On Fri, Jun 7, 2019 at 10:18 PM Sylwester Nawrocki s.nawrocki@samsung.com wrote:
When soc_init_dai_link() call at the beginning of snd_soc_instantiate_card function fails soc_cleanup_card_resources() and then snd_soc_dapm_free() gets called with an incompletely initialized card->dapm. In particular card->dapm.card is NULL and it gets dereferenced in dapm_free_widgets(). Also dapm->list is invalid and there is an invalid pointer dereference from list_del().
You don't need to do this. In my original patch (https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git/commit/?h=...), soc_cleanup_card_resources() should not be called if soc_init_dai_link() returns fail.
I found there is a merge conflict. Kuninori Morimoto removed some legacy code (i.e. soc_cleanup_platform() -> soc_cleanup_legacy()) at the same time (https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git/commit/?h=...).
But, the conflict was not fixed correctly (https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git/commit/?h=...), the soc_cleanup_platform() turns to soc_cleanup_card_resources().
Based on current for-next branch, we could simply remove the soc_cleanup_card_resources() call.