NetworkManager crashes in _device_auth_done_fail_on_idle because unpacked user data is all 0
Our system uses NM version 1.24.2 and wpa_supplicant-2.9.
In some cases NM crashes. The crash is pretty hard to reproduce, the following events are related:
- the AP the system is currently connected to disappears (because of power-off or change of channel)
- an explicit wifi AP scan is triggered by nmmcli
- a new AP and/or changed channel for a AP is discovered
I'm not 100% sure the latter condition is really 'required' for this problem to occur. It seems the first two are really needed.
I'm 100% certain the crash occurs in _device_auth_done_fail_on_idle because the unpacked user data is 0. I was able to reproduce this issue once on a rpi-4. Find attached the log of this debug session, I hope it is any useful. I looked into the code briefly, but I do not know why the user_data seemed to be freed already before the callback being done.