On Wed, 06 May 2020 11:14:42 +0200 Oliver Neukum <oneukum@xxxxxxxx> wrote: > Very well. We are not going to find it without exceptional luck. Yet > there may be a real issue, too. We simply do not know. How about the > attached patch? > usblp_unlink_urbs(usblp); > mutex_unlock(&usblp->mut); > + usb_poison_anchored_urbs(&usblp->urbs); > > if (!usblp->used) > usblp_cleanup(usblp); This can't be right. Our URBs are freed by the callback, and this technique is not compatible with poisoning, at least with how the usb/core.c implements it. The usb_poison_urb() waits for URB to complete, and if the callback frees it, it's a problem. -- Pete