On 09/04/20(Thu) 20:07, Vitaliy Makkoveev wrote: > usb_detach_wait() will simply wait usb_detach_wakeup() for 60 sec. So > ugen_detach() will continue to destroy device context before threads > finish their io.
Is it a theory or is it a fact? If it's a theory how can one be sure the proposed changed doesn't harm more than the current behavior? Don't get me wrong, this code has certainly a lot of bugs, but without a reproducer it will be difficult to fix it in a simple and durable way. Maybe you look into fuzzing with syzkaller, anton@ might help you getting started.
