IPv6 locking crash (recursion)

[Brian F. Feldman]

Brian Fundakowski Feldman <green at FreeBSD.org> wrote:
> Has anyone else tried out the most basic IPv6 test: ndp -I <iface> and
> then ping6 fe80::<normal address without %<iface> extension>? I was
> greeted by recursion on a non-recursive lock. After some sleuthing,
> I tried to determine what conditions could be tested for that would
> indicate "this must not call the nd6_is_addr_neighbor() call because
> we're from a normal RTM_RESOLVE initializing a new route", and this
> is the most correct thing I can come up with. It actually would do
> something entirely different if recursion were allowed. Comments?
> 
> Index: nd6.c
> ===================================================================
> RCS file: /u/FreeBSD-cvs/src/sys/netinet6/nd6.c,v
> retrieving revision 1.37
> diff -u -r1.37 nd6.c
> --- nd6.c	8 Nov 2003 23:36:32 -0000	1.37
> +++ nd6.c	26 Nov 2003 13:45:45 -0000
> @@ -1095,7 +1095,8 @@
>  
>  	if (req == RTM_RESOLVE &&
>  	    (nd6_need_cache(ifp) == 0 || /* stf case */
> -	     !nd6_is_addr_neighbor((struct sockaddr_in6 *)rt_key(rt), ifp))) {
> +	    ((!(rt->rt_flags & RTF_WASCLONED) || rt->rt_flags & RTF_LLINFO) &&
> +	    !nd6_is_addr_neighbor((struct sockaddr_in6 *)rt_key(rt), ifp)))) {
>  		/*
>  		 * FreeBSD and BSD/OS often make a cloned host route based
>  		 * on a less-specific route (e.g. the default route).

Does anyone know anything about this yet??  I get the crash using completely 
legitimate methods, trying to receive packets that are directed explicitly to
ff02::1%wi0 via interface wi0, unless I enable this workaround.

-- 
Brian Fundakowski Feldman                           \'[ FreeBSD ]''''''''''\
  <> green at FreeBSD.org                               \  The Power to Serve! \
 Opinions expressed are my own.                       \,,,,,,,,,,,,,,,,,,,,,,\