On Thu, Mar 08, 2018 at 08:45:25AM, Meelis Roos wrote: > When firmware init fails, qla2x00_probe_one() does double free of req and rsp > queues and possibly other structures allocated by qla2x00_mem_alloc(). > Fix it by pulling out qla2x00_mem_free() and qla2x00_free_queues() invocations > from qla2x00_free_device() and call them manually where needed, and also zero > the req and rsp pointers after freeing them once in the error handler of > qla2x00_probe_one(). > This fixes memory corruption and further crashes in unrelated code when qla2200 > init fails for some reason. > Signed-off-by: Meelis Roos <mroos@xxxxxxxx> Hi Meelis, This issue should already be addressed by a very recent commit: 6a2cf8d3663e13e1 scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure Furthermore, the additions in qla2x00_remove_one of: + qla2x00_mem_free(ha); + + qla2x00_free_queues(ha); + are unnecessary. These routines are already called by qla2x00_free_device just above in qla2x00_remove_one. Regards, -bk
