I looked more close at the call trace of the warning and it seems that the problems occur when shutting down the interface: [ T847] Call Trace: [ T847] <TASK> [ T847] ? __warn+0x6a/0xc0 [ T847] ? mt7921_ipv6_addr_change+0x1d0/0x1f0 [mt7921_common] [ T847] ? report_bug+0x142/0x180 [ T847] ? handle_bug+0x3a/0x70 [ T847] ? exc_invalid_op+0x17/0x70 [ T847] ? asm_exc_invalid_op+0x1a/0x20 [ T847] ? mt7921_ipv6_addr_change+0x1d0/0x1f0 [mt7921_common] [ T847] ? srso_alias_return_thunk+0x5/0xfbef5 [ T847] ? __ipv6_ifa_notify+0x16f/0x4d0 [ T847] ? ieee80211_ifa6_changed+0x5e/0x70 [mac80211] [ T847] ? atomic_notifier_call_chain+0x51/0x80 [ T847] ? addrconf_ifdown.isra.0+0x43f/0x810 [ T847] ? srso_alias_return_thunk+0x5/0xfbef5 [ T847] ? addrconf_notify+0x15d/0x760 [ T847] ? __timer_delete_sync+0x70/0xd0 [ T847] ? raw_notifier_call_chain+0x43/0x60 [ T847] ? dev_close_many+0xea/0x160 [ T847] ? dev_close+0x65/0x80 [ T847] ? cfg80211_shutdown_all_interfaces+0x48/0xe0 [cfg80211] [ T847] ? cfg80211_rfkill_set_block+0x25/0x40 [cfg80211] [ T847] ? rfkill_set_block+0x8f/0x160 [rfkill] [ T847] ? rfkill_fop_write+0x14e/0x1e0 [rfkill] [ T847] ? vfs_write+0xf3/0x420 [ T847] ? srso_alias_return_thunk+0x5/0xfbef5 [ T847] ? ksys_write+0xae/0xe0 [ T847] ? do_syscall_64+0x5f/0x170 [ T847] ? entry_SYSCALL_64_after_hwframe+0x55/0x5d [ T847] </TASK> [ T847] ---[ end trace 0000000000000000 ]--- I think there's a race happening on shutdown between ipv6_addr_change (which uses mvif->phy) and ieee80211_do_stop (which zeros the private data including mvif->phy). Bert Karwatzki
