On Thu, Apr 20, 2017 at 1:51 AM, David Ahern <d...@cumulusnetworks.com> wrote: > On 4/19/17 5:47 PM, Cong Wang wrote: >> On Wed, Apr 19, 2017 at 9:12 AM, Andrey Konovalov <andreyk...@google.com> >> wrote: >>> >>> Anyway, I just finished simplifying the reproducer. Give this one a try. >> >> Thanks for providing such a minimal reproducer! >> >> The following patch could fix this crash, but I am not 100% sure if we should >> just clear these bits or reject them with an errno. >> >> diff --git a/net/ipv6/route.c b/net/ipv6/route.c >> index 9db14189..cf524c2 100644 >> --- a/net/ipv6/route.c >> +++ b/net/ipv6/route.c >> @@ -2086,7 +2086,7 @@ static struct rt6_info >> *ip6_route_info_create(struct fib6_config *cfg) >> } else >> rt->rt6i_prefsrc.plen = 0; >> >> - rt->rt6i_flags = cfg->fc_flags; >> + rt->rt6i_flags = cfg->fc_flags & ~(RTF_PCPU | RTF_CACHE); >> >> install_route: >> rt->dst.dev = dev; >> > > I sent a patch returning EINVAL if RTF_PCPU is set in fc_flags
Andrey, does it fix the other crashes?
