From ff4c6c33e8669d6298bddb6f1a7d278cab70f8f3 Mon Sep 17 00:00:00 2001
From: anjiahao <anjiahao@xiaomi.com>
Date: Mon, 1 Apr 2024 17:42:05 +0800
Subject: [PATCH] usbdev:fix usbdev usbdev_fs_classuninitialize double free

Signed-off-by: anjiahao <anjiahao@xiaomi.com>
---
 drivers/usbdev/usbdev_fs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/usbdev/usbdev_fs.c b/drivers/usbdev/usbdev_fs.c
index f94f880dfd..65ffdc5d39 100644
--- a/drivers/usbdev/usbdev_fs.c
+++ b/drivers/usbdev/usbdev_fs.c
@@ -83,6 +83,7 @@ struct usbdev_fs_dev_s
   uint8_t                     config;
   struct usbdev_devinfo_s     devinfo;
   FAR struct usbdev_fs_ep_s  *eps;
+  bool                        uninitialized;
 };
 
 struct usbdev_fs_driver_s
@@ -528,7 +529,7 @@ static int usbdev_fs_close(FAR struct file *filep)
             }
         }
 
-      if (do_free)
+      if (do_free && fs->uninitialized)
         {
           FAR struct usbdev_fs_driver_s *alloc = container_of(
                        fs, FAR struct usbdev_fs_driver_s, dev);
@@ -1409,6 +1410,7 @@ void usbdev_fs_classuninitialize(FAR struct usbdevclass_driver_s *classdev)
   FAR struct usbdev_fs_dev_s *fs = &alloc->dev;
   int i;
 
+  fs->uninitialized = true;
   for (i = 0; i < fs->devinfo.nendpoints; i++)
     {
       if (fs->eps != NULL && fs->eps[i].crefs > 0)