syzbot


panic: cap_rights_is_vset:LINE

Status: fixed on 2019/06/30 05:55
Reported-by: syzbot+ae359438769fda1840f8@syzkaller.appspotmail.com
Fix commit: 7c3703a69466 Use a consistent snapshot of the fd's rights in fget_mmap().
First crash: 1336d, last: 1336d
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
freebsd panic: cap_rights_is_vset:LINE (3) 1 1065d 1065d 2/2 fixed on 2020/03/20 00:05
freebsd panic: cap_rights_is_vset:LINE (2) 1 1256d 1256d 0/2 auto-closed as invalid on 2019/11/27 10:54

Sample crash report:
panic: cap_rights_is_vset:243
cpuid = 0
time = 1560188884
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame 0xfffffe001f6db6c0
vpanic() at vpanic+0x1e0/frame 0xfffffe001f6db720
panic() at panic+0x43/frame 0xfffffe001f6db780
__cap_rights_is_set() at __cap_rights_is_set+0x22d/frame 0xfffffe001f6db810
cap_rights_to_vmprot() at cap_rights_to_vmprot+0x2b/frame 0xfffffe001f6db840
fget_mmap() at fget_mmap+0xf3/frame 0xfffffe001f6db8b0
kern_mmap() at kern_mmap+0x86c/frame 0xfffffe001f6db950
sys_mmap() at sys_mmap+0x38/frame 0xfffffe001f6db980
amd64_syscall() at amd64_syscall+0x436/frame 0xfffffe001f6dbab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe001f6dbab0
--- syscall (198, FreeBSD ELF64, nosys), rip = 0x4131ba, rsp = 0x7fffdfffdf38, rbp = 0x6 ---
KDB: enter: panic
[ thread pid 958 tid 100350 ]
Stopped at      kdb_enter+0x6a: movq    $0,kdb_why

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-freebsd-main 2019/06/10 17:55 freebsd 50200ba575d0 0159583c console log report syz
ci-freebsd-i386 2019/06/10 19:57 freebsd 50200ba575d0 0159583c console log report syz
ci-freebsd-main 2019/06/10 17:15 freebsd 50200ba575d0 0159583c console log report
* Struck through repros no longer work on HEAD.