SQLServerWiki

“The Only Thing That Is Constant Is Change”

A details explanation of Access Violation Dump in SQL Server.

Posted by database-wiki on October 20, 2012

I was trying to understand what’s logged in the error log when a dump is generated. I followed (KEN HENDERSON’s SQL SERVER 2005 PRACTICAL TROUBLESHOOTING. RIP KEN…)

SQL Server Stack Dumps: ( A look at the error log before hitting !analyze –v)

===================

SQL Server has used Structured Exception Handling since the first version of SQL Server on Windows NT back in 1993. In order to get the right diagnostic information to debug an exception that is handled, the SQL Server development team implemented the concept of stack dump. This concept is actually nothing new. If you run a program on a Windows XP or 2003 Server and the program does not have Structured Exception Handling, it is considered an unhandled exception. But this doesn’t mean you can’t get information about the exception. “Wrapped” around your program’s execution is a special Exception handler that “catches” the exception and invokes the default debugger. This default debugger for a standard windows instruction is a program called Dr. Watson (drwtsn32.exe). This program is designed to attach to your process and capture information about the exception, including stack frames for all threads and information about the exception. So, in essence, you could call this a stack Dump. So the stack dump contains information about the exception, including the stack frame of the thread that encountered the exception.

The engine produced the stack dump in the ERRORLOG (called the short stack dump) and a more comprehensive dump of the information into a .TXT file in the LOG directory of the sql server

Installation.

Starting in sql server 2000 SP3, SQL Server Dev team realized that debugging efforts would be improved if they also produced a mini-dump file in the standard Windows Debugging dump file format.

To accomplish this, they created a program called SQLDUMPER.EXE. This design was for the sql server engine to spawn the SQLDUMPER.EXE process and pass the appropriate information for SQLDUMPER.EXE to obtain a mini-dump file for the SQLSERVR.EXE process. SQLDUMPER.EXE was designed generic, though, so that it could be used for any program in the sql server box.(Analysis and reporting Services use this, for example).

In Fact, SQLDUMPER.EXE can be used with any Windows program. It uses the MiniDumpWriteDump API call from the Windows SDK.

You can actually run SQLDUMPER.EXE yourself, specifying the process ID of any ProcessID of any running windows program to obtain a dump file of its current state. (See KB 917825 for version of this program).

The location of the mini dump is in sql error log folder and all execution of SQLDUMPER.EXE are logged in SQLDUMPER_ERRORLOG.log.

During a stack dump four files are created:

  1. Mini-dump SQLDumpnnnn.mdmp
  2. A manifest file that is used by DW20.EXE and sent to Microsoft servers to classify the dump called SQLDumpnnnn.mft.
  3. A text file called SQLDumpnnnn.txt (old full stack dump).
  4. ERRORLOG file at the time of the exception called SQLDumpnnnn.log

What you see in the error log is:

  • The most common situation where SQL Server Engine produces a stack dump is a handled Windows exception. Sql server uses structure exception handling in much of its code

to catch Windows exceptions such as Access Violation (AV).

  • Below is an example of access violation(AV).
  • I took the latest dump from the error log folder and open the error log and search for the mdmp name without extension. (SQLDump6229 in my case and it has hit SQLDump6229.txt look below)

————————————————————————————————————————————————————————————————————————————————–

2008-09-17 05:09:46.84 spid66      Using ‘dbghelp.dll’ version ‘4.0.5’

2008-09-17 05:09:46.92 spid66      ***Stack Dump being sent to D:Program FilesMSSQL.1MSSQLLOGSQLDump6229.txt

2008-09-17 05:09:46.92 spid66      SqlDumpExceptionHandler: Process 66 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.

2008-09-17 05:09:46.92 spid66      * *******************************************************************************

2008-09-17 05:09:46.92 spid66      *

2008-09-17 05:09:46.92 spid66      * BEGIN STACK DUMP:

2008-09-17 05:09:46.92 spid66      *   09/17/08 05:09:46 spid 66

2008-09-17 05:09:46.92 spid66      *

2008-09-17 05:09:46.92 spid66      *

2008-09-17 05:09:46.92 spid66      *   Exception Address = 01105772 Module(sqlservr+00105772)

2008-09-17 05:09:46.92 spid66      *   Exception Code    = c0000005 EXCEPTION_ACCESS_VIOLATION

2008-09-17 05:09:46.92 spid66      *   Access Violation occurred reading address 00000000

2008-09-17 05:09:46.92 spid66      * Input Buffer 104 bytes –

2008-09-17 05:09:46.92 spid66      *    d b o . p r o c  12 00 64 00 62 00 6f 00 2e 00 70 00 72 00 6f 00 63 00

2008-09-17 05:09:46.92 spid66      *  _ M S S _ C r a w  5f 00 4d 00 53 00 53 00 5f 00 43 00 72 00 61 00 77 00

2008-09-17 05:09:46.92 spid66      *  l     &        &   6c 00 00 00 00 00 26 04 04 03 00 00 00 00 00 26 04 04

2008-09-17 05:09:46.92 spid66      *        &        &   07 00 00 00 00 00 26 04 04 01 00 00 00 00 00 26 04 04

2008-09-17 05:09:46.92 spid66      *  *     &        &   2a 00 00 00 00 00 26 04 04 00 00 00 00 00 00 26 04 04

2008-09-17 05:09:46.92 spid66      *        &    &       00 00 00 00 00 01 26 04 00 00 01 26 04 00

2008-09-17 05:09:46.92 spid66      *

2008-09-17 05:09:46.92 spid66      *

2008-09-17 05:09:46.92 spid66      *  MODULE                          BASE      END       SIZE

2008-09-17 05:09:46.92 spid66      * sqlservr                       01000000  02BA7FFF  01ba8000

2008-09-17 05:09:46.92 spid66      * ntdll                          7C800000  7C8BFFFF  000c0000

2008-09-17 05:09:46.92 spid66      * kernel32                       77E40000  77F41FFF  00102000

2008-09-17 05:09:46.92 spid66      * MSVCR80                        78130000  781CAFFF  0009b000

2008-09-17 05:09:46.92 spid66      * msvcrt                         77BA0000  77BF9FFF  0005a000

2008-09-17 05:09:46.92 spid66      * MSVCP80                        7C420000  7C4A6FFF  00087000

2008-09-17 05:09:46.92 spid66      * ADVAPI32                       77F50000  77FEAFFF  0009b000

2008-09-17 05:09:46.92 spid66      * RPCRT4                         77C50000  77CEEFFF  0009f000

2008-09-17 05:09:46.92 spid66      * Secur32                        76F50000  76F62FFF  00013000

2008-09-17 05:09:46.92 spid66      * USER32                         77380000  77410FFF  00091000

2008-09-17 05:09:46.92 spid66      * GDI32                          77C00000  77C47FFF  00048000

2008-09-17 05:09:46.92 spid66      * CRYPT32                        761B0000  76242FFF  00093000

2008-09-17 05:09:46.92 spid66      * MSASN1                         76190000  761A1FFF  00012000

2008-09-17 05:09:46.92 spid66      * MSWSOCK                        71B20000  71B60FFF  00041000

2008-09-17 05:09:46.92 spid66      * WS2_32                         71C00000  71C16FFF  00017000

2008-09-17 05:09:46.92 spid66      * WS2HELP                        71BF0000  71BF7FFF  00008000

2008-09-17 05:09:46.92 spid66      * USERENV                        76920000  769E1FFF  000c2000

2008-09-17 05:09:46.92 spid66      * opends60                       333E0000  333E6FFF  00007000

2008-09-17 05:09:46.92 spid66      * NETAPI32                       71C40000  71C96FFF  00057000

2008-09-17 05:09:46.92 spid66      * SHELL32                        7C8D0000  7D0CDFFF  007fe000

2008-09-17 05:09:46.92 spid66      * SHLWAPI                        77DA0000  77DF1FFF  00052000

2008-09-17 05:09:46.92 spid66      * comctl32                       77420000  77522FFF  00103000

2008-09-17 05:09:46.92 spid66      * psapi                          76B70000  76B7AFFF  0000b000

2008-09-17 05:09:46.92 spid66      * instapi                        48060000  48069FFF  0000a000

2008-09-17 05:09:46.92 spid66      * sqlevn70                       4F610000  4F7A0FFF  00191000

2008-09-17 05:09:46.92 spid66      * SQLOS                          344D0000  344D4FFF  00005000

2008-09-17 05:09:46.92 spid66      * rsaenh                         68000000  68034FFF  00035000

2008-09-17 05:09:46.92 spid66      * AUTHZ                          76C40000  76C53FFF  00014000

2008-09-17 05:09:46.92 spid66      * MSCOREE                        34480000  344C4FFF  00045000

2008-09-17 05:09:46.92 spid66      * ole32                          77670000  777A8FFF  00139000

2008-09-17 05:09:46.92 spid66      * msv1_0                         76C90000  76CB6FFF  00027000

2008-09-17 05:09:46.92 spid66      * iphlpapi                       76CF0000  76D09FFF  0001a000

2008-09-17 05:09:46.92 spid66      * kerberos                       622C0000  62317FFF  00058000

2008-09-17 05:09:46.92 spid66      * cryptdll                       766E0000  766EBFFF  0000c000

2008-09-17 05:09:46.92 spid66      * schannel                       76750000  76776FFF  00027000

2008-09-17 05:09:46.92 spid66      * COMRES                         77010000  770D5FFF  000c6000

2008-09-17 05:09:46.92 spid66      * XOLEHLP                        62380000  62385FFF  00006000

2008-09-17 05:09:46.92 spid66      * MSDTCPRX                       62390000  62408FFF  00079000

2008-09-17 05:09:46.92 spid66      * OLEAUT32                       77D00000  77D8AFFF  0008b000

2008-09-17 05:09:46.92 spid66      * msvcp60                        62410000  62474FFF  00065000

2008-09-17 05:09:46.92 spid66      * MTXCLU                         62480000  62498FFF  00019000

2008-09-17 05:09:46.92 spid66      * VERSION                        77B90000  77B97FFF  00008000

2008-09-17 05:09:46.92 spid66      * WSOCK32                        71BB0000  71BB8FFF  00009000

2008-09-17 05:09:46.92 spid66      * CLUSAPI                        624A0000  624B1FFF  00012000

2008-09-17 05:09:46.92 spid66      * RESUTILS                       624C0000  624D2FFF  00013000

2008-09-17 05:09:46.92 spid66      * DNSAPI                         76ED0000  76EF9FFF  0002a000

2008-09-17 05:09:46.92 spid66      * winrnr                         76F70000  76F76FFF  00007000

2008-09-17 05:09:46.92 spid66      * WLDAP32                        76F10000  76F3DFFF  0002e000

2008-09-17 05:09:46.92 spid66      * rasadhlp                       76F80000  76F84FFF  00005000

2008-09-17 05:09:46.92 spid66      * security                       62910000  62913FFF  00004000

2008-09-17 05:09:46.92 spid66      * msfte                          63030000  63287FFF  00258000

2008-09-17 05:09:46.92 spid66      * dbghelp                        632A0000  633B7FFF  00118000

2008-09-17 05:09:46.92 spid66      * WINTRUST                       76BB0000  76BDAFFF  0002b000

2008-09-17 05:09:46.92 spid66      * imagehlp                       76C10000  76C37FFF  00028000

2008-09-17 05:09:46.92 spid66      * dssenh                         68100000  68126FFF  00027000

2008-09-17 05:09:46.92 spid66      * hnetcfg                        63600000  63659FFF  0005a000

2008-09-17 05:09:46.92 spid66      * wshtcpip                       71AE0000  71AE7FFF  00008000

2008-09-17 05:09:46.92 spid66      * NTMARTA                        77E00000  77E20FFF  00021000

2008-09-17 05:09:46.92 spid66      * SAMLIB                         7E020000  7E02EFFF  0000f000

2008-09-17 05:09:46.92 spid66      * ntdsapi                        766F0000  76703FFF  00014000

2008-09-17 05:09:46.92 spid66      * xpsp2res                       63720000  639E4FFF  002c5000

2008-09-17 05:09:46.92 spid66      * CLBCatQ                        777B0000  77832FFF  00083000

2008-09-17 05:09:46.92 spid66      * sqlncli                        639F0000  63C0DFFF  0021e000

2008-09-17 05:09:46.92 spid66      * COMCTL32                       77530000  775C6FFF  00097000

2008-09-17 05:09:46.92 spid66      * comdlg32                       762B0000  762F8FFF  00049000

2008-09-17 05:09:46.92 spid66      * SQLNCLIR                       007C0000  007F2FFF  00033000

2008-09-17 05:09:46.92 spid66      * msftepxy                       63D90000  63DA4FFF  00015000

2008-09-17 05:09:46.92 spid66      * xpsqlbot                       65000000  65005FFF  00006000

2008-09-17 05:09:46.92 spid66      * xpstar90                       65020000  65064FFF  00045000

2008-09-17 05:09:46.92 spid66      * SQLSCM90                       65080000  65088FFF  00009000

2008-09-17 05:09:46.92 spid66      * ODBC32                         650A0000  650DCFFF  0003d000

2008-09-17 05:09:46.92 spid66      * BatchParser90                  650E0000  650FDFFF  0001e000

2008-09-17 05:09:46.92 spid66      * SQLSVC90                       65110000  65129FFF  0001a000

2008-09-17 05:09:46.92 spid66      * SqlResourceLoader              65140000  65145FFF  00006000

2008-09-17 05:09:46.92 spid66      * ATL80                          7C630000  7C64AFFF  0001b000

2008-09-17 05:09:46.92 spid66      * odbcint                        65320000  65336FFF  00017000

2008-09-17 05:09:46.92 spid66      * SQLSVC90                       65340000  65342FFF  00003000

2008-09-17 05:09:46.92 spid66      * xpstar90                       65350000  65375FFF  00026000

2008-09-17 05:09:46.92 spid66      * xplog70                        65380000  6538BFFF  0000c000

2008-09-17 05:09:46.92 spid66      * xplog70                        653A0000  653A2FFF  00003000

2008-09-17 05:09:46.92 spid66      * dbghelp                        65B30000  65C47FFF  00118000

2008-09-17 05:09:46.92 spid66      *

2008-09-17 05:09:46.92 spid66      *        Edi: 3F883350:  0110300C  3F882DF0  01103308  00000000  00000000  00000000

2008-09-17 05:09:46.92 spid66      *        Esi: 3F883350:  0110300C  3F882DF0  01103308  00000000  00000000  00000000

2008-09-17 05:09:46.92 spid66      *        Eax: 62A9EE20:  62A9EE54  02450AD1  FFFFFFFF  62A9EE60  013804D2  3F883350

2008-09-17 05:09:46.92 spid66      *        Ebx: 00000000:

2008-09-17 05:09:46.92 spid66      *        Ecx: 00000000:

2008-09-17 05:09:46.92 spid66      *        Edx: 00000040:

2008-09-17 05:09:46.92 spid66      *        Eip: 01105772:  108B038B  CB8B016A  4D8BD2FF  F88B560C  FFDE39E8  89C033FF

2008-09-17 05:09:46.92 spid66      *        Ebp: 62A9EE2C:  62A9EE60  013804D2  3F883350  3FCE2028  00000000  62A9EF6D

2008-09-17 05:09:46.92 spid66      *      SegCs: 0000001B:

2008-09-17 05:09:46.92 spid66      *     EFlags: 00010206:  00610044  00610074  004D005C  00410063  00650066  005C0065

2008-09-17 05:09:46.92 spid66      *        Esp: 62A9EE10:  62A9EF21  3F883350  3FCE2028  3F8832F8  62A9EE54  02450AD1

2008-09-17 05:09:46.92 spid66      *      SegSs: 00000023:

2008-09-17 05:09:46.92 spid66      * *******************************************************************************

2008-09-17 05:09:46.92 spid66      * ——————————————————————————-

2008-09-17 05:09:46.92 spid66      * Short Stack Dump

2008-09-17 05:09:46.96 spid66      01105772 Module(sqlservr+00105772)

2008-09-17 05:09:46.96 spid66      013804D2 Module(sqlservr+003804D2)

2008-09-17 05:09:46.96 spid66      01439AD1 Module(sqlservr+00439AD1)

2008-09-17 05:09:46.96 spid66      0143995C Module(sqlservr+0043995C)

2008-09-17 05:09:46.96 spid66      01380F7A Module(sqlservr+00380F7A)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:46.96 spid66      013810A9 Module(sqlservr+003810A9)

2008-09-17 05:09:46.96 spid66      0125362A Module(sqlservr+0025362A)

2008-09-17 05:09:46.96 spid66      01253CCA Module(sqlservr+00253CCA)

2008-09-17 05:09:46.96 spid66      013CDC85 Module(sqlservr+003CDC85)

2008-09-17 05:09:46.96 spid66      013CDD56 Module(sqlservr+003CDD56)

2008-09-17 05:09:46.96 spid66      0125B712 Module(sqlservr+0025B712)

2008-09-17 05:09:46.96 spid66      0125B0B5 Module(sqlservr+0025B0B5)

2008-09-17 05:09:46.96 spid66      01320C83 Module(sqlservr+00320C83)

2008-09-17 05:09:46.96 spid66      0125B99F Module(sqlservr+0025B99F)

2008-09-17 05:09:46.96 spid66      0102C51D Module(sqlservr+0002C51D)

2008-09-17 05:09:46.96 spid66      010438E5 Module(sqlservr+000438E5)

2008-09-17 05:09:46.96 spid66      01041C35 Module(sqlservr+00041C35)

2008-09-17 05:09:46.96 spid66      0100889F Module(sqlservr+0000889F)

2008-09-17 05:09:46.96 spid66      010089C5 Module(sqlservr+000089C5)

2008-09-17 05:09:46.96 spid66      010086E7 Module(sqlservr+000086E7)

2008-09-17 05:09:46.96 spid66      010D764A Module(sqlservr+000D764A)

2008-09-17 05:09:46.96 spid66      010D7B71 Module(sqlservr+000D7B71)

2008-09-17 05:09:46.96 spid66      010D746E Module(sqlservr+000D746E)

2008-09-17 05:09:47.03 spid66      010D83F0 Module(sqlservr+000D83F0)

2008-09-17 05:09:47.03 spid66      781329AA Module(MSVCR80+000029AA)

2008-09-17 05:09:47.07 spid66      78132A36 Module(MSVCR80+00002A36)

2008-09-17 05:09:47.09 spid66      Stack Signature for the dump is 0x39F8A80D

2008-09-17 05:09:47.78 spid66      Potential image corruption/hotpatch detected. This may be a sign of a hardware problem or caused by presence of CLR/jitted images on the stack. Check SQLDUMPER_ERRORLOG.log for details.

2008-09-17 05:09:47.78 Server      Error: 17310, Severity: 20, State: 1.

2008-09-17 05:09:47.78 Server      A user request from the session with SPID 66 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.

2008-09-17 05:09:48.09 spid66      Using ‘dbghelp.dll’ version ‘4.0.5’

2008-09-17 05:09:48.14 spid66      ***Stack Dump being sent to D:Program FilesMSSQL.1MSSQLLOGSQLDump6230.txt

2008-09-17 05:09:48.14 spid66      SqlDumpExceptionHandler: Process 66 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.

2008-09-17 05:09:48.14 spid66      * *******************************************************************************

2008-09-17 05:09:48.14 spid66      *

2008-09-17 05:09:48.14 spid66      * BEGIN STACK DUMP:

2008-09-17 05:09:48.14 spid66      *   09/17/08 05:09:48 spid 66

2008-09-17 05:09:48.14 spid66      *

2008-09-17 05:09:48.14 spid66      *

2008-09-17 05:09:48.14 spid66      *   Exception Address = 01105772 Module(sqlservr+00105772)

2008-09-17 05:09:48.14 spid66      *   Exception Code    = c0000005 EXCEPTION_ACCESS_VIOLATION

2008-09-17 05:09:48.14 spid66      *   Access Violation occurred reading address 00000000

2008-09-17 05:09:48.14 spid66      * Input Buffer 104 bytes –

2008-09-17 05:09:48.14 spid66      *    d b o . p r o c  12 00 64 00 62 00 6f 00 2e 00 70 00 72 00 6f 00 63 00

2008-09-17 05:09:48.14 spid66      *  _ M S S _ C r a w  5f 00 4d 00 53 00 53 00 5f 00 43 00 72 00 61 00 77 00

2008-09-17 05:09:48.14 spid66      *  l     &        &   6c 00 00 00 00 00 26 04 04 03 00 00 00 00 00 26 04 04

2008-09-17 05:09:48.14 spid66      *        &        &   07 00 00 00 00 00 26 04 04 01 00 00 00 00 00 26 04 04

2008-09-17 05:09:48.14 spid66      *  *     &        &   2a 00 00 00 00 00 26 04 04 00 00 00 00 00 00 26 04 04

2008-09-17 05:09:48.14 spid66      *        &    &       00 00 00 00 00 01 26 04 00 00 01 26 04 00

2008-09-17 05:09:48.14 spid66      *

2008-09-17 05:09:48.14 spid66      *

2008-09-17 05:09:48.14 spid66      *  MODULE                          BASE      END       SIZE

2008-09-17 05:09:48.14 spid66      * sqlservr                       01000000  02BA7FFF  01ba8000

2008-09-17 05:09:48.14 spid66      * ntdll                          7C800000  7C8BFFFF  000c0000

2008-09-17 05:09:48.14 spid66      * kernel32                       77E40000  77F41FFF  00102000

2008-09-17 05:09:48.14 spid66      * MSVCR80                        78130000  781CAFFF  0009b000

2008-09-17 05:09:48.14 spid66      * msvcrt                         77BA0000  77BF9FFF  0005a000

2008-09-17 05:09:48.14 spid66      * MSVCP80                        7C420000  7C4A6FFF  00087000

2008-09-17 05:09:48.14 spid66      * ADVAPI32                       77F50000  77FEAFFF  0009b000

2008-09-17 05:09:48.14 spid66      * RPCRT4                         77C50000  77CEEFFF  0009f000

2008-09-17 05:09:48.14 spid66      * Secur32                        76F50000  76F62FFF  00013000

2008-09-17 05:09:48.14 spid66      * USER32                         77380000  77410FFF  00091000

2008-09-17 05:09:48.14 spid66      * GDI32                          77C00000  77C47FFF  00048000

2008-09-17 05:09:48.14 spid66      * CRYPT32                        761B0000  76242FFF  00093000

2008-09-17 05:09:48.14 spid66      * MSASN1                         76190000  761A1FFF  00012000

2008-09-17 05:09:48.14 spid66      * MSWSOCK                        71B20000  71B60FFF  00041000

2008-09-17 05:09:48.14 spid66      * WS2_32                         71C00000  71C16FFF  00017000

2008-09-17 05:09:48.14 spid66      * WS2HELP                        71BF0000  71BF7FFF  00008000

2008-09-17 05:09:48.14 spid66      * USERENV                        76920000  769E1FFF  000c2000

2008-09-17 05:09:48.14 spid66      * opends60                       333E0000  333E6FFF  00007000

2008-09-17 05:09:48.14 spid66      * NETAPI32                       71C40000  71C96FFF  00057000

2008-09-17 05:09:48.14 spid66      * SHELL32                        7C8D0000  7D0CDFFF  007fe000

2008-09-17 05:09:48.14 spid66      * SHLWAPI                        77DA0000  77DF1FFF  00052000

2008-09-17 05:09:48.14 spid66      * comctl32                       77420000  77522FFF  00103000

2008-09-17 05:09:48.14 spid66      * psapi                          76B70000  76B7AFFF  0000b000

2008-09-17 05:09:48.14 spid66      * instapi                        48060000  48069FFF  0000a000

2008-09-17 05:09:48.14 spid66      * sqlevn70                       4F610000  4F7A0FFF  00191000

2008-09-17 05:09:48.14 spid66      * SQLOS                          344D0000  344D4FFF  00005000

2008-09-17 05:09:48.14 spid66      * rsaenh                         68000000  68034FFF  00035000

2008-09-17 05:09:48.14 spid66      * AUTHZ                          76C40000  76C53FFF  00014000

2008-09-17 05:09:48.14 spid66      * MSCOREE                        34480000  344C4FFF  00045000

2008-09-17 05:09:48.14 spid66      * ole32                          77670000  777A8FFF  00139000

2008-09-17 05:09:48.14 spid66      * msv1_0                         76C90000  76CB6FFF  00027000

2008-09-17 05:09:48.14 spid66      * iphlpapi                       76CF0000  76D09FFF  0001a000

2008-09-17 05:09:48.14 spid66      * kerberos                       622C0000  62317FFF  00058000

2008-09-17 05:09:48.14 spid66      * cryptdll                       766E0000  766EBFFF  0000c000

2008-09-17 05:09:48.14 spid66      * schannel                       76750000  76776FFF  00027000

2008-09-17 05:09:48.14 spid66      * COMRES                         77010000  770D5FFF  000c6000

2008-09-17 05:09:48.14 spid66      * XOLEHLP                        62380000  62385FFF  00006000

2008-09-17 05:09:48.14 spid66      * MSDTCPRX                       62390000  62408FFF  00079000

2008-09-17 05:09:48.14 spid66      * OLEAUT32                       77D00000  77D8AFFF  0008b000

2008-09-17 05:09:48.14 spid66      * msvcp60                        62410000  62474FFF  00065000

2008-09-17 05:09:48.14 spid66      * MTXCLU                         62480000  62498FFF  00019000

2008-09-17 05:09:48.14 spid66      * VERSION                        77B90000  77B97FFF  00008000

2008-09-17 05:09:48.14 spid66      * WSOCK32                        71BB0000  71BB8FFF  00009000

2008-09-17 05:09:48.14 spid66      * CLUSAPI                        624A0000  624B1FFF  00012000

2008-09-17 05:09:48.14 spid66      * RESUTILS                       624C0000  624D2FFF  00013000

2008-09-17 05:09:48.14 spid66      * DNSAPI                         76ED0000  76EF9FFF  0002a000

2008-09-17 05:09:48.14 spid66      * winrnr                         76F70000  76F76FFF  00007000

2008-09-17 05:09:48.14 spid66      * WLDAP32                        76F10000  76F3DFFF  0002e000

2008-09-17 05:09:48.14 spid66      * rasadhlp                       76F80000  76F84FFF  00005000

2008-09-17 05:09:48.14 spid66      * security                       62910000  62913FFF  00004000

2008-09-17 05:09:48.14 spid66      * msfte                          63030000  63287FFF  00258000

2008-09-17 05:09:48.14 spid66      * dbghelp                        632A0000  633B7FFF  00118000

2008-09-17 05:09:48.14 spid66      * WINTRUST                       76BB0000  76BDAFFF  0002b000

2008-09-17 05:09:48.14 spid66      * imagehlp                       76C10000  76C37FFF  00028000

2008-09-17 05:09:48.14 spid66      * dssenh                         68100000  68126FFF  00027000

2008-09-17 05:09:48.14 spid66      * hnetcfg                        63600000  63659FFF  0005a000

2008-09-17 05:09:48.14 spid66      * wshtcpip                       71AE0000  71AE7FFF  00008000

2008-09-17 05:09:48.14 spid66      * NTMARTA                        77E00000  77E20FFF  00021000

2008-09-17 05:09:48.14 spid66      * SAMLIB                         7E020000  7E02EFFF  0000f000

2008-09-17 05:09:48.14 spid66      * ntdsapi                        766F0000  76703FFF  00014000

2008-09-17 05:09:48.14 spid66      * xpsp2res                       63720000  639E4FFF  002c5000

2008-09-17 05:09:48.14 spid66      * CLBCatQ                        777B0000  77832FFF  00083000

2008-09-17 05:09:48.14 spid66      * sqlncli                        639F0000  63C0DFFF  0021e000

2008-09-17 05:09:48.14 spid66      * COMCTL32                       77530000  775C6FFF  00097000

2008-09-17 05:09:48.14 spid66      * comdlg32                       762B0000  762F8FFF  00049000

2008-09-17 05:09:48.14 spid66      * SQLNCLIR                       007C0000  007F2FFF  00033000

2008-09-17 05:09:48.14 spid66      * msftepxy                       63D90000  63DA4FFF  00015000

2008-09-17 05:09:48.14 spid66      * xpsqlbot                       65000000  65005FFF  00006000

2008-09-17 05:09:48.14 spid66      * xpstar90                       65020000  65064FFF  00045000

2008-09-17 05:09:48.14 spid66      * SQLSCM90                       65080000  65088FFF  00009000

2008-09-17 05:09:48.14 spid66      * ODBC32                         650A0000  650DCFFF  0003d000

2008-09-17 05:09:48.14 spid66      * BatchParser90                  650E0000  650FDFFF  0001e000

2008-09-17 05:09:48.14 spid66      * SQLSVC90                       65110000  65129FFF  0001a000

2008-09-17 05:09:48.14 spid66      * SqlResourceLoader              65140000  65145FFF  00006000

2008-09-17 05:09:48.14 spid66      * ATL80                          7C630000  7C64AFFF  0001b000

2008-09-17 05:09:48.14 spid66      * odbcint                        65320000  65336FFF  00017000

2008-09-17 05:09:48.14 spid66      * SQLSVC90                       65340000  65342FFF  00003000

2008-09-17 05:09:48.14 spid66      * xpstar90                       65350000  65375FFF  00026000

2008-09-17 05:09:48.14 spid66      * xplog70                        65380000  6538BFFF  0000c000

2008-09-17 05:09:48.14 spid66      * xplog70                        653A0000  653A2FFF  00003000

2008-09-17 05:09:48.14 spid66      * dbghelp                        65B30000  65C47FFF  00118000

2008-09-17 05:09:48.14 spid66      *

2008-09-17 05:09:48.14 spid66      *        Edi: 3FE75350:  0110300C  3FE74DF0  01103308  00000000  00000000  00000000

2008-09-17 05:09:48.14 spid66      *        Esi: 3FE75350:  0110300C  3FE74DF0  01103308  00000000  00000000  00000000

2008-09-17 05:09:48.14 spid66      *        Eax: 6302EE20:  6302EE54  02450AD1  FFFFFFFF  6302EE60  013804D2  3FE75350

2008-09-17 05:09:48.14 spid66      *        Ebx: 00000000:

2008-09-17 05:09:48.14 spid66      *        Ecx: 00000000:

2008-09-17 05:09:48.14 spid66      *        Edx: 00000040:

2008-09-17 05:09:48.14 spid66      *        Eip: 01105772:  108B038B  CB8B016A  4D8BD2FF  F88B560C  FFDE39E8  89C033FF

2008-09-17 05:09:48.14 spid66      *        Ebp: 6302EE2C:  6302EE60  013804D2  3FE75350  3F422028  00000000  6302EF6D

2008-09-17 05:09:48.14 spid66      *      SegCs: 0000001B:

2008-09-17 05:09:48.14 spid66      *     EFlags: 00010206:  00610044  00610074  004D005C  00410063  00650066  005C0065

2008-09-17 05:09:48.14 spid66      *        Esp: 6302EE10:  6302EF21  3FE75350  3F422028  3FE752F8  6302EE54  02450AD1

2008-09-17 05:09:48.14 spid66      *      SegSs: 00000023:

2008-09-17 05:09:48.14 spid66      * *******************************************************************************

2008-09-17 05:09:48.14 spid66      * ——————————————————————————-

2008-09-17 05:09:48.14 spid66      * Short Stack Dump

2008-09-17 05:09:48.20 spid66      01105772 Module(sqlservr+00105772)

2008-09-17 05:09:48.20 spid66      013804D2 Module(sqlservr+003804D2)

2008-09-17 05:09:48.20 spid66      01439AD1 Module(sqlservr+00439AD1)

2008-09-17 05:09:48.20 spid66      0143995C Module(sqlservr+0043995C)

2008-09-17 05:09:48.20 spid66      01380F7A Module(sqlservr+00380F7A)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      01380EAF Module(sqlservr+00380EAF)

2008-09-17 05:09:48.20 spid66      013810A9 Module(sqlservr+003810A9)

2008-09-17 05:09:48.20 spid66      0125362A Module(sqlservr+0025362A)

2008-09-17 05:09:48.20 spid66      01253CCA Module(sqlservr+00253CCA)

2008-09-17 05:09:48.20 spid66      013CDC85 Module(sqlservr+003CDC85)

2008-09-17 05:09:48.20 spid66      013CDD56 Module(sqlservr+003CDD56)

2008-09-17 05:09:48.20 spid66      0125B712 Module(sqlservr+0025B712)

2008-09-17 05:09:48.20 spid66      0125B0B5 Module(sqlservr+0025B0B5)

2008-09-17 05:09:48.20 spid66      01320C83 Module(sqlservr+00320C83)

2008-09-17 05:09:48.20 spid66      0125B99F Module(sqlservr+0025B99F)

2008-09-17 05:09:48.20 spid66      0102C51D Module(sqlservr+0002C51D)

2008-09-17 05:09:48.20 spid66      010438E5 Module(sqlservr+000438E5)

2008-09-17 05:09:48.20 spid66      01041C35 Module(sqlservr+00041C35)

2008-09-17 05:09:48.20 spid66      0100889F Module(sqlservr+0000889F)

2008-09-17 05:09:48.20 spid66      010089C5 Module(sqlservr+000089C5)

2008-09-17 05:09:48.20 spid66      010086E7 Module(sqlservr+000086E7)

2008-09-17 05:09:48.20 spid66      010D764A Module(sqlservr+000D764A)

2008-09-17 05:09:48.20 spid66      010D7B71 Module(sqlservr+000D7B71)

2008-09-17 05:09:48.20 spid66      010D746E Module(sqlservr+000D746E)

2008-09-17 05:09:48.25 spid66      010D83F0 Module(sqlservr+000D83F0)

2008-09-17 05:09:48.25 spid66      781329AA Module(MSVCR80+000029AA)

2008-09-17 05:09:48.29 spid66      78132A36 Module(MSVCR80+00002A36)

2008-09-17 05:09:48.31 spid66      Stack Signature for the dump is 0x39F8A80D

2008-09-17 05:09:48.99 spid66      Potential image corruption/hotpatch detected. This may be a sign of a hardware problem or caused by presence of CLR/jitted images on the stack. Check SQLDUMPER_ERRORLOG.log for details.

2008-09-17 05:09:48.99 Server      Error: 17310, Severity: 20, State: 1.

2008-09-17 05:09:48.99 Server      A user request from the session with SPID 66 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.

2008-09-17 05:09:49.31 spid66      Using ‘dbghelp.dll’ version ‘4.0.5’

2008-09-17 05:09:49.35 spid66      ***Stack Dump being sent to D:Program FilesMSSQL.1MSSQLLOGSQLDump6231.txt

2008-09-17 05:09:49.35 spid66      SqlDumpExceptionHandler: Process 66 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.

2008-09-17 05:09:49.35 spid66      * *******************************************************************************

————————————————————————————————————————————————————————————————————————————————–

This stack dump is from an actual bug with sql server 2005 RTM that got fixed in SP1. (Apply SP3 considering the supportability)

Lets break the above stack dump.

Stack Header:

2008-09-17 04:24:43.07 spid87      Using ‘dbghelp.dll’ version ‘4.0.5’

2008-09-17 04:24:49.09 spid87      ***Stack Dump being sent to D:Program FilesMSSQL.1MSSQLLOGSQLDump3836.txt

The first line is the version of the dbghelp.dll used by SQL Server to produce information about an exception. It is present in the BINN folder of sql server installation files.

It provides “debugging” functions for an applications ( it is also used by SQLDUMPER.EXE for creating mini dumps).

2008-09-17 04:24:49.09 spid87      SqlDumpExceptionHandler: Process 87 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.

2008-09-17 04:24:49.09 spid87      * *******************************************************************************

The line appears only for exceptions and it is a simple method to see from the beginning that the stack dump is the result of an AV (c0000005 is the windows internal error number for Access Violation).

2008-09-17 04:24:49.09 spid87      * BEGIN STACK DUMP:

2008-09-17 04:24:49.09 spid87      *   09/17/08 04:24:49 spid 87

2008-09-17 04:24:49.09 spid87      *

2008-09-17 04:24:49.09 spid87      *

2008-09-17 04:24:49.09 spid87      *   Exception Address = 01105772 Module(sqlservr+00105772)

2008-09-17 04:24:49.09 spid87      *   Exception Code    = c0000005 EXCEPTION_ACCESS_VIOLATION

2008-09-17 04:24:49.09 spid87      *   Access Violation occurred reading address 00000000

2008-09-17 04:24:49.09 spid87      * Input Buffer 104 bytes –

2008-09-17 04:24:49.09 spid87      *    d b o . p r o c  12 00 64 00 62 00 6f 00 2e 00 70 00 72 00 6f 00 63 00

2008-09-17 04:24:49.09 spid87      *  _ M S S _ C r a w  5f 00 4d 00 53 00 53 00 5f 00 43 00 72 00 61 00 77 00

2008-09-17 04:24:49.09 spid87      *  l     &        &   6c 00 00 00 00 00 26 04 04 03 00 00 00 00 00 26 04 04

2008-09-17 04:24:49.09 spid87      *        &        &   07 00 00 00 00 00 26 04 04 01 00 00 00 00 00 26 04 04

2008-09-17 04:24:49.09 spid87      *  *     &        &   2a 00 00 00 00 00 26 04 04 00 00 00 00 00 00 26 04 04

2008-09-17 04:24:49.09 spid87      *        &    &       00 00 00 00 00 01 26 04 00 00 01 26 04 00

The information about the exception that is directly extracted from a structure called the EXCEPTION_RECORD. Anytime a thread catches a windows exception, key information can be found in the EXCEPTION_RECORD.

2008-09-17 04:24:49.09 spid87      *   Exception Address = 01105772 Module(sqlservr+00105772)

This is the instruction address SQLSERVR.EXE that caused the exception (in this case, an AV).

A basic definition of an AV is an attempt to access a memory address that is not accessible to the program’s virtual address space. The typical cause is that the memory address is not actually committed memory, but it could also be that the memory address is part of a region that is marked NO_ACCESS or READY_ONLY. The first 64 KB of the virtual address space of any Windows process is automatically marked NO_ACCESS. This means that any attempt by a thread to access a memory address of 0 – 65536 results in AV. This is specifically done in windows to catch any NULL pointers in programs. Memory regions marked READ_ONLY cause an AV to occur if a thread attempts to write at a memory address in that region.

The exception address is very important for you in making a quick determination about whether this problem may be a SQL Server issue. The name of the module associated with the exception address instruction is listed next to the module Module(sqlservr+00105772). In this case, you can see that the instruction address where the exception occurred is SQLSERVR.EXE and so it a problem of SQL Server.

If the module name is not SQLSERVR.EXE? it could still be a SQL Server bug.

In this particular  issue, I see that the AV occurred when readying the memory address 00000000

2008-09-17 04:24:49.09 spid87      *   Access Violation occurred reading address 00000000

Remember first 64KB is marked NO_ACCESS. My bet is a NULL pointer problem because of the address 0x00 in the dump. Probably the code was attempting to access a member of a class or structure that is a offset 0x00 within the structure, but the pointer that the code is using the NULL.

The next line is very important for the purpose of diagnosing the problem:

2008-09-17 04:24:49.09 spid87      *    d b o . p r o c  12 00 64 00 62 00 6f 00 2e 00 70 00 72 00 6f 00 63 00

2008-09-17 04:24:49.09 spid87      *  _ M S S _ C r a w  5f 00 4d 00 53 00 53 00 5f 00 43 00 72 00 61 00 77 00

2008-09-17 04:24:49.09 spid87      *  l     &        &   6c 00 00 00 00 00 26 04 04 03 00 00 00 00 00 26 04 04

2008-09-17 04:24:49.09 spid87      *        &        &   07 00 00 00 00 00 26 04 04 01 00 00 00 00 00 26 04 04

2008-09-17 04:24:49.09 spid87      *  *     &        &   2a 00 00 00 00 00 26 04 04 00 00 00 00 00 00 26 04 04

2008-09-17 04:24:49.09 spid87      *        &    &       00 00 00 00 00 01 26 04 00 00 01 26 04 00

This is called the input buffer and represents the query executed by the session on behalf of the application that results in the condition for the stack dump. The input buffer is displayed only for

a session that actually ran a query or proc.

For example, if an access violation was encountered by a “System Session” like checkpoint, you would not see an input buffer. In my case you were able to find the proc  and it can be used to reproduce the issue. Further you will proceed by check the file bugs or check the build or work towards a fix.

The type of input buffer is a SQL Remote Procedure Call (RPC). An RPC is used by an application to excute a stored procedure and bind parameters to it without executing a T-SQL string command.

The name of the stored procedure is displayed on the left side of this dump output. If you encounter a situation like this, you must use SQLTrace to find out the parameters of procedure execution.

2008-09-17 04:24:49.09 spid87      *  MODULE                          BASE      END       SIZE

2008-09-17 04:24:49.09 spid87      * sqlservr                       01000000  02BA7FFF  01ba8000

2008-09-17 04:24:49.09 spid87      * ntdll                          7C800000  7C8BFFFF  000c0000

2008-09-17 04:24:49.09 spid87      * kernel32                       77E40000  77F41FFF  00102000

2008-09-17 04:24:49.09 spid87      * MSVCR80                        78130000  781CAFFF  0009b000

2008-09-17 04:24:49.09 spid87      * msvcrt                         77BA0000  77BF9FFF  0005a000

2008-09-17 04:24:49.09 spid87      * MSVCP80                        7C420000  7C4A6FFF  00087000

2008-09-17 04:24:49.09 spid87      * ADVAPI32                       77F50000  77FEAFFF  0009b000

2008-09-17 04:24:49.09 spid87      * RPCRT4                         77C50000  77CEEFFF  0009f000

2008-09-17 04:24:49.09 spid87      * Secur32                        76F50000  76F62FFF  00013000

2008-09-17 04:24:49.09 spid87      * USER32                         77380000  77410FFF  00091000

2008-09-17 04:24:49.09 spid87      * GDI32                          77C00000  77C47FFF  00048000

2008-09-17 04:24:49.09 spid87      * CRYPT32                        761B0000  76242FFF  00093000

2008-09-17 04:24:49.09 spid87      * MSASN1                         76190000  761A1FFF  00012000

2008-09-17 04:24:49.09 spid87      * MSWSOCK                        71B20000  71B60FFF  00041000

2008-09-17 04:24:49.09 spid87      * WS2_32                         71C00000  71C16FFF  00017000

2008-09-17 04:24:49.09 spid87      * WS2HELP                        71BF0000  71BF7FFF  00008000

2008-09-17 04:24:49.09 spid87      * USERENV                        76920000  769E1FFF  000c2000

2008-09-17 04:24:49.09 spid87      * opends60                       333E0000  333E6FFF  00007000

2008-09-17 04:24:49.09 spid87      * NETAPI32                       71C40000  71C96FFF  00057000

2008-09-17 04:24:49.09 spid87      * SHELL32                        7C8D0000  7D0CDFFF  007fe000

2008-09-17 04:24:49.09 spid87      * SHLWAPI                        77DA0000  77DF1FFF  00052000

2008-09-17 04:24:49.09 spid87      * comctl32                       77420000  77522FFF  00103000

2008-09-17 04:24:49.09 spid87      * psapi                          76B70000  76B7AFFF  0000b000

2008-09-17 04:24:49.09 spid87      * instapi                        48060000  48069FFF  0000a000

2008-09-17 04:24:49.09 spid87      * sqlevn70                       4F610000  4F7A0FFF  00191000

2008-09-17 04:24:49.09 spid87      * SQLOS                          344D0000  344D4FFF  00005000

2008-09-17 04:24:49.09 spid87      * rsaenh                         68000000  68034FFF  00035000

2008-09-17 04:24:49.09 spid87      * AUTHZ                          76C40000  76C53FFF  00014000

2008-09-17 04:24:49.09 spid87      * MSCOREE                        34480000  344C4FFF  00045000

2008-09-17 04:24:49.09 spid87      * ole32                          77670000  777A8FFF  00139000

2008-09-17 04:24:49.09 spid87      * msv1_0                         76C90000  76CB6FFF  00027000

2008-09-17 04:24:49.09 spid87      * iphlpapi                       76CF0000  76D09FFF  0001a000

2008-09-17 04:24:49.09 spid87      * kerberos                       622C0000  62317FFF  00058000

2008-09-17 04:24:49.09 spid87      * cryptdll                       766E0000  766EBFFF  0000c000

2008-09-17 04:24:49.09 spid87      * schannel                       76750000  76776FFF  00027000

2008-09-17 04:24:49.09 spid87      * COMRES                         77010000  770D5FFF  000c6000

2008-09-17 04:24:49.09 spid87      * XOLEHLP                        62380000  62385FFF  00006000

2008-09-17 04:24:49.09 spid87      * MSDTCPRX                       62390000  62408FFF  00079000

2008-09-17 04:24:49.09 spid87      * OLEAUT32                       77D00000  77D8AFFF  0008b000

2008-09-17 04:24:49.09 spid87      * msvcp60                        62410000  62474FFF  00065000

2008-09-17 04:24:49.09 spid87      * MTXCLU                         62480000  62498FFF  00019000

2008-09-17 04:24:49.09 spid87      * VERSION                        77B90000  77B97FFF  00008000

2008-09-17 04:24:49.09 spid87      * WSOCK32                        71BB0000  71BB8FFF  00009000

2008-09-17 04:24:49.09 spid87      * CLUSAPI                        624A0000  624B1FFF  00012000

2008-09-17 04:24:49.09 spid87      * RESUTILS                       624C0000  624D2FFF  00013000

2008-09-17 04:24:49.09 spid87      * DNSAPI                         76ED0000  76EF9FFF  0002a000

2008-09-17 04:24:49.09 spid87      * winrnr                         76F70000  76F76FFF  00007000

2008-09-17 04:24:49.09 spid87      * WLDAP32                        76F10000  76F3DFFF  0002e000

2008-09-17 04:24:49.09 spid87      * rasadhlp                       76F80000  76F84FFF  00005000

2008-09-17 04:24:49.09 spid87      * security                       62910000  62913FFF  00004000

2008-09-17 04:24:49.09 spid87      * msfte                          63030000  63287FFF  00258000

2008-09-17 04:24:49.09 spid87      * dbghelp                        632A0000  633B7FFF  00118000

2008-09-17 04:24:49.09 spid87      * WINTRUST                       76BB0000  76BDAFFF  0002b000

2008-09-17 04:24:49.09 spid87      * imagehlp                       76C10000  76C37FFF  00028000

2008-09-17 04:24:49.09 spid87      * dssenh                         68100000  68126FFF  00027000

2008-09-17 04:24:49.09 spid87      * hnetcfg                        63600000  63659FFF  0005a000

2008-09-17 04:24:49.09 spid87      * wshtcpip                       71AE0000  71AE7FFF  00008000

2008-09-17 04:24:49.09 spid87      * NTMARTA                        77E00000  77E20FFF  00021000

2008-09-17 04:24:49.09 spid87      * SAMLIB                         7E020000  7E02EFFF  0000f000

2008-09-17 04:24:49.09 spid87      * ntdsapi                        766F0000  76703FFF  00014000

2008-09-17 04:24:49.09 spid87      * xpsp2res                       63720000  639E4FFF  002c5000

2008-09-17 04:24:49.09 spid87      * CLBCatQ                        777B0000  77832FFF  00083000

2008-09-17 04:24:49.09 spid87      * sqlncli                        639F0000  63C0DFFF  0021e000

2008-09-17 04:24:49.09 spid87      * COMCTL32                       77530000  775C6FFF  00097000

2008-09-17 04:24:49.09 spid87      * comdlg32                       762B0000  762F8FFF  00049000

2008-09-17 04:24:49.09 spid87      * SQLNCLIR                       007C0000  007F2FFF  00033000

2008-09-17 04:24:49.09 spid87      * msftepxy                       63D90000  63DA4FFF  00015000

2008-09-17 04:24:49.09 spid87      * xpsqlbot                       65000000  65005FFF  00006000

2008-09-17 04:24:49.09 spid87      * xpstar90                       65020000  65064FFF  00045000

2008-09-17 04:24:49.09 spid87      * SQLSCM90                       65080000  65088FFF  00009000

2008-09-17 04:24:49.09 spid87      * ODBC32                         650A0000  650DCFFF  0003d000

2008-09-17 04:24:49.09 spid87      * BatchParser90                  650E0000  650FDFFF  0001e000

2008-09-17 04:24:49.09 spid87      * SQLSVC90                       65110000  65129FFF  0001a000

2008-09-17 04:24:49.09 spid87      * SqlResourceLoader              65140000  65145FFF  00006000

2008-09-17 04:24:49.09 spid87      * ATL80                          7C630000  7C64AFFF  0001b000

2008-09-17 04:24:49.09 spid87      * odbcint                        65320000  65336FFF  00017000

2008-09-17 04:24:49.09 spid87      * SQLSVC90                       65340000  65342FFF  00003000

2008-09-17 04:24:49.09 spid87      * xpstar90                       65350000  65375FFF  00026000

2008-09-17 04:24:49.09 spid87      * xplog70                        65380000  6538BFFF  0000c000

2008-09-17 04:24:49.09 spid87      * xplog70                        653A0000  653A2FFF  00003000

2008-09-17 04:24:49.09 spid87      * dbghelp                        65540000  65657FFF  00118000

This section list the DLL’s loaded in the SQL Server process and their memory address range. ( These can be used for further investigation of the stack dump)

This section is a dump of registers:

2008-09-17 04:24:49.09 spid87      *        Edi: 10247350:  00000000  00000000  00000000  00000000  00000000  00000000 

2008-09-17 04:24:49.09 spid87      *        Esi: 10247350:  00000000  00000000  00000000  00000000  00000000  00000000 

2008-09-17 04:24:49.09 spid87      *        Eax: 64DFEE20:  64DFEE54  02450AD1  FFFFFFFF  64DFEE60  013804D2  10247350 

2008-09-17 04:24:49.09 spid87      *        Ebx: 00000000: 

2008-09-17 04:24:49.09 spid87      *        Ecx: 00000000: 

2008-09-17 04:24:49.09 spid87      *        Edx: 00000040: 

2008-09-17 04:24:49.09 spid87      *        Eip: 01105772:  108B038B  CB8B016A  4D8BD2FF  F88B560C  FFDE39E8  89C033FF 

2008-09-17 04:24:49.09 spid87      *        Ebp: 64DFEE2C:  64DFEE60  013804D2  10247350  0FCE2028  00000000  64DFEF6D 

2008-09-17 04:24:49.09 spid87      *      SegCs: 0000001B: 

2008-09-17 04:24:49.09 spid87      *     EFlags: 00010206:  00610044  00610074  004D005C  00410063  00650066  005C0065 

2008-09-17 04:24:49.09 spid87      *        Esp: 64DFEE10:  64DFEF21  10247350  0FCE2028  102472F8  64DFEE54  02450AD1 

2008-09-17 04:24:49.09 spid87      *      SegSs: 00000023: 

2008-09-17 04:24:49.09 spid87      * *******************************************************************************

The format of this register dump is:

<register>: <value>: <first 24 bytes of memory at the address of value>

So for Edi register,

2008-09-17 04:24:49.09 spid87      *        Edi: 10247350:  00000000  00000000  00000000  00000000  00000000  00000000  (total values is 24 bytes from left to right starting from 00000000)

The value of the register at the time of exception was 00000000  this the data is less important but look the registers that only have values but don’t have a 24 bytes listed after Ebx, Ecx, Edx, SegCs, SegSs.

2008-09-17 04:24:49.09 spid87      *        Ebx: 00000000: 

2008-09-17 04:24:49.09 spid87      *        Ecx: 00000000: 

2008-09-17 04:24:49.09 spid87      *        Edx: 00000040: 

2008-09-17 04:24:49.09 spid87      *      SegCs: 0000001B: 

 

2008-09-17 04:24:49.09 spid87      *      SegSs: 00000023: 

When the server produces the stack dump, it tries to see if the value of the register is a valid memory address (it does this using the windows virtualquery API). If the value is not a valid memory address, the server doesn’t display any bytes on the right side. This is an easy method to see whether any registers might contain an invalid address.  Not all registers are used just for pointers, so it might be perfectly normal for it to contain a valid value that is not to be used as a memory address.

Short Stack Dump:

 

2008-09-17 04:24:49.09 spid87      * Short Stack Dump

2008-09-17 04:24:49.12 spid87      01105772 Module(sqlservr+00105772)

2008-09-17 04:24:49.12 spid87      013804D2 Module(sqlservr+003804D2)

2008-09-17 04:24:49.12 spid87      01439AD1 Module(sqlservr+00439AD1)

2008-09-17 04:24:49.12 spid87      0143995C Module(sqlservr+0043995C)

2008-09-17 04:24:49.12 spid87      01380F7A Module(sqlservr+00380F7A)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      01380EAF Module(sqlservr+00380EAF)

2008-09-17 04:24:49.12 spid87      013810A9 Module(sqlservr+003810A9)

2008-09-17 04:24:49.12 spid87      0125362A Module(sqlservr+0025362A)

2008-09-17 04:24:49.12 spid87      01253CCA Module(sqlservr+00253CCA)

2008-09-17 04:24:49.12 spid87      013CDC85 Module(sqlservr+003CDC85)

2008-09-17 04:24:49.12 spid87      013CDD56 Module(sqlservr+003CDD56)

2008-09-17 04:24:49.12 spid87      0125B712 Module(sqlservr+0025B712)

2008-09-17 04:24:49.12 spid87      0125B0B5 Module(sqlservr+0025B0B5)

2008-09-17 04:24:49.12 spid87      01320C83 Module(sqlservr+00320C83)

2008-09-17 04:24:49.12 spid87      0125B99F Module(sqlservr+0025B99F)

2008-09-17 04:24:49.12 spid87      0102C51D Module(sqlservr+0002C51D)

2008-09-17 04:24:49.12 spid87      010438E5 Module(sqlservr+000438E5)

2008-09-17 04:24:49.12 spid87      01041C35 Module(sqlservr+00041C35)

2008-09-17 04:24:49.12 spid87      0100889F Module(sqlservr+0000889F)

2008-09-17 04:24:49.12 spid87      010089C5 Module(sqlservr+000089C5)

2008-09-17 04:24:49.12 spid87      010086E7 Module(sqlservr+000086E7)

2008-09-17 04:24:49.12 spid87      010D764A Module(sqlservr+000D764A)

2008-09-17 04:24:49.12 spid87      010D7B71 Module(sqlservr+000D7B71)

2008-09-17 04:24:49.12 spid87      010D746E Module(sqlservr+000D746E)

2008-09-17 04:24:49.15 spid87      010D83F0 Module(sqlservr+000D83F0)

2008-09-17 04:24:49.15 spid87      781329AA Module(MSVCR80+000029AA)

2008-09-17 04:24:49.17 spid87      78132A36 Module(MSVCR80+00002A36)

This is called short stack dump because it is dump of the stack frame at the context of the event that caused the stack dump. (like an AV )

2008-09-17 04:24:49.20 spid87      Stack Signature for the dump is 0x39F8A80D

2008-09-17 04:24:50.57 spid87      Potential image corruption/hotpatch detected. This may be a sign of a hardware problem or caused by presence of CLR/jitted images on the stack. Check SQLDUMPER_ERRORLOG.log for details.

2008-09-17 04:24:50.59 Server      Error: 17310, Severity: 20, State: 1.

2008-09-17 04:24:50.59 Server      A user request from the session with SPID 87 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.

2008-09-17 04:24:50.90 spid87      Using ‘dbghelp.dll’ version ‘4.0.5’

2008-09-17 04:24:50.95 spid87      ***Stack Dump being sent to D:Program FilesMSSQL.1MSSQLLOGSQLDump3837.txt

2008-09-17 04:24:50.95 spid87      SqlDumpExceptionHandler: Process 87 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.

The first line is called a stack hash and is a value the server generated to uniquely identify the address of functions in the short stack dump.

So entire sequence is:

 1.      The exception is handled and the stack dump is produced.

2.      Any active transactions are rolled back.

3.      Any other resources associated with the query or the connection are destroyed.

4.      An error message is sent back to the client application.

5.      The connection is closed.

Cheers,

Bala

One Response to “A details explanation of Access Violation Dump in SQL Server.”

  1. ativan said

    I was very happy to find this website. I need to to thank you for your time
    just for this fantastic read!! I definitely appreciated every bit
    of it and i also have you saved as a favorite to
    see new things in your web site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: