On Thu, Mar 21, 2019 at 09:17:34PM +0100, Martin Blumenstingl wrote: > Hello, > > I am experiencing the following crash: > ------------[ cut here ]------------ > kernel BUG at mm/slub.c:3950! if (unlikely(!PageSlab(page))) { BUG_ON(!PageCompound(page)); You called kfree() on the address of a page which wasn't allocated by slab. > I have traced this crash to the kfree() in meson_nfc_read_buf(). > my observation is as follows: > - meson_nfc_read_buf() is called 7 times without any crash, the > kzalloc() call returns 0xe9e6c600 (virtual address) / 0x29e6c600 > (physical address) > - the eight time meson_nfc_read_buf() is called kzalloc() call returns > 0xee39a38b (virtual address) / 0x2e39a38b (physical address) and the > final kfree() crashes > - changing the size in the kzalloc() call from PER_INFO_BYTE (= 8) to > PAGE_SIZE works around that crash I suspect you're doing something which corrupts memory. Overrunning the end of your allocation or something similar. Have you tried KASAN or even the various slab debugging (eg redzones)?