In frame 7, SQLCLI_ExecDirect2, there are several uses of statement_id. Line 3654 passes statement_id->module and that would have caused a fault in CliPrologue. Also, line 3663 would have gotten NULL from ContextCli::getStatement. which would have raised an error. If this thread has corrupted the SQLSTMT_ID struct that statement_id points to, it must have happened in some method that SQLCLI_ExecDirect2 calls, even tho no pointer is passted to the called method. But all of the compiler code is called from this frame.
3640 Lng32 SQLCLI_ExecDirect2(/*IN*/ CliGlobals * cliGlobals,
3641 /*IN*/ SQLSTMT_ID * statement_id,
3642 /*IN*/ SQLDESC_ID * sql_source,
3643 /*IN*/ Int32 prepFlags,
3644 /*IN OPTIONAL*/ SQLDESC_ID * input_descriptor,
3645 /*IN*/ Lng32 num_ptr_pairs,
3646 /*IN*/ va_list ap,
3647 /*IN*/ SQLCLI_PTR_PAIRS ptr_pairs[]
3648 )
3649 {
3650 Lng32 retcode;
3651
3652
3653 // create initial context, if first call, and add module, if any.
3654 retcode = CliPrologue(cliGlobals,statement_id->module);
3655 if (isERROR(retcode))
3656 return retcode;
3657
3658 ContextCli & currContext = *(cliGlobals->currContext());
3659 ComDiagsArea & diags = currContext.diags();
3660
3661 /* prepare the statement */
3662
3663 Statement * stmt = currContext.getStatement(statement_id);
3664 //LCOV_EXCL_START
3665 /* stmt must exist */
3666 if (!stmt)
3667 {
3668 diags << DgSqlCode(-CLI_STMT_NOT_EXSISTS);
3669 return SQLCLI_ReturnCode(&currContext,-CLI_STMT_NOT_EXSISTS);
3670 }
3671 //LCOV_EXCL_STOP
3672 stmt->getGlobals()->clearCancelState();
3673
3674 StrTarget strTarget;
3675 retcode = stmt->initStrTarget(sql_source, currContext, diags, strTarget);
3676 if (isERROR(retcode))
3677 return SQLCLI_ReturnCode(&currContext,retcode);
3678 // CLI callers are not allowed to request PREPARE or EXEC DIRECT
3679 // operations on stored procedure result sets.
3680 //LCOV_EXCL_START
3681 if (stmt->getParentCall())
3682 {
3683 diags << DgSqlCode(-EXE_UDR_RS_PREPARE_NOT_ALLOWED);
3684 return SQLCLI_ReturnCode(&currContext, -EXE_UDR_RS_PREPARE_NOT_ALLOWED);
3685 }
3686 //LCOV_EXCL_STOP
3687
3688 // For ExecDirect, MXOSRVR calls SQL_EXEC_SetStmtAttr(NULL) to set the unique id
3689 // before calling SQL_EXEC_EXECDirect. So, we need to use them
3690 if (stmt->getUniqueStmtId() == NULL)
3691 stmt->setUniqueStmtId(NULL);
3692 // Set the StmtStats in the shared segment
3693 stmt->setStmtStats(FALSE);
3694 SQLCLI_Prepare_Setup_Pre(currContext, stmt, 1);
3695 UInt32 tmpFlags;
3696 SessionDefaults *sd = currContext.getSessionDefaults();
3697 if (sd != NULL && sd->getCallEmbeddedArkcmp())
3698 tmpFlags = prepFlags | PREPARE_USE_EMBEDDED_ARKCMP;
3699 else
3700 tmpFlags = prepFlags;
3701 if (sql_source)
3702
3703 retcode =
3704 stmt->prepare(strTarget.getStr(), diags, NULL, 0L,
3705 strTarget.getIntCharSet(),TRUE,tmpFlags);
3706
3707 SQLCLI_Prepare_Setup_Post(currContext, stmt, 1);
3708
3709 if (isERROR(retcode))
3710 return SQLCLI_ReturnCode(&currContext,retcode);
3711
3712 stmt->issuePlanVersioningWarnings (diags);
3713
3714 ULng32 tasks = CLI_PT_GET_INPUT_DESC | CLI_PT_EXEC | CLI_PT_FETCH |
3715 CLI_PT_CLOSE |CLI_PT_SPECIAL_END_PROCESS | CLI_PT_EPILOGUE;
3716 return SQLCLI_PerformTasks(cliGlobals, tasks, statement_id,
3717 input_descriptor, NULL,
3718 num_ptr_pairs, 0, ap, ptr_pairs, 0);
3719 }
Notes on pid 5019 cores/1005/ core.1424198189 .n020.5019. mxosrvr
/local/
#5 <signal handler called> PerformTasks( CliGlobals *, ULng32, SQLSTMT_ID *, SQLDESC_ID *, SQLDESC_ID *, Lng32, Lng32, typedef __va_list_tag __va_list_tag *, SQLCLI_PTR_PAIRS *, SQLCLI_PTR_PAIRS *) (cliGlobals= 0xeea9c0, tasks=606, statement_ id=0x19ee4d8, descriptor= 0x0, output_ descriptor= 0x0, num_input_ ptr_pairs= 0, num_output_ ptr_pairs= 0, ap=0x7fffd22385d0, input_ptr_ pairs=0x0, ptr_pairs= 0x0) at ../cli/Cli.cpp:2943 ExecDirect2( CliGlobals *, SQLSTMT_ID *, SQLDESC_ID *, Int32, SQLDESC_ID *, Lng32, typedef __va_list_tag __va_list_tag *, SQLCLI_PTR_PAIRS *) (cliGlobals= 0xeea9c0, statement_ id=0x19ee4d8, sql_source=<value optimized out>, prepFlags=0, descriptor= 0x0, num_ptr_pairs=0, ap=0x7fffd22385d0, ptr_pairs=0x0) at ../cli/Cli.cpp:3718 ExecDirect2 (statement_ id=0x19ee4d8, sql_source= 0x7fffd22387c0, prep_flags=0, input_descripto r=0x0, ptr_pairs= 0) at ../cli/ CliExtern. cpp:2326 EXEC_ExecDirect (statement_ id=0x19ee4d8, sql_source= 0x7fffd22387c0, input_descripto r=0x0, ptr_pairs= 0) at SQLWrapper.cpp:360 0x19edec0) at sqlinterface. cpp:4479 HDL::ExecDirect (this=0x19edec0, inCursorName=0x0, =0x1a54498 "insert into Trafodion. \"_REPOS_ \".metric_ query_aggr_ table values( 0,0,0,5019, 5019,9, 0,0,'15. 250.48. 108',0, '$Z09043E' ,'MXID110090050 192122909579434 510640000000002 06U3333300' ,CONVERTTIMESTA MP(212290958169 4"..., inStmtType=<value optimized out>, pe=<value optimized out>, inSqlAsyncEnabl e=<value optimized out>, inQueryTimeout=0) at csrvrstmt.cpp:439 libpthread. so.0
#6 0x00007ffff43119e9 in SQLCLI_
input_
output_
#7 0x00007ffff431bbfb in SQLCLI_
input_
#8 0x00007ffff4377bba in SQL_EXEC_
num_
#9 0x00007ffff6a74e17 in SRVR::WSQL_
num_
#10 0x00007ffff6a6a8c0 in SRVR::EXECDIRECT (pSrvrStmt=
#11 0x00007ffff6a2e245 in SRVR::ControlProc (pParam=0x19edec0) at csrvrstmt.cpp:757
#12 0x00007ffff6a2f008 in SRVR_STMT_
inSqlString
inSqlStmtTy
#13 0x00000000004ccb1b in SessionWatchDog (arg=<value optimized out>) at SrvrConnect.cpp:818
#14 0x00007ffff45b2851 in start_thread () from /lib64/
#15 0x00007ffff4ae890d in clone () from /lib64/libc.so.6
In Frame 6 --
(gdb) p *statement_id
$3 = {
version = -293728816,
name_mode = 32767,
module = 0x2932287261686320,
identifier = 0x0,
handle = 0x0,
charset = 0x0,
identifier_len = 0,
tag = 1819047278
}
(gdb) p statement_ id->module id->module- >module_ name
$6 = (const SQLMODULE_ID *) 0x2932287261686320
(gdb) p statement_
Cannot access memory at address 0x2932287261686328
(gdb) p stmtInfo
$7 = (StatementInfo *) 0x0
The caller has set tasks as... GET_INPUT_ DESC | CLI_PT_EXEC | CLI_PT_FETCH | SPECIAL_ END_PROCESS | CLI_PT_EPILOGUE;
3714 ULng32 tasks = CLI_PT_
3715 CLI_PT_CLOSE |CLI_PT_
The statement_id param is definitely corrupt.But this the first use of statement_id in SQLCLI_PerformTasks -- see tasks and stmt_info.
2893 Lng32 SQLCLI_ PerformTasks( ptr_pairs, ptr_pairs, NOT_EXSISTS; >currContext( )); diags() ; OPT_STMT_ INFO) && id->name_ mode != desc_handle)) id->handle) ; >currContext( )->exCollHeap( ); id->handle = stmtInfo; cliGlobals, >moduleAdded( )) ? id->module) ); >setModuleAdded (TRUE); id->module) && id->module- >module_ name) && moduleAdded( statement_ id->module) )) -CLI_MODULE_ NOT_ADDED) ; ReturnCode( &currContext, NOT_ADDED) ;
2894 /*IN*/ CliGlobals * cliGlobals,
2895 /*IN*/ ULng32 tasks,
2896 /*IN*/ SQLSTMT_ID * statement_id,
2897 /*IN OPTIONAL*/ SQLDESC_ID * input_descriptor,
2898 /*IN OPTIONAL*/ SQLDESC_ID * output_descriptor,
2899 /*IN*/ Lng32 num_input_
2900 /*IN*/ Lng32 num_output_
2901 /*IN*/ va_list ap,
2902 /*IN*/ SQLCLI_PTR_PAIRS input_ptr_pairs[],
2903 /*IN*/ SQLCLI_PTR_PAIRS output_ptr_pairs[])
2904 {
2905 Lng32 retcode = SUCCESS;
2906
2907 if (!statement_id)
2908 return -CLI_STMT_
2909
2910 ContextCli & currContext = *(cliGlobals-
2911 ComDiagsArea & diags = currContext.
2912
2913 StatementInfo * stmtInfo = NULL;
2914 StmtStats *stmtStats = NULL;
2915 if ((tasks & CLI_PT_
2916 (statement_
2917 {
2918 stmtInfo = (StatementInfo *)(statement_
2919 if (stmtInfo == NULL)
2920 {
2921 // when do we deallocate this heap? Or do we?
2922 CollHeap * heap = cliGlobals-
2923 stmtInfo = new(heap) StatementInfo();
2924 statement_
2925 }
2926 }
2927
2928 // create initial context, if first call, and add module, if any.
2929 if (tasks & CLI_PT_PROLOGUE)
2930 {
2931 retcode = CliPrologue(
2932 ((stmtInfo && stmtInfo-
2933 NULL : statement_
2934 if (isERROR(retcode))
2935 return retcode;
2936
2937 if (stmtInfo)
2938 stmtInfo-
2939 }
2940 else
2941 {
2942 // module must have been added
2943 if ((statement_
2944 (statement_
2945 (!currContext.
2946 {
2947 diags << DgSqlCode(
2948 return SQLCLI_
2949 -CLI_MODULE_
2950 }
2951 }
In frame 7, SQLCLI_ExecDirect2, there are several uses of statement_id. Line 3654 passes statement_ id->module and that would have caused a fault in CliPrologue. Also, line 3663 would have gotten NULL from ContextCli: :getStatement. which would have raised an error. If this thread has corrupted the SQLSTMT_ID struct that statement_id points to, it must have happened in some method that SQLCLI_ExecDirect2 calls, even tho no pointer is passted to the called method. But all of the compiler code is called from this frame.
3640 Lng32 SQLCLI_ ExecDirect2( /*IN*/ CliGlobals * cliGlobals, cliGlobals, statement_ id->module) ; >currContext( )); diags() ; getStatement( statement_ id); -CLI_STMT_ NOT_EXSISTS) ; ReturnCode( &currContext, -CLI_STMT_ NOT_EXSISTS) ; s()->clearCance lState( ); rget(sql_ source, currContext, diags, strTarget); ReturnCode( &currContext, retcode) ; getParentCall( )) -EXE_UDR_ RS_PREPARE_ NOT_ALLOWED) ; ReturnCode( &currContext, -EXE_UDR_ RS_PREPARE_ NOT_ALLOWED) ; SetStmtAttr( NULL) to set the unique id EXECDirect. So, we need to use them getUniqueStmtId () == NULL) StmtId( NULL); ats(FALSE) ; Prepare_ Setup_Pre( currContext, stmt, 1); getSessionDefau lts(); ddedArkcmp( )) USE_EMBEDDED_ ARKCMP; strTarget. getStr( ), diags, NULL, 0L, getIntCharSet( ),TRUE, tmpFlags) ; Prepare_ Setup_Post( currContext, stmt, 1); ReturnCode( &currContext, retcode) ; VersioningWarni ngs (diags); GET_INPUT_ DESC | CLI_PT_EXEC | CLI_PT_FETCH | SPECIAL_ END_PROCESS | CLI_PT_EPILOGUE; PerformTasks( cliGlobals, tasks, statement_id,
3641 /*IN*/ SQLSTMT_ID * statement_id,
3642 /*IN*/ SQLDESC_ID * sql_source,
3643 /*IN*/ Int32 prepFlags,
3644 /*IN OPTIONAL*/ SQLDESC_ID * input_descriptor,
3645 /*IN*/ Lng32 num_ptr_pairs,
3646 /*IN*/ va_list ap,
3647 /*IN*/ SQLCLI_PTR_PAIRS ptr_pairs[]
3648 )
3649 {
3650 Lng32 retcode;
3651
3652
3653 // create initial context, if first call, and add module, if any.
3654 retcode = CliPrologue(
3655 if (isERROR(retcode))
3656 return retcode;
3657
3658 ContextCli & currContext = *(cliGlobals-
3659 ComDiagsArea & diags = currContext.
3660
3661 /* prepare the statement */
3662
3663 Statement * stmt = currContext.
3664 //LCOV_EXCL_START
3665 /* stmt must exist */
3666 if (!stmt)
3667 {
3668 diags << DgSqlCode(
3669 return SQLCLI_
3670 }
3671 //LCOV_EXCL_STOP
3672 stmt->getGlobal
3673
3674 StrTarget strTarget;
3675 retcode = stmt->initStrTa
3676 if (isERROR(retcode))
3677 return SQLCLI_
3678 // CLI callers are not allowed to request PREPARE or EXEC DIRECT
3679 // operations on stored procedure result sets.
3680 //LCOV_EXCL_START
3681 if (stmt->
3682 {
3683 diags << DgSqlCode(
3684 return SQLCLI_
3685 }
3686 //LCOV_EXCL_STOP
3687
3688 // For ExecDirect, MXOSRVR calls SQL_EXEC_
3689 // before calling SQL_EXEC_
3690 if (stmt->
3691 stmt->setUnique
3692 // Set the StmtStats in the shared segment
3693 stmt->setStmtSt
3694 SQLCLI_
3695 UInt32 tmpFlags;
3696 SessionDefaults *sd = currContext.
3697 if (sd != NULL && sd->getCallEmbe
3698 tmpFlags = prepFlags | PREPARE_
3699 else
3700 tmpFlags = prepFlags;
3701 if (sql_source)
3702
3703 retcode =
3704 stmt->prepare(
3705 strTarget.
3706
3707 SQLCLI_
3708
3709 if (isERROR(retcode))
3710 return SQLCLI_
3711
3712 stmt->issuePlan
3713
3714 ULng32 tasks = CLI_PT_
3715 CLI_PT_CLOSE |CLI_PT_
3716 return SQLCLI_
3717 input_descriptor, NULL,
3718 num_ptr_pairs, 0, ap, ptr_pairs, 0);
3719 }