K 10
svn:author
V 7
git2svn
K 8
svn:date
V 27
2022-03-04T22:13:33.773313Z
K 7
svn:log
V 904
pf: Initialize pf_kpool mutexes earlier

There are some error paths in ioctl handlers that will call
pf_krule_free() before the rule's rpool.mtx field is initialized,
causing a panic with INVARIANTS enabled.

Fix the problem by introducing pf_krule_alloc() and initializing the
mutex there.  This does mean that the rule->krule and pool->kpool
conversion functions need to stop zeroing the input structure, but I
don't see a nicer way to handle this except perhaps by guarding the
mtx_destroy() with a mtx_initialized() check.

Constify some related functions while here and add a regression test
based on a syzkaller reproducer.

Reported by:	syzbot+77cd12872691d219c158@syzkaller.appspotmail.com
Reviewed by:	kp
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 773e3a71b2f11d422694495aca988d4c7143601b)

Git Hash:   a41b6be8fcfbae49f0a950c75b36b5d1ca47ee46
Git Author: markj@FreeBSD.org
END