Re: [PATCH] ntfs3: fix memory leak in indx_create_allocate()

Next message: Biju Das: "RE: [PATCH] PCI: rzg3s-host: Treat link-down as -ENODEV instead of error"
Previous message: Marc Zyngier: "Re: [PATCH] KVM: arm64: Pass a 64bit function-id in the SMC handlers"
Next in thread: Konstantin Komarov: "Re: [PATCH] ntfs3: fix memory leak in indx_create_allocate()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Konstantin Komarov

Date: Wed Apr 01 2026 - 14:29:03 EST

On 3/31/26 10:49, Deepanshu Kartikey wrote:

On Mon, Mar 23, 2026 at 10:51 AM Deepanshu Kartikey
<kartikey406@xxxxxxxxx> wrote:

When indx_create_allocate() fails after
attr_allocate_clusters() succeeds, run_deallocate()
frees the disk clusters but never frees the memory
allocated by run_add_entry() via kvmalloc() for the
runs_tree structure.

Fix this by adding run_close() at the out: label to
free the run.runs memory on all error paths. The
success path is unaffected as it returns 0 directly
without going through out:, transferring ownership
of the run memory to indx->alloc_run via memcpy().

Reported-by: syzbot+7adcddaeeb860e5d3f2f@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=7adcddaeeb860e5d3f2f
Signed-off-by: Deepanshu Kartikey <Kartikey406@xxxxxxxxx>
---
fs/ntfs3/index.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 97f06c26fe1a..11f59d7b9ea4 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1481,6 +1481,7 @@ static int indx_create_allocate(struct ntfs_index *indx, struct ntfs_inode *ni,
run_deallocate(sbi, &run, false);

out:
+ run_close(&run);
return err;
}

--
2.43.0

Hi Almaz,

Gentle ping on this patch . I have submitted this patch on 23 March
2026 and this patch has been tested by sysbot.

Please let me know if anything else required

Thanks

Hello,

Your patch is being tested internally. I’ll follow up with
feedback in the next few days.

Regards,
Konstantin