From: Deepanshu Kartikey <kartikey406@gmail.com>
Date: Mon, 23 Mar 2026 05:21:48 +0000 (+0530)
Subject: ntfs3: fix memory leak in indx_create_allocate()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87ac077d6ea8613b7c1debdf3b5e92c78618fd23;p=thirdparty%2Flinux.git

ntfs3: fix memory leak in indx_create_allocate()

When indx_create_allocate() fails after
attr_allocate_clusters() succeeds, run_deallocate()
frees the disk clusters but never frees the memory
allocated by run_add_entry() via kvmalloc() for the
runs_tree structure.

Fix this by adding run_close() at the out: label to
free the run.runs memory on all error paths. The
success path is unaffected as it returns 0 directly
without going through out:, transferring ownership
of the run memory to indx->alloc_run via memcpy().

Reported-by: syzbot+7adcddaeeb860e5d3f2f@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=7adcddaeeb860e5d3f2f
Signed-off-by: Deepanshu Kartikey <Kartikey406@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
---

diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 8b107b6714ce..5344b29b0577 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1482,6 +1482,7 @@ out1:
 	run_deallocate(sbi, &run, false);
 
 out:
+	run_close(&run);
 	return err;
 }