Description of problem:
If userspace supplies an invalid pointer to a read() of an inotify instance, the inotify device's event list mutex is unlocked twice. This causes an unbalance which effectively leaves the data structure unprotected, and we can trigger oopses by accessing the inotify instance from different tasks concurrently.
Created attachment 334277 [details]
CVSS2 score of medium, 4.7 (AV:L/AC:M/Au:N/C:N/I:N/A:C)