From nobody Sat Feb 7 16:39:27 2026 Received: from mail-oa1-f70.google.com (mail-oa1-f70.google.com [209.85.160.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 984DC10FD for ; Sat, 3 Jan 2026 21:46:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.70 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767476798; cv=none; b=qhae9Te0niUsZ18upirsldVJ7RH5NP+kPxevzkH3HnjvEkTRqDiGf8HnrMwCk7XKf3FhxLAxQsLAZ0+1e8gwWLwPe7u9XuHxSFXkz9VyyYNA885xswRg95L4JwMRwsxmsbd31B/EhD7V180gobinvVDUyaxVgLPtAaC5lAdxFtg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767476798; c=relaxed/simple; bh=fkCVw0oFLP/zXJKNodifDejehYrqbop5G8jma2guo+s=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=WKwzWVi4qflwR1BSLjsGv42KhDZgsdn5IojztBaOGSUXYsh/6EP7LCF1rkUeH9B/wiO3EKuvbATv8rsaYE7MIKShgRJm7DX4GTDHy7CkninXYoUga8xpiwcUCJHyXMSzt1jCu/mIsPQnWKf8QYmN4vPQwMuXD8SomaKiBodFrvg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.160.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oa1-f70.google.com with SMTP id 586e51a60fabf-3e82af7316bso20812797fac.0 for ; Sat, 03 Jan 2026 13:46:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767476795; x=1768081595; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GxzwuiPZRsFVyuwuimUrBnTRPE40uLMgDC1zl9sA30w=; b=rj5KKvbJAABvL1n7295dlUJtZT5XeTa/dB/fu86iEQP4zXV3zSLQbA+fLhXNQWbbAt SB94YW4s1xZaJscQPHHD51j9cjNxUcqtvU2cfVe7GDsOhKPVN/4q1NtRrMfERRZFcZg5 eDv5eXdpsL0GIXXjODA7sEF+KbeqVKVLK/p/gkVkmCd25zPq0VVrjsAcDPdytkVTkt0r itAofAoWTnNovH2ZBvPKL14oTgoENQ7qn8b1yGwP56lFiygoJiGh1Ow6764Hr+i0h9Os zO0ekNx2rK/zq5Yf2BGtKTHab8IbxvzC4MMJDCKctoYt95Sf42QN9X7UMuc8xQKRByzd vVGA== X-Gm-Message-State: AOJu0YzWEBRTrmlbFy8wkJw57GA6m3Lm4I2KwfocfkdyxjoxeonhV65Z ulXBc+XuQnzYpHUZAnJYpmWsLoSRW3CJ5ve97xA62PAiTyMv8d/nvC8s4O8e7umfDV2QnFpCoS6 feIzWZf6/iqiF+NDQ9miB0R+KeTCxKSHfUxdmJ49Fvs8BWNu1R3nrryoJiI4= X-Google-Smtp-Source: AGHT+IFesl1v+FNb5FmXB+5npDUswa4yzUWkGbVySxoyG6rH1ySo3Un3qOYKKEDC53S7DTED2Tv4UibuJBEk0wwguxD6f42RUqgQ Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a4a:c104:0:b0:65c:fff0:818e with SMTP id 006d021491bc7-65d0eae44dbmr15701532eaf.63.1767476795505; Sat, 03 Jan 2026 13:46:35 -0800 (PST) Date: Sat, 03 Jan 2026 13:46:35 -0800 In-Reply-To: <671bc7a7.050a0220.455e8.022a.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69598e3b.050a0220.a1b6.0379.GAE@google.com> Subject: Forwarded: Re: [syzbot] [kvm?] WARNING in vcpu_run From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: Re: [syzbot] [kvm?] WARNING in vcpu_run Author: alessandro@0x65c.net #syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git = master From 2090baeb71f48c9ad62129bd457a2c3bb5f0ed55 Mon Sep 17 00:00:00 2001 From: Alessandro Ratti Date: Sat, 3 Jan 2026 22:01:32 +0100 Subject: [PATCH] KVM: x86: Handle -EBUSY from nested event check in vcpu_block() When a vCPU running in nested guest mode attempts to block (e.g. due to HLT), kvm_check_nested_events() may return -EBUSY to indicate that a nested event is pending but cannot be injected immediately, such as when event delivery is temporarily blocked in the guest. Currently, vcpu_block() treats this as a generic error and exits to userspace. This can cause the vCPU to repeatedly block without making forward progress, delaying nested event injection and potentially leading to guest hangs under rare timing conditions. Handle -EBUSY explicitly by returning to the vCPU run loop and retrying guest entry instead of blocking. This allows nested event delivery to complete once the temporary blocking condition clears. This issue was triggered by syzkaller during nested virtualization stress testing. Fixes: 45405155d876 ("KVM: x86: WARN if a vCPU gets a valid wakeup that KVM= can't yet inject") Reported-by: syzbot+1522459a74d26b0ac33a@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?id=3Db646ef310afe5b51ae0372e1de8f= dd68baad9eb5 Signed-off-by: Alessandro Ratti --- arch/x86/kvm/x86.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index ff8812f3a129..d5cf9a7ff8c5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -11596,7 +11596,15 @@ static inline int vcpu_block(struct kvm_vcpu *vcpu) if (is_guest_mode(vcpu)) { int r =3D kvm_check_nested_events(vcpu); =20 - WARN_ON_ONCE(r =3D=3D -EBUSY); + /* + * -EBUSY indicates a nested event is pending but cannot be + * injected immediately (e.g., event delivery is temporarily + * blocked). Return to the vCPU run loop to retry guest ent= ry + * instead of blocking, which would lose the pending event. + */ + if (r =3D=3D -EBUSY) + return 1; + if (r < 0) return 0; } --=20 2.52.0