From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41BE62737EE; Fri, 9 Jan 2026 12:29:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767961757; cv=none; b=qJ/CDzNrG4R6ebA2VGXPCHCvA+yD/U5XEnbAXaO/JizB0UO2lLBI3/Tfrm9IgQP0QsopGpw1TZAEmMq9+xdWUpsXmviYI3udCRYApxItWWTyoxpq0YSxsqXBCw8dKAjR+eqiubzpqtPsrF1LciO0PRg0le1wol/7ZoDdBUGNQkk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767961757; c=relaxed/simple; bh=TQMJCHfRwN2uGKkPuKMiSVmsKlUNJRHnQ73EEiinvZo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MlvXjlJ7ya0HNfzXMy/elE0pnQAJbXUDpoJVwIIebeGFKUFRDqKNuzVgfiIBcIgdcKoozuubItX2f2/AiP/ymRxoFIuIp0B2hcleUfLCetJFnGri5+CR0W7vwosV86d9Bkl0W8id1IAyeAX4DkKeeY9tv1wObbtfZUGwdjYEbKc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=TbV1zVii; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="TbV1zVii" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 89AB2C4CEF1; Fri, 9 Jan 2026 12:29:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1767961756; bh=TQMJCHfRwN2uGKkPuKMiSVmsKlUNJRHnQ73EEiinvZo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TbV1zVii0AQ1WDSaamxFcOCtD6jngPUpGUvG0lCXMj53VnMxUt3KPpnz95RnnjyA0 DgHiZoW3GnT+LxbvanEj3LMkepO0rK5qS2JgZ6g7InVsmLbw9XWPc938TrOf2RIVFW 2U1P2EDej5fWhZeqKWRXDuAlAIl6xJ6F+GiOx270= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, syzbot+3932ccb896e06f7414c9@syzkaller.appspotmail.com, Edward Adam Davis , Konstantin Komarov , Sasha Levin Subject: [PATCH 6.1 125/634] fs/ntfs3: Prevent memory leaks in add sub record Date: Fri, 9 Jan 2026 12:36:43 +0100 Message-ID: <20260109112122.148544440@linuxfoundation.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260109112117.407257400@linuxfoundation.org> References: <20260109112117.407257400@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 6.1-stable review patch. If anyone has any objections, please let me know. ------------------ From: Edward Adam Davis [ Upstream commit ccc4e86d1c24260c18ae94541198c3711c140da6 ] If a rb node with the same ino already exists in the rb tree, the newly alloced mft_inode in ni_add_subrecord() will not have its memory cleaned up, which leads to the memory leak issue reported by syzbot. The best option to avoid this issue is to put the newly alloced mft node when a rb node with the same ino already exists in the rb tree and return the rb node found in the rb tree to the parent layer. syzbot reported: BUG: memory leak unreferenced object 0xffff888110bef280 (size 128): backtrace (crc 126a088f): ni_add_subrecord+0x31/0x180 fs/ntfs3/frecord.c:317 ntfs_look_free_mft+0xf0/0x790 fs/ntfs3/fsntfs.c:715 BUG: memory leak unreferenced object 0xffff888109093400 (size 1024): backtrace (crc 7197c55e): mi_init+0x2b/0x50 fs/ntfs3/record.c:105 mi_format_new+0x40/0x220 fs/ntfs3/record.c:422 Fixes: 4342306f0f0d ("fs/ntfs3: Add file operations and implementation") Reported-by: syzbot+3932ccb896e06f7414c9@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis Signed-off-by: Konstantin Komarov Signed-off-by: Sasha Levin --- fs/ntfs3/frecord.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index f1f5b84e2ef17..1ac0a7b87c651 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -377,8 +377,10 @@ bool ni_add_subrecord(struct ntfs_inode *ni, CLST rno, struct mft_inode **mi) mi_get_ref(&ni->mi, &m->mrec->parent_ref); - ni_add_mi(ni, m); - *mi = m; + *mi = ni_ins_mi(ni, &ni->mi_tree, m->rno, &m->node); + if (*mi != m) + mi_put(m); + return true; } -- 2.51.0