EXECUTE AS , fatal exception
Hi There
If i add a new sysadmin login and that login is a user in a DB. If i execute the command EXECUTE AS 'LoginName':
I get the following error:
SqlDumpExceptionHandler: Process 57 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process
WHats up with this?
If my dbo for this db is linked to a sysadmin login i have no problem with EXECUTE as 'dbo'.
WHy do i get fatal errors when trying to execute as a a login name that is sysadmin?
On the net all referencing to the fatal error have nothing to do with EXECUTE AS?
Thanx
[631 byte] By [
Dietz] at [2007-12-25]
HI
This does not apply to me, the link si for 2000, resolution service pack.
I am running SS2005 SP1.
Thanx
I will need your help to investigate this one. I would appreciate if you can find the mini memory dump in the Log folder; the name of the file should be “SQLDUMPnnnn.txt”, where nnn is a sequential number. The information on this file will help us to try to find out where in the code was the problem.
I will also appreciate if you can share a sample script I can use to repro this bug as well as the following information:
· OS version and language.
· If you are using 64bit OS, whether you are using SQL Server 64 bit or 32 bit edition
· If any 3rd party or custom XP/SCLR is running on SQL Server
· Were you trying to impersonate a Windows login or a SQL login
From there I will try to analyze and repro the bug on my side and I will get back to you as soon as I can.
Thanks a lot for your help,
-Raul Garcia
SDE/T
SQL Server Engine
Hi Raul
As luck would have it i am having trouble re-creating the problem.
I am running MS WInder Server 2003 Enterprise SP 1.
Sql Server 2005 Enterprise Edition 32Bit SP1.
No 3rd party custom xp's or clr.
I am trying to impersonate a sql login.
I created a sql login called Queuereader, sysadmin, dbo in my user database obviously.
I then executed the following:
EXECUTE AS USER = 'Queuereader', to test an activated sp.
I then got the error, not sure what i did differently last time , maybe default db or something?
The dump is as follows:
=====================================================================
BugCheck Dump
=====================================================================
This file is generated by Microsoft SQL Server
version 9.00.2047.00
upon detection of fatal unexpected error. Please return this file,
the query or program that produced the bugcheck, the database and
the error log, and any other pertinent information with a Service Request.
Computer type is AT/AT COMPATIBLE.
Bios Version is DELL - 1
Phoenix ROM BIOS PLUS Version 1.10 A00
Current time is 09:21:09 10/11/06.
8 Intel x86 level 15, 3325 Mhz processor (s).
Windows NT 5.2 Build 3790 CSD Service Pack 1.
Memory
MemoryLoad = 49%
Total Physical = 4091 MB
Available Physical = 2073 MB
Total Page File = 5969 MB
Available Page File = 4060 MB
Total Virtual = 2047 MB
Available Virtual = 332 MB
***Stack Dump being sent to C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\SQLDump0010.txt
SqlDumpExceptionHandler: Process 54 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is
terminating this process.
* *******************************************************************************
*
* BEGIN STACK DUMP:
* 10/11/06 09:21:09 spid 54
*
*
* Exception Address = 01C4DC28 Module(sqlservr+00C4DC28)
* Exception Code = c0000005 EXCEPTION_ACCESS_VIOLATION
* Access Violation occurred reading address 000000B4
* Input Buffer 84 bytes -
* EXECUTE AS USER = 'Queuereader'
*
*
* MODULE BASE END SIZE
* sqlservr 01000000 02BCEFFF 01bcf000
* ntdll 7C800000 7C8BFFFF 000c0000
* kernel32 77E40000 77F41FFF 00102000
* MSVCR80 78130000 781CAFFF 0009b000
* msvcrt 77BA0000 77BF9FFF 0005a000
* MSVCP80 7C420000 7C4A6FFF 00087000
* ADVAPI32 77F50000 77FEBFFF 0009c000
* RPCRT4 77C50000 77CEEFFF 0009f000
* USER32 77380000 77411FFF 00092000
* GDI32 77C00000 77C47FFF 00048000
* CRYPT32 761B0000 76242FFF 00093000
* MSASN1 76190000 761A1FFF 00012000
* Secur32 76F50000 76F62FFF 00013000
* MSWSOCK 71B20000 71B60FFF 00041000
* WS2_32 71C00000 71C16FFF 00017000
* WS2HELP 71BF0000 71BF7FFF 00008000
* USERENV 76920000 769E3FFF 000c4000
* opends60 333E0000 333E6FFF 00007000
* NETAPI32 71C40000 71C97FFF 00058000
* SHELL32 7C8D0000 7D0D2FFF 00803000
* SHLWAPI 77DA0000 77DF1FFF 00052000
* comctl32 77420000 77522FFF 00103000
* psapi 76B70000 76B7AFFF 0000b000
* instapi 48060000 48069FFF 0000a000
* sqlevn70 4F610000 4F7A3FFF 00194000
* SQLOS 344D0000 344D4FFF 00005000
* rsaenh 68000000 6802EFFF 0002f000
* AUTHZ 76C40000 76C53FFF 00014000
* MSCOREE 79000000 79044FFF 00045000
* ole32 77670000 777A3FFF 00134000
* msv1_0 76C90000 76CB6FFF 00027000
* iphlpapi 76CF0000 76D09FFF 0001a000
* kerberos 62800000 62857FFF 00058000
* cryptdll 766E0000 766EBFFF 0000c000
* schannel 76750000 76776FFF 00027000
* COMRES 77010000 770D5FFF 000c6000
* XOLEHLP 628C0000 628C5FFF 00006000
* MSDTCPRX 628D0000 62947FFF 00078000
* msvcp60 780C0000 78120FFF 00061000
* MTXCLU 62950000 62968FFF 00019000
* VERSION 77B90000 77B97FFF 00008000
* WSOCK32 71BB0000 71BB8FFF 00009000
* OLEAUT32 77D00000 77D8BFFF 0008c000
* CLUSAPI 62970000 62981FFF 00012000
* RESUTILS 62990000 629A2FFF 00013000
* DNSAPI 76ED0000 76EF8FFF 00029000
* winrnr 76F70000 76F76FFF 00007000
* WLDAP32 76F10000 76F3DFFF 0002e000
* rasadhlp 76F80000 76F84FFF 00005000
* security 62DE0000 62DE3FFF 00004000
* msfte 63740000 63998FFF 00259000
* dbghelp 639A0000 63AB2FFF 00113000
* WINTRUST 76BB0000 76BDAFFF 0002b000
* imagehlp 76C10000 76C38FFF 00029000
* dssenh 68100000 68123FFF 00024000
* hnetcfg 63DA0000 63DF8FFF 00059000
* wshtcpip 71AE0000 71AE7FFF 00008000
* NTMARTA 77E00000 77E21FFF 00022000
* SAMLIB 63D10000 63D1EFFF 0000f000
* ntdsapi 766F0000 76704FFF 00015000
* xpsp2res 63F40000 64204FFF 002c5000
* CLBCatQ 777B0000 77832FFF 00083000
* sqlncli 64210000 64431FFF 00222000
* COMCTL32 77530000 775C6FFF 00097000
* comdlg32 762B0000 762F9FFF 0004a000
* SQLNCLIR 007B0000 007E2FFF 00033000
* msftepxy 645C0000 645D4FFF 00015000
* xpsqlbot 64EA0000 64EA5FFF 00006000
* xpstar90 64FC0000 65007FFF 00048000
* SQLSCM90 65020000 65028FFF 00009000
* ODBC32 65040000 6507CFFF 0003d000
* BatchParser90 65080000 6509EFFF 0001f000
* ATL80 7C630000 7C64AFFF 0001b000
* odbcint 65370000 65386FFF 00017000
* xpstar90 65390000 653B5FFF 00026000
* xplog70 653C0000 653CBFFF 0000c000
* xplog70 653E0000 653E2FFF 00003000
* dbghelp 657D0000 658E2FFF 00113000
*
* Edi: 00000000:
* Esi: 00000010:
* Eax: 00000000:
* Ebx: 00000000:
* Ecx: 00000E38:
* Edx: 5EB72040: 01039F10 00002000 00000005 00000000 00AE2740 00000000
* Eip: 01C4DC28: 00B4988B 8D8B0000 FFFFFF44 8B04418B F8034C7B 9589C933
* Ebp: 645BE4BC: 645BED48 01C67102 5EB723E0 645BED68 645B2A1D 00000000
* SegCs: 0000001B:
* EFlags: 00010216: 0020006D 00690046 0065006C 005C0073 00510053 0058004C
* Esp: 645BE2C0: 01003D15 5EB72064 00000000 5EB723E0 5EB723E0 645BE30C
* SegSs: 00000023:
* *******************************************************************************
* -
* Short Stack Dump
01C4DC28 Module(sqlservr+00C4DC28)
01C67102 Module(sqlservr+00C67102)
01C676C3 Module(sqlservr+00C676C3)
01C44B7D Module(sqlservr+00C44B7D)
01C4AC82 Module(sqlservr+00C4AC82)
01288864 Module(sqlservr+00288864)
01B00AC0 Module(sqlservr+00B00AC0)
010251BC Module(sqlservr+000251BC)
01025741 Module(sqlservr+00025741)
01023E34 Module(sqlservr+00023E34)
01041DD5 Module(sqlservr+00041DD5)
0103DFD4 Module(sqlservr+0003DFD4)
01006A96 Module(sqlservr+00006A96)
01006BBC Module(sqlservr+00006BBC)
01006DAB Module(sqlservr+00006DAB)
01447562 Module(sqlservr+00447562)
0144859B Module(sqlservr+0044859B)
0144789A Module(sqlservr+0044789A)
01447720 Module(sqlservr+00447720)
781329AA Module(MSVCR80+000029AA)
78132A36 Module(MSVCR80+00002A36)
PSS @0x392155D0
CSession @0x39214278
--
m_spid = 54 m_cRef = 15 m_rgcRefType[0] = 1
m_rgcRefType[1] = 1 m_rgcRefType[2] = 12 m_rgcRefType[3] = 1
m_rgcRefType[4] = 0 m_rgcRefType[5] = 0 m_pmo = 0x39214040
m_pstackBhfPool = 0x39215D20 m_dwLoginFlags = 0x03e0 m_fBackground = 0
m_fClientRequestConnReset = 0 m_fUserProc = -1 m_fConnReset = 0
m_fIsConnReset = 0 m_fInLogin = 0 m_fReplRelease = 0
m_fKill = 0 m_ulLoginStamp = 97741 m_eclClient = 5
m_protType = 5 m_hHttpToken = FFFFFFFF
m_pV7LoginRec
00000000: 42010000 02000972 00100000 00000006 60140000 ?B......r........`...
00000014: 00000000 e0030000 00000000 00000000 5e000d00 ?................^...
00000028: 78000200 7c000000 92002e00 ee000e00 0a010000 ?x...|...............
0000003C: 0a011c00 42010000 42010000 00166f49 bfc04201 ?....B...B.....oI..B.
00000050: 00004201 00004201 00000000 0000???????????????..B...B.......
CPhysicalConnection @0x39214188
-
m_pPhyConn->m_pmo = 0x39214040 m_pPhyConn->m_pNetConn = 0x39214788 m_pPhyConn->m_pConnList = 0x39214260
m_pPhyConn->m_pSess = 0x39214278 m_pPhyConn->m_fTracked = -1 m_pPhyConn->m_cbPacketsize = 4096
m_pPhyConn->m_fMars = 0 m_pPhyConn->m_fKill = 0
CBatch @0x39214A90
m_pSess = 0x39214278 m_pConn = 0x392149F0 m_cRef = 3
m_rgcRefType[0] = 1 m_rgcRefType[1] = 1 m_rgcRefType[2] = 1
m_rgcRefType[3] = 0 m_rgcRefType[4] = 0 m_pTask = 0x00AE05C8
EXCEPT (null) @0x645BC730
-
exc_number = 0 exc_severity = 0 exc_func = 0x023F4C60
Task @0x00AE05C8
-
CPU Ticks used (ms) = 0 Task State = 2
WAITINFO_INTERNAL: WaitResource = 0x00000000 WAITINFO_INTERNAL: WaitType = 0x0
WAITINFO_INTERNAL: WaitSpinlock = 0x00000000 SchedulerId = 0x2
ThreadId = 0xbdc m_state = 0 m_eAbortSev = 0
EC @0x392155D8
--
spid = 54 ecid = 0 ec_stat = 0x0
ec_stat2 = 0x0 ec_atomic = 0x0 __fSubProc = 1
ec_dbccContext = 0x00000000 __pSETLS = 0x39214A30 __pSEParams = 0x39214CD0
__pDbLocks = 0x392158C0
SEInternalTLS @0x39214A30
-
m_flags = 0 m_TLSstatus = 3 m_owningTask = 0x00AE05C8
m_activeHeapDatasetList = 0x39214A30 m_activeIndexDatasetList = 0x39214A38
SEParams @0x39214CD0
--
m_lockTimeout = -1 m_isoLevel = 4096 m_logDontReplicate = 0
m_neverReplicate = 0 m_XactWorkspace = 0x040DCD80 m_pSessionLocks = 0x39215AD0
m_pDbLocks = 0x392158C0 m_execStats = 0x04840330 m_pAllocFileLimit = 0x00000000
I will try to find as much as I can from the stack dump you provided us, but from a quick look it seems like the AV was caused by dereferencing a NULL pointer, most likely some data structure or object that was not initialized to a valid value.
I am also trying to repro it manually based on your description; I want to find out under what circumstances we may hit this bug (without any success myself so far). If you don’t mind I would like to as a few more questions: Did you updated SLQ Server (or the database) from SQL Server 2000 or previous version?
Unfortunately you haven’t been able to reproduce the issue anymore. Please, if you ever see it again let me know, I will really appreciate your help.
The part where I can help today is regarding the EXECUTE AS usage:
· EXECUTE AS USER takes as a parameter a user (DB principal) name and will create a database “sandboxed” token that doesn’t have any server-scoped privileges and cannot be used on other databases.
· EXECUTE AS LOGIN takes as a parameter a user (DB principal) name and will create a full token, which means that it is a token that is valid anywhere in the instance.
In your particular scenario, as you are trying to impersonate a sysadmin, EXECUTE AS USER will not work, if you want to impersonate a sysadmin and keep the privileges (anyway, sysadmins are mapped to dbo on the database as you already mentioned) you should use EXECUTE AS LOGIN.
There are mechanisms to make the EXECUTE AS USER context valid across DBs (i.e. digital signatures), but such mechanisms work better when impersonating a context for a module (SP, trigger, etc.) execution. Let me know if you would like an example on this area.
I will let you know if I can find the root cause of the bug, and I will also appreciate any additional help you can provide us in case you see this incident happening again.
Thanks a lot for your help, we really appreciate it.
-Raul Garcia
SDE/T
SQL Server Engine
Thanx Raul
I will try the execute as login.
Yes this database was upgraded from 32bit sql server 2000 SP3 to Sql Server 2005 SP1.
Thanx
