syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1345]
Subsystems
🐞 Fixed [7090]
🐞 Invalid [18709]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

memory leak in v4l2_ctrl_handler_init_class (3)

Status: upstream: reported C repro on 2026/05/07 23:35
Subsystems: media usb
[Documentation on labels]
Reported-by: syzbot+b1de0d5fd8a15fac11aa@syzkaller.appspotmail.com
First crash: 7d14h, last: 7d02h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] media: msi2500: fix memory leak in msi2500_probe error path 2 (2) 2026/05/14 16:33
[syzbot] [media?] [usb?] memory leak in v4l2_ctrl_handler_init_class (3) 0 (3) 2026/05/08 03:01
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in v4l2_ctrl_handler_init_class usb media 3 C 12 1852d 1904d 20/29 fixed on 2021/11/10 00:50
upstream memory leak in v4l2_ctrl_handler_init_class (2) usb media 3 C 14 106d 170d 29/29 fixed on 2026/05/06 16:40
Last patch testing requests (2)
Created Duration User Patch Repo Result
2026/05/08 03:01 36m daiky0325@gmail.com patch upstream OK log
2026/05/08 02:56 21m daiky0325@gmail.com upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff888106b17248 (size 8):
  comm "kworker/1:8", pid 6017, jiffies 4294942650
  hex dump (first 8 bytes):
    00 c7 2b 2b 81 88 ff ff                          ..++....
  backtrace (crc d625c37c):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
    v4l2_ctrl_handler_init_class+0x59/0x90 drivers/media/v4l2-core/v4l2-ctrls-core.c:1728
    msi2500_probe+0x2a9/0x390 drivers/media/usb/msi2500/msi2500.c:1248
    usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
    call_driver_probe drivers/base/dd.c:631 [inline]
    really_probe+0x12f/0x3a0 drivers/base/dd.c:709
    __driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
    driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
    __device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
    bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
    __device_attach+0xf9/0x290 drivers/base/dd.c:1101
    device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
    bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
    device_add+0x99b/0xc70 drivers/base/core.c:3706
    usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
    usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250
    usb_probe_device+0x78/0x1f0 drivers/usb/core/driver.c:291

BUG: memory leak
unreferenced object 0xffff888129cfe400 (size 256):
  comm "kworker/1:8", pid 6017, jiffies 4294942650
  hex dump (first 32 bytes):
    58 f7 2c 13 81 88 ff ff 58 f7 2c 13 81 88 ff ff  X.,.....X.,.....
    10 e4 cf 29 81 88 ff ff 10 e4 cf 29 81 88 ff ff  ...).......)....
  backtrace (crc 9e26d735):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kvmalloc_node_noprof+0x537/0x760 mm/slub.c:6832
    v4l2_ctrl_new+0x2bb/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2139
    v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
    handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
    v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
    v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
    msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
    usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
    call_driver_probe drivers/base/dd.c:631 [inline]
    really_probe+0x12f/0x3a0 drivers/base/dd.c:709
    __driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
    driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
    __device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
    bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
    __device_attach+0xf9/0x290 drivers/base/dd.c:1101
    device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
    bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
    device_add+0x99b/0xc70 drivers/base/core.c:3706

BUG: memory leak
unreferenced object 0xffff88812b2bc840 (size 64):
  comm "kworker/1:8", pid 6017, jiffies 4294942650
  hex dump (first 32 bytes):
    00 c8 2b 2b 81 88 ff ff 68 f7 2c 13 81 88 ff ff  ..++....h.,.....
    00 00 00 00 00 00 00 00 00 e4 cf 29 81 88 ff ff  ...........)....
  backtrace (crc 7d5214ee):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    handler_new_ref+0xd9/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1882
    v4l2_ctrl_new+0x69e/0x1470 drivers/media/v4l2-core/v4l2-ctrls-core.c:2222
    v4l2_ctrl_new_std+0x122/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2293
    handler_new_ref+0x34d/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1874
    v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
    v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
    msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
    usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
    call_driver_probe drivers/base/dd.c:631 [inline]
    really_probe+0x12f/0x3a0 drivers/base/dd.c:709
    __driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
    driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
    __device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
    bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
    __device_attach+0xf9/0x290 drivers/base/dd.c:1101
    device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
    bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613

BUG: memory leak
unreferenced object 0xffff88812b2bc800 (size 64):
  comm "kworker/1:8", pid 6017, jiffies 4294942650
  hex dump (first 32 bytes):
    c0 c7 2b 2b 81 88 ff ff 40 c8 2b 2b 81 88 ff ff  ..++....@.++....
    40 c8 2b 2b 81 88 ff ff 00 ea cf 29 81 88 ff ff  @.++.......)....
  backtrace (crc 63c3c8c3):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4574 [inline]
    slab_alloc_node mm/slub.c:4898 [inline]
    __do_kmalloc_node mm/slub.c:5294 [inline]
    __kmalloc_noprof+0x3b7/0x550 mm/slub.c:5307
    kmalloc_noprof include/linux/slab.h:954 [inline]
    kzalloc_noprof include/linux/slab.h:1188 [inline]
    handler_new_ref+0xd9/0x440 drivers/media/v4l2-core/v4l2-ctrls-core.c:1882
    v4l2_ctrl_add_handler drivers/media/v4l2-core/v4l2-ctrls-core.c:2443 [inline]
    v4l2_ctrl_add_handler+0x12d/0x180 drivers/media/v4l2-core/v4l2-ctrls-core.c:2417
    msi2500_probe+0x2e0/0x390 drivers/media/usb/msi2500/msi2500.c:1256
    usb_probe_interface+0x22a/0x4e0 drivers/usb/core/driver.c:396
    call_driver_probe drivers/base/dd.c:631 [inline]
    really_probe+0x12f/0x3a0 drivers/base/dd.c:709
    __driver_probe_device+0xe8/0x1a0 drivers/base/dd.c:871
    driver_probe_device+0x2a/0x120 drivers/base/dd.c:901
    __device_attach_driver+0x10f/0x170 drivers/base/dd.c:1029
    bus_for_each_drv+0xd2/0x130 drivers/base/bus.c:500
    __device_attach+0xf9/0x290 drivers/base/dd.c:1101
    device_initial_probe+0x6f/0x80 drivers/base/dd.c:1156
    bus_probe_device+0x3e/0xb0 drivers/base/bus.c:613
    device_add+0x99b/0xc70 drivers/base/core.c:3706
    usb_set_configuration+0x8f5/0xb80 drivers/usb/core/message.c:2268
    usb_generic_driver_probe+0x73/0xb0 drivers/usb/core/generic.c:250

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/07 16:29 upstream 5862221fdded f250db59 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in v4l2_ctrl_handler_init_class
2026/05/07 16:06 upstream 5862221fdded f250db59 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in v4l2_ctrl_handler_init_class
2026/05/07 15:43 upstream 5862221fdded f250db59 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in v4l2_ctrl_handler_init_class
2026/05/07 15:37 upstream 5862221fdded f250db59 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in v4l2_ctrl_handler_init_class
2026/05/07 15:33 upstream 5862221fdded f250db59 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in v4l2_ctrl_handler_init_class
* Struck through repros no longer work on HEAD.