Looking at the function ubifs_finddir in the file fs/ubifs/ubifs.c, I was wondering if some memory had not been freed before the function returns.
287 static int ubifs_finddir(struct super_block *sb, char *dirname, 288 unsigned long root_inum, unsigned long *inum) 289 { ...
299 file = kzalloc(sizeof(struct file), 0); 300 dentry = kzalloc(sizeof(struct dentry), 0); 301 dir = kzalloc(sizeof(struct inode), 0);
.... 336 if ((strncmp(dirname, (char *)dent->name, nm.len) == 0) && 337 (strlen(dirname) == nm.len)) { 338 *inum = le64_to_cpu(dent->inum); 339 return 1; 340 }
Line 339 returns without freeing file, dentry and dir.
Maybe wrong but could somebody check that.