[FIX][GUIDE][INFO][01-JUN-2014]M7 "Active Cmdline Overflow" error and bootloop

Search This thread

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
[FIX][GUIDE][INFO][01-JUN-2014]M7 "Active Cmdline Overflow" error and bootloop

This is a collaboration of @cschmitt and myself. Many thanks to @cschmitt for his hard work and help :good::good:


Symptoms
1) Bootloader shows "active cmdline overflow (xxxx bytes)"
2) Unable to enter recovery (neither custom nor stock)
3) (possibly) everything you try reboots to bootloader



Cause
Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.

The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.



Problems (and why even an RUU won't restore your phone)
Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.

So what does a normal [misc] partition look like:
ta0a9y.jpg


the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.




OK, now get to the point, how do we fix this
Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
and @cschmitt has modified TWRP to disregard the BCB http://xdaforums.com/showpost.php?p=52262603&postcount=13

Download from AndroidFileHost: twrp-recovery-2.7-m7-nobcb.img only applicable for M7_U or M7_UL models.


Step 1: Install the noBCB recovery
Code:
C:\ADB3>[B][COLOR=Blue]fastboot devices[/COLOR][/B]
HT34xxxxxxxx    fastboot [I]<- we're in bootloader[/I]

C:\ADB3>[B][COLOR=Blue]fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img[/COLOR][/B]
target reported max download size of 1514139648 bytes
sending 'recovery' (11278 KB)...
OKAY [  1.500s]
writing 'recovery'...
OKAY [  1.240s]
finished. total time: 2.740s

C:\ADB3>[B][COLOR=Blue]fastboot erase cache[/COLOR][/B]
******** Did you mean to fastboot format this partition?
erasing 'cache'...
OKAY [  0.090s]
finished. total time: 0.090s

C:\ADB3>[B][COLOR=Blue]fastboot reboot-bootloader[/COLOR][/B]
rebooting into bootloader...
OKAY [  0.040s]
finished. total time: 0.040s
--> enter RECOVERY

jracuw.jpg


If you are still unable to boot into recovery:
Users with S-OFF
Downgrade hboot to 1.44
Download 1.29.401.12_hboot_1.44.zip, check MD5, and flash it in ruu mode:
Code:
C:\ADB3>[B][COLOR=Blue]fastboot oem rebootRUU[/COLOR][/B]
...
(bootloader) Start Verify: 0
OKAY [  0.047s]
finished. total time: 0.047s

C:\ADB3>[B][COLOR=Blue]fastboot flash zip 1.29.401.12_hboot_1.44.zip[/COLOR][/B]
sending 'zip' (501 KB)...
OKAY [  0.250s]
writing 'zip'...
(bootloader) zip header checking...
(bootloader) zip info parsing...
(bootloader) checking model ID...
(bootloader) checking custom ID...
(bootloader) start image[hboot] unzipping & flushing...
(bootloader) [RUU]UZ,hboot,0
(bootloader) [RUU]UZ,hboot,50
(bootloader) [RUU]UZ,hboot,100
(bootloader) [RUU]WP,hboot,0
(bootloader) [RUU]WP,hboot,99
(bootloader) [RUU]WP,hboot,100
(bootloader) ...... Successful
OKAY [  2.153s]
finished. total time: 2.402s

C:\ADB3>[B][COLOR=Blue]fastboot reboot-bootloader[/COLOR][/B]
rebooting into bootloader...
OKAY [  0.031s]
finished. total time: 0.031s
and enter RECOVERY
Users with S-ON
Try one of the following recoveries instead:
CWM_6.0.2.8_M7.img

cwm-recovery-m7-6.0.4.9-nobcb.img




Step 2: Backup your current mmcblk0p19 (it's always good to backup things before changing them)
Code:
C:\ADB3>[B][COLOR=Blue]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                            ensure [B]root[/B] privileges[/I]


C:\ADB3>[B][COLOR=Blue]adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>[B][COLOR=Blue]adb pull /tmp/mmcblk0p19_bak.img[/COLOR][/B]
2272 KB/s (1047040 bytes in 0.450s)


C:\ADB3>[B][COLOR=Blue]dir[/COLOR][/B]
 Volume in drive C has no label.
 Volume Serial Number is 0622-9D4A

 Directory of C:\ADB3

02/05/2014  18:40    <DIR>          .
02/05/2014  18:40    <DIR>          ..
02/05/2014  18:40         1,047,040 mmcblk0p19_bak.img
                                    [B][I]^^ there it is[/I][/B]

Step 3: Download generic m7_u / ul mmcblk0p19
Download the M7_U / UL generic misc partition by @cschmitt:
http://xdaforums.com/attachment.php?attachmentid=2774855&stc=1&d=1401633317
extract it and put it in your adb/fastboot folder.



Step 4: Restore the generic mmcblk0p19
Code:
C:\ADB3>[B][COLOR=Blue]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                            ensure [B]root[/B] privileges[/I]


C:\ADB3>[B][COLOR=Blue]adb push mmcblk0p19_generic.img /tmp/[/COLOR][/B]
2130 KB/s (1047040 bytes in 0.479s)


C:\ADB3>[B][COLOR=Blue]adb shell dd if=/tmp/mmcblk0p19_generic.img of=/dev/block/mmcblk0p19[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>[B][COLOR=Blue]adb reboot bootloader[/COLOR][/B]
You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.
:victory:

-------------------------------------------------------------------------------------------------------------------------------------------
Revision history
2nd May 2014:
Initial preview release.​
1st June 2014:
Generic misc partition now confirmed working for S-On and S-Off devices, no longer need to "repair" the misc partition.​
2nd August 2014:
Added links for other recoveries for S-On users, and hboot downgrade instructions for S-Off users.​
-------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer:
We are not responsible for anything going wrong with your phone!


credits:
@cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://xdaforums.com/showthread.php?t=2708134

-------------------------------------------------------------------------------------------------------------------------------------------
If you found this thread useful or educational, please press the THANKS button for both of us :).
-------------------------------------------------------------------------------------------------------------------------------------------
 

Attachments

  • mmcblk0p19_generic.rar
    830 bytes · Views: 2,655
Last edited:

cschmitt

Senior Member
Feb 24, 2012
1,716
1,914
The attached mmcblk0p19 should work for any m7_u or m7_ul device.

Unzip and install mmcblk0p19.generic.bin per the instructions in step 4 of OP:

Code:
adb push mmcblk0p19.generic.bin /tmp/
adb shell dd if=/tmp/mmcblk0p19.generic.bin of=/dev/block/mmcblk0p19
 

Attachments

  • mmcblk0p19.generic.bin.zip
    1.5 KB · Views: 375
Last edited:

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
As this is a "Work In Progress", you may have your doubts, and I cannot blame you in the slightest, for being VERY careful!!


So the main question is: has this ever been accomplished successfully?

The answer is yes http://xdaforums.com/showpost.php?p=52345379&postcount=48 (or sort of because he used a rooted ROM instead of recovery, you'll need to read the entire thread mentioned)... the thread is here http://xdaforums.com/showthread.php?t=2732757 , and though we haven't heard back from the OP, at least @donkeykong1 got it fixed!!

update, May 25, 2014: confirmed to have worked for 4 users
update, June 1, 2014: generic misc partition, confirmed working for S-On and S-Off users
 
Last edited:
  • Like
Reactions: thepsyklopz

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
Retired content, you can disregard this post
[WIP][POSSIBLE FIX][GUIDE][INFO][02-May-2014]HTC One M7 - "Active Cmdline Overflow" error and bootloader bootloop

This is a work in progress and a collaboration of @cschmitt and myself.
And it is still a rough draft!! so excuse any bad formatting (lack of colours, bold, italic, etc.)

Symptoms
1) Bootloader shows "active cmdline overflow (xxxx bytes)"
2) Unable to enter recovery (neither custom nor stock)
3) (possibly) everything you try reboots to bootloader



Cause
Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.

The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.



Problems (and why even an RUU won't restore your phone)
Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.

So what does a normal [misc] partition look like:
ta0a9y.jpg


the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.




OK, now get to the point, how do we fix this
Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
and @cschmitt has modified TWRP to disregard the BCB http://xdaforums.com/showpost.php?p=52262603&postcount=13

Download from AndroidFileHost: http://www.androidfilehost.com/?fid=23329332407590873 only applicable for M7_U or M7_UL models.


Step 1: Install the noBCB recovery
Code:
C:\ADB3>[B][COLOR="Blue"]fastboot devices[/COLOR][/B]
HT34xxxxxxxx    fastboot [I]<- we're in bootloader[/I]

C:\ADB3>[B][COLOR="Blue"]fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img[/COLOR][/B]
target reported max download size of 1514139648 bytes
sending 'recovery' (11278 KB)...
OKAY [  1.500s]
writing 'recovery'...
OKAY [  1.240s]
finished. total time: 2.740s

C:\ADB3>[B][COLOR="Blue"]fastboot erase cache[/COLOR][/B]
******** Did you mean to fastboot format this partition?
erasing 'cache'...
OKAY [  0.090s]
finished. total time: 0.090s

C:\ADB3>[B][COLOR="Blue"]fastboot reboot-bootloader[/COLOR][/B]
rebooting into bootloader...
OKAY [  0.040s]
finished. total time: 0.040s


--> enter RECOVERY

jracuw.jpg




Step 2: Backup your current mmcblk0p19
Code:
C:\ADB3>[B][COLOR="Blue"]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                            ensure [B]root[/B] privileges[/I]


C:\ADB3>[B][COLOR="Blue"]adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>[B][COLOR="Blue"]adb pull /tmp/mmcblk0p19_bak.img[/COLOR][/B]
2272 KB/s (1047040 bytes in 0.450s)


C:\ADB3>[B][COLOR="Blue"]dir[/COLOR][/B]
 Volume in drive C has no label.
 Volume Serial Number is 0622-9D4A

 Directory of C:\ADB3

02/05/2014  18:40    <DIR>          .
02/05/2014  18:40    <DIR>          ..
02/05/2014  18:40         1,047,040 mmcblk0p19_bak.img
                                    [B][I]^^ there it is[/I][/B]



Step 3: Repair mmcblk0p19
As I mentioned this is a work in progress, so for the time being, if you were able to backup your current mmcblk0p19, please compress and upload it, along with a "fastboot getvar all" (excluding IMEI and s/n).
And we'll have a look when we can, and send a "repaired" one back to you.



Step 4: Restore your repaired mmcblk0p19
Code:
C:\ADB3>[B][COLOR="Blue"]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                            ensure [B]root[/B] privileges[/I]


C:\ADB3>[B][COLOR="Blue"]adb push mmcblk0p19_repaired.img /tmp/[/COLOR][/B]
2130 KB/s (1047040 bytes in 0.479s)


C:\ADB3>[B][COLOR="Blue"]adb shell dd if=/tmp/mmcblk0p19_repaired.img of=/dev/block/mmcblk0p19[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>[B][COLOR="Blue"]adb reboot bootloader[/COLOR][/B]

You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.
:victory:

-------------------------------------------------------------------------------------------------------------------------------------------
Revision history
2nd May 2014:
Initial preview release.​
-------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer:
We are not responsible for anything going wrong with your phone!


credits:
@cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://xdaforums.com/showthread.php?t=2708134

-------------------------------------------------------------------------------------------------------------------------------------------
If you found this thread useful or educational, please press the THANKS button for both of us :).
-------------------------------------------------------------------------------------------------------------------------------------------
 
Last edited:
  • Like
Reactions: thepsyklopz

cschmitt

Senior Member
Feb 24, 2012
1,716
1,914
Some Background
It appears the 'active cmdline overflow' issue began with hboot 1.56. The error means that the command line passed from hboot to start the kernel (or recovery kernel) has exceeded the limit of the kernel command (1024 bytes.) Apparently, previous hboots ignored this error, but 1.56 halts the boot.

The kernel command line is constructed from (1) the command line contained within the kernel itself, (2) any arguments passed in to the kernel (i.e. with fastboot -c blah,blash boot boot.img), (3) the hboot itself, and (4) the bootloader command block (BCB) located in the misc partition (mmclbk0p19 on m7u, m7ul.)

A typical kernel command is around 700 to 800 bytes. You can check the kernel command by pulling the last_kmsg from the device
Code:
adb shell
su
cat /proc/last_kmsg > /sdcard/last_kmsg
exit
exit
adb pull /sdcard/last_kmsg

and searching for 'Kernel command line'. It will look something like this:
Code:
Kernel command line:  poweron_status=1 reset_status=0 board_m7_ul.disable_uart3=0 diag.enabled=0 board_m7_ul.debug_uart=0 userdata_sel=0 androidboot.emmc=true androidboot.pagesize=2048 skuid=0 ddt=20 ats=0 dap=6  androidboot.lb=0 uif=?000 td.sf=0 td.td=0 td.ofs=328 td.prd=1 td.dly=0 td.tmo=300 hlog.ofs=628 un.ofs=696 imc_online_log=0 androidboot.efuse_info=4FSL androidboot.baseband=4T.24.3218.09 androidboot.cid=11111111 androidboot.devicerev=3 androidboot.batt_poweron=good_battery androidboot.carrier=ALL androidboot.mid=PN0712000 androidboot.keycaps=qwerty androidboot.dq=PASS androidboot.mode=recovery androidboot.serialno=HT34KWxxxxxx androidboot.bootloader=1.54.0000 lscd=0x1 wificd=0x1 androidboot.nledhw=0 androidboot.ddrmid=(0x6) acpu.footprint=FFFFFFFF abnrst=0 zygote_oneshot=on kmemleak=off rpm_debug.enable=0 console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31

The BCB is 1088 bytes located at offset 0x800 in the misc partition (32 byte command, 32 byte status, 1024 byte recovery command.) Usually it zeroed out or contains a short command like 'recovery --wipe_data', but if it becomes corrupted (sometimes by flashing a rom for a different device which writes a kernel to p19) then this 'junk' data may be interpreted as kernel commands by the hboot and cause the command line to overflow, halting the boot.

Modified 'nobcb' TWRP Recovery
The modified TWRP recovery used in this solution is fairly simple. It has a modified get_args() method in recovery.cpp that skips reading the recovery command line arguments from the BCB, so that any junk data contained there is ignored and the recovery will boot successfully.

Additional Notes
I believe this solution requires S-OFF, as I don't think we can write to p19 with S-ON. We'll need to verify that, probably when someone with an S-ON device encounters 'active cmdline overflow'.

If that turns out to be the case I should be able to build a version of CM11 with a kernel that will ignore the BCB (similar to the no-bcb TWRP build) so that the device can boot an OS, use firewater to S-OFF, and then repair/restore p19.
 
Last edited:

AjdinKuduzovic

Senior Member
Dec 30, 2013
77
2
Help me please

i do the first step but i still cant enter to recovery mode
bootloop on htc one logo
please help me
 

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
i do the first step but i still cant enter to recovery mode
bootloop on htc one logo
please help me

after root and flash wrong rom i cant get in recovery mode any more i get (Entering Recovery mode) and its freeze on htc one logo
i flashed rom from this post http://xdaforums.com/showthread.php?t=2626050
Deodexed version
please help me

Note: Target device: HTC Droid DNA (PL8320000)

you have just corrupted your misc partition, and are probably getting "active cmdline overflow" in the bootloader screen, and even an ruu won't fix that.


please post a "fastboot getvar all" (excluding IMEI and s/n) and a screenshot of bootloader.
 
Last edited:
  • Like
Reactions: thepsyklopz

AjdinKuduzovic

Senior Member
Dec 30, 2013
77
2
please post a "fastboot getvar all" (excluding IMEI and s/n) and a screenshot of bootloader.

C:\adb>fastboot getvar all
< waiting for device >
(bootloader) version: 0.5
(bootloader) version-bootloader: 1.55.0000
(bootloader) version-baseband: 4A.21.3263.04
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main:
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) serialno: FA34CW904354
(bootloader) imei: xxxxxxxxxxxxxxxxxxx
(bootloader) meid: 00000000000000
(bootloader) product: m7_ul
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0710000
(bootloader) cidnum: ORANG001
(bootloader) battery-status: good
(bootloader) battery-voltage: 4261mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-b0a25cb2
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
all: Done!
finished. total time: 0.142s
 

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
C:\adb>fastboot getvar all
(bootloader) version-bootloader: 1.55.0000
(bootloader) version-main:
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_ul
(bootloader) modelid: PN0710000
(bootloader) cidnum: ORANG001
finished. total time: 0.142s

hmm, S-On :(

1- is your bootloader unlocked

2- did you check MD5 on the download to make sure it's not corrupt

3- can you copy/paste the output of your command prompt when you're flashing the noBCB recovery
 
  • Like
Reactions: thepsyklopz

AjdinKuduzovic

Senior Member
Dec 30, 2013
77
2
hmm, S-On :(

1- is your bootloader unlocked

2- did you check MD5 on the download to make sure it's not corrupt

3- can you copy/paste the output of your command prompt when you're flashing the noBCB recovery

C:\adb>fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img
sending 'recovery' (11278 KB)...
OKAY [ 1.364s]
writing 'recovery'...
OKAY [ 0.777s]
finished. total time: 2.151s

i tried to set s off i get error to
no luck for me
 

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
C:\adb>fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img
sending 'recovery' (11278 KB)...
OKAY [ 1.364s]
writing 'recovery'...
OKAY [ 0.777s]
finished. total time: 2.151s

i tried to set s off i get error to
no luck for me

3 questions, half an answer :(

after checking MD5, and flashing are you erasing cache.


If you can't get to recovery, there's nothing I can do.
 
  • Like
Reactions: thepsyklopz

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
yes i erase cache every time but still no luck :(
why i cant enter recovery mode i dont understand

without a working recovery, there's not much that can be done.

can you extract the updater-script from the ROM you tried to flash, compress, and upload it. it's the following file inside the ROM.ZIP:
/META-INF/com/google/android/updater-script
 

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
@cschmitt, any idea why twrp_noBCB doesn't boot for this guy? do you have any time to build a CWM_noBCB, since sometimes (on regular recoveries, twrp bootloops, but cwm doesn't)... what do you think.
 

Watashi_PT

Senior Member
Jan 7, 2011
64
7
@cschmitt, any idea why twrp_noBCB doesn't boot for this guy? do you have any time to build a CWM_noBCB, since sometimes (on regular recoveries, twrp bootloops, but cwm doesn't)... what do you think.

i did the same problem and after search a lots of foruns i see one and solve the problem... just downgrade hboot and your htc one back to inicial

but if i upgrade hboot a got the same problem
 

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
i did the same problem and after search a lots of foruns i see one and solve the problem... just downgrade hboot and your htc one back to inicial

but if i upgrade hboot a got the same problem

yes, that's similar to the case that was fixed, we used hboot 1.44 + the noBCB recovery to get the misc partition, he sent it to us, we fixed it, and he flashed it back, and then was able to upgrade both hboot and use a normal recovery again without problems.
 
  • Like
Reactions: wasdvd

nkk71

Inactive Recognized Developer / Contributor
May 26, 2010
8,741
7,571
53
Beirut
So I have a new getvar all after the ota install of latest sense 6.0 developers edition w/ self flash of hboot 1.44 afterwards:

Code:
C:\android\sdk\platform-tools>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 1.44.0000
(bootloader) version-main: 1.29.401.12
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) product: m7_ul
(bootloader) modelid: PN0713000
(bootloader) cidnum: 11111111

So weird!

i attached the blk019 .img file

Yep it's corrupt; another DLX kernel in there:
Code:
console=ttyHSL0,115200,n8 androidboot.hardware=[B][COLOR="Red"]dlx[/COLOR][/B] user_debug=31

I'll fix it and upload in a while....

EDIT: are you using custom recovery, or rooted rom to "dd" the partition?


thanks nkk71!

At the time I I made blk019 backup I didn't have root I believe just twrp no bcb recovery.

Attached is the fixed partition, extract it and put it in your adb/fastboot folder. then just boot back into the noBCB recovery and follow step 4.

and please be careful with the dd command, be sure to type it correctly (or copy/paste), you don't want to overwrite the wrong partition!!!

Let me know how it goes.
 

Attachments

  • mmcblk0p19_repaired_gazment.rar
    855 bytes · Views: 196
  • Like
Reactions: gazment

Top Liked Posts

  • There are no posts matching your filters.
  • 25
    [FIX][GUIDE][INFO][01-JUN-2014]M7 "Active Cmdline Overflow" error and bootloop

    This is a collaboration of @cschmitt and myself. Many thanks to @cschmitt for his hard work and help :good::good:


    Symptoms
    1) Bootloader shows "active cmdline overflow (xxxx bytes)"
    2) Unable to enter recovery (neither custom nor stock)
    3) (possibly) everything you try reboots to bootloader



    Cause
    Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.

    The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.



    Problems (and why even an RUU won't restore your phone)
    Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.

    So what does a normal [misc] partition look like:
    ta0a9y.jpg


    the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.




    OK, now get to the point, how do we fix this
    Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
    and @cschmitt has modified TWRP to disregard the BCB http://xdaforums.com/showpost.php?p=52262603&postcount=13

    Download from AndroidFileHost: twrp-recovery-2.7-m7-nobcb.img only applicable for M7_U or M7_UL models.


    Step 1: Install the noBCB recovery
    Code:
    C:\ADB3>[B][COLOR=Blue]fastboot devices[/COLOR][/B]
    HT34xxxxxxxx    fastboot [I]<- we're in bootloader[/I]
    
    C:\ADB3>[B][COLOR=Blue]fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img[/COLOR][/B]
    target reported max download size of 1514139648 bytes
    sending 'recovery' (11278 KB)...
    OKAY [  1.500s]
    writing 'recovery'...
    OKAY [  1.240s]
    finished. total time: 2.740s
    
    C:\ADB3>[B][COLOR=Blue]fastboot erase cache[/COLOR][/B]
    ******** Did you mean to fastboot format this partition?
    erasing 'cache'...
    OKAY [  0.090s]
    finished. total time: 0.090s
    
    C:\ADB3>[B][COLOR=Blue]fastboot reboot-bootloader[/COLOR][/B]
    rebooting into bootloader...
    OKAY [  0.040s]
    finished. total time: 0.040s
    --> enter RECOVERY

    jracuw.jpg


    If you are still unable to boot into recovery:
    Users with S-OFF
    Downgrade hboot to 1.44
    Download 1.29.401.12_hboot_1.44.zip, check MD5, and flash it in ruu mode:
    Code:
    C:\ADB3>[B][COLOR=Blue]fastboot oem rebootRUU[/COLOR][/B]
    ...
    (bootloader) Start Verify: 0
    OKAY [  0.047s]
    finished. total time: 0.047s
    
    C:\ADB3>[B][COLOR=Blue]fastboot flash zip 1.29.401.12_hboot_1.44.zip[/COLOR][/B]
    sending 'zip' (501 KB)...
    OKAY [  0.250s]
    writing 'zip'...
    (bootloader) zip header checking...
    (bootloader) zip info parsing...
    (bootloader) checking model ID...
    (bootloader) checking custom ID...
    (bootloader) start image[hboot] unzipping & flushing...
    (bootloader) [RUU]UZ,hboot,0
    (bootloader) [RUU]UZ,hboot,50
    (bootloader) [RUU]UZ,hboot,100
    (bootloader) [RUU]WP,hboot,0
    (bootloader) [RUU]WP,hboot,99
    (bootloader) [RUU]WP,hboot,100
    (bootloader) ...... Successful
    OKAY [  2.153s]
    finished. total time: 2.402s
    
    C:\ADB3>[B][COLOR=Blue]fastboot reboot-bootloader[/COLOR][/B]
    rebooting into bootloader...
    OKAY [  0.031s]
    finished. total time: 0.031s
    and enter RECOVERY
    Users with S-ON
    Try one of the following recoveries instead:
    CWM_6.0.2.8_M7.img

    cwm-recovery-m7-6.0.4.9-nobcb.img




    Step 2: Backup your current mmcblk0p19 (it's always good to backup things before changing them)
    Code:
    C:\ADB3>[B][COLOR=Blue]adb devices[/COLOR][/B]
    List of devices attached
    HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                                ensure [B]root[/B] privileges[/I]
    
    
    C:\ADB3>[B][COLOR=Blue]adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img[/COLOR][/B]
    2045+0 records in
    2045+0 records out
    1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
    
    
    C:\ADB3>[B][COLOR=Blue]adb pull /tmp/mmcblk0p19_bak.img[/COLOR][/B]
    2272 KB/s (1047040 bytes in 0.450s)
    
    
    C:\ADB3>[B][COLOR=Blue]dir[/COLOR][/B]
     Volume in drive C has no label.
     Volume Serial Number is 0622-9D4A
    
     Directory of C:\ADB3
    
    02/05/2014  18:40    <DIR>          .
    02/05/2014  18:40    <DIR>          ..
    02/05/2014  18:40         1,047,040 mmcblk0p19_bak.img
                                        [B][I]^^ there it is[/I][/B]

    Step 3: Download generic m7_u / ul mmcblk0p19
    Download the M7_U / UL generic misc partition by @cschmitt:
    http://xdaforums.com/attachment.php?attachmentid=2774855&stc=1&d=1401633317
    extract it and put it in your adb/fastboot folder.



    Step 4: Restore the generic mmcblk0p19
    Code:
    C:\ADB3>[B][COLOR=Blue]adb devices[/COLOR][/B]
    List of devices attached
    HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                                ensure [B]root[/B] privileges[/I]
    
    
    C:\ADB3>[B][COLOR=Blue]adb push mmcblk0p19_generic.img /tmp/[/COLOR][/B]
    2130 KB/s (1047040 bytes in 0.479s)
    
    
    C:\ADB3>[B][COLOR=Blue]adb shell dd if=/tmp/mmcblk0p19_generic.img of=/dev/block/mmcblk0p19[/COLOR][/B]
    2045+0 records in
    2045+0 records out
    1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
    
    
    C:\ADB3>[B][COLOR=Blue]adb reboot bootloader[/COLOR][/B]
    You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.
    :victory:

    -------------------------------------------------------------------------------------------------------------------------------------------
    Revision history
    2nd May 2014:
    Initial preview release.​
    1st June 2014:
    Generic misc partition now confirmed working for S-On and S-Off devices, no longer need to "repair" the misc partition.​
    2nd August 2014:
    Added links for other recoveries for S-On users, and hboot downgrade instructions for S-Off users.​
    -------------------------------------------------------------------------------------------------------------------------------------------

    Disclaimer:
    We are not responsible for anything going wrong with your phone!


    credits:
    @cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://xdaforums.com/showthread.php?t=2708134

    -------------------------------------------------------------------------------------------------------------------------------------------
    If you found this thread useful or educational, please press the THANKS button for both of us :).
    -------------------------------------------------------------------------------------------------------------------------------------------
    7
    The attached mmcblk0p19 should work for any m7_u or m7_ul device.

    Unzip and install mmcblk0p19.generic.bin per the instructions in step 4 of OP:

    Code:
    adb push mmcblk0p19.generic.bin /tmp/
    adb shell dd if=/tmp/mmcblk0p19.generic.bin of=/dev/block/mmcblk0p19
    4
    Some Background
    It appears the 'active cmdline overflow' issue began with hboot 1.56. The error means that the command line passed from hboot to start the kernel (or recovery kernel) has exceeded the limit of the kernel command (1024 bytes.) Apparently, previous hboots ignored this error, but 1.56 halts the boot.

    The kernel command line is constructed from (1) the command line contained within the kernel itself, (2) any arguments passed in to the kernel (i.e. with fastboot -c blah,blash boot boot.img), (3) the hboot itself, and (4) the bootloader command block (BCB) located in the misc partition (mmclbk0p19 on m7u, m7ul.)

    A typical kernel command is around 700 to 800 bytes. You can check the kernel command by pulling the last_kmsg from the device
    Code:
    adb shell
    su
    cat /proc/last_kmsg > /sdcard/last_kmsg
    exit
    exit
    adb pull /sdcard/last_kmsg

    and searching for 'Kernel command line'. It will look something like this:
    Code:
    Kernel command line:  poweron_status=1 reset_status=0 board_m7_ul.disable_uart3=0 diag.enabled=0 board_m7_ul.debug_uart=0 userdata_sel=0 androidboot.emmc=true androidboot.pagesize=2048 skuid=0 ddt=20 ats=0 dap=6  androidboot.lb=0 uif=?000 td.sf=0 td.td=0 td.ofs=328 td.prd=1 td.dly=0 td.tmo=300 hlog.ofs=628 un.ofs=696 imc_online_log=0 androidboot.efuse_info=4FSL androidboot.baseband=4T.24.3218.09 androidboot.cid=11111111 androidboot.devicerev=3 androidboot.batt_poweron=good_battery androidboot.carrier=ALL androidboot.mid=PN0712000 androidboot.keycaps=qwerty androidboot.dq=PASS androidboot.mode=recovery androidboot.serialno=HT34KWxxxxxx androidboot.bootloader=1.54.0000 lscd=0x1 wificd=0x1 androidboot.nledhw=0 androidboot.ddrmid=(0x6) acpu.footprint=FFFFFFFF abnrst=0 zygote_oneshot=on kmemleak=off rpm_debug.enable=0 console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31

    The BCB is 1088 bytes located at offset 0x800 in the misc partition (32 byte command, 32 byte status, 1024 byte recovery command.) Usually it zeroed out or contains a short command like 'recovery --wipe_data', but if it becomes corrupted (sometimes by flashing a rom for a different device which writes a kernel to p19) then this 'junk' data may be interpreted as kernel commands by the hboot and cause the command line to overflow, halting the boot.

    Modified 'nobcb' TWRP Recovery
    The modified TWRP recovery used in this solution is fairly simple. It has a modified get_args() method in recovery.cpp that skips reading the recovery command line arguments from the BCB, so that any junk data contained there is ignored and the recovery will boot successfully.

    Additional Notes
    I believe this solution requires S-OFF, as I don't think we can write to p19 with S-ON. We'll need to verify that, probably when someone with an S-ON device encounters 'active cmdline overflow'.

    If that turns out to be the case I should be able to build a version of CM11 with a kernel that will ignore the BCB (similar to the no-bcb TWRP build) so that the device can boot an OS, use firewater to S-OFF, and then repair/restore p19.
    1
    As this is a "Work In Progress", you may have your doubts, and I cannot blame you in the slightest, for being VERY careful!!


    So the main question is: has this ever been accomplished successfully?

    The answer is yes http://xdaforums.com/showpost.php?p=52345379&postcount=48 (or sort of because he used a rooted ROM instead of recovery, you'll need to read the entire thread mentioned)... the thread is here http://xdaforums.com/showthread.php?t=2732757 , and though we haven't heard back from the OP, at least @donkeykong1 got it fixed!!

    update, May 25, 2014: confirmed to have worked for 4 users
    update, June 1, 2014: generic misc partition, confirmed working for S-On and S-Off users
    1
    Retired content, you can disregard this post
    [WIP][POSSIBLE FIX][GUIDE][INFO][02-May-2014]HTC One M7 - "Active Cmdline Overflow" error and bootloader bootloop

    This is a work in progress and a collaboration of @cschmitt and myself.
    And it is still a rough draft!! so excuse any bad formatting (lack of colours, bold, italic, etc.)

    Symptoms
    1) Bootloader shows "active cmdline overflow (xxxx bytes)"
    2) Unable to enter recovery (neither custom nor stock)
    3) (possibly) everything you try reboots to bootloader



    Cause
    Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.

    The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.



    Problems (and why even an RUU won't restore your phone)
    Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.

    So what does a normal [misc] partition look like:
    ta0a9y.jpg


    the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.




    OK, now get to the point, how do we fix this
    Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
    and @cschmitt has modified TWRP to disregard the BCB http://xdaforums.com/showpost.php?p=52262603&postcount=13

    Download from AndroidFileHost: http://www.androidfilehost.com/?fid=23329332407590873 only applicable for M7_U or M7_UL models.


    Step 1: Install the noBCB recovery
    Code:
    C:\ADB3>[B][COLOR="Blue"]fastboot devices[/COLOR][/B]
    HT34xxxxxxxx    fastboot [I]<- we're in bootloader[/I]
    
    C:\ADB3>[B][COLOR="Blue"]fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img[/COLOR][/B]
    target reported max download size of 1514139648 bytes
    sending 'recovery' (11278 KB)...
    OKAY [  1.500s]
    writing 'recovery'...
    OKAY [  1.240s]
    finished. total time: 2.740s
    
    C:\ADB3>[B][COLOR="Blue"]fastboot erase cache[/COLOR][/B]
    ******** Did you mean to fastboot format this partition?
    erasing 'cache'...
    OKAY [  0.090s]
    finished. total time: 0.090s
    
    C:\ADB3>[B][COLOR="Blue"]fastboot reboot-bootloader[/COLOR][/B]
    rebooting into bootloader...
    OKAY [  0.040s]
    finished. total time: 0.040s


    --> enter RECOVERY

    jracuw.jpg




    Step 2: Backup your current mmcblk0p19
    Code:
    C:\ADB3>[B][COLOR="Blue"]adb devices[/COLOR][/B]
    List of devices attached
    HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                                ensure [B]root[/B] privileges[/I]
    
    
    C:\ADB3>[B][COLOR="Blue"]adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img[/COLOR][/B]
    2045+0 records in
    2045+0 records out
    1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
    
    
    C:\ADB3>[B][COLOR="Blue"]adb pull /tmp/mmcblk0p19_bak.img[/COLOR][/B]
    2272 KB/s (1047040 bytes in 0.450s)
    
    
    C:\ADB3>[B][COLOR="Blue"]dir[/COLOR][/B]
     Volume in drive C has no label.
     Volume Serial Number is 0622-9D4A
    
     Directory of C:\ADB3
    
    02/05/2014  18:40    <DIR>          .
    02/05/2014  18:40    <DIR>          ..
    02/05/2014  18:40         1,047,040 mmcblk0p19_bak.img
                                        [B][I]^^ there it is[/I][/B]



    Step 3: Repair mmcblk0p19
    As I mentioned this is a work in progress, so for the time being, if you were able to backup your current mmcblk0p19, please compress and upload it, along with a "fastboot getvar all" (excluding IMEI and s/n).
    And we'll have a look when we can, and send a "repaired" one back to you.



    Step 4: Restore your repaired mmcblk0p19
    Code:
    C:\ADB3>[B][COLOR="Blue"]adb devices[/COLOR][/B]
    List of devices attached
    HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                                ensure [B]root[/B] privileges[/I]
    
    
    C:\ADB3>[B][COLOR="Blue"]adb push mmcblk0p19_repaired.img /tmp/[/COLOR][/B]
    2130 KB/s (1047040 bytes in 0.479s)
    
    
    C:\ADB3>[B][COLOR="Blue"]adb shell dd if=/tmp/mmcblk0p19_repaired.img of=/dev/block/mmcblk0p19[/COLOR][/B]
    2045+0 records in
    2045+0 records out
    1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
    
    
    C:\ADB3>[B][COLOR="Blue"]adb reboot bootloader[/COLOR][/B]

    You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.
    :victory:

    -------------------------------------------------------------------------------------------------------------------------------------------
    Revision history
    2nd May 2014:
    Initial preview release.​
    -------------------------------------------------------------------------------------------------------------------------------------------

    Disclaimer:
    We are not responsible for anything going wrong with your phone!


    credits:
    @cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://xdaforums.com/showthread.php?t=2708134

    -------------------------------------------------------------------------------------------------------------------------------------------
    If you found this thread useful or educational, please press the THANKS button for both of us :).
    -------------------------------------------------------------------------------------------------------------------------------------------