> The put_device(&epc->dev) call will trigger pci_epc_release() which > frees "epc" so the kfree(epc) on the next line is a double free. See also: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.13-rc5#n94 > Found by code review. Would you become interested to check how many similar control flows can still be detected by the means of automated advanced source code analyses? Regards, Markus
