usbip: fix NULL pointer dereference on errors

#define STUB_BUSID_ALLOC 3

struct stub_device {

	struct usb_interface *interface;

	struct usb_device *udev;

	struct usbip_device ud;

	dev_dbg(&udev->dev, "device reset");

	ret = usb_lock_device_for_reset(udev, sdev->interface);

	ret = usb_lock_device_for_reset(udev, NULL);

	if (ret < 0) {

		dev_err(&udev->dev, "lock for reset\n");

		spin_lock_irq(&ud->lock);

/**

 * stub_device_alloc - allocate a new stub_device struct

 * @interface: usb_interface of a new device

 * @udev: usb_device of a new device

 *

 * Allocates and initializes a new stub_device struct.

 */

	dev_info(&urb->dev->dev, "usb_queue_reset_device\n");

	/*

	 * With the implementation of pre_reset and post_reset the driver no

	 * longer unbinds. This allows the use of synchronous reset.

	 */

	if (usb_lock_device_for_reset(sdev->udev, sdev->interface) < 0) {

	if (usb_lock_device_for_reset(sdev->udev, NULL) < 0) {

		dev_err(&urb->dev->dev, "could not obtain lock to reset device\n");

		return 0;

	}

	priv = kmem_cache_zalloc(stub_priv_cache, GFP_ATOMIC);

	if (!priv) {

		dev_err(&sdev->interface->dev, "alloc stub_priv\n");

		dev_err(&sdev->udev->dev, "alloc stub_priv\n");

		spin_unlock_irqrestore(&sdev->priv_lock, flags);

		usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC);

		return NULL;

	else

		ep = udev->ep_out[epnum & 0x7f];

	if (!ep) {

		dev_err(&sdev->interface->dev, "no such endpoint?, %d\n",

		dev_err(&sdev->udev->dev, "no such endpoint?, %d\n",

			epnum);

		BUG();

	}

	}

	/* NOT REACHED */

	dev_err(&sdev->interface->dev, "get pipe, epnum %d\n", epnum);

	dev_err(&sdev->udev->dev, "get pipe, epnum %d\n", epnum);

	return 0;

}

		priv->urb = usb_alloc_urb(0, GFP_KERNEL);

	if (!priv->urb) {

		dev_err(&sdev->interface->dev, "malloc urb\n");

		dev_err(&udev->dev, "malloc urb\n");

		usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC);

		return;

	}

	priv->urb->setup_packet = kmemdup(&pdu->u.cmd_submit.setup, 8,

					  GFP_KERNEL);

	if (!priv->urb->setup_packet) {

		dev_err(&sdev->interface->dev, "allocate setup_packet\n");

		dev_err(&udev->dev, "allocate setup_packet\n");

		usbip_event_add(ud, SDEV_EVENT_ERROR_MALLOC);

		return;

	}

		usbip_dbg_stub_rx("submit urb ok, seqnum %u\n",

				  pdu->base.seqnum);

	else {

		dev_err(&sdev->interface->dev, "submit_urb error, %d\n", ret);

		dev_err(&udev->dev, "submit_urb error, %d\n", ret);

		usbip_dump_header(pdu);

		usbip_dump_urb(priv->urb);

			}

			if (txsize != sizeof(pdu_header) + urb->actual_length) {

				dev_err(&sdev->interface->dev,

				dev_err(&sdev->udev->dev,

					"actual length of urb %d does not match iso packet sizes %zu\n",

					urb->actual_length,

					txsize-sizeof(pdu_header));

		ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg,

						iov,  iovnum, txsize);

		if (ret != txsize) {

			dev_err(&sdev->interface->dev,

			dev_err(&sdev->udev->dev,

				"sendmsg failed!, retval %d for %zd\n",

				ret, txsize);

			kfree(iov);

		ret = kernel_sendmsg(sdev->ud.tcp_socket, &msg, iov,

				     1, txsize);

		if (ret != txsize) {

			dev_err(&sdev->interface->dev,

			dev_err(&sdev->udev->dev,

				"sendmsg failed!, retval %d for %zd\n",

				ret, txsize);

			usbip_event_add(&sdev->ud, SDEV_EVENT_ERROR_TCP);