[CONNECTOR]: Don't touch queue dev after decrement of ref count.

cn_queue_free_callback() will touch 'dev'(i.e. cbq->pdev), so it
should be called before atomic_dec(&dev->refcnt).

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/connector/cn_queue.c

@@ -99,8 +99,8 @@ int cn_queue_add_callback(struct cn_queue_dev *dev, char *name, struct cb_id *id
 	spin_unlock_bh(&dev->queue_lock);
 
 	if (found) {
-		atomic_dec(&dev->refcnt);
 		cn_queue_free_callback(cbq);
+		atomic_dec(&dev->refcnt);
 		return -EINVAL;
 	}