From: Dhyan K Prajapati Monitor mode interfaces don't maintain BSS context. The BSS_CHANGED_TXPOWER notification indicates transmit power constrains recieved from an associated access point which isn't really applicable to monitor mode as it does not associate with any BSS after a commit back in july 2025,("wifi: mac80211: fix WARN_ON for monitor mode on some devices") monitor interfaces with WANT_MONITOR_VIF began recieving link change notifications during ieee_add_virtual_monitor(), when ieee_link_use_channel() assigns a channel context it triggers ieee_recalc_power() which sends BSS_CHANGED_TXPOWER notifications to driver, driver using legacy bss_info_changed callbeack recieve link->conf as the bss_conf parameter for monitor mode that points to vif.bss_conf which is not fully initialised in monitor interfaces, so drivers like iwldvm dereference null and crash since BSS_CHANGED_TXPOWER notifications are meaningless for monitor mode, we can skip the notification entirely,monitor mode transmit power remains configurable via nl80211 Hardware: Dell Latitude E6430 Device: Intel Centrino Advanced-N 6205 [Taylor Peak] Crash trace: BUG: kernel NULL pointer dereference at 0000000000000000 RIP: iwlagn_bss_info_changed+0x19d/0x640 [iwldvm] Call Trace: drv_link_info_changed+0x2b5/0x2c0 ieee80211_link_info_change_notify+0x13d/0x160 __ieee80211_recalc_txpower+0x44/0xd0 ieee80211_recalc_txpower+0x5c/0x60 ieee80211_assign_link_chanctx+0x182/0x410 ieee80211_link_use_channel+0x413/0x450 ieee80211_add_virtual_monitor+0x17c/0x2b0 Tested-by: Dhyan K Prajapati Signed-off-by: Dhyan K Prajapati --- net/mac80211/iface.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 515384ca2..2d5b4cc60 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -76,10 +76,16 @@ bool __ieee80211_recalc_txpower(struct ieee80211_link_data *link) void ieee80211_recalc_txpower(struct ieee80211_link_data *link, bool update_bss) { + struct ieee80211_sub_if_data *sdata = link->sdata; + if (__ieee80211_recalc_txpower(link) || - (update_bss && ieee80211_sdata_running(link->sdata))) + (update_bss && ieee80211_sdata_running(link->sdata))) { + if (sdata->vif.type == NL80211_IFTYPE_MONITOR) + return; + ieee80211_link_info_change_notify(link->sdata, link, BSS_CHANGED_TXPOWER); + } } static u32 __ieee80211_idle_off(struct ieee80211_local *local) -- 2.43.0