While auditing something unrelated, I noticed that this function seems
to potentially dev_put() on an error pointer.
I guess the problem comes from the fact that there are two methods
by which the device pointer is obtained.
First, inet{,6}_fib_lookup_dev() which uses error pointers.
Second, dev_get_by_index() which returns a valid device or NULL,
and therefore does not use error pointers.
If inet{,6}_fib_lookup_dev() returns an error pointer, the !dev check
will not pass and dev_put() will operate on an error pointer and
crash.
If you agree with my analysis, could you please cook up and test a
fix?
Thank you!
