On Sep 30, 2006, at 3:50 PM, Christian Biere wrote:

>> Number:         34674
>> Category:       kern
>> Synopsis:       Panic in tcp_input() by integer division fault
>> Confidential:   no
>> Severity:       serious
>> Priority:       medium
>> Responsible:    kern-bug-people
>> State:          open
>> Class:          sw-bug
>> Submitter-Id:   net
>> Arrival-Date:   Sat Sep 30 14:50:00 +0000 2006
>> Originator:     Christian Biere
>> Release:        NetBSD 4.99.3
>> Environment:
> System: NetBSD cyclonus 4.99.3 NetBSD 4.99.3 (STARSCREAM) #2: Sat  
> Sep 30 16:12:53 CEST 2006 src@cyclonus:/o/NetBSD/obj/sys/arch/i386/ 
> compile/STARSCREAM i386
> Architecture: i386
> Machine: i386
>> Description:
> NetBSD as of today crashes instantly with a "integer division  
> fault" in tcp_input()
> when I start gtk-gnutella. This bug must have been added within the  
> last few days
> (up to a week maybe). The first patch shows the place at I suspect  
> the divison-by-zero
> occurs. savecore is currently broken for me, so I had to look at  
> the assemble code
> at "eip" with gdb.
>
> Adding a check against zero helped against this panic but lead to  
> another
> in m_copydata() due to a negative length of "-12".
>
> I reverted the last modification to tcp_output.c and this seems to  
> have fixed
> the latter panic. I presume this last change introduced an  
> underflow or off-by-one
> bug.

This is strange. Why is savecore broken for you ? Can you provide a  
backtrace ?

>
>> How-To-Repeat:
> Any TCP-heavy application with many connections should trigger this  
> panic.

Did you tried with anything else but gnutella ?

--
Rui Paulo