==================================================================
BUG: KASAN: use-after-free in ds_probe+0x5ff/0x750
Read of size 1 at addr ffff8881ce0c81a2 by task kworker/1:0/9574

CPU: 1 PID: 9574 Comm: kworker/1:0 Not tainted 5.1.0-rc3+ #7
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usb_hub_wq hub_event
Call Trace:
 dump_stack+0xca/0x13e
 print_address_description+0x67/0x231
 kasan_report.cold+0x1a/0x35
 ds_probe+0x5ff/0x750
 usb_probe_interface+0x30d/0x7b0
 really_probe+0x296/0x680
 driver_probe_device+0xf9/0x200
 __device_attach_driver+0x1c4/0x230
 bus_for_each_drv+0x15e/0x1e0
 __device_attach+0x21e/0x360
 bus_probe_device+0x1ec/0x2a0
 device_add+0xaf4/0x1700
 usb_set_configuration+0xdf2/0x1670
 generic_probe+0x9d/0xd5
 usb_probe_device+0xa8/0x110
 really_probe+0x296/0x680
 driver_probe_device+0xf9/0x200
 __device_attach_driver+0x1c4/0x230
 bus_for_each_drv+0x15e/0x1e0
 __device_attach+0x21e/0x360
 bus_probe_device+0x1ec/0x2a0
 device_add+0xaf4/0x1700
 usb_new_device.cold+0x8b8/0x1030
 hub_event+0x1ac9/0x35a0
 process_one_work+0x90a/0x1580
 worker_thread+0x96/0xe20
 kthread+0x30e/0x420
 ret_from_fork+0x3a/0x50

Allocated by task 4683:
 __kasan_kmalloc.constprop.0+0xbf/0xd0
 __get_vm_area_node+0x128/0x3a0
 __vmalloc_node_range+0xe5/0x790
 vzalloc+0x67/0x80
 alloc_counters.isra.0+0x50/0x540
 do_ipt_get_ctl+0x4b8/0x880
 nf_getsockopt+0x78/0xd0
 ip_getsockopt+0x165/0x1c0
 tcp_getsockopt+0x8c/0xd0
 __sys_getsockopt+0x13a/0x210
 __x64_sys_getsockopt+0xba/0x150
 do_syscall_64+0xbd/0x500
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 4683:
 __kasan_slab_free+0x130/0x180
 kfree+0xd7/0x290
 __vunmap+0x330/0x420
 __vfree+0x3c/0xd0
 vfree+0x5a/0x90
 do_ipt_get_ctl+0x69a/0x880
 nf_getsockopt+0x78/0xd0
 ip_getsockopt+0x165/0x1c0
 tcp_getsockopt+0x8c/0xd0
 __sys_getsockopt+0x13a/0x210
 __x64_sys_getsockopt+0xba/0x150
 do_syscall_64+0xbd/0x500
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

The buggy address belongs to the object at ffff8881ce0c8180
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 34 bytes inside of
 64-byte region [ffff8881ce0c8180, ffff8881ce0c81c0)
The buggy address belongs to the page:
page:ffffea0007383200 count:1 mapcount:0 mapping:ffff8881dac03600 index:0x0
flags: 0x200000000000200(slab)
raw: 0200000000000200 dead000000000100 dead000000000200 ffff8881dac03600
raw: 0000000000000000 00000000802a002a 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8881ce0c8080: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
 ffff8881ce0c8100: fc fc fc fc 00 00 00 00 00 00 fc fc fc fc fc fc
>ffff8881ce0c8180: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
                               ^
 ffff8881ce0c8200: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb
 ffff8881ce0c8280: fc fc fc fc 00 00 00 00 00 00 fc fc fc fc fc fc
==================================================================