this the first use of statement_id in SQLCLI_PerformTasks -- see tasks and stmt_info.

2893 Lng32 SQLCLI_PerformTasks(
2894 /*IN*/ CliGlobals * cliGlobals,
2895 /*IN*/ ULng32 tasks,
2896 /*IN*/ SQLSTMT_ID * statement_id,
2897 /*IN OPTIONAL*/ SQLDESC_ID * input_descriptor,
2898 /*IN OPTIONAL*/ SQLDESC_ID * output_descriptor,
2899 /*IN*/ Lng32 num_input_ptr_pairs,
2900 /*IN*/ Lng32 num_output_ptr_pairs,
2901 /*IN*/ va_list ap,
2902 /*IN*/ SQLCLI_PTR_PAIRS input_ptr_pairs[],
2903 /*IN*/ SQLCLI_PTR_PAIRS output_ptr_pairs[])
2904 {
2905 Lng32 retcode = SUCCESS;
2906
2907 if (!statement_id)
2908 return -CLI_STMT_NOT_EXSISTS;
2909
2910 ContextCli & currContext = *(cliGlobals->currContext());
2911 ComDiagsArea & diags = currContext.diags();
2912
2913 StatementInfo * stmtInfo = NULL;
2914 StmtStats *stmtStats = NULL;
2915 if ((tasks & CLI_PT_OPT_STMT_INFO) &&
2916 (statement_id->name_mode != desc_handle))
2917 {
2918 stmtInfo = (StatementInfo *)(statement_id->handle);
2919 if (stmtInfo == NULL)
2920 {
2921 // when do we deallocate this heap? Or do we?
2922 CollHeap * heap = cliGlobals->currContext()->exCollHeap();
2923 stmtInfo = new(heap) StatementInfo();
2924 statement_id->handle = stmtInfo;
2925 }
2926 }
2927
2928 // create initial context, if first call, and add module, if any.
2929 if (tasks & CLI_PT_PROLOGUE)
2930 {
2931 retcode = CliPrologue(cliGlobals,
2932 ((stmtInfo && stmtInfo->moduleAdded()) ?
2933 NULL : statement_id->module));
2934 if (isERROR(retcode))
2935 return retcode;
2936
2937 if (stmtInfo)
2938 stmtInfo->setModuleAdded(TRUE);
2939 }
2940 else
2941 {
2942 // module must have been added
2943 if ((statement_id->module) &&
2944 (statement_id->module->module_name) &&
2945 (!currContext.moduleAdded(statement_id->module)))
2946 {
2947 diags << DgSqlCode(-CLI_MODULE_NOT_ADDED);
2948 return SQLCLI_ReturnCode(&currContext,
2949 -CLI_MODULE_NOT_ADDED);
2950 }
2951 }

In frame 7, SQLCLI_ExecDirect2, there are several uses of statement_id. Line 3654 passes statement_id->module and that would have caused a fault in CliPrologue. Also, line 3663 would have gotten NULL from ContextCli::getStatement. which would have raised an error. If this thread has corrupted the SQLSTMT_ID struct that statement_id points to, it must have happened in some method that SQLCLI_ExecDirect2 calls, even tho no pointer is passted to the called method. But all of the compiler code is called from this frame.

3640 Lng32 SQLCLI_ExecDirect2(/*IN*/ CliGlobals * cliGlobals,
3641 /*IN*/ SQLSTMT_ID * statement_id,
3642 /*IN*/ SQLDESC_ID * sql_source,
3643 /*IN*/ Int32 prepFlags,
3644 /*IN OPTIONAL*/ SQLDESC_ID * input_descriptor,
3645 /*IN*/ Lng32 num_ptr_pairs,
3646 /*IN*/ va_list ap,
3647 /*IN*/ SQLCLI_PTR_PAIRS ptr_pairs[]
3648 )
3649 {
3650 Lng32 retcode;
3651
3652
3653 // create initial context, if first call, and add module, if any.
3654 retcode = CliPrologue(cliGlobals,statement_id->module);
3655 if (isERROR(retcode))
3656 return retcode;
3657
3658 ContextCli & currContext = *(cliGlobals->currContext());
3659 ComDiagsArea & diags = currContext.diags();
3660
3661 /* prepare the statement */
3662
3663 Statement * stmt = currContext.getStatement(statement_id);
3664 //LCOV_EXCL_START
3665 /* stmt must exist */
3666 if (!stmt)
3667 {
3668 diags << DgSqlCode(-CLI_STMT_NOT_EXSISTS);
3669 return SQLCLI_ReturnCode(&currContext,-CLI_STMT_NOT_EXSISTS);
3670 }
3671 //LCOV_EXCL_STOP
3672 stmt->getGlobals()->clearCancelState();
3673
3674 StrTarget strTarget;
3675 retcode = stmt->initStrTarget(sql_source, currContext, diags, strTarget);
3676 if (isERROR(retcode))
3677 return SQLCLI_ReturnCode(&currContext,retcode);
3678 // CLI callers are not allowed to request PREPARE or EXEC DIRECT
3679 // operations on stored procedure result sets.
3680 //LCOV_EXCL_START
3681 if (stmt->getParentCall())
3682 {
3683 diags << DgSqlCode(-EXE_UDR_RS_PREPARE_NOT_ALLOWED);
3684 return SQLCLI_ReturnCode(&currContext, -EXE_UDR_RS_PREPARE_NOT_ALLOWED);
3685 }
3686 //LCOV_EXCL_STOP
3687
3688 // For ExecDirect, MXOSRVR calls SQL_EXEC_SetStmtAttr(NULL) to set the unique id
3689 // before calling SQL_EXEC_EXECDirect. So, we need to use them
3690 if (stmt->getUniqueStmtId() == NULL)
3691 stmt->setUniqueStmtId(NULL);
3692 // Set the StmtStats in the shared segment
3693 stmt->setStmtStats(FALSE);
3694 SQLCLI_Prepare_Setup_Pre(currContext, stmt, 1);
3695 UInt32 tmpFlags;
3696 SessionDefaults *sd = currContext.getSessionDefaults();
3697 if (sd != NULL && sd->getCallEmbeddedArkcmp())
3698 tmpFlags = prepFlags | PREPARE_USE_EMBEDDED_ARKCMP;
3699 else
3700 tmpFlags = prepFlags;
3701 if (sql_source)
3702
3703 retcode =
3704 stmt->prepare(strTarget.getStr(), diags, NULL, 0L,
3705 strTarget.getIntCharSet(),TRUE,tmpFlags);
3706
3707 SQLCLI_Prepare_Setup_Post(currContext, stmt, 1);
3708
3709 if (isERROR(retcode))
3710 return SQLCLI_ReturnCode(&currContext,retcode);
3711
3712 stmt->issuePlanVersioningWarnings (diags);
3713
3714 ULng32 tasks = CLI_PT_GET_INPUT_DESC | CLI_PT_EXEC | CLI_PT_FETCH |
3715 CLI_PT_CLOSE |CLI_PT_SPECIAL_END_PROCESS | CLI_PT_EPILOGUE;
3716 return SQLCLI_PerformTasks(cliGlobals, tasks, statement_id,
3717 input_descriptor, NULL,
3718 num_ptr_pairs, 0, ap, ptr_pairs, 0);
3719 }