From e4f22f0a5d65886f93642688ac795388f02dd940 Mon Sep 17 00:00:00 2001
From: James Prestwood <james.prestwood@linux.intel.com>
Date: Fri, 25 Jan 2019 10:08:28 -0800
Subject: [PATCH] ap: fix crash when stopping AP

The AP structure was getting cleaned up twice. When the DBus stop method came
in we do AP_STOP on nl80211. In this callback the AP was getting freed in
ap_reset. Also when the DBus interface was cleaned up it triggered ap_reset.

Since ap->started gets set to false in ap_reset, we now check this and bail
out if the AP is already stopped.

Fixes:
++++++++ backtrace ++++++++
0  0x7f099c11ef20 in /lib/x86_64-linux-gnu/libc.so.6
1  0x43fed0 in l_queue_foreach() at ell/queue.c:441 (discriminator 3)
2  0x423a6c in ap_reset() at src/ap.c:140
3  0x423b69 in ap_free() at src/ap.c:162
4  0x44ee86 in interface_instance_free() at ell/dbus-service.c:513
5  0x451730 in _dbus_object_tree_remove_interface() at ell/dbus-service.c:1650
6  0x405c07 in netdev_newlink_notify() at src/netdev.c:4449 (discriminator 9)
7  0x440775 in l_hashmap_foreach() at ell/hashmap.c:534
8  0x4455d3 in process_broadcast() at ell/netlink.c:158
9  0x4439b3 in io_callback() at ell/io.c:126
10 0x442c4e in l_main_iterate() at ell/main.c:473
11 0x442d1c in l_main_run() at ell/main.c:516
12 0x442f2b in l_main_run_with_signal() at ell/main.c:644
13 0x403ab3 in main() at src/main.c:504
14 0x7f099c101b97 in /lib/x86_64-linux-gnu/libc.so.6
+++++++++++++++++++++++++++
---
 src/ap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ap.c b/src/ap.c
index 51e60727..d8c1aa07 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -121,6 +121,9 @@ static void ap_reset(struct ap_state *ap)
 {
 	struct netdev *netdev = ap->netdev;
 
+	if (!ap->started)
+		return;
+
 	if (ap->pending)
 		dbus_pending_reply(&ap->pending,
 				dbus_error_aborted(ap->pending));