On 26/05/2018 11:29, Dmitry Vyukov wrote: > KASAN: stack-out-of-bounds Read in do_general_protection > KASAN: slab-out-of-bounds Read in vmx_vcpu_run > KASAN: use-after-scope Read in vmx_vcpu_run > KASAN: stack-out-of-bounds Write in notify_die > > See full info at: > https://syzkaller.appspot.com/bug?extid=a1264132fc103340628f > > > There seems to be 2 problems: > > 1. msr_write_intercepted doing something notoriously bad. The faulting line is msr_bitmap = to_vmx(vcpu)->loaded_vmcs->msr_bitmap; so I suppose to_vmx(vcpu)->loaded_vmcs is bogus? That seems like "just" a corruption of the struct kvm_vcpu, because the loaded_vmcs field is pointing elsewhere inside the same struct. Paolo
