Date: Thu, 7 Dec 1995 21:13:47 +0000 From: mark@linus.demon.co.uk (Mark Valentine) To: freebsd-current@freebsd.org Subject: integer divide fault in tcp_timers() Message-ID: <199512072113.VAA00550@linus.demon.co.uk>
next in thread | raw e-mail | index | archive | help
I seem to have tickled a bug in TCP in recent kernels, leading to a panic in tcp_timers(). The only thing I can see in there which might be ending up as a zero divisor is tp->t_maxseg (I haven't disassembled the routine, but the offset was 0x124 in a kernel built with sources available in the latest CTM update, instruction divl 0x28(%ebx),%eax). Don't know if it's a new bug I'm seeing or an old one exposed by the recent commits changing the default MTU discovery behaviour (if I remember correctly). I reproduced this bug reliably under the same circumstances with kernels compiled today and yesterday. It happened each time when I was sending a particular (very small) mail message out over SMTP across a dial-up PPP link, towards the end of the transaction. Each time, running sendmail -q -v, the last output I saw was the the remote end prompting for the body of the message, then blam! The PPP link was otherwise fully operational, coping fine with a day's worth of incoming mail and interactive telnet sessions. (I booted an old kernel [September] to get the message out, and the next one I sent out with a current kernel didn't panic.) I'm running kernel ppp; there are no ethernet interfaces on this system. Mark. -- "Tigers will do ANYTHING for a tuna fish sandwich." "We're kind of stupid that way." *munch* *munch*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199512072113.VAA00550>