Hi, If rt_ifa_addlocal() in in_ifinit() fails, the address has been added to the interface address list, but the local route is missing. This inconsistency can result in a panic later.
panic: kernel diagnostic assertion "ifa == rt->rt_ifa" failed: file "/crypt/home/bluhm/openbsd/cvs/src/sys/netinet/if_ether.c", line 206 I have seen this crash in production on a 5.9 system and could reproduce it on -current by inducing an error in rt_ifa_addlocal(). So in case of an error, remove the interface address to get a consistent state again. ok? bluhm Index: netinet/in.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in.c,v retrieving revision 1.130 diff -u -p -u -p -r1.130 in.c --- netinet/in.c 5 Dec 2016 15:31:43 -0000 1.130 +++ netinet/in.c 17 Dec 2016 01:27:30 -0000 @@ -603,7 +603,7 @@ in_ifinit(struct ifnet *ifp, struct in_i { u_int32_t i = sin->sin_addr.s_addr; struct sockaddr_in oldaddr; - int error = 0; + int error = 0, rterror; splsoftassert(IPL_SOFTNET); @@ -633,10 +633,16 @@ in_ifinit(struct ifnet *ifp, struct in_i * error occured, put back the original address. */ ifa_add(ifp, &ia->ia_ifa); - rt_ifa_addlocal(&ia->ia_ifa); + rterror = rt_ifa_addlocal(&ia->ia_ifa); if (error) goto out; + if (rterror) { + if (!newaddr) + ifa_del(ifp, &ia->ia_ifa); + error = rterror; + goto out; + } if (ia->ia_netmask == 0) { if (IN_CLASSA(i))