From 432ac5c07c6b1fb960f2e7d8e8cfb1306ce351ff Mon Sep 17 00:00:00 2001 From: Siva Mahadevan Date: Sat, 6 Jun 2026 21:26:55 -0400 Subject: [PATCH] pf: free match rules after exiting critical section This fixes a panic reported on armv7: sys/netpfil/pf/counters:match_block -> panic: free: called with spinlock or critical section held [...] vpanic() at vpanic pc = 0xc0321b5c lr = 0xc02f7b5c (free+0x140) sp = 0xc8c858bc fp = 0xc8c858e0 r4 = 0xe2fad648 r5 = 0xe402ce78 r6 = 0xc8c859e8 r7 = 0x0000001c r8 = 0xc8c858b4 r9 = 0xc0321b5c r10 = 0xc8c858bc free() at free+0x140 pc = 0xc02f7b5c lr = 0xe2f4f920 ($a+0x5f8) sp = 0xc8c858e8 fp = 0xc8c85930 r4 = 0xe402ce68 r5 = 0xc8c8599c r6 = 0xffffffff r10 = 0x0000001c [...] KDB: enter: panic Consequently, this fixes armv7 CI: https://ci.freebsd.org/job/FreeBSD-main-armv7-test/2287/consoleText Fixes: 6353f5d9a5c6f194bb014b8785a57f5314e8c652 Reviewed by: kp MFC after: 3 days --- sys/netpfil/pf/pf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 98b5657f728..c7d5e923d50 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -11544,10 +11544,6 @@ pf_counters_inc(int action, struct pf_pdesc *pd, struct pf_kstate *s, } } - if (s == NULL) { - pf_free_match_rules(mr); - } - if (a != NULL) { pf_rule_counters_inc(pd, a, dir_out, op_r_pass, af, src_host, dst_host); @@ -11559,6 +11555,10 @@ pf_counters_inc(int action, struct pf_pdesc *pd, struct pf_kstate *s, } pf_counter_u64_critical_exit(); + + if (s == NULL) { + pf_free_match_rules(mr); + } } static void