The driver can call rtw_addbareq_cmd() from an interrupt routine. resulting in the following splat: [21760.582207] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:201 [21760.582219] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/0 [21760.582224] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G C O 5.14.0-rc2-00135-g774ba5f0db67 #3 [21760.582228] Hardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014 [21760.582230] Call Trace: [21760.582232] <IRQ> [21760.582233] dump_stack_lvl+0x34/0x44 [21760.582245] ? rtw_addbareq_cmd+0x2a/0xba [r8188eu] [21760.582306] ___might_sleep.cold+0x88/0x95 [21760.582311] kmem_cache_alloc_trace+0x25a/0x2d0 [21760.582315] rtw_addbareq_cmd+0x2a/0xba [r8188eu] [21760.582368] rtw_issue_addbareq_cmd+0xda/0x17f [r8188eu] [21760.582404] rtw_dump_xframe+0xa6/0x266 [r8188eu] [21760.582433] xmitframe_direct+0x40/0x57 [r8188eu] [21760.582459] pre_xmitframe+0x72/0x110 [r8188eu] [21760.582485] rtl8188eu_hal_xmit+0xa/0xb [r8188eu] [21760.582508] rtw_hal_xmit+0x1b/0x1c [r8188eu] [21760.582539] rtw_xmit+0xd6/0x1cb [r8188eu] [21760.582564] rtw_xmit_entry+0xe4/0x1d2 [r8188eu] [21760.582584] xmit_one.constprop.0+0x98/0x170 [21760.582588] dev_hard_start_xmit+0x40/0x90 [21760.582591] sch_direct_xmit+0xfa/0x230 [21760.582596] __dev_xmit_skb+0x27c/0x530 [21760.582598] __dev_queue_xmit+0x327/0x4e0 [21760.582602] ip_finish_output2+0x279/0x5c0 [21760.582605] __ip_queue_xmit+0x167/0x3f0 [21760.582607] __tcp_transmit_skb+0x4ff/0x9a0 [21760.582610] tcp_rcv_established+0x5c1/0x6f0 [21760.582613] tcp_v4_do_rcv+0x13e/0x240 [21760.582616] tcp_v4_rcv+0xbad/0xc70 [21760.582618] ? ip_rcv_finish_core.constprop.0+0x13c/0x2f0 [21760.582621] ip_protocol_deliver_rcu+0x30/0x1f0 [21760.582623] ip_local_deliver_finish+0x4b/0x60 [21760.582625] __netif_receive_skb_one_core+0x63/0x90 [21760.582628] process_backlog+0x8f/0x140 [21760.582631] __napi_poll+0x2e/0x180 [21760.582634] net_rx_action+0x11b/0x260 [21760.582637] __do_softirq+0xcb/0x2f5 [21760.582640] irq_exit_rcu+0x9e/0xc0 [21760.582643] common_interrupt+0x83/0xa0 [21760.582647] </IRQ> [21760.582647] asm_common_interrupt+0x1e/0x40 [21760.582650] RIP: 0010:cpuidle_enter_state+0xdf/0x5c0 [21760.582655] Code: 49 89 c6 0f 1f 44 00 00 31 ff e8 4c a1 98 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 10 03 00 00 31 ff e8 d5 73 9f ff fb 45 85 ed <0f> 88 59 01 00 00 4d 63 e5 49 83 fc 09 0f 87 05 04 00 00 4b 8d 04 Fix by changing kmalloc() flags argument from GFP_KERNEL to GFP_ATOMIC. Signed-off-by: Larry Finger <Larry.Finger@xxxxxxxxxxxx> --- drivers/staging/r8188eu/core/rtw_cmd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/r8188eu/core/rtw_cmd.c b/drivers/staging/r8188eu/core/rtw_cmd.c index 0302aa101de6..159346d97110 100644 --- a/drivers/staging/r8188eu/core/rtw_cmd.c +++ b/drivers/staging/r8188eu/core/rtw_cmd.c @@ -1240,13 +1240,13 @@ u8 rtw_addbareq_cmd(struct adapter *padapter, u8 tid, u8 *addr) struct addBaReq_parm *paddbareq_parm; u8 res = _SUCCESS; - ph2c = kzalloc(sizeof(struct cmd_obj), GFP_KERNEL); + ph2c = kzalloc(sizeof(struct cmd_obj), GFP_ATOMIC); if (ph2c == NULL) { res = _FAIL; goto exit; } - paddbareq_parm = kzalloc(sizeof(struct addBaReq_parm), GFP_KERNEL); + paddbareq_parm = kzalloc(sizeof(struct addBaReq_parm), GFP_ATOMIC); if (paddbareq_parm == NULL) { kfree(ph2c); res = _FAIL; -- 2.32.0