From owner-freebsd-hackers  Sun Apr 27 20:45:47 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id UAA18557
          for hackers-outgoing; Sun, 27 Apr 1997 20:45:47 -0700 (PDT)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA18552
          for <freebsd-hackers@freebsd.org>; Sun, 27 Apr 1997 20:45:42 -0700 (PDT)
Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.5/8.7.3) id NAA14724; Mon, 28 Apr 1997 13:15:35 +0930 (CST)
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199704280345.NAA14724@genesis.atrad.adelaide.edu.au>
Subject: Re: A Desparate Plea for Help...
In-Reply-To: <199704280221.LAA13874@genesis.atrad.adelaide.edu.au> from Michael Smith at "Apr 28, 97 11:51:19 am"
To: msmith@atrad.adelaide.edu.au (Michael Smith)
Date: Mon, 28 Apr 1997 13:15:34 +0930 (CST)
Cc: Shimon@i-Connect.Net, freebsd-hackers@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Michael Smith stands accused of saying:
> The trap you see above is somewhere near the top of spec_open in
> sys/miscfs/specfs.c.  Without knowing exactly what the trap was;
> specifically the fault address, it's hard to infer more.  There are
> several pointer references near the top of spec_open that might be
> the problem, the most likely IMHO is :
> 
>         /*
>          * Don't allow open if fs is mounted -nodev.
>          */
>         if (vp->v_mount && (vp->v_mount->mnt_flag & MNT_NODEV))
>                 return (ENXIO);
> 
> We have seen problems with vp->v_mount being NULL before; this
> appears most often with MFS filesystems. 

... and of course that's completely stupid on my part.  If vp->v_mount
is null that will _not_ result in a null deref.

Further study actually indicates that this function is quite paranoid
about its input.  Can you tell us which compile options you are using
with your kernels, so that someone can build this function and work
out where 0x6c is?

Are you loading/unloading LKM's on these systems?

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[