On Mon, Nov 05, 2018 at 07:12:23PM +0000, bugreport wrote:
> Nov 5 17:11:09 malice /bsd: uvm_fault(0xffffffff81d02318, 0x13b, 0, 2) -> e
Offset of refcnt.refs in struct pf_state is 0x13c. So I think the
state pointer is -1.
> Nov 5 17:11:09 malice /bsd: refcnt_take(e78f7c08b9a2a0b8) at
> refcnt_take+0x10
> Nov 5 17:11:09 malice /bsd: pf_purge(ffff800000021040) at pf_purge+0x2e
pf_purge() calls pf_purge_expired_states().
So I guess _Q_INVALID comes from here.
/* get next state, as cur may get deleted */
next = TAILQ_NEXT(cur, entry_list);
Currently I don't see how this can happen. It is an non-MP kernel.
I will continue thinking about it.
bluhm
