media: uvcvideo: Fix access to uninitialized fields on probe error

[ Upstream commit 11a087f484bf15ff65f0a9f277aa5a61fd07ed2a ]

We need to check whether this work we are canceling actually is
initialized.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: syzbot+2e1ef9188251d9cc7944@syzkaller.appspotmail.com
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
index 467b1dd..f285433 100644 (file)
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -2350,7 +2350,9 @@ void uvc_ctrl_cleanup_device(struct uvc_device *dev)
        struct uvc_entity *entity;
        unsigned int i;
 
-       cancel_work_sync(&dev->async_ctrl.work);
+       /* Can be uninitialized if we are aborting on probe error. */
+       if (dev->async_ctrl.work.func)
+               cancel_work_sync(&dev->async_ctrl.work);
 
        /* Free controls and control mappings for all entities. */
        list_for_each_entry(entity, &dev->entities, list) {