git: fc21aafe5ff2 - main - ipsec: fix a panic with INVARIANTS

The branch main has been updated by rew:

URL: https://cgit.FreeBSD.org/src/commit/?id=fc21aafe5ff2e02124ad004ee1c7e28b1ea5486a

commit fc21aafe5ff2e02124ad004ee1c7e28b1ea5486a
Author:     Robert Wing <rew@FreeBSD.org>
AuthorDate: 2021-12-03 23:22:23 +0000
Commit:     Robert Wing <rew@FreeBSD.org>
CommitDate: 2021-12-03 23:22:23 +0000

    ipsec: fix a panic with INVARIANTS
    
    When adding an SPD entry that already exists, a refcount wraparound
    panic is encountered. This was caused from dropping a reference on the
    wrong security policy.
    
    Fixes:          4920e38fecc3 ("ipsec: fix race condition in key.c")
    Reviewed by:    wma
    Sponsored by:   Klara Inc.
    Differential Revision:  https://reviews.freebsd.org/D33100
---
 sys/netipsec/key.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index cd2f8a4ccafa..4eb4c7c76464 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -2039,7 +2039,7 @@ key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 				__func__, oldsp));
 			KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp));
 		} else {
-			key_freesp(&newsp);
+			key_freesp(&oldsp);
 			ipseclog((LOG_DEBUG,
 			    "%s: a SP entry exists already.\n", __func__));
 			return (key_senderror(so, m, EEXIST));