From d59b47a3ec455fbe7195edf835b5efba35b332af Mon Sep 17 00:00:00 2001
From: Huang Chenming <chenhuan@qti.qualcomm.com>
Date: Sat, 6 Sep 2025 14:14:51 +0530
Subject: [PATCH] nl80211: Fix unexpected BSS event handling

When a BSS is deinitialized, the bss->in_deinit flag may not be set if
it is not the final BSS being processed. This oversight can lead to
nl_preq handle remaining active and undestroyed for a logically
deinitialized BSS. Consequently, if subsequent events related to this
BSS arrive and are handled by wpa_driver_nl80211_event_receive(), they
are handled for a BSS that is no longer operational, leading to
unexpected behavior or potential crashes.

Ensure bss->in_deinit is consistently set to 1 within
wpa_driver_nl80211_if_remove() to correctly mark the BSS as under
deinitialization, allowing for proper cleanup and preventing event
handling for stale BSS contexts.

Signed-off-by: Huang Chenming <chenhuan@qti.qualcomm.com>
---
 src/drivers/driver_nl80211.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 8a007698b..c69c007e9 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -9237,6 +9237,7 @@ static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
 				   bss->brname, strerror(errno));
 	}
 
+	bss->in_deinit = 1;
 	if (bss != drv->first_bss) {
 		struct i802_bss *tbss;
 
-- 
2.47.3