Re: [PATCH] ntfs3: fix memory leak in indx_create_allocate()

Next message: Jie Zhan: "Re: [PATCH RESEND 1/4] PM / devfreq: Fix possible null pointer issue in devfreq_add_governor()"
Previous message: Cristian Cozzolino via B4 Relay: "[PATCH v5 4/6] arm64: dts: qcom: msm8953-flipkart-rimob: Enable WiFi/Bluetooth"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Deepanshu Kartikey

Date: Tue Mar 31 2026 - 04:54:58 EST

On Mon, Mar 23, 2026 at 10:51 AM Deepanshu Kartikey
<kartikey406@xxxxxxxxx> wrote:
>
> When indx_create_allocate() fails after
> attr_allocate_clusters() succeeds, run_deallocate()
> frees the disk clusters but never frees the memory
> allocated by run_add_entry() via kvmalloc() for the
> runs_tree structure.
>
> Fix this by adding run_close() at the out: label to
> free the run.runs memory on all error paths. The
> success path is unaffected as it returns 0 directly
> without going through out:, transferring ownership
> of the run memory to indx->alloc_run via memcpy().
>
> Reported-by: syzbot+7adcddaeeb860e5d3f2f@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=7adcddaeeb860e5d3f2f
> Signed-off-by: Deepanshu Kartikey <Kartikey406@xxxxxxxxx>
> ---
> fs/ntfs3/index.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
> index 97f06c26fe1a..11f59d7b9ea4 100644
> --- a/fs/ntfs3/index.c
> +++ b/fs/ntfs3/index.c
> @@ -1481,6 +1481,7 @@ static int indx_create_allocate(struct ntfs_index *indx, struct ntfs_inode *ni,
> run_deallocate(sbi, &run, false);
>
> out:
> + run_close(&run);
> return err;
> }
>
> --
> 2.43.0
>

Hi Almaz,

Gentle ping on this patch . I have submitted this patch on 23 March
2026 and this patch has been tested by sysbot.

Please let me know if anything else required

Thanks