Or does this have nothing to do with ptm, but dup2 broken when it was unlocked?
Martin Pieuchot <[email protected]> wrote: > Program below is the smaller version of a syzkaller report [0]. After > running it one is left without usable console. A second execution will > make openpty(3) pick a different "/dev/tty*" node: > > 50361 crash CALL ioctl(3,PTMGET,0x7f7ffffeda80) > 50361 crash NAMI "/dev/ptypd" > 50361 crash NAMI "/dev/ttypd" > 50361 crash NAMI "/dev/ttypd" > 50361 crash RET ioctl 0 > > After some more tries: > > 65559 crash CALL ioctl(3,PTMGET,0x7f7ffffc36a0) > 65559 crash NAMI "/dev/ptypm" > 65559 crash NAMI "/dev/ttypm" > 65559 crash NAMI "/dev/ttypm" > 65559 crash RET ioctl 0 > > [0] > https://syzkaller.appspot.com/bug?id=a74718ca902617e6aa7327aa008b25844eccf2d3 > > ----- crash.c ----- > > #include <unistd.h> > #include <util.h> > > int > main(void) > { > char garbage[100]; > int master, slave; > > if (openpty(&master, &slave, NULL, NULL, NULL) == -1) > return -1; > if (dup2(master, master + 100) != -1) > close(master); > > write(slave, garbage, 99); > > return 0; > } >
