Re: panic: "(ln->la_flags & LLE_VALID) != 0" failed

[Roy Marples <roy%marples.name@localhost>]

On 19/04/2020 01:15, Taylor R Campbell wrote:
> I recently upgraded to netbsd-9, and I've been seeing this panic every
> couple days, sometimes more than once a day:
>
> panic: kernel diagnostic assertion "(ln->la_flags & LLE_VALID) != 0" failed: file "/home/riastradh/netbsd/9/src/sys/netinet6/nd6.c", line 2412
>
> This is at:
>
> https://nxr.netbsd.org/xref/src/sys/netinet6/nd6.c#2426
>
> (The line number is slightly different in HEAD, but I think the logic
> is essentially the same.)

This is now fixed in src/sys/netinet6/nd6_nbr.c r1.178
Here's the commit message explaining the issue

inet6: nd6_na_input() now considers ln_state <= ND6_LLINFO_INCOMPLETE

Otherwise if ln_state != ND6_LLINFO_INCOMPLETE and the is no lladdr
and this message was solicited then ln_state is set to ND6_LLINFO_REACHABLE
which could then cause a panic in nd6_resolve().
If ln_state > ND6_LLINFO_INCOMPLETE then it's assumed we have a lladdr.

Potentially this could have been triggered by the introduction of
ND6_LLINFO_PURGE in nd6.c r1.143 but also by the re-introduction of
ND6_LLINFO_INCOMPLETE in nd6.c r1.263.
Depending on the timing, it's technically possible to receive such
a message after the llentry is created with ND6_LLINFO_NOSTATE.

Ironically NetBSD-8 and older are not affected because the KASSERT logic is 
inverted - if we have a lladddr, ln_state MUST be > ND6_LLINFO_INCOMPLETE.
However, ln_state is still set incorrectly which *might* affect things elsewhere.

I've submitted a pullup for -9 already.

Roy