This series fixes a use-after-free bug introduced by a recent disconnect-deadlock fix that was reported by syzbot. Turns out there was already a related bug in the driver, and the first patch addresses both issues.
While looking at the code I found two more use-after-free bugs, which the next two patches fix. The next two clean up the driver by dropping two redundant locks. Tested using a mockup device. Johan Johan Hovold (6): USB: iowarrior: fix use-after-free on disconnect USB: iowarrior: fix use-after-free on release USB: iowarrior: fix use-after-free after driver unbind USB: iowarrior: drop redundant disconnect mutex USB: iowarrior: drop redundant iowarrior mutex USB: iowarrior: use pr_err() drivers/usb/misc/iowarrior.c | 48 +++++++++++------------------------- 1 file changed, 15 insertions(+), 33 deletions(-) -- 2.23.0
