> By the way, is your analyzer not finding the issue that any call to > xhci_mem_cleanup() wakes up everybody waiting on the command queue and > then sets a bunch of things (including xhci->dcbaa) to NULL shortly > thereafter? This race looks like it shouldn't be harder to detect than > the things you are doing already. Actually, I think neither the above nor the issue you reported is a problem at all, because xhci_setup_device() checks if command->status is COMP_COMMAND_ABORTED and returns early in this case. At a quick glance, other command handlers do the same. This status code is always assigned by xhci_cleanup_command_queue(). Regards, Michal
