Hi. I got double free bug at qla2x00_probe_one's error path and kernel was panicked. qla2x00_probe_one's probe_failed path is as follows: qla2x00_free_que(ha, req, rsp); qla2x00_free_device(base_vha); qla2x00_free_device calls qla2x00_free_que through qla2x00_free_queues. qla2x00_free_device frees the same pointer of req and rsp that is already freed by qla2x00_free_que. Following patch fixes this problem. Thanks. Signed-off-by: Hisashi Hifumi <hifumi.hisashi@xxxxxxxxxxxxx> diff -Nrup linux-2.6.29-rc1.org/drivers/scsi/qla2xxx/qla_os.c linux-2.6.29-rc1.qla2x/drivers/scsi/qla2xxx/qla_os.c --- linux-2.6.29-rc1.org/drivers/scsi/qla2xxx/qla_os.c 2009-01-15 15:37:31.000000000 +0900 +++ linux-2.6.29-rc1.qla2x/drivers/scsi/qla2xxx/qla_os.c 2009-01-16 11:52:47.000000000 +0900 @@ -1999,6 +1999,8 @@ qla2x00_probe_one(struct pci_dev *pdev, probe_failed: qla2x00_free_que(ha, req, rsp); + ha->rsp_q_map[0] = NULL; + ha->req_q_map[0] = NULL; qla2x00_free_device(base_vha); scsi_host_put(base_vha->host); -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
