UN55H6350 Kernel BUG

Here is information about customize your H series firmware.
Post Reply

tornstrom
SamyGO Project Donor
Posts: 5
Joined: Sun Jan 21, 2018 5:29 pm

UN55H6350 Kernel BUG

Post by tornstrom »

Hi,
This is basically my first post in this forum, so excuse me if I'm posting in the wrong place.
I got hold of an UN55H6350 (firmware v2200.9) with an issue where it would freeze, then restart, whenever it was connected to WiFi or Ethernet. To me it sounded like a software issue, and thought it would be fun to investigate/solve. So yesterday, I made an ExLink cable and hooked up to my macbook and got a whole lot of debug output. When I reproduce the freeze/restart issue (by connecting an ethernet cable) I get this stacktrace:

Code: Select all

kernel BUG at fs/vdfs/inode.c:550!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in: 
<bunch of modules, cut out>
CPU: 2    Tainted: P           O  (3.8.13 #2)
pc : [<c01186a8>]    lr : [<c011864c>]    psr: 60000153
sp : e58c3df8  ip : 00000000  fp : e58c3e2c
r10: e8161000  r9 : 0000c300  r8 : 00000000
r7 : c0611500  r6 : 00000001  r5 : cc4a800c  r4 : 0000437f
r3 : 00000080  r2 : 00000000  r1 : cc4a887c  r0 : 00000000
Flags: nZCv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment user
Control: 18c53c7d  Table: 242ec04a  DAC: 00000015
Process rm (pid: 1645, stack limit = 0xe58c2238)
Stack: (0xe58c3df8 to 0xe58c4000)
3de0:                                                       00001054 c744f600
3e00: 00000001 e58c3e53 00001054 c744f600 00000001 00000000 e09bfaa0 ffffff9c
3e20: e58c3e94 e58c3e30 c0125ca8 c0118588 00000001 00000005 c004846c 0000c300
3e40: 00000000 0000c300 00000000 e8161000 349bfaa0 30323939 e58c3e00 e58c3e68
3e60: c0129d30 c00b4688 00000000 00000000 00000000 c744f600 e8161000 c744f8a8
3e80: e09bfaa0 ffffff9c e58c3ec4 e58c3e98 c011c498 c0125a3c c744f600 c03708cc
3ea0: e58c3ec4 c744f600 c744f698 c03708cc c03708cc 00edf0a8 e58c3ee4 e58c3ec8
3ec0: c00d0dc0 c011c340 00000000 c744f600 c744f648 e8165400 e58c3f04 e58c3ee8
3ee0: c00d14bc c00d0d30 c74ad000 e58c3f10 00000000 00000000 e58c3f94 e58c3f08
3f00: c00c5c5c c00d13ec 0000c300 c744f600 e8145890 e046c7f8 cb4bcef0 00000010
3f20: c74ad02d c004058c 00000000 e8405990 c744f300 00000000 00000002 00000000
3f40: 00000000 00000000 cf227000 cac981a4 00000001 000003f2 000003f2 00000000
3f60: 000013c8 00000000 00000015 00edf0a8 0000000c 00000008 0000000a c0013244
3f80: e58c2000 00000000 e58c3fa4 e58c3f98 c00c7ab8 c00c5b1c 00000000 e58c3fa8
3fa0: c00130c0 c00c7aac 00edf0a8 0000000c 00edf0a8 be392db0 be392db0 00008000
3fc0: 00edf0a8 0000000c 00000008 0000000a 00edf0a8 0005d054 0005cfb4 00000000
3fe0: 00000001 be392dac 000f347c 0000c1ec 60000150 00edf0a8 e1a05000 e5902008
Backtrace:
Function entered at [<c011857c>] from [<c0125ca8>]
Function entered at [<c0125a30>] from [<c011c498>]
Function entered at [<c011c334>] from [<c00d0dc0>]
 r8:00edf0a8 r7:c03708cc r6:c03708cc r5:c744f698 r4:c744f600
Function entered at [<c00d0d24>] from [<c00d14bc>]
 r6:e8165400 r5:c744f648 r4:c744f600 r3:00000000
Function entered at [<c00d13e0>] from [<c00c5c5c>]
 r7:00000000 r6:00000000 r5:e58c3f10 r4:c74ad000
Function entered at [<c00c5b10>] from [<c00c7ab8>]
Function entered at [<c00c7aa0>] from [<c00130c0>]
Code: e59f3038 e5933000 e3130002 1a000003 (e7f001f2)
[SELP] while loop ... please attach T32...
Everytime it happens, it's the same process "rm" that's the cause.. which is kind of strange actually. I'm thinking that to fix this, I'd have to either downgrade the firmware, or make some kind of a manual patch to avoid this crashing scenario. Either way, I'd need shell access.
So I guess my question boils down to this:
1. Does anyone know the correct "code" or "command" to send via serial to open up the shell, or any other means to get shell access on this model?
2. Is this rm crash issue a known issue with a known solution/workaround?

Thanks guys
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: UN55H6350 Kernel BUG

Post by juusso »

Hi, actualy no commands for shell access via exlink cable. Exlink is limited to hex imput only and shell is restricted on kernel level...

But.. you could get try get root using info on our forum.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
zoelechat
SamyGO Moderator
Posts: 8615
Joined: Fri Apr 12, 2013 7:32 pm
Location: France

Re: UN55H6350 Kernel BUG

Post by zoelechat »

I don't think rootable fw currently, unfortunately...
I do NOT receive any PM. Please use forum.
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: UN55H6350 Kernel BUG

Post by juusso »

Yah i though he is a bit to late with this model. But he can try and find his own way indeed.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
tornstrom
SamyGO Project Donor
Posts: 5
Joined: Sun Jan 21, 2018 5:29 pm

Re: UN55H6350 Kernel BUG

Post by tornstrom »

Ah, that's a shame. But it does make it a little more challenging. I'm confident I can patch the SW if I can only access it.
And there are no known 0000.0 firmwares floating around for this model, correct? (I haven't been able to find one at least)
Thanks for the quick reply guys!
tornstrom
SamyGO Project Donor
Posts: 5
Joined: Sun Jan 21, 2018 5:29 pm

Re: UN55H6350 Kernel BUG

Post by tornstrom »

Little update: I've had some limited success so far. I got the TOP Debug Menu, (20149144 & 2008999) working, but like expected, anything but hex chars are filtered. I tried to bruteforce find a code that would allow all chars, but no luck with that so far.
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: UN55H6350 Kernel BUG

Post by juusso »

Yes, as i said, this is known limitation. We had some success by patching kernel (read here http://wiki.samygo.tv/index.php?title=R ... filtration ), but root access is required.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
tornstrom
SamyGO Project Donor
Posts: 5
Joined: Sun Jan 21, 2018 5:29 pm

Re: UN55H6350 Kernel BUG

Post by tornstrom »

I'm actually going to try to read the eMMC straight from the mainboard by hooking the pins up to an SD card reader. Then, if that works, try to patch it and write it back. No idea if that will work or not, but I'm excited to try it out.
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: UN55H6350 Kernel BUG

Post by juusso »

It might work. If you know required points on mainboard to connect your jtag emmc. i remmember denny and bugficks were working on subject on some older series boards, got some success and i believe they could share some knowledge to don`t start from zero.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE

Post Reply

Return to “[H] Firmware”