From: Huang Chenming Date: Sat, 6 Sep 2025 08:44:51 +0000 (+0530) Subject: nl80211: Fix unexpected BSS event handling X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d59b47a3ec455fbe7195edf835b5efba35b332af;p=thirdparty%2Fhostap.git nl80211: Fix unexpected BSS event handling When a BSS is deinitialized, the bss->in_deinit flag may not be set if it is not the final BSS being processed. This oversight can lead to nl_preq handle remaining active and undestroyed for a logically deinitialized BSS. Consequently, if subsequent events related to this BSS arrive and are handled by wpa_driver_nl80211_event_receive(), they are handled for a BSS that is no longer operational, leading to unexpected behavior or potential crashes. Ensure bss->in_deinit is consistently set to 1 within wpa_driver_nl80211_if_remove() to correctly mark the BSS as under deinitialization, allowing for proper cleanup and preventing event handling for stale BSS contexts. Signed-off-by: Huang Chenming --- diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 8a007698b..c69c007e9 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -9237,6 +9237,7 @@ static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, bss->brname, strerror(errno)); } + bss->in_deinit = 1; if (bss != drv->first_bss) { struct i802_bss *tbss;