ntsync: Fix reference leaks in the remaining create ioctls.

When ntsync_obj_get_fd() fails, we free the ntsync object but forget to drop the
"file" member.

This was fixed for semaphores in 0e7d523b5f, but
that commit did not fix the similar leak for events and mutexes, since they were
part of patches not yet in the mainline kernel. Fix those cases.

Fixes: 5bc2479a35 "ntsync: Introduce NTSYNC_IOC_CREATE_MUTEX."
Fixes: 4c7404b9c2 "ntsync: Introduce NTSYNC_IOC_CREATE_EVENT."
Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20250116190717.8923-1-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/misc/ntsync.c

@@ -781,7 +781,7 @@ static int ntsync_create_mutex(struct ntsync_device *dev, void __user *argp)
 	mutex->u.mutex.owner = args.owner;
 	fd = ntsync_obj_get_fd(mutex);
 	if (fd < 0)
-		kfree(mutex);
+		ntsync_free_obj(mutex);
 
 	return fd;
 }
@@ -802,7 +802,7 @@ static int ntsync_create_event(struct ntsync_device *dev, void __user *argp)
 	event->u.event.signaled = args.signaled;
 	fd = ntsync_obj_get_fd(event);
 	if (fd < 0)
-		kfree(event);
+		ntsync_free_obj(event);
 
 	return fd;
 }