Prevents the same URB from being enqueued twice on the same endpoint,
which could lead to list corruption detected by list_debug.c.

This was observed in syzbot reports where URBs were re-submitted
before completion, triggering 'list_add double add' errors.

Adding a check to return if the URB is already on a queue
prevents this corruption.

Signed-off-by: vsshingne <vaibhavshingne66@gmail.com>
---
 drivers/usb/core/hcd.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index 87fcb78c34a8..66861f372daf 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1758,16 +1758,15 @@ void usb_hcd_giveback_urb(struct usb_hcd *hcd, struct urb *urb, int status)
 		pr_warn("usb: URB already linked to bh->head, skipping duplicate addition\n");
 		return;
 	}
-	
 	list_add_tail(&urb->urb_list, &bh->head);
 	running = bh->running;
 	spin_unlock(&bh->lock);
 
 	if (!running) {
-        	if (bh->high_prio)
-                	queue_work(system_bh_highpri_wq, &bh->bh);
-        	else
-        	        queue_work(system_bh_wq, &bh->bh);
+		if (bh->high_prio)
+			queue_work(system_bh_highpri_wq, &bh->bh);
+		else
+			queue_work(system_bh_wq, &bh->bh);
 	}
 }
 EXPORT_SYMBOL_GPL(usb_hcd_giveback_urb);
-- 
2.48.1

On Fri, Oct 31, 2025 at 07:20:32PM +0530, vsshingne wrote:
> Prevents the same URB from being enqueued twice on the same endpoint,
> which could lead to list corruption detected by list_debug.c.
> 
> This was observed in syzbot reports where URBs were re-submitted
> before completion, triggering 'list_add double add' errors.
> 
> Adding a check to return if the URB is already on a queue
> prevents this corruption.
> 
> Signed-off-by: vsshingne <vaibhavshingne66@gmail.com>
> ---
>  drivers/usb/core/hcd.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)

Please do not send patches multiple times, in invalid formats.