Hi Andrey, Could you please try this patch? Thank you The device is typically freed on failure after trying to set USB interface0 to as5 in function au0828_analog_register. Fix use-after-free by returning the error value inmediately after failure, instead of jumping to au0828_usb_disconnect where _dev_ is also freed. Signed-off-by: Gustavo A. R. Silva <garsilva@xxxxxxxxxxxxxx> --- drivers/media/usb/au0828/au0828-core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/media/usb/au0828/au0828-core.c b/drivers/media/usb/au0828/au0828-core.c index cd363a2..b4abd90 100644 --- a/drivers/media/usb/au0828/au0828-core.c +++ b/drivers/media/usb/au0828/au0828-core.c @@ -630,7 +630,7 @@ static int au0828_usb_probe(struct usb_interface *interface, __func__); mutex_unlock(&dev->lock); kfree(dev); - goto done; + return retval; } /* Digital TV */ @@ -655,7 +655,6 @@ static int au0828_usb_probe(struct usb_interface *interface, retval = au0828_media_device_register(dev, usbdev); -done: if (retval < 0) au0828_usb_disconnect(interface); -- 2.7.4
