Hi, On Sat, Jul 23, 2022 at 09:58:09AM +0800, Duoming Zhou wrote: > There are sleep in atomic context bugs in timer handlers of sctp > such as sctp_generate_t3_rtx_event(), sctp_generate_probe_event(), > sctp_generate_t1_init_event(), sctp_generate_timeout_event(), > sctp_generate_t3_rtx_event() and so on. > > The root cause is sctp_sched_prio_init_sid() with GFP_KERNEL parameter > that may sleep could be called by different timer handlers which is in > interrupt context. > > One of the call paths that could trigger bug is shown below: > > (interrupt context) > sctp_generate_probe_event > sctp_do_sm > sctp_side_effects > sctp_cmd_interpreter > sctp_outq_teardown > sctp_outq_init This sequence is odd but it is used when handling dup cookies. It tears down whatever was in there and re-inits it. With that, Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx> > sctp_sched_set_sched > n->init_sid(..,GFP_KERNEL) > sctp_sched_prio_init_sid //may sleep
