While playing with chromium u2f support[1] I managed to induce kernel crashes in filt_uhidrdetach. It takes a few attempts of plugging/unplugging the fido key while trying to authenticate at demo.yubico.com/playground. Eventually the kernel panics with this stack trace (retyped from [2]):
filt_uhidrdetach+0x33: movq 0x8(%rcx), rcx kqueue_close drop closef fdfree exit1 single_thread_check userret intr_user_exit The blunt patch below makes the kernel not crash and print the diagnostic message, but it's really crude because I don't know what I'm doing. diff --git a/sys/dev/usb/uhid.c b/sys/dev/usb/uhid.c index 9cadd22ad35..428b7a63770 100644 --- a/sys/dev/usb/uhid.c +++ b/sys/dev/usb/uhid.c @@ -441,7 +441,10 @@ filt_uhidrdetach(struct knote *kn) { struct uhid_softc *sc = (void *)kn->kn_hook; int s; - + if (SLIST_FIRST(&sc->sc_rsel.si_note) == NULL) { + printf("SLIST_FIRST is null\n"); + return; + } s = splusb(); SLIST_REMOVE(&sc->sc_rsel.si_note, kn, knote, kn_selnext); splx(s); Thanks Greg [1] https://marc.info/?l=openbsd-ports&m=157784078117717 [2] https://photos.app.goo.gl/9ZZhiHvMoYYYHDEx5 -- nest.cx is Gmail hosted, use PGP: https://pgp.key-server.io/0x0B1542BD8DF5A1B0 Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0