[PATCH] media: imx8mq-mipi-csi2: fix memory leak in imx8mq_mipi_csi_probe()

Dawei Feng dawei.feng at seu.edu.cn
Wed May 27 01:06:24 PDT 2026 

If imx8mq_mipi_csi_init_icc() or imx8mq_mipi_csi_runtime_resume() fails
after subdev initialization, the function fails to release the
corresponding resources, leaking the subdev state and media entity.

Fix this by introducing a dedicated subdev cleanup label and routing the
affected error paths to it. This reordering is safe as the consolidated
label chain preserves the correct sequence without affecting other
execution paths.

The bug was first flagged by an experimental analysis tool we are
developing for kernel memory-management bugs while analyzing
v6.13-rc1. The tool is still under development and is not yet publicly
available. Manual inspection confirms that the bug is still
present in v7.1-rc5.

An x86_64 allyesconfig build showed no new warnings. As we do not
have suitable i.MX8MQ MIPI-CSI2 hardware to test with, no runtime
testing was able to be performed.

Fixes: cd063027c304 ("media: imx: Unstage the imx8mq-mipi-csi2 driver")
Cc: stable at vger.kernel.org
Signed-off-by: Zilin Guan <zilin at seu.edu.cn>
Signed-off-by: Dawei Feng <dawei.feng at seu.edu.cn>
---
 drivers/media/platform/nxp/imx8mq-mipi-csi2.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/media/platform/nxp/imx8mq-mipi-csi2.c b/drivers/media/platform/nxp/imx8mq-mipi-csi2.c
index 04ebed8a0493..e5a062cc0788 100644
--- a/drivers/media/platform/nxp/imx8mq-mipi-csi2.c
+++ b/drivers/media/platform/nxp/imx8mq-mipi-csi2.c
@@ -1016,7 +1016,7 @@ static int imx8mq_mipi_csi_probe(struct platform_device *pdev)
 
 	ret = imx8mq_mipi_csi_init_icc(pdev);
 	if (ret)
-		goto mutex;
+		goto subdev;
 
 	/* Enable runtime PM. */
 	pm_runtime_enable(dev);
@@ -1036,13 +1036,14 @@ static int imx8mq_mipi_csi_probe(struct platform_device *pdev)
 	pm_runtime_disable(&pdev->dev);
 	imx8mq_mipi_csi_runtime_suspend(&pdev->dev);
 
-	media_entity_cleanup(&state->sd.entity);
-	v4l2_subdev_cleanup(&state->sd);
 	v4l2_async_nf_unregister(&state->notifier);
 	v4l2_async_nf_cleanup(&state->notifier);
 	v4l2_async_unregister_subdev(&state->sd);
 icc:
 	imx8mq_mipi_csi_release_icc(pdev);
+subdev:
+	media_entity_cleanup(&state->sd.entity);
+	v4l2_subdev_cleanup(&state->sd);
 mutex:
 	mutex_destroy(&state->lock);
 
-- 
2.34.1

More information about the linux-arm-kernel mailing list