On 4/19/17 5:47 PM, Cong Wang wrote: > On Wed, Apr 19, 2017 at 9:12 AM, Andrey Konovalov <andreyk...@google.com> > wrote: >> >> Anyway, I just finished simplifying the reproducer. Give this one a try. > > Thanks for providing such a minimal reproducer! > > The following patch could fix this crash, but I am not 100% sure if we should > just clear these bits or reject them with an errno. > > diff --git a/net/ipv6/route.c b/net/ipv6/route.c > index 9db14189..cf524c2 100644 > --- a/net/ipv6/route.c > +++ b/net/ipv6/route.c > @@ -2086,7 +2086,7 @@ static struct rt6_info > *ip6_route_info_create(struct fib6_config *cfg) > } else > rt->rt6i_prefsrc.plen = 0; > > - rt->rt6i_flags = cfg->fc_flags; > + rt->rt6i_flags = cfg->fc_flags & ~(RTF_PCPU | RTF_CACHE); > > install_route: > rt->dst.dev = dev; >
I sent a patch returning EINVAL if RTF_PCPU is set in fc_flags