a95c0eef3a
has been changed from m0 to *mpp. But as *mpp has been set to NULL just before the call, we end up calling ether_output() with a NULL mbuf, leading to a NULL pointer dereference. Revert back to using m0 here. The issue show up when using 'return-rst' or 'return-icmp' in ipf6.conf. Problem discovered and fix tested on ftp.fr.netbsd.org.