From mboxrd@z Thu Jan 1 00:00:00 1970 From: Oliver Neukum Subject: Re: Possible double-free in the usbnet driver Date: Fri, 04 Mar 2016 23:42:22 +0100 Message-ID: <1457131342.8935.2.camel@suse.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: Linus Torvalds , Dmitry Vyukov , Alexander Potapenko , Kostya Serebryany , Greg Kroah-Hartman , USB list , Network Development To: Andrey Konovalov Return-path: In-Reply-To: Sender: linux-usb-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: netdev.vger.kernel.org On Sat, 2016-03-05 at 01:26 +0300, Andrey Konovalov wrote: > and when I run the vm and connect the device I get: > > [ 23.672662] cdc_ncm 1-1:1.6: bind() failure > [ 23.673447] usbnet_probe(): freeing netdev: ffff88006ab48000 > [ 23.675822] usbnet_probe(): freeing netdev: ffff88006ab48000 > > So this seems to be a double-free (or at least a double free_netdev() > call), but the object gets freed twice from usbnet_probe() and not > from usbnet_disconnect(), so you're right that the latter doesn't get > called. I'm not sure how usbnet_probe() ends up being called twice. Do you have lsusb? Regards Oliver -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html