Commit ce76b83f3023 to 3.18.22 (backport of 89c22d8c3b27 ["net: Fix skb csum races when peeking"] from 4.2) causes the following failure: a recv(MSG_PEEK) on an ipv6 UDP socket using a buffer length smaller than the length of the actual UDP payload of a receivable packet fails with EFAULT. I do not seen the same problem with ipv4. Also, I do not see it in 4.3 or 4.4. The problem occurs in the following codepath after udp_lib_checksum_complete in udpv6_recvmsg fails to set the skb's csum related fields: udpv6_recvmsg skb_copy_and_csum_datagram_iovec skb_copy_datagram_iovec memcpy_toiovec It can be reproduced with the script below. After reverting ce76b83f3023 I do not see the failure any more. #!/bin/python import sys, os, socket, time family = socket.AF_INET6 addr = "::1" port = 1234 buf = "0123456789abcdef" * 8 buflen = len(buf) - 1 pid = os.fork() if pid == 0: time.sleep(1) s = socket.socket(family, socket.SOCK_DGRAM) s.sendto(buf, (addr, port)) sys.exit(0) s = socket.socket(family, socket.SOCK_DGRAM) s.bind((addr, port)) time.sleep(2) buf = s.recv(buflen, socket.MSG_PEEK) print "Received buffer of size %d: %s" % (len(buf), buf) os.waitpid(pid, 0) sys.exit(0) -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html