diff -urN linux-2.4.17-pre2/Documentation/filesystems/devfs/ChangeLog linux/Documentation/filesystems/devfs/ChangeLog
--- linux-2.4.17-pre2/Documentation/filesystems/devfs/ChangeLog	Sat Dec  1 10:48:46 2001
+++ linux/Documentation/filesystems/devfs/ChangeLog	Sun Dec  2 23:23:12 2001
@@ -1805,3 +1805,7 @@
 
 - Do not send CREATE, CHANGE, ASYNC_OPEN or DELETE events from devfsd
   or children
+===============================================================================
+Changes for patch v199.1
+
+- Fixed bug in <devfsd_read>: was dereferencing freed pointer
diff -urN linux-2.4.17-pre2/fs/devfs/base.c linux/fs/devfs/base.c
--- linux-2.4.17-pre2/fs/devfs/base.c	Sat Dec  1 10:48:46 2001
+++ linux/fs/devfs/base.c	Sun Dec  2 23:21:10 2001
@@ -569,6 +569,9 @@
 	       Do not send CREATE, CHANGE, ASYNC_OPEN or DELETE events from
 	       devfsd or children.
   v1.2
+    20011202   Richard Gooch <rgooch@atnf.csiro.au>
+	       Fixed bug in <devfsd_read>: was dereferencing freed pointer.
+  v1.3
 */
 #include <linux/types.h>
 #include <linux/errno.h>
@@ -601,7 +604,7 @@
 #include <asm/bitops.h>
 #include <asm/atomic.h>
 
-#define DEVFS_VERSION            "1.2 (20011127)"
+#define DEVFS_VERSION            "1.3 (20011202)"
 
 #define DEVFS_NAME "devfs"
 
@@ -3243,11 +3246,17 @@
     tlen = rpos - *ppos;
     if (done)
     {
+	devfs_handle_t parent;
+
 	spin_lock (&fs_info->devfsd_buffer_lock);
 	fs_info->devfsd_first_event = entry->next;
 	if (entry->next == NULL) fs_info->devfsd_last_event = NULL;
 	spin_unlock (&fs_info->devfsd_buffer_lock);
-	for (; de != NULL; de = de->parent) devfs_put (de);
+	for (; de != NULL; de = parent)
+	{
+	    parent = de->parent;
+	    devfs_put (de);
+	}
 	kmem_cache_free (devfsd_buf_cache, entry);
 	if (ival > 0) atomic_sub (ival, &fs_info->devfsd_overrun_count);
 	*ppos = 0;