The routing stack control depends on quite a tree of functions to determine the proper attributes of a route such as a source address (ifa) or transmit ifp of a route.
When actually inserting a route, stack needs to ensure that ifa and ifp points to the entities that are still valid.
Validity means slightly more than just pointer validity - stack need guarantee that the provided objects are not scheduled for deletion.
Currently, callers either ignore it (most ifp parts, historically) or try to use refcounting (ifa parts). Even in case of ifa refcounting it's not always implemented correctly. For example, some codepaths inside rt_getifa_fib() are referencing ifa while not holding any locks, resulting in the referencing scheduled-for-deletion ifa.
Instead of trying to fix all of the callers by enforcing proper refcounting, switch to a different model.
As the rib_action() already requires epoch, do not require any stability guarantees other than the epoch-provided one.
Use newly-added conditional versions of the refcounting functions (ifa_try_ref(), if_try_ref()) and fail if any of these fails.
This addresses quite a number of corner cases in the route modification handling AND makes it simpler.