IBM Support

LI73591: MEMORY CORRUPTION IN STATEMENT HEAP LEADS TO A CRASH WHEN THE FIRST PART OF A 3 PART NAME IN A QUERY IS NOT THE DB NAME

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • db2 "values('<' || ltrim(rtrim(char(nextval for
    w3v8menu.w3v8menu_v2.menu_id))) || '>' )"
    
    The above query crashes the instance as long as 1st part name
    ("w3v8menu" here) is of length 8 or longer.
    
    Stack Trace:
    ******************
    1        OSSTrapFile::dump
    2        sqlo_trce
    3        sqloEDUCodeTrapHandler
    4        sqloCrashOnCriticalMemoryValidationFailure
    5        SMemPool::diagnoseMemoryCorruptionAndCrash
    6        SMemPool::MemTreePut
    7        sqlofmblkEx
    8        sqlnp_main
    
    9        sqlnn_cmpl
    10       sqlnn_cmpl
    11       sqlra_compile_var
    12       sqlra_find_var
    13       sqlra_get_var
    14       sqlrr_prepare
    15       sqljs_ddm_prpsqlstt
    16       sqljsParseRdbAccessed
    17       sqljsParse
    18       swapBytes
    19       sqljsDrdaAsDriver
    20       sqleRunAgent
    21       sqloCreateEDU
    22       sqloSpawnEDU
    23       sqleCreateNewAgent
    
    pmem file output:
    **********************
    
    BEGIN MEMORY CORRUPTION DIAGNOSIS HEADER DUMP
    ================================================================
    ========
    =====
    
    DB2 Support and Development can format this file to replace all
    file
    hash
    values with names, using the following command from any uselvl'd
    build:
    perl -S db2memfmt p3045t0_diagnostics.mem
    
    ================================================================
    ========
    =====
    
    Type of corruption detected:
    Corrupt pool free tree node.
    
    ================================================================
    ========
    =====
          Pool dump time: 2008-06-23-14:47:41.33
                 Pool ID: 12 (Statement Heap - stmth)
                 Address: 0x00000200054EF7B0
                Set type: 9 (PRIVATE)
                   Stack: _ZN8SMemPool32diagnoseMemoryCorruptionA
            Logical size: 182867 bytes
     Logical upper bound: 16908288 bytes
           Physical size: 327680 bytes
    Physical upper bound: 16908288 bytes
      Largest free block: 60744 bytes
        Allocated blocks: 26
          Free tree root: 0x0000020007f1e288
               First CSG: 0x0000020007f1d000
    Corrupt node address: 0x0000020007b9ba08
    -- UNKNOWN NODE TYPE --
    0000020007b9ba08 : 00 b0 00 00 20 00 7b 8c 00 00 00 00 00 00 00
    00 ....
    .{.........
    0000020007b9ba18 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05
    e0
    ................
    ================================================================
    ========
    =====
    END MEMORY CORRUPTION DIAGNOSIS HEADER DUMP
    
    The db2diag.log has the following error message:
    
    2008-06-25-11.50.18.710269-240 I373746A800        LEVEL: Severe
    PID     : 11407                TID  : 2199112302288PROC :
    db2agent (PORTAL) 0
    INSTANCE: db2inst1             NODE : 000         DB   : PORTAL
    APPHDL  : 0-27                 APPID:
    *LOCAL.db2inst1.080625155012
    AUTHID  : DB2INST1
    FUNCTION: DB2 UDB, trace services, sqlt_logerr_data, probe:0
    DATA #1 : SQLCA, PD_DB2_TYPE_SQLCA, 136 bytes
     sqlcaid : SQLCA     sqlcabc: 136   sqlcode: -204   sqlerrml: 28
     sqlerrmc: W3V8MENU.W3V8MENU_V2.MENU_ID
     sqlerrp : SQLNQ67C
     sqlerrd : (1) 0x801A006D      (2) 0x00000000      (3)
    0x00000000
               (4) 0x00000000      (5) 0xFFFFFED4      (6)
    0x00000000
     sqlwarn : (1)      (2)      (3)      (4)        (5)       (6)
               (7)      (8)      (9)      (10)        (11)
     sqlstate:
    
    SQL0204N:name is an undefined name.
    
    The expected result for the customer's query is SQL204N because,
    for a local database, if the first part name ("w3v8menu") is
    specified for a 3-part name, it has to be the same as the
    database name ("portal" here).
    

Local fix

  • - replace the 1st part name with a string of length 7 or less
    - remove the 1st part name if not needed (as explained, for
    local database, the 1st part name, if specified, needs to match
    the database name).
    

Problem summary

  • Users Affected: ALL
    
    Problem Description:
    CORRUPTION IN STATEMENT HEAP LEADS TO A CRASH WHEN THE
    FIRST PART OF A 3 PART NAME IN A QUERY IS NOT THE DB NAME
    
    Problem Summary:
    
    db2 "values('<' || ltrim(rtrim(char(nextval for
    w3v8menu.w3v8menu_v2.menu_id))) || '>' )"
    
    The above query crashes the instance as long as 1st part name
    ("w3v8menu" here) is of length 8 or longer.
    
    Stack Trace:
    ******************
    1        OSSTrapFile::dump
    2        sqlo_trce
    3        sqloEDUCodeTrapHandler
    4        sqloCrashOnCriticalMemoryValidationFailure
    5        SMemPool::diagnoseMemoryCorruptionAndCrash
    6        SMemPool::MemTreePut
    7        sqlofmblkEx
    8        sqlnp_main
    
    9        sqlnn_cmpl
    10       sqlnn_cmpl
    11       sqlra_compile_var
    12       sqlra_find_var
    13       sqlra_get_var
    14       sqlrr_prepare
    15       sqljs_ddm_prpsqlstt
    16       sqljsParseRdbAccessed
    17       sqljsParse
    18       swapBytes
    19       sqljsDrdaAsDriver
    20       sqleRunAgent
    21       sqloCreateEDU
    22       sqloSpawnEDU
    23       sqleCreateNewAgent
    
    pmem file output:
    **********************
    
    BEGIN MEMORY CORRUPTION DIAGNOSIS HEADER DUMP
    ================================================================
    ========
    =====
    
    DB2 Support and Development can format this file to replace all
    file
    hash
    values with names, using the following command from any uselvl'd
    build:
    perl -S db2memfmt p3045t0_diagnostics.mem
    
    ================================================================
    ========
    =====
    
    Type of corruption detected:
    Corrupt pool free tree node.
    
    ================================================================
    ========
    =====
          Pool dump time: 2008-06-23-14:47:41.33
                 Pool ID: 12 (Statement Heap - stmth)
                 Address: 0x00000200054EF7B0
                Set type: 9 (PRIVATE)
                   Stack: _ZN8SMemPool32diagnoseMemoryCorruptionA
            Logical size: 182867 bytes
     Logical upper bound: 16908288 bytes
           Physical size: 327680 bytes
    Physical upper bound: 16908288 bytes
      Largest free block: 60744 bytes
        Allocated blocks: 26
          Free tree root: 0x0000020007f1e288
               First CSG: 0x0000020007f1d000
    Corrupt node address: 0x0000020007b9ba08
    -- UNKNOWN NODE TYPE --
    0000020007b9ba08 : 00 b0 00 00 20 00 7b 8c 00 00 00 00 00 00 00
    00 ....
    .{.........
    0000020007b9ba18 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05
    e0
    ................
    ================================================================
    ========
    =====
    END MEMORY CORRUPTION DIAGNOSIS HEADER DUMP
    
    The db2diag.log has the following error message:
    
    2008-06-25-11.50.18.710269-240 I373746A800        LEVEL: Severe
    PID     : 11407                TID  : 2199112302288PROC :
    db2agent (PORTAL) 0
    INSTANCE: db2inst1             NODE : 000         DB   : PORTAL
    APPHDL  : 0-27                 APPID:
    *LOCAL.db2inst1.080625155012
    AUTHID  : DB2INST1
    FUNCTION: DB2 UDB, trace services, sqlt_logerr_data, probe:0
    DATA #1 : SQLCA, PD_DB2_TYPE_SQLCA, 136 bytes
     sqlcaid : SQLCA     sqlcabc: 136   sqlcode: -204   sqlerrml: 28
     sqlerrmc: W3V8MENU.W3V8MENU_V2.MENU_ID
     sqlerrp : SQLNQ67C
     sqlerrd : (1) 0x801A006D      (2) 0x00000000      (3)
    0x00000000
               (4) 0x00000000      (5) 0xFFFFFED4      (6)
    0x00000000
     sqlwarn : (1)      (2)      (3)      (4)        (5)       (6)
               (7)      (8)      (9)      (10)        (11)
     sqlstate:
    
    SQL0204N:name is an undefined name.
    
    The expected result for the customer's query is SQL204N because,
    for a local database, if the first part name ("w3v8menu") is
    specified for a 3-part name, it has to be the same as the
    database name ("portal" here).
    
    LOCAL FIX:
    - replace the 1st part name with a string of length 7 or less
    - remove the 1st part name if not needed (as explained, for
    local database, the 1st part name, if specified, needs to match
    the database name).
    

Problem conclusion

  • First fixed in DB2 UDB Version 9.1, Fixpack 6
    

Temporary fix

Comments

APAR Information

  • APAR number

    LI73591

  • Reported component name

    DB2 UDE ESE LIN

  • Reported component ID

    5765F4104

  • Reported release

    910

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-07-17

  • Closed date

    2008-11-10

  • Last modified date

    2008-11-10

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    LI73593

Fix information

  • Fixed component name

    DB2 UDE ESE LIN

  • Fixed component ID

    5765F4104

Applicable component levels

  • R910 PSY

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"910","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 October 2021