The following sequence of commands was triggering a kernel crash in
cdev_get():

 modprobe cx231xx
 rmmod cx231xx
 modprobe cx231xx
 v4l2grab -n 1

The problem was that cx231xx_usb_disconnect() was not doing anything
because the test:

	if (!dev->udev)
		return;

was reached (i.e, dev->udev was NULL).

This is due to the fact that the 'dev' pointer placed as intfdata into
the usb_interface structure had the wrong value, because
cx231xx_probe() was doing the usb_set_intfdata() on the wrong
usb_interface structure. For some reason, cx231xx_probe() was doing
the following:

static int cx231xx_usb_probe(struct usb_interface *interface,
			     const struct usb_device_id *id)
{
        struct usb_interface *lif = NULL;
	[...]
        /* store the current interface */
        lif = interface;
	[...]
        /* store the interface 0 back */
        lif = udev->actconfig->interface[0];
	[...]
	usb_set_intfdata(lif, dev);
	[...]
	retval = v4l2_device_register(&interface->dev, &dev->v4l2_dev);
	[...]
}

So, the usb_set_intfdata() was done on udev->actconfig->interface[0]
and not on the 'interface' passed as argument to the ->probe() and
->disconnect() hooks. Later on, v4l2_device_register() was
initializing the intfdata of the correct usb_interface structure as a
pointer to the v4l2_device structure.

Upon unregistration, the ->disconnect() hook was getting the intfdata
of the usb_interface passed as argument... and casted it to a 'struct
cx231xx *' while it was in fact a 'struct v4l2_device *'.

The correct fix seems to just be to set the intfdata on the proper
interface from the beginning. Now, loading/unloading/reloading the
driver allows to use the device properly.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>