scan: Update current request on NL80211_CMD_SCAN_ABORTED

If the current request is not freed when we receive the
NL80211_CMD_SCAN_ABORTED event, device.c will keep thinking that
we're still scanning and the scan.c logic also gets confused and may
resend the current request at some point and call sr->trigger again
causing a segfault in device.c.

I pass an empty bss_list to the callback, another possibility would be
to pass NULL to let the callback know not to replace old results yet.
The callbacks would need to handle a NULL first.

src/scan.c

@@ -1150,9 +1150,38 @@ static void scan_notify(struct l_genl_msg *msg, void *user_data)
 		break;
 
 	case NL80211_CMD_SCAN_ABORTED:
+	{
+		struct scan_request *sr = l_queue_peek_head(sc->requests);
+
+		if (!sr || !sr->triggered) {
+			sc->state = SCAN_STATE_NOT_RUNNING;
+			break;
+		}
+
+		if (sr->callback) {
+			bool new_owner;
+			struct l_queue *bss_list = l_queue_new();
+
+			new_owner = sr->callback(attr_wiphy, attr_ifindex,
+						bss_list, sr->userdata);
+			if (!new_owner)
+				l_queue_destroy(bss_list, NULL);
+		}
+
+		if (sr->destroy)
+			sr->destroy(sr->userdata);
+
+		scan_request_free(sr);
+		l_queue_pop_head(sc->requests);
+
 		sc->state = SCAN_STATE_NOT_RUNNING;
+
+		if (!start_next_scan_request(sc) && sc->sp.rearm)
+			scan_periodic_rearm(sc);
+
 		break;
 	}
+	}
 }
 
 uint8_t scan_freq_to_channel(uint32_t freq, enum scan_band *out_band)