Pull up following revision(s) (requested by roy in ticket #845): sys/netinet6/nd6_nbr.c: revision 1.178 inet6: nd6_na_input() now considers ln_state <= ND6_LLINFO_INCOMPLETE Otherwise if ln_state != ND6_LLINFO_INCOMPLETE and the is no lladdr and this message was solicited then ln_state is set to ND6_LLINFO_REACHABLE which could then cause a panic in nd6_resolve(). If ln_state > ND6_LLINFO_INCOMPLETE then it's assumed we have a lladdr. Potentially this could have been triggered by the introduction of ND6_LLINFO_PURGE in nd6.c r1.143 but also by the re-introduction of ND6_LLINFO_INCOMPLETE in nd6.c r1.263. Depending on the timing, it's technically possible to receive such a message after the llentry is created with ND6_LLINFO_NOSTATE.diff -r1.166.2.4 -r1.166.2.5 src/sys/netinet6/nd6_nbr.c
(martin)
--- src/sys/netinet6/nd6_nbr.c 2019/09/30 15:55:40 1.166.2.4
+++ src/sys/netinet6/nd6_nbr.c 2020/04/23 13:31:43 1.166.2.5
@@ -1,4 +1,4 @@
-/* $NetBSD: nd6_nbr.c,v 1.166.2.4 2019/09/30 15:55:40 martin Exp $ */
+/* $NetBSD: nd6_nbr.c,v 1.166.2.5 2020/04/23 13:31:43 martin Exp $ */
/* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.166.2.4 2019/09/30 15:55:40 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.166.2.5 2020/04/23 13:31:43 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -735,7 +735,7 @@
goto freeit;
rt_cmd = 0;
- if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
+ if (ln->ln_state <= ND6_LLINFO_INCOMPLETE) {
/*
* If the link-layer has address, and no lladdr option came,
* discard the packet.