Different dhcpv6 behavior between LAN bridge client and wireless AP client

In short, I have a dumb AP that connects to the main router which has both ipv4, ipv6 configured. I have the need for managed ipv6, so DHCPV6 only and no SLACC allowed.

Here's the weird thing, clients connected to said dumb AP with wire can obtain DHCPV6 leases correctly, while wireless clients cannot.

I've been using said dumb AP with odhcpd, dnsmasq, firewall disabled and for about half a year with only ipv4 with no problem, and if I enable SLACC then all devices get their unmanaged routable public ipv6 address with no problem, it's just the DHCPV6 setup that is not working properly.

This is the simplified network graph which contains only what I think is relevant to this problem:

I captured any dhcpv6 relevant packets on interface br-lan while performing the following sequence:

1. Enable WIFI on a wireless client.
2. Wait for about 20s.
3. Enable interface on a wired client.

The wireless client kept asking for an address, but router always replied with NoAddrAvail code. I checked the response and it looks like they are indeed from the main router and not anywhere else.
The wired client however, did Solicit-RA-Request-Reply in a row, and it has it's address.

Am hoping someone with insight could shed some light on the situation? I've done some networking but this really is going against my intuition. Probably it has something to do with wireless AP implementation details, since it's not really bridged with other interfaces the same way?

Ideally, a dumb AP is a transparent bridge. Let's see the configuration of your dumb AP.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

{
        "kernel": "5.15.58",
        "hostname": "Openwrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Redmi AX6",
        "board_name": "redmi,ax6",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "1004",
                "version": "SNAPSHOT",
                "revision": "08.27.2022",
                "target": "ipq807x/generic"
        }
}

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        list dns '192.168.1.2'
        option ipaddr '192.168.1.5'
        option device 'br-lan'
        option gateway '192.168.1.2'
        option delegate '0'

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/c000000.wifi'
        option band '5g'
        option country 'US'
        option channel '36'
        option cell_density '0'
        option mu_beamformer '1'
        option htmode 'HE80'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid '5G'
        option ieee80211k '1'
        option ieee80211v '1'
        option time_advertisement '0'
        option encryption 'psk2'
        option key KEY
        option ieee80211r '1'
        option ft_over_ds '1'
        option ft_psk_generate_local '1'
        option mobility_domain '6e00'
        option network 'lan'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/c000000.wifi+1'
        option band '2g'
        option country 'US'
        option noscan '1'
        option vendor_vht '1'
        option channel '11'
        option cell_density '0'
        option mu_beamformer '0'
        option htmode 'HT20'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid '2.4G'
        option encryption 'psk2'
        option key KEY
        option network 'lan'


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option ednspacket_max '1232'
        option port '53'
        option allservers '1'
        option min_ttl '3600'
        option cachesize '8192'
        option dnsforwardmax '8192'
        option localservice '0'
        option rebind_protection '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'
        option dynamicdhcp '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'


config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option flow_offloading '1'
        option flow_offloading_hw '1'
        option forward 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

Do you need to run snapshot for any specific reason? You might try running the standard release build of 22.03.5.

I'd recommend turning off all of the 'extra' features here -- remove 802.11r, k, and v from your configuration and see if the problem still exists. These standards are not always well implemented on the client side, and sometimes cause strange issues.

I see, will try with removing kvr first