We're holding a spinlock here so we can't do sleeping allocations. The call tree is: rtw_sta_flush() <-- takes spin_lock_bh(&pstapriv->asoc_list_lock); --> ap_free_sta() --> rtw_clearstakey_cmd() Originally these calls were rtw_zmalloc() and then we switched them to kzalloc() in fadbe0cd5292 ('staging: rtl8188eu:Remove rtw_zmalloc(), wrapper for kzalloc()') and that made the bugs show up for my static checker. The original code was buggy as well but my static checker couldn't parse it. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> diff --git a/drivers/staging/rtl8188eu/core/rtw_cmd.c b/drivers/staging/rtl8188eu/core/rtw_cmd.c index aeaa873..1222b9b 100644 --- a/drivers/staging/rtl8188eu/core/rtw_cmd.c +++ b/drivers/staging/rtl8188eu/core/rtw_cmd.c @@ -1106,20 +1106,20 @@ u8 rtw_clearstakey_cmd(struct adapter *padapter, u8 *psta, u8 entry, u8 enqueue) if (!enqueue) { clear_cam_entry(padapter, entry); } else { - ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL); + ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC); if (ph2c == NULL) { res = _FAIL; goto exit; } - psetstakey_para = kzalloc(sizeof(struct set_stakey_parm), GFP_KERNEL); + psetstakey_para = kzalloc(sizeof(struct set_stakey_parm), GFP_ATOMIC); if (psetstakey_para == NULL) { kfree(ph2c); res = _FAIL; goto exit; } - psetstakey_rsp = kzalloc(sizeof(struct set_stakey_rsp), GFP_KERNEL); + psetstakey_rsp = kzalloc(sizeof(struct set_stakey_rsp), GFP_ATOMIC); if (psetstakey_rsp == NULL) { kfree(ph2c); kfree(psetstakey_para); -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html