1. Patchew
  2. linux
  3. View series

Forwarded: [PATCH] ntfs3: fix memory leak in indx_insert_into_root()

syzbot posted 1 patch 1 week, 6 days ago
There is a newer version of this series
fs/ntfs3/index.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
Forwarded: [PATCH] ntfs3: fix memory leak in indx_insert_into_root()
Posted by syzbot 1 week, 6 days ago 
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] ntfs3: fix memory leak in indx_insert_into_root()
Author: kartikey406@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master


When indx_create_allocate() succeeds but a subsequent
operation fails (indx_get_root() returning NULL,
indx_new() failing, or the allocation itself failing),
the run list allocated in run_add_entry() via
attr_allocate_clusters() is never freed, causing a
memory leak.

Fix this by adding a new out_free_alloc label that
calls run_close() on indx->alloc_run before the
existing cleanup labels, and redirecting the affected
error paths to use it.

Reported-by: syzbot+7adcddaeeb860e5d3f2f@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=7adcddaeeb860e5d3f2f
Signed-off-by: Deepanshu Kartikey <Kartikey406@gmail.com>
---
 fs/ntfs3/index.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 97f06c26fe1a..16479b6ce845 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1711,7 +1711,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 		/* Bug? */
 		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
 		err = -EINVAL;
-		goto out_free_re;
+		goto out_free_alloc;
 	}
 
 	if (err) {
@@ -1722,7 +1722,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 			/* Bug? */
 			ntfs_set_state(sbi, NTFS_DIRTY_ERROR);
 		}
-		goto out_free_re;
+		goto out_free_alloc;
 	}
 
 	e = (struct NTFS_DE *)(root + 1);
@@ -1733,7 +1733,7 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 	n = indx_new(indx, ni, new_vbn, sub_vbn);
 	if (IS_ERR(n)) {
 		err = PTR_ERR(n);
-		goto out_free_re;
+		goto out_free_alloc;
 	}
 
 	hdr = &n->index->ihdr;
@@ -1781,6 +1781,8 @@ static int indx_insert_into_root(struct ntfs_index *indx, struct ntfs_inode *ni,
 
 out_put_n:
 	put_indx_node(n);
+out_free_alloc:
+	run_close(&indx->alloc_run);
 out_free_re:
 	kfree(re);
 out_free_root:
-- 
2.43.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.