From nobody Mon Apr 6 09:08:16 2026 Received: from mail-ot1-f69.google.com (mail-ot1-f69.google.com [209.85.210.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 266E140DFB9 for ; Sat, 21 Mar 2026 02:09:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.69 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774058985; cv=none; b=uTpjFnLtveQaJ75ZZNy8PjTRdPcXRygma6oC1jhsSOMJbpSUI1IdIEeR1HTnYGDbjBXwH0d4cZ5mDcjdDIkKWIuwATMP56Jbj7ZNdiv6cGNiY7n2slUfpx1kGIVUQsbuhkMaJ9NqDcKPEhv6Kvs8pbYfjD8c6IJu1fC2x68godc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774058985; c=relaxed/simple; bh=eJaAcw5KqEkEVhQfMeIrOdQXjkt1zbRG641C//iTe/8=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=VttgSTgvFnA5nXNVwyPyKZCyU00/1hjnOu2TkotZz3cIU/vP0IFsNBd73w1PQ7YQWOHWt/zlOb+T4Na95tieh8ufWHojKhhZb6ahGtuNyP8A8EfRGqJnxA8jvB2QTB3+8VQE2LCq5t0XjMnLLdo97mHB+e8demm680jUdWRrSa0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.210.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-ot1-f69.google.com with SMTP id 46e09a7af769-7d7f23bd25bso12344778a34.0 for ; Fri, 20 Mar 2026 19:09:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774058983; x=1774663783; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eIDUz6fi2OSLVxCC9nUqw6bneNmyS3pEA1Lk28GZM64=; b=mNjmRp+NdQhiNAk2xCDYNVnX+I7q2n+1JLHYYT2dwaGKRYzhaGVvZ3lYuK9KOH0QIh BI7eGwvdn7o+Qb0CHOCdrVmFH/CcLlaeW8yvN9J9xVobgfRXANWZJu263WibytWByC0U WEUHOaD3zbHJQ7xBs7ghe21SWNXGQEefmAsuCl4msi2vtSwv3XNTRZWJDCeeHMxUituS VKYDodUt6d56PWtI4O0zTMDVaFxR+o+WtB26jr7uqulEcsO0NmUKZJQA2U6ecrAUNbrz zJ2x5hrB+cdhYmSXelLEoo2iygPGNNyGVNo5Hifvn4vT5GUdax82Du0r8dHj4XD1uAIp BIKw== X-Gm-Message-State: AOJu0Yyo7ZUf+OseJJBmIVCz4yahzPdXCncc+EG9gigbk194vwTxnqoc 8QTZs52Y1dgeJiu06RwfFLKiPdzjsGRZD3xkJda+DXLlakx7pjcwIw1NnASDHEX4BrPBx0C/Eaa MY1cfF74gRLIjqkGzBsNPkkiZLiIShgG/0ziGMsfMhk5veuTJUO/0UVioYcA= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6808:1590:b0:45f:2013:8cfa with SMTP id 5614622812f47-467cd558397mr5760076b6e.2.1774058983190; Fri, 20 Mar 2026 19:09:43 -0700 (PDT) Date: Fri, 20 Mar 2026 19:09:43 -0700 In-Reply-To: <69bdd09b.050a0220.3bf4de.0032.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69bdfde7.050a0220.3bf4de.0037.GAE@google.com> Subject: Forwarded: [PATCH] ntfs3: fix memory leak in indx_insert_into_root() From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] ntfs3: fix memory leak in indx_insert_into_root() Author: kartikey406@gmail.com #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git= master When indx_create_allocate() succeeds but a subsequent operation fails (indx_get_root() returning NULL, indx_new() failing, or the allocation itself failing), the run list allocated in run_add_entry() via attr_allocate_clusters() is never freed, causing a memory leak. Fix this by adding a new out_free_alloc label that calls run_close() on indx->alloc_run before the existing cleanup labels, and redirecting the affected error paths to use it. Reported-by: syzbot+7adcddaeeb860e5d3f2f@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3D7adcddaeeb860e5d3f2f Signed-off-by: Deepanshu Kartikey --- fs/ntfs3/index.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c index 97f06c26fe1a..16479b6ce845 100644 --- a/fs/ntfs3/index.c +++ b/fs/ntfs3/index.c @@ -1711,7 +1711,7 @@ static int indx_insert_into_root(struct ntfs_index *i= ndx, struct ntfs_inode *ni, /* Bug? */ ntfs_set_state(sbi, NTFS_DIRTY_ERROR); err =3D -EINVAL; - goto out_free_re; + goto out_free_alloc; } =20 if (err) { @@ -1722,7 +1722,7 @@ static int indx_insert_into_root(struct ntfs_index *i= ndx, struct ntfs_inode *ni, /* Bug? */ ntfs_set_state(sbi, NTFS_DIRTY_ERROR); } - goto out_free_re; + goto out_free_alloc; } =20 e =3D (struct NTFS_DE *)(root + 1); @@ -1733,7 +1733,7 @@ static int indx_insert_into_root(struct ntfs_index *i= ndx, struct ntfs_inode *ni, n =3D indx_new(indx, ni, new_vbn, sub_vbn); if (IS_ERR(n)) { err =3D PTR_ERR(n); - goto out_free_re; + goto out_free_alloc; } =20 hdr =3D &n->index->ihdr; @@ -1781,6 +1781,8 @@ static int indx_insert_into_root(struct ntfs_index *i= ndx, struct ntfs_inode *ni, =20 out_put_n: put_indx_node(n); +out_free_alloc: + run_close(&indx->alloc_run); out_free_re: kfree(re); out_free_root: --=20 2.43.0