net/mac80211/iface.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
From: Dhyan K Prajapati <dhyaan19022009@gmail.com>
Monitor mode interfaces don't maintain BSS context. The BSS_CHANGED_TXPOWER notification
indicates transmit power constrains recieved from an associated access point which isn't really
applicable to monitor mode as it does not associate with any BSS
after a commit back in july 2025,("wifi: mac80211: fix WARN_ON for monitor mode
on some devices") monitor interfaces with WANT_MONITOR_VIF began recieving link
change notifications during ieee_add_virtual_monitor(), when ieee_link_use_channel()
assigns a channel context it triggers ieee_recalc_power() which sends BSS_CHANGED_TXPOWER
notifications to driver, driver using legacy bss_info_changed callbeack recieve
link->conf as the bss_conf parameter for monitor mode that points to vif.bss_conf which is not fully initialised
in monitor interfaces, so drivers like iwldvm dereference null and crash
since BSS_CHANGED_TXPOWER notifications are meaningless for monitor mode, we can skip
the notification entirely,monitor mode transmit power remains configurable via
nl80211
Hardware: Dell Latitude E6430
Device: Intel Centrino Advanced-N 6205 [Taylor Peak]
Crash trace:
BUG: kernel NULL pointer dereference at 0000000000000000
RIP: iwlagn_bss_info_changed+0x19d/0x640 [iwldvm]
Call Trace:
drv_link_info_changed+0x2b5/0x2c0
ieee80211_link_info_change_notify+0x13d/0x160
__ieee80211_recalc_txpower+0x44/0xd0
ieee80211_recalc_txpower+0x5c/0x60
ieee80211_assign_link_chanctx+0x182/0x410
ieee80211_link_use_channel+0x413/0x450
ieee80211_add_virtual_monitor+0x17c/0x2b0
Tested-by: Dhyan K Prajapati <dhyan19022009@gmail.com>
Signed-off-by: Dhyan K Prajapati <dhyan19022009@gmail.com>
---
net/mac80211/iface.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 515384ca2..2d5b4cc60 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -76,10 +76,16 @@ bool __ieee80211_recalc_txpower(struct ieee80211_link_data *link)
void ieee80211_recalc_txpower(struct ieee80211_link_data *link,
bool update_bss)
{
+ struct ieee80211_sub_if_data *sdata = link->sdata;
+
if (__ieee80211_recalc_txpower(link) ||
- (update_bss && ieee80211_sdata_running(link->sdata)))
+ (update_bss && ieee80211_sdata_running(link->sdata))) {
+ if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
+ return;
+
ieee80211_link_info_change_notify(link->sdata, link,
BSS_CHANGED_TXPOWER);
+ }
}
static u32 __ieee80211_idle_off(struct ieee80211_local *local)
--
2.43.0On 07/02/2026 06:00, Dhyan K Prajapati wrote:
> From: Dhyan K Prajapati <dhyaan19022009@gmail.com>
>
> Monitor mode interfaces don't maintain BSS context. The BSS_CHANGED_TXPOWER notification
> indicates transmit power constrains recieved from an associated access point which isn't really
> applicable to monitor mode as it does not associate with any BSS
>
> after a commit back in july 2025,("wifi: mac80211: fix WARN_ON for monitor mode
> on some devices") monitor interfaces with WANT_MONITOR_VIF began recieving link
> change notifications during ieee_add_virtual_monitor(), when ieee_link_use_channel()
> assigns a channel context it triggers ieee_recalc_power() which sends BSS_CHANGED_TXPOWER
> notifications to driver, driver using legacy bss_info_changed callbeack recieve
> link->conf as the bss_conf parameter for monitor mode that points to vif.bss_conf which is not fully initialised
> in monitor interfaces, so drivers like iwldvm dereference null and crash
> since BSS_CHANGED_TXPOWER notifications are meaningless for monitor mode, we can skip
> the notification entirely,monitor mode transmit power remains configurable via
You keep sending us microslop AI, so I don't think it is worth reviewing it.
> nl80211
> Hardware: Dell Latitude E6430
> Device: Intel Centrino Advanced-N 6205 [Taylor Peak]
>
> Crash trace:
> BUG: kernel NULL pointer dereference at 0000000000000000
> RIP: iwlagn_bss_info_changed+0x19d/0x640 [iwldvm]
> Call Trace:
> drv_link_info_changed+0x2b5/0x2c0
> ieee80211_link_info_change_notify+0x13d/0x160
> __ieee80211_recalc_txpower+0x44/0xd0
> ieee80211_recalc_txpower+0x5c/0x60
> ieee80211_assign_link_chanctx+0x182/0x410
> ieee80211_link_use_channel+0x413/0x450
> ieee80211_add_virtual_monitor+0x17c/0x2b0
>
> Tested-by: Dhyan K Prajapati <dhyan19022009@gmail.com>
No, wasn't. AI is not testing.
> Signed-off-by: Dhyan K Prajapati <dhyan19022009@gmail.com>
> ---
> net/mac80211/iface.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
Best regards,
Krzysztof
Hi,
On Sat, Feb 07, 2026 at 10:30:35AM +0530, Dhyan K Prajapati wrote:
> From: Dhyan K Prajapati <dhyaan19022009@gmail.com>
>
> Monitor mode interfaces don't maintain BSS context. The BSS_CHANGED_TXPOWER notification
> indicates transmit power constrains recieved from an associated access point which isn't really
> applicable to monitor mode as it does not associate with any BSS
>
> after a commit back in july 2025,("wifi: mac80211: fix WARN_ON for monitor mode
> on some devices") monitor interfaces with WANT_MONITOR_VIF began recieving link
> change notifications during ieee_add_virtual_monitor(), when ieee_link_use_channel()
> assigns a channel context it triggers ieee_recalc_power() which sends BSS_CHANGED_TXPOWER
> notifications to driver, driver using legacy bss_info_changed callbeack recieve
> link->conf as the bss_conf parameter for monitor mode that points to vif.bss_conf which is not fully initialised
> in monitor interfaces, so drivers like iwldvm dereference null and crash
> since BSS_CHANGED_TXPOWER notifications are meaningless for monitor mode, we can skip
> the notification entirely,monitor mode transmit power remains configurable via
> nl80211
You should try and limit the line length of the commit message to
72 lines. Also, there's a few spelling errors - these can be caught
by running checkpatch [1] on your patch before submission (and you
should run this everytime before any patch you submit). Also it
looks like the 'Signed-off-by' tag doesn't match.
> Hardware: Dell Latitude E6430
> Device: Intel Centrino Advanced-N 6205 [Taylor Peak]
>
> Crash trace:
> BUG: kernel NULL pointer dereference at 0000000000000000
> RIP: iwlagn_bss_info_changed+0x19d/0x640 [iwldvm]
> Call Trace:
> drv_link_info_changed+0x2b5/0x2c0
> ieee80211_link_info_change_notify+0x13d/0x160
> __ieee80211_recalc_txpower+0x44/0xd0
> ieee80211_recalc_txpower+0x5c/0x60
> ieee80211_assign_link_chanctx+0x182/0x410
> ieee80211_link_use_channel+0x413/0x450
> ieee80211_add_virtual_monitor+0x17c/0x2b0
>
> Tested-by: Dhyan K Prajapati <dhyan19022009@gmail.com>
> Signed-off-by: Dhyan K Prajapati <dhyan19022009@gmail.com>
If this is indeed a bug (I haven't really reviewed the change in
depth), you should find the commit you are fixing (assuming the
one mentioned above) and format as follows:
Fixes: c57e5b9819df ("wifi: mac80211: fix WARN_ON for monitor mode on some devices")
Then place it above the Tested-by tags and so on [2]. Don't worry
about the length of the fixes tag if the commit message is too long,
just keep it in its entirety. You can add this to your git config to
easily format this line which I stole from Johannes:
[...]
[pretty]
fixes = Fixes: %h (\"%s\")
[alias]
fixes = show -q --format=fixes
[...]
Then just run, for example "git fixes c57e5b9819df" to generate the
correct format for your patch. Additionally you should target the
'wireless' if it's fixing a bug such that it can get into the next
RC. You can do so by prefixing the subject like so:
[PATCH wireless] wifi: mac80211: skip BSS_...
> if (__ieee80211_recalc_txpower(link) ||
> - (update_bss && ieee80211_sdata_running(link->sdata)))
> + (update_bss && ieee80211_sdata_running(link->sdata))) {
> + if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
> + return;
> +
Could you just include that statement inside the original if?
lachlan
[1] https://docs.kernel.org/dev-tools/checkpatch.html
[2] https://www.kernel.org/doc/html/latest/process/submitting-patches.html#using-reported-by-tested-by-reviewed-by-suggested-by-and-fixes
© 2016 - 2026 Red Hat, Inc.