kern/53075: nd6_dad_duplicated gets called with NULL argument

[martin%NetBSD.org@localhost]

>Number:         53075
>Category:       kern
>Synopsis:       nd6_dad_duplicated gets called with NULL argument
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 06 19:25:00 +0000 2018
>Originator:     Martin Husemann
>Release:        NetBSD 8.99.12
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD night-owl.duskware.de 8.99.12 NetBSD 8.99.12 (NIGHT-OWL) #586: Tue Mar 6 20:09:36 CET 2018 martin%night-owl.duskware.de@localhost:/usr/src/sys/arch/amd64/compile/NIGHT-OWL amd64
Architecture: x86_64
Machine: amd64
>Description:

If I enable DAD (which is the default), I get an ~instant crash as soon
as my machine connects to a certain wlan.

I used to have DAD globally disabled for PR 48450 and only just enabled
it again to test Roy's DAD changes. This issue is older though.

>How-To-Repeat:
see above

>Fix:
This patch avoids the crash, but I haven't checked if this is a legitimate
call or caused by some other bug. And I don't know if just ignoring the
call is the right thing to do.


Index: nd6_nbr.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.150
diff -u -p -r1.150 nd6_nbr.c
--- nd6_nbr.c	6 Mar 2018 11:21:31 -0000	1.150
+++ nd6_nbr.c	6 Mar 2018 19:14:03 -0000
@@ -1385,11 +1385,15 @@ done:
 static void
 nd6_dad_duplicated(struct dadq *dp)
 {
-	struct ifaddr *ifa = dp->dad_ifa;
+	struct ifaddr *ifa;
 	struct in6_ifaddr *ia;
 	struct ifnet *ifp;
 	char ip6buf[INET6_ADDRSTRLEN];
 
+	if (dp == NULL)
+		return;
+
+	ifa = dp->dad_ifa;
 	KASSERT(mutex_owned(&nd6_dad_lock));
 	KASSERT(ifa != NULL);