From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AAF301F4C8E for ; Sun, 10 May 2026 01:58:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778378293; cv=none; b=PZBxXu2lt3vjHFssdyq5GcDudyv8lXUlmfk8leVaxGow+X3P2li6It55LLGM1CnKYeOnLwr1mEOMBnLowkFDeG5JXg+r45Qiy6TgxsOSsJKOgCsIb9OdRUaOuw6XHInumOx3GuxeLQAjMFLdOKkt/TU8rkEeXtBTScFABssyScE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778378293; c=relaxed/simple; bh=Jmc7FZyAV6btWZGl27ks6ZDZn+TGKGs6KfFTrlrQsJM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=bBr48iMb5rmMu/tG5ECSougzIweCEwf1Xq2yIuf8D1aEUZr+y7+4335gNCoI9G2JwQC4EA9XLZBVodFZtjlAvhmRG7GH5Q55IAKMIRyZninuJx3rul/OkFqnn92bFj+9Mw032DqvEBg74Ajuyfp4BNeZWInHTxYQ5tiz7dZRVwM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=J/aIZ5qt; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="J/aIZ5qt" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2bc763e2ba8so3918935ad.3 for ; Sat, 09 May 2026 18:58:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778378292; x=1778983092; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=bFO6dXimqUuV/KpPExekl81GojsLF7t8fm95Ox85qE8=; b=J/aIZ5qtJByRP4fde51zogoyvzAC6QuUIkqfsFH5nJJh9ZpdCa0/SPxZ2LoTQCenyJ hjDYAcst4YdmDws5m6cR3UiUknsr0fhVxrNcNaFENzP9xU4MSEcBYQrUBrBaSI9sDbds wuv+NV+nhfwgKXHRRR3E92S1pWSONE16AuiOGvSK6dfJ2BizQU8SuT6oEp8FncOceAp4 oI8N/1hX7C8H5Yq91WcurrJoSneZ6K8jutyauH9cOCeoOqbugOfSSam88ShnlCB8YbtC wXWUd06d4OTQvwXFthvVELhsOglhcHRVeY8+xJlJHWf54Zh2TV4s1CG+dnI3n43yKvW1 MZHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778378292; x=1778983092; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bFO6dXimqUuV/KpPExekl81GojsLF7t8fm95Ox85qE8=; b=iTBSmIGfF5F4YVIfK1xrqsJ56MDZDUqgh2HHQpAy0X9LCZCP46e/mcvXSfmgI5txTo +9IfRnOS008Gnpar5hINF3G44iXk67tjQhELbFQm4fqW6eLgNDXAKStYtQBGsCJchCN7 fQYdENtWcdmR56AZp3FEETR7jnlIMYPfexQIcXJGwVKV4MLo3fRM8KMT+/638vuvw0uk EVWAOWkNaxk+0s4HISpV/J2cvwi9EVXbA4ZXYZ/agQVOtF58SnSV9VijVP3lnI76EFEH Fmf+MfYxiTsMV33tsNyTEFFlIqwjhZdeBzHtVSHneKAsdGwAHO2F7eJIpXfNXz66DJ25 zXJw== X-Forwarded-Encrypted: i=1; AFNElJ8zQI5C8tjQez1ddl4bqK1NgDS+zTVP4lN5zTwyY0iHJ+fJ6jwGANWg0iKQuDgbN3I3q+eOFGhnPLtz62A=@vger.kernel.org X-Gm-Message-State: AOJu0Yw39OZrfXUqMMmgzHhftOuwUPy812NFRc06gXsNZDi8kgQEhq50 Qk+nT1UN7iRw+8zOHxpjX+/nVv15caeUshjpbBuOjjEwMiymJvuDpjwI X-Gm-Gg: Acq92OERJiIpwXhhKcuMzZRYZSS+5rOuKX6dYZ2udeVM86eS1gO324vK+TIbyNFrVEE Ecswl0thqw1+X0A9a6kdCJC344Xe3lNYxQmm0/7PDNtnNqn4v0dO2p9fGMU78bpKtrgmdNaq2Qv N5PowlnHyHkmAXiSrAliiKZOasyw58j/jiMgBDkTI5tUKj1ki3Jvm0n6H4OzVoHPyZzsONvfrrS VIJ5A9XayeUSKd0/SFgovmwPXgl/Efa0dA/f4SyJwC+y7HSsgTQzoQm0gr1/vz60EcLp7miHXHh 5f06w/xdqYVikDH1kG3qCcMil2SfvJxMVHph1cNs0RVxKLYQjj/fIOp2tO/j9zjaCMpJlV9GV/p BeE6uhLyrLA9+MmpF1tmb956vi+Dvv3KhMRp5LFuyT4vhBLv8Tl8PfUpiF1dYWemiuuXAXiE1gf mlydazFf3zoTfgamWMTjxYksjv0GlUChFRlLg65XVLDoRRKYe9nrkzBgRa8fycMNj2VJKs/Esow a6T9bWnROhhN67X2YEul78V8oY2kCcshmJZ7HZwXzC8axLjjInX4UMU X-Received: by 2002:a17:902:cf09:b0:2ba:73c4:4a77 with SMTP id d9443c01a7336-2ba792b02a4mr223006615ad.9.1778378291953; Sat, 09 May 2026 18:58:11 -0700 (PDT) Received: from ip-10-1-46-91.ap-northeast-1.compute.internal (ec2-176-32-72-196.ap-northeast-1.compute.amazonaws.com. [176.32.72.196]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2baf1d40677sm62741515ad.33.2026.05.09.18.58.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 09 May 2026 18:58:11 -0700 (PDT) From: Daiki Harada To: linux-media@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Mauro Carvalho Chehab , Daiki Harada , Kees Cook , syzbot+b1de0d5fd8a15fac11aa@syzkaller.appspotmail.com Subject: [PATCH] media: msi2500: fix memory leak in msi2500_probe error path Date: Sun, 10 May 2026 01:57:55 +0000 Message-ID: <20260510015755.198274-1-daiky0325@gmail.com> X-Mailer: git-send-email 2.54.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit When video_register_device() fails in msi2500_probe(), the error path jumps to err_unregister_v4l2_dev, which skips the call to v4l2_ctrl_handler_free(). This leaks memory allocated by v4l2_ctrl_handler_init() and v4l2_ctrl_add_handler(). Fix this by jumping to err_free_controls instead, which properly frees the control handler before unregistering the v4l2 device. Reported-by: syzbot+b1de0d5fd8a15fac11aa@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b1de0d5fd8a15fac11aa Tested-by: syzbot+b1de0d5fd8a15fac11aa@syzkaller.appspotmail.com Signed-off-by: Daiki Harada --- drivers/media/usb/msi2500/msi2500.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/msi2500/msi2500.c b/drivers/media/usb/msi2500/msi2500.c index 1ff98956b680..76e1f2bfab0c 100644 --- a/drivers/media/usb/msi2500/msi2500.c +++ b/drivers/media/usb/msi2500/msi2500.c @@ -1265,7 +1265,7 @@ static int msi2500_probe(struct usb_interface *intf, if (ret) { dev_err(dev->dev, "Failed to register as video device (%d)\n", ret); - goto err_unregister_v4l2_dev; + goto err_free_controls; } dev_info(dev->dev, "Registered as %s\n", video_device_node_name(&dev->vdev)); -- 2.54.0