> 	Hello,
>
> in the past few weeks my NetBSD-current system (2.0G initially, 2.0H now)
> has crashed several times during system shutdown in spec_ioctl()
> probably due to a NULL pointer reference. I cannot provide a crash
> dump because the system freezes after printing out "syncing disks...".
>
> Has anybody else seen this?
>

Do you mean something like this:

uvm_fault(0xcf906c54, 0, 0, 1) -> 0xe
spec_ioctl(ce147d84,0,ce147dfc,c0368118,c041c560) at netbsd:spec_ioctl+0xe
VOP_IOCTL(cfc0449c,402c7413,ce147ea4,3,cb4c1a80) at netbsd:VOP_IOCTL+0x40
vn_ioctl(cdaa97b8,402c7413,ce147ea4,ccfb9338,0) at netbsd:vn_ioctl+0x7a
sys_ioctl(ccf8a560,ce147f64,ce147f5c,0,ce147fa4) at netbsd:sys_ioctl+0x122
syscall_plain() at netbsd:syscall_plain+0x7e
--- syscall (number 54) ---
0x481db06b:
syncing disks... 2 1 done

and the crash being at line 465 in sys/miscfs/specfs/spec_vnops.c:
     459         ......
     460         } */ *ap = v;
     461         const struct bdevsw *bdev;
     462         const struct cdevsw *cdev;
     463         dev_t dev = ap->a_vp->v_rdev;
     464
==> 465         switch (ap->a_vp->v_type) {
     466
     467         case VCHR:

Yes - I have seen it. 8-) && 8-(

send-pr ? (I have also a matching core spinning araound.)

Frank