On Thu, Apr 20, 2017 at 10:35 AM, Dmitry Vyukov <dvyu...@google.com> wrote: > On Thu, Apr 20, 2017 at 1:51 AM, David Ahern <d...@cumulusnetworks.com> wrote: >> On 4/19/17 5:47 PM, Cong Wang wrote: >>> On Wed, Apr 19, 2017 at 9:12 AM, Andrey Konovalov <andreyk...@google.com> >>> wrote: >>>> >>>> Anyway, I just finished simplifying the reproducer. Give this one a try. >>> >>> Thanks for providing such a minimal reproducer! >>> >>> The following patch could fix this crash, but I am not 100% sure if we >>> should >>> just clear these bits or reject them with an errno. >>> >>> diff --git a/net/ipv6/route.c b/net/ipv6/route.c >>> index 9db14189..cf524c2 100644 >>> --- a/net/ipv6/route.c >>> +++ b/net/ipv6/route.c >>> @@ -2086,7 +2086,7 @@ static struct rt6_info >>> *ip6_route_info_create(struct fib6_config *cfg) >>> } else >>> rt->rt6i_prefsrc.plen = 0; >>> >>> - rt->rt6i_flags = cfg->fc_flags; >>> + rt->rt6i_flags = cfg->fc_flags & ~(RTF_PCPU | RTF_CACHE); >>> >>> install_route: >>> rt->dst.dev = dev; >>> >> >> I sent a patch returning EINVAL if RTF_PCPU is set in fc_flags > > > Andrey, does it fix the other crashes?
No, still see them. I'm working on reproducing those.
