We are chasing use-after-free in IPv6 that could have their origin in fib6_ref 0 -> 1 transitions.
This patch series should help finding the root causes if these illegal transitions ever happen. Eric Dumazet (3): ipv6: fib6_info_destroy_rcu() cleanup ipv6: broadly use fib6_info_hold() helper ipv6: convert fib6_ref to refcount_t include/net/ip6_fib.h | 8 ++++---- net/ipv6/ip6_fib.c | 25 +++++++++++-------------- net/ipv6/route.c | 2 +- 3 files changed, 16 insertions(+), 19 deletions(-) -- 2.21.0.593.g511ec345e18-goog
