The call to del_gendisk follows an non-refcounted gd->queue
pointer. We release the last ref in blk_cleanup_queue. Fixed by
reordering releases accordingly.

Signed-off-by: Daniel Stodden <daniel.stodden@xxxxxxxxxx>

diff -r b863073c3633 -r 649bc0003f9a drivers/block/xen-blkfront.c
--- a/drivers/block/xen-blkfront.c	Fri Apr 30 14:58:59 2010 -0700
+++ b/drivers/block/xen-blkfront.c	Fri Apr 30 14:58:59 2010 -0700
@@ -1021,14 +1021,14 @@
 	/* Flush gnttab callback work. Must be done with no locks held. */
 	flush_scheduled_work();
 
-	blk_cleanup_queue(info->rq);
-	info->rq = NULL;
-
 	minor = info->gd->first_minor;
 	nr_minors = info->gd->minors;
 	del_gendisk(info->gd);
 	xlbd_release_minors(minor, nr_minors);
 
+	blk_cleanup_queue(info->rq);
+	info->rq = NULL;
+
  out:
 	if (info->xbdev)
 		xenbus_frontend_closed(info->xbdev);