I am seeing dhcpd die handling a DHCPDISCOVER packet.  This is tantalizingly
close to, but not quite the same as, PR bin/12070 (where it used to die on
a DHCPREQUEST).  The proximate cause of the crash is that the lease structure
has a null uid field, which is used as a pointer to a string in a hash
routine.  I haven't yet worked out how the uid pointer failed to get set to
something useful (even though the uid_len field says that the data not being
pointed to is 14 bytes long...).

I will send-pr this, but maybe someone else has been looking into this and
already has an answer.  (Oh, I first spotted the problem with the most
recent snapshot, but it happens even with today's sources.)