On Wed, Aug 21, 2019 at 02:36:36AM +0200, Alexandr Nedvedicky wrote:
> I've used same steps to reproduce the panic. This is what I could
> see in resulting crash:
I have poked at this in a VMM guest booting GENERIC with the following
in rc.local(8) to trigger it as early as possible on reboot:
echo set timeout interval 1 | pfctl -f-
and landed at the same panic most of the time; There is another path
however
ddb> t
refcnt_take(3) at refcnt_take+0x10
pf_purge(ffffffff81fba068) at pf_purge+0x30
taskq_thread(ffff800000022040) at taskq_thread+0x3d
end trace frame: 0x0, count: -3
ddb> e /i
refcnt_take+0x10: xaddl %eax,0(%rdi)
> I think the problem is the first 'while (maxcheck--)' loop may actually
> wrap around the state_list and re-insert the `cur` to garbage collector list
> again. Such sequence of events would match the panic I could see. I think
> the right fix is to break from the while loop as soon, as we reach
> the end of the state_list.
Makes sense, matches with my analysis and does fix both panics for me.
OK kn
> at line 1491, we don't need to recalculate expiration time. The `next` item is
> on the garbage collector list already, so it must be expired for sure.
I've only worked on the original issue myself, but this reads and works
fine as well.
