Since I dont have a crystal ball, it's kind of hard to tell you to copy/paste command XYZ.
There's a couple options you have to dump the firmware. Some better than others but I'll name a few.
- If you can get a full shell on it, you can use
ddto dump and then copy off partitions. Something like:
dd if=/dev/mtd0 of=/tmp/mtd0then nc or scp it off (find a way). - If you can't get a shell, you can use
md. Your partition map has all the details you need. You can use minicom or alike toteeout stdout to a file, but note serial is slightly prone to errors.
Example:md.b 0x00 0x100000would start at 0x00 and print the next 0x100000 bytes to the console. You could then use https://github.com/gmbnomis/uboot-mdb-dump to convert that to a raw binary.
1 Like
thanks for the advice.
back to work
If you have working SSH, then you can do it rather easy:
ssh user@wax_ip "dd if=dev/mtdN" | of=whatever.bin
1 Like
Thanks,
Done with one error:
dd if=/dev/mtd18 | ssh root@192.168.0.2 dd of=/root/wax218/mtd
18
[ 1019.905681] ubi0 error: ubi_open_volume: cannot open device 0, volume 2, error -16
dd: can't open '/dev/mtd18': Resource busy
Any idea to got it before I archive them?
For information, same error with the mtd18ro file:
[ 1420.740160] ubi0 error: ubi_open_volume: cannot open device 0, volume 2, error -16
dd: can't open '/dev/mtd18ro': Resource busy
root@WAX218:/tmp# mount
mtd:ubi_rootfs on /rom type squashfs (ro,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
cgroup on /sys/fs/cgroup type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,pids)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime)
/dev/ubi0_2 on /overlay type ubifs (rw,noatime)
overlayfs:/overlay on / type overlay (rw,noatime,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600,ptmxmode=000)
/dev/mtdblock19 on /lib/firmware/IPQ8074/WIFI_FW type squashfs (ro,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,noatime)
root@WAX218:/tmp#
root@WAX218:/tmp# df
Filesystem 1K-blocks Used Available Use% Mounted on
mtd:ubi_rootfs 17920 17920 0 100% /rom
tmpfs 212312 440 211872 0% /tmp
/dev/ubi0_2 73168 512 68884 1% /overlay
overlayfs:/overlay 73168 512 68884 1% /
tmpfs 512 0 512 0% /dev
/dev/mtdblock19 2304 2304 0 100% /lib/firmware/IPQ8074/WIFI_FW
root@WAX218:/tmp#
root@WAX218:/tmp# ls -lA /dev
lrwxrwxrwx 1 root root 15 Sep 6 02:33 caldata -> /dev/mtdblock11
crw-r--r-- 1 root root 5, 1 Sep 6 02:48 console
crw-r--r-- 1 root root 10, 61 Jan 1 1970 coresight-stm
crw-r--r-- 1 root root 10, 62 Jan 1 1970 coresight-tmc-etf
crw-r--r-- 1 root root 10, 63 Jan 1 1970 coresight-tmc-etr
crw-r--r-- 1 root root 10, 60 Jan 1 1970 cpu_dma_latency
crw-r--r-- 1 root root 10, 70 Sep 6 02:32 crypto
crw-r--r-- 1 root root 247, 0 Jan 1 1970 dcc_sram
crw-r--r-- 1 root root 239, 0 Sep 6 02:32 diag
crw-rw-rw- 1 root root 1, 7 Jan 1 1970 full
crw-r--r-- 1 root root 10, 229 Sep 6 02:32 fuse
crw-r--r-- 1 root root 10, 183 Jan 1 1970 hwrng
crw-r--r-- 1 root root 243, 0 Jan 1 1970 icesdcc
crw-r--r-- 1 root root 250, 0 Jan 1 1970 iio:device0
crw-r--r-- 1 root root 1, 11 Jan 1 1970 kmsg
srw-rw-rw- 1 root root 0 Sep 6 02:32 log
drwxr-xr-x 2 root root 60 Jan 1 1970 mapper
crw-r--r-- 1 root root 1, 1 Jan 1 1970 mem
crw-r--r-- 1 root root 10, 57 Jan 1 1970 memory_bandwidth
crw-r--r-- 1 root root 254, 0 Jan 1 1970 msm_sps
crw-r--r-- 1 root root 90, 0 Jan 1 1970 mtd0
crw-r--r-- 1 root root 90, 1 Jan 1 1970 mtd0ro
crw-r--r-- 1 root root 90, 2 Jan 1 1970 mtd1
crw-r--r-- 1 root root 90, 20 Jan 1 1970 mtd10
crw-r--r-- 1 root root 90, 21 Jan 1 1970 mtd10ro
crw-r--r-- 1 root root 90, 22 Jan 1 1970 mtd11
crw-r--r-- 1 root root 90, 23 Jan 1 1970 mtd11ro
crw-r--r-- 1 root root 90, 24 Jan 1 1970 mtd12
crw-r--r-- 1 root root 90, 25 Jan 1 1970 mtd12ro
crw-r--r-- 1 root root 90, 26 Jan 1 1970 mtd13
crw-r--r-- 1 root root 90, 27 Jan 1 1970 mtd13ro
crw-r--r-- 1 root root 90, 28 Jan 1 1970 mtd14
crw-r--r-- 1 root root 90, 29 Jan 1 1970 mtd14ro
crw-r--r-- 1 root root 90, 30 Jan 1 1970 mtd15
crw-r--r-- 1 root root 90, 31 Jan 1 1970 mtd15ro
crw-r--r-- 1 root root 90, 32 Jan 1 1970 mtd16
crw-r--r-- 1 root root 90, 33 Jan 1 1970 mtd16ro
crw-r--r-- 1 root root 90, 34 Jan 1 1970 mtd17
crw-r--r-- 1 root root 90, 35 Jan 1 1970 mtd17ro
crw-r--r-- 1 root root 90, 36 Jan 1 1970 mtd18
crw-r--r-- 1 root root 90, 37 Jan 1 1970 mtd18ro
crw-r--r-- 1 root root 90, 38 Sep 6 02:32 mtd19
crw-r--r-- 1 root root 90, 39 Sep 6 02:32 mtd19ro
crw-r--r-- 1 root root 90, 3 Jan 1 1970 mtd1ro
crw-r--r-- 1 root root 90, 4 Jan 1 1970 mtd2
crw-r--r-- 1 root root 90, 5 Jan 1 1970 mtd2ro
crw-r--r-- 1 root root 90, 6 Jan 1 1970 mtd3
crw-r--r-- 1 root root 90, 7 Jan 1 1970 mtd3ro
crw-r--r-- 1 root root 90, 8 Jan 1 1970 mtd4
crw-r--r-- 1 root root 90, 9 Jan 1 1970 mtd4ro
crw-r--r-- 1 root root 90, 10 Jan 1 1970 mtd5
crw-r--r-- 1 root root 90, 11 Jan 1 1970 mtd5ro
crw-r--r-- 1 root root 90, 12 Jan 1 1970 mtd6
crw-r--r-- 1 root root 90, 13 Jan 1 1970 mtd6ro
crw-r--r-- 1 root root 90, 14 Jan 1 1970 mtd7
crw-r--r-- 1 root root 90, 15 Jan 1 1970 mtd7ro
crw-r--r-- 1 root root 90, 16 Jan 1 1970 mtd8
crw-r--r-- 1 root root 90, 17 Jan 1 1970 mtd8ro
crw-r--r-- 1 root root 90, 18 Jan 1 1970 mtd9
crw-r--r-- 1 root root 90, 19 Jan 1 1970 mtd9ro
brw-r--r-- 1 root root 31, 0 Jan 1 1970 mtdblock0
brw-r--r-- 1 root root 31, 1 Jan 1 1970 mtdblock1
brw-r--r-- 1 root root 31, 10 Jan 1 1970 mtdblock10
brw-r--r-- 1 root root 31, 11 Jan 1 1970 mtdblock11
brw-r--r-- 1 root root 31, 12 Jan 1 1970 mtdblock12
brw-r--r-- 1 root root 31, 13 Jan 1 1970 mtdblock13
brw-r--r-- 1 root root 31, 14 Jan 1 1970 mtdblock14
brw-r--r-- 1 root root 31, 15 Jan 1 1970 mtdblock15
brw-r--r-- 1 root root 31, 16 Jan 1 1970 mtdblock16
brw-r--r-- 1 root root 31, 17 Jan 1 1970 mtdblock17
brw-r--r-- 1 root root 31, 18 Jan 1 1970 mtdblock18
brw-r--r-- 1 root root 31, 19 Sep 6 02:32 mtdblock19
brw-r--r-- 1 root root 31, 2 Jan 1 1970 mtdblock2
brw-r--r-- 1 root root 31, 3 Jan 1 1970 mtdblock3
brw-r--r-- 1 root root 31, 4 Jan 1 1970 mtdblock4
brw-r--r-- 1 root root 31, 5 Jan 1 1970 mtdblock5
brw-r--r-- 1 root root 31, 6 Jan 1 1970 mtdblock6
brw-r--r-- 1 root root 31, 7 Jan 1 1970 mtdblock7
brw-r--r-- 1 root root 31, 8 Jan 1 1970 mtdblock8
brw-r--r-- 1 root root 31, 9 Jan 1 1970 mtdblock9
drwxr-xr-x 2 root root 60 Sep 6 02:32 net
crw-r--r-- 1 root root 10, 59 Jan 1 1970 network_latency
crw-r--r-- 1 root root 10, 58 Jan 1 1970 network_throughput
crw-rw-rw- 1 root root 1, 3 Jan 1 1970 null
crw-r--r-- 1 root root 1, 4 Jan 1 1970 port
crw-rw-rw- 1 root root 5, 2 Jan 1 1970 ptmx
drwxr-xr-x 2 root root 0 Jan 1 1970 pts
brw-r--r-- 1 root root 1, 0 Jan 1 1970 ram0
brw-r--r-- 1 root root 1, 1 Jan 1 1970 ram1
brw-r--r-- 1 root root 1, 10 Jan 1 1970 ram10
brw-r--r-- 1 root root 1, 11 Jan 1 1970 ram11
brw-r--r-- 1 root root 1, 12 Jan 1 1970 ram12
brw-r--r-- 1 root root 1, 13 Jan 1 1970 ram13
brw-r--r-- 1 root root 1, 14 Jan 1 1970 ram14
brw-r--r-- 1 root root 1, 15 Jan 1 1970 ram15
brw-r--r-- 1 root root 1, 2 Jan 1 1970 ram2
brw-r--r-- 1 root root 1, 3 Jan 1 1970 ram3
brw-r--r-- 1 root root 1, 4 Jan 1 1970 ram4
brw-r--r-- 1 root root 1, 5 Jan 1 1970 ram5
brw-r--r-- 1 root root 1, 6 Jan 1 1970 ram6
brw-r--r-- 1 root root 1, 7 Jan 1 1970 ram7
brw-r--r-- 1 root root 1, 8 Jan 1 1970 ram8
brw-r--r-- 1 root root 1, 9 Jan 1 1970 ram9
crw-r--r-- 1 root root 1, 8 Jan 1 1970 random
lrwxrwxrwx 1 root root 14 Sep 6 02:32 root -> mtd:ubi_rootfs
lrwxrwxrwx 1 root root 8 Jan 1 1970 shm -> /tmp/shm
drwxr-xr-x 2 root root 60 Jan 1 1970 snd
crw-r--r-- 1 root root 242, 1 Jan 1 1970 subsys_q6v5-m3
crw-r--r-- 1 root root 242, 0 Jan 1 1970 subsys_q6v5-wcss
crw-r--r-- 1 root root 10, 254 Sep 6 02:32 switch_ssdk
crw-r--r-- 1 root root 5, 0 Sep 6 02:51 tty
crw------- 1 root root 246, 0 Sep 6 02:52 ttyMSM0
crw-r--r-- 1 root root 246, 1 Jan 1 1970 ttyMSM1
crw-r--r-- 1 root root 241, 0 Jan 1 1970 ubi0
crw-r--r-- 1 root root 241, 1 Jan 1 1970 ubi0_0
crw-r--r-- 1 root root 241, 2 Jan 1 1970 ubi0_1
crw-r--r-- 1 root root 241, 3 Jan 1 1970 ubi0_2
crw-r--r-- 1 root root 240, 0 Sep 6 02:32 ubi1
crw-r--r-- 1 root root 240, 2 Sep 6 02:32 ubi1_1
crw-r--r-- 1 root root 10, 56 Jan 1 1970 ubi_ctrl
crw-r--r-- 1 root root 1, 9 Jan 1 1970 urandom
crw-r--r-- 1 root root 10, 130 Jan 1 1970 watchdog
crw-r--r-- 1 root root 249, 0 Jan 1 1970 watchdog0
crw-rw-rw- 1 root root 1, 5 Jan 1 1970 zero
root@WAX218:/etc# cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00020000 "0:SBL1"
mtd1: 00100000 00020000 "0:MIBIB"
mtd2: 00300000 00020000 "0:QSEE"
mtd3: 00080000 00020000 "0:DEVCFG"
mtd4: 00080000 00020000 "0:APDP"
mtd5: 00080000 00020000 "0:RPM"
mtd6: 00080000 00020000 "0:CDT"
mtd7: 00080000 00020000 "0:APPSBLENV"
mtd8: 006a0000 00020000 "0:APPSBL"
mtd9: 00060000 00020000 "cert"
mtd10: 00100000 00020000 "userconfig"
mtd11: 00080000 00020000 "0:ART"
mtd12: 06f00000 00020000 "rootfs_1"
mtd13: 00900000 00020000 "0:WIFIFW_1"
mtd14: 06f00000 00020000 "rootfs"
mtd15: 00900000 00020000 "0:WIFIFW"
mtd16: 00554000 0001f000 "kernel"
mtd17: 0118f000 0001f000 "ubi_rootfs"
mtd18: 04f51000 0001f000 "rootfs_data"
mtd19: 0022e000 0001f000 "wifi_fw"
For information, here is the MAC Addresses:
root@WAX218:/tmp# ifconfig | grep HWaddr
ath0 Link encap:Ethernet HWaddr 94:A6:7E:B1:9E:34
ath11 Link encap:Ethernet HWaddr 94:A6:7E:B1:9E:35
br-lan Link encap:Ethernet HWaddr 94:A6:7E:B1:9E:33
br-mgmt Link encap:Ethernet HWaddr 9A:A6:7E:B1:9E:34
eth0 Link encap:Ethernet HWaddr 94:A6:7E:B1:9E:33
mgmt0 Link encap:Ethernet HWaddr 9A:A6:7E:B1:9E:34
wifi0 Link encap:Ethernet HWaddr 94:A6:7E:B1:9E:34
wifi1 Link encap:Ethernet HWaddr 94:A6:7E:B1:9E:35
On the label under the APl I have: 94:A6:7E:B1:9E:33
Unable to extract anything from 2 Netgear FWs:
~/wax218/Netgear_FW# binwalk WAX218_V2.1.1.3_firmware.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
25439778 0x1842E22 MySQL ISAM compressed data file Version 5
~/wax218/Netgear_FW#
~/wax218/Netgear_FW#
~/wax218/Netgear_FW# binwalk WAX218_V1.0.1.0_firmware.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
(no output)
Thanks a lot for looking at this device.
2:38am here, time to go to sleep
If that can help, HERE is the /etc
Support for this device is now available as a snapshot build of master:
https://downloads.openwrt.org/snapshots/targets/ipq807x/generic/
install instructions are in the commit message:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=7801161c4bb2413817b3dfd01695050e2da27bf3
thanks to @mrnuke for getting this sorted
3 Likes
thanks for the heads up, added a hw page, so it gets listed in the ToH.
1 Like
Hello everyone,
Thank you all for your efforts 
Installation was done without trouble:
- boot on the factory FW (v2.1.1.3 in my case)
- Updated from factory update page with file
openwrt-ipq807x-generic-netgear_wax218-web-ui-factory.fit - reboot
- and then it's the usual procedure, access in SSH without password (the only interface is in DHCP by default)
opkg update && opkg install luci- access to the OpenWRT web interface
- updated with
openwrt-ipq807x-generic-netgear_wax218-squashfs-sysupgrade.binfile - SSH again
opkg update && opkg install luci ...
here we go 
Unfortunately wax218 hardware is still disappointing :
- painful start-up time (like any IPQxxxx SOCs I've tried)
- aberrant power consumption (again like any IPQxxxx SOCs I've tried) almost double that of a mediatek MT7621+MT7915e, see picture below (+74% without any client attached to this AP vs many clients for my 2 MT7621's APs)
- Disappointing RF part with probably a very bad antennas design (I tested quickly a few months ago with low cost "pigtails + external antennas" and it radically changes the coverage and the throughput obtained but it somewhat spoils the idea of a discreet/inconspicuous wall/ceiling access point). My own tests, with factory antennas, only give 50/75% of the performance achieved with my much less expensive MT7621's APs (in my environment)
High consumption + high product selling price + not so good performance (given the product range we are talking about) = not terrible from my point of view
... but at least it now has a much much much better software 
On the other hand, we must admit that the use of Luci is really pleasant on this device, we feel that the SOC has power, it's really fluid
1 Like
xiaomi ax3600 boots within 15-20s.
~6.5 watts for the xiaomi ax3600.
ipq807x' weak points are network/ switch drivers and (lack of-) vendor participation, but beyond that, it's working well - and the wax218 shouldn't be much worse, on the contrary (2.5GBASE-T will push the power consumption a bit).
How often do you reboot them ?
1st world problem, imho.
1 Like
definitely 
Of course it is not the 1st world problem, but sometimes you play a lot with one or more AP during few days, to try something, to learn something, and long boot time should be very annoying
Good !
That's why I said (humbly) "like any IPQxxxx SOCs I've tried"
This is just my experience with a limited amount of devices
not so bad
We each have different needs and different expectations.
Some have nothing to complain about equipment that consumes a lot, it is not part of their requirements, others will look for the lowest consumption at all cost, even if it means sacrificing functionality or performance.
and, in fact, all these different expectations seem to me just as legitimate as each other.
There is enough offerts on the market to satisfy everyone.
In my case I'm probably somewhere in between and I'm happy with that.
I don't really like having equipment that draws "a few watts too much" 24/7 all year round, but I'm still looking for a certain level of performance. In MY case, I'm not a big fan of SOC IPQ on these aspects.
I must confess that I was dramatically mistaken. I certainly stayed with the impression I had while the WAX218 was using the original firmware.
To be completely honest, here are the reboot times measured this evening as well as the performance obtained with a client equipped with an AX210 card under Windows 10 Pro :
MT7621:
Cudy x6 53s (22.03.3)
Asus ax53u 57s (yesterday snapshot, upgraded tonight to do these tests)
IPQ80xx:
Netgear wax218 32s (yesterday snapshot)
ax53u (ch100 / 20 dBm - 100 mW) :
wax218 (ch36 / 20 dBm - 100 mW) :
And a 13GB file copy from my file server to my laptop (still 20 dBm) :
sorry for having said nonsense yesterday, I continued my tests and I must correct my words
1 Like
Hello,
I have also the WAX218, loaded with original netgear firmware and i agree on the bad coverage side.
Performance are good in general, but on distance coverage dramatically decrease. Sometimes around 4/5 meters away and through a pair of thin indoor walls (not brick) devices loose network. I must admit that my area is a very congested one in term of wireless spectrum, but my old D7000 can deliver much much better coverage in the same spot 
Powering it using POE+ and Full power set on 5G band and Half on 2.4G i have this power consumption on the feeder side (RB5009UPr+S+IN):
- Idle: 8/9 Watt at 48.8v
- Tx/RX: 11/12 Watt at 48.8v
- High traffic TX/RX 13 Watt at 48.8v
In the future experiment i think i will try to use a POE Injector or opening the case and adding a much better antenna along with Openwrt.
I installed the .fit snapshot, installed Luci, upgraded with the sysupgrade .bin snapshot file, rebooted, installed Luci, and I always come back to the " System running in recovery (initramfs) mode." message. I've also tried upgrading to the latest snapshot sysupgrade file via cli.
At this point, I have UART connected, and can get booted into Openwrt, but these error messages are constantly streaming through the console.
hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
I'd appreciate any help you can give! Thanks.
I had no problems installing openwrt using the ssh method described in the commit. I am seeing the same hsl_phy_phydev_get flood in the kernel log you are, but do not seem to observe any detrimental performance because of it everything works as expected so far.
I had a sneaking suspicion those errors may be related to recent change in ath11k-firmware or a board definition.
Ahh, that's interesting. My network interfaces don't show any wifi devices (just lan/lan6 active). ipq-wifi-netgear-WAX218 package. Not sure exactly what's going on with my device here. Thanks for your response.
U-Boot 2016.01-WAX218-uboot_version:V1.1.0 [Attitude Adjustment 12.09.1,45afb66] (Apr 25 2022 - 04:18:24 +0000)
DRAM: smem ram ptable found: ver: 1 len: 4
512 MiB
NAND: ONFI device found
ID = 1590aac2
Vendor = c2
Device = aa
page_size: 0x800, sector_size: 0x20000, oobsize: 0x40, size: 0x10000000
256 MiB
FLASH: SF: Unsupported flash IDs: manuf ff, jedec ffff, ext_jedec ffff
ipq_spi: SPI Flash not found (bus/cs/speed/mode) = (0/0/48000000/0)
MMC: sdhci: Node Not found, skipping initialization
PCI0 is not defined in the device tree
PCI1 is not defined in the device tree
In: serial@78B3000
Out: serial@78B3000
Err: serial@78B3000
sn_74V164_led_init: !!!
machid: 8010006
MMC Device 0 not found
eth0 MAC Address from ART is not valid
eth1 MAC Address from ART is not valid
eth2 MAC Address from ART is not valid
eth3 MAC Address from ART is not valid
eth4 MAC Address from ART is not valid
eth5 MAC Address from ART is not valid
Net: MAC0 addr:0:3:7f:ba:db:ad
ipq_qca8081_phy_init: PHY ID1: 0x4d
ipq_qca8081_phy_init: PHY ID2: 0xd101
EDMA ver 1 hw init
Num rings - TxDesc:1 (0-0) TxCmpl:1 (7-7)
RxDesc:1 (15-15) RxFill:1 (7-7)
ipq807x_edma_alloc_rings: successfull
ipq807x_edma_setup_ring_resources: successfull
ipq807x_edma_configure_rings: successfull
ipq807x_edma_hw_init: successfull
eth0
Please choose the operation:
2: Load Linux System code then write to Flash via TFTP.
4: Entr boot command line interface.
9: Load Boot Loader code then write to Flash via TFTP.
e: Erase Boot Loader ENV config.
ESC: Please input ESC to run Burn-in testing. 0
bootargs=console=ttyMSM0,115200n8 ubi.mtd=rootfs root=mtd:ubi_rootfs rootfstype=squashfs rootwait
Booting from flash
Using nand device 0
Booting from NAND FW2
runcmd=setenv mtdids nand0=nand0 && setenv mtdparts mtdparts=nand0:0x6f00000@0x8800000(fs),${msmparts} && ubi part fs && ubi read 0x44000000 kernel &&
ubi0: attaching mtd1
ubi0: scanning is finished
ubi0: attached mtd1 (name "mtd=0", size 111 MiB)
ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
ubi0: good PEBs: 888, bad PEBs: 0, corrupted PEBs: 0
ubi0: user volume: 1, internal volumes: 1, max. volumes count: 128
ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 1089825454
ubi0: available PEBs: 753, total reserved PEBs: 135, PEBs reserved for bad PEB handling: 40
Read 0 bytes from volume kernel to 44000000
No size specified -> Using max size (11554816)
Could not find PCI in device tree
## Loading kernel from FIT Image at 44000000 ...
Using 'config@hk07' configuration
Trying 'kernel-1' kernel subimage
Description: ARM64 OpenWrt Linux-5.15.106
Type: Kernel Image
Compression: gzip compressed
Data Start: 0x440000ec
Data Size: 11440920 Bytes = 10.9 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x41000000
Entry Point: 0x41000000
Hash algo: crc32
Hash value: dbed12cd
Hash algo: sha1
Hash value: 9b2dde3b90bd25d722a260db4ec0d1137ecc6c09
Verifying Hash Integrity ... crc32+ sha1+ OK
## Loading fdt from FIT Image at 44000000 ...
Using 'config@hk07' configuration
Trying 'fdt-1' fdt subimage
Description: ARM64 OpenWrt netgear_wax218 device tree blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x44ae9544
Data Size: 41596 Bytes = 40.6 KiB
Architecture: AArch64
Hash algo: crc32
Hash value: 5f962771
Hash algo: sha1
Hash value: 243a564bd65cfa86b3eff28e4cdc79cb5d06e11b
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0x44ae9544
Uncompressing Kernel Image ... OK
Loading Device Tree to 4a3f2000, end 4a3ff27b ... OK
mtdparts = mtdparts=nand0:1024K@0x0(0:SBL1),1024K@0x100000(0:MIBIB),3M@0x200000(0:QSEE),512K@0x500000(0:DEVCFG),512K@0x580000(0:APDP),512K@0x600000(0:RPM),512K@0x680000(0:CDT),512K@0x700000(0:APPSBLENV),6784K@0x780000(0:APPSBL),384K@0xe20000(cert),1024K@0xe80000(userconfig),512K@0xf80000(0:ART),111M@0x1000000(rootfs_1),9M@0x7f00000(0:WIFIFW_1),111M@0x8800000(rootfs),9M@0xf700000(0:WIFIFW)
Using machid 0x8010006 from environment
Starting kernel ...
Jumping to AARCH64 kernel via monitor
[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd034]
[ 0.000000] Linux version 5.15.106 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 12.2.0 r22537-32f134fbdf) 12.2.0, GNU ld (GNU Binutils) 2.40.0) #0 SMP Sun Apr 9 12:48:34 2023
[ 0.000000] Machine model: Netgear WAX218
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000040000000-0x000000005fffffff]
[ 0.000000] DMA32 empty
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000040000000-0x0000000040ffffff]
[ 0.000000] node 0: [mem 0x0000000041000000-0x000000004a3fffff]
[ 0.000000] node 0: [mem 0x000000004a400000-0x00000000510fffff]
[ 0.000000] node 0: [mem 0x0000000051100000-0x000000005fffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x000000005fffffff]
[ 0.000000] psci: probing for conduit method from DT.
[ 0.000000] psci: PSCIv1.0 detected in firmware.
[ 0.000000] psci: Using standard PSCI v0.2 function IDs
[ 0.000000] psci: MIGRATE_INFO_TYPE not supported.
[ 0.000000] psci: SMC Calling Convention v1.0
[ 0.000000] psci: OSI mode supported.
[ 0.000000] percpu: Embedded 17 pages/cpu s30808 r8192 d30632 u69632
[ 0.000000] Detected VIPT I-cache on CPU0
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 129024
[ 0.000000] Kernel command line: console=ttyMSM0,115200n8 ubi.mtd=rootfs root=mtd:ubi_rootfs rootfstype=squashfs rootwait ubi.block=0,rootfs root=/dev/ubiblock0_1
[ 0.000000] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
[ 0.000000] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes, linear)
[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[ 0.000000] Memory: 366988K/524288K available (7808K kernel code, 860K rwdata, 2136K rodata, 7744K init, 289K bss, 157300K reserved, 0K cma-reserved)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[ 0.000000] rcu: Hierarchical RCU implementation.
[ 0.000000] Tracing variant of Tasks RCU enabled.
[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
[ 0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[ 0.000000] Root IRQ handler: gic_handle_irq
[ 0.000000] GICv2m: range[mem 0x0b00a000-0x0b00affc], SPI[448:479]
[ 0.000000] arch_timer: cp15 and mmio timer(s) running at 19.20MHz (virt/virt).
[ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x46d987e47, max_idle_ns: 440795202767 ns
[ 0.000000] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 4398046511078ns
[ 0.000126] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)
[ 0.000142] pid_max: default: 32768 minimum: 301
[ 0.000290] Mount-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[ 0.000306] Mountpoint-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[ 0.001932] rcu: Hierarchical SRCU implementation.
[ 0.002103] dyndbg: Ignore empty _ddebug table in a CONFIG_DYNAMIC_DEBUG_CORE build
[ 0.002604] smp: Bringing up secondary CPUs ...
[ 0.003217] Detected VIPT I-cache on CPU1
[ 0.003280] CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
[ 0.003904] Detected VIPT I-cache on CPU2
[ 0.003945] CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
[ 0.004528] Detected VIPT I-cache on CPU3
[ 0.004565] CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
[ 0.004632] smp: Brought up 1 node, 4 CPUs
[ 0.004657] SMP: Total of 4 processors activated.
[ 0.004665] CPU features: detected: 32-bit EL0 Support
[ 0.004672] CPU features: detected: CRC32 instructions
[ 0.004720] CPU features: emulated: Privileged Access Never (PAN) using TTBR0_EL1 switching
[ 0.004730] CPU: All CPU(s) started at EL1
[ 0.004751] alternatives: patching kernel code
[ 0.012367] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.012403] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
[ 0.012572] pinctrl core: initialized pinctrl subsystem
[ 0.013838] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[ 0.014317] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
[ 0.014360] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[ 0.014400] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[ 0.014738] thermal_sys: Registered thermal governor 'step_wise'
[ 0.016199] cpuidle: using governor menu
[ 0.016429] ASID allocator initialised with 65536 entries
[ 0.067035] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[ 0.075508] SCSI subsystem initialized
[ 0.075685] usbcore: registered new interface driver usbfs
[ 0.075727] usbcore: registered new interface driver hub
[ 0.075763] usbcore: registered new device driver usb
[ 0.075984] CPUidle PSCI: failed to enable OSI mode: -95
[ 0.076256] qcom_scm: convention: smc arm 64
[ 0.077578] clocksource: Switched to clocksource arch_sys_counter
[ 0.078347] NET: Registered PF_INET protocol family
[ 0.078476] IP idents hash table entries: 8192 (order: 4, 65536 bytes, linear)
[ 0.079129] tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes, linear)
[ 0.079154] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ 0.079169] TCP established hash table entries: 4096 (order: 3, 32768 bytes, linear)
[ 0.079219] TCP bind hash table entries: 4096 (order: 4, 65536 bytes, linear)
[ 0.079300] TCP: Hash tables configured (established 4096 bind 4096)
[ 0.079374] UDP hash table entries: 256 (order: 1, 8192 bytes, linear)
[ 0.079404] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes, linear)
[ 0.079557] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 0.079592] PCI: CLS 0 bytes, default 64
[ 0.099518] workingset: timestamp_bits=46 max_order=17 bucket_order=0
[ 0.103461] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 0.103489] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[ 0.104308] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248)
[ 0.112980] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[ 0.114676] msm_serial 78b3000.serial: msm_serial: detected port #0
[ 0.114743] msm_serial 78b3000.serial: uartclk = 3686400
[ 0.114791] 78b3000.serial: ttyMSM0 at MMIO 0x78b3000 (irq = 21, base_baud = 230400) is a MSM
[ 0.114822] msm_serial: console setup on port #0
[ 0.705529] printk: console [ttyMSM0] enabled
[ 0.710671] msm_serial: driver initialized
[ 0.718618] loop: module loaded
[ 0.718694] Loading iSCSI transport class v2.0-870.
[ 0.723307] nand: device found, Manufacturer ID: 0xc2, Chip ID: 0xaa
[ 0.726345] nand: Macronix MX30UF2G18AC
[ 0.733019] nand: 256 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[ 0.736517] Block protection check failed
[ 0.752537] spmi spmi-0: PMIC arbiter version v2 (0x20010000)
[ 0.755479] s1: supplied by regulator-dummy
[ 0.757445] s2: supplied by regulator-dummy
[ 0.761534] vdd_s3: supplied by regulator-dummy
[ 0.765723] vdd_s4: supplied by regulator-dummy
[ 0.770276] s5: supplied by regulator-dummy
[ 0.774617] l1: supplied by regulator-dummy
[ 0.778794] l2: supplied by regulator-dummy
[ 0.782968] l3: supplied by regulator-dummy
[ 0.787110] l4: supplied by regulator-dummy
[ 0.791311] l5: supplied by regulator-dummy
[ 0.795447] l6: supplied by regulator-dummy
[ 0.799633] l7: supplied by regulator-dummy
[ 0.803798] l8: supplied by regulator-dummy
[ 0.807969] l9: supplied by regulator-dummy
[ 0.812220] l11: supplied by regulator-dummy
[ 0.816303] l12: supplied by regulator-dummy
[ 0.820811] l13: supplied by regulator-dummy
[ 0.844261] i2c_dev: i2c /dev entries driver
[ 0.848008] sdhci: Secure Digital Host Controller Interface driver
[ 0.848052] sdhci: Copyright(c) Pierre Ossman
[ 0.853590] sdhci-pltfm: SDHCI platform and OF driver helper
[ 0.858858] remoteproc remoteproc0: releasing cd00000.q6v5_wcss
[ 0.866009] NET: Registered PF_INET6 protocol family
[ 0.870324] Segment Routing with IPv6
[ 0.874632] In-situ OAM (IOAM) with IPv6
[ 0.878255] NET: Registered PF_PACKET protocol family
[ 0.882193] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[ 0.887116] 8021q: 802.1Q VLAN Support v1.8
[ 0.916019] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[ 0.916317] cpr4_ipq807x_apss_read_fuse_data: apc_corner: speed bin = 0
[ 0.922170] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR fusing revision = 1
[ 0.928752] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR misc fuse value = 0
[ 0.936406] cpr4_ipq807x_apss_read_fuse_data: apc_corner: Voltage boost fuse config = 0 boost = disable
[ 0.943919] cpr3_mem_acc_init: apc: not using memory accelerator regulator
[ 0.953056] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused SVS: open-loop= 704000 uV
[ 0.960005] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused NOM: open-loop= 816000 uV
[ 0.969987] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused TURBO: open-loop= 872000 uV
[ 0.979800] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused STURBO: open-loop= 960000 uV
[ 0.989653] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused SVS: quot[ 7]= 690, quot_offset[ 7]= 0
[ 0.999417] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused NOM: quot[ 7]= 904, quot_offset[ 7]= 210
[ 1.010267] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused TURBO: quot[ 7]= 998, quot_offset[ 7]= 90
[ 1.021203] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused STURBO: quot[ 7]=1159, quot_offset[ 7]= 160
[ 1.032284] cpr3_regulator_init_ctrl: apc: Default CPR mode = closed-loop
[ 1.034553] nand: device found, Manufacturer ID: 0xc2, Chip ID: 0xaa
[ 1.049848] nand: Macronix MX30UF2G18AC
[ 1.056251] nand: 256 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[ 1.059846] Block protection check failed
[ 1.074608] 16 qcomsmem partitions found on MTD device qcom_nand.0
[ 1.074663] Creating 16 MTD partitions on "qcom_nand.0":
[ 1.079751] 0x000000000000-0x000000100000 : "0:sbl1"
[ 1.086527] 0x000000100000-0x000000200000 : "0:mibib"
[ 1.091318] 0x000000200000-0x000000500000 : "0:qsee"
[ 1.097814] 0x000000500000-0x000000580000 : "0:devcfg"
[ 1.100870] 0x000000580000-0x000000600000 : "0:apdp"
[ 1.105810] 0x000000600000-0x000000680000 : "0:rpm"
[ 1.110970] 0x000000680000-0x000000700000 : "0:cdt"
[ 1.115549] 0x000000700000-0x000000780000 : "0:appsblenv"
[ 1.120446] 1 fixed-partitions partitions found on MTD device 0:appsblenv
[ 1.125203] OF: Bad cell count for /soc/nand-controller@79b0000/nand@0/partitions/partition-0-appsblenv
[ 1.132009] OF: Bad cell count for /soc/nand-controller@79b0000/nand@0/partitions/partition-0-appsblenv
[ 1.141654] Creating 1 MTD partitions on "0:appsblenv":
[ 1.150542] 0x000000000000-0x000000040000 : "env-data"
[ 1.156415] 0x000000780000-0x000000e20000 : "0:appsbl"
[ 1.166583] 0x000000e20000-0x000000e80000 : "cert"
[ 1.167312] 0x000000e80000-0x000000f80000 : "userconfig"
[ 1.172044] 0x000000f80000-0x000001000000 : "0:art"
[ 1.177093] 0x000001000000-0x000007f00000 : "rootfs"
[ 1.267841] mtd: setting mtd13 (rootfs) as root device
[ 1.268136] mtdsplit: no squashfs found in "rootfs"
[ 1.271913] 0x000007f00000-0x000008800000 : "0:wififw"
[ 1.284100] 0x000008800000-0x00000f700000 : "rootfs_1"
[ 1.371181] 0x00000f700000-0x000010000000 : "0:wififw_1"
[ 1.384885] cpufreq: cpufreq_online: CPU0: Running at unlisted initial frequency: 19200 KHz, changing to: 1017600 KHz
[ 1.386022] remoteproc remoteproc0: cd00000.q6v5_wcss is available
[ 1.422230] ubi0: attaching mtd13
[ 1.909442] ubi0: scanning is finished
[ 1.915653] ubi0: attached mtd13 (name "rootfs", size 111 MiB)
[ 1.915700] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[ 1.920407] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[ 1.927251] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[ 1.934112] ubi0: good PEBs: 888, bad PEBs: 0, corrupted PEBs: 0
[ 1.940883] ubi0: user volume: 4, internal volumes: 1, max. volumes count: 128
[ 1.947142] ubi0: max/mean erase counter: 11/6, WL threshold: 4096, image sequence number: 1582434435
[ 1.954169] ubi0: available PEBs: 0, total reserved PEBs: 888, PEBs reserved for bad PEB handling: 40
[ 1.963463] ubi0: background thread "ubi_bgt0d" started, PID 415
[ 1.963913] block ubiblock0_2: created from ubi0:2(rootf▒[ 1.987509] Freeing unused kernel memory: 7744K
[ 2.027658] Run /init as init process
[ 2.158069] init: Console is alive
[ 2.158206] init: - watchdog -
[ 2.164786] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[ 2.184594] ssdk_switch_device_num_init[1335]:INFO:ess-switch dts node number: 1
[ 2.184682] ssdk_dt_get_switch_node[1124]:INFO:ess-switch DT exist!
[ 2.191091] ssdk_dt_parse_access_mode[999]:INFO:switch_access_mode: local bus
[ 2.197048] ssdk_dt_parse_access_mode[1012]:INFO:switchreg_base_addr: 0x3a000000
[ 2.204349] ssdk_dt_parse_access_mode[1013]:INFO:switchreg_size: 0x1000000
[ 2.211810] ssdk_dt_parse_mac_mode[327]:INFO:mac mode = 0x0
[ 2.218490] ssdk_dt_parse_mac_mode[336]:INFO:mac mode1 = 0xff
[ 2.223954] ssdk_dt_parse_mac_mode[345]:INFO:mac mode2 = 0xf
[ 2.229869] ssdk_dt_parse_phy_info[716]:INFO:[PORT 6] port_mac_sel = QGMAC_PORT
[ 2.235629] ssdk_dt_parse_uniphy[364]:INFO:ess-uniphy DT exist!
[ 2.242881] ssdk_plat_init[1692]:INFO:ssdk_plat_init start
[ 2.389070] ssdk_gcc_clock_init[1275]:INFO:SSDK gcc clock init successfully!
[ 2.390014] ssdk_phy_driver_init[363]:INFO:dev_id = 0, phy_adress = 0, phy_id = 0xffffffff phytype doesn't match
[ 2.395237] ssdk_phy_driver_init[363]:INFO:dev_id = 0, phy_adress = 1, phy_id = 0xffffffff phytype doesn't match
[ 2.405417] ssdk_phy_driver_init[363]:INFO:dev_id = 0, phy_adress = 2, phy_id = 0xffffffff phytype doesn't match
[ 2.415570] ssdk_phy_driver_init[363]:INFO:dev_id = 0, phy_adress = 3, phy_id = 0xffffffff phytype doesn't match
[ 2.425726] ssdk_phy_driver_init[363]:INFO:dev_id = 0, phy_adress = 4, phy_id = 0xffffffff phytype doesn't match
[ 2.435932] qca808x_phy_api_ops_init[2566]:INFO:qca probe qca808x phy driver succeeded!
[ 2.447115] regi_init[3953]:INFO:Initializing HPPE!!
[ 2.687579] ssdk_ppe_reset_init[1535]:INFO:ppe reset successfully!
[ 2.691182] qca_hppe_portctrl_hw_init[126]:INFO:Hawkeye PPE port initializing
[ 3.174699] ssdk_switch_register[2017]:INFO:Chip version 0x1500
[ 3.174732] qca_link_polling_select[1487]:INFO:link-polling-required node does not exist
[ 3.179436] ssdk_switch_register[2043]:INFO:polling is selected
[ 3.187764] regi_init[3957]:INFO:Initializing HPPE Done!!
[ 3.193484] ssdk_genl_init[211]:INFO:ssdk genl family register success.
[ 3.198967] regi_init[4020]:INFO:qca-ssdk module init succeeded!
[ 3.207864] EDMA ver 1 hw init
[ 3.211840] EDMA HW Reset completed succesfully
[ 3.214516] Num rings - TxDesc:1 (23-23) TxCmpl:1 (7-7)
[ 3.218924] RxDesc:1 (15-15) RxFill:1 (7-7)
[ 3.425605] QCA808X ethernet 90000.mdio-1:1c: attached PHY driver (mii_bus:phy_addr=90000.mdio-1:1c, irq=POLL)
[ 3.426193] nss-dp 3a007000.dp6-syn lan: Registered netdev lan(qcom-id:6)
[ 3.434679] **********************************************************
[ 3.441359] * NSS Data Plane driver
[ 3.447770] **********************************************************
[ 3.457054] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[ 3.459188] init: - preinit -
[ 3.526764] random: jshn: uninitialized urandom read (4 bytes read)
[ 3.542183] random: jshn: uninitialized urandom read (4 bytes read)
[ 3.550910] random: jshn: uninitialized urandom read (4 bytes read)
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[ 4.247589] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 4.247638] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 4.252676] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 4.258944] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 4.265176] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 5.287594] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 5.287640] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 5.292678] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 5.298945] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 5.305178] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 5.831780] procd: - early -
[ 5.831883] procd: - watchdog -
[ 6.327590] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 6.327638] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 6.332675] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 6.338943] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 6.345176] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 6.355309] procd: - watchdog -
[ 6.357890] procd: - ubus -
[ 6.363344] random: ubusd: uninitialized urandom read (4 bytes read)
[ 6.410645] random: ubusd: uninitialized urandom read (4 bytes read)
[ 6.410802] random: ubusd: uninitialized urandom read (4 bytes read)
[ 6.416898] procd: - init -
Please press Enter to activate this console.
[ 6.501076] urngd: v1.0.2 started.
[ 6.514719] random: crng init done
[ 6.514753] random: 25 urandom warning(s) missed due to ratelimiting
[ 6.516356] kmodloader: loading kernel modules from /etc/modules.d/*
[ 6.551179] Loading modules backported from Linux version v6.1-rc8-0-g76dcd734eca2
[ 6.551218] Backport generated by backports.git v5.15.81-1-41-g02e352527db5
[ 6.561314] NET: Registered PF_QIPCRTR protocol family
[ 6.586144] PPP generic driver version 2.4.2
[ 6.586764] NET: Registered PF_PPPOX protocol family
[ 6.595194] ath11k c000000.wifi: ipq8074 hw2.0
[ 6.595228] ath11k c000000.wifi: FW memory mode: 0
[ 6.598923] remoteproc remoteproc0: powering up cd00000.q6v5_wcss
[ 6.603520] remoteproc remoteproc0: Booting fw image IPQ8074/q6_fw.mdt, size 668
[ 6.955162] remoteproc remoteproc0: remote processor cd00000.q6v5_wcss is now up
[ 6.958352] kmodloader: done loading kernel modules from /etc/modules.d/*
[ 6.999164] ath11k c000000.wifi: qmi ignore invalid mem req type 3
[ 7.006614] ath11k c000000.wifi: chip_id 0x0 chip_family 0x0 board_id 0xff soc_id 0xffffffff
[ 7.006649] ath11k c000000.wifi: fw_version 0x290c84a5 fw_build_timestamp 2023-03-25 07:34 fw_build_id WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
[ 7.070411] ath11k c000000.wifi: failed to fetch board data for bus=ahb,qmi-chip-id=0,qmi-board-id=255,variant=Netgear-WAX218 from ath11k/IPQ8074/hw2.0/board-2.bin
[ 7.070476] ath11k c000000.wifi: failed to fetch board data for bus=ahb,qmi-chip-id=0,qmi-board-id=255 from ath11k/IPQ8074/hw2.0/board-2.bin
[ 7.083923] ath11k c000000.wifi: failed to fetch board.bin from IPQ8074/hw2.0
[ 7.096740] ath11k c000000.wifi: qmi failed to fetch board file: -12
[ 7.103720] ath11k c000000.wifi: failed to load board data file: -12
[ 7.367593] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 7.367628] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 7.372668] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 7.378933] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 7.385167] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 8.417618] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 8.417668] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 8.422707] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 8.428989] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 8.435208] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 9.447621] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 9.447675] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 9.452713] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 9.458992] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 9.465218] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 10.324172] br-lan: port 1(lan) entered blocking state
[ 10.324213] br-lan: port 1(lan) entered disabled state
[ 10.328401] device lan entered promiscuous mode
[ 10.487603] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 10.487654] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 10.492691] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 10.498968] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 10.505191] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 11.527594] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 11.527642] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 11.532680] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 11.538954] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 11.545179] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 12.567580] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 12.567606] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 12.572645] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 12.578913] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 12.585145] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 13.447749] nss-dp 3a007000.dp6-syn lan: PHY Link up speed: 1000
[ 13.447819] br-lan: port 1(lan) entered blocking state
[ 13.452822] br-lan: port 1(lan) entered forwarding state
[ 13.458059] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
Then after trying to upgrade, I'm getting errors with umount.
Mon Apr 17 15:59:10 UTC 2023 upgrade: Performing system upgrade...
verifying sysupgrade tar file integrity
[ 358.890761] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 358.890810] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 358.895847] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 358.902120] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 358.908351] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
umount: can't unmount /dev/ubiblock0_2: Invalid argument
[ 359.000960] block ubiblock0_2: released
Volume ID 0, size 39 LEBs (4952064 bytes, 4.7 MiB), LEB size 126976 bytes (124.0 KiB), dynamic, name "kernel", alignment 1
Volume ID 2, size 49 LEBs (6221824 bytes, 5.9 MiB), LEB size 126976 bytes (124.0 KiB), dynamic, name "rootfs", alignment 1
Set volume size to 77582336
Volume ID 3, size 611 LEBs (77582336 bytes, 73.9 MiB), LEB size 126976 bytes (124.0 KiB), dynamic, name "rootfs_data", alignment 1
[ 359.930780] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 359.930826] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 359.935865] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 359.942133] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 359.948364] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 360.970828] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 360.970876] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 360.975915] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 360.982184] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 360.988414] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
sysupgrade successful
umount: can't unmount /dev: Resource busy
umount: can't unmount /tmp: Resource busy
[ 362.010860] hsl_phy_phydev_get[773]:ERROR:phy_addr 0 phydev is NULL
[ 362.010910] hsl_phy_phydev_get[773]:ERROR:phy_addr 1 phydev is NULL
[ 362.015948] hsl_phy_phydev_get[773]:ERROR:phy_addr 2 phydev is NULL
[ 362.022209] hsl_phy_phydev_get[773]:ERROR:phy_addr 3 phydev is NULL
[ 362.028447] hsl_phy_phydev_get[773]:ERROR:phy_addr 4 phydev is NULL
[ 362.371109] reboot: Restarting system
The "can't unmount" messages during sysupgrade are harmless.
The error message "phydev is NULL" comes from the qca-ssdk and is just a warning, though Ethernet is still working fine.
You can move that error message to the debug level to get rid of that