On 8/18/25 00:59, syzbot wrote: > Call Trace: > <IRQ> ... > spin_lock include/linux/spinlock.h:351 [inline] > __xfrm_state_delete+0xba/0xca0 net/xfrm/xfrm_state.c:818 > xfrm_timer_handler+0x18f/0xa00 net/xfrm/xfrm_state.c:716 > __run_hrtimer kernel/time/hrtimer.c:1761 [inline] > __hrtimer_run_queues+0x52c/0xc60 kernel/time/hrtimer.c:1825 > hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1842 > handle_softirqs+0x283/0x870 kernel/softirq.c:579 > __do_softirq kernel/softirq.c:613 [inline] > invoke_softirq kernel/softirq.c:453 [inline] > __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 > irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 > instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] > sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 >From that call trace, I'd suspect a deadlock from the xfrm code not releasing the lock somewhere, not x86 code. One thing that stands out is that of the ~20 or so uses of '->xfrm.xfrm_state_lock', the call site in the trace is the only one that uses spin_lock() instead of spin_lock_bh(). I didn't look at it for long, so maybe there's a good reason for it. But it did catch my eye.
