search

pr0v3rbs / FirmAE

Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
MIT License
603 stars 117 forks source link

unsure of failure to boot firmware #58

Closed Static-Flow closed 1 year ago

Static-Flow commented 1 year ago

Hello, I have been trying to use this project to emulate a router firmware I found. I sadly don't have access to a physical version of the device so I'm having to result to emulation. Everything seemed to go fine with creating the image but then it fails to successfully boot under QEMU. I ma rather new to firmware RE so I'm not quite sure what to make of the error log. Is there something here that sticks out as being the culprit?

[    0.000000] Linux version 4.1.17+ (firmae@ubuntu) (gcc version 5.3.0 (GCC) ) #17 Sat Oct 31 17:56:16 KST 2020

[    0.000000] earlycon: Early serial console at I/O port 0x3f8 (options '38400n8')

[    0.000000] bootconsole [uart0] enabled

[    0.000000] CPU0 revision is: 00019300 (MIPS 24Kc)

[    0.000000] FPU revision is: 00739300

[    0.000000] Software DMA cache coherency enabled

[    0.000000] Determined physical RAM map:

[    0.000000]  memory: 00001000 @ 00000000 (reserved)

[    0.000000]  memory: 000ef000 @ 00001000 (ROM data)

[    0.000000]  memory: 00798000 @ 000f0000 (reserved)

[    0.000000]  memory: 0f777000 @ 00888000 (usable)

[    0.000000] debug: ignoring loglevel setting.

[    0.000000] Wasting 69888 bytes for tracking 2184 unused pages

[    0.000000] Initrd not found or empty - disabling initrd

[    0.000000] Zone ranges:

[    0.000000]   DMA      [mem 0x0000000000000000-0x0000000000ffffff]

[    0.000000]   Normal   [mem 0x0000000001000000-0x000000000fffefff]

[    0.000000] Movable zone start for each node

[    0.000000] Early memory node ranges

[    0.000000]   node   0: [mem 0x0000000000000000-0x000000000fffefff]

[    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x000000000fffefff]

[    0.000000] On node 0 totalpages: 65535

[    0.000000] free_area_init_node: node 0, pgdat 8081d5b0, node_mem_map 81000000

[    0.000000]   DMA zone: 32 pages used for memmap

[    0.000000]   DMA zone: 0 pages reserved

[    0.000000]   DMA zone: 4096 pages, LIFO batch:0

[    0.000000]   Normal zone: 480 pages used for memmap

[    0.000000]   Normal zone: 61439 pages, LIFO batch:15

[    0.000000] Primary instruction cache 2kB, VIPT, 2-way, linesize 16 bytes.

[    0.000000] Primary data cache 2kB, 2-way, VIPT, no aliases, linesize 16 bytes

[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768

[    0.000000] pcpu-alloc: [0] 0 

[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 65023

[    0.000000] Kernel command line: firmadyne.syscall=1 root=/dev/sda1 console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 FIRMAE_NET=true FIRMAE_NVRAM=true FIRMAE_KERNEL=true FIRMAE_ETC=true user_debug=31

[    0.000000] found FIRMAE_KERNEL=t

[    0.000000] set the LD_PRELOAD=/firmadyne/libnvram_ioctl.so

[    0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes)

[    0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)

[    0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)

[    0.000000] Writing ErrCtl register=00000000

[    0.000000] Readback ErrCtl register=00000000

[    0.000000] Memory: 251112K/262140K available (5361K kernel code, 248K rwdata, 1672K rodata, 260K init, 157K bss, 11028K reserved, 0K cma-reserved)

[    0.000000] NR_IRQS:256

[    0.000000] CPU frequency 333.34 MHz

[    0.000000] clocksource MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 11467490205 ns

[    0.000085] sched_clock: 32 bits at 166MHz, resolution 5ns, wraps every 12884819965ns

[    0.003631] Console: colour dummy device 80x25

[    0.005694] Calibrating delay loop... 

[    0.808641] spurious 8259A interrupt: IRQ7.

[    0.935842] 502.78 BogoMIPS (lpj=1005568)

[    0.936521] pid_max: default: 32768 minimum: 301

[    0.939036] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)

[    0.939172] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)

[    0.957407] clocksource jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns

[    0.961562] NET: Registered protocol family 16

[    0.969337] clocksource pit: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1601818034827 ns

[    0.979783] vgaarb: loaded

[    0.980638] SCSI subsystem initialized

[    0.981095] libata version 3.00 loaded.

[    0.981702] usbcore: registered new interface driver usbfs

[    0.982678] usbcore: registered new interface driver hub

[    0.982873] usbcore: registered new device driver usb

[    0.983288] pps_core: LinuxPPS API ver. 1 registered

[    0.983407] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>

[    0.983616] PTP clock support registered

[    0.984380] PCI host bridge to bus 0000:00

[    0.984776] pci_bus 0000:00: root bus resource [mem 0x10000000-0x17ffffff]

[    0.984935] pci_bus 0000:00: root bus resource [io  0x1000-0x1fffff]

[    0.985098] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0]

[    0.985251] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]

[    0.985984] pci 0000:00:00.0: [11ab:4620] type 00 class 0x060000

[    0.986564] pci 0000:00:00.0: [Firmware Bug]: reg 0x14: invalid BAR (can't size)

[    0.986986] pci 0000:00:00.0: [Firmware Bug]: reg 0x18: invalid BAR (can't size)

[    0.987112] pci 0000:00:00.0: [Firmware Bug]: reg 0x1c: invalid BAR (can't size)

[    0.987232] pci 0000:00:00.0: [Firmware Bug]: reg 0x20: invalid BAR (can't size)

[    0.987385] pci 0000:00:00.0: [Firmware Bug]: reg 0x24: invalid BAR (can't size)

[    0.988546] pci 0000:00:0a.0: [8086:7110] type 00 class 0x060100

[    0.989033] pci 0000:00:0a.1: [8086:7111] type 00 class 0x010180

[    0.989282] pci 0000:00:0a.1: reg 0x20: [io  0x0000-0x000f]

[    0.989432] pci 0000:00:0a.1: legacy IDE quirk: reg 0x10: [io  0x01f0-0x01f7]

[    0.989565] pci 0000:00:0a.1: legacy IDE quirk: reg 0x14: [io  0x03f6]

[    0.989693] pci 0000:00:0a.1: legacy IDE quirk: reg 0x18: [io  0x0170-0x0177]

[    0.989821] pci 0000:00:0a.1: legacy IDE quirk: reg 0x1c: [io  0x0376]

[    0.990113] pci 0000:00:0a.2: [8086:7112] type 00 class 0x0c0300

[    0.990249] pci 0000:00:0a.2: reg 0x20: [io  0x0000-0x001f]

[    0.990464] pci 0000:00:0a.3: [8086:7113] type 00 class 0x068000

[    0.991446] pci 0000:00:0a.3: quirk: [io  0x1000-0x103f] claimed by PIIX4 ACPI

[    0.991599] pci 0000:00:0a.3: quirk: [io  0x1100-0x110f] claimed by PIIX4 SMB

[    0.991928] pci 0000:00:12.0: [1013:00b8] type 00 class 0x030000

[    0.992058] pci 0000:00:12.0: reg 0x10: [mem 0x00000000-0x01ffffff pref]

[    0.992192] pci 0000:00:12.0: reg 0x14: [mem 0x00000000-0x00000fff]

[    0.992309] pci 0000:00:12.0: reg 0x30: [mem 0x00000000-0x0000ffff pref]

[    0.992649] vgaarb: device added: PCI:0000:00:12.0,decodes=io+mem,owns=none,locks=none

[    0.992845] pci 0000:00:13.0: [8086:100e] type 00 class 0x020000

[    0.992968] pci 0000:00:13.0: reg 0x10: [mem 0x00000000-0x0001ffff]

[    0.993078] pci 0000:00:13.0: reg 0x14: [io  0x0000-0x003f]

[    0.993252] pci 0000:00:13.0: reg 0x30: [mem 0x00000000-0x0007ffff pref]

[    0.993475] pci 0000:00:14.0: [8086:100e] type 00 class 0x020000

[    0.993585] pci 0000:00:14.0: reg 0x10: [mem 0x00000000-0x0001ffff]

[    0.993691] pci 0000:00:14.0: reg 0x14: [io  0x0000-0x003f]

[    0.993796] pci 0000:00:14.0: reg 0x30: [mem 0x00000000-0x0007ffff pref]

[    0.994050] pci 0000:00:15.0: [8086:100e] type 00 class 0x020000

[    0.994162] pci 0000:00:15.0: reg 0x10: [mem 0x00000000-0x0001ffff]

[    0.994268] pci 0000:00:15.0: reg 0x14: [io  0x0000-0x003f]

[    0.994372] pci 0000:00:15.0: reg 0x30: [mem 0x00000000-0x0007ffff pref]

[    0.994581] pci 0000:00:16.0: [8086:100e] type 00 class 0x020000

[    0.994690] pci 0000:00:16.0: reg 0x10: [mem 0x00000000-0x0001ffff]

[    0.994797] pci 0000:00:16.0: reg 0x14: [io  0x0000-0x003f]

[    0.994900] pci 0000:00:16.0: reg 0x30: [mem 0x00000000-0x0007ffff pref]

[    0.995280] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00

[    0.996688] pci 0000:00:12.0: BAR 0: assigned [mem 0x10000000-0x11ffffff pref]

[    0.996972] pci 0000:00:13.0: BAR 6: assigned [mem 0x12000000-0x1207ffff pref]

[    0.997152] pci 0000:00:14.0: BAR 6: assigned [mem 0x12080000-0x120fffff pref]

[    0.997276] pci 0000:00:15.0: BAR 6: assigned [mem 0x12100000-0x1217ffff pref]

[    0.997398] pci 0000:00:16.0: BAR 6: assigned [mem 0x12180000-0x121fffff pref]

[    0.997518] pci 0000:00:13.0: BAR 0: assigned [mem 0x12200000-0x1221ffff]

[    0.997635] pci 0000:00:14.0: BAR 0: assigned [mem 0x12220000-0x1223ffff]

[    0.997761] pci 0000:00:15.0: BAR 0: assigned [mem 0x12240000-0x1225ffff]

[    0.997899] pci 0000:00:16.0: BAR 0: assigned [mem 0x12260000-0x1227ffff]

[    0.998034] pci 0000:00:12.0: BAR 6: assigned [mem 0x12280000-0x1228ffff pref]

[    0.998157] pci 0000:00:12.0: BAR 1: assigned [mem 0x12290000-0x12290fff]

[    0.998312] pci 0000:00:13.0: BAR 1: assigned [io  0x1040-0x107f]

[    0.998438] pci 0000:00:14.0: BAR 1: assigned [io  0x1080-0x10bf]

[    0.998550] pci 0000:00:15.0: BAR 1: assigned [io  0x10c0-0x10ff]

[    0.998664] pci 0000:00:16.0: BAR 1: assigned [io  0x1400-0x143f]

[    0.998769] pci 0000:00:0a.2: BAR 4: assigned [io  0x1440-0x145f]

[    0.998874] pci 0000:00:0a.1: BAR 4: assigned [io  0x1460-0x146f]

[    1.005850] cfg80211: Calling CRDA to update world regulatory domain

[    1.007619] Switched to clocksource MIPS

[    1.014937] NET: Registered protocol family 2

[    1.019322] TCP established hash table entries: 2048 (order: 1, 8192 bytes)

[    1.019531] TCP bind hash table entries: 2048 (order: 1, 8192 bytes)

[    1.019971] TCP: Hash tables configured (established 2048 bind 2048)

[    1.020352] UDP hash table entries: 256 (order: 0, 4096 bytes)

[    1.020532] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)

[    1.021568] NET: Registered protocol family 1

[    1.022252] PCI: Enabling device 0000:00:0a.2 (0000 -> 0001)

[    1.022874] PCI: CLS 0 bytes, default 16

[    1.030236] futex hash table entries: 256 (order: -1, 3072 bytes)

[    1.035025] squashfs: version 4.0 (2009/01/31) Phillip Lougher

[    1.035371] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.

[    1.036070] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.

[    1.042234] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 251)

[    1.042478] io scheduler noop registered

[    1.042662] io scheduler cfq registered (default)

[    1.042857] firmadyne: devfs: 1, execute: 1, procfs: 1, syscall: 1

[    1.043453] firmadyne: Cannot register character device: gpio, 0xfc, 0x0!

[    1.044154] firmadyne: Cannot register character device: watchdog, 0xa, 0x82!

[    1.044834] firmadyne: Cannot register character device: wdt, 0xfd, 0x0!

[    1.083358] PCI: Enabling device 0000:00:12.0 (0000 -> 0002)

[    1.084716] cirrusfb 0000:00:12.0: Cirrus Logic chipset on PCI bus, RAM (4096 kB) at 0x10000000

[    1.162485] Console: switching to colour frame buffer device 80x30

[    1.172406] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled

[    1.175383] console [ttyS0] disabled

[    1.184113] serial8250.0: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A

[    1.185037] console [ttyS0] enabled

[    1.185037] console [ttyS0] enabled

[    1.185325] bootconsole [uart0] disabled

[    1.185325] bootconsole [uart0] disabled

[    1.191648] serial8250.0: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A

[    1.206141] brd: module loaded

[    1.210737] loop: module loaded

[    1.211864] ata_piix 0000:00:0a.1: version 2.13

[    1.212604] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001)

[    1.218690] scsi host0: ata_piix

[    1.219451] scsi host1: ata_piix

[    1.219814] ata1: PATA max UDMA/33 cmd 0x1f0 ctl 0x3f6 bmdma 0x1460 irq 14

[    1.220256] ata2: PATA max UDMA/33 cmd 0x170 ctl 0x376 bmdma 0x1468 irq 15

[    1.222156] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0

[    1.222350] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0

[    1.222511] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0

[    1.222666] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0

[    1.222821] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0

[    1.222976] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0

[    1.223357] nand: device found, Manufacturer ID: 0x98, Chip ID: 0x39

[    1.223487] nand: Toshiba NAND 128MiB 1,8V 8-bit

[    1.223596] nand: 128 MiB, SLC, erase size: 16 KiB, page size: 512, OOB size: 16

[    1.225030] flash size: 128 MiB

[    1.225111] page size: 512 bytes

[    1.225177] OOB area size: 16 bytes

[    1.225247] sector size: 16 KiB

[    1.225309] pages number: 262144

[    1.225372] pages per sector: 32

[    1.225434] bus width: 8

[    1.225485] bits in sector size: 14

[    1.225552] bits in page size: 9

[    1.225621] bits in OOB size: 4

[    1.225688] flash size with OOB: 135168 KiB

[    1.225766] page address bytes: 4

[    1.225830] sector address bytes: 3

[    1.225897] options: 0x42

[    1.227605] Scanning device for bad blocks

[    1.272906] Creating 11 MTD partitions on "NAND 128MiB 1,8V 8-bit":

[    1.273851] 0x000000000000-0x000000100000 : "NAND simulator partition 0"

[    1.275800] 0x000000100000-0x000000200000 : "NAND simulator partition 1"

[    1.276824] 0x000000200000-0x000000300000 : "NAND simulator partition 2"

[    1.277333] 0x000000300000-0x000000400000 : "NAND simulator partition 3"

[    1.277837] 0x000000400000-0x000000500000 : "NAND simulator partition 4"

[    1.278342] 0x000000500000-0x000000600000 : "NAND simulator partition 5"

[    1.278895] 0x000000600000-0x000000700000 : "NAND simulator partition 6"

[    1.279431] 0x000000700000-0x000000800000 : "NAND simulator partition 7"

[    1.279945] 0x000000800000-0x000000900000 : "NAND simulator partition 8"

[    1.281123] 0x000000900000-0x000000a00000 : "NAND simulator partition 9"

[    1.281652] 0x000000a00000-0x000008000000 : "NAND simulator partition 10"

[    1.283817] tun: Universal TUN/TAP device driver, 1.6

[    1.284046] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>

[    1.284569] pcnet32: pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de

[    1.284807] e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI

[    1.284940] e1000: Copyright (c) 1999-2006 Intel Corporation.

[    1.285172] PCI: Enabling device 0000:00:13.0 (0000 -> 0003)

[    1.405801] e1000 0000:00:13.0 eth0: (PCI:33MHz:32-bit) 52:54:00:12:34:56

[    1.406128] e1000 0000:00:13.0 eth0: Intel(R) PRO/1000 Network Connection

[    1.406349] PCI: Enabling device 0000:00:14.0 (0000 -> 0003)

[    1.428089] ata2.01: NODEV after polling detection

[    1.428423] ata1.01: NODEV after polling detection

[    1.429425] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100

[    1.430565] ata1.00: ATA-7: QEMU HARDDISK, 2.5+, max UDMA/100

[    1.430697] ata1.00: 2097152 sectors, multi 16: LBA48 

[    1.431209] ata2.00: configured for UDMA/33

[    1.499460] ata1.00: configured for UDMA/33

[    1.505959] scsi 0:0:0:0: Direct-Access     ATA      QEMU HARDDISK    2.5+ PQ: 0 ANSI: 5

[    1.510142] scsi 1:0:0:0: CD-ROM            QEMU     QEMU DVD-ROM     2.5+ PQ: 0 ANSI: 5

[    1.511531] sd 0:0:0:0: [sda] 2097152 512-byte logical blocks: (1.07 GB/1.00 GiB)

[    1.513627] sd 0:0:0:0: [sda] Write Protect is off

[    1.513750] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00

[    1.514101] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA

[    1.517724]  sda: sda1

[    1.520326] sd 0:0:0:0: [sda] Attached SCSI disk

[    1.538731] e1000 0000:00:14.0 eth1: (PCI:33MHz:32-bit) 52:54:00:12:34:57

[    1.538878] e1000 0000:00:14.0 eth1: Intel(R) PRO/1000 Network Connection

[    1.539058] PCI: Enabling device 0000:00:15.0 (0000 -> 0003)

[    1.667937] e1000 0000:00:15.0 eth2: (PCI:33MHz:32-bit) 52:54:00:12:34:58

[    1.668120] e1000 0000:00:15.0 eth2: Intel(R) PRO/1000 Network Connection

[    1.668304] PCI: Enabling device 0000:00:16.0 (0000 -> 0003)

[    1.776264] e1000 0000:00:16.0 eth3: (PCI:33MHz:32-bit) 52:54:00:12:34:59

[    1.776427] e1000 0000:00:16.0 eth3: Intel(R) PRO/1000 Network Connection

[    1.776720] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k

[    1.776832] e1000e: Copyright(c) 1999 - 2014 Intel Corporation.

[    1.777174] PPP generic driver version 2.4.2

[    1.777626] PPP Deflate Compression module registered

[    1.778004] PPP MPPE Compression module registered

[    1.778114] NET: Registered protocol family 24

[    1.778368] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver

[    1.778533] ehci-pci: EHCI PCI platform driver

[    1.778754] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver

[    1.778903] ohci-pci: OHCI PCI platform driver

[    1.779113] uhci_hcd: USB Universal Host Controller Interface driver

[    1.780162] uhci_hcd 0000:00:0a.2: UHCI Host Controller

[    1.780813] uhci_hcd 0000:00:0a.2: new USB bus registered, assigned bus number 1

[    1.781451] uhci_hcd 0000:00:0a.2: irq 11, io base 0x00001440

[    1.786257] hub 1-0:1.0: USB hub found

[    1.786649] hub 1-0:1.0: 2 ports detected

[    1.789733] usbcore: registered new interface driver usb-storage

[    1.790308] mousedev: PS/2 mouse device common for all mice

[    1.792120] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0

[    1.792512] rtc_cmos rtc_cmos: alarms up to one day, 242 bytes nvram

[    1.793501] i2c /dev entries driver

[    1.793781] piix4_smbus 0000:00:0a.3: SMBus Host Controller at 0x1100, revision 0

[    1.794586] sdhci: Secure Digital Host Controller Interface driver

[    1.794705] sdhci: Copyright(c) Pierre Ossman

[    1.794982] hidraw: raw HID events driver (C) Jiri Kosina

[    1.796104] usbcore: registered new interface driver usbhid

[    1.796242] usbhid: USB HID core driver

[    1.796528] Netfilter messages via NETLINK v0.30.

[    1.797016] nf_conntrack version 0.5.0 (3923 buckets, 15692 max)

[    1.798216] ctnetlink v0.93: registering with nfnetlink.

[    1.799018] ipip: IPv4 over IPv4 tunneling driver

[    1.801910] ip_tables: (C) 2000-2006 Netfilter Core Team

[    1.803213] arp_tables: (C) 2002 David S. Miller

[    1.804101] Initializing XFRM netlink socket

[    1.804435] NET: Registered protocol family 10

[    1.810666] ip6_tables: (C) 2000-2006 Netfilter Core Team

[    1.811943] sit: IPv6 over IPv4 tunneling driver

[    1.813996] NET: Registered protocol family 17

[    1.814428] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.

[    1.814709] Bridge firewalling registered

[    1.814822] Ebtables v2.0 registered

[    1.815646] 8021q: 802.1Q VLAN Support v1.8

[    1.818019] rtc_cmos rtc_cmos: setting system clock to 2023-03-23 15:13:09 UTC (1679584389)

[    1.836361] EXT2-fs (sda1): warning: mounting unchecked fs, running e2fsck is recommended

[    1.838512] VFS: Mounted root (ext2 filesystem) on device 8:1.

[    1.839460] Freeing YAMON memory: 956k freed

[    1.865607] Freeing unused kernel memory: 260K (8081f000 - 80860000)

[    1.914046] firmadyne: sys_reboot[PID: 48 (init)]: magic1:fee1dead, magic2:28121969, cmd:0

[    1.966430] firmadyne: do_execve: /firmadyne/console

[    1.966597] OFFSETS: offset of pid: 0x198 offset of comm: 0x278

mkdir: Cannot create directory `/dev/pts': File exists

Mount DEV File System....OK

Mount PROC File System....OK

[    2.187023] EXT3-fs (loop0): error: can't find ext3 filesystem on dev loop0.

[    2.199397] EXT2-fs (loop0): error: can't find an ext2 filesystem on dev loop0.

[    2.200817] EXT4-fs (loop0): VFS: Can't find ext4 filesystem

[    2.202760] cramfs: wrong magic

[    2.204742] squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop0

[    2.206262] FAT-fs (loop0): invalid media value (0x2a)

[    2.206401] FAT-fs (loop0): Can't find a valid FAT filesystem

[    2.209407] MTD: Attempt to mount non-MTD device "/dev/loop0"

[    2.210066] romfs: VFS: Can't find a romfs filesystem on dev loop0.

[    2.218651] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found

[    2.218851] UDF-fs: warning (device loop0): udf_fill_super: No partition found (2)

mount: Mounting /sqfs.img on /sqfs failed: Invalid argument

Mount Main SQFS File System....OK

[    2.272167] random: nonblocking pool is initialized

[    2.285900] EXT3-fs (loop0): error: can't find ext3 filesystem on dev loop0.

[    2.292409] EXT2-fs (loop0): error: can't find an ext2 filesystem on dev loop0.

[    2.300645] EXT4-fs (loop0): VFS: Can't find ext4 filesystem

[    2.302205] cramfs: wrong magic

[    2.308364] squashfs: SQUASHFS error: Can't find a SQUASHFS superblock on loop0

[    2.316598] FAT-fs (loop0): invalid media value (0x2a)

[    2.316732] FAT-fs (loop0): Can't find a valid FAT filesystem

[    2.318251] MTD: Attempt to mount non-MTD device "/dev/loop0"

[    2.323984] romfs: VFS: Can't find a romfs filesystem on dev loop0.

[    2.325450] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found

[    2.325608] UDF-fs: warning (device loop0): udf_fill_super: No partition found (2)

mount: Mounting /modsqfs.img on /modsqfs failed: Invalid argument

Mount Module SQFS File System....OK

Mount CFG JFFS2 File System....OK

Mount LOG JFFS2 File System....OK

umount: /modsqfs: Invalid argument

[    2.870177] firmadyne: sys_socket[PID: 163 (ifconfig)]: family:2, type:1, protocol:0

[    2.871518] 

do_page_fault(): sending SIGSEGV to cli for invalid read access from 7fca3000

[    2.871817] epc = 774f096c in libsal.so.0.0[774ce000+7f000]

[    2.872098] ra  = 774f096c in libsal.so.0.0[774ce000+7f000]

[    2.872219] 

[    2.872564] potentially unexpected fatal signal 11.

[    2.872775] CPU: 0 PID: 59 Comm: cli Not tainted 4.1.17+ #17

[    2.872929] task: 8f09e048 ti: 8f0cc000 task.ti: 8f0cc000

[    2.873040] $ 0   : 00000000 7743fb45 ffffffff ffffffff

[    2.873181] $ 4   : 7fca18a0 ffffffff 000004f8 00000000

[    2.873292] $ 8   : 00000000 00000000 00000001 00000008

[    2.873405] $12   : 00000000 76d3d1b0 00000000 00000001

[    2.873515] $16   : 7fca2ca0 7fca18a0 00000005 00000000

[    2.873617] $20   : 00000000 00000000 7fca2274 00000000

[    2.873718] $24   : 76cd6d44 773e18b0                  

[    2.873845] $28   : 77429af0 7fca1888 00000001 774f096c

[    2.873956] Hi    : 00000249

[    2.874017] Lo    : 0001cbed

[    2.874138] epc   : 774f096c 0x774f096c

[    2.874217] ra    : 774f096c 0x774f096c

[    2.874290] Status: 0000a413 USER EXL IE 

[    2.874457] Cause : 10800008

[    2.874524] BadVA : 7fca3000

[    2.874592] PrId  : 00019300 (MIPS 24Kc)

[    2.882360] firmadyne: __inet_insert_ifa[PID: 163 (ifconfig)]: device:lo ifa:0x7f000001

[    2.886231] firmadyne: __inet_insert_ifa[PID: 163 (ifconfig)]: device:lo ifa:0x7f000001

[    2.903010] firmadyne: sys_socket[PID: 164 (route)]: family:2, type:1, protocol:0

[    2.915364] firmadyne: sys_socket[PID: 165 (ifconfig)]: family:2, type:1, protocol:0

[    2.916150] firmadyne: __inet_insert_ifa[PID: 165 (ifconfig)]: device:eth0 ifa:0xc0a801fe

[    2.919797] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready

[    2.919968] 8021q: adding VLAN 0 to HW filter on device eth0

[    2.920900] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX

[    2.922025] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready

[    3.163265] 

do_page_fault(): sending SIGSEGV to initd for invalid write access to 7f862000

[    3.163842] epc = 77eaab70 in libsal.so.0.0[77e89000+7f000]

[    3.164086] ra  = 77eaab4c in libsal.so.0.0[77e89000+7f000]

[    3.164195] 

[    3.164263] potentially unexpected fatal signal 11.

[    3.164373] CPU: 0 PID: 168 Comm: initd Not tainted 4.1.17+ #17

[    3.326041] 

do_page_fault(): sending SIGSEGV to cli for invalid read access from 7f8a4000

[    3.326495] epc = 773fd96c in libsal.so.0.0[773db000+7f000]

[    3.326826] ra  = 773fd96c in libsal.so.0.0[773db000+7f000]

[    3.326938] 

[    3.326988] potentially unexpected fatal signal 11.

[    3.327083] CPU: 0 PID: 213 Comm: cli Not tainted 4.1.17+ #17

[    3.327187] task: 8f09ea68 ti: 8f0a4000 task.ti: 8f0a4000

[    3.327279] $ 0   : 00000000 7738cc46 00000000 00000000

[    3.327384] $ 4   : 00000001 00000000 00000001 00000000

[    3.327505] $ 8   : 00000000 00000000 00000001 8f19ef80

[    3.327612] $12   : 8f0a5d1e 00000001 00008000 0000001c

[    3.327897] $16   : 7f8a3ca0 7f8a2d90 00000005 00000000

[    3.328002] $20   : 00000000 00000000 7f8a3764 00000000

[    3.328104] $24   : 00010000 76bd8290                  

[    3.328208] $28   : 77336af0 7f8a2d78 00000001 773fd96c

[    3.328311] Hi    : 00000000

[    3.328365] Lo    : 00000000

[    3.328422] epc   : 773fd96c 0x773fd96c

[    3.328508] ra    : 773fd96c 0x773fd96c

[    3.328579] Status: 0000a413 USER EXL IE 

[    3.328661] Cause : 10800008

[    3.328713] BadVA : 7f8a4000

[    3.328766] PrId  : 00019300 (MIPS 24Kc)

SIGSEGV

# [    4.154263] cfg80211: Calling CRDA to update world regulatory domain

[    7.297278] cfg80211: Calling CRDA to update world regulatory domain

[   10.441320] cfg80211: Calling CRDA to update world regulatory domain

[   13.586478] cfg80211: Calling CRDA to update world regulatory domain

[   16.729864] cfg80211: Calling CRDA to update world regulatory domain

[   19.874426] cfg80211: Calling CRDA to update world regulatory domain

[   23.027537] cfg80211: Calling CRDA to update world regulatory domain

[   26.173870] cfg80211: Calling CRDA to update world regulatory domain

[   29.317903] cfg80211: Calling CRDA to update world regulatory domain

[   32.461231] cfg80211: Calling CRDA to update world regulatory domain

[   35.606512] cfg80211: Exceeded CRDA call max attempts. Not calling CRDA