syzbot <syzbot+c0dc46208750f063d0e0@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141b4ba4580000 I'm not sure how this would even work. memcpy((void*)0x4000000001c0, "syz\000", 4); memcpy((void*)0x400000000480, "./file0\000", 8); memcpy((void*)0x4000000004c0, "9p\000", 3); memcpy((void*)0x400000000c00, "\x56\xc7\x8e\x3c\x73\x3d\x76\x69\x72\x74\x69\x6f\x2c\x6e\x6f\x65\x78" "\x74\x65\x6e\x64\x2c\x61\x63\x63\x81\x73\x73\x3d\x61\x6e\x79\x2c\x63" "\x61\x63\x68\x65\x3d\x66\x73\x63\x61\x63\x68\x65\x2c\x76\x65\x72\x73" "\x69\x6f\x6e\x3d\x39\x70\x32\x30\x30\x30\x2e\x75", 63); syscall(__NR_mount, /*src=*/0x4000000001c0ul, /*dst=*/0x400000000480ul, /*type=*/0x4000000004c0ul, /*flags=*/0ul, /*opts=*/0x400000000c00ul); The options string is rubbish: [pid 8084] mount("syz", "./file0", "9p", 0, "V\307\216<s=virtio,noextend,acc\201ss=any,cache=fscache,version=9p2000.u") = -1 EINVAL (Invalid argument) David
