NT4 Kernel Debugging with 6.1.17.2

WINDBG
1

Is there any known limitation of NT4 support on 6.1.17.2? My target is
NT4SP6a, and my host is XP SP1. Without the debugger attached, my
target boots up just fine. When the debugger is attached, during
startup, it will break into the debugger for a second chance access
violation at some bogus address in user space. Downgrading to 6.1.9.0
seems to take care of the problem.

Thanks.

Waiting to reconnect…
Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE
Kernel Debugger connection established.
Symbol search path is:
c:\fyyau\textprint\textprint\driver\winnt4\i386\checked;c:\fyyau\textprint\textprint\driver\winnt4\i386\free;c:\fyyau\textprint\textprint\build\debug;c:\fyyau\textprint\textprint\build\release;c:\syms\nt4chk-sp6;c:\syms\nt4fre-sp6;c:\syms\nt4chk;c:\syms\nt4fre;srv*c:\syms\symsrv*http://msdl.microsoft.com/download/symbols;c:\syms\wxpfre-sp1;c:\syms\wxpfre
Executable search path is:
Unable to read selector for PCR for processor 0
Windows NT 4 Kernel Version 1381 MP (1 procs) Checked x86 compatible
Kernel base = 0x804d4000 PsLoadedModuleList = 0x80567930
System Uptime: not available
Processor MTRR:
0. WB 00000000:00000000 0000000f:e0000000
1.
2.
3.
4.
5.
6.
7.

HAL - dumping all supported bus ranges
Internal 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:00000000 - 0:ffffffff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Isa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Eisa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000007

PCI 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000000

PCI 1
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000

PCI 2
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000
Executive: product suite is not present
IOINIT: Built-in driver \Driver\PSeries failed to initialize - C000000E
IOINIT: Built-in driver \Driver\atapi took 7.1s to initialize
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> kbn

ChildEBP RetAddr Args to Child

WARNING: Frame IP not in any known module. Following frames may be
wrong.
00 f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400
01 00010286 6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b
02 87f2413b b6db6ddb 6db6db6d b6db6ddb 6db6db6d 0x6b6a6968
03 6db6db6d 00000000 00000000 00000000 00000000 0xb6db6ddb
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> gn

*** Fatal System Error: 0x0000001E
(0xC0000005,0x04805400,0x00000000,0x04805400)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols

Loading unloaded module list
No unloaded module list present
Loading User Symbols
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {c0000005, 4805400, 0, 4805400}

Probably caused by : Atdisk.SYS ( Atdisk+0 )

Followup: MachineOwner

nt!RtlpBreakWithStatusInstruction:
80539c58 cc int 3
0: kd> !analyze -v
*******************************************************************************
*
*
* Bugcheck
Analysis *
*
*
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 04805400, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 04805400, Parameter 1 of the exception

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
+4805400
04805400 ?? ???

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 04805400

READ_ADDRESS: 04805400

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x1E

TRAP_FRAME: f2413aa9 – (.trap fffffffff2413aa9)
ErrCode = 00000000
eax=1c000000 ebx=00000000 ecx=f2413b5c edx=f2413b2c esi=80f1ad08
edi=f22f8000
eip=04805400 esp=f2413b1d ebp=87f2413b iopl=0 nv up ei ng nz na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010286
04805400 ?? ???
Resetting default context

LAST_CONTROL_TRANSFER: from 55f2413b to 04805400

UNALIGNED_STACK_POINTER: *** Unknown TAG in analysis list 3002

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong.
f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400
00010286 6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b
87f2413b b6db6ddb 6db6db6d b6db6ddb 6db6db6d 0x6b6a6968
6db6db6d 00000000 00000000 00000000 00000000 0xb6db6ddb

FAILED_INSTRUCTION_ADDRESS:
+4805400
04805400 ?? ???

FOLLOWUP_IP:
Atdisk+0
f22f8000 4d dec ebp

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Atdisk+0

MODULE_NAME: Atdisk

IMAGE_NAME: Atdisk.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 36c49f30

STACK_COMMAND: .trap fffffffff2413aa9 ; kb

BUCKET_ID: 0x1E_BAD_IP_Atdisk+0

Followup: MachineOwner

2

This may be a known issue when debugging NT4 targets. Can you try using
kd.exe instead of windbg.exe and see if it repros?

If it does not repro with kd.exe, you can work around the issue by
launching kd -server npipe:pipe=mypipename … and then connect to this
kd with windbg -remote npipe:pipe=mypipename,server=myservername …

I am pretty sure this is only an issue with NT4 targets and only with
windbg.

-----Original Message-----
From: Faris Y. Yau [mailto:xxxxx@stg.com]
Sent: Friday, March 07, 2003 10:30 AM
To: Kernel Debugging Interest List
Subject: [windbg] NT4 Kernel Debugging with 6.1.17.2

Is there any known limitation of NT4 support on 6.1.17.2? My target is
NT4SP6a, and my host is XP SP1. Without the debugger attached, my
target boots up just fine. When the debugger is attached, during
startup, it will break into the debugger for a second chance access
violation at some bogus address in user space. Downgrading to 6.1.9.0
seems to take care of the problem.

Thanks.

Waiting to reconnect…
Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE Kernel
Debugger connection established. Symbol search path is:
c:\fyyau\textprint\textprint\driver\winnt4\i386\checked;c:\fyyau\textpri
nt\textprint\driver\winnt4\i386\free;c:\fyyau\textprint\textprint\build\
debug;c:\fyyau\textprint\textprint\build\release;c:\syms\nt4chk-sp6;c:\s
yms\nt4fre-sp6;c:\syms\nt4chk;c:\syms\nt4fre;srv*c:\syms\symsrv*http://m
sdl.microsoft.com/download/symbols;c:\syms\wxpfre-sp1;c:\syms\wxpfre
Executable search path is:
Unable to read selector for PCR for processor 0
Windows NT 4 Kernel Version 1381 MP (1 procs) Checked x86 compatible
Kernel base = 0x804d4000 PsLoadedModuleList = 0x80567930 System Uptime:
not available Processor MTRR:
0. WB 00000000:00000000 0000000f:e0000000
1.
2.
3.
4.
5.
6.
7.

HAL - dumping all supported bus ranges
Internal 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:00000000 - 0:ffffffff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Isa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Eisa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000007

PCI 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000000

PCI 1
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000

PCI 2
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000
Executive: product suite is not present
IOINIT: Built-in driver \Driver\PSeries failed to initialize - C000000E
IOINIT: Built-in driver \Driver\atapi took 7.1s to initialize Access
violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> kbn

ChildEBP RetAddr Args to Child

WARNING: Frame IP not in any known module. Following frames may be
wrong. 00 f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400 01
00010286 6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b 02 87f2413b
b6db6ddb 6db6db6d b6db6ddb 6db6db6d 0x6b6a6968 03 6db6db6d 00000000
00000000 00000000 00000000 0xb6db6ddb
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> gn

*** Fatal System Error: 0x0000001E
(0xC0000005,0x04805400,0x00000000,0x04805400)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols … Loading unloaded module list No unloaded
module list present Loading User Symbols
************************************************************************
*******
*

*
* Bugcheck
Analysis *
*

*
************************************************************************
*******

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {c0000005, 4805400, 0, 4805400}

Probably caused by : Atdisk.SYS ( Atdisk+0 )

Followup: MachineOwner

nt!RtlpBreakWithStatusInstruction:
80539c58 cc int 3
0: kd> !analyze -v
************************************************************************
*******
*

*
* Bugcheck
Analysis *
*

*
************************************************************************
*******

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 04805400, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 04805400, Parameter 1 of the exception

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
+4805400
04805400 ?? ???

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 04805400

READ_ADDRESS: 04805400

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x1E

TRAP_FRAME: f2413aa9 – (.trap fffffffff2413aa9)
ErrCode = 00000000
eax=1c000000 ebx=00000000 ecx=f2413b5c edx=f2413b2c esi=80f1ad08
edi=f22f8000
eip=04805400 esp=f2413b1d ebp=87f2413b iopl=0 nv up ei ng nz na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010286
04805400 ?? ???
Resetting default context

LAST_CONTROL_TRANSFER: from 55f2413b to 04805400

UNALIGNED_STACK_POINTER: *** Unknown TAG in analysis list 3002

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong. f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400 00010286
6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b 87f2413b b6db6ddb
6db6db6d b6db6ddb 6db6db6d 0x6b6a6968 6db6db6d 00000000 00000000
00000000 00000000 0xb6db6ddb

FAILED_INSTRUCTION_ADDRESS:
+4805400
04805400 ?? ???

FOLLOWUP_IP:
Atdisk+0
f22f8000 4d dec ebp

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Atdisk+0

MODULE_NAME: Atdisk

IMAGE_NAME: Atdisk.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 36c49f30

STACK_COMMAND: .trap fffffffff2413aa9 ; kb

BUCKET_ID: 0x1E_BAD_IP_Atdisk+0

Followup: MachineOwner

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

3

I just tried it and yes, kd seems to work fine.

Thanks for your help!

David Holcomb wrote:

This may be a known issue when debugging NT4 targets. Can you try using
kd.exe instead of windbg.exe and see if it repros?

If it does not repro with kd.exe, you can work around the issue by
launching kd -server npipe:pipe=mypipename … and then connect to this
kd with windbg -remote npipe:pipe=mypipename,server=myservername …

I am pretty sure this is only an issue with NT4 targets and only with
windbg.

-----Original Message-----
From: Faris Y. Yau [mailto:xxxxx@stg.com]
Sent: Friday, March 07, 2003 10:30 AM
To: Kernel Debugging Interest List
Subject: [windbg] NT4 Kernel Debugging with 6.1.17.2

Is there any known limitation of NT4 support on 6.1.17.2? My target is
NT4SP6a, and my host is XP SP1. Without the debugger attached, my
target boots up just fine. When the debugger is attached, during
startup, it will break into the debugger for a second chance access
violation at some bogus address in user space. Downgrading to 6.1.9.0
seems to take care of the problem.

Thanks.

Waiting to reconnect…
Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE Kernel
Debugger connection established. Symbol search path is:
c:\fyyau\textprint\textprint\driver\winnt4\i386\checked;c:\fyyau\textpri
nt\textprint\driver\winnt4\i386\free;c:\fyyau\textprint\textprint\build\
debug;c:\fyyau\textprint\textprint\build\release;c:\syms\nt4chk-sp6;c:\s
yms\nt4fre-sp6;c:\syms\nt4chk;c:\syms\nt4fre;srv*c:\syms\symsrv*http://m
sdl.microsoft.com/download/symbols;c:\syms\wxpfre-sp1;c:\syms\wxpfre
Executable search path is:
Unable to read selector for PCR for processor 0
Windows NT 4 Kernel Version 1381 MP (1 procs) Checked x86 compatible
Kernel base = 0x804d4000 PsLoadedModuleList = 0x80567930 System Uptime:
not available Processor MTRR:
0. WB 00000000:00000000 0000000f:e0000000
1.
2.
3.
4.
5.
6.
7.

HAL - dumping all supported bus ranges
Internal 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:00000000 - 0:ffffffff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Isa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Eisa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000007

PCI 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000000

PCI 1
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000

PCI 2
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000
Executive: product suite is not present
IOINIT: Built-in driver \Driver\PSeries failed to initialize - C000000E
IOINIT: Built-in driver \Driver\atapi took 7.1s to initialize Access
violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> kbn

ChildEBP RetAddr Args to Child

WARNING: Frame IP not in any known module. Following frames may be
wrong. 00 f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400 01
00010286 6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b 02 87f2413b
b6db6ddb 6db6db6d b6db6ddb 6db6db6d 0x6b6a6968 03 6db6db6d 00000000
00000000 00000000 00000000 0xb6db6ddb
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> gn

*** Fatal System Error: 0x0000001E
(0xC0000005,0x04805400,0x00000000,0x04805400)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols … Loading unloaded module list No unloaded
module list present Loading User Symbols
************************************************************************
*******
*

*
* Bugcheck
Analysis *
*

*
************************************************************************
*******

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {c0000005, 4805400, 0, 4805400}

Probably caused by : Atdisk.SYS ( Atdisk+0 )

Followup: MachineOwner

nt!RtlpBreakWithStatusInstruction:
80539c58 cc int 3
0: kd> !analyze -v
************************************************************************
*******
*

*
* Bugcheck
Analysis *
*

*
************************************************************************
*******

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 04805400, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 04805400, Parameter 1 of the exception

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
+4805400
04805400 ?? ???

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 04805400

READ_ADDRESS: 04805400

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x1E

TRAP_FRAME: f2413aa9 – (.trap fffffffff2413aa9)
ErrCode = 00000000
eax=1c000000 ebx=00000000 ecx=f2413b5c edx=f2413b2c esi=80f1ad08
edi=f22f8000
eip=04805400 esp=f2413b1d ebp=87f2413b iopl=0 nv up ei ng nz na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010286
04805400 ?? ???
Resetting default context

LAST_CONTROL_TRANSFER: from 55f2413b to 04805400

UNALIGNED_STACK_POINTER: *** Unknown TAG in analysis list 3002

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong. f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400 00010286
6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b 87f2413b b6db6ddb
6db6db6d b6db6ddb 6db6db6d 0x6b6a6968 6db6db6d 00000000 00000000
00000000 00000000 0xb6db6ddb

FAILED_INSTRUCTION_ADDRESS:
+4805400
04805400 ?? ???

FOLLOWUP_IP:
Atdisk+0
f22f8000 4d dec ebp

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Atdisk+0

MODULE_NAME: Atdisk

IMAGE_NAME: Atdisk.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 36c49f30

STACK_COMMAND: .trap fffffffff2413aa9 ; kb

BUCKET_ID: 0x1E_BAD_IP_Atdisk+0

Followup: MachineOwner

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to windbg as: xxxxx@stg.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

This workaround too did not work for me. I have to use kd at the host(The
machine where debugger is running in client mode). If i use windbg as soon
as i connect to server running either kd or windbg, client mode windbg
crashes immediately.

-Srin.

-----Original Message-----
From: David Holcomb [mailto:xxxxx@microsoft.com]
Sent: Friday, March 07, 2003 10:36 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: NT4 Kernel Debugging with 6.1.17.2

This may be a known issue when debugging NT4 targets. Can you try using
kd.exe instead of windbg.exe and see if it repros?

If it does not repro with kd.exe, you can work around the issue by
launching kd -server npipe:pipe=mypipename … and then connect to this
kd with windbg -remote npipe:pipe=mypipename,server=myservername …

I am pretty sure this is only an issue with NT4 targets and only with
windbg.

-----Original Message-----
From: Faris Y. Yau [mailto:xxxxx@stg.com]
Sent: Friday, March 07, 2003 10:30 AM
To: Kernel Debugging Interest List
Subject: [windbg] NT4 Kernel Debugging with 6.1.17.2

Is there any known limitation of NT4 support on 6.1.17.2? My target is
NT4SP6a, and my host is XP SP1. Without the debugger attached, my
target boots up just fine. When the debugger is attached, during
startup, it will break into the debugger for a second chance access
violation at some bogus address in user space. Downgrading to 6.1.9.0
seems to take care of the problem.

Thanks.

Waiting to reconnect…
Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE Kernel
Debugger connection established. Symbol search path is:
c:\fyyau\textprint\textprint\driver\winnt4\i386\checked;c:\fyyau\textpri
nt\textprint\driver\winnt4\i386\free;c:\fyyau\textprint\textprint\build\
debug;c:\fyyau\textprint\textprint\build\release;c:\syms\nt4chk-sp6;c:\s
yms\nt4fre-sp6;c:\syms\nt4chk;c:\syms\nt4fre;srv*c:\syms\symsrv*http://m
sdl.microsoft.com/download/symbols;c:\syms\wxpfre-sp1;c:\syms\wxpfre
Executable search path is:
Unable to read selector for PCR for processor 0
Windows NT 4 Kernel Version 1381 MP (1 procs) Checked x86 compatible
Kernel base = 0x804d4000 PsLoadedModuleList = 0x80567930 System Uptime:
not available Processor MTRR:
0. WB 00000000:00000000 0000000f:e0000000
1.
2.
3.
4.
5.
6.
7.

HAL - dumping all supported bus ranges
Internal 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:00000000 - 0:ffffffff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Isa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000007

Eisa 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000007

PCI 0
IO…: 0:00000000 - 0:0000ffff
Memory…: 0:000a0000 - 0:000bffff 0:000d0000 - 0:000e7fff 0:20000000

  • 0:f5ffffff
    Memory…: 0:fc000000 - 0:fedfffff 0:fef00000 - 0:ffffffff
    PFMemory: 0:f6000000 - 0:fbffffff
    Dma…: 0:00000000 - 0:00000000

PCI 1
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000

PCI 2
IO…: 0:00000001 - 0:00000000
Memory…: 0:00000001 - 0:00000000
PFMemory: 0:00000001 - 0:00000000
Dma…: 0:00000000 - 0:00000000
Executive: product suite is not present
IOINIT: Built-in driver \Driver\PSeries failed to initialize - C000000E
IOINIT: Built-in driver \Driver\atapi took 7.1s to initialize Access
violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> kbn

ChildEBP RetAddr Args to Child

WARNING: Frame IP not in any known module. Following frames may be
wrong. 00 f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400 01
00010286 6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b 02 87f2413b
b6db6ddb 6db6db6d b6db6ddb 6db6db6d 0x6b6a6968 03 6db6db6d 00000000
00000000 00000000 00000000 0xb6db6ddb
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> g
Access violation - code c0000005 (!!! second chance !!!)
04805400 ?? ???
0: kd> gn

*** Fatal System Error: 0x0000001E
(0xC0000005,0x04805400,0x00000000,0x04805400)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

Connected to Windows NT 4 1381 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols … Loading unloaded module list No unloaded
module list present Loading User Symbols
************************************************************************
*******
*

*
* Bugcheck
Analysis *
*

*
************************************************************************
*******

Use !analyze -v to get detailed debugging information.

BugCheck 1E, {c0000005, 4805400, 0, 4805400}

Probably caused by : Atdisk.SYS ( Atdisk+0 )

Followup: MachineOwner

nt!RtlpBreakWithStatusInstruction:
80539c58 cc int 3
0: kd> !analyze -v
************************************************************************
*******
*

*
* Bugcheck
Analysis *
*

*
************************************************************************
*******

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 04805400, The address that the exception occurred at
Arg3: 00000000, Parameter 0 of the exception
Arg4: 04805400, Parameter 1 of the exception

Debugging Details:

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx”
referenced memory at “0x%08lx”. The memory could not be “%s”.

FAULTING_IP:
+4805400
04805400 ?? ???

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 04805400

READ_ADDRESS: 04805400

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x1E

TRAP_FRAME: f2413aa9 – (.trap fffffffff2413aa9)
ErrCode = 00000000
eax=1c000000 ebx=00000000 ecx=f2413b5c edx=f2413b2c esi=80f1ad08
edi=f22f8000
eip=04805400 esp=f2413b1d ebp=87f2413b iopl=0 nv up ei ng nz na
po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010286
04805400 ?? ???
Resetting default context

LAST_CONTROL_TRANSFER: from 55f2413b to 04805400

UNALIGNED_STACK_POINTER: *** Unknown TAG in analysis list 3002

STACK_TEXT:
WARNING: Frame IP not in any known module. Following frames may be
wrong. f2413b19 55f2413b 5c80539d 2cf2413b 00f2413b 0x4805400 00010286
6b6a6968 6f6e6d6c 73727170 77767574 0x55f2413b 87f2413b b6db6ddb
6db6db6d b6db6ddb 6db6db6d 0x6b6a6968 6db6db6d 00000000 00000000
00000000 00000000 0xb6db6ddb

FAILED_INSTRUCTION_ADDRESS:
+4805400
04805400 ?? ???

FOLLOWUP_IP:
Atdisk+0
f22f8000 4d dec ebp

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: Atdisk+0

MODULE_NAME: Atdisk

IMAGE_NAME: Atdisk.SYS

DEBUG_FLR_IMAGE_TIMESTAMP: 36c49f30

STACK_COMMAND: .trap fffffffff2413aa9 ; kb

BUCKET_ID: 0x1E_BAD_IP_Atdisk+0

Followup: MachineOwner

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to windbg as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com