It is wrong to leave this field as 1, as nvme_close() called in the error handling code in nvme_file_open() will use it and try to free s->queues again.
Clear the fields to avoid double-free. Cc: qemu-sta...@nongnu.org Signed-off-by: Fam Zheng <f...@redhat.com> --- block/nvme.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/block/nvme.c b/block/nvme.c index 6f71122bf5..7bdeb0ffce 100644 --- a/block/nvme.c +++ b/block/nvme.c @@ -666,6 +666,8 @@ fail_queue: nvme_free_queue_pair(bs, s->queues[0]); fail: g_free(s->queues); + s->queues = NULL; + s->nr_queues = 0; if (s->regs) { qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE); } -- 2.17.0