> I went poking through /usr/src/sys/vm/vm_mmap.c and noticed that ommap()
> (now compat_43_mmap()) only sets MAP_FIXED before calling mmap() if, indeed,
> the OMAP_FIXED flag is set.  Given that it isn't (0x80000002 effectively ==
> But if I whack the Netscape binary further to provide a 0 in place of the
> 0x40000000 at mmap() call time, it works (!!!).  Go figure ...

0x40000000 is in the `virtual address hole' that exists on sun4c machines.
There isn't currently a mechanism in the VM system to detect such invalid
addresses early enough to either fail the mmap() call or to find something
more suitable in case the suggested address is just a hint. Instead, you get
a SEGV when you access the returned region...

-pk