Experiments with a Netgear WAC510 Access Point

7604timo · February 1, 2018, 3:11pm

Dear All,

I'd like to add my Netgear WAC510 to my fleet of OpenWrt/LEDE devices, but I'm struggling to understand which uboot addresses to flash kernel's and firmware to. I've had a guess already and bricked a device, so if anyone can tell me where to start I'd be most grateful before I get blacklisted by Netgear's returns department..

My aim is to use tftpboot to upload a modified version of Netgear's SquashFS file that lets me gain root access to the device. Last time I tried loading that file into 0x3800000 and that killed it.

I'm assuming (based on the kernel bootlog) that Netgear have a 'primary' and a 'secondary' space for rootfs's, and I thought 0x3800000 would be a good guess

Is gaining root access to the device the first thing to do to glean more information for an LEDE/OpenWrt build, or is passing 'init=/bin/sh' to the kernel via uboot to gain a shell good enough?

Many thanks,

Tim

Here's uboot's 'printenv' output:

(IPQ40xx) # printenv
baudrate=115200
boot_cnt=0
bootcmd=bootipq
bootdelay=2
delenv=sf probe && sf erase 0x000e0000 +0x10000
ethact=eth0
fdt_high=0x87000000
flash_type=0
fw_upgrade=0
install_cal_to_end_of_nor=sf probe && sf read 0x84000000 0x170000 0x10000 && sf erase 0x1f0000 +0x10000 && sf write 0x84000000 0x1f0000 0x10000
ipaddr=192.168.1.11
machid=8010100
primary=0
proceed_upgrade=0
product_id=WAC510
secondary=3800000
show_cal_at_end_of_nor=sf probe && sf read 0x84000000 0x1f0000 0x10000 && md.b 0x84001000 0x40
stderr=serial
stdin=serial
stdout=serial

Environment size: 581/65532 bytes

Here's a uboot bootlog:

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00096
S - IMAGE_VARIANT_STRING=DAABANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x00000021
S - Core 0 Frequency, 0 MHz
B -       261 - PBL, Start
B -      1339 - bootable_media_detect_entry, Start
B -      1679 - bootable_media_detect_success, Start
B -      1693 - elf_loader_entry, Start
B -      5076 - auth_hash_seg_entry, Start
B -      7223 - auth_hash_seg_exit, Start
B -    573341 - elf_segs_hash_verify_entry, Start
B -    689005 - PBL, End
B -    689030 - SBL1, Start
B -    777408 - pm_device_init, Start
D -         6 - pm_device_init, Delta
B -    778922 - boot_flash_init, Start
D -     62980 - boot_flash_init, Delta
B -    846090 - boot_config_data_table_init, Start
D -      3845 - boot_config_data_table_init, Delta - (419 Bytes)
B -    853317 - clock_init, Start
D -      7556 - clock_init, Delta
B -    865395 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:1,Subtype:0
B -    868883 - sbl1_ddr_set_params, Start
B -    873869 - cpr_init, Start
D -         2 - cpr_init, Delta
B -    878361 - Pre_DDR_clock_init, Start
D -         4 - Pre_DDR_clock_init, Delta
D -     13147 - sbl1_ddr_set_params, Delta
B -    892062 - pm_driver_init, Start
D -         2 - pm_driver_init, Delta
B -    962333 - sbl1_wait_for_ddr_training, Start
D -        30 - sbl1_wait_for_ddr_training, Delta
B -    977940 - Image Load, Start
D -    134834 - QSEE Image Loaded, Delta - (262104 Bytes)
B -   1113269 - Image Load, Start
D -      1445 - SEC Image Loaded, Delta - (2048 Bytes)
B -   1123633 - Image Load, Start
D -    213443 - APPSBL Image Loaded, Delta - (436880 Bytes)
B -   1337498 - QSEE Execution, Start
D -        59 - QSEE Execution, Delta
B -   1343693 - SBL1, End
D -    656773 - SBL1, Delta
S - Flash Throughput, 2006 KB/s  (701451 Bytes,  349592 us)
S - DDR Frequency, 537 MHz
U-Boot 2012.07-V1.2.0.0 [local,local] (Oct 26 2016 - 02:39:01)
smem ram ptable found: ver: 1 len: 3
DRAM:  256 MiB
machid : 0x8010100
NAND:  spi_nand: spi_nand_flash_probe SF NAND ID 0:ef:aa:21
SF: Detected W25N01GV with page size 2 KiB, total 128 MiB
SF: Detected W25Q16 with page size 4 KiB, total 2 MiB
ipq_spi: page_size: 0x100, sector_size: 0x1000, size: 0x200000
130 MiB
MMC:   
In:    serial
Out:   serial
Err:   serial
Product ID: WAC510
machid: 8010100
flash_type: 0
Net:   MAC0 addr:a0:40:a0:7b:b7:6f
PHY ID1: 0x4d
PHY ID2: 0xd0b2
ipq40xx_ess_sw_init done
eth0
Hit any key to stop autoboot:  0 
(IPQ40xx) # bootipq
Saving Environment to NAND...
Erasing Nand...
Erasing at 0xef000 -- 100% complete.
Writing to Nand... done
Boot count=1
Creating 1 MTD partitions on "nand1":
0x000000000000-0x000003800000 : "mtd=0"
UBI: attaching mtd2 to ubi0
UBI: physical eraseblock size:   131072 bytes (128 KiB)
UBI: logical eraseblock size:    126976 bytes
UBI: smallest flash I/O unit:    2048
UBI: VID header offset:          2048 (aligned 2048)
UBI: data offset:                4096
UBI: attached mtd2 to ubi0
UBI: MTD device name:            "mtd=0"
UBI: MTD device size:            56 MiB
UBI: number of good PEBs:        448
UBI: number of bad PEBs:         0
UBI: max. allowed volumes:       128
UBI: wear-leveling threshold:    4096
UBI: number of internal volumes: 1
UBI: number of user volumes:     2
UBI: available PEBs:             210
UBI: total number of reserved PEBs: 238
UBI: number of PEBs reserved for bad PEB handling: 4
UBI: max/mean erase counter: 1/0
Read 0 bytes from volume kernel to 84000000
No size specified -> Using max size (3682304)
Booting kernel from FIT Image at 84000000 ...
   Using 'config@5' configuration
   Trying 'kernel@1' kernel subimage
     Description:  ARM OpenWrt Linux-3.14.43
     Type:         Kernel Image
     Compression:  gzip compressed
     Data Start:   0x840000e4
     Data Size:    3280614 Bytes = 3.1 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x80208000
     Entry Point:  0x80208000
     Hash algo:    crc32
     Hash value:   d45cb75b
     Hash algo:    sha1
     Hash value:   7d0f77af6009e920da10a169d0ed1b62793326d2
   Verifying Hash Integrity ... crc32+ sha1+ OK
Flattened Device Tree from FIT Image at 84000000
   Using 'config@5' configuration
   Trying 'fdt@5' FDT blob subimage
     Description:  ARM OpenWrt qcom-ipq40xx-ap.dkxx device tree blob
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0x84345b90
     Data Size:    32664 Bytes = 31.9 KiB
     Architecture: ARM
     Hash algo:    crc32
     Hash value:   12ad0337
     Hash algo:    sha1
     Hash value:   a0f533bcbdc5eea1bfd8afe488d5c6e33617d5be
   Verifying Hash Integrity ... crc32+ sha1+ OK
   Booting using the fdt blob at 0x84345b90
   Uncompressing Kernel Image ... OK
   Loading Device Tree to 86ff5000, end 86ffff97 ... OK
Using machid 0x8010100 from environment
Starting kernel ...
[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 3.14.43-V1.2.5.11 (root@cbuap-build2.netgear.com) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.01 r43761) ) #1 SMP PREEMPT Thu Apr 13 03:20:27 PDT 2017
[    0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] Machine model: Qualcomm Technologies, Inc. IPQ40xx/AP-DK01.1-C2
[    0.000000] Memory policy: Data cache writealloc
[    0.000000] PERCPU: Embedded 7 pages/cpu @cfdcb000 s8000 r8192 d12480 u32768
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 63744
[    0.000000] Kernel command line: WAC510 ubi.mtd=rootfs root=mtd:ubi_rootfs rootfstype=squashfs mtdparts=spi0.1:56m(rootfs),56m(rootfs_1),15m(var_config),768k(Oops_log) rootwait clk_ignore_unused
[    0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes)
[    0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[    0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Memory: 247364K/257024K available (4519K kernel code, 332K rwdata, 1512K rodata, 183K init, 604K bss, 9660K reserved, 0K highmem)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xfff00000 - 0xfffe0000   ( 896 kB)
[    0.000000]     vmalloc : 0xd0800000 - 0xff000000   ( 744 MB)
[    0.000000]     lowmem  : 0xc0000000 - 0xd0000000   ( 256 MB)
[    0.000000]     pkmap   : 0xbfe00000 - 0xc0000000   (   2 MB)
[    0.000000]     modules : 0xbf000000 - 0xbfe00000   (  14 MB)
[    0.000000]       .text : 0xc0208000 - 0xc07ec00c   (6033 kB)
[    0.000000]       .init : 0xc07ed000 - 0xc081af40   ( 184 kB)
[    0.000000]       .data : 0xc081c000 - 0xc086f3fc   ( 333 kB)
[    0.000000]        .bss : 0xc086f3fc - 0xc0906720   ( 605 kB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] Preemptible hierarchical RCU implementation.
[    0.000000] NR_IRQS:16 nr_irqs:16 16
[    0.000000] Architected cp15 timer(s) running at 48.00MHz (virt).
[    0.000008] sched_clock: 56 bits at 48MHz, resolution 20ns, wraps every 2863311552512ns
[    0.000017] Switching to timer-based delay loop
[    0.000203] Calibrating delay loop (skipped), value calculated using timer frequency.. 96.00 BogoMIPS (lpj=480000)
[    0.000221] pid_max: default: 32768 minimum: 301
[    0.000484] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.000498] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.010721] CPU: Testing write buffer coherency: ok
[    0.011083] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000
[    0.011158] Setting up static identity map for 0x80213060 - 0x802130b8
[    0.090589] CPU1: Booted secondary processor
[    0.090635] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001
[    0.110567] CPU2: Booted secondary processor
[    0.110601] CPU2: thread -1, cpu 2, socket 0, mpidr 80000002
[    0.130599] CPU3: Booted secondary processor
[    0.130632] CPU3: thread -1, cpu 3, socket 0, mpidr 80000003
[    0.130766] Brought up 4 CPUs
[    0.130807] SMP: Total of 4 processors activated (384.00 BogoMIPS).
[    0.130815] CPU: All CPU(s) started in SVC mode.
[    0.141278] VFP support v0.3: implementor 41 architecture 2 part 30 variant 7 rev 5
[    0.141648] pinctrl core: initialized pinctrl subsystem
[    0.142099] regulator-dummy: no parameters
[    0.142775] NET: Registered protocol family 16
[    0.144351] DMA: preallocated 2048 KiB pool for atomic coherent allocations
[    0.144910] cpuidle: using governor ladder
[    0.144922] cpuidle: using governor menu
[    0.152881] 
[    0.152881] Version Rollback Feature Disabled
[    0.156316] sps:sps is ready.
[    0.161645] bio: create slab <bio-0> at 0
[    0.164073] SCSI subsystem initialized
[    0.164816] msm_bus_fabric_init_driver
[    0.164980] msm_bus_device 580000.ad-hoc-bus: Dev 4096
[    0.165006] msm_bus_device 580000.ad-hoc-bus: Util-fact is missing, default to 100
[    0.165021] msm_bus_device 580000.ad-hoc-bus: Vrail-comp is missing, default to 100
[    0.165039] msm_bus_device 580000.ad-hoc-bus: get_bus_node_device_data:Failed to get bus clk for bus4096 ctx0
[    0.165055] msm_bus_device 580000.ad-hoc-bus: Failed to get bus clk for bus4096 ctx1
[    0.165090] msm_bus_device 580000.ad-hoc-bus: Dev 1024
[    0.165111] msm_bus_device 580000.ad-hoc-bus: Util-fact is missing, default to 100
[    0.165125] msm_bus_device 580000.ad-hoc-bus: Vrail-comp is missing, default to 100
[    0.165141] msm_bus_device 580000.ad-hoc-bus: get_bus_node_device_data:Failed to get bus clk for bus1024 ctx0
[    0.165157] msm_bus_device 580000.ad-hoc-bus: Failed to get bus clk for bus1024 ctx1
[    0.190590] Advanced Linux Sound Architecture Driver Initialized.
[    0.191299] pcie_init: pcie_init: unable to create IPC log context for pcie0-short
[    0.191313] pcie_init: pcie_init: unable to create IPC log context for pcie0-long
[    0.191640] Switched to clocksource arch_sys_counter
[    0.193367] NET: Registered protocol family 2
[    0.194687] TCP established hash table entries: 2048 (order: 1, 8192 bytes)
[    0.194735] TCP bind hash table entries: 2048 (order: 2, 16384 bytes)
[    0.194783] TCP: Hash tables configured (established 2048 bind 2048)
[    0.194841] TCP: reno registered
[    0.194857] UDP hash table entries: 256 (order: 1, 8192 bytes)
[    0.194891] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
[    0.195237] NET: Registered protocol family 1
[    0.196953] futex hash table entries: 1024 (order: 4, 65536 bytes)
[    0.206182] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.206198] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.207129] msgmni has been set to 483
[    0.208486] Key type asymmetric registered
[    0.208502] Asymmetric key parser 'x509' registered
[    0.208541] io scheduler noop registered
[    0.208551] io scheduler deadline registered (default)
[    0.209741] tcsr 194b000.tcsr: setting usb hs phy mode select = e700e7
[    0.209807] tcsr 1953000.ess_tcsr: setting ess interface select = 0
[    0.209879] tcsr 1949000.tcsr: setting wifi_glb_cfg = 41000000
[    0.209936] tcsr 1957000.tcsr: setting wifi_noc_memtype_m0_m2 = 2222222
[    0.210620] Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
[    0.211787] msm_serial_hsl_probe: detected port #0 (ttyMSM0)
[    0.211832] msm_serial_hsl_probe: Bus scaling is disabled
[    0.211996] 78af000.serial: ttyMSM0 at MMIO 0x78af000 (irq = 139, base_baud = 115200) is a MSM
[    0.212071] msm_hsl_console_setup: console setup on port #0
[    0.808632] console [ttyMSM0] enabled
[    0.812735] msm_serial_hsl_init: driver initialized
[    0.817535] msm_serial_hs module loaded
[    0.822058] rst_button_init success
[    0.825423] brd: module loaded
[    0.829427] sps: BAM device 0x07884000 is not registered yet.
[    0.834200] sps:BAM 0x07884000 is registered.
[    0.839514] sps:BAM 0x07884000 (va:0xd0b40000) enabled: ver:0x19, number of pipes:12
[    0.846670] m25p80 spi0.0: found s25fl016k, expected n25q128a11
[    0.852330] m25p80 spi0.0: s25fl016k (2048 Kbytes)
[    0.857122] 9 ofpart partitions found on MTD device spi0.0
[    0.862554] Creating 9 MTD partitions on "spi0.0":
[    0.867318] 0x000000000000-0x000000040000 : "0:SBL1"
[    0.873433] 0x000000040000-0x000000060000 : "0:MIBIB"
[    0.878487] 0x000000060000-0x0000000c0000 : "0:QSEE"
[    0.883501] 0x0000000c0000-0x0000000d0000 : "0:CDT"
[    0.888400] 0x0000000d0000-0x0000000e0000 : "0:DDRPARAMS"
[    0.893905] 0x0000000e0000-0x0000000f0000 : "0:APPSBLENV"
[    0.899308] 0x0000000f0000-0x0000001e0000 : "0:APPSBL"
[    0.904414] 0x0000001e0000-0x0000001f0000 : "0:MANUDATA"
[    0.909701] 0x0000001f0000-0x000000200000 : "0:ART"
[    0.915960] libphy: ipq40xx_mdio: probed
[    0.922354] ipq40xx-mdio 90000.mdio: ipq40xx-mdio driver was registered
[    0.927989] tun: Universal TUN/TAP device driver, 1.6
[    0.932991] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[    0.939250] i2c /dev entries driver
[    0.944347] sdhci: Secure Digital Host Controller Interface driver
[    0.949492] sdhci: Copyright(c) Pierre Ossman
[    0.953862] sdhci-pltfm: SDHCI platform and OF driver helper
[    0.963804] nand: device found, Manufacturer ID: 0xef, Chip ID: 0xaa
[    0.969126] nand: Winbond W25N01GV 128MiB 3.3V
[    0.973575] nand: 128MiB, SLC, page size: 2048, OOB size: 64
[    0.979204] Scanning device for bad blocks
[    1.671175] random: nonblocking pool is initialized
[    2.866902] 4 cmdlinepart partitions found on MTD device spi0.1
[    2.871813] Creating 4 MTD partitions on "spi0.1":
[    2.876570] 0x000000000000-0x000003800000 : "rootfs"
[    2.882610] mtd: device 9 (rootfs) set to be root filesystem
[    2.889419] mtdsplit: no squashfs found in "rootfs"
[    2.893300] mtdsplit: no squashfs found in "spi0.1"
[    2.898131] 0x000003800000-0x000007000000 : "rootfs_1"
[    2.904342] 0x000007000000-0x000007f00000 : "var_config"
[    2.909583] 0x000007f00000-0x000007fc0000 : "Oops_log"
[    3.064937] mtdoops: Attached to MTD device 12
[    3.071808] nf_conntrack version 0.5.0 (3865 buckets, 15460 max)
[    3.077629] ip_tables: (C) 2000-2006 Netfilter Core Team
[    3.082249] TCP: cubic registered
[    3.086056] NET: Registered protocol family 10
[    3.090907] NET: Registered protocol family 17
[    3.094474] Bridge firewalling registered
[    3.098317] bridge_nlevent_init: Initializing Bridge HTTP redirect event mechanism
[    3.105930] br: Unicast isolation disabled
[    3.109939] br: Multicast isolation disabled
[    3.114222] br: HTTP redirect disabled
[    3.117930] 8021q: 802.1Q VLAN Support v1.8
[    3.122273] Registering SWP/SWPB emulation handler
[    3.127894] regulator-dummy: disabling
[    3.131046] UBI: attaching mtd9 to ubi0
[    5.959168] UBI: scanning is finished
[    6.033466] UBI: attached mtd9 (name "rootfs", size 56 MiB) to ubi0
[    6.038702] UBI: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[    6.045542] UBI: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[    6.052175] UBI: VID header offset: 2048 (aligned 2048), data offset: 4096
[    6.059013] UBI: good PEBs: 448, bad PEBs: 0, corrupted PEBs: 0
[    6.064932] UBI: user volume: 2, internal volumes: 1, max. volumes count: 128
[    6.072052] UBI: max/mean erase counter: 1/0, WL threshold: 4096, image sequence number: 1011195579
[    6.081061] UBI: available PEBs: 194, total reserved PEBs: 254, PEBs reserved for bad PEB handling: 20
[    6.090389] UBI: background thread "ubi_bgt0d" started, PID 71
[    6.092464] drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
[    6.095800] clk: Not disabling unused clocks
[    6.095804] ALSA device list:
[    6.095807]   No soundcards found.
[    6.129328] VFS: Mounted root (squashfs filesystem) readonly on device 31:14.
[    6.135790] Freeing unused kernel memory: 180K (c07ed000 - c081a000)

7604timo · February 5, 2018, 11:41am

It seems there's not much interest in this device - shame as it seems pretty nice..

I managed to compile an LEDE image with an initramfs built in and load it to the RAM of my device. I even managed to boot it!

The network port I'm connected to on it seems to work, but as expected I'm getting a lot of errors in the bootlog regarding the wifi.

The ath10k driver seems to be wanting a load of .bin files. There's loads of .bin files in the original rootfs of this device, which all appear to relate to the wifi drivers.

What do I do about this? Do I just copy them as-is into a special directory in my build environment and re-compile the initramfs image, or do I need to figure out the correct filenames for what the kernel module is asking for?

My bootlog is below, if anyone would be kind enough to peruse it and give me some insight..

Many thanks,

Tim

[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 4.9.77 (tim@ITDept002) (gcc version 5.5.0 (OpenWrt GCC 5.5.0 r5994-fd30187) ) #0 SMP Fri Feb 2 13:41:35 2018
[    0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[    0.000000] CPU: div instructions available: patching division code
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] OF: fdt:Machine model: Qualcomm Technologies, Inc. IPQ40xx/AP-DK01.1-C1
[    0.000000] Memory policy: Data cache writealloc
[    0.000000] percpu: Embedded 13 pages/cpu @cfdb9000 s20940 r8192 d24116 u53248
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 60928
[    0.000000] Kernel command line: init=/bin/sh
[    0.000000] Bootloader command line not present
[    0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes)
[    0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[    0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Memory: 230732K/245760K available (3853K kernel code, 246K rwdata, 1236K rodata, 6876K init, 242K bss, 15028K reserved, 0K cma-reserved, 0K highmem)
[    0.000000] Virtual kernel memory layout:
[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
[    0.000000]     fixmap  : 0xffc00000 - 0xfff00000   (3072 kB)
[    0.000000]     vmalloc : 0xd0800000 - 0xff800000   ( 752 MB)
[    0.000000]     lowmem  : 0xc0000000 - 0xd0000000   ( 256 MB)
[    0.000000]     pkmap   : 0xbfe00000 - 0xc0000000   (   2 MB)
[    0.000000]     modules : 0xbf000000 - 0xbfe00000   (  14 MB)
[    0.000000]       .text : 0xc0208000 - 0xc05cb8d8   (3855 kB)
[    0.000000]       .init : 0xc0721000 - 0xc0dd8000   (6876 kB)
[    0.000000]       .data : 0xc0dd8000 - 0xc0e15980   ( 247 kB)
[    0.000000]        .bss : 0xc0e17000 - 0xc0e53868   ( 243 kB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] Hierarchical RCU implementation.
[    0.000000] NR_IRQS:16 nr_irqs:16 16
[    0.000000] arm_arch_timer: Architected cp15 timer(s) running at 48.00MHz (virt).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0xb11fd3bfb, max_idle_ns: 440795203732 ns
[    0.000007] sched_clock: 56 bits at 48MHz, resolution 20ns, wraps every 4398046511096ns
[    0.000022] Switching to timer-based delay loop, resolution 20ns
[    0.000213] Calibrating delay loop (skipped), value calculated using timer frequency.. 96.00 BogoMIPS (lpj=480000)
[    0.000229] pid_max: default: 32768 minimum: 301
[    0.000329] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.000343] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.000969] CPU: Testing write buffer coherency: ok
[    0.001286] Setting up static identity map for 0x80208280 - 0x802082d8
[    0.005309] Brought up 4 CPUs
[    0.005330] SMP: Total of 4 processors activated (384.00 BogoMIPS).
[    0.005338] CPU: All CPU(s) started in SVC mode.
[    0.009718] VFP support v0.3: implementor 41 architecture 2 part 30 variant 7 rev 5
[    0.009878] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.009977] futex hash table entries: 1024 (order: 4, 65536 bytes)
[    0.010138] pinctrl core: initialized pinctrl subsystem
[    0.011347] NET: Registered protocol family 16
[    0.011609] DMA: preallocated 256 KiB pool for atomic coherent allocations
[    0.040014] cpuidle: using governor ladder
[    0.070043] cpuidle: using governor menu
[    0.110956] msm_bus_fabric_init_driver
[    0.111860] usbcore: registered new interface driver usbfs
[    0.111948] usbcore: registered new interface driver hub
[    0.112032] usbcore: registered new device driver usb
[    0.112086] pps_core: LinuxPPS API ver. 1 registered
[    0.112095] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[    0.112122] PTP clock support registered
[    0.113616] clocksource: Switched to clocksource arch_sys_counter
[    0.114606] NET: Registered protocol family 2
[    0.115230] TCP established hash table entries: 2048 (order: 1, 8192 bytes)
[    0.115277] TCP bind hash table entries: 2048 (order: 2, 16384 bytes)
[    0.115326] TCP: Hash tables configured (established 2048 bind 2048)
[    0.115385] UDP hash table entries: 256 (order: 1, 8192 bytes)
[    0.115416] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
[    0.115599] NET: Registered protocol family 1
[    0.190889] No memory allocated for crashlog
[    0.191178] workingset: timestamp_bits=30 max_order=16 bucket_order=0
[    0.197189] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.197203] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.202163] io scheduler noop registered
[    0.202180] io scheduler deadline registered (default)
[    0.206091] tcsr 194b000.tcsr: setting usb hs phy mode select = e700e7
[    0.206149] tcsr 1953000.ess_tcsr: setting ess interface select = 0
[    0.206199] tcsr 1949000.tcsr: setting wifi_glb_cfg = 41000000
[    0.206250] tcsr 1957000.tcsr: setting wifi_noc_memtype_m0_m2 = 2222222
[    0.206389] Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
[    0.207112] msm_serial 78af000.serial: msm_serial: detected port #0
[    0.207157] msm_serial 78af000.serial: uartclk = 1843200
[    0.207204] 78af000.serial: ttyMSM0 at MMIO 0x78af000 (irq = 125, base_baud = 115200) is a MSM
[    0.207230] msm_serial: console setup on port #0
[    0.694235] console [ttyMSM0] enabled
[    0.699265] msm_serial: driver initialized
[    0.709889] loop: module loaded
[    0.710914] spi_qup 78b5000.spi: IN:block:16, fifo:64, OUT:block:16, fifo:64
[    0.712662] m25p80 spi0.0: found s25fl016k, expected mx25l25635f
[    0.724509] random: fast init done
[    0.728099] m25p80 spi0.0: s25fl016k (2048 Kbytes)
[    0.728392] 11 ofpart partitions found on MTD device spi0.0
[    0.733106] Creating 11 MTD partitions on "spi0.0":
[    0.738602] 0x000000000000-0x000000040000 : "SBL1"
[    0.744414] 0x000000040000-0x000000060000 : "MIBIB"
[    0.749159] 0x000000060000-0x0000000c0000 : "QSEE"
[    0.753966] 0x0000000c0000-0x0000000d0000 : "CDT"
[    0.758819] 0x0000000d0000-0x0000000e0000 : "DDRPARAMS"
[    0.763588] 0x0000000e0000-0x0000000f0000 : "APPSBLENV"
[    0.768654] 0x0000000f0000-0x000000170000 : "APPSBL"
[    0.773921] 0x000000170000-0x000000180000 : "ART"
[    0.779117] 0x000000180000-0x000000580000 : "kernel"
[    0.782760] mtd: partition "kernel" extends beyond the end of device "spi0.0" -- size truncated to 0x80000
[    0.788738] 0x000000580000-0x000001b80000 : "rootfs"
[    0.797287] mtd: partition "rootfs" is out of reach -- disabled
[    0.803248] mtd: device 9 (rootfs) set to be root filesystem
[    0.808051] mtdsplit: error occured while reading from "rootfs"
[    0.813960] 0x000000180000-0x000001b80000 : "firmware"
[    0.819563] mtd: partition "firmware" extends beyond the end of device "spi0.0" -- size truncated to 0x80000
[    0.826290] libphy: ipq40xx_mdio: probed
[    0.911483] ESS reset ok!
[    0.944476] ESS reset ok!
[    1.374119] libphy: Fixed MDIO Bus: probed
[    1.374148] libphy: mdio_driver_register: qca8k
[    1.474338] i2c /dev entries driver
[    1.476145] cpufreq: cpufreq_online: CPU0: Running at unlisted freq: 666000 KHz
[    1.476696] cpufreq: cpufreq_online: CPU0: Unlisted initial frequency changed to: 716800 KHz
[    1.484478] sdhci: Secure Digital Host Controller Interface driver
[    1.492605] sdhci: Copyright(c) Pierre Ossman
[    1.498983] sdhci-pltfm: SDHCI platform and OF driver helper
[    1.538567] NET: Registered protocol family 10
[    1.556494] NET: Registered protocol family 17
[    1.558646] 8021q: 802.1Q VLAN Support v1.8
[    1.560563] Registering SWP/SWPB emulation handler
[    1.616875] hctosys: unable to open rtc device (rtc0)
[    1.762415] Freeing unused kernel memory: 6876K
[    1.762447] This architecture does not have kernel memory protection.
[    1.776217] init: Console is alive
[    1.776433] init: - watchdog -
[    1.787426] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[    1.790473] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    1.796870] SCSI subsystem initialized
[    1.808912] ehci-platform: EHCI generic platform driver
[    1.812128] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[    1.813709] ohci-platform: OHCI generic platform driver
[    2.105645] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
[    2.105804] xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 1
[    2.110586] xhci-hcd xhci-hcd.0.auto: hcc params 0x0228f665 hci version 0x100 quirks 0x02010010
[    2.117903] xhci-hcd xhci-hcd.0.auto: irq 192, io mem 0x08a00000
[    2.128684] hub 1-0:1.0: USB hub found
[    2.132681] hub 1-0:1.0: 1 port detected
[    2.137176] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
[    2.140233] xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 2
[    2.145961] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM.
[    2.155289] hub 2-0:1.0: USB hub found
[    2.161493] hub 2-0:1.0: 1 port detected
[    2.166240] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller
[    2.169083] xhci-hcd xhci-hcd.1.auto: new USB bus registered, assigned bus number 3
[    2.174890] xhci-hcd xhci-hcd.1.auto: hcc params 0x0220f665 hci version 0x100 quirks 0x02010010
[    2.182018] xhci-hcd xhci-hcd.1.auto: irq 193, io mem 0x06000000
[    2.192958] hub 3-0:1.0: USB hub found
[    2.196992] hub 3-0:1.0: 1 port detected
[    2.201341] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller
[    2.204526] xhci-hcd xhci-hcd.1.auto: new USB bus registered, assigned bus number 4
[    2.210095] usb usb4: We don't know the algorithms for LPM for this host, disabling LPM.
[    2.219546] hub 4-0:1.0: USB hub found
[    2.225788] hub 4-0:1.0: config failed, hub doesn't have any ports! (err -19)
[    2.232958] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[    2.244271] init: - preinit -
/bin/board_detect: line 12: Unsupported: not found
[    2.544522] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[    2.544677] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[    6.011358] procd: - early -
[    6.011610] procd: - watchdog -
[    6.694946] procd: - watchdog -
[    6.697660] procd: - ubus -
[    6.770267] procd: - init -
Please press Enter to activate this console.
[    7.081983] kmodloader: loading kernel modules from /etc/modules.d/*
[    7.086192] ip6_tables: (C) 2000-2006 Netfilter Core Team
[    7.095773] Loading modules backported from Linux version wt-2017-11-01-0-gfe248fc2c180
[    7.095815] Backport generated by backports.git v4.14-rc2-1-31-g86cf0e5d
[    7.104717] ip_tables: (C) 2000-2006 Netfilter Core Team
[    7.115772] nf_conntrack version 0.5.0 (4096 buckets, 16384 max)
[    7.148178] xt_time: kernel timezone is -0000
[    7.180424] PPP generic driver version 2.4.2
[    7.181631] NET: Registered protocol family 24
[    7.385458] ath10k_ahb a000000.wifi: Direct firmware load for ath10k/pre-cal-ahb-a000000.wifi.bin failed with error -2
[    7.385511] ath10k_ahb a000000.wifi: Falling back to user helper
[    8.317570] random: crng init done
[    8.969334] ath10k_ahb a000000.wifi: Direct firmware load for ath10k/QCA4019/hw1.0/firmware-6.bin failed with error -2
[    8.969384] ath10k_ahb a000000.wifi: Falling back to user helper
[    9.039723] firmware ath10k!QCA4019!hw1.0!firmware-6.bin: firmware_loading_store: map pages failed
[    9.041846] ath10k_ahb a000000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000
[    9.047685] ath10k_ahb a000000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[    9.065677] ath10k_ahb a000000.wifi: firmware ver 10.4-3.4-00104 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 6c332c67
[    9.107157] ath10k_ahb a000000.wifi: failed to fetch board data for bus=ahb,bmi-chip-id=0,bmi-board-id=31 from ath10k/QCA4019/hw1.0/board-2.bin
[    9.107372] ath10k_ahb a000000.wifi: Direct firmware load for ath10k/QCA4019/hw1.0/board.bin failed with error -2
[    9.118895] ath10k_ahb a000000.wifi: Falling back to user helper
[    9.168916] firmware ath10k!QCA4019!hw1.0!board.bin: firmware_loading_store: map pages failed
[    9.169145] ath10k_ahb a000000.wifi: failed to fetch board-2.bin or board.bin from ath10k/QCA4019/hw1.0
[    9.176483] ath10k_ahb a000000.wifi: failed to fetch board file: -11
[    9.185844] ath10k_ahb a000000.wifi: could not probe fw (-11)
[    9.375466] ath10k_ahb a800000.wifi: Direct firmware load for ath10k/pre-cal-ahb-a800000.wifi.bin failed with error -2
[    9.375518] ath10k_ahb a800000.wifi: Falling back to user helper
[   10.434780] ath10k_ahb a800000.wifi: Direct firmware load for ath10k/QCA4019/hw1.0/firmware-6.bin failed with error -2
[   10.434825] ath10k_ahb a800000.wifi: Falling back to user helper
[   10.479837] firmware ath10k!QCA4019!hw1.0!firmware-6.bin: firmware_loading_store: map pages failed
[   10.481391] ath10k_ahb a800000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000
[   10.487762] ath10k_ahb a800000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
[   10.502949] ath10k_ahb a800000.wifi: firmware ver 10.4-3.4-00104 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 6c332c67
[   10.547155] ath10k_ahb a800000.wifi: failed to fetch board data for bus=ahb,bmi-chip-id=0,bmi-board-id=31 from ath10k/QCA4019/hw1.0/board-2.bin
[   10.547326] ath10k_ahb a800000.wifi: Direct firmware load for ath10k/QCA4019/hw1.0/board.bin failed with error -2
[   10.558899] ath10k_ahb a800000.wifi: Falling back to user helper
[   10.608918] firmware ath10k!QCA4019!hw1.0!board.bin: firmware_loading_store: map pages failed
[   10.609167] ath10k_ahb a800000.wifi: failed to fetch board-2.bin or board.bin from ath10k/QCA4019/hw1.0
[   10.616518] ath10k_ahb a800000.wifi: failed to fetch board file: -11
[   10.625925] ath10k_ahb a800000.wifi: could not probe fw (-11)
[   10.635240] kmodloader: done loading kernel modules from /etc/modules.d/*
[   15.145161] br-lan: port 1(eth0) entered blocking state
[   15.145200] br-lan: port 1(eth0) entered disabled state
[   15.149788] device eth0 entered promiscuous mode
[   15.159957] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[   15.180270] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   15.181600] ess_edma c080000.edma: eth1: GMAC Link is up with phy_speed=1000
[   15.185353] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[   16.163663] br-lan: port 1(eth0) entered blocking state
[   16.163703] br-lan: port 1(eth0) entered forwarding state
[   16.168495] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready