Interesting..

I don't know what link_reset does, but since it turns the carrier on it
seems like something that should be flushed/canceled when the device
goes down. unregister brings the device down under rtnl_lock.

On Fri, 28 Jan 2022 02:51:24 +0100 Jann Horn wrote:

Is the bug that usbnet_disconnect() should be stopping &dev->kevent
before calling unregister_netdev()?

I'd say not this one, I think the generally agreed on semantics are that
the netdev is under users control between register and unregister, we
should not cripple it before unregister.

Or is the bug that ax88179_link_reset() doesn't take some kind of lock
and re-check that the netdev is still alive?

That'd not be an uncommon way to fix this.. taking rtnl_lock, not even 
a driver lock in similar.

Or should netif_carrier_on() be doing that?
Or is it the responsibility of the linkwatch code to check whether the
netdev is already going away?

Possibly, although we don't do much in the way of defensive programming
in networking.