From e580126d843f897660dec548fb061dd7d1d11579 Mon Sep 17 00:00:00 2001
From: Markus Fritsche <fritsche.markus@gmail.com>
Date: Wed, 22 Apr 2026 10:13:23 +0200
Subject: [PATCH] Initial: BESser umbrella for BES2600 driver mainlining

Sets up the BES2600 mainlining work tree with:

- README: project overview, hardware target, driver lineage
  (CW1200 -> Bestechnic -> arjan-vlek -> Mobian/danctnix), patch series
  status, repo map, build/deploy workflow.

- patches/: c1 patch generated by git format-patch from
  marfrit/bes2600-dkms branch bes2600/factory-request-firmware
  (checkpatch.pl --no-tree --strict: 0 errors / 0 warnings / 0 checks).

- scripts/: build-bes2600-on-ohm.sh, deploy-c1-to-ohm.sh,
  backup-ohm-kernel.sh - reproducible build + deploy + backup.

- fw-analysis/: per-blob strings.txt + fnnames.txt extracted from the
  4 firmware blobs pulled from ohm 2026-04-21. Source binaries NOT
  committed (Bestechnic-proprietary).

- notes/: observed-bugs.md (4 known bug surfaces with file:line +
  patch-series cross-reference), source-map.md (every public driver
  source variant + their canonical role).

Companion work tree: marfrit/bes2600-dkms (Mobian DKMS fork) at
git.reauktion.de.

Signed-off-by: Markus Fritsche <fritsche.markus@gmail.com>
---
 .gitignore                                    |   11 +
 README.md                                     |  118 ++
 .../best2002_fw_boot_sdio.strings.fnnames.txt |   34 +
 fw-analysis/best2002_fw_boot_sdio.strings.txt |  672 +++++++
 .../best2002_fw_sdio.strings.fnnames.txt      |  191 ++
 fw-analysis/best2002_fw_sdio.strings.txt      | 1583 +++++++++++++++++
 .../best2002_fw_sdio_btrf.strings.fnnames.txt |   64 +
 fw-analysis/best2002_fw_sdio_btrf.strings.txt |  811 +++++++++
 ...t2002_fw_sdio_nosignal.strings.fnnames.txt |   95 +
 .../best2002_fw_sdio_nosignal.strings.txt     | 1177 ++++++++++++
 notes/observed-bugs.md                        |   99 ++
 notes/source-map.md                           |   77 +
 ...equest_firmware-for-factory.txt-read.patch |  144 ++
 scripts/backup-ohm-kernel.sh                  |   27 +
 scripts/build-bes2600-on-ohm.sh               |   28 +
 scripts/deploy-c1-to-ohm.sh                   |   40 +
 16 files changed, 5171 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 fw-analysis/best2002_fw_boot_sdio.strings.fnnames.txt
 create mode 100644 fw-analysis/best2002_fw_boot_sdio.strings.txt
 create mode 100644 fw-analysis/best2002_fw_sdio.strings.fnnames.txt
 create mode 100644 fw-analysis/best2002_fw_sdio.strings.txt
 create mode 100644 fw-analysis/best2002_fw_sdio_btrf.strings.fnnames.txt
 create mode 100644 fw-analysis/best2002_fw_sdio_btrf.strings.txt
 create mode 100644 fw-analysis/best2002_fw_sdio_nosignal.strings.fnnames.txt
 create mode 100644 fw-analysis/best2002_fw_sdio_nosignal.strings.txt
 create mode 100644 notes/observed-bugs.md
 create mode 100644 notes/source-map.md
 create mode 100644 patches/0001-bes2600-use-request_firmware-for-factory.txt-read.patch
 create mode 100755 scripts/backup-ohm-kernel.sh
 create mode 100755 scripts/build-bes2600-on-ohm.sh
 create mode 100755 scripts/deploy-c1-to-ohm.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..6ec1fa8bf
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,11 @@
+*.bin
+*.ko
+*.ko.zst
+*.tar
+*.tar.zst
+*.tar.gz
+.*.swp
+*~
+build/
+firmware/
+firmware-from-ohm/
diff --git a/README.md b/README.md
new file mode 100644
index 000000000..044ba9e9b
--- /dev/null
+++ b/README.md
@@ -0,0 +1,118 @@
+# BESser — BES2600 driver mainlining for Pine64 PineTab2
+
+Working tree for upstreaming the **Bestechnic BES2600WM WiFi/BT combo**
+driver currently shipped out-of-tree by the danctnix kernel for the
+Pine64 PineTab2.
+
+## Why "BESser"
+
+"BES" (the chip vendor) + German *besser* ("better"). Sibling to:
+- **Bin** — u-boot upstreaming for the CoolPi GenBook (RK3588)
+- **MegabitChip** — DDR init blob RE for the same SoC
+- **SouthAfrica** — OpenPineBuds / 1MORE Fit SE BES2300 firmware RE (chip family relative)
+- **RockHard** — RK3588 mainline kernel work
+
+## Hardware target
+
+| Item | Value |
+|------|-------|
+| Device | PineTab2 |
+| Host name | `ohm` (`ohm.fritz.box`, `ohm.vpn = 10.170.16.14`) |
+| SoC | Rockchip RK3566 (aarch64) |
+| WiFi/BT | **Bestechnic BES2600WM** — WiFi 4 (11n dual-band 1x1) + BT 5.2/5.3 |
+| WiFi interface | SDIO 3.0, vendor `0xBE57` device `0x2002` |
+| BT interface | UART HCI (separate `bes2600_btuart` module) |
+| OS | Arch Linux ARM, danctnix kernel `6.19.10-danctnix1-1-pinetab2` |
+
+## Driver lineage
+
+```
+ST-Ericsson CW1200 (mainline drivers/net/wireless/st/cw1200/)
+        │   author: Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com>
+        ▼
+Bestechnic BES2600 (closed fork ~2015–2023, same author)
+        │   adds: BT-over-UART, 5GHz, ePTA coexistence, SDIO ADMA, char-dev API
+        ▼
+Released for Chinese Android burner-phone vendor kernels (~2023)
+        │
+        ▼
+arjan-vlek/bes2600 (GitLab, 2023-07) → 26-commit checkpatch cleanup
+        │
+        ├── TuxThePenguin0/bes2600 (preserves pre-removal Android source)
+        ├── salsa.debian.org/Mobian-team/devices/bes2600-dkms (active, our PR target)
+        └── codeberg.org/DanctNIX/linux-pinetab2 (in-kernel at drivers/staging/bes2600/)
+```
+
+CW1200-ancestry markers in current source: same author Dmitry Tarnyagin,
+`CONFIG_BES2600_USE_STE_EXTENSIONS` (STE = ST-Ericsson),
+`CONFIG_BES2600_WSM_DEBUG` (WSM = CW1200's host↔FW protocol).
+
+## Repos
+
+| Role | Path |
+|------|------|
+| **This umbrella** | `git.reauktion.de/marfrit/besser` — patches/, scripts/, fw-analysis/, notes/ |
+| **Mobian DKMS fork** (PR target) | `git.reauktion.de/marfrit/bes2600-dkms` — branches per patch; upstream = `salsa.debian.org/Mobian-team/devices/bes2600-dkms` |
+
+## Patch series
+
+| Patch | Status | Description |
+|-------|--------|-------------|
+| **c1** | ✅ MERGED-LOCAL, deployed on ohm | `bes2600: use request_firmware() for factory.txt read` — kills filp_open / kernel_read in the read path; fixes the `(NULL device *) read and check /lib/firmware/bes2600_factory.txt error` boot spam |
+| **c2** | pending | PM handshake gate + retry — fixes `bes2600_pwr_enter_lp_mode wait pm ind timeout` recurring every 5–10s |
+| **c3** | pending | bes_chardev removal + nl80211 testmode hookup — clears the second upstream blocker (custom char device); secondary effect on bug #3 |
+| **c4** | pending | Enable `CONFIG_BES2600_TESTMODE=y` + route `patch_wifi_testMode` — exposes hidden firmware testmode features |
+| **c5** | pending | Investigate `factory.txt parse fail` — uncovered by c1; original bug masked it; parser chokes on data request_firmware now successfully returns |
+| c1.1 | pending follow-up | Drop `kernel_write` from factory.c + bes_chardev.c + bes_fw.c (`/lib/firmware/bes2002_fw_write.bin` debug file!) |
+| c1.2 | pending follow-up | Thread `struct device *` through factory API → eliminates `(NULL device *)` log prefix |
+
+## Workflow
+
+1. Edit on Mobian fork (`bes2600-dkms`) — primary upstream PR target
+2. Topic branch per patch: `bes2600/<short-name>`
+3. `git commit --signoff` with full kernel-style message
+4. checkpatch.pl --no-tree --strict before push (must be clean)
+5. `git format-patch -1 -o ../besser/patches/` to canonicalize
+6. Push branch to `origin` (Gitea), open MR upstream when ready
+
+## Build + deploy
+
+See `scripts/`:
+- `build-bes2600-on-ohm.sh` — native aarch64 build on ohm (requires `linux-pinetab2-headers`)
+- `deploy-c1-to-ohm.sh` — install patched modules to `/lib/modules/<ver>/extra/` + depmod
+- `backup-ohm-kernel.sh` — timestamped tar.zst of /boot + /lib/modules + /lib/firmware/bes2600
+
+## Firmware RE state (task d)
+
+Firmware blobs (4 .bin + factory.txt) are **not** committed here (binary,
+ships from Bestechnic). On `boltzmann:~/src/besser/firmware-from-ohm/` and
+on `oppenheimer:/work/besser/` (Ghidra host).
+
+What IS committed under `fw-analysis/`:
+- `*.strings.txt` — full sorted-unique strings extraction per blob
+- `*.fnnames.txt` — function-name pattern extraction (191 candidates from `best2002_fw_sdio.bin`)
+
+Build provenance: Dec 26-27 2023 build from Bestechnic Jenkins
+(`GCC-10-pipeline`), source git commit `8125e20be` (NOT public).
+
+Hidden features in firmware (per task d): testmode patch (CONFIG_BES2600_TESTMODE
+gates it), ePTA coexistence with bypass (`gEptaBypass: %d`), DPD per-channel
+calibration, hal_trace_crash_dump_register, METAL_ID + patch_version
+introspection, RF tone generation (nosignal variant), memory dump (nosignal
+variant), DAC/IQ calibration v2, fast-PSM tuning hooks.
+
+## Adjacent infrastructure
+
+- **oppenheimer** (CT131 on data Proxmox): Ghidra 11.3.2 host. SSH via
+  `mfritsche@192.168.88.63`. Staging at `/work/besser/`.
+- **boltzmann** (Rock 5 ITX+): primary build/dev, ARM64 native, hub-tools
+  preferred path.
+- **ohm**: target hardware; UART-over-USB-C debug rig also available
+  (Tigard FT2232H Channel A @ 1.8V).
+
+## Authors / contacts
+
+- Markus Fritsche `<fritsche.markus@gmail.com>` (this fork)
+- Driver upstream: Dmitry Tarnyagin `<dmitry.tarnyagin@stericsson.com>` (CW1200 / BES2600 base)
+- BT companion: Dang Huynh `<dang.huynh@mainlining.org>` (`bes2600_btuart.c`, 2025)
+- Mobian DKMS: Julian `<mail@julianfairfax.ch>` (current packaging maintainer)
diff --git a/fw-analysis/best2002_fw_boot_sdio.strings.fnnames.txt b/fw-analysis/best2002_fw_boot_sdio.strings.fnnames.txt
new file mode 100644
index 000000000..a6a286ea1
--- /dev/null
+++ b/fw-analysis/best2002_fw_boot_sdio.strings.fnnames.txt
@@ -0,0 +1,34 @@
+close_usb_test
+dpd_data_free
+dpd_data_gen
+dpd_write_table
+hal_gpadc_adc2volt_calib
+hal_iomux_cfg_wifi_switch
+hal_iomux_set_sdio_voltage
+hal_pm_notif_register
+hal_sdio_device_irq_handler
+hal_sdio_device_recv
+iq_5g_cfg_rx_mem_dump
+iq_cali_data_free_2g
+iq_cali_data_free_5g
+iq_cali_data_gen_2g
+iq_cali_data_gen_5g
+iq_cali_new_5g_v2
+pmu_temperature_adc2temp_calib
+power_compensate_by_temperature_2002
+ramrun_test_main
+rand_filt_gen
+recover_wifi_cali_result
+wifi_agc_config
+wifi_cali
+wifi_cali_dac_v2
+wifi_cali_data_crc_check
+wifi_cali_data_crc_update
+wifi_cp_reset_skip_cali
+wifi_deinit
+wifi_dpd_boot_low_power_en
+wifi_init
+wifi_iomux_cfg_switch
+wifi_iq_cali_2g_v2
+wifi_recover_cali_data
+wifi_rfpll_temperature_compensation
diff --git a/fw-analysis/best2002_fw_boot_sdio.strings.txt b/fw-analysis/best2002_fw_boot_sdio.strings.txt
new file mode 100644
index 000000000..738309358
--- /dev/null
+++ b/fw-analysis/best2002_fw_boot_sdio.strings.txt
@@ -0,0 +1,672 @@
+------
+0123456789abcdef
+0123456789ABCDEF
+0#2J%I
+#0a2isa3isi
+0c%eee
++0cIF@F
++0F9F	
+0`!F(F
+0F*F!F
+0HM\hHNEO
+0iFKqi
+0"IIKH
+)#0JC 1I
+`0K3J@F
+;0;	+N
+%+16<AGLQUZ^bfjmpsuxz{}~~
+1`bQK`
+1@FYCIK
+@@@@@@,1 SEQ_STATUS_IDLE
+1YbZvYjA
+2002,  patch_wifi_testMode,cfg.test_rx_count:0x%08x
+2002,  patch_wifi_testMode,*rom_rx_signal_count:0x%08x
+2F9F F
+2F9F(F
+2F;F0F9F
+2F!F(F
+2F)F F
+#2FIF@F
+2g freq_index:%d dpd_cali_num:%d find %d dB+-0.2db compression point success:%d
+2?&+hAI
+"2K F)F
+@@@@@@,2 SEQ_STATUS_IDLE
+30I0K1H
+^36J7ID 
+3AJEID 
+3F:Fx!
+3=JC AI
+#3p F@K
+3tKBFIF
+3yMDqy
+@40/R.
+&#4J5ID 
+5%behn
+6 7!H(I):";#
+6ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
+ 7KAF  
+87 F%K
+9*F#nMF
+abandon=%d.
+ abort error:%x,%x
+aciCa#z
+A#C )J)I
+ahFB"h
+AJm	H"
+alloc wakeup_timer fail
+AOLOMPO
+, APSR=%c%c%c%c%c
+### ASSERT @ 0x%08X ###
+assertion "%s" failed: file "%s", line %d%s%s
+aXdYcXaY`
+aYaYi!
+BAB_TxFrameComplete()
+BAB_TxFrameComplete()- BAB_TASK__PROCESS_TX_ADDBA_REQ_FRAME
+BAB_TxFrameComplete()- BAB_TASK__SEND_BAR_FRAME
+Bad func=%d for IOMUX pin=%d
+Bad GPIO pin %u (should < %u)
+bB`BhB
+BeaconWindow=%d BeaconWindowTime=%d BeaconWindowAdj=%d
+ (BFAR valid)
+BFKFPFYF
+BG test, os_time= %d , sleep= %d
+b`"i"`
+B@J@Z@
+.bqb{csbr
+BTC is power down. CTRL:0x%x
+bt msg len error. %u
+ (BusFault)
+ (BusFault during floating-point lazy state preservation)
+ (BusFault on stacking for exception entry)
+ (BusFault on unstacking for a return from exception)
+bycxbpbz
+bzc{bsbybrbxcpbq
+%c %08X: %08X
+C`3`EA
+#ca#ac`8
+######	CalibCountSaved= %d,CalibCounterRegStartVal= %d
+cali_temperature:%d, rf_version:%d
+can not add (%f), but keep running (+0.5)!
+cc`chZ
+CF*cc'c
+CF:F!j(F
+``ch#a
+checksum error. 0x%x 0x%x
+#c`#i#`
+#c`#j#
+c@JAID 
+c<JC =I
+C ~J~I
+close_usb_test
+CPU freq: %u
+cs`shC
+Cx0;KC
+Cx"`I`H
+%,CYMO
+D9FXh|K
+ (Data access violation)
+ (Data Watchpoint Match)
+DC CAL ERROR!!!![%s]LINE%d------freq_index=%d
+DC_cali_new_2g
+DC_cali_new_5g_v2
+DebugEvent   :
+####DEBUG: FastPsmEnabled=%d, UapsdFlags=0x%x,bcn_schedule_count=%d 
+####DEBUG: PsmState=%d, MgmtMode=%d,TxOutstanding=%d 
+####DEBUG: RxInProgressFlags=%d, SwitchingChannel=%d,PowerBusyEvents:0x%08x
+Dec 27 2023 11:55:58 8125e20be:best2002_fw_boot
+DelInterfaceFromChannel. ChanNum:%d, iner:%d
+d F"K!s
+DFSR =%08X
+DFWFLF
+dig_band_switch, band: %d
+ (Divide by zero UsageFault)
+DMA chan not enabled: inst=%u hwch=%u
+DMA not configured on UART %d
+DMA not supported on UART %d
+dMeN+h2h
+DO8F"F)F
+DOK&D@F
+dpd_2003_config_new_2G
+dpd_2003_config_new_5G
+dpd_2003_rx_dc_cali_5g ()<
+dpd_2003_rx_dc_cali_5g ()>
+dpd_cali done !
+dpd_cali faild !
+dpd_cali_num:%d find final 2.5dB compression point success:%d
+dpd_cali start %d %d
+dpd_data_free
+dpd_data_gen
+dpd_write_table
+DP*I*L
+dQk!@Qc
+#D UJWI
+`eak/`
+##### EbmMonitorHandler tx=%d cnt=%d reset=%d
+EBM WORKAROUND INVOKED!!
+efgEFG
+e*!*!***G*I*I***K*M*M***O*Q*Q***S*U*U***W*Y*Y****[*]*]***_*a*a***c
+#{e+h9e
+eJfIB 
+!E ]J]I
+eMx"1FdHl
+------ Enter %s ------
+entery downlaod process, close DOWNLOAD_TRACE
+Ep)h#hQ
+, EPSR=%08X, IPSR=%03X
+Epta_bt_config dur %d
+ERROR29!!!!!
+error, read battery timeout0
+error, read battery timeout1
+error, read temperature timeout0. ret:%d
+error, read temperature timeout1
+ERROR: st->gin_mini must eq to 1.0
+(Escalation HardFault)
+### EXCEPTION ###
+, ExceptionNumber=D'%d
+, EXC_RETURN=%08X
+------ Exit %s ------
+#`` F#
+*# #@F
+F($,N-K
++F0F9F
+F0F9F	
+F0F9FS
+F0F"F9F+F
+#)F1H	
+	! F1K
+&#F2FC
+!F3F*F
+F3F]`i`
+!(F3`#p
++"FAFO
+Failed to get DMA channel
+Failed to get dst periph: %d
+Failed to get src periph: %d
+Failed to open pmu
+FaultCause   :
+FaultInfo    :
+FBFcaQ
+FBFKFPFYF
+FBFKFQ
+!F*F0F
+"F)F0F
+#:F!F0F
+*F!F0F
++*F!F8F
+)F,Ff~
+"F)F@F
+#F"F!F
+)F"F@F
+;F F)F
+@F*F!F
+F F)F	
+[F"F)F0F
++F*F)F2H
+#F"F!F9H
+F F)FD
+"F+F F)F
+;"F+F F)F
+"F+F@FIF
+F F)FO
+F F)FS
+!F#F\H
+;F@FIF
+@F"FIF
+F@FIF	
+F@FIFc
+!F#FQH
+.F hah
+[F;IC 
+*FIF0F
+#"FIF8F
+final_pa_i_cali_wifi_0x34: 0x%x
+F+J+IB 
+:(F+J+K
+{F+`n`@#
+FPFBFYFKF
+FPF"FYF+F
+FPFYF	
+FPFYFC
+#FP!HCS
+fpRead fail!
+FRF[F0F9F
+FRF[FPFYF
+FRF[FQ
+!FSF(F
+&Fsx2x
+[Func %d io %d] is unsupported by pin_func_map. Check it or use reg assignment like iomux_set_uart0.
+, function: 
+ (Function %d matched)
+)Fx` F
+)Fx` F	
++FYO hah
+:@:F<@Z
+FzAF:F
+fZf]f\f
+!)@:F,@zj/@\G1@|
+g0F9F	
+G0"LILH
+G1K!F F
+G3h 3ca
+G9F(FvK
+G@"AFMH
+gain_am[400]= %d
+gain_am_max= %d
+g_dc_iq_rst_u32_5g[0][0]:0x%08x, [1][0]:0x%08x
+g_dc_iq_rst_u32_5g[0][0]:0x%08x, [1][0]:0x%08x, data_addr:%p
+gen_B1_data end
+gen_B1_data start
+GF#2F9F F
+g F)F2F;F
+ gfff|
+ gfffh
+G I!J	h
+GIJ(`II
+G[J(`[I
+G[J\I(`
+G\J\I(`
+G\J]I(`
+G]J]I(`
+G]J^I(`
+G^J^I(`
+G{J{I(`
+G{J|I(`
+G|J|I(`
+G|J}I(`
+G}J}I(`
+G}J~I(`
+G~J~I(`
+GJJ(`JI
+G#K[ 3
+GKF!0F
+GKJ(`KI
+G~K~OS
+GLJ(`LI
+GLK!F F
+GMJ(`MI
+GNJ(`NI
+GOJ(`OI
+GPJ(`PI
+GqJqI(`
+GqJrI(`
+GrJrI(`
+GrJsI(`
+GsJsI(`
+GsJtI(`
+GtJtI(`
+GtJuI(`
+GuJuI(`
+GuJvI(`
+GvJvI(`
+GvJwI(`
+GwJwI(`
+GwJxI(`
+GxJxI(`
+GxJyI(`
+GyJyI(`
+GyJzI(`
+GzJ{I(`
+GzJzI(`
+#h1F8F
+hal_gpadc_adc2volt_calib
+hal_iomux_cfg_wifi_switch
+hal_iomux_set_sdio_voltage
+hal_pm_notif_register
+hal_sdio_device_irq_handler
+hal_sdio_device_recv
+ (Halted)
+ (HardFault)
+#h+D#`
+HF9F N
+H#F"F!F
+H  F%K
+:h+FrC
+h[h!DS`
+h{iZ@O
+hJd!ZH
+hook_post_sys_init  rom_hook_cfg->rom_run_flag=0x%08x
+hook_wifidrv_rfpll_en(%d) pm=%d os_time=%d
+ :hVLVI
+HWTIMER-ALLOC: Invalid state: %d
+HWTIMER collapsed: irq occurred too early
+HWTIMER collapsed: irq when active is null
+HWTIMER irq occurred early: old active timer might be deleted? %u
+HWTIMER irq when active is null: might be deleted? %u
+HWTIMER-START collapsed: cur=%u active=%u
+ICSR =%08X, AIRCR=%08X, SCR  =%08X, CCR  =%08X
+I+FC "F
+#i*FIF@F
+IFxa@F
+IFxa@F	
+init wakeup gpio:%x
+ (Instruction access violation)
+ (Instruction bus error)
+Invalid AUDMA chan: %u
+Invalid baud param: %d
+Invalid data bits param: %d
+Invalid DMA inst: %u
+Invalid DMA periph: %d
+Invalid DMA policy: %d
+Invalid flow control param: %d
+Invalid parity param: %d
+ (Invalid PC load by EXC_RETURN UsageFault)
+Invalid SPI RX bits: %d
+Invalid SPI RX FRAME bits: %d
+Invalid SPI TX bits: %d
+ (Invalid state UsageFault)
+Invalid stop bits param: %d
+Invalid UART ID: %d
+IPSR():0x%x, PRIMASK:0x%x, BASEPRI:0x%x
+;iq_2g_cfg_rx_mem_dump
+iq_5g_cfg_rx_mem_dump
+IQ CAL ERROR!!!![%s]LINE%d------freq_index=%d
+iq_cali_data_free_2g
+iq_cali_data_free_5g
+iq_cali_data_gen_2g
+iq_cali_data_gen_5g
+iq_cali_new_5g_v2
+irq: gpio %d, val %d
+ISPI: Bad bits cfg
+ISPI: SPI cs bad: %d
+IUUUUU
+]##JC $I
+JF!F(F
+`^J_I(`
+\J\IC $h
+J! Sh#
+{@K@C@
+ KcpG'(
+KFJFIF
+K]h,C\`8
+ KIZ`C ;FZF
+K!J"H"I
+>!+K+N
+ K`pG'(
+KXh@BpG
+?/lj,D
+*LjF)F
+%L%J%h
+%"L#KT
+LMC_BA_AddActionFrameToTaskList()
+LQ.3.13
+LR.3.2#
+m32J3ID 
+malloc B0_im fail
+malloc B0_re fail
+malloc B1_imag fail
+malloc B1_real fail
+malloc I_tone_filt_imag fail
+malloc I_tone_filt_real fail
+malloc origin_imag fail
+malloc origin_real fail
+malloc tx2tones fail
+malloc txsingletone fail
+malloc xx fail
+ (MemFault)
+ (MemFault during floating-point lazy state preservation)
+ (MemFault on stacking for exception entry)
+ (MemFault on unstacking for a return from exception)
+METAL_ID: %d
+,M,I+h	hd
+MMFAR=%08X, BFAR =%08X
+ (MMFAR valid)
+/mnt/workspace/workspace/GCC-10-pipeline/jenkins-GCC-10-pipeline-338_20211018_1634516203/src/newlib/newlib/libc/stdlib/rand.c
+../../mod_platform/int/wifi_patch.c
+";M<O<I
+ (Monitor)
+MSP   =%08X, PSP   =%08X
+MSPLIM=%08X, PSPLIM=%08X
+MYFeDO
+NF F*F
+NHOKOI
++N+M3h+H
+ (NMI)
+ (No coprocessor UsageFault)
+ (NoException)
+ (None)
+non udp ping/pong, wake up host.
+o3.JC /I
+O(#kC0h
+&O&M;h
+p3p*FO
+PAC_FiqHandler, AckFail, queue: %d
+ PAC_Fiq  PAC_NTD_STATUS__RESP_RX_STORED 
+PAC_ProcessEbmIntContenAckFail()
+pa_i_cali_wifi_0x34: 0x%x
+PAS_GetEbmTxRequests(), pTxRequest->Flags: 0x%08x, pTxRequest->RateIndex: %d,TxBaAgreementNum=%d
+PAS_GetEbmTxRequests(), SeqQueueIdleStatus: 0x%04x, sPasGlobal.AggrTxInProgress: %d
+PAS_GetEbmTxRequests(), TxBaAgreementNum].State=%d,BATxTidMask=0x%x 
+PAS_SetTsfTimerOnStamp, %d, TSF=0x%08x
+patch_config_dig_gain_table,index: %d, gain: %d,MaxPwrForChan: %d
+patch_HI_DefaultMsgHandler(): (Id=0x%x, Len=%d)
+patch_HI_Set_Coex_Params, hw_epta_enable:0x%x, new_run_flag:0x%x, gEptaBypass: %d
+patch_LMAC_Req_PS_PowerMgmtMode() - Mode %x, PowerBusyEvents:0x%08x
+patch_LMAC_Req_SYN_SetBssParams(), 0x%08x,0x%08x
+patch_LMAC_Req_SYN_SetBssParams(), 0x%08x,0x%08x,0x%08x
+patch_LMC_AddInterfaceToChannel. ChanNum:%d, iner:%d
+patch_LPO_calib_IRQHandler,  CalibCountSaved=%d, CalibCounterRegStartVal=%d
+ patch_PHY_RF_TX_TurnOffAuxAdc
+&&& patch_PS_BeaconWindowTimerHandler(),BeaconLostCount=%d, rom_OS_Time=%u tsf:%u
+@@@@ patch: switchchannel gPhyTemData.iChnlID: %d, eRadioBand_cfg: %d,current_band: %d 
+patch test mode, run_test_cmd= %d ,band= %d!
+patch_TX_Generate_Backoff_Slots retry timeout. val0x%x
+@@@@ patch: wifi_low_power_cfg_qfn_1p3v band:%d
+@@@@ patch: wifi_low_power_cfg_qfn_1p8v band:%d
+ path_PHY_RF_TX_TurnOnAuxAdc
++pb)F F
++pb)F F	
+PC =%08X
+pcS`pG
+pcs`sh#
+#pcYFPF
+ pG	 pG
+pGpGpGp
+ pGY(O
+p;hb|Yx
+P HD*K
+"pK F)F
+pLpKqJqHrI
+pmu_temperature_adc2temp_calib
+Possible Backtrace:
+power_compensate_by_temperature_2002
+ (Precise data bus error)
+PRIMASK   =%02X, FAULTMASK   =%02X, BASEPRI   =%02X, CONTROL   =%02X
+Q69!D@
+QjAF:F
+Qkkbal
+R12=%08X, SP =%08X, LR =%08X
+R%-2d=%08X, R%-2d=%08X, R%-2d=%08X, R%-2d=%08X
+r5I(Da
+ramrun_test_main
+rand_filt_gen
+RaNHD3h
+receive a tcp ack
+recover_wifi_cali_result
+recv a normal tcp pkt1
+recv a normal tcp pkt2
+recv a tcp klv ack,rcv_time:%u ackno:%u seq:%u
+recv a udp ping
+recv pong, time %u.
+ REENT malloc succeeded
+rELFOFN
+@@@@@@@ retry 1, 0x%x
+@@@@@@@ retry 2
+@@@@@@@ retry 3, 0x%x
+@@@@@@@ retry 4
+RF[FPFYF
+#RFIF8F
+R!h$Hi
+R!h0Hi
+R/h+`2
+R!h2Hi
+R!h Hi
+R!h"Hi
+R!h&Hi
+R!h(Hi
+R!h*Hi
+R!h,Hi
+R!h.Hi
+rx buf is NULL. buf:%p, len:%d
+rx buf len %d > %d
+RX/TX-DMA configured on SPI %d
+%s ()<
+%s ()>
+s3fsh#
+saJaIC MF
+save_wifi_cali_result done, size:%d
+%s %d band(0:2.4;1:5):%d tbl_idx(0:20;1:40):%d
+%s:%d, error: rx length is 0
+%s:%d, no rx buf
+%s:%d, rx buf is NULL
+%s:%d, rx buf len %d > %d
+%s:%d, sdio_callback->hal_sdio_device_rxtx_start is NULL
+ (SecureFault)
+%s efuse:%d/%d LV=%d, HV=%d, 1000*Slope=%d
+%s efuse:%d/%d LV=%d, HV=%d, Slope:%d Intcpt:%d
+%s: handler already registered: user=%d handler=%p existedUser=%d
+%s: handler cannot be NULL: user=%d
+%s: handler list full: user=%d handler=%p curCnt=%u
+SHCSR=%08X, CFSR =%08X, HFSR =%08X, AFSR =%08X
+%s L%d cali_temperature:%d
+%s L%d rfpll temperature compensation error: timeout.
+Sleep exit: schedule_evt%x pwr_busy_evt:%x
+Sleep failed, event: 0x%08x pwr_busy:0x%08x 
+sleep terminate, transq:%d sleep_flag:%d
+Sleep Timer:0x%08x callback:0x%08x
+%s line%d ()< 
+%s line%d ()> 
+%s Line%d ()<
+%s Line%d ()>
+%s Line%d 0x5b:0x%04x, 0x5c:0x%04x
+%s Line%d 2g dc CaliTime:%dms
+%s Line%d 2g iq CaliTime:%dms
+%s Line%d 2g iq data gen CaliTime:%dms
+%s Line%d 5g dc CaliTime:%dms
+%s Line%d 5g iq CaliTime:%dms
+%s Line%d 5g iq data gen CaliTime:%dms
+%s Line%d abs_centigrade:%d
+%s Line%d band(0:2g,1:5g,2:dual):%d; mode(0:normal, 1:test):%d
+%s Line%d cali_flag_one:0x%08x
+%s Line%d cali_num:%d compression_dB:%d
+%s Line%d can not add (%d), but keep running (+0.5)!
+%s Line%d can not reduce (%d), but keep running (-0.5)!
+%s Line%d can not reduce (%f), but keep running (-0.5)!
+%s Line%d ch[%d, %d] 0x11d:0x%x
+%s Line%d ch_id:%d, 0x11d:0x%04x
+%s Line%d CpuFreq:%u, TotalCaliTime:%dms
+%s Line%d dac CaliTime:%dms
+%s Line%d dac:%d; dc:%d,%d; iq:%d,%d; dpd:%d,%d; rc:%d;
+%s Line%d error: force continue!
+%s Line%d error: recover cali data faild.
+%s Line%d error:rx timeout
+%s Line%d freq_index:%d, 2g dpd+dc+iq CaliTime:%dms
+%s Line%d freq_index:%d, 5g dpd+dc+iq CaliTime:%dms
+%s Line%d g_rf_sw_io_select:%d
+%s Line%d g_rf_sw_io_select:%d, metal_id:%d
+%s Line%d g_wf_cali_crc:%lu, crc:%lu
+%s Line%d malloc tx2rand fail
+%s Line%d malloc txsingletone fail
+%s Line%d no need repeatable cali.
+%s Line%d protect dpd table.
+%s Line%d skip cali, freq_index:%d
+%s Line%d skip wifi cali success.
+%s Line%d temperature(%d, %d]
+%s Line%d temperature(%d, %d] 0x11d:0x%x
+%s Line%d WAFER_PACKAGE_2002_SELECT(0:wlcsp; 1:qfn; 3:fanout;):%d
+%s Line%d warning: can not skip cali.
+%s Line%d wifi reset
+%s line%d WIFI_RF_SW_IO_SELECT:%d 
+%s: patch_2001_en_flag=0x%x relocation_marker=0x%x:  %d
+SPIPHY: Bad bits cfg
+SPIPHY: SPI cs bad: %d
+SPI rate too large: %u
+SPI rate too small: %u
+%s, recover wifi cali result
+%s, rxbuf_cnt mismatch:%d, %d
+sSDJEIC 
+%s: Set RT irq in hal_uart_dma_recv_mask... to avoid data lost
+Stack:
+ (Stack overflow UsageFault)
+*** stack smashing detected ***: terminated
+%s temperature_25=%d
+STE-P2P
+%s, volt error. %u
+#sv#z#
+%s, wifi cali result crc error. addr:%p
+sysfreq =%d,0x40000078= 0x%08x
+SZBZA*`
+T2YF F
+@T.4'F
+test_BG_timerHandler,PowerBusyEvents:0x%08x
+The channel is not right,please check again
+, ThreadMode
+"tK F)F
+tlC O H
+tpEC;h+D
+TRACE-%u: Wait memsc timeout
+ts_C#h
+TSF ProbeResponder = FALSE 
+TX-DMA configured on SPI %d
+uCuJ}I
+ (Unaligned access UsageFault)
+ (Undefined instruction UsageFault)
+ (UsageFault)
+usbphy open fail
+?UUUUUU
+V3&J+IC 
+=!	V=a
+vbat:reg 0x%x, vbat %d
+V?LUUUUU
+VUUU[F
+wakeup host,reason=%d
+wakeup_timer_handler. gpio:%u
+wifi_agc_config
+wifi_cali
+wifi_cali_dac_v2
+wifi_cali_data_crc_check
+wifi_cali_data_crc_update
+wifi cali result 0x%08x crc:0x%08x, len:%d.
+wifi_cp_reset_skip_cali
+wifi_deinit
+wifi_dpd_boot_low_power_en
+wifidrv_rf_init.... 
+wifi_init
+wifi_iomux_cfg_switch
+wifi_iq_cali_2g_v2
+wifi_recover_cali_data
+wifi_rfpll_temperature_compensation
+wifi_rf_switch_band(0:2g 1:5g),old: %d, new: %d
+wifi_switch_freq, freq:  %d
+wifi_switch_freq, write cali_channel: %d, channel: %d
+wifi_test patch start=0x%08x, __wifi_patch_code_end=0x%08x
+wifi_test patch! wifi_sysHook->system_init=%p, patch_offset=%d
+wrong udp length!
+XBXApG
+#`x#(H
+x%hh`)pj
+`]xh#kC
+xJyIC 
+XJZIE 
+XPSR=%08X
+XsC 2J3I
+Y@1@K@a
+YF8FdK
+yF9K@"
+YF F[K
+yF!K@"
+"YK F)F
+y@Y@A@
++`!y`yj
+z=7=7===N=P=P===R=T=T===V=X=X
+@ZAF:F
+zD 3J3I
+zD iJnI
+zE \J\I
+ZFd!PF
+'ZF)F0F
+ZF)F0F
+ZhC CFEI
+zIF@F(
+zJ{IB 
+=@zj?@L~@@\GA@l
+~~}{zxuspmjfb^ZUQLGA<61+%
diff --git a/fw-analysis/best2002_fw_sdio.strings.fnnames.txt b/fw-analysis/best2002_fw_sdio.strings.fnnames.txt
new file mode 100644
index 000000000..ee7e4e93a
--- /dev/null
+++ b/fw-analysis/best2002_fw_sdio.strings.fnnames.txt
@@ -0,0 +1,191 @@
+best2002_wifi_main
+btdrv_bridge_send_data
+btdrv_bt_modem_config
+btdrv_clear_spi_trig_pos_enable
+btdrv_config_init
+btdrv_delay_cap_calib
+btdrv_function_patch_init_common
+bt_drv_reg_op_ble_rx_gain_thr_tbl_set
+bt_drv_reg_op_bt_master_sleep_enable
+btdrv_reg_op_config_coex_mode
+bt_drv_reg_op_le_pwr_ctrl_feats_disable
+bt_drv_reg_op_set_inquiry_scan_activity
+btdrv_txpower_calib
+bthci_lpm_init
+bthci_lpm_thread
+bthci_set_afh_host_channel_classification
+bthci_state_record_init
+bthci_uart_io_close
+bthci_uart_io_init
+bt_iqimb_dma_enable
+bt_tx_pulling_write
+bt_wifi_coex_thread
+close_usb_test
+coex_bt_state_notify
+config_dpd
+data_retransfer_thread
+dpd_write_table
+em_ble_rxclknsync1_clknrxsync1_getf
+em_bt_rxclkn1_getf
+em_bt_rx_hwagc_hwagc_idx_getf
+factory_get_calib_data_from_efuse
+factory_get_power_from_efuse
+factory_get_section_from_efuse
+factory_powerlevel_convert_to_index
+factory_set_calib_data_to_efuse
+factory_set_power_into_efuse
+filter_list_mutex
+get_bdr_pwr
+get_btmac
+get_btoui
+get_edr_pwr
+get_flags
+get_mac
+get_next_block
+get_prev_free_block
+get_save
+get_save_freqoffset
+get_woui
+h5_thread_tx_mutex
+h5_transmit_data_to_host
+hal_dma_cancel
+hal_dma_chan_busy
+hal_dma_free_chan
+hal_dma_get_chan
+hal_dma_get_cur_dst_addr
+hal_dma_get_sg_remain_size
+hal_dma_irq_run_chan
+hal_dma_sg_2d_start
+hal_dma_stop
+hal_gpadc_adc2volt_calib
+hal_gpio_pin_clr
+hal_gpio_pin_get_val
+hal_gpio_pin_set
+hal_gpio_pin_set_dir
+hal_gpio_setup_irq
+hal_intersys_open
+hal_intersys_rx_irq_handler
+hal_intersys_tx_irq_handler
+hal_iomux_cfg_wifi_switch
+hal_iomux_set_function
+hal_iomux_set_sdio_voltage
+hal_ispi_activate_cs
+hal_ispi_open
+hal_pm_notif_register
+hal_sdio_adma_compensate
+hal_sdio_adma_config
+hal_sdio_device_irq_handler
+hal_sdio_device_wifi_rxtx_start
+hal_spi_init_ctrl
+hal_spiphy_activate_cs
+hal_spiphy_open
+hal_spi_recv_id
+hal_spi_send_id
+hal_trace_crash_dump_register
+hal_trace_open
+hal_trace_output
+hal_transq_clear_previous
+hal_transq_local_irq_handler_body
+hal_transq_remote_irq_handler
+hal_uart_close
+hal_uart_continue
+hal_uart_dma_send
+hal_uart_flush
+hal_uart_get_dma_recv_addr
+hal_uart_get_flag
+hal_uart_irq_set_dma_handler
+hal_uart_irq_set_mask
+hal_uart_open
+hal_uart_opened
+hal_uart_stop_dma_recv
+hci_bt_state_set
+hci_close
+hci_get_vendor_cmd_frame_len
+hci_open
+hci_send_to_btc_thread
+hci_send_to_host_thread
+hci_uart_send_to_host
+host_event_wifi_off
+host_event_wifi_on
+host_if_common_init
+host_if_resume
+host_int_irq
+hwtimer_alloc
+hwtimer_handler
+hwtimer_stop
+init_dig_gain_offset
+ld_inq_rx_patch
+list_append
+list_begin
+list_end
+list_free_node_
+list_front
+list_is_empty
+list_length
+list_next
+list_remove
+lld_adv_end_ind_handler_patch
+lld_con_rx_patch
+lmac_event_thread
+malloc_list
+malloc_list_node
+mcu_to_lmac
+mcu_tx_driver
+med_heap_add_block
+med_malloc
+multi_heap_malloc_impl
+multi_heap_register_impl
+pmu_read_temperature
+pmu_temperature_adc2temp_calib
+power_calib_finish
+power_compensate_by_temperature_2002
+power_debug
+ramrun_test_main
+recover_wifi_cali_result
+restore_dpd_config
+rf_cmd_nosignaling_test_handler
+rf_nosignaling_test_start_up
+save_bdr_pwr
+save_edr_pwr
+sdio_rx_thread
+set_baud_rate
+set_btmac
+set_btoui
+set_mac
+set_woui
+split_if_necessary
+start_recv_dma_with_mask
+syspool_get_buff
+syspool_original_size
+tx_idle_timer_handler
+tx_pulling_rf_dig_set
+uart_mutex
+wakeup_lock_timer_init
+wifi_agc_config
+wifi_bes2600_cmd_test
+wifi_config_cali_from_linux
+wifi_deinit
+wifi_dpd_boot_low_power_en
+wifi_driver_mcu_msg_seq_fill
+wifi_driver_rf_cmd_test
+wifi_get_rx_data
+wifi_init
+wifi_iomux_cfg_switch
+wifi_recover_cali_data
+wifi_rf_cmd_confirm
+wifi_rf_msg_rep
+wifi_rfpll_temperature_compensation
+wifi_rf_set_tpc_table
+wifi_sdio_init
+wifi_sdio_send
+wifi_sdio_send_mutexed
+wifi_send
+wifi_send_mutex_acquire
+wifi_send_mutex_release
+wifi_stop
+wifi_test_cmd
+wifi_transq_init
+wifi_vendor_rf_cmd_select
+wlan_ap_suspend
+wlan_ap_wakeup_cfg
+wlan_sdio_wakeup_ap
diff --git a/fw-analysis/best2002_fw_sdio.strings.txt b/fw-analysis/best2002_fw_sdio.strings.txt
new file mode 100644
index 000000000..ab8db4d14
--- /dev/null
+++ b/fw-analysis/best2002_fw_sdio.strings.txt
@@ -0,0 +1,1583 @@
+------
+=========================
+$0,J-I
+$4M3h"F
+$	'I'H
+#$I"JC 
+($lIB 
+$)M*N"F1FD
+`$nIB 
+$yB "F:I
+$yB "FkI
+`+`#`0
+0#2J%I
+05H5I#
+0F9FBF#F
+0F)F"F
+0F*F!F
+0HM\hHNEO
+0:hMIZ`C :F3F
+0"IIKH
+`0K3J@F
+0x%04x = 0x%04x
+0x%04x=0x%04x
+0x%08x = 0x%08x
+0x%08x=0x%08x
+0x400000a0: 0x%x, a4:0x%x
+0x80001eb4=0x%x 0x80001eb8=0x%x
+0xd0220c00:%x
+0xD0330020:%x
+0xd0330050: 0x%x, 54:0x%x
+0xd0340020:%x
+0xD0350218:%x
+0xd0350248:%x
+	1F(F#
+#1F(F"
+1F*F)H
+1@FYCIK
+1#?J8IC 
+(`1M)h
+}1}N}k}
+@@@@@@,1 SEQ_STATUS_IDLE
+1YbZvYjA
+2002,  patch_wifi_testMode,cfg.test_rx_count:0x%08x
+2002,  patch_wifi_testMode,*rom_rx_signal_count:0x%08x
+2.4G cali ch idx %d invalid 0x%04x, use default value
+2.4g powerlevel indx= %d
+2F0IB 
+2FAFB 
+2FB ,I
+2"F!F@
+2F;F0F9F
+2F)F F
+2FIFC 
+2G 11N power[%d]=0x%4x
+2g calib flags: %d
+####2g g_wfdrv.cali_tx_power: %p
+######2g tx no calib !!
+2?&+hAI
+(2#|hI
+2I"JC 
+#2iriku
+2jhQIC 
+"2K F)F
+2K.O0L
+2(L*h#h
+@@@@@@,2 SEQ_STATUS_IDLE
+30I0K1H
+35I5JC 
+3#bch^
+3C DJFI
+3{Cq3FS
+3F*F9F8F
+3F:FQFHF#
+3FJ#tFHGM
+3h-h%O
+3HIHJC 
+3>I?JC 
+#3p F@K
+|3|U|v|
+40iF8F
+@40/R.
+#4J8IC 
+5G 11N power[%d]=0x%4x
+5g calib flags: %d
+5G cali ch idx %d invalid 0x%04x, use default value
+###5g g_wfdrv.cali_tx_power_5g: %p
+5g powerlevel index= %d
+5g powerlevel indx= %d
+######5g tx no calib !!
+`5J5I6H6K
+5J5IC 
+6 7!H(I):";#
+6ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
+@"6KZ`
+6N7IA 
+72FchIFD
+7I8H8N
+7J7IC 
+7J"DRx
+ 7KAF  
+87 F%K
+8F1F*F#F
+`8I9L9K:J
+8J9IC 
+#9F(F"
+`9H:K:J
+a#0J1ID 
+abandon=%d.
+abort error:%x,%x
+aciCa#z
+A#C )J)I
+acl_par:link id=%d acl_par_ptr 0x%x, clk off 0x%x, bit off 0x%x, last sync clk off 0x%x, last sync bit off 0x%x
+AF+FC 
+    after last switch 
+ahFB"h
+AI_AMA
+AI_BIXBY
+AI_GMA
+AI_GVA
+AI_VOC
+AJBIC 
+AJm	H"
+AKKJ[h
+ALAJch
+alloc wakeup_timer fail
+AM+zii
+AOB_SM
+APPMAIN
+APPTHREAD
+, APSR=%c%c%c%c%c
+#############ASSERT##############
+AUDFLG
+avdtp_signal_handle DIR:%s
+average_value=0x%x and RF_2A1_9_6=0x%x.
+aXdYcXaY`
+aYaYi!
+ba`(0P
+BAB_TxFrameComplete()
+BAB_TxFrameComplete()- BAB_TASK__PROCESS_TX_ADDBA_REQ_FRAME
+BAB_TxFrameComplete()- BAB_TASK__SEND_BAR_FRAME
+bad channel. freq:%u-%u
+Bad func=%d for IOMUX pin=%d
+Bad GPIO pin %u (should < %u)
+BDR calib data: 0x%x
+BeaconWindow=%d BeaconWindowTime=%d BeaconWindowAdj=%d
+best2002_wifi_main
+ (BFAR valid)
+B "F|I
+BG test, os_time= %d , sleep= %d
+`#`BHCLCJ
+ @bh F
+bit pos : %d
+B@J@Z@
+BLEAPP
+BLEPRF
+"BMBOCI
+*;@B MI
+.bqb{csbr
+BT_ADAPTOR
+BT ALLOW SLEEP
+BT_ALLOW_SLEEP
+bt bdr_pwr flag : %d
+BTC:2002 work mode patch version:%08x
+BT calib flags: %d
+BTC is power down. CTRL:0x%x
+bt config calib from efuse
+BT controller BusFault_Handler:
+BT crash dump complete!
+bt div cali invalid, use default value
+btdrv_bridge_send_data
+btdrv_bt_modem_config
+btdrv_calib_bt has been executed
+btdrv_clear_spi_trig_pos_enable
+bt_drv_config_coex_mode %d
+btdrv_config_init
+btdrv_delay_cap_calib
+btdrv_function_patch_init_common
+bt_drv_reg_op_ble_rx_gain_thr_tbl_set
+bt_drv_reg_op_bt_master_sleep_enable
+btdrv_reg_op_config_coex_mode
+bt_drv_reg_op_le_pwr_ctrl_feats_disable
+bt_drv_reg_op_set_inquiry_scan_activity
+btdrv_rx
+btdrv_SendData
+btdrv_start_bt has been executed
+btdrv_txpower_calib
+#BT_DRV:vendor syncword invalid
+BT_ENTER_SLEEP
+bt factory crc error, use default value
+bt freq cali flags set err, calibration not complete
+bthci_lpm_init
+bthci_lpm_thread
+bthci_set_afh_host_channel_classification
+bthci_state_record_init
+bthci_uart_io_close
+bthci_uart_io_init
+bt_IQ_DC_Mismatch_Correction_Release
+bt_iqimb_dma_enable
+bt msg len error. %u
+BT --> OFF
+BT --> ON
+bt powerlevel cali invalid, use default value
+#####bt read freq calib value = 0x%04x
+BT_REG_OP:BT 2002: metal id=%d,patch version=%08x
+btrf cmd: bt_bdr_rx_signal
+btrf cmd: bt_bdr_tx_signal
+btrf cmd: bt_ble_nosignal_start
+btrf cmd: bt_ble_nosignal_stop
+btrf cmd: bt_edr_rx_signal
+btrf cmd: bt_edr_tx_signal
+btrf cmd: bt_enter_signal_mode
+btrf cmd: bt_get_bdr_power_cali
+btrf cmd: bt_get_edr_power_cali
+btrf cmd: bt_get_factory_from_efuse
+btrf cmd: bt_hci_reset
+btrf cmd: bt_le_receiver_test
+btrf cmd: bt_le_test_end
+btrf cmd: bt_le_transmitter_test
+btrf cmd: bt_read_reg
+btrf cmd: bt_save_bdr_power
+btrf cmd: bt_save_edr_power
+btrf cmd: bt_save_factory_to_efuse
+btrf cmd: bt_scan
+btrf cmd: bt_set_bdr_power
+btrf cmd: bt_set_edr_power
+btrf cmd: bt_set_power_cali_flag
+btrf cmd: bt_stop_rx_signal
+btrf cmd: bt_write_reg
+btrf raw data:
+btrf reg addr:%04x val:%04x
+bt_rx data too long: bt_rx_len=%d, len=%d, limit=%d
+bt_tx_pulling_write
+bt_wake_ap finish pin_val:%d
+bt_wake_ap start pin_val:%d
+BT WAKEUP
+BT_WAKEUP_HOST
+bt wakeup host done
+bt_wakeup_host_notify, wsm_id : 0x%x
+BT_WAKEUP_HOST SLEEP_STATE %d
+bt_wifi_coex_thread
+########bt write freq calib value =0x%04x
+ (BusFault)
+ (BusFault during floating-point lazy state preservation)
+ (BusFault on stacking for exception entry)
+ (BusFault on unstacking for a return from exception)
+by0IB 
+bycxbpbz
+bzc{bsbybrbxcpbq
+%c %08X: %08X
+C1J1IC 
+C`3`EA
+#ca#ac`8
+######	CalibCountSaved= %d,CalibCounterRegStartVal= %d
+calib_val:%d
+cali_temperature:%d, rf_version:%d
+cali_tx_gain[%d] = 0x%04x;
+cal_tx_power[%d * 2+1] = 0x%04x;	offset = %f;	cali_tx_gain[14] = 0x%04x;
+cal_tx_power[%d * 2+1] = 0x%04x;	offset = %f;	cali_tx_gain[%d] = 0x%04x;
+cal_tx_power[%d * 3+2] = 0x%04x;	offset = %f;	cali_tx_gain[14] = 0x%04x;
+cal_tx_power[%d * 3+2] = 0x%04x;	offset = %f;	cali_tx_gain[%d] = 0x%04x;
+cC 4J4I
+cc`chZ
+C#D^`#`
+CEWNIDV-
+CFJ>IC 
+checksum error. 0x%x 0x%x
+C	I	JC 
+c]I]M^O
+#c`#j#
+c,J$IC 
+C/J1ID 
+]C`JaIC 
+CJDIC 
+cJFEIC 
+C &J)I
+c#J#IC 
+c-J-IC 
+c/J/IC 
+c;J<IC 
+C+J,IC 
+C>J>IC 
+C<J=IE 
+`CKDLDJ
+ClJjIC 
+#C LJSI+p
+close_usb_test
+coex_bt_state_notify
+co_mod
+config_dpd
+CP2MCU IRQ:0x%x. bit0 is used for mcu transq rx irq
+CPSR=0x%08x
+CPU freq: %u
+CPU USAGE: busy=%d light=%d sys_deep=%d chip_deep=%d
+#Cq#FS
+create btc thread fail
+create bthci_lpm_thread fail
+create bt_intersys_rx_wait_sem fail
+create bt_tx_wait_sem fail
+create bt_wifi_coex_thread fail
+create host thread fail
+create rx_from_host_wait_sem fail
+	csJsIC 
+C UJUI
+Current List
+<!cx<+
+Cx0;KC
+cy"yB 
+C+`"y`yi
+cYYYYYeYYYYYaaYYYYYYYYYYYYYYYYYYYYYcYcYcYYYeYeYeYYYaYaYaYYYcYcYcYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYeYeYeYYYaYaYaYYYcYcYcYYYeYeYeYYYaYaYaYYYcYcYcYYYYeYeYeYYYaYaYaYYYcYcYc
+D9FXh|K
+ (Data access violation)
+data_retransfer_thread
+ (Data Watchpoint Match)
+[%d] buf=%p(seq.%d if.%d id.0x%x t.%u) toggle=%08x
+[%d] ctrl=%08x toggle=%08x t.%u
+[%d] ctrl=%08x toggle=%08x t.%u blocks=%x
+DebugEvent   :
+####DEBUG: FastPsmEnabled=%d, UapsdFlags=0x%x,bcn_schedule_count=%d 
+####DEBUG: PsmState=%d, MgmtMode=%d,TxOutstanding=%d 
+####DEBUG: RxInProgressFlags=%d, SwitchingChannel=%d,PowerBusyEvents:0x%08x
+Dec 26 2023 19:34:29 8125e20be:best2002_fw
+Delay List
+DelInterfaceFromChannel. ChanNum:%d, iner:%d
+D)F(Frp
+d:FIFD
+d F"K!s
+DFSR =%08X
+dig_band_switch, band: %d
+dig_config....
+dih JB
+ (Divide by zero UsageFault)
+D#	J	IC 
+DMA chan not enabled: inst=%u hwch=%u
+DMA not configured on UART %d
+DMA not supported on UART %d
+dMeN+h2h
+DOK&D@F
+ +D#`p
+dpd_write_table
+DRIVER_SIGNALING_CMD process failed
+DRVANA
+DRVCODEC
+DRVFLS
+DRVSEC
+DRVUSB
+[%d]txpll capbank not done,and 0xED=0x%x
+[%d] TX SLOT:0x%x,%d RX SLOT:0x%x,%d
+#D UJWI
+Dump the 2g power value  
+Dump the 5g power value  
+Dump the calib flags value
+Dump the wifi addr value  
+##### EbmMonitorHandler tx=%d cnt=%d reset=%d
+EBM WORKAROUND INVOKED!!
+EDR calib data: 0x%x
+efuse/val:0x%02x/0x%04x
+e*!*!***G*I*I***K*M*M***O*Q*Q***S*U*U***W*Y*Y****[*]*]***_*a*a***c
+#{e+h9e
+ehC +F`J`I
+ehCJ+FCIC 
+eJfIB 
+!E ]J]I
+eKeJfM
+em_ble_rxclknsync1_clknrxsync1_getf
+em_bt_rxclkn1_getf
+em_bt_rx_hwagc_hwagc_idx_getf
+eMx"1FdH
+enqueue channel freq config fail
+enqueue coex event:%d fail
+enqueue lpm event:%d fail
+enqueue sleep config fail
+------ Enter %s ------
+, EPSR=%08X, IPSR=%03X
+Epta_bt_config dur %d
+ERROR29!!!!!
+ERROR Connect Handle=0x%x ca=%p
+error: dma_error:%d
+error fast timer state:%d
+Error, frame len:%u
+Error, frame len:%u, rx qlen:%u
+Error: pmu shutdown failed!
+error, read battery timeout0
+error, read battery timeout1
+error, read temperature timeout0. ret:%d
+error, read temperature timeout1
+error. total:%u, already:%u
+error: uart irq error. status:0x%x
+errror: please set band as 2G4 or 5G
+(Escalation HardFault)
+esco linkid :%d
+EvrRtxThreadError, thread name:%s, status:%d
+### EXCEPTION ###
+, ExceptionNumber=D'%d
+Exception Reason %d
+, EXC_RETURN=%08X
+------ Exit %s ------
+#`` F#
+*# #@F
+`# # F
+F($,N-K
+F0F9F8
+F0F9Fc
+F0F9F"F+F
+F0F9FS
+F0F"F9F+F
+;"F1FC %
+:F1F F
+*F1FPF
+	! F1K
+#)F2FC 
+&#F2FC
+F2F;F0F9F
+F2F;FQ
+F2FPF;FYF
+!F3F*F
+F3F]`i`
+F3O3N4M
+{F3`u`@#
+"F4D3FD 
+"F6IB 
+!F8F&p
+)F8F.p
+ F9F2F
+:F9F(`8F
+ F9FBF
+?*F+`9F#hC 
+factory_get_calib_data_from_efuse
+factory_get_power_from_efuse
+factory_get_section_from_efuse
+factory_powerlevel_convert_to_index
+factory_set_calib_data_to_efuse
+factory_set_power_into_efuse
+"FAFC 
+"FAF(F
+FAIL_BES_RF:write clock freq into flash fail
+Failed to get DMA channel
+Failed to get dst periph: %d
+Failed to get src periph: %d
+Failed to open intersys
+Failed to open pmu
+FaultCause   :
+FaultInfo    :
+FBFKFPFYF
+FBFKFQ
+"FB HI
+"FB ?I
+"FB LI
+"FB NI
+FC +F"F
+FCF F1F
+#:FcH1
+#FC #J%I
+FdK0F9F
+FEKEMB 
+#:F(F!
+,"F+F(
+!F*F0F
+#:F!F0F
+)F"F0F	
+*F!F0F
+"F+F0F9F
+@F!F2F
+F F2F)F;F
+*F!F2H
++F"FAIC 
+#F*FC 
++F"FC 
+)F,Ff~
+#F"F!F
+)F F;F
++F*F)F2H
+ F)F:F3F
+#F"F!F9H
+F F)FD
+"F+F F)F
+F+F F)F
+F[F F)F
+F+F@FIF
+F"F+FQ
+F F)FS
+!F#F\H
+*F!F?H
+&)F F+p
+F[FPFYF
+!F#FQH
+F+gB VI
+"FGIB 
+#:F_H)
+f#h"FE
+*F!i0D
+"F IB 
+"F&IB 
+"F)IB 
+"F>IB 
+"F@IB 
+"F}IB 
+*F'IB 
+*F(IB 
+[F;IC 
+FIF@F#`
+*FIIIH
+filter list full
+filter_list_mutex
+filter opcode:%04x evt
+{FIN3`
+FINAL %d,best_g=%d,best_p=%d,e=%d,energy_min=%d
+FINAL DC best_i=%d,best_q=%d,e=%d,energy_min=%d
+find sdd matrix
+F(J8F#
+F!JC #F!I
+F-JhF#
+:(F+J+K
+{F<L#`
+FmJ#FC mI
+{F M+`o`@#
+{F+`n`@#
+F#N3gB 'I
+fNfMgO F
+"FNIB 
+F'N(O3h(I
+F-Nui(F
+FPF2FYF;F
+FPFBFYFKF
+FPF"FYF+F
+FPFYF2F;F
+FPFYFC
+#FP!HCS
+# F+pm
+"FQFB 
+*FQFB 
+;"FQFC %
+    frame:0x%08X
+freq calib flag : %d
+freq calib flags: %d
+freq calib value: %d
+freq cali data invalid 0x%04x, use default value
+FRF[F0F9F
+FRF[FQ
+#FrIrJC 
+!FSF(F
+#FsJC sI
+&Fsx2x
+[Func %d io %d] is unsupported by pin_func_map. Check it or use reg assignment like iomux_set_uart0.
+ (Function %d matched)
+f?>UUUUU
+"FVIB 
+#:FXF!
+:@:F<@Z
+fZf]f\f
+!)@:F,@zj/@\G1@|
+G0"LILH
+G1K!F F
+G3h 3ca
+G9F(FvK
+G@"AFMH
+g_dc_iq_rst_u32_5g[0][0]:0x%08x, [1][0]:0x%08x
+gen_int:%x %x
+get_bdr_pwr
+get_btmac
+get_btoui
+get_edr_pwr
+get_flags
+get_mac
+get_next_block
+get_prev_free_block
+get_save
+get_save_freqoffset
+Get the 2.4g power index
+Get the 5g power index
+get_transq_ptr_tx_count = %d
+get_woui
+GF#2F9F F
+g F)F2F;F
+ gfff@
+(#gIC 
+G I!J	h
+GIJ(`II
+g#	J	I
+G[J(`[I
+G[J\I(`
+G\J\I(`
+G\J]I(`
+G]J]I(`
+G]J^I(`
+G^J^I(`
+G{J{I(`
+G{J|I(`
+G|J|I(`
+G|J}I(`
+G}J}I(`
+G}J~I(`
+G~J~I(`
+GJJ(`JI
+GJ!!!M
+G#K[ 3
+GKF!0F
+GKJ(`KI
+G~K~OS
+"gKZ`O
+GLJ(`LI
+GLK!F F
+ GL@MH
+GMJ(`MI
+GNJ(`NI
+GOJ(`OI
+GPJ(`PI
+`gpsjAF
+GqJqI(`
+GqJrI(`
+GrJrI(`
+GrJsI(`
+?GRMSK
+GsJsI(`
+GsJtI(`
+GtJtI(`
+GtJuI(`
+GuJuI(`
+GuJvI(`
+GvJvI(`
+GvJwI(`
+GwJwI(`
+GwJxI(`
+GxJxI(`
+GxJyI(`
+GyJyI(`
+GyJzI(`
+GzJ{I(`
+GzJzI(`
+h0 Fah
+h5 free list null
+h5_thread_tx_mutex
+h5_transmit_data_to_host
+hal_audma_get_chan failed.
+hal_dma_cancel
+hal_dma_chan_busy
+hal_dma_free_chan
+hal_dma_get_chan
+hal_dma_get_cur_dst_addr
+hal_dma_get_sg_remain_size
+hal_dma_irq_run_chan
+hal_dma_sg_2d_start
+hal_dma_stop
+hal_gpadc_adc2volt_calib
+hal_gpio_pin_clr
+hal_gpio_pin_get_val
+hal_gpio_pin_set
+hal_gpio_pin_set_dir
+hal_gpio_setup_irq
+hal_intersys_open
+hal_intersys_rx_irq_handler
+hal_intersys_tx_irq_handler
+hal_iomux_cfg_wifi_switch
+hal_iomux_set_function
+hal_iomux_set_sdio_voltage
+hal_ispi_activate_cs
+hal_ispi_open
+hal_pm_notif_register
+hal_sdio_adma_compensate
+hal_sdio_adma_config
+hal_sdio_device_irq_handler
+hal_sdio_device_wifi_rxtx_start
+hal_spi_init_ctrl
+hal_spiphy_activate_cs
+hal_spiphy_open
+hal_spi_recv_id
+hal_spi_send_id
+ (Halted)
+hal_trace_crash_dump_register
+hal_trace_open
+hal_trace_output
+hal_transq_clear_previous
+hal_transq_local_irq_handler_body
+hal_transq_open failed: %d
+hal_transq_remote_irq_handler
+hal_uart_close
+hal_uart_continue
+hal_uart_dma_send
+hal_uart_flush
+hal_uart_get_dma_recv_addr
+hal_uart_get_flag
+hal_uart_irq_set_dma_handler
+hal_uart_irq_set_mask
+hal_uart_open
+hal_uart_opened
+hal_uart_stop_dma_recv
+    Handling Timer callback %p
+ (HardFault)
+h+`chC
+hci_bt_state_set
+hci_close
+hci_get_vendor_cmd_frame_len
+HCI LE Read Number of Support Advertising
+HCI LE Set Advertising Data len:%u
+HCI LE Set Scan Response Data:%u
+hci_open
+HCI_REC:accept AVDTP_CLOSE
+HCI_REC:accept AVDTP_OPEN
+HCI_REC:accept AVDTP_START
+HCI_REC:accept AVDTP_SUSPEND
+HCI_REC:acl connected handler:%04x
+HCI_REC:acl connect fail status:%02x type:%d
+HCI_REC:acl disconnected handler:%04x %02x
+HCI_REC:AVDTP_CLOSE
+HCI_REC:AVDTP_OPEN
+HCI_REC:AVDTP_START
+HCI_REC:AVDTP_SUSPEND
+HCI_REC:create_acl_conn:
+HCI_REC:DIR:H2C L2C_CONN_RSP avdtp_media %04x:%04x res:%d
+HCI_REC:DIR:H2C L2C_CONN_RSP avdtp_sig %04x:%04x res:%d
+HCI_REC:DIR:%s L2C_CONN_REQ avdtp_media scid:%04x
+HCI_REC:DIR:%s L2C_CONN_REQ avdtp_signal scid:%04x
+HCI_REC:dis_acl_conn:
+HCI_REC: disc other conn_handle:%04x
+HCI_REC:HCI_EV_INQUIRY_COMPLETE:%02x
+HCI_REC:HCI_INQUIRY:
+HCI_REC:HCI_INQUIRY_CANCEL
+HCI_REC:HCI_RESET
+HCI_REC:L2CAP_SIG_DISCONN_RSP scid:%04x dcid:%04x
+HCI_REC:le_conn_complete:%d
+HCI_REC:le disconnected handler:%04x
+HCI_REC:LE_SET_ADV_EN:%d
+HCI_REC:LE_SET_EXT_SCAN_EN:%d
+HCI_REC:linkkey notify
+HCI_REC:linkkey req
+HCI_REC:linkkey_req neg reply
+HCI_REC:linkkey req reply:
+HCI_REC:MODE_CHANGE:%d
+HCI_REC:reject avdtp start
+HCI_REC:reject signal id:%d
+HCI_REC:remote_conn_req link_type:%d
+HCI_REC:sco connected handler:%02x
+HCI_REC:sco connect fail status:%02x
+HCI_REC:sco disconnected handler:%04x
+HCI_REC:write_scan_enable:0x%x
+hci_send_to_btc_thread
+hci_send_to_host_thread
+hci_uart_send_to_host
+hci_uart_send_to_host release failed,%d
+HCI_VENDOR_PKT len too long:%d
+\HD\tEr
+Heap corrupt: %p
+#h`:F9F
+H#F"F!F
+H  F%K
+:h+FrC
+h=I:FB 
+hJd!XH"
+h#%J!IC 
+HK)x8x
+HMIJIH+
+hook_post_sys_init  rom_hook_cfg->rom_run_flag=0x%08x
+hook_wifidrv_rfpll_en(%d) pm=%d os_time=%d
+host_event_wifi_off
+host_event_wifi_on
+host_if_common_init
+host_if_resume
+HOST IF --> RESUMED
+HOST IF --> SUSPEND
+host_int_irq
+host seq:%d local seq:%d
+HOST_WAKEUP_BT
+ :hVLVI
+hwtimer_alloc
+HWTIMER-ALLOC: Invalid state: %d
+HWTIMER collapsed: irq occurred too early
+HWTIMER collapsed: irq when active is null
+hwtimer_handler
+HWTIMER irq occurred early: old active timer might be deleted? %u
+HWTIMER irq when active is null: might be deleted? %u
+HWTIMER-START collapsed: cur=%u active=%u
+__hwtimer_start_int
+hwtimer_stop
+HWTIMER-STOP collapsed: active timer 0x%08x not in list 0x%08x
+HWTIMER-STOP collapsed: cur=%u active=%u
+HWTIMER-STOP collapsed: elapsed=%u active=%u
+HWTIMER-STOP collapsed: fired timer 0x%08x not in list 0x%08x
+Hz&F)F
+I3`F <`
+IBRTAPP
+ICSR =%08X, AIRCR=%08X, SCR  =%08X, CCR  =%08X
+IdleTask: Failed to alloc sleep timer
+IdleTask: Failed to register crash dump callback
+@)I"FB 
+I+FC "F
+%I"F+F
+i!FJFXF
+IFRFC 
+!I JC 
+#*I+JC 
+iKiJjH
+'I'M(H
+Inactive
+INACTIVE
+init_dig_gain_offset
+init wakeup gpio:%x
+InpItem[%d]=%p
+input powerlevel is invalid
+ (Instruction access violation)
+ (Instruction bus error)
+INTERSYS-OPEN: rx_flowctrl=%d (should be %d)
+INTERSYS-RX: Handler missing
+INTERSYS-RX: Invalid msg type: %d
+INTERSYS-TX: Invalid msg type: %d
+Invalid ap wakeup config:%x
+Invalid AUDMA chan: %u
+Invalid baud param: %d
+Invalid data bits param: %d
+Invalid DMA inst: %u
+Invalid DMA periph: %d
+Invalid DMA policy: %d
+Invalid flow control param: %d
+invalid hci_type:%x
+Invalid packet type:%02x. queue len:%d
+Invalid parity param: %d
+ (Invalid PC load by EXC_RETURN UsageFault)
+Invalid Pwr Tbl Idx
+Invalid SPI RX bits: %d
+Invalid SPI RX FRAME bits: %d
+Invalid SPI TX bits: %d
+ (Invalid state UsageFault)
+Invalid stop bits param: %d
+Invalid UART ID: %d
+Invalid, use default value.
+IPSR():0x%x, PRIMASK:0x%x, BASEPRI:0x%x
+irq: gpio %d, val %d
+!is_first_block(heap, block)
+!is_last_block(block)
+ISPI: Bad bits cfg
+ISPI: SPI cs bad: %d
+IUUUUU
+)J5IB 
+!`JaH)
+]##JC $I
+=J+FE 
+JF!F(F
+jhZ`8Fbj
+_#	J	I
+`^J_I(`
+ JI2F;F
+"J#IB 
+#J!IB 
+)J*IB 
+;J<IB 
+	J	IC 
+#	J	IC 
+##J IC 
+#'J'IC 
+#(J)IC 
+#)J*IC 
+#*J*IC 
+#:J;IC 
+%J&IC 
++J%IC 
+,J-IC 
+-J.IC 
+.#	J	IC 
+.J.IC 
+J! Sh#
+=J+x8x
+}KB }J~I
+{@K@C@
+K#CICJC 
+ KcpG'(
+KF*FC 
+KFJFIF
+ K FYi
+	K\i F
+\K_IZxB 
+K!J"H"I
+KKQJA QI
+>!+K+N
+ K`pG'(
+`&K"tS
+KXh@BpG
+ L$I"nD
+ld_inq_rx_patch
+l:%d m:%d h:%d
+list_append
+list_begin
+list_end
+list_free_node_
+list_front
+list_is_empty
+list_length
+list_next
+list_remove
+*LjF)F
+%L%J%h
+LJMIC 
+"}L}K!h
+]L^KhJ F
+:L:KKJ F
+%"L#KT
+LKZOZJJL
+lld_adv_end_ind_handler_patch
+lld_con_rx_patch
+LLMJ0F
+lmac_event_thread
+LMAC InpItem_ptr prog=%u(%d) cmpl=%u(%d). detla:%u
+LMAC OutItem_ptr prog=%u(%d) cmpl=%u(%d). detla:%u
+LMAC TRANSQ LDONE_INTMASK:0x%08x  LDONE_RIS:0x%08x
+LMAC TRANSQ RMT_INTMASK:0x%08x  RMT_RIS:0x%08x
+LMC_BA_AddActionFrameToTaskList()
+lmp buff:
+lp clk: %d
+LR=0x%08x
+MAC:0x20260068-> 0x%08x, 0x2026006c-> 0x%08x
+mac addr flags: %d
+malloc ini
+malloc_list
+malloc_list_node
+malloc ok
+mcu freq -> %u
+MCU  InpItem_ptr prog=%u(%d) cmpl=%u(%d)
+mcu now=%u
+mcu_to_lmac
+mcu_tx_driver
+med_heap_add_block
+med_malloc
+ (MemFault)
+ (MemFault during floating-point lazy state preservation)
+ (MemFault on stacking for exception entry)
+ (MemFault on unstacking for a return from exception)
+METAL_ID: %d
+:M"F)FC 7
+%M"F)FC 8
+(`+M)h
+(`.M)h
+,M,I+h	hd
+Mismatch inst in chan=0x%02x and dst periph %d
+Mismatch inst in chan=0x%02x and src periph %d
+`MJNHNI
+MMFAR=%08X, BFAR =%08X
+ (MMFAR valid)
+(M(N)O
+?M@N+x@L
+../../mod_platform/int/wifi_patch.c
+ (Monitor)
+MSP   =%08X, PSP   =%08X
+MSPLIM=%08X, PSPLIM=%08X
+multi_heap_malloc_impl
+multi_heap_register_impl
+mymemcpy NULL pointer ....
+name=%s
+next > (intptr_t)block
+Next List
+NHOKOI
+nJnIC 
+`NJOHOL
++N+M3h+H
+ (NMI)
+ (No coprocessor UsageFault)
+ (NoException)
+ (None)
+non udp ping/pong, wake up host.
+no previous block
+Notice, chip has not calibration,there is no calb value
+Notice:The 2.4g power have calib finish, refusing calib again
+Notice:The 2g power have not finish, Please calib power first!
+Notice:The 5g power have calib finish, refusing calib again
+Notice:The 5g power have not finish, Please calib power first!
+Notice:The freq have calib finish, refusing calib again
+Notice, there is no table select
+not support power calibration save
+Not support save calib data into flash or efuse
+NV_SEC
+ODIEJEK
+oFM"!F;F
+`OI2FB 
+OK_BES_RF=================>BDR_POWER= 0x%04x
+OK_BES_RF=================>CLK_FREQ= 0x%04x
+OK_BES_RF=================>EDR_POWER= 0x%04x
+OK_BES_RF:enter dpd debug
+OK_BES_RF:enter fw sleep success
+OK_BES_RF:enter fw wakeup success
+OK_BES_RF:enter the rx mode success
+OK_BES_RF:enter the tx mode success
+OK_BES_RF:From wifi switch to bt mode
+OK_BES_RF:reset wifi success !
+OK_BES_RF:RF_TX_CONTINUE_MODE
+OK_BES_RF: SAVE power calib flags success
+OK_BES_RF:save power success
+OK_BES_RF:success:enter stop tx cnt mode success
+OK_BES_RF:success:enter the 11b tx cnt mode success
+OK_BES_RF:success:enter the 11g tx cnt mode success
+OK_BES_RF:success:enter the 11n tx cnt mode success
+OK_BES_RF:success:enter the tx dc tone mode success
+OK_BES_RF:success:enter the tx tone mode success
+oKbhoI
+O(#kC0h
+&O&M;h
+Oneshot
+original 0x8C val=0x%x
+osRtxErrorNotify
+osRtxErrorNotify, code: %08x object is %p, magicWord:0x%08x|0x%08x
+osRtxIdleThread
+osTimerDelete failed, %s,%d
+osTimerStart failed, %s,%d
+osTimerStop failed, %s,%d
+OutItem[%d]=0x%08x t.%u
+OwOxLxN
+p@``1F
+p3p*FO
+PAC_FiqHandler, AckFail, queue: %d
+ PAC_Fiq  PAC_NTD_STATUS__RESP_RX_STORED 
+PAC_ProcessEbmIntContenAckFail()
+pa`"p#v
+PAS_GetEbmTxRequests(), pTxRequest->Flags: 0x%08x, pTxRequest->RateIndex: %d,TxBaAgreementNum=%d
+PAS_GetEbmTxRequests(), SeqQueueIdleStatus: 0x%04x, sPasGlobal.AggrTxInProgress: %d
+PAS_GetEbmTxRequests(), TxBaAgreementNum].State=%d,BATxTidMask=0x%x 
+PAS_SetTsfTimerOnStamp, %d, TSF=0x%08x
+patch_config_dig_gain_table,index: %d, gain: %d,MaxPwrForChan: %d
+patch_HI_DefaultMsgHandler(): (Id=0x%x, Len=%d)
+patch_HI_Set_Coex_Params, hw_epta_enable:0x%x, new_run_flag:0x%x, gEptaBypass: %d
+patch_LMAC_Req_PS_PowerMgmtMode() - Mode %x, PowerBusyEvents:0x%08x
+patch_LMAC_Req_SYN_SetBssParams(), 0x%08x,0x%08x
+patch_LMAC_Req_SYN_SetBssParams(), 0x%08x,0x%08x,0x%08x
+patch_LMC_AddInterfaceToChannel. ChanNum:%d, iner:%d
+patch_LPO_calib_IRQHandler,  CalibCountSaved=%d, CalibCounterRegStartVal=%d
+ patch_PHY_RF_TX_TurnOffAuxAdc
+&&& patch_PS_BeaconWindowTimerHandler(),BeaconLostCount=%d, rom_OS_Time=%u tsf:%u
+@@@@ patch: switchchannel gPhyTemData.iChnlID: %d, eRadioBand_cfg: %d,current_band: %d 
+patch test mode, run_test_cmd= %d ,band= %d!
+patch_TX_Generate_Backoff_Slots retry timeout. val0x%x
+@@@@ patch: wifi_low_power_cfg_qfn_1p3v band:%d
+@@@@ patch: wifi_low_power_cfg_qfn_1p8v band:%d
+ path_PHY_RF_TX_TurnOnAuxAdc
+p@B 6I
+p@B [I
+pbxBp2x
+PC =%08X
+pc=0x%08x
+PC/L9H:O
+pcS`pG
+Periodic
+ pG	 pG
+ pGY(O
+p;hb|Yx
+P HD*K
+PhK`pG
+PHQJQI
+"pK F)F
+PK]JXIA 
+PLAYER
+pLpKqJqHrI
+pm state %d -> %d
+PMU_IRQ_UNIFIED must defined to use PMU GPIO IRQ
+pmu_read_temperature
+pmu_temperature_adc2temp_calib
+Possible Backtrace:
+power_calib_finish
+power_compensate_by_temperature_2002
+power_debug
+ (Precise data bus error)
+PRIMASK   =%02X, FAULTMASK   =%02X, BASEPRI   =%02X, CONTROL   =%02X
+priority of fast timer should be equal to sido.
+%p %x,%x,%x cnt=%u %u %u T.%u
+Q69!D@
+q_b[%d]=%p(seq.%d if.%d id.0x%x t.%u h_t.%u)p_id=%x .%d
+#QF@F"
+#QF@F*
+QFPF<p
+~"~:~Q~h~~~
+Qkkbal
+    R0 =0x%08X R1=0x%08X R2=0x%08X R3  =0x%08X
+R12=%08X, SP =%08X, LR =%08X
+    R12=0x%08X LR=0x%08X PC=0x%08X XPSR=0x%08X
+R%-2d=%08X, R%-2d=%08X, R%-2d=%08X, R%-2d=%08X
+ramrun_test_main
+RaNHD3h
+R%d=0x%08x
+#####read freq calib value = 0x%04x
+read reg 0xF8 val=%x
+Ready List
+reboot
+receive a tcp ack
+recover_wifi_cali_result
+recv a normal tcp pkt1
+recv a normal tcp pkt2
+recv a tcp klv ack,rcv_time:%u ackno:%u seq:%u
+recv a udp ping
+recv pong, time %u.
+REG:AFSR = 0x%08x
+REG:AIRCR = 0x%08x
+REG:BFAR = 0x%08x
+REG:BT_CURRENTRXDESCPTR: 0x%x
+REG:CCR = 0x%08x
+REG:CFSR = 0x%08x
+REG:[fp] = 0x%08x
+REG:HFSR = 0x%08x
+REG:ICSR = 0x%08x
+REG:[ip] = 0x%08x
+REG:IP_ERRORTYPESTAT: 0x%x
+register enable: (addr)0x%08x = 0x%08x
+REG:[LR] = 0x%08x
+REG:MMFAR = 0x%08x
+REG:MSP = 0x%08x
+REG:PSP = 0x%08x
+REG:[R0] = 0x%08x
+REG:[R1] = 0x%08x
+REG:[R2] = 0x%08x
+REG:[R3] = 0x%08x
+REG:[R4] = 0x%08x
+REG:[R5] = 0x%08x
+REG:[R6] = 0x%08x
+REG:[R7] = 0x%08x
+REG:[R8] = 0x%08x
+reg_reset:
+REG:SCR = 0x%08x
+REG:SHCSR = 0x%08x
+REG:[sl] = 0x%08x
+REG:[SP,#0] = 0x%08x
+REG:SP = 0x%08x
+REG:[SP,#12] = 0x%08x
+REG:[SP,#16] = 0x%08x
+REG:[SP,#20] = 0x%08x
+REG:[SP,#24] = 0x%08x
+REG:[SP,#28] = 0x%08x
+REG:[SP,#32] = 0x%08x
+REG:[SP,#36] = 0x%08x
+REG:[SP,#40] = 0x%08x
+REG:[SP,#4] = 0x%08x
+REG:[SP,#44] = 0x%08x
+REG:[SP,#48] = 0x%08x
+REG:[SP,#52] = 0x%08x
+REG:[SP,#56] = 0x%08x
+REG:[SP,#60] = 0x%08x
+REG:[SP,#64] = 0x%08x
+REG:[SP,#8] = 0x%08x
+reg=%x,v=%x
+release hci_uart_tx_sema
+rELFOFN
+reset bt_tx_wait_sem fail,%d
+-->reset cca state machine
+reset hci_uart_tx_sema fail,%d
+restore_dpd_config
+RESUMED while wifi initializing
+@@@@@@@ retry 1, 0x%x
+@@@@@@@ retry 2
+@@@@@@@ retry 3, 0x%x
+@@@@@@@ retry 4
+-->reuse adma for restransmission %d,(%u,0x%x)(%u,0x%x)
+rf cmd msg: %s
+rf_cmd_nosignaling_test_handler
+rf cmd send failed
+RF_ED_9_6[%d]=0x%x
+rFeID 
+#RF@F!
+#RF@F)
+rf_f8_5_0=0x%x, rf_f8_11_6=0x%x
+RFF BI
+RF[FPFYF
+rF)ID 
+rf_nosignaling_test_start_up
+ rIrLB 
+ROKYIYH
+rp(J)N +}p
+rstore dig reg=0x%x,v=0x%x
+RTX V5.5.1
+Running
+RUNNING
+rx linkkey:
+RX queued info: total=%u tolmac=%u(%u) tomcu=%u
+rx reg_set:
+rx reg_store:
+rx reg=%x,v=%x
+RX/TX-DMA configured on SPI %d
+s0J1IC 
+%s, 0x%x
+%s 0x%x=0x%x , 0x%x=0x%x
+s5J5IC 
+s7I6JC 
+s9J9IC 
+saIbHbO
+sAJAIC 
+save 2g power into flash
+save 5g power into flash
+save_bdr_pwr
+save_edr_pwr
+%s bit_val = %d, bit_offset =%d ch=%d
+sBJCIC 
+scan, band:%u
+%s channel_id:%d ()<
+%s,ch=%d !
+sCJCIC 
+#############%s, %d##############
+%s data type is invalid
+%s %d band(0:2.4;1:5):%d tbl_idx(0:20;1:40):%d
+%s %d, create semaphore fail
+%s %d, create thread fail
+%s,%d %d
+%s,%d %d,%d
+%s,%d %d,%d,%d
+%s %d, err cmd_type
+%s %d, err id
+%s:%d, error: rx length is 0
+%s %d, factory cali flags set err, calibration not complete
+%s %d, factory crc err, use default value
+%s,%d invalid length:%x,%u
+sdio rx data=%u proc=%u xfer=%u tolmac=%u(%u) tomcu=%u
+-->sdio_rx retransmission,%d,0x%x
+-->sdio_rx retransmission done,%d
+sdio_rx_thread
+-->sdio_rx transq_tx err=%d
+sdio_statics:%u,%u
+sdio_tx_adma_configure:%u,%x,%x,%x
+<-- sdio_tx retransmission done
+<--sdio_tx retransmission:%u,%d,%d,%u
+sdio tx:%u,%u toggle wr=%u, rd=%u full=%d
+------sdio wifi device enumeration result:%d
+%s,%d large packet error:%d,%d
+%s,%d len=%x
+%s,%d msg id 0x%04x err
+[%s:%d] multi_confirm invalid cnt:%d
+%s:%d, no rx buf
+%s, %d, not mcu to driver msg
+%s,%d os err=%d
+%s,%d %p,%x
+%s driver cmd:%u 
+%s:%d, rx buf is NULL
+%s:%d, rx buf len %d > %d
+%s:%d, sdio_callback->hal_sdio_device_rxtx_start is NULL
+%s %d, sem not obtained. status = %d
+%s %d, sem release failed,%d
+%s, %d, send error = %d!
+%s,%d status=%d
+%s %d, too long command:%d
+%s,%d total=%u already=%u
+ (SecureFault)
+%s efuse:%d/%d LV=%d, HV=%d, 1000*Slope=%d
+%s efuse:%d/%d LV=%d, HV=%d, Slope:%d Intcpt:%d
+%s efuse/val:0x%02x/0x%04x
+select table b
+%s err cmd_type:0x%x
+%s: error size,0x%x,0x%x,0x%x
+Set 2g calib flags
+Set 5g calib flags
+set_baud_rate
+Set bdr calib value =%x
+Set bt freq calib flags 0x%4x
+set_btmac
+set_btoui
+Set edr calib value =%x
+Set freq calib flags 0x%4x
+Set freq calib value =%x
+set_mac
+ set pcm
+set the bt bdr value : %d
+ set vohci
+Set wifi_addr calib flags
+set_woui
+%s exit, %dus
+sF4ID 
+[%s] failed
+%s fatal os err=%d
+SFBFpIC 
+sF"ID 
+[%s] g_block_index=%d begin_addr=%p size=%d
+[%s] g_block_index(%d) >= MED_HEAP_BLOCK_MAX_NUM
+%s: handler already registered: user=%d handler=%p existedUser=%d
+%s: handler cannot be NULL: user=%d
+%s: handler list full: user=%d handler=%p curCnt=%u
+SHCSR=%08X, CFSR =%08X, HFSR =%08X, AFSR =%08X
+%s host time-out
+shutdown
+S?I?JC 
+[%s] index=%d g_block_index=%d. Cannot malloc any RAM
+%s int_type=%x
+s/J0IC 
+&s)J*IC 
+]s>J>IC 
+s	J	IC 
+s J!IC 
+s)J*IC 
+s*J*IC 
+s+J,IC 
+s:J;IC 
+s;J;IC 
+s>J>IC 
+^S&J%IC 
+S.J.IC 
+%s L%d rfpll temperature compensation error: timeout.
+slect table a
+Sleep exit: schedule_evt%x pwr_busy_evt:%x
+Sleep failed, event: 0x%08x pwr_busy:0x%08x 
+sleep_judge flag:%d
+sleep terminate, transq:%d sleep_flag:%d
+Sleep Timer:0x%08x callback:0x%08x
+%s len:%d
+%s Line%d ()<
+%s Line%d ()>
+%s Line%d 0x5b:0x%04x, 0x5c:0x%04x
+%s Line%d abs_centigrade:%d
+%s Line%d band(0:2g,1:5g,2:dual):%d; mode(0:normal, 1:test):%d
+%s Line%d channel_id:%d bw:%d ()<
+%s Line%d ch[%d, %d] 0x11d:0x%x
+%s Line%d ch_id:%d, 0x11d:0x%04x
+%s Line%d error: recover cali data faild.
+%s Line%d g_dc_iq_rst_u32_5g[0][0]:0x%08x, [1][0]:0x%08x
+%s line =%d, get efuse error
+%s Line%d g_rf_sw_io_select:%d
+%s Line%d powerlevel_offset_val_addr:%x, en_addr:%p
+%s Line%d protect dpd table.
+%s Line%d skip wifi cali success.
+%s line:%d sRet:%d
+%s Line%d temperature(%d, %d]
+%s Line%d temperature(%d, %d] 0x11d:0x%x
+%s Line%d WAFER_PACKAGE_2002_SELECT(0:wlcsp; 1:qfn; 3:fanout;):%d
+%s Line%d wifi_Hook_cfg->new_run_flag:0x %08x
+%s Line%d wifi reset
+%s line%d WIFI_RF_SW_IO_SELECT:%d 
+-%s: mem pool size too small: start=%p end=%p reserved_size=%u
+%s module %d
+%s, msg reply failed, line = %d, error = %d!
+SNINJC 
+[%s] no memory: size=%u
+%s on/off:%d level:%d
+%s osEventTimeout
+SP=0x%08x
+%s: patch_2001_en_flag=0x%x relocation_marker=0x%x:  %d
+SPEECH
+SPI cs not opened: %d
+SPIPHY: Bad bits cfg
+SPIPHY: SPI cs bad: %d
+SPI rate too large: %u
+SPI rate too small: %u
+sPJPIC 
+split_if_necessary
+%s powerlevel =0x%4x
+SPSR=0x%08x
+[%s] ptr=%p size=%u free=%u user=%p
+%s, recover wifi cali result
+%s reg_store:
+%s rf_de=0x%x, d0350248=0x%x, d0220c00=0x%x
+sRFIFC 
+%s rf_tpc_table_a = %p, table b = %p
+%s: Set RT irq in hal_uart_dma_recv_mask... to avoid data lost
+%s set voice path g_voice_path =%d
+)ssJ8F
+[%s] start=%p size=%d user=%p
+%s, state:0x%08x
+Stack:
+__stack_chk_fail
+    stack_mem=0x%08X stack_size=%u sp:0x%04x min_stack_free=%u
+ (Stack overflow UsageFault)
+*** stack smashing detected ***: terminated
+Start pmu %s
+start_recv_dma_with_mask
+startup indicate, SizeInpChBuf=%d, num=%d
+st_bes_h5.thread_data_retrans=%p
+%s temperature_25=%d
+STE-P2P
+%s The power value not in range = %04x
+Stopped
+store dig reg=0x%x,v=0x%x
+success:enter the rx mode success
+success:enter the tx mode success
+success:set cmd success
+SUSPEND while wifi initializing
+%s vendor rf cmd:%u 
+%s, volt error. %u
+#sv#z#
+    swap_in_time=%u(ticks)/%u(ms) swap_out_time=%u(ticks)/%u(ms)
+%s, wifi cali result crc error. addr:%p
+switch channel %d
+SWIXJC 
+sysfreq =%d,0x40000078= 0x%08x
+syspool_get_buff
+syspool_init: %p,0x%x
+syspool_original_size
+System pool in shortage! To allocate size %d but free size %d.
+systimer
+T2YF F
+task msg buff:
+task runtime %u(ticks)/%u ms
+TERMINAT
+Terminate List
+test_BG_timerHandler,PowerBusyEvents:0x%08x
+test_mode = %d test_chan= %d
+The channel invalid
+The channel is invald
+The channel is invalid, bit_offset < 0
+The channel is not right,please check again
+The channel number invalid ch = %d
+The table a[0][0] addr =%p, table b[0][0] addr =%p
+ thread=0x%x, prio=%u state=%-9s thread_addr=0x%08X
+--- Thread BAD
+--- Thread  %d 
+    thread_join=0x%08X flags_options=%u wait_flags=%u thread_flags=%u
+Thread List:
+, ThreadMode
+--- Thread name=%s cpu=%%%d min-free-stack=%d
+    thread_next=0x%08X thread_prev=0x%08X delay_next=0x%08X delay_prev=0x%08X
+--- Thread NONE
+thread still runing, now %u(ticks)/%u(ms)
+%T:I:J44
+    Timer current tick %u, Load %u
+    Timer %p Callback: %p
+    Timer: %s
+--- Timers is handleing:%d
+--- Timers Stats:
+    Timer state: %s
+    Timer type %s
+tJuIB 
+"tK F)F
+tlC O H
+tpEC;h+D
+TRACE-%u: Wait memsc timeout
+transq buffer has been dropped,%d
+TRANSQ-%d: Corrupted active tx: active=%d next=%d full=%d
+TRANSQ-%d: Corrupted pri active tx: active=%d next=%d full=%d
+ TRANSQ-%d: Corrupted rx mask: status=0x%08X%08X rx_mask=0x%08X%08X / 0x%08X%08X
+TRANSQ-%d: Corrupted tx mask: status=0x%08X%08Xtx_mask=0x%08X%08X / 0x%08X%08X
+TRANSQ-%d: Tx done IRQ when slot empty or out of order: status==0x%08X%08X next=%d pri_next=%d
+transq:%d, tx_handler%p, rx_mask:0x%08X%08X0x%08X%08X, tx_mask0x%08X%08X0x%08X%08X
+TRANSQ-%d: Tx on active slot: 0x%08x 0x%08x
+TRANSQ LDONE_INTMASK:%08x %08x LDONE_RIS:%08x %08x
+TRANSQ RMT_INTMASK:%08x %08x RMT_RIS:%08x %08x
+ts_C#h
+TSF ProbeResponder = FALSE 
+TS J IC 
+T>UUUUUU
+TWSAPP
+TX ctrl_event,cur=%d(%d)
+tx_delay_cap:%d
+TX-DMA configured on SPI %d
+tx_idle_timer_handler
+tx length invalid:%d
+tx linkkey:
+TX notify_event,cur=%d(%d)
+tx_pulling_rf_dig_set
+TX queued,cur=%d(%d)
+uart_mutex
+ (Unaligned access UsageFault)
+ (Undefined instruction UsageFault)
+unexpected status:%d
+unknown cmd!
+unsupport cmd:%d
+unsupported message type:%d
+UNUO3xUL
+ (UsageFault)
+usbphy open fail
+use time: %d ms
+v3fJgIE 
+v3hJhIC 
+V!8F}J"
+vbat:reg 0x%x, vbat %d
+\V"FAF
+v##J#IC 
+V?LUUUUU
+VOICE_COMPRESS
+V"pc` Fp
+WAIT_DLY
+WAIT_EVE
+WAIT_FLAG
+WAIT_JOIN
+Wait List
+WAIT_MEM
+WAIT_MGET
+WAIT_MPUT
+WAIT_MUT
+WAIT_SEM
+wait wifi tx/rx idle ...
+wakeup ap config:%x
+wakeup host,reason=%d
+wakeup_lock_timer_init
+wakeup_timer_handler. gpio:%u
+warning clear bitfield unknown evt_type:%d
+warning: frame timeout, drop it
+warning! invalid linkid:%d handle:0x%04x
+warning! TX hander should be always active
+warning! unknown status:%d
+WIFI_ADDR= %02x:%02x:%02x
+wifi_addr calib flags: %d
+wifi_agc_config
+wifi_auto_gate,0x90000038 = 0x00000001
+wifi_auto_gate,0x9000003c = 0x000000D0
+wifi_auto_gate,0x90000040 = 0x00000000
+wifi_auto_gate,0x90000048 = 0x00000000
+wifi_auto_gate,0x9000004c = 0x00000000
+wifi_auto_gate,0x90000050 = 0x00000000
+wifi_auto_gate,0x900000e4 = 0x00200420
+wifi_auto_gate,0x9000016c = 0x00000000
+wifi_bes2600_cmd_test
+wifi channel info. ch:%u, type:%u
+wifi config calib from efuse
+wifi_config_cali_from_linux
+wifi cpu freq -> 32K
+wifi_deinit
+wifi_dpd_boot_low_power_en
+wifi_driver_mcu_msg_seq_fill
+wifi_driver_rf_cmd_test
+wifidrv_rf_init.... 
+wifi_fw
+wifi_get_rx_data
+wifi_init
+wifi_iomux_cfg_switch
+wifi is down. skip sdio send
+wifi is off, skip coex send:0x%x(0x%x)
+WIFI --> OFF
+WIFI --> ON
+-->wifi_pm_multicast_handler
+wifi_recover_cali_data
+wifi_rf_cmd_confirm
+wifi_rf_msg_rep
+wifi_rfpll_temperature_compensation
+wifi_rf_set_tpc_table
+wifi_rf_switch_band(0:2g 1:5g),old: %d, new: %d
+wifi rx detect switch off
+wifi_sdio_init
+wifi sdio init failed
+wifi_sdio_send
+wifi_sdio_send_mutexed
+wifi_send
+wifi_send_mutex_acquire
+wifi_send_mutex_release
+wifi_stop
+wifi_switch_freq, freq:  %d
+wifi_switch_freq, write cali_channel: %d, channel: %d
+wifi_test_cmd
+wifi_test patch start=0x%08x, __wifi_patch_code_end=0x%08x
+wifi_test patch! wifi_sysHook->system_init=%p, patch_offset=%d
+wifi_transq_init
+wifi tx detect switch off
+wifi tx wakeup ap %u
+wifi_vendor_rf_cmd_select
+WJXIC 
+wlan_ap_suspend
+wlan_ap_wakeup_cfg
+wlan:%d, bt:%d, hw_epta_enable:0x%x
+wlan_sdio_wakeup_ap
+work on 2g
+work on 5g
+WORK on the 2g mode,please switch channel to 5G
+WORK on the 5g mode,please switch channel to 2G
+write 0x%08x=0x%08x done .(check 0x%04x)
+write 0x%08x=0x%08x done .(check 0x%08x) 
+########write  default freq calib value =0x%04x
+########write freq calib value =0x%04x
+write reg 0x8C val=%x
+write reg 0xB8 val=%x
+write reg 0xBD val=%x
+write reg 0xBE val=%x
+write reg 0xC4 val=%x
+write reg 0x%x[11:6] val=%x
+write reg 0x%x[5:0] val=%x
+wrong udp length!
+x6x*x8x
+Xa^b#h
+xB *FbI
+xB *F(I
+XBXApG
+`]xh#kC
+"x	IB 
+XJZIE 
+XPSR=%08X
+Y@1@K@a
+#y5Day	
+%yB *F=I
+yF7K@"
+YF8FdK
+yF9K@"
+YF F[K
+yF!K@"
+yF'K@"
+yF.K@"
+"YK F)F
+y@Y@A@
+z2x/IC 
+z33J4IC 
+z=7=7===N=P=P===R=T=T===V=X=X
+Zc#J#IC 
+zCzCzCCC[C[C[CCC]C]C]CCC_C_C_CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCaCaCaCCCcCcCcCeCeCCCeCCCgCgCgCCCiCiCiCCClClClCCCCoCoCoCCCrCrCrCCCuCCCu
+ZFd!PF"
+ZF)IB 
+zF'M@#
+zF+M@#
+zF]N@#
+"Z`[FZFO
+zFZM*`
+ZhC KFGIOD
+"z:IB 
+=@zj?@L~@@\GA@l
diff --git a/fw-analysis/best2002_fw_sdio_btrf.strings.fnnames.txt b/fw-analysis/best2002_fw_sdio_btrf.strings.fnnames.txt
new file mode 100644
index 000000000..9b62fd94f
--- /dev/null
+++ b/fw-analysis/best2002_fw_sdio_btrf.strings.fnnames.txt
@@ -0,0 +1,64 @@
+btdrv_bridge_send_data
+btdrv_bt_modem_config
+btdrv_clear_spi_trig_pos_enable
+btdrv_config_init
+btdrv_delay_cap_calib
+btdrv_function_patch_init_common
+bt_drv_reg_op_ble_rx_gain_thr_tbl_set
+bt_drv_reg_op_bt_master_sleep_enable
+btdrv_reg_op_config_coex_mode
+bt_drv_reg_op_le_pwr_ctrl_feats_disable
+bt_drv_reg_op_set_inquiry_scan_activity
+btdrv_txpower_calib
+bthci_lpm_thread
+bthci_set_afh_host_channel_classification
+bthci_uart_io_close
+bthci_uart_io_init
+bt_iqimb_dma_enable
+bt_tx_pulling_write
+bt_wifi_coex_thread
+close_usb_test
+data_retransfer_thread
+em_ble_rxclknsync1_clknrxsync1_getf
+em_bt_rxclkn1_getf
+em_bt_rx_hwagc_hwagc_idx_getf
+factory_get_calib_data_from_efuse
+factory_get_power_from_efuse
+factory_get_section_from_efuse
+factory_powerlevel_convert_to_index
+factory_set_calib_data_to_efuse
+factory_set_power_into_efuse
+filter_list_mutex
+h5_thread_tx_mutex
+hal_gpadc_adc2volt_calib
+hal_pm_notif_register
+hal_trace_crash_dump_register
+hal_uart_irq_set_mask
+hci_bt_state_set
+hci_open
+hci_send_to_btc_thread
+hci_send_to_host_thread
+hci_uart_send_to_host
+ld_inq_rx_patch
+list_append
+list_begin
+list_end
+list_free_node_
+list_front
+list_length
+list_next
+list_remove
+lld_adv_end_ind_handler_patch
+lld_con_rx_patch
+malloc_list
+malloc_list_node
+med_heap_add_block
+med_malloc
+multi_heap_register_impl
+ramrun_test_main
+start_recv_dma_with_mask
+syspool_get_buff
+syspool_original_size
+tx_pulling_rf_dig_set
+uart_mutex
+wlan_sdio_wakeup_ap
diff --git a/fw-analysis/best2002_fw_sdio_btrf.strings.txt b/fw-analysis/best2002_fw_sdio_btrf.strings.txt
new file mode 100644
index 000000000..056d0d660
--- /dev/null
+++ b/fw-analysis/best2002_fw_sdio_btrf.strings.txt
@@ -0,0 +1,811 @@
+------
+=========================
+($lIB 
+`$nIB 
+$yB "F:I
+$yB "FkI
+`+`#`0
+0F9FBF#F
+0F)F"F
+0.H.I#
+0x%04x=0x%04x
+0x%08x=0x%08x
+0x400000a0: 0x%x, a4:0x%x
+0xd0220c00:%x
+0xD0330020:%x
+0xd0330050: 0x%x, 54:0x%x
+0xd0340020:%x
+0xD0350218:%x
+0xd0350248:%x
+#1F(F"
+1F*F)H
+}1}N}k}
+1YbZvYjA
+2.4g powerlevel indx= %d
+2FB ,I
+2"F!F@
+2F;F0F9F
+2G 11N power[%d]=0x%4x
+2g calib flags: %d
+(2#|hI
+"2K F)F
+35J#t5H6M
+3{Cq3FS
+3F*F9F8F
+3F:FQFHF
+|3|U|v|
+3yMDqy
+40iF8F
+4Jd!/H
+5%behn
+5G 11N power[%d]=0x%4x
+5g calib flags: %d
+5g powerlevel index= %d
+5g powerlevel indx= %d
+`5J5I6H6K
+6 7!H(I):";#
+@"6KZ`
+7I8H8N
+ 7KAF  
+7M8J8H+
+8F1F*F#F
+`8I9L9K:J
+#9F(F"
+`9H:K:J
+acl_par:link id=%d acl_par_ptr 0x%x, clk off 0x%x, bit off 0x%x, last sync clk off 0x%x, last sync bit off 0x%x
+    after last switch 
+ahFB"h
+AI_AMA
+AI_BIXBY
+AI_GMA
+AI_GVA
+AI_VOC
+AJm	H"
+AKKJ[h
+ALAJch
+alloc wakeup_timer fail
+AM+zii
+AOB_SM
+APPMAIN
+APPTHREAD
+, APSR=%c%c%c%c%c
+### ASSERT @ 0x%08X ###
+AUDFLG
+avdtp_signal_handle DIR:%s
+average_value=0x%x and RF_2A1_9_6=0x%x.
+aXdYcXaY`
+aYaYi!
+ba`(0P
+bad channel. freq:%u-%u
+Bad func=%d for IOMUX pin=%d
+Bad GPIO pin %u (should < %u)
+BDR calib data: 0x%x
+ (BFAR valid)
+B "F|I
+`#`BHCLCJ
+ @bh F
+bit pos : %d
+BLEAPP
+BLEPRF
+BT_ADAPTOR
+BT_ALLOW_SLEEP
+bt bdr_pwr flag : %d
+BTC:2002 work mode patch version:%08x
+BT calib flags: %d
+bt config calib from efuse
+BT controller BusFault_Handler:
+BT crash dump complete!
+bt div cali invalid, use default value
+btdrv_bridge_send_data
+btdrv_bt_modem_config
+btdrv_calib_bt has been executed
+btdrv_clear_spi_trig_pos_enable
+bt_drv_config_coex_mode %d
+btdrv_config_init
+btdrv_delay_cap_calib
+btdrv_function_patch_init_common
+bt_drv_reg_op_ble_rx_gain_thr_tbl_set
+bt_drv_reg_op_bt_master_sleep_enable
+btdrv_reg_op_config_coex_mode
+bt_drv_reg_op_le_pwr_ctrl_feats_disable
+bt_drv_reg_op_set_inquiry_scan_activity
+btdrv_rx
+btdrv_SendData
+btdrv_start_bt has been executed
+btdrv_txpower_calib
+#BT_DRV:vendor syncword invalid
+BT_ENTER_SLEEP
+bt factory crc error, use default value
+bt freq cali flags set err, calibration not complete
+bthci_lpm_thread
+bthci_set_afh_host_channel_classification
+bthci_uart_io_close
+bthci_uart_io_init
+bt_IQ_DC_Mismatch_Correction_Release
+bt_iqimb_dma_enable
+bt powerlevel cali invalid, use default value
+#####bt read freq calib value = 0x%04x
+BT_REG_OP:BT 2002: metal id=%d,patch version=%08x
+btrf cmd: bt_bdr_rx_signal
+btrf cmd: bt_bdr_tx_signal
+btrf cmd: bt_ble_nosignal_start
+btrf cmd: bt_ble_nosignal_stop
+btrf cmd: bt_edr_rx_signal
+btrf cmd: bt_edr_tx_signal
+btrf cmd: bt_enter_signal_mode
+btrf cmd: bt_get_bdr_power_cali
+btrf cmd: bt_get_edr_power_cali
+btrf cmd: bt_get_factory_from_efuse
+btrf cmd: bt_hci_reset
+btrf cmd: bt_le_receiver_test
+btrf cmd: bt_le_test_end
+btrf cmd: bt_le_transmitter_test
+btrf cmd: bt_read_reg
+btrf cmd: bt_save_bdr_power
+btrf cmd: bt_save_edr_power
+btrf cmd: bt_save_factory_to_efuse
+btrf cmd: bt_scan
+btrf cmd: bt_set_bdr_power
+btrf cmd: bt_set_edr_power
+btrf cmd: bt_set_power_cali_flag
+btrf cmd: bt_stop_rx_signal
+btrf cmd: bt_write_reg
+btrf raw data:
+btrf reg addr:%04x val:%04x
+bt_rx data too long: bt_rx_len=%d, len=%d, limit=%d
+bt_tx_pulling_write
+bt_wake_ap finish pin_val:%d
+bt_wake_ap start pin_val:%d
+BT_WAKEUP_HOST
+bt wakeup host done
+BT_WAKEUP_HOST SLEEP_STATE %d
+bt_wifi_coex_thread
+########bt write freq calib value =0x%04x
+ (BusFault)
+ (BusFault during floating-point lazy state preservation)
+ (BusFault on stacking for exception entry)
+ (BusFault on unstacking for a return from exception)
+%c %08X: %08X
+calib_val:%d
+cC 4J4I
+C#D^`#`
+CEWNIDV-
+CF*cc'c
+c]I]M^O
+`CKDLDJ
+close_usb_test
+co_mod
+CPU freq: %u
+CPU USAGE: busy=%d light=%d sys_deep=%d chip_deep=%d
+#Cq#FS
+create btc thread fail
+create bthci_lpm_thread fail
+create bt_intersys_rx_wait_sem fail
+create bt_tx_wait_sem fail
+create bt_wifi_coex_thread fail
+create host thread fail
+create rx_from_host_wait_sem fail
+Current List
+<!cx<+
+%,CYMO
+cy"yB 
+cYYYYYeYYYYYaaYYYYYYYYYYYYYYYYYYYYYcYcYcYYYeYeYeYYYaYaYaYYYcYcYcYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYeYeYeYYYaYaYaYYYcYcYcYYYeYeYeYYYaYaYaYYYcYcYcYYYYeYeYeYYYaYaYaYYYcYcYc
+d!2F*H
+ (Data access violation)
+data_retransfer_thread
+ (Data Watchpoint Match)
+DebugEvent   :
+Dec 27 2023 11:56:42 8125e20be:best2002_fw
+Delay List
+DFSR =%08X
+ (Divide by zero UsageFault)
+DMA chan not enabled: inst=%u hwch=%u
+DMA not configured on UART %d
+DMA not supported on UART %d
+ +D#`p
+dQk!@Qc
+DRVANA
+DRVCODEC
+DRVFLS
+DRVSEC
+DRVUSB
+[%d]txpll capbank not done,and 0xED=0x%x
+Dump the 2g power value  
+Dump the 5g power value  
+Dump the calib flags value
+Dump the wifi addr value  
+EDR calib data: 0x%x
+efuse/val:0x%02x/0x%04x
+eKeJfM
+em_ble_rxclknsync1_clknrxsync1_getf
+em_bt_rxclkn1_getf
+em_bt_rx_hwagc_hwagc_idx_getf
+enqueue channel freq config fail
+enqueue coex event:%d fail
+enqueue lpm event:%d fail
+enqueue sleep config fail
+------ Enter %s ------
+, EPSR=%08X, IPSR=%03X
+ERROR Connect Handle=0x%x ca=%p
+error: dma_error:%d
+Error, frame len:%u
+Error, frame len:%u, rx qlen:%u
+error, read battery timeout0
+error, read battery timeout1
+error: uart irq error. status:0x%x
+(Escalation HardFault)
+esco linkid :%d
+EvrRtxThreadError, thread name:%s, status:%d
+### EXCEPTION ###
+, ExceptionNumber=D'%d
+, EXC_RETURN=%08X
+------ Exit %s ------
+*# #@F
+`# # F
+F0F9F8
+F0F9Fc
+F0F9F"F+F
+F0F9FS
+F0F"F9F+F
+;"F1FC %
+:F1F F
+*F1FPF
+#)F1H	
+&#F2FC
+F2F;F0F9F
+F2F;FQ
+F2FPF;FYF
+!F3F*F
+F3F]`i`
+{F3`u`@#
+"F4D3FD 
+!F8F&p
+)F8F.p
+ F9F2F
+:F9F(`8F
+ F9FBF
+?*F+`9F#hC 
+factory_get_calib_data_from_efuse
+factory_get_power_from_efuse
+factory_get_section_from_efuse
+factory_powerlevel_convert_to_index
+factory_set_calib_data_to_efuse
+factory_set_power_into_efuse
+"FAF(F
+Failed to get DMA channel
+Failed to get dst periph: %d
+Failed to get src periph: %d
+Failed to open intersys
+Failed to open pmu
+FaultCause   :
+FaultInfo    :
+FBFKFPFYF
+FBFKFQ
+"FB HI
+"FB ?I
+#FbJcIC 
+"FB LI
+FCF F1F
+#:FcH1
+#FC #J%I
+FdK0F9F
+FEKEMB 
+!*F F	
+#:F(F!
+,"F+F(
+*F!F0F
+"F+F0F9F
+(F!F2F
+F F2F)F;F
+*F!F2H
+)F F;F
+ F)F:F3F
+F F)FD
+"F+F F)F
+F+F F)F
+F[F F)F
+F+F@FIF
+F"F+FQ
+F F)FS
+*F!F?H
+&)F F+p
+F[FPFYF
+{F#`g`@#
+#:F_H)
+f#h"FE
+*F!i0D
+"F}IB 
+FIF@F#`
+*FIIIH
+filter list full
+filter_list_mutex
+filter opcode:%04x evt
+FINAL %d,best_g=%d,best_p=%d,e=%d,energy_min=%d
+FINAL DC best_i=%d,best_q=%d,e=%d,energy_min=%d
+F,J,IB 
+FmJ#FC mI
+{F M+`o`@#
+{F+`n`@#
+F-Nui(F
+FPF2FYF;F
+FPFBFYFKF
+FPF"FYF+F
+FPFYF2F;F
+FPFYFC
+"FQFB 
+*FQFB 
+;"FQFC %
+    frame:0x%08X
+freq calib flag : %d
+freq calib flags: %d
+freq calib value: %d
+freq cali data invalid 0x%04x, use default value
+FRF[F0F9F
+FRF[FQ
+[Func %d io %d] is unsupported by pin_func_map. Check it or use reg assignment like iomux_set_uart0.
+ (Function %d matched)
+f?>UUUUU
+#:FXF!
+FyhY`9h!
+:@:F<@Z
+fZf]f\f
+!)@:F,@zj/@\G1@|
+Get the 2.4g power index
+Get the 5g power index
+g F)F2F;F
+(#gIC 
+"gKZ`O
+ GL@MH
+`gpsjAF
+h0 Fah
+h5 free list null
+h5_thread_tx_mutex
+hal_audma_get_chan failed.
+hal_gpadc_adc2volt_calib
+hal_pm_notif_register
+ (Halted)
+hal_trace_crash_dump_register
+hal_uart_irq_set_mask
+    Handling Timer callback %p
+ (HardFault)
+h+`chC
+hci_bt_state_set
+HCI LE Read Number of Support Advertising
+HCI LE Set Advertising Data len:%u
+HCI LE Set Scan Response Data:%u
+hci_open
+HCI_REC:accept AVDTP_CLOSE
+HCI_REC:accept AVDTP_OPEN
+HCI_REC:accept AVDTP_START
+HCI_REC:accept AVDTP_SUSPEND
+HCI_REC:acl connected handler:%04x
+HCI_REC:acl connect fail status:%02x type:%d
+HCI_REC:acl disconnected handler:%04x %02x
+HCI_REC:AVDTP_CLOSE
+HCI_REC:AVDTP_OPEN
+HCI_REC:AVDTP_START
+HCI_REC:AVDTP_SUSPEND
+HCI_REC:create_acl_conn:
+HCI_REC:DIR:H2C L2C_CONN_RSP avdtp_media %04x:%04x res:%d
+HCI_REC:DIR:H2C L2C_CONN_RSP avdtp_sig %04x:%04x res:%d
+HCI_REC:DIR:%s L2C_CONN_REQ avdtp_media scid:%04x
+HCI_REC:DIR:%s L2C_CONN_REQ avdtp_signal scid:%04x
+HCI_REC:dis_acl_conn:
+HCI_REC: disc other conn_handle:%04x
+HCI_REC:HCI_EV_INQUIRY_COMPLETE:%02x
+HCI_REC:HCI_INQUIRY:
+HCI_REC:HCI_INQUIRY_CANCEL
+HCI_REC:HCI_RESET
+HCI_REC:L2CAP_SIG_DISCONN_RSP scid:%04x dcid:%04x
+HCI_REC:le_conn_complete:%d
+HCI_REC:le disconnected handler:%04x
+HCI_REC:LE_SET_ADV_EN:%d
+HCI_REC:LE_SET_EXT_SCAN_EN:%d
+HCI_REC:linkkey notify
+HCI_REC:linkkey req
+HCI_REC:linkkey_req neg reply
+HCI_REC:linkkey req reply:
+HCI_REC:MODE_CHANGE:%d
+HCI_REC:reject avdtp start
+HCI_REC:reject signal id:%d
+HCI_REC:remote_conn_req link_type:%d
+HCI_REC:sco connected handler:%02x
+HCI_REC:sco connect fail status:%02x
+HCI_REC:sco disconnected handler:%04x
+HCI_REC:write_scan_enable:0x%x
+hci_send_to_btc_thread
+hci_send_to_host_thread
+hci_uart_send_to_host
+hci_uart_send_to_host release failed,%d
+HCI_VENDOR_PKT len too long:%d
+Heap corrupt: %p
+#h`:F9F
+h=I:FB 
+hJd!XH
+HOST_WAKEUP_BT
+HWTIMER-ALLOC: Invalid state: %d
+HWTIMER collapsed: irq occurred too early
+HWTIMER collapsed: irq when active is null
+HWTIMER irq occurred early: old active timer might be deleted? %u
+HWTIMER irq when active is null: might be deleted? %u
+HWTIMER-START collapsed: cur=%u active=%u
+HWTIMER-STOP collapsed: active timer 0x%08x not in list 0x%08x
+HWTIMER-STOP collapsed: cur=%u active=%u
+HWTIMER-STOP collapsed: elapsed=%u active=%u
+HWTIMER-STOP collapsed: fired timer 0x%08x not in list 0x%08x
+Hz&F)F
+IBRTAPP
+ICSR =%08X, AIRCR=%08X, SCR  =%08X, CCR  =%08X
+IdleTask: Failed to alloc sleep timer
+IdleTask: Failed to register crash dump callback
+I+FC "F
+%I"F+F
+'I'M(H
+Inactive
+INACTIVE
+init wakeup gpio:%x
+input powerlevel is invalid
+ (Instruction access violation)
+ (Instruction bus error)
+INTERSYS-OPEN: rx_flowctrl=%d (should be %d)
+INTERSYS-RX: Handler missing
+INTERSYS-RX: Invalid msg type: %d
+INTERSYS-TX: Invalid msg type: %d
+Invalid AUDMA chan: %u
+Invalid baud param: %d
+Invalid data bits param: %d
+Invalid DMA inst: %u
+Invalid DMA periph: %d
+Invalid DMA policy: %d
+Invalid flow control param: %d
+invalid hci_type:%x
+Invalid packet type:%02x. queue len:%d
+Invalid parity param: %d
+ (Invalid PC load by EXC_RETURN UsageFault)
+Invalid SPI RX bits: %d
+Invalid SPI RX FRAME bits: %d
+Invalid SPI TX bits: %d
+ (Invalid state UsageFault)
+Invalid stop bits param: %d
+Invalid UART ID: %d
+Invalid, use default value.
+irq: gpio %d, val %d
+!is_first_block(heap, block)
+!is_last_block(block)
+ISPI: Bad bits cfg
+ISPI: SPI cs bad: %d
+IUUUUU
+=J+FE 
+jhZ`8Fbj
+ JI2F;F
+#)J*IC 
+J! Sh#
+}KB }J~I
+ KcpG'(
+ K FYi
+K]h,C\`8
+	K\i F
+ K`pG'(
+`&K"tS
+KXh@BpG
+ld_inq_rx_patch
+l:%d m:%d h:%d
+list_append
+list_begin
+list_end
+list_free_node_
+list_front
+list_length
+list_next
+list_remove
+%"L#KT
+lld_adv_end_ind_handler_patch
+lld_con_rx_patch
+LLMJ0F
+"lLmK!h
+lmp buff:
+lp clk: %d
+mac addr flags: %d
+malloc ini
+malloc_list
+malloc_list_node
+malloc ok
+med_heap_add_block
+med_malloc
+ (MemFault)
+ (MemFault during floating-point lazy state preservation)
+ (MemFault on stacking for exception entry)
+ (MemFault on unstacking for a return from exception)
+METAL_ID: %d
+:M"F)FC 7
+%M"F)FC 8
+`MJNHNI
+MMFAR=%08X, BFAR =%08X
+ (MMFAR valid)
+";M<O<I
+ (Monitor)
+MSP   =%08X, PSP   =%08X
+MSPLIM=%08X, PSPLIM=%08X
+multi_heap_register_impl
+name=%s
+next > (intptr_t)block
+Next List
+`NJOHOL
+ (NMI)
+ (No coprocessor UsageFault)
+ (NoException)
+ (None)
+no previous block
+Notice:The 2.4g power have calib finish, refusing calib again
+Notice:The 2g power have not finish, Please calib power first!
+Notice:The 5g power have calib finish, refusing calib again
+Notice:The 5g power have not finish, Please calib power first!
+Notice:The freq have calib finish, refusing calib again
+NV_SEC
+oFM"!F;F
+`OI2FB 
+OK_BES_RF=================>BDR_POWER= 0x%04x
+OK_BES_RF=================>CLK_FREQ= 0x%04x
+OK_BES_RF=================>EDR_POWER= 0x%04x
+oKbhoI
+Oneshot
+original 0x8C val=0x%x
+osRtxErrorNotify, code: %08x object is %p, magicWord:0x%08x|0x%08x
+p@``1F
+p3p*FO
+pa`"p#v
+p@B 6I
+p@B [I
+pbxBp2x
+PC =%08X
+PC/L9H:O
+pcS`pG
+Periodic
+ pG	 pG
+ pGY(O
+PHQJQI
+"pK F)F
+PLAYER
+Possible Backtrace:
+ (Precise data bus error)
+PRIMASK   =%02X, FAULTMASK   =%02X, BASEPRI   =%02X, CONTROL   =%02X
+Q69!D@
+#QF@F"
+#QF@F*
+~"~:~Q~h~~~
+Qkkbal
+    R0 =0x%08X R1=0x%08X R2=0x%08X R3  =0x%08X
+R12=%08X, SP =%08X, LR =%08X
+    R12=0x%08X LR=0x%08X PC=0x%08X XPSR=0x%08X
+R%-2d=%08X, R%-2d=%08X, R%-2d=%08X, R%-2d=%08X
+ramrun_test_main
+read reg 0xF8 val=%x
+Ready List
+REG:AFSR = 0x%08x
+REG:AIRCR = 0x%08x
+REG:BFAR = 0x%08x
+REG:BT_CURRENTRXDESCPTR: 0x%x
+REG:CCR = 0x%08x
+REG:CFSR = 0x%08x
+REG:[fp] = 0x%08x
+REG:HFSR = 0x%08x
+REG:ICSR = 0x%08x
+REG:[ip] = 0x%08x
+REG:IP_ERRORTYPESTAT: 0x%x
+REG:[LR] = 0x%08x
+REG:MMFAR = 0x%08x
+REG:MSP = 0x%08x
+REG:PSP = 0x%08x
+REG:[R0] = 0x%08x
+REG:[R1] = 0x%08x
+REG:[R2] = 0x%08x
+REG:[R3] = 0x%08x
+REG:[R4] = 0x%08x
+REG:[R5] = 0x%08x
+REG:[R6] = 0x%08x
+REG:[R7] = 0x%08x
+REG:[R8] = 0x%08x
+reg_reset:
+REG:SCR = 0x%08x
+REG:SHCSR = 0x%08x
+REG:[sl] = 0x%08x
+REG:[SP,#0] = 0x%08x
+REG:SP = 0x%08x
+REG:[SP,#12] = 0x%08x
+REG:[SP,#16] = 0x%08x
+REG:[SP,#20] = 0x%08x
+REG:[SP,#24] = 0x%08x
+REG:[SP,#28] = 0x%08x
+REG:[SP,#32] = 0x%08x
+REG:[SP,#36] = 0x%08x
+REG:[SP,#40] = 0x%08x
+REG:[SP,#4] = 0x%08x
+REG:[SP,#44] = 0x%08x
+REG:[SP,#48] = 0x%08x
+REG:[SP,#52] = 0x%08x
+REG:[SP,#56] = 0x%08x
+REG:[SP,#60] = 0x%08x
+REG:[SP,#64] = 0x%08x
+REG:[SP,#8] = 0x%08x
+reg=%x,v=%x
+release hci_uart_tx_sema
+reset bt_tx_wait_sem fail,%d
+reset hci_uart_tx_sema fail,%d
+RF_ED_9_6[%d]=0x%x
+rFeID 
+#RF@F!
+#RF@F)
+rf_f8_5_0=0x%x, rf_f8_11_6=0x%x
+RFF BI
+RF[FPFYF
+rF)ID 
+ rIrLB 
+ROKYIYH
+rstore dig reg=0x%x,v=0x%x
+RTX V5.5.1
+Running
+RUNNING
+rx linkkey:
+rx reg_set:
+rx reg_store:
+rx reg=%x,v=%x
+RX/TX-DMA configured on SPI %d
+%s 0x%x=0x%x , 0x%x=0x%x
+%s bit_val = %d, bit_offset =%d ch=%d
+%s data type is invalid
+%s,%d os err=%d
+ (SecureFault)
+ %s efuse:%d/%d LV=%d, HV=%d, Slope:%d Intcpt:%d
+%s efuse/val:0x%02x/0x%04x
+%s: error size,0x%x,0x%x,0x%x
+Set 2g calib flags
+Set 5g calib flags
+Set bdr calib value =%x
+Set bt freq calib flags 0x%4x
+Set edr calib value =%x
+Set freq calib flags 0x%4x
+Set freq calib value =%x
+ set pcm
+set the bt bdr value : %d
+ set vohci
+Set wifi_addr calib flags
+%s exit, %dus
+sF4ID 
+[%s] failed
+SFBFpIC 
+sF"ID 
+[%s] g_block_index=%d begin_addr=%p size=%d
+[%s] g_block_index(%d) >= MED_HEAP_BLOCK_MAX_NUM
+%s: handler already registered: user=%d handler=%p existedUser=%d
+%s: handler cannot be NULL: user=%d
+%s: handler list full: user=%d handler=%p curCnt=%u
+SHCSR=%08X, CFSR =%08X, HFSR =%08X, AFSR =%08X
+%s host time-out
+[%s] index=%d g_block_index=%d. Cannot malloc any RAM
+sleep_judge flag:%d
+%s len:%d
+%s line =%d, get efuse error
+%s line:%d sRet:%d
+-%s: mem pool size too small: start=%p end=%p reserved_size=%u
+%s module %d
+[%s] no memory: size=%u
+%s on/off:%d level:%d
+%s osEventTimeout
+SPEECH
+SPIPHY: Bad bits cfg
+SPIPHY: SPI cs bad: %d
+SPI rate too large: %u
+SPI rate too small: %u
+%s powerlevel =0x%4x
+[%s] ptr=%p size=%u free=%u user=%p
+%s reg_store:
+%s rf_de=0x%x, d0350248=0x%x, d0220c00=0x%x
+%s: Set RT irq in hal_uart_dma_recv_mask... to avoid data lost
+%s set voice path g_voice_path =%d
+)ssJ8F
+[%s] start=%p size=%d user=%p
+%s, state:0x%08x
+Stack:
+    stack_mem=0x%08X stack_size=%u sp:0x%04x min_stack_free=%u
+ (Stack overflow UsageFault)
+*** stack smashing detected ***: terminated
+start_recv_dma_with_mask
+st_bes_h5.thread_data_retrans=%p
+%s The power value not in range = %04x
+Stopped
+store dig reg=0x%x,v=0x%x
+    swap_in_time=%u(ticks)/%u(ms) swap_out_time=%u(ticks)/%u(ms)
+syspool_get_buff
+syspool_init: %p,0x%x
+syspool_original_size
+System pool in shortage! To allocate size %d but free size %d.
+systimer
+task msg buff:
+task runtime %u(ticks)/%u ms
+TERMINAT
+Terminate List
+The channel invalid
+The channel is invald
+The channel is invalid, bit_offset < 0
+The channel number invalid ch = %d
+ thread=0x%x, prio=%u state=%-9s thread_addr=0x%08X
+--- Thread BAD
+--- Thread  %d 
+    thread_join=0x%08X flags_options=%u wait_flags=%u thread_flags=%u
+Thread List:
+, ThreadMode
+--- Thread name=%s cpu=%%%d min-free-stack=%d
+    thread_next=0x%08X thread_prev=0x%08X delay_next=0x%08X delay_prev=0x%08X
+--- Thread NONE
+thread still runing, now %u(ticks)/%u(ms)
+%T:I:J44
+    Timer current tick %u, Load %u
+    Timer %p Callback: %p
+    Timer: %s
+--- Timers is handleing:%d
+--- Timers Stats:
+    Timer state: %s
+    Timer type %s
+"tK F)F
+TRACE-%u: Wait memsc timeout
+T>UUUUUU
+TWSAPP
+tx_delay_cap:%d
+TX-DMA configured on SPI %d
+tx length invalid:%d
+tx linkkey:
+tx_pulling_rf_dig_set
+uart_mutex
+ (Unaligned access UsageFault)
+ (Undefined instruction UsageFault)
+unsupport cmd:%d
+unsupported message type:%d
+ (UsageFault)
+usbphy open fail
+use time: %d ms
+V!8F}J
+vbat:reg 0x%x, vbat %d
+V?LUUUUU
+VOICE_COMPRESS
+WAIT_DLY
+WAIT_EVE
+WAIT_FLAG
+WAIT_JOIN
+Wait List
+WAIT_MEM
+WAIT_MGET
+WAIT_MPUT
+WAIT_MUT
+WAIT_SEM
+wakeup_timer_handler. gpio:%u
+warning clear bitfield unknown evt_type:%d
+warning: frame timeout, drop it
+warning! invalid linkid:%d handle:0x%04x
+warning! TX hander should be always active
+warning! unknown status:%d
+WIFI_ADDR= %02x:%02x:%02x
+wifi_addr calib flags: %d
+wifi_fw
+wlan_sdio_wakeup_ap
+write reg 0x8C val=%x
+write reg 0xB8 val=%x
+write reg 0xBD val=%x
+write reg 0xBE val=%x
+write reg 0xC4 val=%x
+write reg 0x%x[11:6] val=%x
+write reg 0x%x[5:0] val=%x
+xB *FZI
+XPSR=%08X
+Y@1@K@a
+yF9K@"
+yF!K@"
+yF'K@"
+yF.K@"
+"YK F)F
++`!y`yj
+ZFd!PF
+zF'M@#
+zF+M@#
+zF]N@#
+"Z`[FZFO
+=@zj?@L~@@\GA@l
diff --git a/fw-analysis/best2002_fw_sdio_nosignal.strings.fnnames.txt b/fw-analysis/best2002_fw_sdio_nosignal.strings.fnnames.txt
new file mode 100644
index 000000000..9a1a6b6d3
--- /dev/null
+++ b/fw-analysis/best2002_fw_sdio_nosignal.strings.fnnames.txt
@@ -0,0 +1,95 @@
+adjust_digtal_gain_by_formula
+ana_and_dig_config
+bbpl_comp_by_temprtr_step2_v2
+cfg_rx_mem_dump
+close_usb_test
+config_dpd
+dpd_write_table
+factory_get_calib_data_from_efuse
+factory_get_power_from_efuse
+factory_get_section_from_efuse
+gain_sweep_end
+gain_sweep_start
+get_bdr_pwr
+get_btmac
+get_btoui
+get_channel
+get_edr_pwr
+get_flags
+get_frame_length
+get_mac
+get_powerlevel
+get_rate
+get_save
+get_save_freqoffset
+get_tx_interval
+get_woui
+hal_gpadc_adc2volt_calib
+hal_iomux_cfg_wifi_switch
+hal_iomux_set_sdio_voltage
+hal_pm_notif_register
+hal_sdio_adma_compensate
+hal_sdio_adma_config
+hal_sdio_device_irq_handler
+hal_sdio_device_wifi_rxtx_start
+hal_trace_crash_dump_register
+host_if_common_init
+host_int_irq
+init_dig_gain_offset
+iq_compensate_by_temperature_2002
+iq_compensate_by_temperature_2g_2002
+iq_compensate_by_temperature_v1
+mcu_to_lmac
+phase_sweep_end
+phase_sweep_start
+pmu_temperature_adc2temp_calib
+power_calib_finish
+power_compensate_by_temperature_2002
+power_debug
+ramrun_test_main
+recover_wifi_cali_result
+rf_cmd_nosignaling_test_handler
+rf_nosignaling_test_start_up
+rx_no_filter
+save_bdr_pwr
+save_edr_pwr
+sdio_rx_thread
+set_btmac
+set_btoui
+set_mac
+set_wifi_test_continue_mode
+set_woui
+tpt_open
+tx_11b_cnt
+tx_11g_cnt
+tx_11n_cnt
+tx_data_path
+tx_dc_tone
+tx_idle_timer_handler
+tx_power_flags
+tx_stop_cnt
+wifi_agc_config
+wifi_bes2600_cmd_test
+wifi_config_cali_from_linux
+wifi_deinit
+wifi_dpd_boot_low_power_en
+wifi_driver_mcu_msg_seq_fill
+wifi_driver_rf_cmd_test
+wifi_init
+wifi_iomux_cfg_switch
+wifi_iq_cali_2g_v2
+wifi_recover_cali_data
+wifi_rf_cmd_confirm
+wifi_rf_msg_rep
+wifi_rfpll_temperature_compensation
+wifi_rf_set_tpc_table
+wifi_rf_start
+wifi_rf_test_power_cali_save
+wifi_rx_mem_dump_test
+wifi_sdio_init
+wifi_sdio_send
+wifi_stop
+wifi_test_cmd
+wifi_transq_init
+wifi_tx_cnt_pre
+wifi_vendor_rf_cmd_select
diff --git a/fw-analysis/best2002_fw_sdio_nosignal.strings.txt b/fw-analysis/best2002_fw_sdio_nosignal.strings.txt
new file mode 100644
index 000000000..d04aaa3ba
--- /dev/null
+++ b/fw-analysis/best2002_fw_sdio_nosignal.strings.txt
@@ -0,0 +1,1177 @@
+##############################################
+------
+=========================
+$$bi9M"
+$	'I'H
+02FOIB 
+0#2J%I
+0c%eee
++0cIF@F
+0F9FBF#F
+0`!F(F
+0F)F"F
+0F*F!F
+0FJF>F/F
+0:hLIZ`C :F3F
+0HM\hHNEO
+0"IIKH
+`0K3J@F
+0=K>IB 
+0x%04x = 0x%04x
+0x%08x = 0x%08x
+0x82010000 :
+%+16<AGLQUZ^bfjmpsuxz{}~~
+1`bQK`
+	1F(F!
+1@FYCIK
+*1FZFPF
+1-h#F	J
+@@@@@@,1 SEQ_STATUS_IDLE
+1 test_wait, test_mode: 0x%x
+1YbZvYjA
+2002,  patch_wifi_testMode,cfg.test_rx_count:0x%08x
+2002,  patch_wifi_testMode,*rom_rx_signal_count:0x%08x
+#######20m ----> 40m
+2.4G cali ch idx %d invalid 0x%04x, use default value
+2.4g powerlevel indx= %d
+2FB 	I
+2FB )I
+2F;F0F9F
+2F)F F
+2FIFC 
+2G 11N power[%d]=0x%4x
+2g calib flags: %d
+2g freq_index:%d dpd_cali_num:%d find %d dB+-0.2db compression point success:%d
+####2g g_wfdrv.cali_tx_power: %p
+######2g tx no calib !!
+2?&+hAI
+2"`"hE
+#2iriku
+"2K F)F
+@@@@@@,2 SEQ_STATUS_IDLE
+30I0K1H
+3C DJFI
+3F:FQFHF!
+%3FpIC 
+3#J$IC 
+#3p F@K
+3 wifi_test, test_mode: 0x%x
+3yMDqy
+#######40m ----> 20m
+@40/R.
+4Jd!/H!
+5%behn
+5G 11N power[%d]=0x%4x
+5g calib flags: %d
+5G cali ch idx %d invalid 0x%04x, use default value
+###5g g_wfdrv.cali_tx_power_5g: %p
+5g powerlevel index= %d
+5g powerlevel indx= %d
+######5g tx no calib !!
+ 5K6OS
+6 7!H(I):";#
+6ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
+@"6KZ`
+#6L F#
+6 wifi_test, test_mode: 0x%x
+7I8H8N
+ 7KAF  
+87 F%K
+8CP`3x%q +
+8F1F*F#F
+9*F#nMF
+abandon=%d.
+abort error:%x,%x
+aciCa#z
+A#C )J)I
+adjust_digtal_gain_by_formula
+AF+FC 
+    after last switch 
+after rx stop 0x90138004 = 0x%08x
+ahFB"h
+AI_AMA
+AI_BIXBY
+AI_GMA
+AI_GVA
+AI_VOC
+a#!J"ID 
+AJm	H"
+AKKJ[h
+ALAJch
+alloc wakeup_timer fail
+AM+zii
+ana_and_dig_config
+AOB_SM
+APPMAIN
+APPTHREAD
+, APSR=%c%c%c%c%c
+### ASSERT @ 0x%08X ###
+AUDFLG
+aXdYcXaY`
+aYaYi!
+ba`(0P
+BAB_TxFrameComplete()
+BAB_TxFrameComplete()- BAB_TASK__PROCESS_TX_ADDBA_REQ_FRAME
+BAB_TxFrameComplete()- BAB_TASK__SEND_BAR_FRAME
+Bad func=%d for IOMUX pin=%d
+Bad GPIO pin %u (should < %u)
+bad situation: gain_energy is below 1000!
+bad situation: phase_energy is below 500!
+bad situation:phase_mis_base_final=%d,gain_mis_base_final=%d,Energy_final=%d
+bandwidth
+bbpl_comp_by_temprtr_step2_v2
+BDR calib data: 0x%x
+BeaconWindow=%d BeaconWindowTime=%d BeaconWindowAdj=%d
+befor rx stop 0x90138004 = 0x%08x
+bE ;J<I
+ (BFAR valid)
+BFKFPFYF
+BG test, os_time= %d , sleep= %d
+ @bh F
+*;@B ^I
+bit pos : %d
+B@J@Z@
+BLEAPP
+BLEPRF
+.bqb{csbr
+BT_ADAPTOR
+BT calib flags: %d
+BTC is power down. CTRL:0x%x
+bt msg len error. %u
+ (BusFault)
+ (BusFault during floating-point lazy state preservation)
+ (BusFault on stacking for exception entry)
+ (BusFault on unstacking for a return from exception)
+bycxbpbz
+bzc{bsbybrbxcpbq
+%c %08X: %08X
+c2]I^H
+C`3`EA
+C 3FJJJI
+C3`ki9FC
+#ca#ac`8
+######	CalibCountSaved= %d,CalibCounterRegStartVal= %d
+cali_temperature:%d, rf_version:%d
+cali_tx_gain[%d] = 0x%04x;
+cal_tx_power[%d * 2+1] = 0x%04x;	offset = %f;	cali_tx_gain[14] = 0x%04x;
+cal_tx_power[%d * 2+1] = 0x%04x;	offset = %f;	cali_tx_gain[%d] = 0x%04x;
+cal_tx_power[%d * 3+2] = 0x%04x;	offset = %f;	cali_tx_gain[14] = 0x%04x;
+cal_tx_power[%d * 3+2] = 0x%04x;	offset = %f;	cali_tx_gain[%d] = 0x%04x;
+can not add (%f), but keep running (+0.5)!
+case 1__end:phase_mis_base=%d,gain_mis_base=%d
+case 2__bad situation:choose the record result before! record_phase:%d,record_gain:%d
+case 3__choose the second result! phase:%d,gain:%d,energy:%d
+case 4__choose the better result:phase_mis_base_final=%d,gain_mis_base_final=%d,Energy_final=%d
+cC 4J4I
+cc`chZ
+C#D^`#`
+CD3`#hBF
+CEWNIDV-
+cFbF1F(H
+CF*cc'c
+cfg_iqtest_Triangle,step:%d, gain: %d
+cfg_mem_dump, des addr 0x%08x
+cfg_mem_dump, dump done!
+cfg_mem_dump,len 0x%x
+cfg_rx_mem_dump
+cfg.test_cfg:0x%x !
+check_ch_switch, old= %d, new= %d 
+checksum error. 0x%x 0x%x
+chosen gain_mis_base=%d,Energy_bak=%d
+chosen phase_mis_base=%d,Energy_tmp1=%d
+c]I]M^O
+#c`#j#
+C &J)I
+close_usb_test
+ cmd_cfg           0x %08x (0x20160050)
+config_dig_gain_no_signal, config val= 0x%x, 0x%x
+config_dpd
+converge(1):phase_mis_base=%d,gain_mis_base=%d,Energy_tmp1=%d
+CPU freq: %u
+CPU USAGE: busy=%d light=%d sys_deep=%d chip_deep=%d
+cs`shC
+cUJC UI
+C UJUI
+Current List
+Cx0;KC
+%,CYMO
+*Cz`3x q +
+D0M1K1I+`1J2K
+d!2F*H
+D9FXh|K
+ (Data access violation)
+ (Data Watchpoint Match)
+DC_cali_new_2g
+DebugEvent   :
+####DEBUG: FastPsmEnabled=%d, UapsdFlags=0x%x,bcn_schedule_count=%d 
+####DEBUG: PsmState=%d, MgmtMode=%d,TxOutstanding=%d 
+####DEBUG: RxInProgressFlags=%d, SwitchingChannel=%d,PowerBusyEvents:0x%08x
+Dec 27 2023 11:56:33 8125e20be:best2002_fw
+Delay List
+DelInterfaceFromChannel. ChanNum:%d, iner:%d
+d F"K!s
+DFSR =%08X
+DFWFLF
+dig_band_switch, band: %d
+dig_config....
+ (Divide by zero UsageFault)
+DMA chan not enabled: inst=%u hwch=%u
+DMA not configured on UART %d
+DMA not supported on UART %d
+dMeN+h2h
+DOK&D@F
+dpd_2003_config_new_2G
+dpd_cali done !
+dpd_cali faild !
+dpd_cali start %d %d
+dpd_write_table
+DP*I*L
+dQk!@Qc
+DRVANA
+DRVCODEC
+DRVFLS
+DRVSEC
+DRVUSB
+#D UJWI
+dump done !
+dump done .
+dump done!
+Dump the 2g power value  
+Dump the 5g power value  
+Dump the calib flags value
+Dump the wifi addr value  
+##### EbmMonitorHandler tx=%d cnt=%d reset=%d
+EBM WORKAROUND INVOKED!!
+EDR calib data: 0x%x
+e*!*!***G*I*I***K*M*M***O*Q*Q***S*U*U***W*Y*Y****[*]*]***_*a*a***c
+#{e+h9e
+eJfIB 
+!E ]J]I
+eMx"1FdH
+end:Energy_tmp=%d
+------ Enter %s ------
+, EPSR=%08X, IPSR=%03X
+Epta_bt_config dur %d
+ERROR29!!!!!
+error fast timer state:%d
+error: please set band as 2G4 or 5G
+Error: pmu shutdown failed!
+error, read battery timeout0
+error, read battery timeout1
+error, read temperature timeout0. ret:%d
+error, read temperature timeout1
+error:set the channel fail
+ERROR: st->gin_mini must eq to 1.0
+error. total:%u, already:%u
+error: unsupport order
+errror: please set band as 2G4 or 5G
+(Escalation HardFault)
+EvrRtxThreadError, thread name:%s, status:%d
+### EXCEPTION ###
+, ExceptionNumber=D'%d
+, EXC_RETURN=%08X
+------ Exit %s ------
+#`` F#
+*# #@F
+`# # F
+F($,N-K
++F0F9F
+F0F9F8
+F0F9Fc
+F0F9F"F+F
+F0F9FS
+F0F"F9F+F
+;"F1FC %
+?*F1FC 
+:F1F F
+#)F1H	
+	! F1K
+&#F2FC
+F2FC +F
+F2F;F0F9F
+F2F;FQ
+F2FPF;FYF
+!F3F*F
+F3F]`i`
+F4I2FB 
+!F8F&p
+)F8F.p
+ F9F2F
+*F9FB 
+ F9FBF
+factory_get_calib_data_from_efuse
+factory_get_power_from_efuse
+factory_get_section_from_efuse
+"FAFB 
+"FAFC 
+"FAF(F
+FAIL_BES_RF:Please input frame length rang from 500 to 1500 
+FAIL_BES_RF :Please input interval rang from 1 to 10 
+FAIL_BES_RF:Please input the number rang from 1 to 14 on 2.4G
+FAIL_BES_RF:Please input the number rang from 36 to 177 on 5G
+FAIL_BES_RF:read clock freqOffset value error
+FAIL_BES_RF:set power fail param =  0x%08x,value =  0x%08x 
+FAIL_BES_RF:set the rate error param = %d,value = %d 
+FAIL_BES_RF = >The band wide param is error ,It's 20M or 40M
+FAIL_BES_RF:The input rate index is invlid 
+FAIL_BES_RF:write clock freq into flash fail
+FAIL_BES_RF:write clock freq offset fail
+FAIL_BES_RF:write value error param = %d,value = %d 
+FAIL_BES_RF:write value is not equal to set value read = 0x%04x set = 0x%04x
+Failed to get DMA channel
+Failed to get dst periph: %d
+Failed to get src periph: %d
+Failed to open pmu
+FaultCause   :
+FaultInfo    :
+FBFcaQ
+FBFC +FdIF
+;FBFFIC 
++FBF)IC 
+FBFKFPFYF
+FBFKFQ
+FCF F1F
+#FC /I
+"FD bI
+FdK0F9F
+!F*F0F
+#:F!F0F
+*F!F0F
+"F+F0F9F
+F F2F)F;F
++*F!F8F
++F"FC 
+;F*FC 
+)F,Ff~
+#F"F!F
+;F F)F
+@F*F!F
++F*F)F2H
+ F)F:F3F
+#F"F!F9H
+F F)FD
+"F+F F)F
+;"F+F F)F
+F+F F)F
+F[F F)F
+"F+F@FIF
+F+F@FIF
+F F)FO
+F"F+FQ
+F F)FS
+!F#F\H
+#F :F I
+;F@FIF
+F@FIFc
+[F:FlIC 
+&)F F+p
+F[FPFYF
+!F#FQH
+F+gB VI
+"F)IB 
+[F;IC 
+*FIF0F
+*FIIIH
+{FIN3`
+find sdd matrix
+F(J8F!
+F(J(IB 
+:(F+J+K
+fKfJ F
+{F+`n`@#
+F#N3gB 'I
+F'N(O3h(I
+F-Nui(F
+FPF2FYF;F
+FPFBFYFKF
+FPF"FYF+F
+FPFYF2F;F
+FPFYFC
+#FP!HCS
+fpRead fail!
+"FQFB 
+*FQFB 
+;"FQFC %
+fQfSh#
+    frame:0x%08X
+freq calib flags: %d
+freq calib value: %d
+freq cali data invalid 0x%04x, use default value
+<[FRF!
+[FRF1F
+[FRF9F0
+%[FRF9F@F
+[FRF9F F
+FRF9F@F
+[FRF9FHF
+[FRFAF
+[FRF@F	
+FRF[F0F9F
+FRF[FPFYF
+FRF[FQ
+!FSF(F
+&Fsx2x
+[Func %d io %d] is unsupported by pin_func_map. Check it or use reg assignment like iomux_set_uart0.
+ (Function %d matched)
+f?>UUUUU
+fw_sleep
+fw_wakeup
+)Fx` F
+:@:F<@Z
+FzAF:F
+fZf]f\f
+!)@:F,@zj/@\G1@|
+G0"LILH
+G1K!F F
+G3h 3ca
+G9F(FvK
+G@"AFMH
+gain_sweep_end
+gain_sweep_start
+?GcNdK
+g_dc_iq_rst_u32_5g[0][0]:0x%08x, [1][0]:0x%08x
+get_bdr_pwr
+get_btmac
+get_btoui
+get_channel
+get_edr_pwr
+get_flags
+get_frame_length
+get_freqOffset
+get_mac
+get_powerlevel
+get_rate
+get_save
+get_save_freqoffset
+Get the 2.4g power index
+Get the 5g power index
+get_tx_interval
+get_woui
+GF#2F9F F
+g F)F2F;F
+ gfff|Y
+G I!J	h
+GIJ(`II
+G[J(`[I
+G[J\I(`
+G\J\I(`
+G\J]I(`
+G]J]I(`
+G]J^I(`
+G^J^I(`
+G{J{I(`
+G{J|I(`
+G|J|I(`
+G|J}I(`
+G}J}I(`
+G}J~I(`
+G~J~I(`
+GJJ(`JI
+G#K[ 3
+GKF!0F
+GKJJ F
+GKJ(`KI
+G~K~OS
+"gKZ`O
+GLJ(`LI
+GLK!F F
+GMJ(`MI
+GNJ(`NI
+GOJ(`OI
+GPJ(`PI
+`gpsjAF
+GqJqI(`
+GqJrI(`
+GrJrI(`
+GrJsI(`
+GsJsI(`
+GsJtI(`
+GtJtI(`
+GtJuI(`
+GuJuI(`
+GuJvI(`
+GvJvI(`
+GvJwI(`
+GwJwI(`
+GwJxI(`
+GxJxI(`
+GxJyI(`
+GyJyI(`
+GyJzI(`
+GzJ{I(`
+GzJzI(`
+h0 Fah
+#h1F8F
+hal_gpadc_adc2volt_calib
+hal_iomux_cfg_wifi_switch
+hal_iomux_set_sdio_voltage
+hal_pm_notif_register
+hal_sdio_adma_compensate
+hal_sdio_adma_config
+hal_sdio_device_irq_handler
+hal_sdio_device_wifi_rxtx_start
+ (Halted)
+hal_trace_crash_dump_register
+hal_transq_open failed: %d
+    Handling Timer callback %p
+ (HardFault)
+#h+D#`
+H#F"F!F
+H  F%K
+:h+FrC
+h[h!DS`
+"h"IC 
+hJd!XH 
+*H*N@\5x
+hook_post_sys_init  rom_hook_cfg->rom_run_flag=0x%08x
+hook_wifidrv_rfpll_en(%d) pm=%d os_time=%d
+host_if_common_init
+HOST IF --> RESUMED
+HOST IF --> SUSPEND
+host_int_irq
+ :hVLVI
+HWTIMER-ALLOC: Invalid state: %d
+HWTIMER collapsed: irq occurred too early
+HWTIMER collapsed: irq when active is null
+HWTIMER irq occurred early: old active timer might be deleted? %u
+HWTIMER irq when active is null: might be deleted? %u
+HWTIMER-START collapsed: cur=%u active=%u
+HWTIMER-STOP collapsed: active timer 0x%08x not in list 0x%08x
+HWTIMER-STOP collapsed: cur=%u active=%u
+HWTIMER-STOP collapsed: elapsed=%u active=%u
+HWTIMER-STOP collapsed: fired timer 0x%08x not in list 0x%08x
+hZjQ@O
+IBRTAPP
+ICSR =%08X, AIRCR=%08X, SCR  =%08X, CCR  =%08X
+IdleTask: Failed to alloc sleep timer
+IdleTask: Failed to register crash dump callback
+@)I"FB 
+I+FC "F
+IFxa@F
+iKiJjH
+'I'M(H
+Inactive
+INACTIVE
+init_dig_gain_offset
+init_digital_gain,ch=%d !
+init wakeup gpio:%x
+input powerlevel is invalid
+ (Instruction access violation)
+ (Instruction bus error)
+Invalid AUDMA chan: %u
+Invalid baud param: %d
+Invalid data bits param: %d
+Invalid DMA inst: %u
+Invalid DMA periph: %d
+Invalid DMA policy: %d
+Invalid flow control param: %d
+Invalid parity param: %d
+ (Invalid PC load by EXC_RETURN UsageFault)
+Invalid Pwr Tbl Idx
+Invalid SPI RX bits: %d
+Invalid SPI RX FRAME bits: %d
+Invalid SPI TX bits: %d
+ (Invalid state UsageFault)
+Invalid stop bits param: %d
+Invalid UART ID: %d
+IPSR():0x%x, PRIMASK:0x%x, BASEPRI:0x%x
+;iq_2g_cfg_rx_mem_dump
+IQ CAL ERROR!!!![%s]LINE%d------freq_index=%d
+iq_compensate_by_temperature_2002
+iq_compensate_by_temperature_2g_2002
+iq_compensate_by_temperature_v1
+irq: gpio %d, val %d
+ISPI: Bad bits cfg
+ISPI: SPI cs bad: %d
+IUUUUU
+]##JC $I
+JF9FPF
+JF!F(F
+JF!FPF
+JFYF@F
+jhZ`8Fbj
+`^J_I(`
+JI2F$3C ;F
+ JI2F;F
+#:J:IE 
+J! Sh#
+/K6J F
+{@K@C@
+ KcpG'(
+KFJFIF
+ K FYi
+K]h,C\`8
+kIA kN
+	K\i F
+!K+J F
+;K@J F
+K!J"H"I
+KKQJA QI
+>!+K+N
+,.K,p5
+ K`pG'(
+KXh@BpG
+>L FJFYF
+lhC #F
+lhfJ#FfIC 
+-L#h-I
+?/lj,D
+*LjF)F
+%L%J%h
+]L^KhJ F
+:L:KKJ F
+%"L#KT
+LKZOZJJL
+LMC_BA_AddActionFrameToTaskList()
+"L M#h(FC
+%[L[N4
+LwuO:Y
+m32J3ID 
+MAC:0x20260068-> 0x%08x, 0x2026006c-> 0x%08x
+ mac_addr1         0x %08x (0x20160068)
+ mac_addr2         0x %08x (0x2016006c)
+mac addr flags: %d
+malloc I_tone_filt_imag fail
+malloc I_tone_filt_real fail
+@MANh\7x
+mcu freq -> %u
+mcu_to_lmac
+ (MemFault)
+ (MemFault during floating-point lazy state preservation)
+ (MemFault on stacking for exception entry)
+ (MemFault on unstacking for a return from exception)
+METAL_ID: %d
+:M"F)FC 7
+%M"F)FC 8
+M#h(F#
+,M-I.h
+,M,I+h	hd
+min_gain=%d
+min_phase=%d
+MMFAR=%08X, BFAR =%08X
+ (MMFAR valid)
+ M N(F
+../../mod_platform/int/wifi_patch.c
+";M<O<I
+ (Monitor)
+MSP   =%08X, PSP   =%08X
+MSPLIM=%08X, PSPLIM=%08X
+mymemcpy NULL pointer ....
+name=%s
+Next List
+NF F*F
+NHOKOI
+NJC NI
++N+M3h+H
+ (NMI)
+ (No coprocessor UsageFault)
+ (NoException)
+ (None)
+non udp ping/pong, wake up host.
+nosignal unexpected
+Notice, chip has not calibration,there is no calb value
+Notice:The 2.4g power have calib finish, refusing calib again
+Notice:The 2g power have not finish, Please calib power first!
+Notice:The 5g power have calib finish, refusing calib again
+Notice:The 5g power have not finish, Please calib power first!
+Notice, there is no table select
+not support power calibration save
+Not support save calib data into flash or efuse
+NV_SEC
+o3.JC /I
+oFM"!F;F
+OK_BES_RF = >20m config g_test_tx_cfg = 0x%08x
+OK_BES_RF = >40m config g_test_tx_cfg = 0x%08x
+OK_BES_RF=================>CHAN_INDX= %d
+OK_BES_RF=================>CLOK_FREQ= 0x%04x
+OK_BES_RF:enter dpd debug
+OK_BES_RF:enter fw sleep success
+OK_BES_RF:enter fw wakeup success
+OK_BES_RF:enter the rx mode success
+OK_BES_RF:enter the tx mode success
+OK_BES_RF=================>FRAM_LEN= 0x%08x
+OK_BES_RF:From wifi switch to bt mode
+OK_BES_RF: new channel =%d
+OK_BES_RF=================>no filter: read_rx_ack = %d
+OK_BES_RF=================>RATE_INDX= 0x%08x
+OK_BES_RF=================> read_rx_ack = %d
+OK_BES_RF:reset wifi success !
+OK_BES_RF:RF_TX_CONTINUE_MODE
+OK_BES_RF:RF_TX_MEMORY_MODE0
+OK_BES_RF:RF_TX_MEMORY_MODE1
+OK_BES_RF:RF_TX_MEMORY_MODE2
+OK_BES_RF:RF_TX_MEMORY_MODE3
+OK_BES_RF:RF_TX_MEMORY_MODE4
+OK_BES_RF:RF_TX_MEMORY_MODE5
+OK_BES_RF: SAVE power calib flags success
+OK_BES_RF:save power success
+OK_BES_RF:set clock freq offset success result = 0x%04x 
+OK_BES_RF:set power success value = 0x%08x
+OK_BES_RF=================> set_rx_ack = %d
+OK_BES_RF:set the rate success value = %d 
+OK_BES_RF:success:enter stop tx cnt mode success
+OK_BES_RF:success:enter the 11b tx cnt mode success
+OK_BES_RF:success:enter the 11g tx cnt mode success
+OK_BES_RF:success:enter the 11n tx cnt mode success
+OK_BES_RF:success:enter the tx dc tone mode success
+OK_BES_RF:success:enter the tx tone mode success
+OK_BES_RF:temperature calibration open
+OK_BES_RF:the same channel
+OK_BES_RF=================>TX_INVL= %d
+OK_BES_RF=================>TX_POWER = 0x%08x
+OK_BES_RF:write value success value = %d 
+oKbhoI
+O(#kC0h
+&O&M;h
+Oneshot
+~O~N%h
+oOpN%h
+ opt wifi delay
+osRtxErrorNotify, code: %08x object is %p, magicWord:0x%08x|0x%08x
+p3p*FO
+PAC_FiqHandler, AckFail, queue: %d
+ PAC_Fiq  PAC_NTD_STATUS__RESP_RX_STORED 
+PAC_ProcessEbmIntContenAckFail()
+pa`"p#v
+PARAM_TX_INTERVAL_FAIL :write value error param = %d,value = %d 
+PARAM_TX_INTERVAL_OK :write value success value = %d 
+PAS_GetEbmTxRequests(), pTxRequest->Flags: 0x%08x, pTxRequest->RateIndex: %d,TxBaAgreementNum=%d
+PAS_GetEbmTxRequests(), SeqQueueIdleStatus: 0x%04x, sPasGlobal.AggrTxInProgress: %d
+PAS_GetEbmTxRequests(), TxBaAgreementNum].State=%d,BATxTidMask=0x%x 
+PAS_SetTsfTimerOnStamp, %d, TSF=0x%08x
+patch_config_dig_gain_table,index: %d, gain: %d,MaxPwrForChan: %d
+patch_HI_DefaultMsgHandler(): (Id=0x%x, Len=%d)
+patch_HI_Set_Coex_Params, hw_epta_enable:0x%x, new_run_flag:0x%x, gEptaBypass: %d
+patch_LMAC_Req_PS_PowerMgmtMode() - Mode %x, PowerBusyEvents:0x%08x
+patch_LMAC_Req_SYN_SetBssParams(), 0x%08x,0x%08x
+patch_LMAC_Req_SYN_SetBssParams(), 0x%08x,0x%08x,0x%08x
+patch_LMC_AddInterfaceToChannel. ChanNum:%d, iner:%d
+patch_LPO_calib_IRQHandler,  CalibCountSaved=%d, CalibCounterRegStartVal=%d
+ patch_PHY_RF_TX_TurnOffAuxAdc
+&&& patch_PS_BeaconWindowTimerHandler(),BeaconLostCount=%d, rom_OS_Time=%u tsf:%u
+@@@@ patch: switchchannel gPhyTemData.iChnlID: %d, eRadioBand_cfg: %d,current_band: %d 
+patch test mode, run_test_cmd= %d ,band= %d!
+patch_TX_Generate_Backoff_Slots retry timeout. val0x%x
+@@@@ patch: wifi_low_power_cfg_qfn_1p3v band:%d
+@@@@ patch: wifi_low_power_cfg_qfn_1p8v band:%d
+ path_PHY_RF_TX_TurnOnAuxAdc
++pb)F F
+PC =%08X
+pcS`pG
+pcs`sh#
+#pcYFPF
+Periodic
+ pG	 pG
+ pGY(O
+phase_sweep_end
+phase_sweep_start
+p;hb|Yx
+P HD*K
+"pK F)F
+PK]JXIA 
+PLAYER
+pLpKqJqHrI
+pmu_temperature_adc2temp_calib
+Possible Backtrace:
+###################power 5g load success !
+power_calib_finish
+power_compensate_by_temperature_2002
+power_debug
+power_G[%d] = 0x%04x, power_N[%d] = 0%04x
+###################power load success !
+ (Precise data bus error)
+PRIMASK   =%02X, FAULTMASK   =%02X, BASEPRI   =%02X, CONTROL   =%02X
+priority of fast timer should be equal to sido.
+pSh N#
+Q69!D@
+QjAF:F
+Qkkbal
+    R0 =0x%08X R1=0x%08X R2=0x%08X R3  =0x%08X
+R12=%08X, SP =%08X, LR =%08X
+    R12=0x%08X LR=0x%08X PC=0x%08X XPSR=0x%08X
+R%-2d=%08X, R%-2d=%08X, R%-2d=%08X, R%-2d=%08X
+ramrun_test_main
+RaNHD3h
+#####read freq calib value = 0x%04x
+Ready List
+reboot
+receive a tcp ack
+received_data = %d ,rx_idx_cur_w =%d
+recover_wifi_cali_result
+recv a normal tcp pkt1
+recv a normal tcp pkt2
+recv a tcp klv ack,rcv_time:%u ackno:%u seq:%u
+recv a udp ping
+recv pong, time %u.
+reg_freqOffset
+rELFOFN
+RESUMED while wifi initializing
+@@@@@@@ retry 1, 0x%x
+@@@@@@@ retry 2
+@@@@@@@ retry 3, 0x%x
+@@@@@@@ retry 4
+-->reuse adma for restransmission %d,(%u,0x%x)(%u,0x%x)
+rf cmd msg: %s
+rf_cmd_nosignaling_test_handler
+rf cmd send failed
+rf cmd test, create the start cmd thread fail
+RF!F(F
+RF[FPFYF
+rf_nosignaling_test_start_up
+rf_tx_tone_on_dc...
+}r(I)H
+rp(J)N +}p
+RTX V5.5.1
+Running
+RUNNING
+rx_ackRead
+rx_ackSet
+rx_filter
+rx_no_filter
+rx_stop
+RX/TX-DMA configured on SPI %d
+s3fsh#
+saJaIC MF
+save 2g power into flash
+save 5g power into flash
+save_bdr_pwr
+save_edr_pwr
+%s bit_val = %d, bit_offset =%d ch=%d
+%s,ch=%d !
+%s %d %08x:%08x
+%s %d band(0:2.4;1:5):%d tbl_idx(0:20;1:40):%d
+%s %d, cali mode invalid
+%s %d, create nosignal thread fail
+%s %d, create semaphore fail
+%s %d create temperature compenasation task success
+%s %d, create thread fail
+%s,%d %d
+%s,%d %d,%d
+%s %d, err cmd_type
+%s %d, err id
+%s:%d, error: rx length is 0
+%s %d, factory cali flags set err, calibration not complete
+%s %d, factory crc err, use default value
+%s %d fail to create my_main task
+%s,%d invalid length:%x,%u
+-->sdio_rx retransmission,%d,0x%x
+-->sdio_rx retransmission done,%d
+sdio_rx_thread
+sdio_tx_adma_configure:%u,%x,%x,%x
+<-- sdio_tx retransmission done
+<--sdio_tx retransmission:%u,%d,%d,%u
+------sdio wifi device enumeration result:%d
+%s,%d large packet error:%d,%d
+%s,%d len=%x
+%s:%d, no rx buf
+%s, %d, not mcu to driver msg
+%s,%d %p,%x
+%s driver cmd:%u 
+%s:%d, rx buf is NULL
+%s:%d, rx buf len %d > %d
+%s:%d, sdio_callback->hal_sdio_device_rxtx_start is NULL
+%s %d, sem not obtained. status = %d
+%s %d, sem release failed,%d
+%s, %d, send error = %d!
+%s %d, too long command:%d
+%s,%d total=%u already=%u
+search area:%d======%d
+ (SecureFault)
+%s efuse:%d/%d LV=%d, HV=%d, 1000*Slope=%d
+%s efuse:%d/%d LV=%d, HV=%d, Slope:%d Intcpt:%d
+select table b
+%s err cmd_type:0x%x
+set_btmac
+set_btoui
+set_mac
+set_wifi_test_continue_mode
+set_woui
+%s fatal os err=%d
+%s: handler already registered: user=%d handler=%p existedUser=%d
+%s: handler cannot be NULL: user=%d
+%s: handler list full: user=%d handler=%p curCnt=%u
+SHCSR=%08X, CFSR =%08X, HFSR =%08X, AFSR =%08X
+s.hJFf`AFE 
+shutdown
+%s int_type=%x
+%s L%d mode(0:b;1:g;2:n):%d
+%s L%d rfpll temperature compensation error: timeout.
+slect table a
+Sleep exit: schedule_evt%x pwr_busy_evt:%x
+Sleep failed, event: 0x%08x pwr_busy:0x%08x 
+sleep terminate, transq:%d sleep_flag:%d
+Sleep Timer:0x%08x callback:0x%08x
+%s line%d ()< 
+%s line%d ()> 
+%s Line%d ()<
+%s Line%d ()>
+%s Line%d 0x5b:0x%04x, 0x5c:0x%04x
+%s Line%d 2g dc CaliTime:%dms
+%s Line%d 2g iq CaliTime:%dms
+%s Line%d 5g iq CaliTime:%dms
+%s Line%d abs_centigrade:%d
+%s Line%d band(0:2g,1:5g,2:dual):%d; mode(0:normal, 1:test):%d
+%s Line%d before centigrade:%d current_abs_centigrade:%d
+%s Line%d can not reduce (%f), but keep running (-0.5)!
+%s Line%d channel_id:%d bw:%d ()<
+%s Line%d ch[%d, %d] 0x11d:0x%x
+%s line%d ()>ch_id=%d 
+%s Line%d ch_id:%d, 0x11d:0x%04x
+%s Line%d en:%d before ch:%d current ch:%d
+%s Line%d error: force continue!
+%s Line%d error: recover cali data faild.
+%s Line%d error:rx timeout
+%s Line%d freq_index:%d, 2g dpd+dc+iq CaliTime:%dms
+%s Line%d g_dc_iq_rst_u32_5g[0][0]:0x%08x, [1][0]:0x%08x
+%s line =%d, get efuse error
+%s Line%d g_rf_sw_io_select:%d
+%s Line%d powerlevel_offset_val_addr:%x, en_addr:%p
+%s Line%d protect dpd table.
+%s Line%d skip wifi cali success.
+%s Line%d temperature(%d, %d]
+%s Line%d temperature(%d, %d] 0x11d:0x%x
+%s Line%d val_u16_0xc0_9_1:%04x, +4 val_u16:0x%04x
+%s Line%d val_u16_0xc0_9_1:%04x, -4 val_u16:0x%04x
+%s Line%d WAFER_PACKAGE_2002_SELECT(0:wlcsp; 1:qfn; 3:fanout;):%d
+%s Line%d wifi_Hook_cfg->new_run_flag:0x %08x
+%s Line%d wifi reset
+%s line%d WIFI_RF_SW_IO_SELECT:%d 
+%s module %d
+%s, msg reply failed, line = %d, error = %d!
+'sNtM F
+%s: patch_2001_en_flag=0x%x relocation_marker=0x%x:  %d
+SPEECH
+SPIPHY: Bad bits cfg
+SPIPHY: SPI cs bad: %d
+SPI rate too large: %u
+SPI rate too small: %u
+%s, recover wifi cali result
+%s rf_tpc_table_a = %p, table b = %p
+sSDJEIC 
+%s: Set RT irq in hal_uart_dma_recv_mask... to avoid data lost
+Stack:
+    stack_mem=0x%08X stack_size=%u sp:0x%04x min_stack_free=%u
+ (Stack overflow UsageFault)
+*** stack smashing detected ***: terminated
+start dump adc data.....
+start:phase_mis_base_comp=%d,gain_mis_base_comp=%d 
+Start pmu %s
+start_point=%d,energy_point=%d
+ starx
+%s temperature_25=%d
+STE-P2P
+Stopped
+success:enter the rx mode success
+success:enter the tx mode success
+success:set channel success
+success:set cmd success
+SUSPEND while wifi initializing
+%s vendor rf cmd:%u 
+%s, volt error. %u
+#sv#z#
+    swap_in_time=%u(ticks)/%u(ms) swap_out_time=%u(ticks)/%u(ms)
+%s, wifi cali result crc error. addr:%p
+switch channel %d
+sysfreq =%d,0x40000078= 0x%08x
+systimer
+t($sm'
+T2YF F
+task runtime %u(ticks)/%u ms
+temp calibration something is not correct
+temperature
+TERMINAT
+Terminate List
+test_BG_timerHandler,PowerBusyEvents:0x%08x
+ test_dpd_cali     0x %08x (0x20160060)
+ test_freq         0x %08x (0x20160054)
+ test_mode         0x %08x (0x20160058)
+test_mode = %d test_chan= %d
+ test_reg          0x %08x (0x20160000)
+ test_tx_cfg       0x %08x (0x20160004)
+test_wait, test cmd= 0x%08x
+test_wait, test_mode= 0x%08x, use_freq:%d
+T+F$J	
+T#F	J	
+T+F#J	
+The channel is invald
+The channel is invalid, bit_offset < 0
+The channel is not right,please check again
+The start command has been started up
+The start command successed to start up
+The table a[0][0] addr =%p, table b[0][0] addr =%p
+ thread=0x%x, prio=%u state=%-9s thread_addr=0x%08X
+--- Thread BAD
+--- Thread  %d 
+    thread_join=0x%08X flags_options=%u wait_flags=%u thread_flags=%u
+Thread List:
+, ThreadMode
+--- Thread name=%s cpu=%%%d min-free-stack=%d
+    thread_next=0x%08X thread_prev=0x%08X delay_next=0x%08X delay_prev=0x%08X
+--- Thread NONE
+thread still runing, now %u(ticks)/%u(ms)
+    Timer current tick %u, Load %u
+    Timer %p Callback: %p
+    Timer: %s
+--- Timers is handleing:%d
+--- Timers Stats:
+    Timer state: %s
+    Timer type %s
+"tK F)F
+tlC O H
+T@N@J	
+tone_test_config: 0x%08x
+ tone_test_config  0x %08x (0x20160008)
+tpEC;h+D
+tpt_open
+TRACE-%u: Wait memsc timeout
+transq buffer has been dropped,%d
+TRANSQ-%d: Corrupted active tx: active=%d next=%d full=%d
+TRANSQ-%d: Corrupted pri active tx: active=%d next=%d full=%d
+ TRANSQ-%d: Corrupted rx mask: status=0x%08X%08X rx_mask=0x%08X%08X / 0x%08X%08X
+TRANSQ-%d: Corrupted tx mask: status=0x%08X%08Xtx_mask=0x%08X%08X / 0x%08X%08X
+TRANSQ-%d: Tx done IRQ when slot empty or out of order: status==0x%08X%08X next=%d pri_next=%d
+transq:%d, tx_handler%p, rx_mask:0x%08X%08X0x%08X%08X, tx_mask0x%08X%08X0x%08X%08X
+TRANSQ-%d: Tx on active slot: 0x%08x 0x%08x
+TRANSQ-: Rx IRQ  status=0x%08X%08X rx_mask=0x%08X%08Xslot=%d, irq_count:%d
+ts_C#h
+TSF ProbeResponder = FALSE 
+T>UUUUUU
+TWSAPP
+tx_11b_cnt
+tx_11g_cnt
+tx_11n_cnt
+tx_continue
+tx_data_path
+tx_dc_tone
+TX-DMA configured on SPI %d
+tx ERROR !!!!  ret= %d
+!!!!!!!! Tx fail, status: 0x%x, rate: %d, mode: %d!
+tx_idle_timer_handler
+tx_memory
+tx_power_flags
+tx_stop
+tx_stop_cnt
+ tx_test_cfg =     0x %08x (0x20160070)
+tx_tone
+u1h!D1`
+ (Unaligned access UsageFault)
+ (Undefined instruction UsageFault)
+unexpected status:%d
+unknown cmd!
+ (UsageFault)
+usbphy open fail
+?UUUUUU
+v2SISH
+V!8F}J 
+=!	V=a
+vbat:reg 0x%x, vbat %d
+VejC(K
+v&`:h%H
+V?LUUUUU
+VOICE_COMPRESS
+WAIT_DLY
+WAIT_EVE
+WAIT_FLAG
+WAIT_JOIN
+Wait List
+WAIT_MEM
+WAIT_MGET
+WAIT_MPUT
+WAIT_MUT
+WAIT_SEM
+wait wifi tx/rx idle ...
+wakeup host,reason=%d
+wakeup_timer_handler. gpio:%u
+WIFI_ADDR= %02x:%02x:%02x
+wifi_addr calib flags: %d
+wifi_agc_config
+wifi_auto_gate,0x90000038 = 0x00000001
+wifi_auto_gate,0x9000003c = 0x000000D0
+wifi_auto_gate,0x90000040 = 0x00000000
+wifi_auto_gate,0x90000048 = 0x00000000
+wifi_auto_gate,0x9000004c = 0x00000000
+wifi_auto_gate,0x90000050 = 0x00000000
+wifi_auto_gate,0x900000e4 = 0x00200420
+wifi_auto_gate,0x9000016c = 0x00000000
+wifi_bes2600_cmd_test
+wifi_config_40m, band(0:2g;1:5g;2:dual):%d, en(0:20m;1:40m):%d
+wifi config calib from efuse
+wifi_config_cali_from_linux
+wifi_deinit
+wifi_dpd_boot_low_power_en
+wifi_driver_mcu_msg_seq_fill
+wifi_driver_rf_cmd_test
+-wifidrv_rf_init.... 
+wifi_fw
+wifi_init
+wifi_iomux_cfg_switch
+wifi_iq_cali_2g_v2
+wifi_IQ_cal_rx_data_start ....
+wifi is down. skip sdio send
+WIFI --> OFF
+WIFI --> ON
+wifi_recover_cali_data
+wifi_rf_cmd_confirm
+wifi_rf_config_tx_power: %p
+wifi_rf_msg_rep
+wifi_rfpll_temperature_compensation
+wifi_rf_set_tpc_table
+wifi_rf_start
+wifi_rf_switch_band(0:2g 1:5g),old: %d, new: %d
+wifi_rf_test_power_cali_save
+wifi rx detect switch off
+wifi_rx_mem_dump_test
+wifi_sdio_init
+wifi sdio init failed
+wifi_sdio_send
+wifi_set_xtal_cal_val_test, old val=0x%x
+wifi_set_xtal_cal_val_test,val=0x%x
+wifi_stop
+wifi_switch_freq, freq:  %d
+wifi_switch_freq, write cali_channel: %d, channel: %d
+wifi_test_cmd
+wifi_test mode!
+wifi_test patch start=0x%08x, __wifi_patch_code_end=0x%08x
+wifi_test patch! wifi_sysHook->system_init=%p, patch_offset=%d
+wifi_test start! test_cmd:0x%x !
+wifi_test, test_mode: 0x%x
+wifi_transq_init
+wifi_tx_cnt_pre
+wifi_vendor_rf_cmd_select
+work on 2g
+work on 5g
+WORK on the 2g mode,please switch channel to 5G
+WORK on the 5g mode,please switch channel to 2G
+write 0x%08x=0x%08x done .(check 0x%04x)
+write 0x%08x=0x%08x done .(check 0x%08x) 
+########write  default freq calib value =0x%04x
+########write freq calib value =0x%04x
+wrong udp length!
+Xa^b#h
+XBXApG
+X"F+F5IC 
+xFpK@!
+`]xh#kC
+XJZIE 
+xmI	x[
+XPSR=%08X
+Y@1@K@a
+YF8FdK
+yF9K@"
+#YF:FF 
+YF F[K
+YFJF(F
+yF!K@"
+`YHYIZJ
+"YK F)F
+y@Y@A@
++`!y`yj
+z=7=7===N=P=P===R=T=T===V=X=X
+@ZAF:F
+zCzCzCCC[C[C[CCC]C]C]CCC_C_C_CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCaCaCaCCCcCcCcCeCeCCCeCCCgCgCgCCCiCiCiCCClClClCCCCoCoCoCCCrCrCrCCCuCCCu
+ZFd!PF!
+ZFQF F
+"Z`[FZFO
+ZhC KFFIOD
+=@zj?@L~@@\GA@l
+~~}{zxuspmjfb^ZUQLGA<61+%
diff --git a/notes/observed-bugs.md b/notes/observed-bugs.md
new file mode 100644
index 000000000..21bf03621
--- /dev/null
+++ b/notes/observed-bugs.md
@@ -0,0 +1,99 @@
+# Observed BES2600 driver bugs on PineTab2 (ohm)
+
+Compiled from on-device dmesg + Pine64 wiki + community reports. Cross-references the patch series.
+
+## Bug #1 — factory.txt path mismatch + filp_open antipattern (FIXED in c1)
+
+**File**: `bes2600_factory.c:148-170` (read), `:188-200` (create)
+
+**Symptom (pre-fix)**:
+```
+(NULL device *): read and check /lib/firmware/bes2600_factory.txt error
+```
+
+**Root cause**: hardcoded `FACTORY_PATH=/lib/firmware/bes2600_factory.txt` Makefile macro;
+real file ships at `/lib/firmware/bes2600/bes2600_factory.txt`. Worse, the read uses
+`filp_open` + `kernel_read` directly, bypassing the firmware-class infrastructure.
+
+**Fix**: c1 patch — `request_firmware()` for the read path, repointed Makefile macro
+to firmware-class name `bes2600/bes2600_factory.txt`.
+
+## Bug #1.5 — factory.txt parse failure (NEW, c5 to investigate)
+
+**File**: `bes2600_factory.c factory_parse()`
+
+**Symptom (post-c1)**:
+```
+bes2600_factory.txt parse fail
+read and check bes2600/bes2600_factory.txt error
+factory cali data get failed.
+```
+
+**How discovered**: c1 fix exposed a deeper bug — `factory_parse()` chokes on the data
+that `request_firmware()` now successfully returns. The original bug masked this
+because the read always failed first.
+
+**Hypotheses**: null-termination assumption mismatch (`request_firmware` doesn't
+null-terminate), `FACTORY_MEMBER_NUM=30/31` count discrepancy, kmalloc not
+zero-initialized, parser strict on trailing `%%\n` delimiter.
+
+**Status**: investigation pending (task c5). Driver falls back to defaults; WiFi
+functional but TX power is uncalibrated (all channels at 0x1400).
+
+## Bug #2 — PM low-power handshake timeout (recurring)
+
+**File**: `bes_pwr.c:470-558` — `bes2600_pwr_enter_lp_mode()`. Error at line 538.
+
+**Symptom**:
+```
+bes2600_wlan mmc2:0001:1: bes2600_pwr_enter_lp_mode, wait pm ind timeout
+```
+
+Fires every 5–10s in steady state when associated. Floods dmesg, likely
+correlates with bug #3 (SDIO TX stack splat) and bad battery life.
+
+**Root cause**: `wait_for_completion_timeout(&pm_enter_cmpl, 5*HZ)` waits
+for firmware to acknowledge a PM mode change; firmware never sends ACK.
+Driver proceeds to `bes2600_pwr_device_enter_lp_mode()` regardless.
+
+**Mobian == danctnix**: identical bes_pwr.c (1447 lines, 0-hunk diff). No
+upstream fix exists; we'd invent it (gate device-LP entry on completion +
+add retry).
+
+**Status**: task c2.
+
+## Bug #3 — SDIO TX scatter-gather panic / WARN
+
+**File**: `bes2600_sdio.c:952-1200` — `bes_sdio_memcpy_to_io_helper`,
+`sdio_tx_work`.
+
+**Symptom**:
+```
+[RX] Receive failure: 4.
+ bes_sdio_memcpy_to_io_helper+0x18c/0x288 [bes2600]
+ sdio_tx_work+0x2b4/0x4a0 [bes2600]
+Workqueue: bes_sdio sdio_tx_work [bes2600]
+```
+
+Recurring under TX load. Can wedge the chip irrecoverably (per Pine64 wiki:
+"Power/reset circuitry not properly implemented; hard reset impossible
+without board power-cycle").
+
+**Status**: task c3 (indirectly, via bes_chardev removal which currently
+gates the signal/nosignal mode switch path).
+
+## Bug #4 — scan_complete_cb constant loop
+
+**File**: `scan.c:883-909` — `bes2600_scan_complete_cb()`.
+
+**Symptom**:
+```
+ieee80211 phy0: bes2600_scan_complete_cb status: 0
+```
+
+Fires every 2–10s (status=0 = success, but the FREQUENCY suggests background
+scanning runs continuously when associated + idle).
+
+Most likely a NetworkManager scheduling artifact, not a driver bug. Low
+priority; suppress the wiphy_dbg print or skip scan-on-assoc'd if it
+matters.
diff --git a/notes/source-map.md b/notes/source-map.md
new file mode 100644
index 000000000..0fd8093da
--- /dev/null
+++ b/notes/source-map.md
@@ -0,0 +1,77 @@
+# BES2600 driver source map
+
+Inventory of every public driver source variant we found (2026-04-21), their relationships, and where each fits in the patch workflow.
+
+## The trees
+
+### TuxThePenguin0 — pre-removal Android-provenance snapshot
+- **URL**: `gitlab.com/TuxThePenguin0/bes2600`
+- **Files**: 53, flat layout (no subdir)
+- **HEAD**: `5316ef0 Merge branch 'master' into 'master'` (2023-07-14)
+- **Provenance markers** (Android-only files):
+  - `bes2600_cfgvendor.c/.h` — Android nl80211 vendor-cmd HAL interface
+  - `bes2600_driver_mode.h` — Android normal/factory/cali mode switch
+  - `bes2600_log.c/.h` — Android-style ALOGx logger
+- **Use**: reference for "what was originally shipped before community cleanup"
+
+### arjan-vlek — historical home (sources removed)
+- **URL**: `gitlab.com/arjanvlek/bes2600`
+- **master tip**: `3230fbd Simplify README.md` (2024-10) — README only
+- Sources removed in `e5055a3 "Removed sources from main branch"` (2024-10)
+- Pre-removal tip: `a184728 Merge branch 'checkpatch-fixes' into 'master'` (same SHA as TuxThePenguin0's history point)
+
+### Mobian DKMS — active maintained, primary PR target
+- **URL upstream**: `salsa.debian.org/Mobian-team/devices/bes2600-dkms`
+- **Our fork**: `git.reauktion.de/marfrit/bes2600-dkms`
+- **Default branch**: `mobian`
+- **Files**: 61 (Debian packaging layout: `Makefile.dkms` at root + `bes2600/*` source + `debian/`)
+- **HEAD**: `fe73571 d/control: Fix packagename of fw dependency` (2025-12)
+- Adds `Kconfig`, `Makefile`, `bes_pwr.c`, `itp.c`, `bes_log.h`, `bes_nl80211_testmode_msg.h` over TuxThePenguin0
+- Drops Android-provenance files (cfgvendor, driver_mode, ALOG-style logger)
+- **PR mechanism**: salsa.debian.org merge requests
+
+### danctnix in-kernel
+- **URL**: `codeberg.org/DanctNIX/linux-pinetab2`
+- **Tag**: `v6.19.10-danctnix1` matches the running kernel on ohm
+- **Path**: `drivers/staging/bes2600/` (54 files)
+- Adds `bes2600_btuart.c` (Dang Huynh, 2025) + `h4_recv.h` (Intel mainline copy) + `wifi_testmode_cmd.c`
+- Same factory.c / bes_pwr.c / bes2600_sdio.c content as Mobian (verified 0-hunk diffs)
+- **Use**: build target for in-kernel deployment via `/lib/modules/<ver>/extra/`
+
+### CW1200 mainline — ancestor
+- **URL**: `github.com/torvalds/linux/tree/master/drivers/net/wireless/st/cw1200`
+- 27 files, mainline-quality staging-cleaned
+- Same author (Dmitry Tarnyagin / ST-Ericsson)
+- Reference for upstream patterns; some BES2600 bugs may already be fixed in CW1200
+
+### OpenHarmony device_soc_bestechnic — Chinese-ecosystem reference
+- **URL**: `gitee.com/openharmony/device_soc_bestechnic`
+- Apache-2.0 (CANNOT direct-copy to GPL kernel)
+- LiteOS-M + HDF framework, not Linux driver
+- **Use**: register-level reference, firmware interaction protocol docs
+
+### Firmware mirrors (binary blobs only)
+- `github.com/Herrie82/bes2600-firmware` — 2 blobs (boot + sdio main), v0.3.5_2023.0209
+- `gitlab.com/pine64-org/bes2600-firmware` — same blobs
+- **On ohm**: 5 files at `/lib/firmware/bes2600/` (adds `btrf` + `nosignal` variants + `bes2600_factory.txt`)
+
+## Filename-level set diff
+
+43 driver C/H files common across TuxThePenguin0 + Mobian + danctnix
+(the CW1200-descended shared core).
+
+| File | Status |
+|------|--------|
+| `bes2600_cfgvendor.c/.h` | TuxThePenguin0 only (Android HAL) |
+| `bes2600_driver_mode.h` | TuxThePenguin0 only |
+| `bes2600_log.c/.h` | TuxThePenguin0 (renamed → `bes_log.h` in Mobian + danctnix) |
+| `dkms.conf`, `Kconfig` | Mobian only |
+| `bes2600_btuart.c`, `h4_recv.h` | danctnix only (BT integrated in same dir) |
+
+## Workflow
+
+| Goal | Tree | Branch | PR via |
+|------|------|--------|--------|
+| Per-patch dev | `marfrit/bes2600-dkms` | `bes2600/<name>` | salsa MR to upstream Mobian |
+| Live test on ohm | `~/bes2600-build/` (tar from danctnix tree, builds against `linux-pinetab2-headers`) | none | install to `/lib/modules/<ver>/extra/` |
+| Eventual mainline | (rewrite as drivers/staging/bes2600/) | `staging-bes2600` | linux-wireless mailing list RFC |
diff --git a/patches/0001-bes2600-use-request_firmware-for-factory.txt-read.patch b/patches/0001-bes2600-use-request_firmware-for-factory.txt-read.patch
new file mode 100644
index 000000000..3060228b5
--- /dev/null
+++ b/patches/0001-bes2600-use-request_firmware-for-factory.txt-read.patch
@@ -0,0 +1,144 @@
+From 1a5d54a3213041262caf1605bb19c66ddded41f7 Mon Sep 17 00:00:00 2001
+From: Markus Fritsche <fritsche.markus@gmail.com>
+Date: Wed, 22 Apr 2026 10:09:44 +0200
+Subject: [PATCH] bes2600: use request_firmware() for factory.txt read
+
+The BES2600 factory calibration file (bes2600_factory.txt) was being read
+via filp_open() + kernel_read() from a hard-coded absolute path baked in
+at compile time via the FACTORY_PATH Makefile macro
+(default: /lib/firmware/bes2600_factory.txt).
+
+This had several problems:
+
+1. Path mismatch - linux-firmware-style packaging (and danctnix 0.2-5
+   device-pine64-pinetab2) ships the file at
+   /lib/firmware/bes2600/bes2600_factory.txt, not /lib/firmware/. The
+   driver logged '(NULL device *): read and check
+   /lib/firmware/bes2600_factory.txt error' on every boot on PineTab2
+   running linux-pinetab2 6.19.10-danctnix1-1.
+
+2. Direct filesystem access via filp_open() / kernel_read() from a driver
+   is an anti-pattern that upstream rejects: drivers should use
+   request_firmware() to get binary data from userspace-managed firmware
+   directories. request_firmware() natively searches the firmware_class
+   path list (typically /lib/firmware + derivatives), associates the load
+   with a uevent, and respects the firmware-loading infrastructure.
+
+3. The (NULL device *) prefix in error messages indicated the absence of
+   proper device-context logging. While this patch does not yet thread
+   struct device through, the upstream path uses request_firmware() which
+   works with dev=NULL and is the building block for a follow-up patch
+   that adds per-chip device context.
+
+Repoint the FACTORY_PATH default to the firmware-class name
+(bes2600/bes2600_factory.txt) - request_firmware() prepends
+/lib/firmware/ from the configured search paths. The macro remains
+overridable at build time for non-standard deployments.
+
+Rewrite factory_section_read_file() to:
+  * Call request_firmware(&fw, path, NULL).
+  * Size-check fw->size against FACTORY_MAX_SIZE.
+  * memcpy the data into the caller's buffer.
+  * Always call release_firmware() on exit.
+
+The file write path (factory_section_write_file + kernel_write) is left
+unchanged in this patch; it is the subject of a follow-up patch that
+removes kernel_write and moves any remaining userspace-visible factory
+configuration to a standard kernel-userspace boundary (debugfs or
+nl80211 testmode).
+
+No caller signature changes. No Makefile flag drops. Bisectable.
+
+Tested-on: PineTab2 (BES2600WM + RK3566) running linux-pinetab2
+6.19.10-danctnix1-1, deployed via /lib/modules/<ver>/extra/. Verified
+post-reboot: original 'read and check /lib/firmware/bes2600_factory.txt
+error' is gone; request_firmware reads the file successfully (a separate
+factory_parse() bug, previously masked by the read failure, is now
+exposed and tracked separately).
+
+Signed-off-by: Markus Fritsche <fritsche.markus@gmail.com>
+---
+ bes2600/Makefile          |  2 +-
+ bes2600/bes2600_factory.c | 33 ++++++++++++++-------------------
+ 2 files changed, 15 insertions(+), 20 deletions(-)
+
+diff --git a/bes2600/Makefile b/bes2600/Makefile
+index 300912b..788aee2 100644
+--- a/bes2600/Makefile
++++ b/bes2600/Makefile
+@@ -66,7 +66,7 @@ BES2600_DRV_VERSION := bes2600_0.3.5_2024.0116
+ ifeq ($(CONFIG_BES2600_CALIB_FROM_LINUX),y)
+ FACTORY_CRC_CHECK                    ?= n
+ STANDARD_FACTORY_EFUSE_FLAG          ?= y
+-FACTORY_PATH                 ?= /lib/firmware/bes2600_factory.txt
++FACTORY_PATH                 ?= bes2600/bes2600_factory.txt
+ endif
+ 
+ # basic function
+diff --git a/bes2600/bes2600_factory.c b/bes2600/bes2600_factory.c
+index dc5d3da..8d60b7c 100644
+--- a/bes2600/bes2600_factory.c
++++ b/bes2600/bes2600_factory.c
+@@ -12,6 +12,7 @@
+ #include <linux/module.h>
+ #include <linux/sched.h>
+ #include <linux/fs.h>
++#include <linux/firmware.h>
+ #include <linux/slab.h>
+ #include <linux/mutex.h>
+ #include <linux/crc32.h>
+@@ -137,38 +138,32 @@ static int bes2600_factory_crc_check(struct factory_t *factory_data)
+  */
+ static int factory_section_read_file(char *path, void *buffer)
+ {
+-	int ret = 0;
+-	struct file *fp;
++	const struct firmware *fw;
++	int ret;
+ 
+ 	if (!path || !buffer) {
+ 		bes_err("%s NULL pointer err\n", __func__);
+ 		return -1;
+ 	}
+ 
+-	bes_devel("reading %s \n", path);
++	bes_devel("requesting firmware-class %s\n", path);
+ 
+-	fp = filp_open(path, O_RDONLY, 0); //S_IRUSR
+-	if (IS_ERR(fp)) {
+-		bes_devel("BES2600 : can't open %s\n",path);
++	ret = request_firmware(&fw, path, NULL);
++	if (ret) {
++		bes_devel("BES2600: request_firmware(%s) failed: %d\n", path, ret);
+ 		return -1;
+ 	}
+ 
+-	if (fp->f_inode->i_size <= 0 || fp->f_inode->i_size > FACTORY_MAX_SIZE) {
+-		bes_err(			"bes2600_factory.txt size check failed, read_size: %lld max_size: %d\n",
+-			fp->f_inode->i_size, FACTORY_MAX_SIZE);
+-		filp_close(fp, NULL);
++	if (fw->size == 0 || fw->size > FACTORY_MAX_SIZE) {
++		bes_err("bes2600_factory.txt size check failed, read_size: %zu max_size: %d\n",
++			fw->size, FACTORY_MAX_SIZE);
++		release_firmware(fw);
+ 		return -1;
+ 	}
+ 
+-	ret = kernel_read(fp, buffer, fp->f_inode->i_size, &fp->f_pos);
+-
+-	filp_close(fp, NULL);
+-
+-	if (ret != fp->f_inode->i_size) {
+-		bes_err("bes2600_factory.txt read fail\n");
+-		ret = -1;
+-	}
+-
++	memcpy(buffer, fw->data, fw->size);
++	ret = (int)fw->size;
++	release_firmware(fw);
+ 	return ret;
+ }
+ 
+-- 
+2.53.0
+
diff --git a/scripts/backup-ohm-kernel.sh b/scripts/backup-ohm-kernel.sh
new file mode 100755
index 000000000..c933bd6af
--- /dev/null
+++ b/scripts/backup-ohm-kernel.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+# Snapshot kernel + modules + bes2600 firmware from ohm into ~/backup/.
+#
+# Per feedback_backup_before_replace.md: always backup before replacing
+# kernel/modules/configs, with versioned labels.
+
+set -e
+
+TS=$(date +%Y%m%d-%H%M%S)
+KVER=$(uname -r)
+DEST=/home/mfritsche/backup
+mkdir -p ${DEST}
+
+OUT=${DEST}/ohm-kernel-${KVER}-${TS}.tar.zst
+
+echo "=== Sizes ==="
+sudo du -sh /boot /lib/modules/${KVER} /lib/firmware/bes2600
+
+echo "=== Tar ==="
+sudo tar --use-compress-program='zstd -3' \
+    -cf "${OUT}" \
+    -C / boot lib/modules/${KVER} lib/firmware/bes2600
+sudo chown $(id -un):$(id -gn) "${OUT}"
+
+echo "=== Result ==="
+ls -lah "${OUT}"
+zstd -t "${OUT}" 2>&1 | tail -1
diff --git a/scripts/build-bes2600-on-ohm.sh b/scripts/build-bes2600-on-ohm.sh
new file mode 100755
index 000000000..366d82d67
--- /dev/null
+++ b/scripts/build-bes2600-on-ohm.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# Native aarch64 build of bes2600 driver on ohm.
+#
+# Requires linux-pinetab2-headers package installed:
+#   sudo pacman -S --noconfirm linux-pinetab2-headers
+#
+# Source tree expected at /home/mfritsche/bes2600-build/ — populate via:
+#   tar -C ~/src/besser/linux-pinetab2/drivers/staging/bes2600 -cf - . | \
+#     ssh mfritsche@ohm.vpn 'mkdir -p ~/bes2600-build && tar -C ~/bes2600-build -xf -'
+#
+# (Mobian DKMS layout works too if you point at the bes2600/ subdir.)
+
+set -e
+
+cd /home/mfritsche/bes2600-build || { echo "no source tree at /home/mfritsche/bes2600-build"; exit 1; }
+[ -f Makefile ] || { echo "no Makefile in source tree"; exit 1; }
+
+# Clean stale root-owned files (in case sudo-make left some)
+sudo -n chown -R mfritsche:mfritsche . 2>/dev/null || true
+make clean
+
+# Native parallel build (4 cores on ohm)
+make -j4
+
+# Strip to manageable size + report
+strip --strip-debug bes2600.ko -o bes2600.stripped.ko
+ls -lh *.ko
+modinfo bes2600.stripped.ko | grep -E 'srcversion|vermagic'
diff --git a/scripts/deploy-c1-to-ohm.sh b/scripts/deploy-c1-to-ohm.sh
new file mode 100755
index 000000000..83517acdb
--- /dev/null
+++ b/scripts/deploy-c1-to-ohm.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Deploy a built bes2600 module to /lib/modules/<ver>/extra/ on ohm.
+#
+# This is the SAFE deploy path: no live module reload (which can wedge
+# the chip per Pine64 known issues), just persistent install + reboot.
+#
+# Run on ohm. Modules expected built at /home/mfritsche/bes2600-build/.
+
+set -e
+
+KVER=$(uname -r)
+EXTRA=/lib/modules/${KVER}/extra
+STAGING=/lib/modules/${KVER}/kernel/drivers/staging/bes2600
+
+cd /home/mfritsche/bes2600-build
+[ -f bes2600.stripped.ko ] || [ -f bes2600.ko ] || { echo "no bes2600.ko built"; exit 1; }
+
+NEW=$( [ -f bes2600.stripped.ko ] && echo bes2600.stripped.ko || echo bes2600.ko )
+
+echo "=== Backup originals (idempotent) ==="
+sudo cp -np ${STAGING}/bes2600.ko.zst ${STAGING}/bes2600.ko.zst.pre-deploy.bak 2>&1 || true
+sudo cp -np ${STAGING}/bes2600_btuart.ko.zst ${STAGING}/bes2600_btuart.ko.zst.pre-deploy.bak 2>&1 || true
+ls -la ${STAGING}/
+
+echo "=== Install patched modules to /extra/ ==="
+sudo install -D -m644 ${NEW} ${EXTRA}/bes2600.ko
+[ -f bes2600_btuart.ko ] && sudo install -D -m644 bes2600_btuart.ko ${EXTRA}/bes2600_btuart.ko
+sudo depmod -a
+ls -la ${EXTRA}/
+
+echo "=== Verify modprobe will pick our build ==="
+modinfo bes2600 | grep -E 'filename|srcversion'
+modinfo bes2600_btuart | grep -E 'filename|srcversion'
+
+echo
+echo "Deploy complete. Reboot to load the new module:"
+echo "  sudo reboot"
+echo
+echo "Rollback if anything breaks:"
+echo "  sudo rm ${EXTRA}/bes2600*.ko && sudo depmod -a && sudo reboot"