From elsukov@rdu.kirov.ru  Fri Aug 12 08:46:45 2005
Return-Path: <elsukov@rdu.kirov.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 312D316A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 12 Aug 2005 08:46:45 +0000 (GMT)
	(envelope-from elsukov@rdu.kirov.ru)
Received: from mail.rdu.kirov.ru (ns.rdu.kirov.ru [217.9.151.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AC77543D48
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 12 Aug 2005 08:46:43 +0000 (GMT)
	(envelope-from elsukov@rdu.kirov.ru)
Received: from rdu.kirov.ru (localhost [127.0.0.1])
	by mail.rdu.kirov.ru (Postfix) with ESMTP id 59E12115642
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 12 Aug 2005 12:46:40 +0400 (MSD)
Received: (from elsukov@localhost)
	by rdu.kirov.ru (8.12.10/8.12.9/Submit) id j7C8kesM082593;
	Fri, 12 Aug 2005 12:46:40 +0400 (MSD)
Message-Id: <200508120846.j7C8kesM082593@rdu.kirov.ru>
Date: Fri, 12 Aug 2005 12:46:40 +0400 (MSD)
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Reply-To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Fatal trap on 6.0-BETA2 when use SC_PIXEL_MODE, SHED_ULE, VESA_800x600
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         84836
>Category:       kern
>Synopsis:       Fatal trap on 6.0-BETA2 when use SC_PIXEL_MODE, SHED_ULE, VESA_800x600
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 12 08:50:20 GMT 2005
>Closed-Date:    Fri Sep 02 17:39:01 GMT 2005
>Last-Modified:  Fri Sep 02 17:39:01 GMT 2005
>Originator:     Andrey V. Elsukov
>Release:        FreeBSD 6.0-BETA2 i386
>Organization:
>Environment:
FreeBSD 6.0-BETA2 #0: Fri Aug 12 10:50:03 MSD 2005
    butcher@:/usr/obj/usr/src/sys/TEST
>Description:
I have custom kernel:
---------------------------------
-cpu            I486_CPU
-cpu            I586_CPU
 cpu            I686_CPU
-ident          GENERIC
+ident          TEST

-#options       SCHED_ULE               # ULE scheduler
-options        SCHED_4BSD              # 4BSD scheduler
+options        SCHED_ULE               # ULE scheduler
+#options       SCHED_4BSD              # 4BSD scheduler

+options                SC_DISABLE_REBOOT
+options                SC_PIXEL_MODE
---------------------------------
/boot/loader.conf:
vesa_load="YES"
---------------------------------
/boot/device.hints:
hint.sc.0.flags="0x180"
---------------------------------
/etc/rc.conf:
allscreen_flags="-g 100x37 VESA_800x600" 
---------------------------------
and system trap during boot.

>How-To-Repeat:
always.

>Fix:
boot in single user mode with hint.sc.0.flags="0x100" and disable allscreen_flags.


--- out.txt begins here ---
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
#0  doadump () at pcpu.h:165
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:165
#1  0xc0631cf4 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:397
#2  0xc0632009 in panic (fmt=0xc0823272 "from debugger")
    at /usr/src/sys/kern/kern_shutdown.c:553
#3  0xc0468d91 in db_panic (addr=-1065572748, have_addr=0, count=-1, 
    modif=0xd53867b0 "") at /usr/src/sys/ddb/db_command.c:435
#4  0xc0468d28 in db_command (last_cmdp=0xc09060a4, cmd_table=0x0, 
    aux_cmd_tablep=0xc088371c, aux_cmd_tablep_end=0xc0883738)
    at /usr/src/sys/ddb/db_command.c:349
#5  0xc0468df0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
#6  0xc046a991 in db_trap (type=18, code=0) at /usr/src/sys/ddb/db_main.c:221
#7  0xc064ada4 in kdb_trap (type=18, code=0, tf=0xd5386920)
    at /usr/src/sys/kern/subr_kdb.c:473
#8  0xc07f01f8 in trap_fatal (frame=0xd5386920, eva=0)
    at /usr/src/sys/i386/i386/trap.c:832
#9  0xc07efd74 in trap (frame=
      {tf_fs = -1048641528, tf_es = 40, tf_ds = -717750232, tf_edi = -1048583100, tf_esi = 1800, tf_ebp = -717723284, tf_isp = -717723316, tf_ebx = 400, tf_edx = 0, tf_ecx = -1048583168, tf_eax = 400, tf_trapno = 18, tf_err = 0, tf_eip = -1065572748, tf_cs = 32, tf_eflags = 66050, tf_esp = -717723276, tf_ss = -1048583168}) at /usr/src/sys/i386/i386/trap.c:639
#10 0xc07de0fa in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#11 0xc17f0008 in ?? ()
#12 0x00000028 in ?? ()
#13 0xd5380028 in ?? ()
#14 0xc17fe444 in ?? ()
#15 0x00000708 in ?? ()
#16 0xd538696c in ?? ()
#17 0xd538694c in ?? ()
#18 0x00000190 in ?? ()
#19 0x00000000 in ?? ()
#20 0xc17fe400 in ?? ()
#21 0x00000190 in ?? ()
#22 0x00000012 in ?? ()
#23 0x00000000 in ?? ()
#24 0xc07ca674 in sc_mouse_move (scp=0x0, x=400, y=0)
    at /usr/src/sys/dev/syscons/scmouse.c:132
#25 0xc07d4d12 in sc_alloc_scr_buffer (scp=0xc17fe400, wait=1, discard=1)
    at /usr/src/sys/dev/syscons/syscons.c:2918
#26 0xc07cf85c in sc_set_pixel_mode (scp=0xc17fe400, tp=0xc16cec00, 
    xsize=100, ysize=37, fontsize=16)
    at /usr/src/sys/dev/syscons/scvidctl.c:434
#27 0xc07d03cc in sc_vid_ioctl (tp=0xc16cec00, cmd=0, data=0xc16bb130 "d", 
    flag=1, td=0xc179daf0) at /usr/src/sys/dev/syscons/scvidctl.c:791
#28 0xc07d15b0 in scioctl (dev=0xc16c4000, cmd=2148289380, 
    data=0xc16bb130 "d", flag=1, td=0xc179daf0)
    at /usr/src/sys/dev/syscons/syscons.c:678
#29 0xc05eb34b in devfs_ioctl_f (fp=0xc17771b0, com=2148289380, 
    data=0xc16bb130, cred=0xc1555a80, td=0xc179daf0)
    at /usr/src/sys/fs/devfs/devfs_vnops.c:566
#30 0xc0656950 in ioctl (td=0xc179daf0, uap=0xd5386d04) at file.h:258
#31 0xc07f04e7 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 536892930, tf_esi = 258, tf_ebp = -1077941928, tf_isp = -717722268, tf_ebx = 37, tf_edx = 0, tf_ecx = 600, tf_eax = 54, tf_trapno = 12, tf_err = 2, tf_eip = 671847047, tf_cs = 51, tf_eflags = 514, tf_esp = -1077942020, tf_ss = 59})
    at /usr/src/sys/i386/i386/trap.c:986
#32 0xc07de14f in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
#33 0x0000003b in ?? ()
#34 0x0000003b in ?? ()
#35 0x0000003b in ?? ()
#36 0x20005602 in ?? ()
#37 0x00000102 in ?? ()
#38 0xbfbfe958 in ?? ()
#39 0xd5386d64 in ?? ()
#40 0x00000025 in ?? ()
#41 0x00000000 in ?? ()
#42 0x00000258 in ?? ()
#43 0x00000036 in ?? ()
#44 0x0000000c in ?? ()
#45 0x00000002 in ?? ()
#46 0x280b9287 in ?? ()
#47 0x00000033 in ?? ()
#48 0x00000202 in ?? ()
#49 0xbfbfe8fc in ?? ()
#50 0x0000003b in ?? ()
#51 0x00000000 in ?? ()
#52 0x00000000 in ?? ()
#53 0x00000000 in ?? ()
#54 0x00000000 in ?? ()
#55 0x0fa29000 in ?? ()
#56 0xc179dc44 in ?? ()
#57 0xc15594b0 in ?? ()
#58 0xd5386784 in ?? ()
#59 0xd5386768 in ?? ()
#60 0xc179daf0 in ?? ()
#61 0xc0642d47 in sched_switch (td=0x25, newtd=0x102, flags=)
    at /usr/src/sys/kern/sched_ule.c:1377
(kgdb) 
--- out.txt ends here ---


>Release-Note:
>Audit-Trail:

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/84836: Fatal trap on 6.0-BETA2 when use SC_PIXEL_MODE, SHED_ULE,
 VESA_800x600
Date: Fri, 19 Aug 2005 07:59:56 +0400

 This is a multi-part message in MIME format.
 --------------060902090904070000040501
 Content-Type: text/plain; charset=KOI8-R; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Andrey V. Elsukov wrote:
 >>Environment:
 FreeBSD 6.0-BETA2, 5.4-STABLE.
 
 >>Fix:
 i have make a patch.
 
 -- 
 WBR, Andrey V. Elsukov
 
 --------------060902090904070000040501
 Content-Type: text/plain;
  name="scvidctl.c.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="scvidctl.c.diff"
 
 --- src/sys/dev/syscons/scvidctl.c.orig	Thu Aug 18 19:38:24 2005
 +++ src/sys/dev/syscons/scvidctl.c	Thu Aug 18 19:38:29 2005
 @@ -412,6 +412,7 @@
      scp->yoff = (scp->ypixel/fontsize - ysize)/2;
      scp->font = font;
      scp->font_size = fontsize;
 +    scp->font_width = 8; 
  
      /* allocate buffers */
      sc_alloc_scr_buffer(scp, TRUE, TRUE);
 
 --------------060902090904070000040501--
 

From: Craig Rodrigues <rodrigc@crodrigues.org>
To: bug-followup@freebsd.org
Cc: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Subject: Re: kern/84836: Fatal trap on 6.0-BETA2 when use SC_PIXEL_MODE, SHED_ULE, VESA_800x600
Date: Sat, 27 Aug 2005 21:18:55 -0400

 Hi,
 
 You are on the right track with your patch.
 sc->font_width is initialized to 0, and then
 never reset, so you are hitting a division by zero
 error inside sc_mouse_move() in scmouse.c
 
 Can you try the following patch?
 
 
 --- scvesactl.c.orig	Sat Aug 27 16:45:23 2005
 +++ scvesactl.c	Sat Aug 27 17:24:46 2005
 @@ -70,7 +70,7 @@
  	case SW_TEXT_132x60:
  		if (!(scp->sc->adp->va_flags & V_ADP_MODECHANGE))
  			return ENODEV;
 -		return sc_set_text_mode(scp, tp, cmd & 0xff, 0, 0, 0);
 +		return sc_set_text_mode(scp, tp, cmd & 0xff, 0, 0, 0, 0);
  
  	/* text modes */
  	case SW_VESA_C80x60:
 @@ -81,7 +81,7 @@
  		if (!(scp->sc->adp->va_flags & V_ADP_MODECHANGE))
  			return ENODEV;
  		mode = (cmd & 0xff) + M_VESA_BASE;
 -		return sc_set_text_mode(scp, tp, mode, 0, 0, 0);
 +		return sc_set_text_mode(scp, tp, mode, 0, 0, 0, 0);
  
  	/* graphics modes */
  	case SW_VESA_32K_320: 	case SW_VESA_64K_320: 
 --- scvidctl.c.orig	Sat Aug 27 16:45:06 2005
 +++ scvidctl.c	Sat Aug 27 16:52:35 2005
 @@ -133,7 +133,7 @@
  
  int
  sc_set_text_mode(scr_stat *scp, struct tty *tp, int mode, int xsize, int ysize,
 -		 int fontsize)
 +		 int fontsize, int fontwidth)
  {
      video_info_t info;
      u_char *font;
 @@ -213,6 +213,7 @@
      scp->ypixel = scp->ysize*fontsize;
      scp->font = font;
      scp->font_size = fontsize;
 +    scp->font_width = fontwidth;
  
      /* allocate buffers */
      sc_alloc_scr_buffer(scp, TRUE, TRUE);
 @@ -317,7 +318,7 @@
  
  int
  sc_set_pixel_mode(scr_stat *scp, struct tty *tp, int xsize, int ysize, 
 -		  int fontsize)
 +		  int fontsize, int fontwidth)
  {
  #ifndef SC_PIXEL_MODE
      return ENODEV;
 @@ -429,6 +430,7 @@
      scp->yoff = (scp->ypixel/fontsize - ysize)/2;
      scp->font = font;
      scp->font_size = fontsize;
 +    scp->font_width = fontwidth;
  
      /* allocate buffers */
      sc_alloc_scr_buffer(scp, TRUE, TRUE);
 @@ -554,7 +556,7 @@
  	if (info.vi_flags & V_INFO_GRAPHICS)
  	    return sc_set_graphics_mode(scp, tp, *(int *)data);
  	else
 -	    return sc_set_text_mode(scp, tp, *(int *)data, 0, 0, 0);
 +	    return sc_set_text_mode(scp, tp, *(int *)data, 0, 0, 0, 0);
  #endif /* SC_NO_MODE_CHANGE */
  
      case OLD_CONS_MODEINFO:	/* get mode information (old infterface) */
 @@ -653,7 +655,7 @@
  #endif
  	if (!(adp->va_flags & V_ADP_MODECHANGE))
   	    return ENODEV;
 -	return sc_set_text_mode(scp, tp, cmd & 0xff, 0, 0, 0);
 +	return sc_set_text_mode(scp, tp, cmd & 0xff, 0, 0, 0, 0);
  
      /* GRAPHICS MODES */
      case SW_BG320:     case SW_BG640:
 --- syscons.c.orig	Sat Aug 27 16:43:07 2005
 +++ syscons.c	Sat Aug 27 16:43:52 2005
 @@ -358,7 +358,7 @@
  	    splash_term(sc->adp);
  #endif
  	sc_set_graphics_mode(scp, NULL, M_VESA_800x600);
 -	sc_set_pixel_mode(scp, NULL, COL, ROW, 16);
 +	sc_set_pixel_mode(scp, NULL, COL, ROW, 16, 8);
  	sc->initial_mode = M_VESA_800x600;
  #ifdef DEV_SPLASH
  	/* put up the splash again! */
 @@ -510,7 +510,7 @@
      if (scp == NULL) {
  	scp = SC_STAT(dev) = alloc_scp(sc, SC_VTY(dev));
  	if (ISGRAPHSC(scp))
 -	    sc_set_pixel_mode(scp, NULL, COL, ROW, 16);
 +	    sc_set_pixel_mode(scp, NULL, COL, ROW, 16, 8);
      }
      if (!tp->t_winsize.ws_col && !tp->t_winsize.ws_row) {
  	tp->t_winsize.ws_col = scp->xsize;
 --- syscons.h.orig	Sat Aug 27 16:39:57 2005
 +++ syscons.h	Sat Aug 27 16:42:20 2005
 @@ -606,10 +606,11 @@
  
  /* scvidctl.c */
  int		sc_set_text_mode(scr_stat *scp, struct tty *tp, int mode,
 -				 int xsize, int ysize, int fontsize);
 +				 int xsize, int ysize, int fontsize,
 +				 int font_width);
  int		sc_set_graphics_mode(scr_stat *scp, struct tty *tp, int mode);
 -int		sc_set_pixel_mode(scr_stat *scp, struct tty *tp,
 -				  int xsize, int ysize, int fontsize);
 +int		sc_set_pixel_mode(scr_stat *scp, struct tty *tp, int xsize,
 +				  int ysize, int fontsize, int font_width);
  int		sc_vid_ioctl(struct tty *tp, u_long cmd, caddr_t data, int flag,
  			     struct thread *td);
  
 
 -- 
 Craig Rodrigues        
 rodrigc@crodrigues.org
State-Changed-From-To: open->closed 
State-Changed-By: rodrigc 
State-Changed-When: Fri Sep 2 17:38:25 GMT 2005 
State-Changed-Why:  
Committed patch to HEAD, RELENG_6, RELENG_5. 
Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=84836 
>Unformatted:
