[PATCH] usb: core: prevent double URB enqueue causing list corruption

[PATCH] usb: core: prevent double URB enqueue causing list corruption

[vsshingne]

Prevents the same URB from being enqueued twice on the same endpoint,
which could lead to list corruption detected by list_debug.c.

This was observed in syzbot reports where URBs were re-submitted
before completion, triggering 'list_add double add' errors.

Adding a check to return -EEXIST if the URB is already on a queue
prevents this corruption.

Signed-off-by: vsshingne <vaibhavshingne66@gmail.com>
---
 drivers/usb/core/hcd.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index 87fcb78c34a8..66861f372daf 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1758,16 +1758,15 @@ void usb_hcd_giveback_urb(struct usb_hcd *hcd, struct urb *urb, int status)
 		pr_warn("usb: URB already linked to bh->head, skipping duplicate addition\n");
 		return;
 	}
-	
 	list_add_tail(&urb->urb_list, &bh->head);
 	running = bh->running;
 	spin_unlock(&bh->lock);
 
 	if (!running) {
-        	if (bh->high_prio)
-                	queue_work(system_bh_highpri_wq, &bh->bh);
-        	else
-        	        queue_work(system_bh_wq, &bh->bh);
+		if (bh->high_prio)
+			queue_work(system_bh_highpri_wq, &bh->bh);
+		else
+			queue_work(system_bh_wq, &bh->bh);
 	}
 }
 EXPORT_SYMBOL_GPL(usb_hcd_giveback_urb);
-- 
2.48.1

[PATCH] usb: core: prevent double URB enqueue causing list corruption

[vsshingne]

Prevents the same URB from being enqueued twice on the same endpoint,
which could lead to list corruption detected by list_debug.c.

This was observed in syzbot reports where URBs were re-submitted
before completion, triggering 'list_add double add' errors.

Adding a check to return if the URB is already on a queue
prevents this corruption.

Signed-off-by: vsshingne <vaibhavshingne66@gmail.com>
---
 drivers/usb/core/hcd.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index 87fcb78c34a8..66861f372daf 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1758,16 +1758,15 @@ void usb_hcd_giveback_urb(struct usb_hcd *hcd, struct urb *urb, int status)
 		pr_warn("usb: URB already linked to bh->head, skipping duplicate addition\n");
 		return;
 	}
-	
 	list_add_tail(&urb->urb_list, &bh->head);
 	running = bh->running;
 	spin_unlock(&bh->lock);
 
 	if (!running) {
-        	if (bh->high_prio)
-                	queue_work(system_bh_highpri_wq, &bh->bh);
-        	else
-        	        queue_work(system_bh_wq, &bh->bh);
+		if (bh->high_prio)
+			queue_work(system_bh_highpri_wq, &bh->bh);
+		else
+			queue_work(system_bh_wq, &bh->bh);
 	}
 }
 EXPORT_SYMBOL_GPL(usb_hcd_giveback_urb);
-- 
2.48.1

Re: [PATCH] usb: core: prevent double URB enqueue causing list corruption

[Greg KH]

On Fri, Oct 31, 2025 at 07:17:39PM +0530, vsshingne wrote:
> Prevents the same URB from being enqueued twice on the same endpoint,
> which could lead to list corruption detected by list_debug.c.
> 
> This was observed in syzbot reports where URBs were re-submitted
> before completion, triggering 'list_add double add' errors.
> 
> Adding a check to return -EEXIST if the URB is already on a queue
> prevents this corruption.

This text makes no sense at all, it does not describe what this patch
does in any way.  Please do not use AI to generate patches.

greg k-h

Re: [PATCH] usb: core: prevent double URB enqueue causing list corruption

[Greg KH]

On Fri, Oct 31, 2025 at 07:20:32PM +0530, vsshingne wrote:
> Prevents the same URB from being enqueued twice on the same endpoint,
> which could lead to list corruption detected by list_debug.c.
> 
> This was observed in syzbot reports where URBs were re-submitted
> before completion, triggering 'list_add double add' errors.
> 
> Adding a check to return if the URB is already on a queue
> prevents this corruption.
> 
> Signed-off-by: vsshingne <vaibhavshingne66@gmail.com>
> ---
>  drivers/usb/core/hcd.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)

Please do not send patches multiple times, in invalid formats.

Re: [PATCH] usb: core: prevent double URB enqueue causing list corruption

[Alan Stern]

On Fri, Oct 31, 2025 at 02:59:07PM +0100, Greg KH wrote:
> On Fri, Oct 31, 2025 at 07:17:39PM +0530, vsshingne wrote:
> > Prevents the same URB from being enqueued twice on the same endpoint,
> > which could lead to list corruption detected by list_debug.c.
> > 
> > This was observed in syzbot reports where URBs were re-submitted
> > before completion, triggering 'list_add double add' errors.
> > 
> > Adding a check to return -EEXIST if the URB is already on a queue
> > prevents this corruption.
> 
> This text makes no sense at all, it does not describe what this patch
> does in any way.  Please do not use AI to generate patches.

In fact, the patch doesn't do _anything_ (except maybe change some 
whitespace).  And it does not apply to any recent kernel source.

Alan Stern

Re: [PATCH] usb: core: prevent double URB enqueue causing list corruption

[Shuah Khan]

On 10/31/25 08:13, Alan Stern wrote:
> On Fri, Oct 31, 2025 at 02:59:07PM +0100, Greg KH wrote:
>> On Fri, Oct 31, 2025 at 07:17:39PM +0530, vsshingne wrote:
>>> Prevents the same URB from being enqueued twice on the same endpoint,
>>> which could lead to list corruption detected by list_debug.c.
>>>
>>> This was observed in syzbot reports where URBs were re-submitted
>>> before completion, triggering 'list_add double add' errors.
>>>
>>> Adding a check to return -EEXIST if the URB is already on a queue
>>> prevents this corruption.
>>
>> This text makes no sense at all, it does not describe what this patch
>> does in any way.  Please do not use AI to generate patches.
> 
> In fact, the patch doesn't do _anything_ (except maybe change some
> whitespace).  And it does not apply to any recent kernel source.
> 

Agree - this patch does nothing. Looks like the patch isn't sent
to right people either.

This person happens to be in the mentorship program - I will make
sure they won't send such patches in the future.

thanks,
-- Shuah