On Thu, Jul 07, 2022 at 09:30:56PM +0200, Florian Westphal wrote: > With refcount_inc_not_zero, we'd also need a smp_rmb or similar, > followed by a test of the CONFIRMED bit. > > However, the ct pointer is taken from skb->_nfct, its refcount must > not be 0 (else, we'd already have a use-after-free bug). > > Use refcount_inc() instead to clarify the ct refcount is expected to > be at least 1. Applied, thanks