restoring mtd / ubi backups

[yfhyou]

How would one go about restoring the mtd / ubi backups?

I tried searching forums and OpenWRT wiki, but I am quickly overwhelmed with all the options with NAND, NOR, dd, mtdwrite, etc etc.

Is there a 'simple' way for this device?

[Lanchon]

hi @yfhyou,

Is there a 'simple' way for this device?

no.

I tried searching forums and OpenWRT wiki

to my knowledge, how to restore stock on this device was never discussed. in this repo i provided a way for people to backup before wiping their device, so that at least there would be the possibility of restoring stock if needed, but i never outlined a procedure for restoring.

the easiest way to restore stock on any device is:

• install/boot an OS that runs entirely from ram.
• use that OS to restore the flash.

openwrt initramfs builds run entirely from ram (the OS is contained in a ramdrive that is bundled with the kernel) and are a perfect fit for this purpose when available. they are for this device, so this point is covered.

but the restore part can be trickier.

WARNING: if the restore is started but not correctly finished (eg, powerloss or incorrect procedure), the device may not boot at all and recovery methods may be needed (eg, bootloader access).

if the device is eMMC, restoring the partitions is trivial. on NAND devices such as this one, it is a bit more complicated. NANDs can contain bad blocks and new bad blocks can develop at any moment. and these bad blocks are user visible and not hidden by a translation layer as in SSDs. (bad blocks typically develop during erase or write, but not read, and this is what the software expects. however, NANDs also can and will "forget" the data written to them given enough time, without the associated blocks being bad in any way. this effect is generally not compensated for in openwrt, other than by having two copies of the firmware in some devices.)

so you technically cannot in the general case "restore" a NAND to a previous state, as the NAND may have developed bad blocks since that previous time. what you can do is restore the NAND to a state that will look indistinguishable from the original state to the applicable software that will be reading the NAND. this concept is key: how to restore a NAND partition depends on how it will be used by the software. there is no general method as there is for block devices such as SSDs and eMMCs.

openwrt can use a NAND partition in 2 ways (that i can think of):

• the partition is used as a single read-only (technically append-only), non-random access file. the partition can be wiped and completely rewritten from the start, but that is the only way to modify the partition. (technically you could append to it too, but that option is not used in openwrt.) writes proceed from beginning to end, skipping bad blocks. each block is verified immediately after writing, and declared bad and skipped if the write failed. reads proceed from beginning to end, skipping bad blocks. random access is not possible because you do not know how many bad blocks lie before your random access starting point. (but the kernel has a mechanism to provide random access called mtdblock: it involves reading the partition sequentially and keeping a list of bad blocks in ram.) openwrt uses partitions in this way to store kernels and read-only squashfs rootfs filesystems. in openwrt you write these partitions using the mtd command.
• the partition is used as an UBI partition, which can contain UBI volumes, which can contain single files or filesystems. the UBI layer takes care of most complexities in NAND and gives you abstractions called UBI volumes which are far easier to use than NAND directly. openwrt uses UBI volumes to store kernels, read-only squashfs rootfs filesystems, and read-write UBIFS rootfs_data filesystems. in openwrt you restore complete UBI partitions (ie, with all their contained volumes) using the ubiformat --flash-image=<file> command.

(openwrt also supports NOR flash, which is not expected to develop defects during its lifetime and thus is much easier to use. NOR partitions can be used directly for filesystems such as jffs2. but i will not cover NOR flash here.)

regarding your device, in official openwrt this device uses a big UBI partition storing kernel, rootfs, and rootfs_data volumes. (this is known as a kernel-in-UBI configuration.) see the output of ubinfo -a for more info.

(@hauke @mans0n @dangowrt, please read from this point on, if you have the time.)

so it would seem that return to stock is simple: just boot an initramfs build, scp the restore images to /tmp, ssh and write the images to flash using the right command from above, and finally reboot.

note that before reboot you would also need to restore the u-boot environment (see fw_printenv), which can be done by restoring the partition in which it is stored (if you had the backup), or manually using fw_setenv commands.

but that's it. it's simple, right? right?

err... unfortunately, nope.

this device as stock has partitions for two copies of its firmware. the people who ported this device repartitioned it: they deleted several stock partitions and created new, fewer, and larger partitions to store a single copy of openwrt and its non-volatile state.

and the problem is: when you run the initramfs official openwrt image, the partitions you want to restore simply don't exist! the "easiest" way to restore, IMHO, would be to setup an openwrt build environment and build your own modified initramfs kernel with the original partition table in it.

this is hardly easy or simple, even for experienced users. i have been advocating for a solution to this problem for some time now. take a look, this is a similar device i have ported (NAND, dual firmware stock, single firmware official openwrt):

https://github.com/openwrt/openwrt/blob/f8b0010dfb548469686049f85076fd6a3a6bca2e/target/linux/ipq806x/files/arch/arm/boot/dts/qcom-ipq8065-tr4400-v2.dts#L252-L271

for that device i have:

• kept all stock partitions (the ones i would have otherwise deleted), prepending stock_ to their names.
• marked all such partitions as read-write to be able to use them to restore stock.
• and even made sure that all these partitions retained their original MTD numbers (which means that newly added partitions by me come after all stock partitions in the partition table, even if they are physically scattered around in the flash).

if this is done and enforced in all new ports, restoring say stock partition mtd26 is a simple affair of writing to /dev/mtd26 in official openwrt. this makes backup and restore scripts work unmodified both in stock rom and official openwrt.

as said, i have been advocating for this convention for a while, but for reasons that were not explained to me the project does not seem to favor this idea. or maybe they were too busy? idk.

back to your particular device... this convention was not followed, so restoring stock on this device is hard. not impossible though. but i would not recommend trying unless you have working access to the bootloader/serial port.

[yfhyou]

Thank you for the very thorough response. I learned a lot! I wish there was an 'easy' answer. I have an rtt4230w that seems to have a hardware issue. Whenever I start the wireless I get a error like:

firmware crashed!

```[ 106.394301] ath10k_pci 0001:01:00.0: Cannot communicate with firmware, previous wmi cmds: 36967:-19664 36965:-19768 40859:-19768 36967:-19772, jiffies: -19360, attempting restart restart firmware, dev-flags: 0 x142 [ 106.394514] ath10k_pci 0001:01:00.0: failed to send wmi nop: -108 [ 106.412313] ath10k_pci 0001:01:00.0: could not request stats (type -268435456 ret -108 specifier 1) [ 106.418785] ath10k_pci 0001:01:00.0: failed to send pdev bss chan info request: -108 [ 106.473738] ath10k_pci 0001:01:00.0: removing peer, cleanup-all, deleting: peer c78b88e7 vdev: 0 addr: 80:78:71:4d:55:6d [ 106.483998] ath10k_pci 0001:01:00.0: failed to read hi_board_data address: -16 [ 109.563707] ath10k_pci 0001:01:00.0: failed to read device register, device is gone [ 109.563741] ath10k_pci 0001:01:00.0: failed to wait for target after cold reset: -5 [ 109.572933] ieee80211 phy1: Hardware restart was requested [ 109.578107] ath10k_pci 0001:01:00.0: failed to send pdev bss chan info request: -108 [ 109.583476] ath10k_pci 0001:01:00.0: failed to send pdev bss chan info request: -108 [ 109.591372] ath10k_pci 0001:01:00.0: failed to set beacon mode for vdev 0: -108 [ 109.599091] ath10k_pci 0001:01:00.0: failed to set dtim period for vdev 0: -108 [ 109.606196] qcom-pcie 1b700000.pci: Read DBI address failed [ 109.613322] qcom-pcie 1b700000.pci: Read DBI address failed [ 112.703701] ath10k_pci 0001:01:00.0: failed to read device register, device is gone [ 112.703730] ath10k_pci 0001:01:00.0: failed to wait for target after cold reset: -5 [ 112.710161] ath10k_pci 0001:01:00.0: firmware crashed during chip reset [ 112.717856] ath10k_pci 0001:01:00.0: failed to reset chip: -5 [ 112.724442] ath10k_pci 0001:01:00.0: Could not init hif: -5 [ 112.730298] ------------[ cut here ]------------ [ 112.730335] ath10k_pci 0001:01:00.0: firmware crashed! (guid db13abd7-693f-4d10-8794-3cfee4c73be2) [ 112.735748] WARNING: CPU: 1 PID: 106 at backports-6.1.24/net/mac80211/util.c:2419 0xbf1aa448 [mac80211@1cc7fa48+0x7f000] [ 112.740550] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe [ 112.749368] Hardware became unavailable during restart. [ 112.760398] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0 [ 112.770206] Modules linked in: pppoe ppp_async nft_fib_inet nf_flow_table_ipv6 nf_flow_table_ipv4 nf_flow_table_inet ath10k_pci ath10k_core ath pppox ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_objref nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_counter nft_chain_nat nf_tables nf_nat nf_flow_table nf_conntrack mac80211 cfg80211 slhc nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc_ccitt compat ledtrig_usbport sha512_arm seqiv cmac leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_qcom ohci_platform ohci_hcd phy_qcom_ipq806x_usb ahci fsl_mph_dr_of ehci_platform ehci_fsl sd_mod ahci_platform libahci_platform libahci libata scsi_mod scsi_common ehci_hcd gpio_button_hotplug crc32c_generic [ 112.776938] ath10k_pci 0001:01:00.0: firmware ver 10.4b-ct-9984-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc32 7ea63dc5 [ 112.836876] CPU: 1 PID: 106 Comm: kworker/1:9 Not tainted 5.15.150 #0 [ 112.836884] Hardware name: Generic DT based system [ 112.836888] Workqueue: events_freezable 0xbf16b83c [mac80211@1cc7fa48+0x7f000] [ 112.866406] ath10k_pci 0001:01:00.0: board_file api 2 bmi_id N/A crc32 0bfe5c35 [ 112.887847] [ 112.887853] Function entered at [] from [] [ 112.887859] Function entered at [] from [] [ 112.887865] Function entered at [] from [] [ 112.887869] Function entered at [] from [] [ 112.887872] Function entered at [] from [] [ 112.887892] Function entered at [] from [] [ 112.887899] Function entered at [] from [] [ 112.887903] Function entered at [] from [] [ 112.887908] Function entered at [] from [] [ 112.887912] Function entered at [] from [] [ 112.887915] Exception stack(0xc1cd3fb0 to 0xc1cd3ff8) [ 112.887920] 3fa0: 00000000 00000000 00000000 00000000 [ 112.894231] ath10k_pci 0001:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-nvmem max-sta 32 raw 0 hwcrypto 1 [ 112.898873] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 112.906145] ath10k_pci 0001:01:00.0: failed to get memcpy hi address for firmware address 4: -28 [ 112.913274] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 112.915068] ath10k_pci 0001:01:00.0: failed to read firmware dump area: -28 [ 112.920720] ---[ end trace 76ac9a424ccff992 ]--- [ 112.926538] ath10k_pci 0001:01:00.0: in crash-regs-harder [ 112.932317] ------------[ cut here ]------------ [ 112.938154] ath10k_pci 0001:01:00.0: Trying to read crash dump over pingpong registers, len 60 [ 112.943994] WARNING: CPU: 1 PID: 106 at backports-6.1.24/net/mac80211/main.c:293 0xbf16d180 [mac80211@1cc7fa48+0x7f000] [ 112.949800] ath10k_pci 0001:01:00.0: in crash-regs-harder [ 112.955615] phy1-ap0: Failed check-sdata-in-driver check, flags: 0x9 [ 112.961371] ath10k_pci 0001:01:00.0: Trying to read crash dump over pingpong registers, len 6 [ 112.967237] Modules linked in: [ 112.973008] ath10k_pci 0001:01:00.0: in crash-regs-harder [ 112.978171] pppoe [ 112.986361] ath10k_pci 0001:01:00.0: Trying to read crash dump over pingpong registers, len 0 [ 112.996572] ppp_async [ 113.004665] ath10k_pci 0001:01:00.0: ath10k_pci ATH10K_DBG_BUFFER: [ 113.013453] nft_fib_inet [ 113.019845] ath10k_pci 0001:01:00.0: ATH10K_END [ 113.026780] nf_flow_table_ipv6 [ 113.031597] ath10k_pci 0001:01:00.0: in crash-regs-harder [ 113.036933] nf_flow_table_ipv4 [ 113.041583] ath10k_pci 0001:01:00.0: Trying to read crash dump over pingpong registers, len 6 [ 113.050055] nf_flow_table_inet ath10k_pci [ 113.060745] ath10k_pci 0001:01:00.0: in crash-regs-harder [ 113.066299] ath10k_core ath [ 113.072660] ath10k_pci 0001:01:00.0: Trying to read crash dump over pingpong registers, len 0 [ 113.081138] pppox [ 113.084076] ath10k_pci 0001:01:00.0: ath10k_pci ATH10K_DBG_BUFFER: [ 113.089490] ppp_generic nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir nft_quota nft_objref nft_numgen nft_nat nft_masq nft_log nft_limit nft_hash nft_flow_offload nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_ct nft_counter nft_chain_nat nf_tables nf_nat [ 113.091410] ath10k_pci 0001:01:00.0: ATH10K_END [ 113.100037] nf_flow_table [ 113.102258] ath10k_pci 0001:01:00.0: firmware register dump: [ 113.108472] nf_conntrack mac80211 [ 113.111109] ath10k_pci 0001:01:00.0: [00]: 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF [ 113.115502] cfg80211 slhc nfnetlink nf_reject_ipv6 nf_reject_ipv4 nf_log_syslog nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc_ccitt compat ledtrig_usbport sha512_arm seqiv cmac leds_gpio xhci_plat_hcd xhci_pci xhci_hcd dwc3 dwc3_qcom ohci_platform ohci_hcd phy_qcom_ipq806x_usb ahci fsl_mph_dr_of ehci_platform ehci_fsl sd_mod ahci_platform libahci_platform libahci libata scsi_mod scsi_common ehci_hcd gpio_button_hotplug crc32c_generic [ 113.118652] ath10k_pci 0001:01:00.0: [04]: 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF [ 113.124188] CPU: 1 PID: 106 Comm: kworker/1:9 Tainted: G W 5.15.150 #0 [ 113.127086] ath10k_pci 0001:01:00.0: [08]: 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF [ 113.135759] Hardware name: Generic DT based system [ 113.135762] Workqueue: events_freezable 0xbf16b83c [mac80211@1cc7fa48+0x7f000] [ 113.135779] Function entered at [] from [] [ 113.135784] Function entered at [] from [] [ 113.135788] Function entered at [] from [] [ 113.135791] Function entered at [] from [] [ 113.135795] Function entered at [] from [] [ 113.135801] Function entered at [] from [] [ 113.135808] Function entered at [] from [] [ 113.139756] ath10k_pci 0001:01:00.0: [12]: 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF [ 113.145225] Function entered at [] from [] [ 113.145232] Function entered at [] from [] [ 113.145239] Function entered at [] from [] [ 113.145243] Function entered at [] from [] [ 113.145247] Function entered at [] from [] [ 113.145250] Function entered at [] from [] [ 113.145254] Function entered at [] from [] [ 113.145261] Function entered at [] from [] [ 113.145266] Function entered at [] from [] [ 113.145271] Function entered at [] from [] [ 113.145274] Function entered at [] from [] [ 113.148180] ath10k_pci 0001:01:00.0: [16]: 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF [ 113.156590] Function entered at [] from [] [ 113.156593] Exception stack(0xc1cd3fb0 to 0xc1cd3ff8) [ 113.156598] 3fa0: 00000000 00000000 00000000 00000000 [ 113.156602] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 113.156607] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 113.156675] ---[ end trace 76ac9a424ccff993 ]--- [ 113.158506] ath10k_pci 0001:01:00.0: [20]: 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF ```

I saw this during boot and thought just starting over might help OF: Bad cell count for /soc/nand-controller@1ac00000/nand@0/partitions

I guess they are probably unrelated though. I do have bootloader & serial access on this device.

boot log

```U-Boot 1.0.11 [spf6.0_csu1] (Aug 22 2022 - 06:55:54) smem ram ptable found: ver: 0 len: 5 DRAM: 1003 MiB setting 0x177e as machine type from smem NAND: SF: Unsupported manufacturer 00 ipq_spi: SPI Flash not found (bus/cs/speed/mode) = (0/0/48000000/0) 256 MiB MMC: PCI0 Link Intialized PCI1 Link Intialized In: serial Out: serial Err: serial MMC Device 0 not found cdp: get part failed for 0:HLOS Net: MAC0 addr:80:78:71:4d:55:6f athrs17_reg_init: complete athrs17_vlan_config ...done S17c init done MAC1 addr:80:78:71:4d:55:70 eth0, eth1 Hit any key to stop autoboot: 0 autoboot nand0: partitioning exceeds flash size Error initializing mtdparts! Creating 1 MTD partitions on "nand0": 0x000002400000-0x000010000000 : "mtd=0" UBI: attaching mtd1 to ubi0 UBI: physical eraseblock size: 131072 bytes (128 KiB) UBI: logical eraseblock size: 126976 bytes UBI: smallest flash I/O unit: 2048 UBI: VID header offset: 2048 (aligned 2048) UBI: data offset: 4096 UBI: attached mtd1 to ubi0 UBI: MTD device name: "mtd=0" UBI: MTD device size: 220 MiB UBI: number of good PEBs: 1760 UBI: number of bad PEBs: 0 UBI: max. allowed volumes: 128 UBI: wear-leveling threshold: 4096 UBI: number of internal volumes: 1 UBI: number of user volumes: 4 UBI: available PEBs: 23 UBI: total number of reserved PEBs: 1737 UBI: number of PEBs reserved for bad PEB handling: 17 UBI: max/mean erase counter: 25/9 Read 0 bytes from volume kernel to 44000000 No size specified -> Using max size (3047424) Loading Kernel Image ... OK OK device nand0 , # parts = 1 #: name size offset mask_flags 0: mtd_ubi 0x0dc00000 0x02400000 0 active partition: nand0,0 - (mtd_ubi) 0x0dc00000 @ 0x02400000 defaults: mtdids : none mtdparts: none Setting up atags for msm partition: mtd_ubi Using machid 0x177e from environment Starting kernel ... [ 0.000000] Booting Linux on physical CPU 0x0 [ 0.000000] Linux version 5.15.150 (builder@buildhost) (arm-openwrt-linux-muslgnueabi-gcc (OpenWrt GCC 12.3.0 r23809-234f1a2efa) 12.3.0, GNU ld (GNU Binutils) 2.40.0) #0 SMP Fri Mar 22 22:09:42 2024 [ 0.000000] CPU: ARMv7 Processor [512f04d0] revision 0 (ARMv7), cr=10c5787d [ 0.000000] CPU: div instructions available: patching division code [ 0.000000] CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache [ 0.000000] OF: fdt: Machine model: Askey RT4230W REV6 [ 0.000000] Memory policy: Data cache writealloc [ 0.000000] Zone ranges: [ 0.000000] Normal [mem 0x0000000042000000-0x0000000071ffffff] [ 0.000000] HighMem [mem 0x0000000072000000-0x000000007fffffff] [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x0000000042000000-0x000000007fffffff] [ 0.000000] Initmem setup node 0 [mem 0x0000000042000000-0x000000007fffffff] [ 0.000000] percpu: Embedded 12 pages/cpu s19788 r8192 d21172 u49152 [ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 252224 [ 0.000000] Kernel command line: rootfstype=squashfs noinitrd [ 0.000000] Bootloader command line (ignored): [ 0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes, linear) [ 0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes, linear) [ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off [ 0.000000] Memory: 995756K/1015808K available (6837K kernel code, 619K rwdata, 1088K rodata, 1024K init, 245K bss, 20052K reserved, 0K cma-reserved, 229376K highmem) [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 [ 0.000000] rcu: Hierarchical RCU implementation. [ 0.000000] Tracing variant of Tasks RCU enabled. [ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 0.000000] NR_IRQS: 16, nr_irqs: 16, preallocated irqs: 16 [ 0.000000] clocksource: dg_timer: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 305801671480 ns [ 0.000001] sched_clock: 32 bits at 6MHz, resolution 160ns, wraps every 343597383600ns [ 0.000025] Switching to timer-based delay loop, resolution 160ns [ 0.000356] Calibrating delay loop (skipped), value calculated using timer frequency.. 12.50 BogoMIPS (lpj=62500) [ 0.000390] CPU: Testing write buffer coherency: ok [ 0.000453] pid_max: default: 32768 minimum: 301 [ 0.001305] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes, linear) [ 0.001336] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes, linear) [ 0.003363] qcom_scm: convention: smc legacy [ 0.004721] Setting up static identity map for 0x42300000 - 0x42300060 [ 0.004929] rcu: Hierarchical SRCU implementation. [ 0.005527] smp: Bringing up secondary CPUs ... [ 0.007551] smp: Brought up 1 node, 2 CPUs [ 0.007580] SMP: Total of 2 processors activated (25.00 BogoMIPS). [ 0.007597] CPU: All CPU(s) started in SVC mode. [ 0.020032] VFP support v0.3: implementor 51 architecture 64 part 4d variant 2 rev 0 [ 0.020231] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 0.020266] futex hash table entries: 512 (order: 3, 32768 bytes, linear) [ 0.020534] pinctrl core: initialized pinctrl subsystem [ 0.022692] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 0.023076] DMA: preallocated 256 KiB pool for atomic coherent allocations [ 0.024628] thermal_sys: Registered thermal governor 'step_wise' [ 0.026802] cpuidle: using governor ladder [ 0.026884] cpuidle: using governor menu [ 0.045613] qcom_rpm 108000.rpm: RPM firmware 3.0.16777377 [ 0.078801] s1a: Bringing 0uV into 1050000-1050000uV [ 0.079078] s1a: supplied by regulator-dummy [ 0.079297] s1b: Bringing 0uV into 1050000-1050000uV [ 0.079512] s1b: supplied by regulator-dummy [ 0.079649] s2a: Bringing 0uV into 775000-775000uV [ 0.079876] s2a: supplied by regulator-dummy [ 0.080046] s2b: Bringing 0uV into 775000-775000uV [ 0.080276] s2b: supplied by regulator-dummy [ 0.080877] usbcore: registered new interface driver usbfs [ 0.080947] usbcore: registered new interface driver hub [ 0.081008] usbcore: registered new device driver usb [ 0.081069] pps_core: LinuxPPS API ver. 1 registered [ 0.081083] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti [ 0.081116] PTP clock support registered [ 0.083408] clocksource: Switched to clocksource dg_timer [ 0.084792] NET: Registered PF_INET protocol family [ 0.085004] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear) [ 0.086280] tcp_listen_portaddr_hash hash table entries: 512 (order: 0, 4096 bytes, linear) [ 0.086320] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear) [ 0.086348] TCP established hash table entries: 8192 (order: 3, 32768 bytes, linear) [ 0.086403] TCP bind hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.086503] TCP: Hash tables configured (established 8192 bind 8192) [ 0.086612] UDP hash table entries: 512 (order: 2, 16384 bytes, linear) [ 0.086656] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear) [ 0.086968] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 0.087023] PCI: CLS 0 bytes, default 64 [ 0.088253] workingset: timestamp_bits=14 max_order=18 bucket_order=4 [ 0.095176] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.095201] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc. [ 0.206072] bounce: pool size: 64 pages [ 0.206177] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249) [ 0.208753] qcom-pcie 1b500000.pci: supply vdda not found, using dummy regulator [ 0.208965] qcom-pcie 1b500000.pci: supply vdda_phy not found, using dummy regulator [ 0.209102] qcom-pcie 1b500000.pci: supply vdda_refclk not found, using dummy regulator [ 0.209363] qcom-pcie 1b500000.pci: host bridge /soc/pci@1b500000 ranges: [ 0.209448] qcom-pcie 1b500000.pci: IO 0x000fe00000..0x000fe0ffff -> 0x0000000000 [ 0.209492] qcom-pcie 1b500000.pci: MEM 0x0008000000..0x000fdfffff -> 0x0008000000 [ 0.326431] qcom-pcie 1b500000.pci: iATU unroll: disabled [ 0.326454] qcom-pcie 1b500000.pci: Detected iATU regions: 8 outbound, 8 inbound [ 0.429208] qcom-pcie 1b500000.pci: Link up [ 0.429347] qcom-pcie 1b500000.pci: PCI host bridge to bus 0000:00 [ 0.429368] pci_bus 0000:00: root bus resource [bus 00-ff] [ 0.429389] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] [ 0.429406] pci_bus 0000:00: root bus resource [mem 0x08000000-0x0fdfffff] [ 0.429479] pci 0000:00:00.0: [17cb:0101] type 01 class 0x060400 [ 0.429618] pci 0000:00:00.0: supports D1 [ 0.429637] pci 0000:00:00.0: PME# supported from D0 D1 D3hot [ 0.433103] PCI: bus0: Fast back to back transfers disabled [ 0.433494] pci 0000:01:00.0: [168c:0046] type 00 class 0x028000 [ 0.433782] pci 0000:01:00.0: reg 0x10: [mem 0x00000000-0x001fffff 64bit] [ 0.434617] pci 0000:01:00.0: PME# supported from D0 D3hot D3cold [ 0.438242] PCI: bus1: Fast back to back transfers disabled [ 0.438325] pci 0000:00:00.0: BAR 8: assigned [mem 0x08000000-0x081fffff] [ 0.438354] pci 0000:01:00.0: BAR 0: assigned [mem 0x08000000-0x081fffff 64bit] [ 0.438454] pci 0000:00:00.0: PCI bridge to [bus 01-ff] [ 0.438479] pci 0000:00:00.0: bridge window [mem 0x08000000-0x081fffff] [ 0.439442] pcieport 0000:00:00.0: AER: enabled with IRQ 43 [ 0.440354] qcom-pcie 1b700000.pci: supply vdda not found, using dummy regulator [ 0.440562] qcom-pcie 1b700000.pci: supply vdda_phy not found, using dummy regulator [ 0.440668] qcom-pcie 1b700000.pci: supply vdda_refclk not found, using dummy regulator [ 0.440962] qcom-pcie 1b700000.pci: host bridge /soc/pci@1b700000 ranges: [ 0.441070] qcom-pcie 1b700000.pci: IO 0x0031e00000..0x0031e0ffff -> 0x0000000000 [ 0.441132] qcom-pcie 1b700000.pci: MEM 0x002e000000..0x0031dfffff -> 0x002e000000 [ 0.568227] qcom-pcie 1b700000.pci: iATU unroll: disabled [ 0.568250] qcom-pcie 1b700000.pci: Detected iATU regions: 8 outbound, 8 inbound [ 0.670944] qcom-pcie 1b700000.pci: Link up [ 0.671075] qcom-pcie 1b700000.pci: PCI host bridge to bus 0001:00 [ 0.671094] pci_bus 0001:00: root bus resource [bus 00-ff] [ 0.671116] pci_bus 0001:00: root bus resource [io 0x10000-0x1ffff] (bus address [0x0000-0xffff]) [ 0.671135] pci_bus 0001:00: root bus resource [mem 0x2e000000-0x31dfffff] [ 0.671203] pci 0001:00:00.0: [17cb:0101] type 01 class 0x060400 [ 0.671331] pci 0001:00:00.0: supports D1 [ 0.671348] pci 0001:00:00.0: PME# supported from D0 D1 D3hot [ 0.674874] PCI: bus0: Fast back to back transfers disabled [ 0.675248] pci 0001:01:00.0: [168c:0046] type 00 class 0x028000 [ 0.675443] pci 0001:01:00.0: reg 0x10: [mem 0x00000000-0x001fffff 64bit] [ 0.676318] pci 0001:01:00.0: PME# supported from D0 D3hot D3cold [ 0.676598] pci 0001:01:00.0: 2.000 Gb/s available PCIe bandwidth, limited by 2.5 GT/s PCIe x1 link at 0001:00:00.0 (capable of 4.000 Gb/s with 5.0 GT/s PCIe x1 link) [ 0.680009] PCI: bus1: Fast back to back transfers disabled [ 0.680084] pci 0001:00:00.0: BAR 8: assigned [mem 0x2e000000-0x2e1fffff] [ 0.680110] pci 0001:01:00.0: BAR 0: assigned [mem 0x2e000000-0x2e1fffff 64bit] [ 0.680211] pci 0001:00:00.0: PCI bridge to [bus 01-ff] [ 0.680234] pci 0001:00:00.0: bridge window [mem 0x2e000000-0x2e1fffff] [ 0.681080] pcieport 0001:00:00.0: AER: enabled with IRQ 45 [ 0.684728] krait-cc soc:clock-controller: CPU0 @ 800000 KHz [ 0.684757] krait-cc soc:clock-controller: CPU1 @ Undefined rate. Forcing new rate. [ 0.684896] krait-cc soc:clock-controller: CPU1 @ 384000 KHz [ 0.684916] krait-cc soc:clock-controller: L2 @ Undefined rate. Forcing new rate. [ 0.685108] krait-cc soc:clock-controller: L2 @ 384000 KHz [ 0.689106] gsbi 16300000.gsbi: GSBI port protocol: 6 crci: 0 [ 0.690612] gsbi 1a200000.gsbi: GSBI port protocol: 3 crci: 0 [ 0.692256] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled [ 0.694681] msm_serial 16340000.serial: msm_serial: detected port #0 [ 0.694734] msm_serial 16340000.serial: uartclk = 7372800 [ 0.694825] 16340000.serial: ttyMSM0 at MMIO 0x16340000 (irq = 46, base_baud = 460800) is a MSM [ 0.694869] msm_serial: console setup on port #0 [ 1.623542] printk: console [ttyMSM0] enabled [ 1.628748] msm_serial: driver initialized [ 1.638128] loop: module loaded [ 1.639531] nand: device found, Manufacturer ID: 0xc2, Chip ID: 0xaa [ 1.640082] nand: Macronix MX30UF2G18AC [ 1.646751] nand: 256 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64 [ 1.650247] Block protection check failed [ 1.658102] 21 fixed-partitions partitions found on MTD device qcom_nand.0 [ 1.662002] OF: Bad cell count for /soc/nand-controller@1ac00000/nand@0/partitions [ 1.668851] OF: Bad cell count for /soc/nand-controller@1ac00000/nand@0/partitions [ 1.677046] Creating 21 MTD partitions on "qcom_nand.0": [ 1.683898] 0x000000000000-0x000000040000 : "0:SBL1" [ 1.690267] 0x000000040000-0x000000180000 : "0:MIBIB" [ 1.696585] 0x000000180000-0x0000002c0000 : "0:SBL2" [ 1.701402] 0x0000002c0000-0x000000540000 : "0:SBL3" [ 1.708257] 0x000000540000-0x000000660000 : "0:DDRCONFIG" [ 1.711292] 0x000000660000-0x000000780000 : "0:SSD" [ 1.716547] 0x000000780000-0x000000a00000 : "0:TZ" [ 1.723258] 0x000000a00000-0x000000c80000 : "0:RPM" [ 1.728080] 0x000000c80000-0x000001180000 : "0:APPSBL" [ 1.736384] 0x000001180000-0x000001200000 : "0:APPSBLENV" [ 1.737609] 0x000001200000-0x000001340000 : "0:ART" [ 1.743071] 0x000001340000-0x0000013a0000 : "0:BOOTCONFIG" [ 1.746565] 0x0000013a0000-0x0000014e0000 : "0:SBL2_1" [ 1.753238] 0x0000014e0000-0x000001760000 : "0:SBL3_1" [ 1.760264] 0x000001760000-0x000001880000 : "0:DDRCONFIG_1" [ 1.763324] 0x000001880000-0x0000019a0000 : "0:SSD_1" [ 1.768855] 0x0000019a0000-0x000001c20000 : "0:TZ_1" [ 1.776050] 0x000001c20000-0x000001ea0000 : "0:RPM_1" [ 1.780912] 0x000001ea0000-0x000001f00000 : "0:BOOTCONFIG1" [ 1.782969] 0x000001f00000-0x000002400000 : "0:APPSBL_1" [ 1.794904] 0x000002400000-0x00001c400000 : "ubi" [ 1.794938] mtd: partition "ubi" extends beyond the end of device "qcom_nand.0" -- size truncated to 0xdc00000 [ 2.083804] random: crng init done [ 2.117122] spi_qup 1a280000.spi: IN:block:16, fifo:64, OUT:block:16, fifo:64 [ 2.118119] spi-nor spi0.0: mr25h256 (32 Kbytes) [ 2.142141] switch0: Atheros AR8337 rev. 2 switch registered on 37000000.mdio-mii [ 2.956221] ipq806x-gmac-dwmac 37000000.ethernet: IRQ eth_wake_irq not found [ 2.956262] ipq806x-gmac-dwmac 37000000.ethernet: IRQ eth_lpi not found [ 2.963070] ipq806x-gmac-dwmac 37000000.ethernet: PTP uses main clock [ 2.969377] ipq806x-gmac-dwmac 37000000.ethernet: User ID: 0x10, Synopsys ID: 0x37 [ 2.975362] ipq806x-gmac-dwmac 37000000.ethernet: DWMAC1000 [ 2.982740] ipq806x-gmac-dwmac 37000000.ethernet: DMA HW capability register supported [ 2.988636] ipq806x-gmac-dwmac 37000000.ethernet: RX Checksum Offload Engine supported [ 2.996352] ipq806x-gmac-dwmac 37000000.ethernet: COE Type 2 [ 3.004255] ipq806x-gmac-dwmac 37000000.ethernet: TX Checksum insertion supported [ 3.009997] ipq806x-gmac-dwmac 37000000.ethernet: Wake-Up On Lan supported [ 3.017439] ipq806x-gmac-dwmac 37000000.ethernet: Enhanced/Alternate descriptors [ 3.024227] ipq806x-gmac-dwmac 37000000.ethernet: Enabled extended descriptors [ 3.031700] ipq806x-gmac-dwmac 37000000.ethernet: Ring mode enabled [ 3.038807] ipq806x-gmac-dwmac 37000000.ethernet: Enable RX Mitigation via HW Watchdog Timer [ 3.046669] ipq806x-gmac-dwmac 37200000.ethernet: IRQ eth_wake_irq not found [ 3.053577] ipq806x-gmac-dwmac 37200000.ethernet: IRQ eth_lpi not found [ 3.060912] ipq806x-gmac-dwmac 37200000.ethernet: PTP uses main clock [ 3.067344] ipq806x-gmac-dwmac 37200000.ethernet: User ID: 0x10, Synopsys ID: 0x37 [ 3.073544] ipq806x-gmac-dwmac 37200000.ethernet: DWMAC1000 [ 3.081083] ipq806x-gmac-dwmac 37200000.ethernet: DMA HW capability register supported [ 3.086896] ipq806x-gmac-dwmac 37200000.ethernet: RX Checksum Offload Engine supported [ 3.094600] ipq806x-gmac-dwmac 37200000.ethernet: COE Type 2 [ 3.102443] ipq806x-gmac-dwmac 37200000.ethernet: TX Checksum insertion supported [ 3.108346] ipq806x-gmac-dwmac 37200000.ethernet: Wake-Up On Lan supported [ 3.115734] ipq806x-gmac-dwmac 37200000.ethernet: Enhanced/Alternate descriptors [ 3.122410] ipq806x-gmac-dwmac 37200000.ethernet: Enabled extended descriptors [ 3.130027] ipq806x-gmac-dwmac 37200000.ethernet: Ring mode enabled [ 3.137056] ipq806x-gmac-dwmac 37200000.ethernet: Enable RX Mitigation via HW Watchdog Timer [ 3.144951] i2c_dev: i2c /dev entries driver [ 3.155205] sdhci: Secure Digital Host Controller Interface driver [ 3.156089] sdhci: Copyright(c) Pierre Ossman [ 3.162076] sdhci-pltfm: SDHCI platform and OF driver helper [ 3.173618] NET: Registered PF_INET6 protocol family [ 3.175176] Segment Routing with IPv6 [ 3.177772] In-situ OAM (IOAM) with IPv6 [ 3.181382] NET: Registered PF_PACKET protocol family [ 3.185459] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this. [ 3.190613] 8021q: 802.1Q VLAN Support v1.8 [ 3.203430] Registering SWP/SWPB emulation handler [ 3.243784] thermal thermal_zone0: failed to read out thermal zone (-110) [ 3.257367] UBI: auto-attach mtd20 [ 3.257389] ubi0: attaching mtd20 [ 4.765899] ubi0: scanning is finished [ 4.775563] ubi0: attached mtd20 (name "ubi", size 220 MiB) [ 4.775586] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes [ 4.779934] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048 [ 4.786934] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096 [ 4.793801] ubi0: good PEBs: 1760, bad PEBs: 0, corrupted PEBs: 0 [ 4.800505] ubi0: user volume: 4, internal volumes: 1, max. volumes count: 128 [ 4.806828] ubi0: max/mean erase counter: 25/9, WL threshold: 4096, image sequence number: 980958594 [ 4.813920] ubi0: available PEBs: 0, total reserved PEBs: 1760, PEBs reserved for bad PEB handling: 40 [ 4.823231] ubi0: background thread "ubi_bgt0d" started, PID 94 [ 4.823942] block ubiblock0_1: created from ubi0:1(r▒[ 4.847644] VFS: Mounted root (squashfs filesystem) readonly on device 254:0. [ 4.848220] Freeing unused kernel image (initmem) memory: 1024K [ 4.883952] Run /sbin/init as init process [ 5.079194] init: Console is alive [ 5.079343] init: - watchdog - [ 5.081551] init: Watchdog has previously reset the system [ 5.620304] kmodloader: loading kernel modules from /etc/modules-boot.d/* [ 5.680810] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 5.683695] SCSI subsystem initialized [ 5.692342] fsl-ehci: Freescale EHCI Host controller driver [ 5.692796] ehci-platform: EHCI generic platform driver [ 5.699988] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 5.702295] ohci-platform: OHCI generic platform driver [ 5.838394] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller [ 5.838440] xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 1 [ 5.842910] xhci-hcd xhci-hcd.0.auto: hcc params 0x0228f065 hci version 0x100 quirks 0x0000008002010010 [ 5.850449] xhci-hcd xhci-hcd.0.auto: irq 50, io mem 0x10000000 [ 5.859891] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller [ 5.865654] xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 2 [ 5.871161] xhci-hcd xhci-hcd.0.auto: Host supports USB 3.0 SuperSpeed [ 5.879163] hub 1-0:1.0: USB hub found [ 5.885393] hub 1-0:1.0: 1 port detected [ 5.889263] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. [ 5.893399] hub 2-0:1.0: USB hub found [ 5.902095] hub 2-0:1.0: 1 port detected [ 5.905034] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller [ 5.908835] xhci-hcd xhci-hcd.1.auto: new USB bus registered, assigned bus number 3 [ 5.914331] xhci-hcd xhci-hcd.1.auto: hcc params 0x0228f065 hci version 0x100 quirks 0x0000008002010010 [ 5.921703] xhci-hcd xhci-hcd.1.auto: irq 51, io mem 0x11000000 [ 5.931264] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller [ 5.937005] xhci-hcd xhci-hcd.1.auto: new USB bus registered, assigned bus number 4 [ 5.942514] xhci-hcd xhci-hcd.1.auto: Host supports USB 3.0 SuperSpeed [ 5.950483] hub 3-0:1.0: USB hub found [ 5.956737] hub 3-0:1.0: 1 port detected [ 5.960609] usb usb4: We don't know the algorithms for LPM for this host, disabling LPM. [ 5.964831] hub 4-0:1.0: USB hub found [ 5.972560] hub 4-0:1.0: 1 port detected [ 5.977467] kmodloader: done loading kernel modules from /etc/modules-boot.d/* [ 5.988033] init: - preinit - [ 7.328496] ipq806x-gmac-dwmac 37200000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0 [ 7.329770] dwmac1000: Master AXI performs any burst length [ 7.335783] ipq806x-gmac-dwmac 37200000.ethernet eth1: No Safety Features support found [ 7.351015] ipq806x-gmac-dwmac 37200000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported [ 7.351130] ipq806x-gmac-dwmac 37200000.ethernet eth1: registered PTP clock [ 7.361823] ipq806x-gmac-dwmac 37200000.ethernet eth1: configuring for fixed/sgmii link mode [ 7.366309] ipq806x-gmac-dwmac 37200000.ethernet eth1: Link is Up - 1Gbps/Full - flow control off [ 7.374556] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready [ 7.383531] IPv6: ADDRCONF(NETDEV_CHANGE): eth1.1: link becomes ready Press the [f] key and hit [enter] to enter failsafe mode Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level [ 9.520651] UBIFS (ubi0:2): default file-system created [ 9.521420] UBIFS (ubi0:2): Mounting in unauthenticated mode [ 9.524973] UBIFS (ubi0:2): background thread "ubifs_bgt0_2" started, PID 199 [ 9.604896] UBIFS (ubi0:2): UBIFS: mounted UBI device 0, volume 2, name "rootfs_data" [ 9.604922] UBIFS (ubi0:2): LEB size: 126976 bytes (124 KiB), min./max. I/O unit sizes: 2048 bytes/2048 bytes [ 9.611701] UBIFS (ubi0:2): FS size: 196431872 bytes (187 MiB, 1547 LEBs), max 1559 LEBs, journal size 9777152 bytes (9 MiB, 77 LEBs) [ 9.621662] UBIFS (ubi0:2): reserved for root: 4952683 bytes (4836 KiB) [ 9.633628] UBIFS (ubi0:2): media format: w5/r0 (latest is w5/r0), UUID BCB9E9D4-CC6B-4636-8898-A93F83D57DFC, small LPT model [ 9.641681] mount_root: overlay filesystem has not been fully initialized yet [ 9.651800] mount_root: switching to ubifs overlay [ 9.662874] urandom-seed: Seed file not found (/etc/urandom.seed) [ 9.707120] ipq806x-gmac-dwmac 37200000.ethernet eth1: Link is Down [ 9.746918] procd: - early - [ 9.747012] procd: - watchdog - [ 9.748931] procd: Watchdog has previously reset the system [ 10.313650] procd: - watchdog - [ 10.313728] procd: Watchdog has previously reset the system [ 10.371281] procd: - ubus - [ 10.426528] procd: - init - Please press Enter to activate this console. [ 10.770247] kmodloader: loading kernel modules from /etc/modules.d/* [ 10.832139] Loading modules backported from Linux version v6.1.24-0-g0102425ac76b [ 10.832168] Backport generated by backports.git v5.15.92-1-44-gd6ea70fafd36 [ 10.913117] PPP generic driver version 2.4.2 [ 10.914068] NET: Registered PF_PPPOX protocol family [ 10.928726] ath10k 5.15 driver, optimized for CT firmware, probing pci device: 0x46. [ 10.934100] ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142) [ 10.936065] ath10k_pci 0000:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0 [ 11.009303] urngd: v1.0.2 started. [ 11.606045] ath10k_pci 0000:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe [ 11.606087] ath10k_pci 0000:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0 [ 11.616598] ath10k_pci 0000:01:00.0: firmware ver 10.4b-ct-9984-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc32 7ea63dc5 [ 13.947506] ath10k_pci 0000:01:00.0: Loading BDF type 0 [ 13.955592] ath10k_pci 0000:01:00.0: board_file api 2 bmi_id 0:1 crc32 0bfe5c35 [ 17.511940] ath10k_pci 0000:01:00.0: 10.4 wmi init: vdevs: 16 peers: 48 tid: 96 [ 17.511975] ath10k_pci 0000:01:00.0: msdu-desc: 2500 skid: 32 [ 17.594005] ath10k_pci 0000:01:00.0: wmi print 'P 48/48 V 16 K 144 PH 176 T 186 msdu-desc: 2500 sw-crypt: 0 ct-sta: 0' [ 17.594828] ath10k_pci 0000:01:00.0: wmi print 'free: 84920 iram: 13156 sram: 11224' [ 17.881805] ath10k_pci 0000:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-nvmem max-sta 32 raw 0 hwcrypto 1 [ 17.969998] ath10k 5.15 driver, optimized for CT firmware, probing pci device: 0x46. [ 17.974257] ath10k_pci 0001:01:00.0: enabling device (0140 -> 0142) [ 17.977399] ath10k_pci 0001:01:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0 [ 18.497192] ath10k_pci 0001:01:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe [ 18.497232] ath10k_pci 0001:01:00.0: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0 [ 18.507918] ath10k_pci 0001:01:00.0: firmware ver 10.4b-ct-9984-fW-13-5ae337bb1 api 5 features mfp,peer-flow-ctrl,txstatus-noack,wmi-10.x-CT,ratemask-CT,regdump-CT,txrate-CT,flush-all-CT,pingpong-CT,ch-regs-CT,nop-CT,set-special-CT,tx-rc-CT,cust-stats-CT,txrate2-CT,beacon-cb-CT,wmi-block-ack-CT,wmi-bcn-rc-CT crc32 7ea63dc5 [ 20.831328] ath10k_pci 0001:01:00.0: Loading BDF type 0 [ 20.832118] ath10k_pci 0001:01:00.0: board_file api 2 bmi_id 0:2 crc32 0bfe5c35 [ 24.385962] ath10k_pci 0001:01:00.0: 10.4 wmi init: vdevs: 16 peers: 48 tid: 96 [ 24.386035] ath10k_pci 0001:01:00.0: msdu-desc: 2500 skid: 32 [ 24.470086] ath10k_pci 0001:01:00.0: wmi print 'P 48/48 V 16 K 144 PH 176 T 186 msdu-desc: 2500 sw-crypt: 0 ct-sta: 0' [ 24.470954] ath10k_pci 0001:01:00.0: wmi print 'free: 84920 iram: 13156 sram: 11224' [ 24.763914] ath10k_pci 0001:01:00.0: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-nvmem max-sta 32 raw 0 hwcrypto 1 [ 24.851605] kmodloader: done loading kernel modules from /etc/modules.d/* [ 31.942959] ipq806x-gmac-dwmac 37200000.ethernet eth1: Register MEM_TYPE_PAGE_POOL RxQ-0 [ 31.943646] dwmac1000: Master AXI performs any burst length [ 31.950217] ipq806x-gmac-dwmac 37200000.ethernet eth1: No Safety Features support found [ 31.965518] ipq806x-gmac-dwmac 37200000.ethernet eth1: IEEE 1588-2008 Advanced Timestamp supported [ 31.965644] ipq806x-gmac-dwmac 37200000.ethernet eth1: registered PTP clock [ 31.973380] ipq806x-gmac-dwmac 37200000.ethernet eth1: configuring for fixed/sgmii link mode [ 31.980428] ipq806x-gmac-dwmac 37200000.ethernet eth1: Link is Up - 1Gbps/Full - flow control off [ 31.989270] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready [ 32.002811] br-lan: port 1(eth1.1) entered blocking state [ 32.003834] br-lan: port 1(eth1.1) entered disabled state [ 32.009486] device eth1.1 entered promiscuous mode [ 32.014747] device eth1 entered promiscuous mode [ 32.023044] br-lan: port 1(eth1.1) entered blocking state [ 32.024214] br-lan: port 1(eth1.1) entered forwarding state [ 32.036957] ipq806x-gmac-dwmac 37000000.ethernet eth0: Register MEM_TYPE_PAGE_POOL RxQ-0 [ 32.037662] dwmac1000: Master AXI performs any burst length [ 32.044200] ipq806x-gmac-dwmac 37000000.ethernet eth0: No Safety Features support found [ 32.059428] ipq806x-gmac-dwmac 37000000.ethernet eth0: IEEE 1588-2008 Advanced Timestamp supported [ 32.059563] ipq806x-gmac-dwmac 37000000.ethernet eth0: registered PTP clock [ 32.070836] ipq806x-gmac-dwmac 37000000.ethernet eth0: configuring for fixed/rgmii link mode [ 32.074466] ipq806x-gmac-dwmac 37000000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off [ 32.083078] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 33.064169] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready ```

[Lanchon]

@yfhyou

[    1.662002] OF: Bad cell count for /soc/nand-controller@1ac00000/nand@0/partitions
[    1.668851] OF: Bad cell count for /soc/nand-controller@1ac00000/nand@0/partitions
[    1.794938] mtd: partition "ubi" extends beyond the end of device "qcom_nand.0" -- size truncated to 0xdc00000

i imagine that is just your device having a 256 MB NAND (rev 10) while the firmware image was made for a 512 MB NAND (rev 6), no cause for concern.

regarding the ath10k issue, grab all that info and create a thread in the openwrt forum; you may get some expert response.

why do you want to return to stock? is your device rented and you want a replacement?

[Lanchon]

if you want to return to stock, you can... if you have the backups.

root@router:~# mtd
Usage: mtd [<options> ...] <command> [<arguments> ...] <device>[:<device>...]

The device is in the format of mtdX (eg: mtd4) or its label.
mtd recognizes these commands:
        unlock                  unlock the device
        refresh                 refresh mtd partition
        erase                   erase all data on device
        verify <imagefile>|-    verify <imagefile> (use - for stdin) to device
        write <imagefile>|-     write <imagefile> (use - for stdin) to device
        jffs2write <file>       append <file> to the jffs2 partition on the device
        resetbc <device>        reset the uboot boot counter
Following options are available:
        -q                      quiet mode (once: no [w] on writing,
                                           twice: no status messages)
        -n                      write without first erasing the blocks
        -r                      reboot after successful command
        -f                      force write without trx checks
        -e <device>             erase <device> before executing the command
        -d <name>               directory for jffs2write, defaults to "tmp"
        -j <name>               integrate <file> into jffs2 data when writing an image
        -s <number>             skip the first n bytes when appending data to the jffs2 partiton, defaults to "0"
        -p <number>             write beginning at partition offset
        -l <length>             the length of data that we want to dump

Example: To write linux.trx to mtd4 labeled as linux and reboot afterwards
         mtd -r write linux.trx linux

as you can see, you can use the -p option to write at an offset within an MTD partition. you can use this to write to where a partition would lay in the stock partition layout. the original partition layout can be seen in the stock bootlog in the wiki's device page.

notes:

• you CANNOT write to a partition offset simply by writing a bunch of zeros equal in size to the offset before the data of interest followed by the data to the complete partition. this assumes that there are no bad blocks in the MTD area before the offset which in the general case is false for NAND flash.
• you can write to a partition offset using the mtd -p <offset> command.
• you CANNOT assume that you can write size X data to MTD partition of size X, as again that assumes no bad blocks. if you need to continue writing some data to the next MTD partition:
  • write to the first MTD partition, the read that partition to find out how much data actually fit there.
  • skip that amount of data and write the rest to the second MTD partition.
• UBI partitions should be written with ubiformat. you cannot use ubiformat with anything but a complete MTD partition, so you cannot apply the tricks above. but you could restore a UBI partition using MTD wrtite, only if the NAND has not developed new bad blocks in the UBI area, which has a reasonable probability. once again, reading back the MTD area should result in the same length of the backup if no new bad blocks developed.