drm/qxl: Avoid double free on error

Is we are not able to get source bo object from handle we free
destination bo object and call cleanup code however destination
object was already inserted in reloc_info array (num_relocs was
already incremented) so on cleanup we free destination again.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

drivers/gpu/drm/qxl/qxl_ioctl.c

@@ -240,8 +240,6 @@ static int qxl_process_single_command(struct qxl_device *qdev,
 				qxlhw_handle_to_bo(qdev, file_priv,
 						   reloc.src_handle, release);
 			if (!reloc_info[i].src_bo) {
-				if (reloc_info[i].dst_bo != cmd_bo)
-					drm_gem_object_unreference_unlocked(&reloc_info[i].dst_bo->gem_base);
 				ret = -EINVAL;
 				goto out_free_bos;
 			}