SQL Server 2000 에서 c0000005 Access violation(액세스 위반) 오류가 발생하며 서비스가 재시작 된 사례가 있어 아래와 같이 정리하였습니다. crash 발생 시 생성된 mdmp 파일을 windbg 로 확인한 사례입니다.
[환경]
SQL Server 2000 SP4
[현상]
SQL Server 가 비정상적으로 예기치 않은 오류로 서비스가 종료된 원인 분석
[원인]
Oracle client library C:\ORANT\BIN\NLNT.DLL 모듈에 의해서 접근할 수 없는 메모리 번지를 참조하여 Access violation 이 발생하였습니다.
[Action Plan]
참조된 NLNT, SQLTNSNT, ORA73 모두 Oracle client module이며 파일이 모두 1997년 버전(7.3.4)으로 매우 오래된 버전임을 확인할 수 있습니다. Oracle Client 모듈 업데이트를 권장합니다.
[분석결과]
1. call stack 분석
PROCESS_NAME: sqlservr.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00000000
WRITE_ADDRESS: 00000000
FOLLOWUP_IP:
NLNT+140ca
07f040ca 8900 mov dword ptr [eax],eax
NTGLOBALFLAG: 0
FAULTING_THREAD: 00000c94
PRIMARY_PROBLEM_CLASS: NULL_POINTER_READ
BUGCHECK_STR: APPLICATION_FAULT_NULL_POINTER_READ_NULL_POINTER_WRITE
LAST_CONTROL_TRANSFER: from 07f00a08 to 07f040ca
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
1a50b7d4 07f00a08 190d0e4c 1a50bf10 07e6d99c NLNT+0x140ca
1a50b7ec 07efea28 190d0e4c 1a50c8ed 07e6d99c NLNT+0x10a08
1a50bf6c 07e47bca 190d0e4c 1a50c294 1a50bf94 NLNT+0xea28
1a50c91c 07e45519 190d0e4c 00001803 00000000 SQLTNSNT+0x7bca
1a50e498 07e41063 1a50f634 0000000d 078a0ffc SQLTNSNT+0x5519
1a50e4cc 0785e96c 1a50f634 0000000d 078a0ffc SQLTNSNT+0x1063
1a50f970 0786990d 1a50f634 0000000d 00001803 ORA73+0xe96c
1a50fae4 07877089 0aa96a60 05f5fbd8 0000000d ORA73+0x1990d
1a50fb10 078770c8 0aa96a60 05f5fbd8 0000000d ORA73+0x27089
1a50fb34 0787aeee 0aa96a60 05f5fbd8 0000000d ORA73+0x270c8
1a50fe24 0787ca62 0aa96a60 0aa91958 00000007 ORA73+0x2aeee
1a50fe68 07864050 0aa96a60 0aa91958 ffffffff ORA73+0x2ca62
1a50feb4 0785dd67 0aa96a60 0aa91958 ffffffff ORA73+0x14050
1a50feec 07841e3b 0aa6f5c0 0aa96a60 0aa91958 ORA73+0xdd67
1a50ff48 07801e2d 00000016 00000009 1a0ae764 OCIW32+0x1e3b
1a50ff84 77b6b530 05f61be8 00000000 00000000 msdaora!COci7Session::WorkerThread+0x58
1a50ffb8 7c826063 190b61d0 00000000 00000000 msvcrt!_endthreadex+0xa3
1a50ffec 00000000 77b6b4bc 190b61d0 00000000 kernel32!BaseThreadStart+0x34
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: NLNT+140ca
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NLNT
IMAGE_NAME: NLNT.DLL
DEBUG_FLR_IMAGE_TIMESTAMP: 342970ca
STACK_COMMAND: ~288s; .ecxr ; kb
FAILURE_BUCKET_ID: NULL_POINTER_READ_c0000005_NLNT.DLL!Unknown
BUCKET_ID: APPLICATION_FAULT_NULL_POINTER_READ_NULL_POINTER_WRITE_NLNT+140ca
Followup: MachineOwner
---------
0:288> .exr 0xffffffffffffffff
ExceptionAddress: 07f040ca (NLNT+0x000140ca)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000000
Attempt to write to address 00000000
0:288> lmvm NLNT
start end module name
07ef0000 07f0b000 NLNT T (no symbols)
Loaded symbol image file: NLNT.DLL
Image path: C:\ORANT\BIN\NLNT.DLL
Image name: NLNT.DLL
Timestamp: Thu Sep 25 04:58:02 1997 (342970CA)
CheckSum: 00000000
ImageSize: 0001B000
File version: 0.0.0.0
Product version: 0.0.0.0
File flags: 0 (Mask 0)
File OS: 0 Unknown Base
File type: 0.0 Unknown
File date: 00000000.00000000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
작성자 : Lai Go / 작성일자 : 2009.10.14
