[syzbot] [media?] [usb?] memory leak in v4l2_ctrl_handler_init_class (3)
2 views
Skip to first unread message
syzbot
May 7, 2026, 7:35:23 PM (6 hours ago) May 7
to linux-...@vger.kernel.org, linux...@vger.kernel.org, linu...@vger.kernel.org, mch...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5862221fdded Merge tag 'parisc-for-7.1-rc3' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15dfcd06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c47d4d4befc65788
dashboard link: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=170a6636580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13dfcd06580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8afd44b99460/disk-5862221f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/488628808019/vmlinux-5862221f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/92718d825f82/bzImage-5862221f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b1de0d...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888106b17248 (size 8):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 8 bytes):
00 c7 2b 2b 81 88 ff ff ..++....
backtrace (crc d625c37c):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_handler_init_class+0x59/0x90 drivers/media/v4l2-core/v4l2-ctrls-core.c:1728
msi2500_probe+0x2a9/0x390 drivers/media/usb/msi2500/msi2500.c:1248
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
usb_probe_device+0x78/0x1f0 drivers/usb/core/driver.c:291
BUG: memory leak
unreferenced object 0xffff888129cfe400 (size 256):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 32 bytes):
58 f7 2c 13 81 88 ff ff 58 f7 2c 13 81 88 ff ff X.,.....X.,.....
10 e4 cf 29 81 88 ff ff 10 e4 cf 29 81 88 ff ff ...).......)....
backtrace (crc 9e26d735):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_new+0x2bb/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2139
v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
BUG: memory leak
unreferenced object 0xffff88812b2bc840 (size 64):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 32 bytes):
00 c8 2b 2b 81 88 ff ff 68 f7 2c 13 81 88 ff ff ..++....h.,.....
00 00 00 00 00 00 00 00 00 e4 cf 29 81 88 ff ff ...........)....
backtrace (crc 7d5214ee):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
handler_new_ref+0xd9/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1882
v4l2_ctrl_new+0x69e/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2222
v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
BUG: memory leak
unreferenced object 0xffff88812b2bc800 (size 64):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 32 bytes):
c0 c7 2b 2b 81 88 ff ff 40 c8 2b 2b 81 88 ff ff ..++....@.++....
40 c8 2b 2b 81 88 ff ff 00 ea cf 29 81 88 ff ff @.++.......)....
backtrace (crc 63c3c8c3):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
handler_new_ref+0xd9/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1882
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 5862221fdded Merge tag 'parisc-for-7.1-rc3' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15dfcd06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c47d4d4befc65788
dashboard link: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=170a6636580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13dfcd06580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8afd44b99460/disk-5862221f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/488628808019/vmlinux-5862221f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/92718d825f82/bzImage-5862221f.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b1de0d...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888106b17248 (size 8):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 8 bytes):
00 c7 2b 2b 81 88 ff ff ..++....
backtrace (crc d625c37c):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_handler_init_class+0x59/0x90 drivers/media/v4l2-core/v4l2-ctrls-core.c:1728
msi2500_probe+0x2a9/0x390 drivers/media/usb/msi2500/msi2500.c:1248
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
usb_probe_device+0x78/0x1f0 drivers/usb/core/driver.c:291
BUG: memory leak
unreferenced object 0xffff888129cfe400 (size 256):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 32 bytes):
58 f7 2c 13 81 88 ff ff 58 f7 2c 13 81 88 ff ff X.,.....X.,.....
10 e4 cf 29 81 88 ff ff 10 e4 cf 29 81 88 ff ff ...).......)....
backtrace (crc 9e26d735):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_new+0x2bb/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2139
v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
BUG: memory leak
unreferenced object 0xffff88812b2bc840 (size 64):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 32 bytes):
00 c8 2b 2b 81 88 ff ff 68 f7 2c 13 81 88 ff ff ..++....h.,.....
00 00 00 00 00 00 00 00 00 e4 cf 29 81 88 ff ff ...........)....
backtrace (crc 7d5214ee):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
handler_new_ref+0xd9/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1882
v4l2_ctrl_new+0x69e/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2222
v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
BUG: memory leak
unreferenced object 0xffff88812b2bc800 (size 64):
comm "kworker/1:8", pid 6017, jiffies 4294942650
hex dump (first 32 bytes):
c0 c7 2b 2b 81 88 ff ff 40 c8 2b 2b 81 88 ff ff ..++....@.++....
40 c8 2b 2b 81 88 ff ff 00 ea cf 29 81 88 ff ff @.++.......)....
backtrace (crc 63c3c8c3):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
kmalloc_noprof include/linux/slab.h:954 [inline]
kzalloc_noprof include/linux/slab.h:1188 [inline]
handler_new_ref+0xd9/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1882
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
May 7, 2026, 10:56:07 PM (3 hours ago) May 7
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject:
Author: daik...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject:
Author: daik...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
syzbot
May 7, 2026, 11:01:15 PM (3 hours ago) May 7
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: [PATCH] media: msi2500: fix memory leak in msi2500_probe error path
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Author: daik...@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
When video_register_device() fails in msi2500_probe(), the error path
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
jumps to err_unregister_v4l2_dev, which skips the call to
v4l2_ctrl_handler_free(). This leaks memory allocated by
v4l2_ctrl_handler_init() and v4l2_ctrl_add_handler().
Fix this by jumping to err_free_controls instead, which properly frees
the control handler before unregistering the v4l2 device.
Reported-by: syzbot+b1de0d...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa
Signed-off-by: Daiki Harada <daik...@gmail.com>
---
drivers/media/usb/msi2500/msi2500.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/msi2500/msi2500.c b/drivers/media/usb/msi2500/msi2500.c
index 1ff98956b680..76e1f2bfab0c 100644
--- a/drivers/media/usb/msi2500/msi2500.c
+++ b/drivers/media/usb/msi2500/msi2500.c
@@ -1265,7 +1265,7 @@ static int msi2500_probe(struct usb_interface *intf,
if (ret) {
dev_err(dev->dev,
"Failed to register as video device (%d)\n", ret);
- goto err_unregister_v4l2_dev;
+ goto err_free_controls;
}
dev_info(dev->dev, "Registered as %s\n",
video_device_node_name(&dev->vdev));
--
2.54.0
syzbot
May 7, 2026, 11:24:04 PM (3 hours ago) May 7
to daik...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in v4l2_ctrl_handler_init_class
BUG: memory leak
unreferenced object 0xffff888127f5d7b8 (size 8):
comm "kworker/1:1", pid 41, jiffies 4294945272
backtrace (crc f4c8de14):
comm "kworker/1:3", pid 5345, jiffies 4294945276
backtrace (crc c98a9e13):
comm "kworker/1:3", pid 5345, jiffies 4294945276
10 53 1a 28 81 88 ff ff 10 53 1a 28 81 88 ff ff .S.(.....S.(....
backtrace (crc 58363894):
comm "kworker/1:3", pid 5345, jiffies 4294945276
00 00 00 00 00 00 00 00 00 53 1a 28 81 88 ff ff .........S.(....
backtrace (crc ca953fb9):
unreferenced object 0xffff88812a2a3e40 (size 64):
comm "kworker/1:3", pid 5345, jiffies 4294945276
80 3e 2a 2a 81 88 ff ff 00 59 1a 28 81 88 ff ff .>**.....Y.(....
backtrace (crc 1280a325):
Tested on:
commit: 917719c4 Merge tag 'selinux-pr-20260507' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14a55f48580000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in v4l2_ctrl_handler_init_class
BUG: memory leak
unreferenced object 0xffff888127f5d7b8 (size 8):
comm "kworker/1:1", pid 41, jiffies 4294945272
hex dump (first 8 bytes):
00 38 e7 10 81 88 ff ff .8......
backtrace (crc f4c8de14):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_handler_init_class+0x59/0x90 drivers/media/v4l2-core/v4l2-ctrls-core.c:1728
msi2500_probe+0x2a9/0x390 drivers/media/usb/msi2500/msi2500.c:1248
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
usb_probe_device+0x78/0x1f0 drivers/usb/core/driver.c:291
BUG: memory leak
unreferenced object 0xffff888127f5d6f8 (size 8):
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_handler_init_class+0x59/0x90 drivers/media/v4l2-core/v4l2-ctrls-core.c:1728
msi2500_probe+0x2a9/0x390 drivers/media/usb/msi2500/msi2500.c:1248
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
usb_probe_device+0x78/0x1f0 drivers/usb/core/driver.c:291
BUG: memory leak
comm "kworker/1:3", pid 5345, jiffies 4294945276
hex dump (first 8 bytes):
40 3d 2a 2a 81 88 ff ff @=**....
backtrace (crc c98a9e13):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_handler_init_class+0x59/0x90 drivers/media/v4l2-core/v4l2-ctrls-core.c:1728
msi2500_probe+0x2a9/0x390 drivers/media/usb/msi2500/msi2500.c:1248
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
usb_probe_device+0x78/0x1f0 drivers/usb/core/driver.c:291
BUG: memory leak
unreferenced object 0xffff8881281a5300 (size 256):
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_handler_init_class+0x59/0x90 drivers/media/v4l2-core/v4l2-ctrls-core.c:1728
msi2500_probe+0x2a9/0x390 drivers/media/usb/msi2500/msi2500.c:1248
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
usb_probe_device+0x78/0x1f0 drivers/usb/core/driver.c:291
BUG: memory leak
comm "kworker/1:3", pid 5345, jiffies 4294945276
hex dump (first 32 bytes):
58 47 ec 10 81 88 ff ff 58 47 ec 10 81 88 ff ff XG......XG......
10 53 1a 28 81 88 ff ff 10 53 1a 28 81 88 ff ff .S.(.....S.(....
backtrace (crc 58363894):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_new+0x2bb/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2139
v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
BUG: memory leak
unreferenced object 0xffff88812a2a3e80 (size 64):
slab_post_alloc_hook mm/slub.c:4574 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
__do_kmalloc_node mm/slub.c:5294 [inline]
__kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
v4l2_ctrl_new+0x2bb/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2139
v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
call_driver_probe drivers/base/dd.c:631 [inline]
really_probe+0x12f/0x3a0 drivers/base/dd.c:709
__driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
__device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
__device_attach+0xf9/0x290 drivers/base/dd.c:1101
device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
device_add+0x99b/0xc70 drivers/base/core.c:3706
BUG: memory leak
comm "kworker/1:3", pid 5345, jiffies 4294945276
hex dump (first 32 bytes):
40 3e 2a 2a 81 88 ff ff 68 47 ec 10 81 88 ff ff @>**....hG......
00 00 00 00 00 00 00 00 00 53 1a 28 81 88 ff ff .........S.(....
backtrace (crc ca953fb9):
comm "kworker/1:3", pid 5345, jiffies 4294945276
hex dump (first 32 bytes):
00 3e 2a 2a 81 88 ff ff 80 3e 2a 2a 81 88 ff ff .>**.....>**....
80 3e 2a 2a 81 88 ff ff 00 59 1a 28 81 88 ff ff .>**.....Y.(....
backtrace (crc 1280a325):
commit: 917719c4 Merge tag 'selinux-pr-20260507' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14a55f48580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c47d4d4befc65788
dashboard link: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
Note: no patches were applied.
dashboard link: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syzbot
May 7, 2026, 11:49:07 PM (2 hours ago) May 7
to daik...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+b1de0d...@syzkaller.appspotmail.com
Tested-by: syzbot+b1de0d...@syzkaller.appspotmail.com
Tested on:
commit: 917719c4 Merge tag 'selinux-pr-20260507' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17655f48580000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+b1de0d...@syzkaller.appspotmail.com
Tested-by: syzbot+b1de0d...@syzkaller.appspotmail.com
Tested on:
commit: 917719c4 Merge tag 'selinux-pr-20260507' of git://git...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=c47d4d4befc65788
dashboard link: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch: https://syzkaller.appspot.com/x/patch.diff?x=16922d06580000
dashboard link: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages