Check the return value of device_lookup_private against NULL.

Reported-by: syzbot+06561ba90b6e618ce6d0@syzkaller.appspotmail.com

sys/dev/fss.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: fss.c,v 1.109 2020/02/23 15:46:39 ad Exp $	*/
+/*	$NetBSD: fss.c,v 1.110 2020/12/26 14:50:50 nia Exp $	*/
 
 /*-
  * Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -36,7 +36,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fss.c,v 1.109 2020/02/23 15:46:39 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fss.c,v 1.110 2020/12/26 14:50:50 nia Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -240,6 +240,9 @@ fss_close(dev_t dev, int flags, int mode, struct lwp *l)
 	cfdata_t cf;
 	struct fss_softc *sc = device_lookup_private(&fss_cd, minor(dev));
 
+	if (sc == NULL)
+		return ENXIO;
+
 	mflag = (mode == S_IFCHR ? FSS_CDEV_OPEN : FSS_BDEV_OPEN);
 	error = 0;
 
@@ -283,6 +286,11 @@ fss_strategy(struct buf *bp)
 	const bool write = ((bp->b_flags & B_READ) != B_READ);
 	struct fss_softc *sc = device_lookup_private(&fss_cd, minor(bp->b_dev));
 
+	if (sc == NULL) {
+		bp->b_error = ENXIO;
+		goto done;
+	}
+
 	mutex_enter(&sc->sc_slock);
 
 	if (write || sc->sc_state != FSS_ACTIVE) {
@@ -303,7 +311,8 @@ fss_strategy(struct buf *bp)
 	return;
 
 done:
-	mutex_exit(&sc->sc_slock);
+	if (sc != NULL)
+		mutex_exit(&sc->sc_slock);
 	bp->b_resid = bp->b_bcount;
 	biodone(bp);
 }
@@ -333,6 +342,9 @@ fss_ioctl(dev_t dev, u_long cmd, void *data, int flag, struct lwp *l)
 	struct fss_get50 *fsg50 = (struct fss_get50 *)data;
 #endif
 
+	if (sc == NULL)
+		return ENXIO;
+
 	switch (cmd) {
 	case FSSIOCSET50:
 		fss = &_fss;