ntfs_fill_super()'s err_out_now path frees only the volume struct via
kfree(vol), leaving several vol-owned allocations behind on mount
failure.

vol->nls_map is loaded by ntfs_init_fs_context() via load_nls_default()
or replaced by an explicit nls= option in ntfs_parse_param().
vol->volume_label is allocated by load_system_files() once the $Volume
name attribute has been parsed.  vol->lcn_empty_bits_per_page is
allocated before load_system_files() and was freed only from the upper
error label.

Move these per-volume frees to err_out_now so every failure path
releases them exactly once.

Signed-off-by: DaeMyung Kang <charsyam@gmail.com>
---
 super.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/super.c b/super.c
index f93f0f8bcc45..6cf09bbe017d 100644
--- a/super.c
+++ b/super.c
@@ -2638,8 +2638,6 @@ static int ntfs_fill_super(struct super_block *sb, struct fs_context *fc)
 	}
 	/* Error exit code path. */
 unl_upcase_iput_tmp_ino_err_out_now:
-	if (vol->lcn_empty_bits_per_page)
-		kvfree(vol->lcn_empty_bits_per_page);
 	/*
 	 * Decrease the number of upcase users and destroy the global default
 	 * upcase table if necessary.
@@ -2659,6 +2657,9 @@ iput_tmp_ino_err_out_now:
 	/* Errors at this stage are irrelevant. */
 err_out_now:
 	sb->s_fs_info = NULL;
+	kvfree(vol->lcn_empty_bits_per_page);
+	kfree(vol->volume_label);
+	unload_nls(vol->nls_map);
 	kfree(vol);
 	ntfs_debug("Failed, returning -EINVAL.");
 	lockdep_on();
-- 
2.43.0