The following reply was made to PR kern/34674; it has been noted by GNATS.

From: Rui Paulo <rpaulo@fnop.net>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org
Subject: Re: kern/34674: Panic in tcp_input() by integer division fault
Date: Sat, 30 Sep 2006 20:27:44 +0100

 On Sep 30, 2006, at 3:50 PM, Christian Biere wrote:
 
 >> Number:         34674
 >> Category:       kern
 >> Synopsis:       Panic in tcp_input() by integer division fault
 >> Confidential:   no
 >> Severity:       serious
 >> Priority:       medium
 >> Responsible:    kern-bug-people
 >> State:          open
 >> Class:          sw-bug
 >> Submitter-Id:   net
 >> Arrival-Date:   Sat Sep 30 14:50:00 +0000 2006
 >> Originator:     Christian Biere
 >> Release:        NetBSD 4.99.3
 >> Environment:
 > System: NetBSD cyclonus 4.99.3 NetBSD 4.99.3 (STARSCREAM) #2: Sat  
 > Sep 30 16:12:53 CEST 2006 src@cyclonus:/o/NetBSD/obj/sys/arch/i386/ 
 > compile/STARSCREAM i386
 > Architecture: i386
 > Machine: i386
 >> Description:
 > NetBSD as of today crashes instantly with a "integer division  
 > fault" in tcp_input()
 > when I start gtk-gnutella. This bug must have been added within the  
 > last few days
 > (up to a week maybe). The first patch shows the place at I suspect  
 > the divison-by-zero
 > occurs. savecore is currently broken for me, so I had to look at  
 > the assemble code
 > at "eip" with gdb.
 >
 > Adding a check against zero helped against this panic but lead to  
 > another
 > in m_copydata() due to a negative length of "-12".
 >
 > I reverted the last modification to tcp_output.c and this seems to  
 > have fixed
 > the latter panic. I presume this last change introduced an  
 > underflow or off-by-one
 > bug.
 
 This is strange. Why is savecore broken for you ? Can you provide a  
 backtrace ?
 
 >
 >> How-To-Repeat:
 > Any TCP-heavy application with many connections should trigger this  
 > panic.
 
 Did you tried with anything else but gnutella ?
 
 --
 Rui Paulo