tests/kms_fence_pin_leak: Exercise full ppgtt fence pin_count leak in the kernel

tests/kms_fence_pin_leak: Exercise full ppgtt fence pin_count leak in the kernel

The kernel full ppgtt support has a bug where it can drop a pinned
fence to the floor, hence we leak the pin_count as the subsequent
fence unpin becomes a nop. We can trigger it easily by unbinding a
buffer from a ppgtt address space while the buffer is simultaneosly
being used for scanout.

Make the kernel leak the fence pin_count and trick it into picking
a new fence register for the next scanout buffer. Looping like
this for a while we leak the pin_count for all fence registers after
which the kernel can no longer find a new fence register when it needs
one. As a result we get back a SIGBUS from the GTT mmap access.

Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>