> 
> No - the value of inp is NULL, and you're trying to dereference it.
> Try changing the terminating condition on the for loop to:

That is what I see as well....but I know TCP code and the &tcb is the
head pointer that is passed into pcblookup.  tcb is a double linked
ring queue and should never have a null pointer in it, even when it
is empty.  Since the problem occurred during and interrupt service
routine (a packet came in over the wire) I assume that the tcb queue
is being changed by another process at the time of the interrupt.

Typically, a queue is made atomic by using locks or changing the IPL
to force the ISR to wait until the queue has been *tottally* altered.

I have looked at the remque and insque routines and they dont seem
that an interrupt could exploit this, but it obviously happens.  Caveat:
I am fighting off the flu so my analytical skills are somewhat dull.

I would hope that the solution would be that the tcb queue changes by
protected by atomic code techniques just as a matter of safety.

Tim

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~  Timothy Jackson/TIAC - The Internet Access Company - Voice:617/276-7200  ~
~  CEO, Founder         - 7 Railroad Avenue           - Fax  :617/275-2224  ~
~                       - Bedford, MA 01730           - Data :617/275-0331  ~
~  timj@tiac.net                                                            ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~