Posted: Sun Jul 29, 2018 18:59 Post subject: Bootloop Investigation for Netgear R8300 and R8500 routers
Can a few folks send me mtd dumps from their Netgear stock firmware R8300 and R8500 routers?
I'm diagnosing things and close to the solution to fix these. Im particularly interested in the MP2 variants of these routers as those are what is affecting most people.
Here are the steps (using working stock firmware please):
1) Insert a formatted USB stick into usb port and verify it is mounted
2) Enable telnet by going to http://192.168.1.1/debug.htm and checking telnet box
3) On computer, open a terminal window and telnet to router: (i.e.-> telnet 192.168.1.1)
4) Then run the following commands via telnet seesion:
Code:
export usb_stick="$(find /tmp/shares/* | head -n 1)"
cat /proc/mtd > $usb_stick/mtdblock_list.txt
for x in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18; do cat /dev/mtdblock$x > $usb_stick/mtdblock$x; done
zip -j $usb_stick/router_partition_backup.zip $usb_stick/mtdblock*
rm /$usb_stick/mtdblock*
Lastly, post the resulting "router_partition_backup.zip" for comparison and make note of Router, firmware revision, etc.
Note: you can exclude mtdblock1 and mtdblock4 if you are concerned with sharing pwd/mac stuff.
Come on guys, please someone try to provide the details I requested. I really am trying to get to the bottom of the wireless issues / bootloop problems on these two routers.
If nothing else, the steps above will help you get some insurance if you have a backup of every single partition on your router while it is working.
Well, I am not denying some have bad hardware; however, it seems a few things are really going on:
1) Broadcom screwed up the numbering on pci device numbering for *some* revisions of the wifi chips used in some of the units.
2) Netgear used some of those chips in various units.
3) It seems that they did not update the GPL sources shared on their site and/or any of the firmware on their site that used those. My belief is that when they made the MP2 units (specifically those in Vietnam) they hacked in a new updated dhd.ko driver that knew about the specific revision of the chip (rev 04) that is not reflected in their public repo.
4) As a result when the firmware would auto update, boom... it boot loops because the unit gets something off their update site but *NONE* of those firmwares account for the newer rev 04 of the 4366 chip. A little evidence may be seen by folks when using CFE and it gets to "insmod dpasta.ko" and puts out a message and then the segment fault and reboot occurs right after that (which is really when it tries to load dhd.ko driver and it is wrong version for this chip).
5) Looking at every firmware for both the R8300 and R8500 off their site, I confirmed the dhd.ko driver in each firmware and they are all earlier versions of the driver than what is proper for that chip. (they are very close, but minor changes in the firmware affect things directly)
I can post what I have found about the drivers in each firmware as proof. But to your point, their still may be bad units out there. I have had no luck with any stock firmware as a result (I believe) due to my R8300 having a rev 04 chip.
I have been able to somewhat confirm this by using a ASUS Merlin image that will run due to it's dhd.ko driver being newer and support the funky rev 04 chip version.
I want to take the latest stock Netgear firmware (122 I think?) for the R8500, and try to use firmware mod kit to replace the dhd.ko driver and rebuild the image. Mileage may vary as that is not a true compile from scratch but we shall see.
Anyhow, just something to noodle on. I sure wish others would pitch in and get me the info above I had hoped for. It would go a long way to also confirm the real issue.
No change for me. Still only have the upper band 5ghz working on this koolshare fw as I do on dd-wrt.
The 2.4ghz sometimes shows up some times doesn’t, on either firmware.
Won’t boot at all on Netgear firmware.
This is on an r8300. I threw away the other r8500’s I had two weeks ago. _________________ I am far from a guru, I'm barely a novice.
Interesting. I found something odd on this one. If I do a nvram erase & nvram commit through CFE it really doesn't do it (commit it to flash that is). If I hold in reset on power up for 3 cycles it takes care of it. Maybe worth a try.
Back on stock firmware in log you can see:
[ 1986.010000] dhdpcie_pci_probe: PCIe Enumeration failed
[ 1986.010000] Broadcom PCI Device 0x4715 has allocated with driver et
[ 1986.010000] Broadcom PCI Device 0x4715 has allocated with driver et
[ 1986.010000] Broadcom PCI Device 0x4715 has allocated with driver et
[ 1986.010000] Broadcom PCI Device 0x471a has allocated with driver ohci_hcd
[ 1986.010000] Broadcom PCI Device 0x471a has allocated with driver ehci_hcd
[ 1986.010000] Broadcom PCI Device 0x472a has allocated with driver xhci_hcd
[ 1986.010000] dhdpcie_bus_register: dhdpcie initialize failed.
[ 1986.010000] dhd_module_init: Failed to load the driver, try cnt 1
[ 1986.010000] no wifi platform data, skip
[ 1986.010000] PCI_PROBE: bus 1, slot 0,vendor 14E4, device 4365(good PCI location)
[ 1986.010000] dhdpcie_init: can't find adapter info for this chip
[ 1986.110000] DHD: dongle ram size is set to 1343488(orig 1343488) at 0x200000
[ 1986.120000] dhd_attach(): thread:dhd_watchdog_thread:309 started
[ 1986.120000] dhd_deferred_work_init: work queue initialized
[ 1986.120000] dhd_bus_download_firmware: firmware path=, nvram path=
[ 1986.120000] dhdpcie_ramsize_adj: Enter
[ 1986.120000] select_fd_image: Dongle image not available for chipid = 0x5366 chiprev = 4 chippkg = 4
[ 1986.120000] select_fd_image: Dongle image not available for chipid = 0x5366 chiprev = 4 chippkg = 4
[ 1986.120000] _dhdpcie_download_firmware: dongle image array download failed
[ 1986.120000] dhd_bus_start: failed to download firmware
I still believe this is related to chip setup/failure due to wrong driver and pci id's not properly accounted for.
Anyhow I am attaching a couple pieces of info that might serve Kong or BrainSlayer or others about stock driver revisions, etc.
R8300_R8500_dhd_firmware_versions_details.txt
Description:
And this is a detail list of every chip firmware inside every dhd.ko driver in every stock R8300 and R8500 firmware.
Wl chipsets had no eeprom. but behind cpu there is another ic. it may have code that cpu can control wl chipset. as long as you can not read and write then very much useless. there are over 26 i/o lines most connect to cpu. need to read and find out what kind exactly.
after some research then it pop up:https://www.smallnetbuilder.com/wireless/wireless-reviews/32998-linksys-ea9500-max-stream-ac5400-mu-mimo-gigabit-router-reviewed
with ic is PLX Technology PEX8603 3-lane, 3-port PCIe switch come from intel. So router has limited communication between cpu and wl chipset. (no directly data from cpu to wl chipset due cpu design for only 2 pci-e. it needs a switch.
from intel doc:
After a FLEX 8000 device has entered the user mode, you can choose to
replace the configuration data pattern inside the device at any time. In this
process, called in-circuit reconfiguration, new configuration data is selected
using one of three methods, depending on the configuration scheme:
❏ In a passive configuration scheme, a different file can be downloaded
from a mass-storage system.
❏ In the AS configuration scheme, multiple sets of configuration data
can be stored in one or more serial Configuration EPROMs. Each set of
data is used in succession.
❏ In the APU and APD configuration schemes, new configuration data
is selected by externally multiplexing a different EPROM source onto
the data path or by providing offset address generation circuitry to
select a different page within the same EPROM.
there are 4 testpoint T11,21,13,14 that you can prob to log and check.
I have 2 units Netgear R8500 conditions all work with factory default firmware. One unit upgrade the firmware online by netgenie menu. After the upgrade was complete the router always restarts. Currently only can use the R8500-V1.0.0.28_1.0.15.chk firmware with missing 5Ghz-2 Band.
out of curiosity I backup the second R8500 firmware (mtd2 and mtd3) then do online update. After the upgrade is complete the Router R8500 always restarts. I try to restore mtd2 and mtd3 but it doesn't help. I returned to the R8500-V1.0.0.28_1.0.15.chk firmware with missing 5Ghz-2 Band.
Malachi wrote:
No change for me. Still only have the upper band 5ghz working on this koolshare fw as I do on dd-wrt.
The 2.4ghz sometimes shows up some times doesn’t, on either firmware.
Won’t boot at all on Netgear firmware.
This is on an r8300. I threw away the other r8500’s I had two weeks ago.