diff --git a/package/kernel/mac80211/patches/build/993-do-not-use-rate-mask-for-scanning.patch b/package/kernel/mac80211/patches/build/993-do-not-use-rate-mask-for-scanning.patch
new file mode 100644
index 000000000..3f9aeca8a
--- /dev/null
+++ b/package/kernel/mac80211/patches/build/993-do-not-use-rate-mask-for-scanning.patch
@@ -0,0 +1,101 @@
+Reported-by: syzbot+fdc5123366fb9c3fdc6d@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d
+Co-developed-by: Dmitry Antipov <dmantipov@yandex.ru>
+Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
+Tested-by: Dmitry Antipov <dmantipov@yandex.ru>
+Link: https://msgid.link/20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2d417200ecea5c@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/net/mac80211.h |  3 +++
+ net/mac80211/rate.c    |  6 +++++-
+ net/mac80211/scan.c    |  1 +
+ net/mac80211/tx.c      | 13 +++++++++----
+ 4 files changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/include/net/mac80211.h b/include/net/mac80211.h
+index 7c707358d15c8..a39bd4169f292 100644
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -936,6 +936,8 @@ enum mac80211_tx_info_flags {
+  *	of their QoS TID or other priority field values.
+  * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally
+  *	for sequence number assignment
++ * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted
++ *	due to scanning, not in normal operation on the interface.
+  * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this
+  *	frame should be transmitted on the specific link. This really is
+  *	only relevant for frames that do not have data present, and is
+@@ -956,6 +958,7 @@ enum mac80211_tx_control_flags {
+ 	IEEE80211_TX_CTRL_NO_SEQNO		= BIT(7),
+ 	IEEE80211_TX_CTRL_DONT_REORDER		= BIT(8),
+ 	IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX	= BIT(9),
++	IEEE80211_TX_CTRL_SCAN_TX		= BIT(10),
+ 	IEEE80211_TX_CTRL_MLO_LINK		= 0xf0000000,
+ };
+ 
+diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
+index 9d33fd2377c88..a2bc9c5d92b8b 100644
+--- a/net/mac80211/rate.c
++++ b/net/mac80211/rate.c
+@@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
+ 	struct ieee80211_sub_if_data *sdata;
+ 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ 	struct ieee80211_supported_band *sband;
++	u32 mask = ~0;
+ 
+ 	rate_control_fill_sta_table(sta, info, dest, max_rates);
+ 
+@@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
+ 	if (ieee80211_is_tx_data(skb))
+ 		rate_control_apply_mask(sdata, sta, sband, dest, max_rates);
+ 
++	if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX))
++		mask = sdata->rc_rateidx_mask[info->band];
++
+ 	if (dest[0].idx < 0)
+ 		__rate_control_send_low(&sdata->local->hw, sband, sta, info,
+-					sdata->rc_rateidx_mask[info->band]);
++					mask);
+ 
+ 	if (sta)
+ 		rate_fixup_ratelist(vif, sband, info, dest, max_rates);
+diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
+index a52813f2b08cb..b68214f159838 100644
+--- a/net/mac80211/scan.c
++++ b/net/mac80211/scan.c
+@@ -636,6 +636,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata,
+ 				cpu_to_le16(IEEE80211_SN_TO_SEQ(sn));
+ 		}
+ 		IEEE80211_SKB_CB(skb)->flags |= tx_flags;
++		IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX;
+ 		ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band);
+ 	}
+ }
+diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
+index 5c6c5254d987f..46b02a6ae0a36 100644
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -705,11 +705,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
+ 	txrc.bss_conf = &tx->sdata->vif.bss_conf;
+ 	txrc.skb = tx->skb;
+ 	txrc.reported_rate.idx = -1;
+-	txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
+ 
+-	if (tx->sdata->rc_has_mcs_mask[info->band])
+-		txrc.rate_idx_mcs_mask =
+-			tx->sdata->rc_rateidx_mcs_mask[info->band];
++	if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) {
++		txrc.rate_idx_mask = ~0;
++	} else {
++		txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
++
++		if (tx->sdata->rc_has_mcs_mask[info->band])
++			txrc.rate_idx_mcs_mask =
++				tx->sdata->rc_rateidx_mcs_mask[info->band];
++	}
+ 
+ 	txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
+ 		    tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
+-- 
+2.43.0
diff --git a/package/kernel/mt76/Makefile b/package/kernel/mt76/Makefile
index f19fcbf76..c40e9c10c 100644
--- a/package/kernel/mt76/Makefile
+++ b/package/kernel/mt76/Makefile
@@ -15,19 +15,19 @@ PKG_SOURCE_VERSION:=5b509e80384ab019ac11aa90c81ec0dbb5b0d7f2
 PKG_MIRROR_HASH:=6fc25df4d28becd010ff4971b23731c08b53e69381a9e4c868091899712f78a9
 PATCH_DIR:=./patches-5.4
 else ifdef CONFIG_LINUX_6_1
-PKG_SOURCE_DATE:=2024-05-17
-PKG_SOURCE_VERSION:=513c131c6309712a51502870b041f45b4bd6a6d4
-PKG_MIRROR_HASH:=9f5d7a846912e7deafa216c2aabb038ec58666ecbf8a394e947b144001994d78
+PKG_SOURCE_DATE:=2024-09-29
+PKG_SOURCE_VERSION:=ee693260c52191c9c4764915178ce3586e926428
+PKG_MIRROR_HASH:=213ca47f3e7ec8a8c6b4ade2e301f62fcc69793ed06d43eb730fc9a500fd5595
 PATCH_DIR:=./patches-6.x
 else ifdef CONFIG_LINUX_6_6
-PKG_SOURCE_DATE:=2024-05-17
-PKG_SOURCE_VERSION:=513c131c6309712a51502870b041f45b4bd6a6d4
-PKG_MIRROR_HASH:=9f5d7a846912e7deafa216c2aabb038ec58666ecbf8a394e947b144001994d78
+PKG_SOURCE_DATE:=2024-09-29
+PKG_SOURCE_VERSION:=ee693260c52191c9c4764915178ce3586e926428
+PKG_MIRROR_HASH:=213ca47f3e7ec8a8c6b4ade2e301f62fcc69793ed06d43eb730fc9a500fd5595
 PATCH_DIR:=./patches-6.x
 else ifdef CONFIG_LINUX_6_12
-PKG_SOURCE_DATE:=2024-05-17
-PKG_SOURCE_VERSION:=513c131c6309712a51502870b041f45b4bd6a6d4
-PKG_MIRROR_HASH:=9f5d7a846912e7deafa216c2aabb038ec58666ecbf8a394e947b144001994d78
+PKG_SOURCE_DATE:=2024-09-29
+PKG_SOURCE_VERSION:=ee693260c52191c9c4764915178ce3586e926428
+PKG_MIRROR_HASH:=213ca47f3e7ec8a8c6b4ade2e301f62fcc69793ed06d43eb730fc9a500fd5595
 PATCH_DIR:=./patches-6.x
 else
 PKG_SOURCE_DATE:=2023-09-18
@@ -346,10 +346,34 @@ define KernelPackage/mt7996e
   AUTOLOAD:=$(call AutoProbe,mt7996e)
 endef
 
+define KernelPackage/mt7992-firmware
+  $(KernelPackage/mt76-default)
+  TITLE:=MediaTek MT7992 firmware
+  DEPENDS+=+kmod-mt7996e
+endef
+
+define KernelPackage/mt7992-23-firmware
+  $(KernelPackage/mt76-default)
+  TITLE:=MediaTek MT7996 firmware (2+3 antenna variant)
+  DEPENDS+=+kmod-mt7996e
+endef
+
+define KernelPackage/mt7996-firmware-common
+  $(KernelPackage/mt76-default)
+  TITLE:=MediaTek MT7996 firmware (common files)
+  HIDDEN:=1
+endef
+
 define KernelPackage/mt7996-firmware
   $(KernelPackage/mt76-default)
   TITLE:=MediaTek MT7996 firmware
-  DEPENDS+=+kmod-mt7996e
+  DEPENDS+=+kmod-mt7996e +kmod-mt7996-firmware-common
+endef
+
+define KernelPackage/mt7996-233-firmware
+  $(KernelPackage/mt76-default)
+  TITLE:=MediaTek MT7996 firmware (2+3+3 antenna variant)
+  DEPENDS+=+kmod-mt7996e +kmod-mt7996-firmware-common
 endef
 
 define KernelPackage/mt7925-firmware
@@ -653,17 +677,60 @@ define KernelPackage/mt7925-firmware/install
 		$(1)/lib/firmware/mediatek/mt7925
 endef
 
-define KernelPackage/mt7996-firmware/install
+define KernelPackage/mt7992-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/mediatek/mt7996
+	cp \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_dsp.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_eeprom.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_eeprom_2i5i.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_eeprom_2i5e.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_rom_patch.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_wa.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_wm.bin \
+		$(1)/lib/firmware/mediatek/mt7996
+endef
+
+define KernelPackage/mt7992-23-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/mediatek/mt7996
+	cp \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_dsp_23.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_eeprom_23.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_eeprom_23_2i5i.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_rom_patch_23.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_wa_23.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7992_wm_23.bin \
+		$(1)/lib/firmware/mediatek/mt7996
+endef
+
+define KernelPackage/mt7996-firmware-common/install
 	$(INSTALL_DIR) $(1)/lib/firmware/mediatek/mt7996
 	cp \
 		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_dsp.bin \
+		$(1)/lib/firmware/mediatek/mt7996
+endef
+
+define KernelPackage/mt7996-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/mediatek/mt7996
+	cp \
 		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_eeprom.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_eeprom_2i5i6i.bin \
 		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_rom_patch.bin \
 		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_wa.bin \
 		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_wm.bin \
 		$(1)/lib/firmware/mediatek/mt7996
 endef
 
+define KernelPackage/mt7996-233-firmware/install
+	$(INSTALL_DIR) $(1)/lib/firmware/mediatek/mt7996
+	cp \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_eeprom_233.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_eeprom_233_2i5i6i.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_rom_patch_233.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_wa_233.bin \
+		$(PKG_BUILD_DIR)/firmware/mt7996/mt7996_wm_233.bin \
+		$(1)/lib/firmware/mediatek/mt7996
+endef
+
 define Package/mt76-test/install
 	mkdir -p $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/mt76-test $(1)/usr/sbin
@@ -709,6 +776,9 @@ $(eval $(call KernelPackage,mt7921e))
 $(eval $(call KernelPackage,mt7925u))
 $(eval $(call KernelPackage,mt7925e))
 $(eval $(call KernelPackage,mt7996e))
+$(eval $(call KernelPackage,mt7992-firmware))
+$(eval $(call KernelPackage,mt7992-23-firmware))
+$(eval $(call KernelPackage,mt7996-firmware-common))
 $(eval $(call KernelPackage,mt7996-firmware))
 $(eval $(call KernelPackage,mt76))
 $(eval $(call BuildPackage,mt76-test))
diff --git a/package/kernel/mt76/patches-6.x/002-mt76-mt7915-fix-oops.patch b/package/kernel/mt76/patches-6.x/002-mt76-mt7915-fix-oops.patch
deleted file mode 100644
index d472dac92..000000000
--- a/package/kernel/mt76/patches-6.x/002-mt76-mt7915-fix-oops.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 3b47d9df427c4833605a172f2a8f0e0012b04c80 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= <bjorn@mork.no>
-Date: Sat, 13 Jul 2024 15:00:10 +0200
-Subject: [PATCH] wifi: mt76: mt7915: fix oops on non-dbdc mt7986
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-mt7915_band_config() sets band_idx = 1 on the main phy for mt7986
-with MT7975_ONE_ADIE or MT7976_ONE_ADIE.
-
-Commit 0335c034e726 ("wifi: mt76: fix race condition related to
-checking tx queue fill status") introduced a dereference of the
-phys array indirectly indexed by band_idx via wcid->phy_idx in
-mt76_wcid_cleanup(). This caused the following Oops on affected
-mt7986 devices:
-
- Unable to handle kernel read from unreadable memory at virtual address 0000000000000024
- Mem abort info:
-   ESR = 0x0000000096000005
-   EC = 0x25: DABT (current EL), IL = 32 bits
-   SET = 0, FnV = 0
-   EA = 0, S1PTW = 0
-   FSC = 0x05: level 1 translation fault
- Data abort info:
-   ISV = 0, ISS = 0x00000005
-   CM = 0, WnR = 0
- user pgtable: 4k pages, 39-bit VAs, pgdp=0000000042545000
- [0000000000000024] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
- Internal error: Oops: 0000000096000005 [#1] SMP
- Modules linked in: ... mt7915e mt76_connac_lib mt76 mac80211 cfg80211 ...
- CPU: 2 PID: 1631 Comm: hostapd Not tainted 5.15.150 #0
- Hardware name: ZyXEL EX5700 (Telenor) (DT)
- pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
- pc : mt76_wcid_cleanup+0x84/0x22c [mt76]
- lr : mt76_wcid_cleanup+0x64/0x22c [mt76]
- sp : ffffffc00a803700
- x29: ffffffc00a803700 x28: ffffff80008f7300 x27: ffffff80003f3c00
- x26: ffffff80000a7880 x25: ffffffc008c26e00 x24: 0000000000000001
- x23: ffffffc000a68114 x22: 0000000000000000 x21: ffffff8004172cc8
- x20: ffffffc00a803748 x19: ffffff8004152020 x18: 0000000000000000
- x17: 00000000000017c0 x16: ffffffc008ef5000 x15: 0000000000000be0
- x14: ffffff8004172e28 x13: ffffff8004172e28 x12: 0000000000000000
- x11: 0000000000000000 x10: ffffff8004172e30 x9 : ffffff8004172e28
- x8 : 0000000000000000 x7 : ffffff8004156020 x6 : 0000000000000000
- x5 : 0000000000000031 x4 : 0000000000000000 x3 : 0000000000000001
- x2 : 0000000000000000 x1 : ffffff80008f7300 x0 : 0000000000000024
- Call trace:
-  mt76_wcid_cleanup+0x84/0x22c [mt76]
-  __mt76_sta_remove+0x70/0xbc [mt76]
-  mt76_sta_state+0x8c/0x1a4 [mt76]
-  mt7915_eeprom_get_power_delta+0x11e4/0x23a0 [mt7915e]
-  drv_sta_state+0x144/0x274 [mac80211]
-  sta_info_move_state+0x1cc/0x2a4 [mac80211]
-  sta_set_sinfo+0xaf8/0xc24 [mac80211]
-  sta_info_destroy_addr_bss+0x4c/0x6c [mac80211]
-
-  ieee80211_color_change_finish+0x1c08/0x1e70 [mac80211]
-  cfg80211_check_station_change+0x1360/0x4710 [cfg80211]
-  genl_family_rcv_msg_doit+0xb4/0x110
-  genl_rcv_msg+0xd0/0x1bc
-  netlink_rcv_skb+0x58/0x120
-  genl_rcv+0x34/0x50
-  netlink_unicast+0x1f0/0x2ec
-  netlink_sendmsg+0x198/0x3d0
-  ____sys_sendmsg+0x1b0/0x210
-  ___sys_sendmsg+0x80/0xf0
-  __sys_sendmsg+0x44/0xa0
-  __arm64_sys_sendmsg+0x20/0x30
-  invoke_syscall.constprop.0+0x4c/0xe0
-  do_el0_svc+0x40/0xd0
-  el0_svc+0x14/0x4c
-  el0t_64_sync_handler+0x100/0x110
-  el0t_64_sync+0x15c/0x160
- Code: d2800002 910092c0 52800023 f9800011 (885f7c01)
- ---[ end trace 7e42dd9a39ed2281 ]---
-
-Fix by using mt76_dev_phy() which will map band_idx to the correct phy
-for all hardware combinations.
-
-Fixes: 0335c034e726 ("wifi: mt76: fix race condition related to checking tx queue fill status")
-Link: https://github.com/openwrt/openwrt/issues/14548
-Signed-off-by: Bjørn Mork <bjorn@mork.no>
-Link: https://patch.msgid.link/20240713130010.516037-1-bjorn@mork.no
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
- mac80211.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/mac80211.c
-+++ b/mac80211.c
-@@ -1515,7 +1515,7 @@ EXPORT_SYMBOL_GPL(mt76_wcid_init);
- 
- void mt76_wcid_cleanup(struct mt76_dev *dev, struct mt76_wcid *wcid)
- {
--	struct mt76_phy *phy = dev->phys[wcid->phy_idx];
-+	struct mt76_phy *phy = mt76_dev_phy(dev, wcid->phy_idx);
- 	struct ieee80211_hw *hw;
- 	struct sk_buff_head list;
- 	struct sk_buff *skb;
diff --git a/package/kernel/mt76/patches-6.x/100-api_update.patch b/package/kernel/mt76/patches-6.x/100-api_update.patch
new file mode 100644
index 000000000..b3e0a0e87
--- /dev/null
+++ b/package/kernel/mt76/patches-6.x/100-api_update.patch
@@ -0,0 +1,97 @@
+--- a/Makefile
++++ b/Makefile
+@@ -1,5 +1,5 @@
+ # SPDX-License-Identifier: GPL-2.0-only
+-EXTRA_CFLAGS += -Werror -DCONFIG_MT76_LEDS
++EXTRA_CFLAGS += -Werror -Wno-unused-variable -DCONFIG_MT76_LEDS
+ obj-m := mt76.o
+ obj-$(CONFIG_MT76_USB) += mt76-usb.o
+ obj-$(CONFIG_MT76_SDIO) += mt76-sdio.o
+--- a/mac80211.c
++++ b/mac80211.c
+@@ -1660,8 +1660,8 @@
+ static void
+ __mt76_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
+ {
+-	if (vif->bss_conf.csa_active && ieee80211_beacon_cntdwn_is_complete(vif, 0))
+-		ieee80211_csa_finish(vif, 0);
++	if (vif->bss_conf.csa_active && ieee80211_beacon_cntdwn_is_complete(vif))
++		ieee80211_csa_finish(vif);
+ }
+ 
+ void mt76_csa_finish(struct mt76_dev *dev)
+@@ -1685,7 +1685,7 @@
+ 	if (!vif->bss_conf.csa_active)
+ 		return;
+ 
+-	dev->csa_complete |= ieee80211_beacon_cntdwn_is_complete(vif, 0);
++	dev->csa_complete |= ieee80211_beacon_cntdwn_is_complete(vif);
+ }
+ 
+ void mt76_csa_check(struct mt76_dev *dev)
+--- a/mt792x_core.c
++++ b/mt792x_core.c
+@@ -733,10 +733,6 @@
+ 	if (!(*fw_features & MT792x_FW_CAP_CNM)) {
+ 		ops->remain_on_channel = NULL;
+ 		ops->cancel_remain_on_channel = NULL;
+-		ops->add_chanctx = ieee80211_emulate_add_chanctx;
+-		ops->remove_chanctx = ieee80211_emulate_remove_chanctx;
+-		ops->change_chanctx = ieee80211_emulate_change_chanctx;
+-		ops->switch_vif_chanctx = ieee80211_emulate_switch_vif_chanctx;
+ 		ops->assign_vif_chanctx = NULL;
+ 		ops->unassign_vif_chanctx = NULL;
+ 		ops->mgd_prepare_tx = NULL;
+--- a/mt7921/main.c
++++ b/mt7921/main.c
+@@ -268,7 +268,7 @@
+ 	return err;
+ }
+ 
+-static void mt7921_stop(struct ieee80211_hw *hw, bool suspend)
++static void mt7921_stop(struct ieee80211_hw *hw)
+ {
+ 	struct mt792x_dev *dev = mt792x_hw_dev(hw);
+ 	int err = 0;
+--- a/mt7996/main.c
++++ b/mt7996/main.c
+@@ -93,7 +93,7 @@
+ 	return ret;
+ }
+ 
+-static void mt7996_stop(struct ieee80211_hw *hw, bool suspend)
++static void mt7996_stop(struct ieee80211_hw *hw)
+ {
+ 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
+ 	struct mt7996_phy *phy = mt7996_hw_phy(hw);
+@@ -1448,10 +1448,6 @@
+ #endif
+ 
+ const struct ieee80211_ops mt7996_ops = {
+-	.add_chanctx = ieee80211_emulate_add_chanctx,
+-	.remove_chanctx = ieee80211_emulate_remove_chanctx,
+-	.change_chanctx = ieee80211_emulate_change_chanctx,
+-	.switch_vif_chanctx = ieee80211_emulate_switch_vif_chanctx,
+ 	.tx = mt7996_tx,
+ 	.start = mt7996_start,
+ 	.stop = mt7996_stop,
+--- a/mt7996/mcu.c
++++ b/mt7996/mcu.c
+@@ -353,7 +353,7 @@
+ 	if (!vif->bss_conf.csa_active || vif->type == NL80211_IFTYPE_STATION)
+ 		return;
+ 
+-	ieee80211_csa_finish(vif, 0);
++	ieee80211_csa_finish(vif);
+ }
+ 
+ static void
+@@ -433,7 +433,7 @@
+ 	if (!vif->bss_conf.color_change_active || vif->type == NL80211_IFTYPE_STATION)
+ 		return;
+ 
+-	ieee80211_color_change_finish(vif, 0);
++	ieee80211_color_change_finish(vif);
+ }
+ 
+ static void