Crash related to p2p

[Ben Greear]

We're seeing this crash.  It appears that by the time we get to frame 2, ctx
is corrupted.  It is not a wpa_s, or at least not a good one.

Maybe the msg_ctx passed in below is not what the
code is expecting?

void p2p_update_channel_list(struct p2p_data *p2p, struct p2p_channels *chan)
{
	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Update channel list");
	os_memcpy(&p2p->cfg->channels, chan, sizeof(struct p2p_channels));
}

My build is based on top of 7c4e92115a795dd2ee2135cf49d7e9e172fb5851

And for what it's worth, I'm not using P2P on purpose....maybe this
code just always runs?

#0  0x00000000004baeb0 in wpa_supplicant_ctrl_iface_send (
     priv=0x6dd6018120c0432, level=2, buf=0x839e80 "P2P: Update channel list",
     len=24) at ctrl_iface_unix.c:519
#1  0x00000000004ba667 in wpa_supplicant_ctrl_iface_msg_cb (ctx=0x7e6f50,
     level=2, txt=0x839e80 "P2P: Update channel list", len=24)
     at ctrl_iface_unix.c:248
#2  0x000000000040f964 in wpa_msg (ctx=0x7e6f50, level=2,
     fmt=0x4ff777 "P2P: Update channel list") at ../src/utils/wpa_debug.c:623
#3  0x000000000043b159 in p2p_update_channel_list (p2p=0x8029b0,
     chan=0x7fff31e24230) at ../src/p2p/p2p.c:3813
#4  0x00000000004300e9 in wpas_p2p_update_channel_list (wpa_s=0x81f120)
     at p2p_supplicant.c:4531
#5  0x00000000004cec41 in wpa_supplicant_event (ctx=0x81f120,
     event=EVENT_CHANNEL_LIST_CHANGED, data=0x0) at events.c:2605
#6  0x00000000004d9f10 in do_process_drv_event (drv=0x81fa70, cmd=36,
     tb=0x7fff31e24690) at ../src/drivers/driver_nl80211.c:2155
#7  0x00000000004da1ee in process_global_event (msg=0x8006e0, arg=0x7e7770)
     at ../src/drivers/driver_nl80211.c:2228
#8  0x00007f9b30759022 in nl_cb_call (sk=0x7ea740, cb=0x7e7870)
     at ../include/netlink-local.h:126
#9  recvmsgs (sk=0x7ea740, cb=0x7e7870) at nl.c:729
#10 nl_recvmsgs (sk=0x7ea740, cb=0x7e7870) at nl.c:780

Thanks,
Ben

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com