Post Reply

[FIX][GUIDE][INFO][01-JUN-2014]M7 "Active Cmdline Overflow" error and bootloop

OP nkk71

2nd May 2014, 07:07 PM   |  #1  
nkk71's Avatar
OP Recognized Contributor
Flag Beirut
Thanks Meter: 3,003
 
6,060 posts
Join Date:Joined: May 2010
More
This is a collaboration of @cschmitt and myself. Many thanks to @cschmitt for his hard work and help


Symptoms
1) Bootloader shows "active cmdline overflow (xxxx bytes)"
2) Unable to enter recovery (neither custom nor stock)
3) (possibly) everything you try reboots to bootloader



Cause
Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.

The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.



Problems (and why even an RUU won't restore your phone)
Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.

So what does a normal [misc] partition look like:


the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.




OK, now get to the point, how do we fix this
Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
and @cschmitt has modified TWRP to disregard the BCB http://forum.xda-developers.com/show...3&postcount=13

Download from AndroidFileHost: twrp-recovery-2.7-m7-nobcb.img only applicable for M7_U or M7_UL models.


Step 1: Install the noBCB recovery
Code:
C:\ADB3>fastboot devices
HT34xxxxxxxx    fastboot <- we're in bootloader

C:\ADB3>fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img
target reported max download size of 1514139648 bytes
sending 'recovery' (11278 KB)...
OKAY [  1.500s]
writing 'recovery'...
OKAY [  1.240s]
finished. total time: 2.740s

C:\ADB3>fastboot erase cache
******** Did you mean to fastboot format this partition?
erasing 'cache'...
OKAY [  0.090s]
finished. total time: 0.090s

C:\ADB3>fastboot reboot-bootloader
rebooting into bootloader...
OKAY [  0.040s]
finished. total time: 0.040s
--> enter RECOVERY



If you are still unable to boot into recovery:
Users with S-OFF
Downgrade hboot to 1.44
Download 1.29.401.12_hboot_1.44.zip, check MD5, and flash it in ruu mode:
Code:
C:\ADB3>fastboot oem rebootRUU
...
(bootloader) Start Verify: 0
OKAY [  0.047s]
finished. total time: 0.047s

C:\ADB3>fastboot flash zip 1.29.401.12_hboot_1.44.zip
sending 'zip' (501 KB)...
OKAY [  0.250s]
writing 'zip'...
(bootloader) zip header checking...
(bootloader) zip info parsing...
(bootloader) checking model ID...
(bootloader) checking custom ID...
(bootloader) start image[hboot] unzipping & flushing...
(bootloader) [RUU]UZ,hboot,0
(bootloader) [RUU]UZ,hboot,50
(bootloader) [RUU]UZ,hboot,100
(bootloader) [RUU]WP,hboot,0
(bootloader) [RUU]WP,hboot,99
(bootloader) [RUU]WP,hboot,100
(bootloader) ...... Successful
OKAY [  2.153s]
finished. total time: 2.402s

C:\ADB3>fastboot reboot-bootloader
rebooting into bootloader...
OKAY [  0.031s]
finished. total time: 0.031s
and enter RECOVERY
Users with S-ON
Try one of the following recoveries instead:
CWM_6.0.2.8_M7.img

cwm-recovery-m7-6.0.4.9-nobcb.img





Step 2: Backup your current mmcblk0p19 (it's always good to backup things before changing them)
Code:
C:\ADB3>adb devices
List of devices attached
HT34xxxxxxxx    recovery <- you need to be in custom recovery to
                            ensure root privileges


C:\ADB3>adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>adb pull /tmp/mmcblk0p19_bak.img
2272 KB/s (1047040 bytes in 0.450s)


C:\ADB3>dir
 Volume in drive C has no label.
 Volume Serial Number is 0622-9D4A

 Directory of C:\ADB3

02/05/2014  18:40    <DIR>          .
02/05/2014  18:40    <DIR>          ..
02/05/2014  18:40         1,047,040 mmcblk0p19_bak.img
                                    ^^ there it is
Step 3: Download generic m7_u / ul mmcblk0p19
Download the M7_U / UL generic misc partition by @cschmitt:
http://forum.xda-developers.com/atta...1&d=1401633317
extract it and put it in your adb/fastboot folder.



Step 4: Restore the generic mmcblk0p19
Code:
C:\ADB3>adb devices
List of devices attached
HT34xxxxxxxx    recovery <- you need to be in custom recovery to
                            ensure root privileges


C:\ADB3>adb push mmcblk0p19_generic.img /tmp/
2130 KB/s (1047040 bytes in 0.479s)


C:\ADB3>adb shell dd if=/tmp/mmcblk0p19_generic.img of=/dev/block/mmcblk0p19
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>adb reboot bootloader
You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.


-------------------------------------------------------------------------------------------------------------------------------------------
Revision history
2nd May 2014:
Initial preview release.
1st June 2014:
Generic misc partition now confirmed working for S-On and S-Off devices, no longer need to "repair" the misc partition.
2nd August 2014:
Added links for other recoveries for S-On users, and hboot downgrade instructions for S-Off users.

-------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer:
We are not responsible for anything going wrong with your phone!


credits:
@cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://forum.xda-developers.com/show....php?t=2708134

-------------------------------------------------------------------------------------------------------------------------------------------
If you found this thread useful or educational, please press the THANKS button for both of us .
-------------------------------------------------------------------------------------------------------------------------------------------
Attached Files
File Type: rar mmcblk0p19_generic.rar - [Click for QR Code] (830 Bytes, 383 views)
Last edited by nkk71; 2nd August 2014 at 11:27 AM.
The Following 18 Users Say Thank You to nkk71 For This Useful Post: [ View ]
2nd May 2014, 07:07 PM   |  #2  
cschmitt's Avatar
Senior Member
Thanks Meter: 1,786
 
1,558 posts
Join Date:Joined: Feb 2012
The attached mmcblk0p19 should work for any m7_u or m7_ul device.

Unzip and install mmcblk0p19.generic.bin per the instructions in step 4 of OP:

Code:
adb push mmcblk0p19.generic.bin /tmp/
adb shell dd if=/tmp/mmcblk0p19.generic.bin of=/dev/block/mmcblk0p19
Attached Files
File Type: zip mmcblk0p19.generic.bin.zip - [Click for QR Code] (1.5 KB, 51 views)
Last edited by cschmitt; 26th May 2014 at 01:20 PM.
The Following 5 Users Say Thank You to cschmitt For This Useful Post: [ View ]
2nd May 2014, 07:08 PM   |  #3  
nkk71's Avatar
OP Recognized Contributor
Flag Beirut
Thanks Meter: 3,003
 
6,060 posts
Join Date:Joined: May 2010
More
As this is a "Work In Progress", you may have your doubts, and I cannot blame you in the slightest, for being VERY careful!!


So the main question is: has this ever been accomplished successfully?

The answer is yes http://forum.xda-developers.com/show...9&postcount=48 (or sort of because he used a rooted ROM instead of recovery, you'll need to read the entire thread mentioned)... the thread is here http://forum.xda-developers.com/show....php?t=2732757 , and though we haven't heard back from the OP, at least @donkeykong1 got it fixed!!

update, May 25, 2014: confirmed to have worked for 4 users
update, June 1, 2014: generic misc partition, confirmed working for S-On and S-Off users
Last edited by nkk71; 1st June 2014 at 04:34 PM.
The Following User Says Thank You to nkk71 For This Useful Post: [ View ]
2nd May 2014, 07:08 PM   |  #4  
nkk71's Avatar
OP Recognized Contributor
Flag Beirut
Thanks Meter: 3,003
 
6,060 posts
Join Date:Joined: May 2010
More
Retired content, you can disregard this post
[WIP][POSSIBLE FIX][GUIDE][INFO][02-May-2014]HTC One M7 - "Active Cmdline Overflow" error and bootloader bootloop

This is a work in progress and a collaboration of @cschmitt and myself.
And it is still a rough draft!! so excuse any bad formatting (lack of colours, bold, italic, etc.)

Symptoms
1) Bootloader shows "active cmdline overflow (xxxx bytes)"
2) Unable to enter recovery (neither custom nor stock)
3) (possibly) everything you try reboots to bootloader



Cause
Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.

The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.



Problems (and why even an RUU won't restore your phone)
Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.

So what does a normal [misc] partition look like:


the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.




OK, now get to the point, how do we fix this
Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
and @cschmitt has modified TWRP to disregard the BCB http://forum.xda-developers.com/show...3&postcount=13

Download from AndroidFileHost: http://www.androidfilehost.com/?fid=23329332407590873 only applicable for M7_U or M7_UL models.


Step 1: Install the noBCB recovery
Code:
C:\ADB3>fastboot devices
HT34xxxxxxxx    fastboot <- we're in bootloader

C:\ADB3>fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img
target reported max download size of 1514139648 bytes
sending 'recovery' (11278 KB)...
OKAY [  1.500s]
writing 'recovery'...
OKAY [  1.240s]
finished. total time: 2.740s

C:\ADB3>fastboot erase cache
******** Did you mean to fastboot format this partition?
erasing 'cache'...
OKAY [  0.090s]
finished. total time: 0.090s

C:\ADB3>fastboot reboot-bootloader
rebooting into bootloader...
OKAY [  0.040s]
finished. total time: 0.040s

--> enter RECOVERY





Step 2: Backup your current mmcblk0p19
Code:
C:\ADB3>adb devices
List of devices attached
HT34xxxxxxxx    recovery <- you need to be in custom recovery to
                            ensure root privileges


C:\ADB3>adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>adb pull /tmp/mmcblk0p19_bak.img
2272 KB/s (1047040 bytes in 0.450s)


C:\ADB3>dir
 Volume in drive C has no label.
 Volume Serial Number is 0622-9D4A

 Directory of C:\ADB3

02/05/2014  18:40    <DIR>          .
02/05/2014  18:40    <DIR>          ..
02/05/2014  18:40         1,047,040 mmcblk0p19_bak.img
                                    ^^ there it is


Step 3: Repair mmcblk0p19
As I mentioned this is a work in progress, so for the time being, if you were able to backup your current mmcblk0p19, please compress and upload it, along with a "fastboot getvar all" (excluding IMEI and s/n).
And we'll have a look when we can, and send a "repaired" one back to you.



Step 4: Restore your repaired mmcblk0p19
Code:
C:\ADB3>adb devices
List of devices attached
HT34xxxxxxxx    recovery <- you need to be in custom recovery to
                            ensure root privileges


C:\ADB3>adb push mmcblk0p19_repaired.img /tmp/
2130 KB/s (1047040 bytes in 0.479s)


C:\ADB3>adb shell dd if=/tmp/mmcblk0p19_repaired.img of=/dev/block/mmcblk0p19
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s


C:\ADB3>adb reboot bootloader
You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.


-------------------------------------------------------------------------------------------------------------------------------------------
Revision history
2nd May 2014:
Initial preview release.

-------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer:
We are not responsible for anything going wrong with your phone!


credits:
@cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://forum.xda-developers.com/show....php?t=2708134

-------------------------------------------------------------------------------------------------------------------------------------------
If you found this thread useful or educational, please press the THANKS button for both of us .
-------------------------------------------------------------------------------------------------------------------------------------------
Last edited by nkk71; 1st June 2014 at 03:33 PM.
The Following User Says Thank You to nkk71 For This Useful Post: [ View ]
2nd May 2014, 07:11 PM   |  #5  
cschmitt's Avatar
Senior Member
Thanks Meter: 1,786
 
1,558 posts
Join Date:Joined: Feb 2012
Some Background
It appears the 'active cmdline overflow' issue began with hboot 1.56. The error means that the command line passed from hboot to start the kernel (or recovery kernel) has exceeded the limit of the kernel command (1024 bytes.) Apparently, previous hboots ignored this error, but 1.56 halts the boot.

The kernel command line is constructed from (1) the command line contained within the kernel itself, (2) any arguments passed in to the kernel (i.e. with fastboot -c blah,blash boot boot.img), (3) the hboot itself, and (4) the bootloader command block (BCB) located in the misc partition (mmclbk0p19 on m7u, m7ul.)

A typical kernel command is around 700 to 800 bytes. You can check the kernel command by pulling the last_kmsg from the device
Code:
adb shell
su
cat /proc/last_kmsg > /sdcard/last_kmsg
exit
exit
adb pull /sdcard/last_kmsg
and searching for 'Kernel command line'. It will look something like this:
Code:
Kernel command line:  poweron_status=1 reset_status=0 board_m7_ul.disable_uart3=0 diag.enabled=0 board_m7_ul.debug_uart=0 userdata_sel=0 androidboot.emmc=true androidboot.pagesize=2048 skuid=0 ddt=20 ats=0 dap=6  androidboot.lb=0 uif=?000 td.sf=0 td.td=0 td.ofs=328 td.prd=1 td.dly=0 td.tmo=300 hlog.ofs=628 un.ofs=696 imc_online_log=0 androidboot.efuse_info=4FSL androidboot.baseband=4T.24.3218.09 androidboot.cid=11111111 androidboot.devicerev=3 androidboot.batt_poweron=good_battery androidboot.carrier=ALL androidboot.mid=PN0712000 androidboot.keycaps=qwerty androidboot.dq=PASS androidboot.mode=recovery androidboot.serialno=HT34KWxxxxxx androidboot.bootloader=1.54.0000 lscd=0x1 wificd=0x1 androidboot.nledhw=0 androidboot.ddrmid=(0x6) acpu.footprint=FFFFFFFF abnrst=0 zygote_oneshot=on kmemleak=off rpm_debug.enable=0 console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31
The BCB is 1088 bytes located at offset 0x800 in the misc partition (32 byte command, 32 byte status, 1024 byte recovery command.) Usually it zeroed out or contains a short command like 'recovery --wipe_data', but if it becomes corrupted (sometimes by flashing a rom for a different device which writes a kernel to p19) then this 'junk' data may be interpreted as kernel commands by the hboot and cause the command line to overflow, halting the boot.

Modified 'nobcb' TWRP Recovery
The modified TWRP recovery used in this solution is fairly simple. It has a modified get_args() method in recovery.cpp that skips reading the recovery command line arguments from the BCB, so that any junk data contained there is ignored and the recovery will boot successfully.

Additional Notes
I believe this solution requires S-OFF, as I don't think we can write to p19 with S-ON. We'll need to verify that, probably when someone with an S-ON device encounters 'active cmdline overflow'.

If that turns out to be the case I should be able to build a version of CM11 with a kernel that will ignore the BCB (similar to the no-bcb TWRP build) so that the device can boot an OS, use firewater to S-OFF, and then repair/restore p19.
Last edited by cschmitt; 2nd May 2014 at 09:08 PM.
The Following 3 Users Say Thank You to cschmitt For This Useful Post: [ View ]
11th May 2014, 11:52 AM   |  #6  
Member
Thanks Meter: 2
 
77 posts
Join Date:Joined: Dec 2013
Unhappy Help me please
i do the first step but i still cant enter to recovery mode
bootloop on htc one logo
please help me
11th May 2014, 11:55 AM   |  #7  
nkk71's Avatar
OP Recognized Contributor
Flag Beirut
Thanks Meter: 3,003
 
6,060 posts
Join Date:Joined: May 2010
More
Quote:
Originally Posted by AjdinKuduzovic

i do the first step but i still cant enter to recovery mode
bootloop on htc one logo
please help me

Quote:

after root and flash wrong rom i cant get in recovery mode any more i get (Entering Recovery mode) and its freeze on htc one logo
i flashed rom from this post http://forum.xda-developers.com/show....php?t=2626050
Deodexed version
please help me

Note: Target device: HTC Droid DNA (PL8320000)

you have just corrupted your misc partition, and are probably getting "active cmdline overflow" in the bootloader screen, and even an ruu won't fix that.


please post a "fastboot getvar all" (excluding IMEI and s/n) and a screenshot of bootloader.
Last edited by nkk71; 11th May 2014 at 03:46 PM.
The Following User Says Thank You to nkk71 For This Useful Post: [ View ]
11th May 2014, 11:57 AM   |  #8  
Member
Thanks Meter: 2
 
77 posts
Join Date:Joined: Dec 2013
Unhappy
Quote:
Originally Posted by nkk71

please post a "fastboot getvar all" (excluding IMEI and s/n) and a screenshot of bootloader.

C:\adb>fastboot getvar all
< waiting for device >
(bootloader) version: 0.5
(bootloader) version-bootloader: 1.55.0000
(bootloader) version-baseband: 4A.21.3263.04
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main:
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) serialno: FA34CW904354
(bootloader) imei: xxxxxxxxxxxxxxxxxxx
(bootloader) meid: 00000000000000
(bootloader) product: m7_ul
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0710000
(bootloader) cidnum: ORANG001
(bootloader) battery-status: good
(bootloader) battery-voltage: 4261mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-b0a25cb2
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
all: Done!
finished. total time: 0.142s
11th May 2014, 12:06 PM   |  #9  
nkk71's Avatar
OP Recognized Contributor
Flag Beirut
Thanks Meter: 3,003
 
6,060 posts
Join Date:Joined: May 2010
More
Quote:
Originally Posted by AjdinKuduzovic

C:\adb>fastboot getvar all
(bootloader) version-bootloader: 1.55.0000
(bootloader) version-main:
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_ul
(bootloader) modelid: PN0710000
(bootloader) cidnum: ORANG001
finished. total time: 0.142s

hmm, S-On

1- is your bootloader unlocked

2- did you check MD5 on the download to make sure it's not corrupt

3- can you copy/paste the output of your command prompt when you're flashing the noBCB recovery
The Following User Says Thank You to nkk71 For This Useful Post: [ View ]
11th May 2014, 12:08 PM   |  #10  
Member
Thanks Meter: 2
 
77 posts
Join Date:Joined: Dec 2013
Unhappy
Quote:
Originally Posted by nkk71

hmm, S-On

1- is your bootloader unlocked

2- did you check MD5 on the download to make sure it's not corrupt

3- can you copy/paste the output of your command prompt when you're flashing the noBCB recovery

C:\adb>fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img
sending 'recovery' (11278 KB)...
OKAY [ 1.364s]
writing 'recovery'...
OKAY [ 0.777s]
finished. total time: 2.151s

i tried to set s off i get error to
no luck for me

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in One General by ThreadRank