It is possible to double free the vm_ctx->mmu_ctx object in this
function.

    630 err_page_table_destroy:
--> 631         pvr_mmu_context_destroy(vm_ctx->mmu_ctx);

The pvr_vm_context_put() function does:

        kref_put(&vm_ctx->ref_count, pvr_vm_context_release);

Here the pvr_vm_context_release() will call:

        pvr_mmu_context_destroy(vm_ctx->mmu_ctx);

Refactor to an unwind style.
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Donald Robson <donald.robson@imgtec.com>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Maxime Ripard <mripard@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20231213144431.94956-2-donald.robson@imgtec.com