From jilles@stack.nl  Tue May 27 10:43:18 2003
Return-Path: <jilles@stack.nl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0CEB837B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 27 May 2003 10:43:18 -0700 (PDT)
Received: from skynet.stack.nl (skynet.stack.nl [131.155.140.225])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C8D7B43F93
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 27 May 2003 10:43:16 -0700 (PDT)
	(envelope-from jilles@stack.nl)
Received: by skynet.stack.nl (Postfix, from userid 65534)
	id 43CA13E2F; Tue, 27 May 2003 19:43:16 +0200 (CEST)
Received: from turtle.stack.nl (turtle.stack.nl [2001:610:1108:5010::132])
	by skynet.stack.nl (Postfix) with ESMTP id 460E23E25
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 27 May 2003 19:43:08 +0200 (CEST)
Received: by turtle.stack.nl (Postfix, from userid 1677)
	id 9CA6C1CC5D; Tue, 27 May 2003 19:43:07 +0200 (CEST)
Message-Id: <20030527174307.9CA6C1CC5D@turtle.stack.nl>
Date: Tue, 27 May 2003 19:43:07 +0200 (CEST)
From: Jilles Tjoelker <jilles@stack.nl>
Reply-To: Jilles Tjoelker <jilles@stack.nl>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: vidcontrol 80x60 panics reproducably
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         52728
>Category:       kern
>Synopsis:       vidcontrol 80x60 panics reproducably
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 27 10:50:13 PDT 2003
>Closed-Date:    Sun Aug 10 10:13:02 PDT 2003
>Last-Modified:  Sun Aug 10 10:20:16 PDT 2003
>Originator:     Jilles Tjoelker
>Release:        FreeBSD 5.1-BETA i386
>Organization:
MCGV Stack
>Environment:
System: FreeBSD turtle.stack.nl 5.1-BETA FreeBSD 5.1-BETA #10: Mon May 12 15:30:54 CEST 2003 jilles@turtle.stack.nl:/usr/obj/usr/src/sys/TURTLE i386

Using syscons with a larger history buffer:

options		SC_HISTORY_SIZE=1000

The last change to /sys/dev/syscons was on May 10.

The problem does not occur on FreeBSD 4.x.

>Description:

Attempting to set the console to 80x60 mode causes the following panic.

root@turtle /var/crash# gdb -k /usr/obj/usr/src/sys/TURTLE/kernel.debug vmcore.6GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
cpuid = 0; lapic.id = 01000000
fault virtual address   = 0x0
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xc033139a
stack pointer           = 0x10:0xe54617e0
frame pointer           = 0x10:0xe5461800
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 66362 (vidcontrol)
trap number             = 12
panic: page fault
cpuid = 0; lapic.id = 01000000
boot() called on cpu#0

syncing disks, buffers remaining... 7143 7143 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141 7141
giving up on 428 buffers
Uptime: 14d3h13m50s
Dumping 1023 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480[CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort] [CTRL-C to abort]  496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008
---
Reading symbols from /usr/obj/usr/src/sys/TURTLE/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/TURTLE/modules/usr/src/sys/modules/acpi/acpi.ko.debug
Reading symbols from /usr/obj/usr/src/sys/TURTLE/modules/usr/src/sys/modules/linux/linux.ko.debug...done.
Loaded symbols for /usr/obj/usr/src/sys/TURTLE/modules/usr/src/sys/modules/linux/linux.ko.debug
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:238
238             dumping++;
(kgdb) bt
#0  doadump () at /usr/src/sys/kern/kern_shutdown.c:238
#1  0xc01c99a1 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:370
#2  0xc01c9dae in panic () at /usr/src/sys/kern/kern_shutdown.c:543
#3  0xc0333302 in trap_fatal (frame=0xe54617a0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:834
#4  0xc0332fb2 in trap_pfault (frame=0xe54617a0, usermode=0, eva=0)
    at /usr/src/sys/i386/i386/trap.c:748
#5  0xc0332b3d in trap (frame=
      {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 0, tf_esi = 1792, tf_ebp = -448391168, tf_isp = -448391220, tf_ebx = -900641760, tf_edx = 80000, tf_ecx = 80000, tf_eax = 1824, tf_trapno = 12, tf_err = 2, tf_eip = -1070394470, tf_cs = 8, tf_eflags = 66050, tf_esp = 32, tf_ss = -1070545153})
    at /usr/src/sys/i386/i386/trap.c:433
#6  0xc031adb8 in calltrap () at {standard input}:97
#7  0xc030790b in sc_alloc_history_buffer (scp=0xc7365a00, lines=0,
    prev_ysize=25, wait=0) at /usr/src/sys/dev/syscons/schistory.c:135
#8  0xc030b6a9 in sc_set_text_mode (scp=0xc7365a00, tp=0xc7365800, mode=204,
    xsize=80, ysize=60, fontsize=8) at /usr/src/sys/dev/syscons/scvidctl.c:220
#9  0xc030c1d1 in sc_vid_ioctl (tp=0xc7365800, cmd=0, data=0xe5461c48 "",
    flag=1, td=0xc7e23260) at /usr/src/sys/dev/syscons/scvidctl.c:638
#10 0xc030d71f in scioctl (dev=0x0, cmd=3225196896, data=0xe5461c48 "",
    flag=1, td=0xc7e23260) at /usr/src/sys/dev/syscons/syscons.c:660
#11 0xc018cafa in spec_ioctl (ap=0xc7365800)
    at /usr/src/sys/fs/specfs/spec_vnops.c:347
#12 0xc018c298 in spec_vnoperate (ap=0x0)
    at /usr/src/sys/fs/specfs/spec_vnops.c:123
#13 0xc022f341 in vn_ioctl (fp=0xcaf8d690, com=536892364, data=0xe5461c48,
    active_cred=0xc73e7280, td=0xc7e23260) at vnode_if.h:488
#14 0xc01ef186 in ioctl (td=0xc7e23260, uap=0xe5461d10) at file.h:251
#15 0xc033365c in syscall (frame=
      {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = -1077940544, tf_esi = 536892364, tf_ebp = -1077940632, tf_isp = -448389772, tf_ebx = 4, tf_edx = 0, tf_ecx = 0, tf_eax = 54, tf_trapno = 12, tf_err = 2, tf_eip = 671842979, tf_cs = 31, tf_eflags = 514, tf_esp = -1077940708, tf_ss = 47})
    at /usr/src/sys/i386/i386/trap.c:1021
#16 0xc031ae0d in Xint0x80_syscall () at {standard input}:139
---Can't read userspace from dump, or kernel process---

(kgdb) frame 7
#7  0xc030790b in sc_alloc_history_buffer (scp=0xc7365a00, lines=0,
    prev_ysize=25, wait=0) at /usr/src/sys/dev/syscons/schistory.c:135
135                     sc_vtb_clear(history, scp->sc->scr_map[0x20],
(kgdb) p *scp
$1 = {index = 2, sc = 0xc03f2b80, rndr = 0xc03a5640, scr = {vtb_flags = 1,
    vtb_type = 2, vtb_cols = 80, vtb_rows = 25, vtb_size = 2000,
    vtb_buffer = 3221979136, vtb_tail = 0}, vtb = {vtb_flags = 3,
    vtb_type = 1, vtb_cols = 80, vtb_rows = 60, vtb_size = 4800,
    vtb_buffer = 3406647296, vtb_tail = 0}, xpos = 0, ypos = 0, xsize = 80,
  ysize = 60, xpixel = 640, ypixel = 480, xoff = 0, yoff = 0,
  font = 0xc03ea360 "", font_size = 8, start = 0, end = 4799,
  tsw = 0xc03a55a0, ts = 0xc63c9780, status = 1053712, kbd_mode = 1,
  cursor_pos = 0, cursor_oldpos = 0, cursor_saveunder_char = 32,
  cursor_saveunder_attr = 1792, dflt_curs_attr = {flags = 0, base = 3,
    height = 2}, curr_curs_attr = {flags = 0, base = 3, height = 2},
  curs_attr = {flags = 0, base = 0, height = 16}, mouse_pos = 2440,
  mouse_oldpos = 2440, mouse_xpos = 320, mouse_ypos = 240,
  mouse_oldxpos = 320, mouse_oldypos = 240, mouse_buttons = 0,
  mouse_cut_start = 4800, mouse_cut_end = -1, mouse_proc = 0x0, mouse_pid = 0,
  mouse_signal = 0, bell_duration = 5, bell_pitch = 800, border = 0 '\0',
  mode = 204, pid = 0, proc = 0x0, smode = {mode = 0 '\0', waitv = 0 '\0',
    relsig = 0, acqsig = 0, frsig = 0}, history = 0x0, history_pos = 28880,
  history_size = 0, splash_save_mode = 0, splash_save_status = 0}
(kgdb) p scp->sc->scr_map
$2 = "\0\001\002\003\004\005\006\a\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\e\034\035\036\037 !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237"...
(kgdb) p history
$3 = (struct sc_vtb *) 0x700
(kgdb) p lines
$4 = 0
(kgdb) p min_lines
$5 = -900641760
(kgdb) p prev_history
$7 = (struct sc_vtb *) 0xc800dc80
(kgdb) p *prev_history
$8 = {vtb_flags = 3, vtb_type = 3, vtb_cols = 80, vtb_rows = 1000,
  vtb_size = 80000, vtb_buffer = 3406147584, vtb_tail = 28880}
>How-To-Repeat:
vidcontrol -f 8x8 iso-8x8 80x60
>Fix:
Unknown
>Release-Note:
>Audit-Trail:

From: jilles@stack.nl (Jilles Tjoelker)
To: freebsd-gnats-submit@FreeBSD.org, jilles@stack.nl
Cc:  
Subject: Re: pending/52728: vidcontrol 80x60 panics reproducably
Date: Wed, 28 May 2003 10:28:59 +0200 (CEST)

 The category needs to be 'kern'.
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Wed May 28 15:20:25 PDT 2003 
Responsible-Changed-Why:  
Reassign misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52728 
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Sun Aug 10 10:12:19 PDT 2003 
State-Changed-Why:  
Originator reports that the problem no longer exists in a kernel built 
from fresh source. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=52728 

From: Ceri Davies <ceri@FreeBSD.org>
To: FreeBSD Gnats Submit <freebsd-gnats-submit@FreeBSD.org>
Cc:  
Subject: Re: kern/52728: vidcontrol 80x60 panics reproducably
Date: Sun, 10 Aug 2003 18:10:39 +0100

 Adding to audit trail, from misfiled PR kern/54979:
 
 Date: Mon, 28 Jul 2003 15:49:57 +0200
 From: Jilles Tjoelker <jilles@stack.nl>
 Message-Id: <20030728134957.GA50155@stack.nl>
 References: <20030718000933.GB1373@spes.drehmel.com>
 
  On Fri, Jul 18, 2003 at 02:09:33AM +0200, Robert Drehmel wrote:
  > Subject: Re: kern/52970: vidcontrol 80x60 panics reproducably
  
  > Please post the output of `vidcontrol -i mode' with a loaded
  > VESA module and a verbose dmesg output (boot -v).
  
  With a new kernel (cvsup'ed today) the problem does not occur anymore
  (with or without VESA kld). Please close the PR.
  
  Jilles
 
>Unformatted:
