mipsel(mt7620a) router stop at STAGE 2 or STAGE3

[bambizlu]

I have three mipsel routers and two mips routers. SOC of mipsel routers is mt7620a,model is 5K-W20. SOC of mips routers is BCM6358,model is RG100A-AA. I use script mod by EmuMaster at bilibili.com. RG100A-AA very easy to done pppwn. But 5K-W20 always stop at STAGE 2 or STAGE3. I spent a lot of time testing and retesting,never done. Command at here:
root@OpenWrt:~# ps www | grep pppwn
4419 root 9592 S /usr/bin/pppwn --interface br-lan --fw 1100 --stage1 /etc/pppwn/stage1_1100.bin --stage2 /etc/pppwn/stage2_1100.bin --auto-retry --web
4460 root 1248 S grep pppwn

LOG at here:
[+] STAGE 2: KASLR defeat

[*] Defeating KASLR... ...possible stop here...

[+] STAGE 3: Remote code execution
[] Sending LCP terminate request...
[] Waiting for PADI...
[+] pppoe_softc: 0xffffbf3607c40200
[+] Target MAC: bc:60:a7:85:c4:60
[+] Source MAC: 97:9f:12:cb:ff:ff
[+] AC cookie length: 514
[] Sending PADO...
[] Waiting for PADR...
[] Sending PADS...
[] Triggering code execution...
[] Waiting for stage1 to resume...
[] Sending PADT...
[] Waiting for PADI...
[+] pppoe_softc: 0xffffbf3607c40200
[+] Target MAC: bc:60:a7:85:c4:60
[+] AC cookie length: 0
[] Sending PADO...
[] Waiting for PADR...
[] Sending PADS...
[] Sending LCP configure request...
[] Waiting for LCP configure ACK...
[] Waiting for LCP configure request...
[] Sending LCP configure ACK...
[] Sending IPCP configure request...
[] Waiting for IPCP configure ACK... ...always stop here...

I can not fix this problem. I hope master xfangfang find this problem, improve program or script,save my routers.Thanks a lot.

[xfangfang]

@bambizlu I think this is a duplicate issue.

The solution lies in: #57 (comment)