On Wed, Jul 09, 2025 at 01:26:02AM +0530, Naresh Kamboju wrote:
I am investigating this issue, Planning to revert and re-build and test in a loop. c871c199accb3 regmap: fix potential memory leak of regmap_bus
[ 11.087822] Call trace: [ 11.094930] adv7511_cec_register_volatile+0xc/0x30 adv7511 (P) [ 11.097194] regcache_read (drivers/base/regmap/regcache.c:273) [ 11.103438] _regmap_read (drivers/base/regmap/regmap.c:2805) [ 11.107084] regmap_read (drivers/base/regmap/regmap.c:2850)
This backtrace seems fishy, the function that's faulting is just doing a straight lookup of the register number without reference to the supplied device. This looks like a preexisting bug in the driver, we create an I2C bus for the CEC in adv7511_init_cec_regmap() using a non-devm function but register the interrupt handler using devm_request_threaded_irq() and devm will free things after the remove function has run. This means that on removal or error cleanup we free the I2C bus while the interrupt is still registered but nothing stops the interrupt handler from continuing to try to access the freed CEC bus. This is going to access freed memory, I'm kind of surprised it wasn't already having trouble - turning on some of the memory debugging options or sanitisers should show issues.
Don't use devm_request_threaded_irq() folks...