Skip to content
This repository has been archived by the owner on Apr 14, 2023. It is now read-only.

unencrypted data volume is not allowed - iOS 15.3.1 restore #31

Closed
asdfugil opened this issue Mar 9, 2022 · 24 comments
Closed

unencrypted data volume is not allowed - iOS 15.3.1 restore #31

asdfugil opened this issue Mar 9, 2022 · 24 comments

Comments

@asdfugil
Copy link

asdfugil commented Mar 9, 2022

iOS 15.3.1 cannot be restored - unencrypted data volume is not allowed panic
Kernel is a research kernel
xnu cmdline: -restore kextlog=0xffff debug=0x14e -v rd=md0 launchd_missing_exec_no_panic=1 serial=3 wdt=-1 keepsyms=1 launchd_unsecure_cache=1
IPSW download
root_ticket.der generated with BuildManifest in ipsw and the ticket.shsh2 in qemu-t8030-tools
Host is Debian bullseye Linux 5.15.0-0.bpo.3-amd64 #1 SMP Debian 5.15.15-2~bpo11+1 (2022-02-03) x86_64
qemu-t8030 commit: 42fedc7
boot command:

${HOME}/qemu-t8030/build/qemu-system-aarch64 -s -M t8030,trustcache-filename=018-92126-069.dmg.trustcache.out,ticket-filename=${HOME}/vm_images/t8030/root_ticket.der \
-kernel kernelcache.research.iphone12b \
-dtb DeviceTree.n104ap.im4p \
-append "-restore kextlog=0xffff debug=0x14e -v rd=md0 launchd_missing_exec_no_panic=1 serial=3 wdt=-1 keepsyms=1 launchd_unsecure_cache=1" \
-initrd '018-92126-069.dmg.out'   \
-cpu max -smp 4 \
-m 2G -serial mon:stdio \
-drive file=nvme.1,format=raw,if=none,id=drive.1 \
-device nvme-ns,drive=drive.1,bus=nvme-bus.0,nsid=1,nstype=1,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvram,if=none,format=raw,id=nvram \
-device apple-nvram,drive=nvram,bus=nvme-bus.0,nsid=5,nstype=5,id=nvram,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.2,format=raw,if=none,id=drive.2 \
-device nvme-ns,drive=drive.2,bus=nvme-bus.0,nsid=2,nstype=2,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.3,format=raw,if=none,id=drive.3 \
-device nvme-ns,drive=drive.3,bus=nvme-bus.0,nsid=3,nstype=3,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.4,format=raw,if=none,id=drive.4 \
-device nvme-ns,drive=drive.4,bus=nvme-bus.0,nsid=4,nstype=4,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.6,format=raw,if=none,id=drive.6 \
-device nvme-ns,drive=drive.6,bus=nvme-bus.0,nsid=6,nstype=6,logical_block_size=4096,physical_block_size=4096 \
-drive file=nvme.7,format=raw,if=none,id=drive.7 \
-device nvme-ns,drive=drive.7,bus=nvme-bus.0,nsid=7,nstype=8,logical_block_size=4096,physical_block_size=4096 \
-monitor telnet:127.0.0.1:1235,server,nowait

Serial port output right before panic

entering mount_partition                          
executing /sbin/mount_apfs -R /dev/disk0s1s2 /mnt2                                                  
apfs_mount:26376: disk0s1s2 mount for ramdisk                                                       
set_cloneinfo_id_epoch:25743: disk0s1s2 set cloneinfo_id_epoch to 16                                
apfs_log_mount_unmount:1828: disk0s1s2 mounting volume Data, requested by: mount_apfs (pid 37); parent: restored_externa (pid 6)                                                                         
handle_mount:654: disk0s1s2 vol-uuid: 61706673-7575-6964-0040-766F6C756D01 block size: 4096 block count: 8388597 (unencrypted; flags: 0x1; features: 8.0.2)
handle_mount:667: disk0s1s2 setting dev block size to 4096 from 512                                 
nx_volume_group_update:7715: disk0s1s2 Volume Data is not in a volume group                         
IOPlatformPanicAction -> AppleANS2NVMeController                                                    
IOPlatformPanicAction -> AppleT8030PMGR                                                             
IOPlatformPanicAction -> AppleARMWatchdogTimer                                                      
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device                                                 
IOPlatformPanicAction -> RTBuddyV2                
IOPlatformPanicAction -> RTBuddyV2                
IOPlatformPanicAction -> RTBuddyV2                
panic(cpu 2 caller 0xfffffff0093c31c8): "unencrypted data volume is not allowed" @apfs_vfsops.c:2357                                                                                                     
Debugger message: panic                           
Memory ID: 0x0                                    
OS release type: Restore                          
OS version: 19D52                                 
Kernel version: Darwin Kernel Version 21.3.0: Wed Jan  5 21:44:45 PST 2022; root:xnu-8019.80.24~23/RELEASE_ARM64_T8030                                                                                   
Kernel UUID: 5703F07F-AEE8-3207-8205-203C7B11B3C2                                                   
iBoot version: qemu-t8030                         
secure boot?: YES                                 
Paniclog version: 13                              
Kernel text base:  0xfffffff007004000             
mach_absolute_time: 0x8fcb69550                   
Epoch Time:        sec       usec                 
  Boot    : 0x6228c86d 0x000d892c                 
  Sleep   : 0x00000000 0x00000000                 
  Wake    : 0x00000000 0x00000000                 
  Calendar: 0x6228ceb3 0x0000edac
  
  Zone info:                                        
Foreign   : 0xfffffff0b83dc000 - 0xfffffff0b83ec000                                                 
Native    : 0xffffffe000588000 - 0xffffffe600588000                                                 
Readonly  : 0xffffffe0e6bec000 - 0xffffffe1338b0000                                                 
Metadata  : 0xffffffeb018cc000 - 0xffffffeb05bac000                                                 
Bitmaps   : 0xffffffeb030cc000 - 0xffffffeb03b28000                                                 
CORE 0: PC=0xfffffff007d4dadc, LR=0xfffffff007c77134, FP=0xffffffeb057bbd60                         
CORE 1: PC=0xfffffff007d4e650, LR=0xfffffff007d4e64c, FP=0xffffffeb0578be80                         
CORE 2 is the one that panicked. Check the full backtrace for details.                              
CORE 3: PC=0xfffffff007d4e650, LR=0xfffffff007d4e64c, FP=0xffffffeb10693e80                         
Panicked task 0xffffffe3006cece8: 658 pages, 1 threads: pid 37: mount_apfs                          
Panicked thread: 0xffffffe3e6cbb020, backtrace: 0xffffffeb0583a990, tid: 551                                                                                                                             
                  lr: 0xfffffff007c08c18  fp: 0xffffffeb0583a9d0                                    
                  lr: 0xfffffff007c08938  fp: 0xffffffeb0583aa40                                    
                  lr: 0xfffffff007d5a2cc  fp: 0xffffffeb0583aa60                                    
                  lr: 0xfffffff007d4bae0  fp: 0xffffffeb0583aae0                                    
                  lr: 0xfffffff007d4a894  fp: 0xffffffeb0583aba0                                    
                  lr: 0xfffffff00835a610  fp: 0xffffffeb0583abb0                                    
                  lr: 0xfffffff007c08604  fp: 0xffffffeb0583af40                                    
                  lr: 0xfffffff007c08604  fp: 0xffffffeb0583afa0                                    
                  lr: 0xfffffff009cf01a8  fp: 0xffffffeb0583afc0                                    
                  lr: 0xfffffff0093c31c8  fp: 0xffffffeb0583b890                                    
                  lr: 0xfffffff007de7ee0  fp: 0xffffffeb0583bb40                                    
                  lr: 0xfffffff007de9974  fp: 0xffffffeb0583bd70                                    
                  lr: 0xfffffff007de96bc  fp: 0xffffffeb0583bdb0                                    
                  lr: 0xfffffff0081a8a98  fp: 0xffffffeb0583be50                                    
                  lr: 0xfffffff007d4a960  fp: 0xffffffeb0583bf10                                    
                  lr: 0xfffffff00835a610  fp: 0xffffffeb0583bf20                                    


** Stackshot Succeeded ** Bytes Traced 18741 (Uncompressed 50480) **                                
IOPlatformPanicAction -> AppleANS2NVMeController                                                    
IOPlatformPanicAction -> AppleT8030PMGR                                                             
IOPlatformPanicAction -> AppleARMWatchdogTimer                                                      
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device                                                 
IOPlatformPanicAction -> RTBuddyV2                
IOPlatformPanicAction -> RTBuddyV2                
IOPlatformPanicAction -> RTBuddyV2                
IOPlatformPanicAction -> AppleANS2NVMeController                                                    
IOPlatformPanicAction -> AppleT8030PMGR                                                             
IOPlatformPanicAction -> AppleARMWatchdogTimer                                                      
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device                                                 
IOPlatformPanicAction -> RTBuddyV2                
IOPlatformPanicAction -> RTBuddyV2                
IOPlatformPanicAction -> RTBuddyV2                

Please go to https://panic.apple.com to report this panic

idevicerestore log

┌──(nick㉿kali)-[~]
└─$ idevicerestore -P -d --erase --restore-mode -i 0x1122334455667788 *.ipsw -T root_ticket.der
Using ApTicket found at root_ticket.der length 8931
progress: 0 0.000000
idevice_event_cb: device 1122334455667788 (udid: 00008030-1122334455667788) connected in restore mode
progress: 0 0.100000
Found device in Restore mode
INFO: device serial number is C39ZRMDEN72J
restore_get_irecv_device: Found model N104DEV
progress: 0 0.200000
Identified device as n104ap, iPhone12,1
progress: 0 0.600000
Extracting BuildManifest from IPSW
progress: 0 0.800000
Product Version: 15.3.1
Product Build: 19D52 Major: 19
Device supports Image4: true
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
################################ [ WARNING ] #################################
# You are about to perform an *ERASE* restore. ALL DATA on the target device #
# will be IRREVERSIBLY DESTROYED. If you want to update your device without  #
# erasing the user data, hit CTRL+C now and restart without -e or --erase    #
# command line switch.                                                       #
# If you want to continue with the ERASE, please type YES and press ENTER.   #
##############################################################################
> YES  
progress: 1 0.000000
Checking IPSW for required components...
All required components found in IPSW
Using cached filesystem from 'iPhone11,8,iPhone12,1_15.3.1_19D52_Restore/018-91937-063.dmg'
progress: 1 0.200000
progress: 1 0.250000
progress: 1 0.300000
progress: 1 0.500000
progress: 1 0.700000
progress: 1 0.900000
About to restore device... 
restore_is_current_device: Connected to com.apple.mobile.restored, version 15
Connecting now...
Connected to com.apple.mobile.restored, version 15
Device 00008030-1122334455667788 has successfully entered restore mode
Hardware Information:
BoardID: 4
ChipID: 32816
UniqueChipID: 1234605616436508552
ProductionMode: false
Starting FDR listener thread
Connecting to FDR client at port 1082
About to do ctrl handshake
FDR sending 89 bytes:
common.c:printing 287 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>BeginCtrl</string>
        <key>CtrlProtoVersion</key>
        <integer>2</integer>
</dict>
</plist>
FDR Sent 89 bytes
FDR Received 105 bytes
common.c:printing 334 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>BeginCtrl</string>
        <key>CtrlProtoVersion</key>
        <integer>2</integer>
        <key>ConnPort</key>
        <integer>49161</integer>
</dict>
</plist>
Ctrl handshake done (ConnPort = 49161)
FDR 0x56033bcb5bc0 waiting for message...
progress: 1 1.000000
About to send RootTicket...
Sending RootTicket now...
Done sending RootTicket
Waiting for NAND (28)
Updating NAND Firmware (58)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
About to send FDR Trust data...
Sending FDR Trust data now...
Done sending FDR Trust Data
Checking for uncollected logs (44)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Creating partition map (11)
Creating filesystem (12)
About to send filesystem...
Connecting to ASR
Retrying connection...
Received 272 bytes:
common.c:printing 272 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Checksum Chunks</key>
        <true/>
        <key>Command</key>
        <string>Initiate</string>
</dict>
</plist>
Connected to ASR
Validating the filesystem
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
Received 336 bytes:
common.c:printing 336 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>1276</integer>
        <key>OOB Offset</key>
        <integer>6562671111</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>72</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>64</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 338 bytes:
common.c:printing 338 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>399069</integer>
        <key>OOB Offset</key>
        <integer>6562272806</integer>
</dict>
</plist>
Received 336 bytes:
common.c:printing 336 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>1276</integer>
        <key>OOB Offset</key>
        <integer>6562671111</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>72</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>64</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 338 bytes:
common.c:printing 338 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>399069</integer>
        <key>OOB Offset</key>
        <integer>6562272806</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>55</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 328 bytes:
common.c:printing 328 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>210</integer>
        <key>OOB Offset</key>
        <integer>163</integer>
</dict>
</plist>
Received 327 bytes:
common.c:printing 327 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>108</integer>
        <key>OOB Offset</key>
        <integer>55</integer>
</dict>
</plist>
Received 327 bytes:
common.c:printing 327 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>108</integer>
        <key>OOB Offset</key>
        <integer>55</integer>
</dict>
</plist>
Received 330 bytes:
common.c:printing 330 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>18797</integer>
        <key>OOB Offset</key>
        <integer>373</integer>
</dict>
</plist>
Received 327 bytes:
common.c:printing 327 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>108</integer>
        <key>OOB Offset</key>
        <integer>55</integer>
</dict>
</plist>
Received 328 bytes:
common.c:printing 328 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>210</integer>
        <key>OOB Offset</key>
        <integer>163</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>55</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 332 bytes:
common.c:printing 332 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>7500</integer>
        <key>OOB Offset</key>
        <integer>168112</integer>
</dict>
</plist>
Received 331 bytes:
common.c:printing 331 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>204</integer>
        <key>OOB Offset</key>
        <integer>175612</integer>
</dict>
</plist>
Received 332 bytes:
common.c:printing 332 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>7500</integer>
        <key>OOB Offset</key>
        <integer>168112</integer>
</dict>
</plist>
Received 332 bytes:
common.c:printing 332 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>7085</integer>
        <key>OOB Offset</key>
        <integer>138866</integer>
</dict>
</plist>
Received 334 bytes:
common.c:printing 334 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>192423</integer>
        <key>OOB Offset</key>
        <integer>175816</integer>
</dict>
</plist>
Received 336 bytes:
common.c:printing 336 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>213761</integer>
        <key>OOB Offset</key>
        <integer>21904205</integer>
</dict>
</plist>
Received 332 bytes:
common.c:printing 332 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>7500</integer>
        <key>OOB Offset</key>
        <integer>168112</integer>
</dict>
</plist>
Received 332 bytes:
common.c:printing 332 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>3186</integer>
        <key>OOB Offset</key>
        <integer>164926</integer>
</dict>
</plist>
Received 332 bytes:
common.c:printing 332 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>7500</integer>
        <key>OOB Offset</key>
        <integer>168112</integer>
</dict>
</plist>
Received 336 bytes:
common.c:printing 336 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>1276</integer>
        <key>OOB Offset</key>
        <integer>6562671111</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>72</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 335 bytes:
common.c:printing 335 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>512</integer>
        <key>OOB Offset</key>
        <integer>6562671875</integer>
</dict>
</plist>
Received 325 bytes:
common.c:printing 325 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>64</integer>
        <key>OOB Offset</key>
        <integer>0</integer>
</dict>
</plist>
Received 338 bytes:
common.c:printing 338 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>399069</integer>
        <key>OOB Offset</key>
        <integer>6562272806</integer>
</dict>
</plist>
Received 338 bytes:
common.c:printing 338 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>OOBData</string>
        <key>OOB Length</key>
        <integer>399069</integer>
        <key>OOB Offset</key>
        <integer>6562272806</integer>
</dict>
</plist>
Received 234 bytes:
common.c:printing 234 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Command</key>
        <string>Payload</string>
</dict>
</plist>
Filesystem validated
Sending filesystem now...
progress: 2 0.010006
progress: 2 0.020012
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.030018
progress: 2 0.040005
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.050011
progress: 2 0.060017
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.070003
progress: 2 0.080009
progress: 2 0.090015
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.100002
progress: 2 0.110008
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.120014
progress: 2 0.130000
progress: 2 0.140006
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.150012
progress: 2 0.160018
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.170005
progress: 2 0.180011
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.190017
progress: 2 0.200003
progress: 2 0.210009
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.220015
progress: 2 0.230002
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.240008
progress: 2 0.250014
progress: 2 0.260000
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.270006
progress: 2 0.280012
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.290019
progress: 2 0.300005
progress: 2 0.310011
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.320017
progress: 2 0.330003
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.340009
progress: 2 0.350015
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.360002
progress: 2 0.370008
progress: 2 0.380014
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.390000
progress: 2 0.400006
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.410012
progress: 2 0.420019
progress: 2 0.430005
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.440011
progress: 2 0.450017
progress: 2 0.460003
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.470009
progress: 2 0.480015
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.490002
progress: 2 0.500008
progress: 2 0.510014
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.520000
progress: 2 0.530006
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.540012
progress: 2 0.550019
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.560005
progress: 2 0.570011
progress: 2 0.580017
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.590003
progress: 2 0.600009
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.610016
progress: 2 0.620002
progress: 2 0.630008
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.640014
progress: 2 0.650000
progress: 2 0.660006
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.670012
progress: 2 0.680019
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.690005
progress: 2 0.700011
progress: 2 0.710017
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.720003
progress: 2 0.730009
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.740016
progress: 2 0.750002
progress: 2 0.760008
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.770014
progress: 2 0.780000
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.790006
progress: 2 0.800013
progress: 2 0.810019
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.820005
progress: 2 0.830011
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.840017
progress: 2 0.850003
progress: 2 0.860009
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.870016
progress: 2 0.880002
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.890008
progress: 2 0.900014
progress: 2 0.910000
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.920006
progress: 2 0.930013
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.940019
progress: 2 0.950005
progress: 2 0.960011
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.970017
progress: 2 0.980003
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 2 0.990009
progress: 2 1.000000
Done sending filesystem
Verifying restore (14)
progress: 3 0.020000
progress: 3 0.040000
progress: 3 0.060000
progress: 3 0.080000
progress: 3 0.100000
progress: 3 0.120000
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 3 0.140000
progress: 3 0.160000
progress: 3 0.180000
progress: 3 0.200000
progress: 3 0.220000
progress: 3 0.240000
progress: 3 0.260000
progress: 3 0.280000
progress: 3 0.300000
progress: 3 0.320000
progress: 3 0.340000
progress: 3 0.360000
progress: 3 0.380000
progress: 3 0.400000
progress: 3 0.420000
progress: 3 0.440000
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 3 0.460000
progress: 3 0.480000
progress: 3 0.500000
progress: 3 0.520000
progress: 3 0.540000
progress: 3 0.560000
progress: 3 0.580000
progress: 3 0.600000
progress: 3 0.620000
progress: 3 0.640000
progress: 3 0.660000
progress: 3 0.680000
progress: 3 0.700000
progress: 3 0.720000
progress: 3 0.740000
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 3 0.760000
progress: 3 0.780000
progress: 3 0.800000
progress: 3 0.820000
progress: 3 0.840000
progress: 3 0.860000
progress: 3 0.880000
progress: 3 0.900000
progress: 3 0.920000
progress: 3 0.940000
progress: 3 0.960000
progress: 3 0.980000
progress: 3 1.000000
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Unmounting filesystems (29)
Checking filesystems (15)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
No data to read (timeout)
Checking filesystems (15)
Checking filesystems (15)
Mounting filesystems (16)
Mounting filesystems (16)
Mounting filesystems (16)
Unknown operation (80)
Unhandled progress operation 80 (80)
Sending IsiBootEANFirmware image list
Unhandled progress operation 80 (80)
Sending IsiBootNonEssentialFirmware image list
About to send NORData...
Found firmware path Firmware/all_flash
Getting firmware manifest from build identity
Extracting LLB.n104.RELEASE.im4p (Firmware/all_flash/LLB.n104.RELEASE.im4p)...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
Not personalizing component LLB...
Extracting applelogo@1792~iphone.im4p (Firmware/all_flash/applelogo@1792~iphone.im4p)...
Not personalizing component AppleLogo...
Extracting batterycharging0@1792~iphone.im4p (Firmware/all_flash/batterycharging0@1792~iphone.im4p)...
Not personalizing component BatteryCharging0...
Extracting batterycharging1@1792~iphone.im4p (Firmware/all_flash/batterycharging1@1792~iphone.im4p)...
Not personalizing component BatteryCharging1...
Extracting batteryfull@2x~iphone.im4p (Firmware/all_flash/batteryfull@2x~iphone.im4p)...
Not personalizing component BatteryFull...
Extracting batterylow0@2x~iphone.im4p (Firmware/all_flash/batterylow0@2x~iphone.im4p)...
Not personalizing component BatteryLow0...
Extracting batterylow1@2x~iphone.im4p (Firmware/all_flash/batterylow1@2x~iphone.im4p)...
Not personalizing component BatteryLow1...
Extracting glyphplugin@1792~iphone-lightning.im4p (Firmware/all_flash/glyphplugin@1792~iphone-lightning.im4p)...
Not personalizing component BatteryPlugin...
Extracting DeviceTree.n104ap.im4p (Firmware/all_flash/DeviceTree.n104ap.im4p)...
Not personalizing component DeviceTree...
Extracting lowpowermode@1792~iphone-lightning.im4p (Firmware/all_flash/lowpowermode@1792~iphone-lightning.im4p)...
Not personalizing component LowPowerWallet0...
Extracting lowpowerfindmymode@1792~iphone-lightning.im4p (Firmware/all_flash/lowpowerfindmymode@1792~iphone-lightning.im4p)...
Not personalizing component LowPowerWallet1...
Extracting recoverymode@1792~iphone-lightning.im4p (Firmware/all_flash/recoverymode@1792~iphone-lightning.im4p)...
Not personalizing component RecoveryMode...
Extracting WirelessPower.iphone12b.im4p (Firmware/WirelessPower/WirelessPower.iphone12b.im4p)...
Not personalizing component WCHFirmwareUpdater...
Extracting iBoot.n104.RELEASE.im4p (Firmware/all_flash/iBoot.n104.RELEASE.im4p)...
Not personalizing component iBoot...
Extracting sep-firmware.n104.RELEASE.im4p (Firmware/all_flash/sep-firmware.n104.RELEASE.im4p)...
Not personalizing component RestoreSEP...
Extracting sep-firmware.n104.RELEASE.im4p (Firmware/all_flash/sep-firmware.n104.RELEASE.im4p)...
Not personalizing component SEP...
common.c:supressed printing 27932382 bytes plist...
Sending NORData now...
Done sending NORData
Flashing firmware (18)
progress: 4 1.000000
Unknown operation (80)
Unhandled progress operation 80 (80)
Sending IsEarlyAccessFirmware image list
Unhandled progress operation 80 (80)
Sending IsiBootEANFirmware image list
Unhandled progress operation 80 (80)
Sending IsiBootNonEssentialFirmware image list
Requesting FUD data (36)
progress: 6 0.010000
Found IsFUDFirmware component ANE
Found IsFUDFirmware component AOP
Found IsFUDFirmware component AVE
Found IsFUDFirmware component Ap,HapticAssets
Found IsFUDFirmware component Ap,SystemVolumeCanonicalMetadata
Found IsFUDFirmware component AudioCodecFirmware
Found IsFUDFirmware component GFX
Found IsFUDFirmware component ISP
Found IsFUDFirmware component LeapHaptics
Found IsFUDFirmware component Multitouch
Found IsFUDFirmware component PMP
Found IsFUDFirmware component RestoreTrustCache
Found IsFUDFirmware component SIO
Found IsFUDFirmware component StaticTrustCache
Found IsFUDFirmware component SystemVolume
Sending IsFUDFirmware image list
Extracting h12_ane_fw_metis.im4p (Firmware/ane/h12_ane_fw_metis.im4p)...
Not personalizing component ANE...
Sending IsFUDFirmware for ANE...
progress: 6 0.060000
Extracting aopfw-iphone12baop.im4p (Firmware/AOP/aopfw-iphone12baop.im4p)...
Not personalizing component AOP...
Sending IsFUDFirmware for AOP...
progress: 6 0.130000
Extracting AppleAVE2FW_H12.im4p (Firmware/ave/AppleAVE2FW_H12.im4p)...
Not personalizing component AVE...
Sending IsFUDFirmware for AVE...
progress: 6 0.200000
Extracting N104_HapticAssets.im4p (Firmware/N104_HapticAssets.im4p)...
Not personalizing component Ap,HapticAssets...
Sending IsFUDFirmware for Ap,HapticAssets...
progress: 6 0.260000
Extracting 018-91937-063.dmg.mtree (Firmware/018-91937-063.dmg.mtree)...
Not personalizing component Ap,SystemVolumeCanonicalMetadata...
Sending IsFUDFirmware for Ap,SystemVolumeCanonicalMetadata...
progress: 6 0.330000
Extracting N104_AudioCodecFirmware.im4p (Firmware/N104_AudioCodecFirmware.im4p)...
Not personalizing component AudioCodecFirmware...
Sending IsFUDFirmware for AudioCodecFirmware...
progress: 6 0.400000
Extracting armfw_g12p.im4p (Firmware/agx/armfw_g12p.im4p)...
Not personalizing component GFX...
Sending IsFUDFirmware for GFX...
progress: 6 0.460000
Extracting adc-zelus-n104.im4p (Firmware/isp_bni/adc-zelus-n104.im4p)...
Not personalizing component ISP...
Sending IsFUDFirmware for ISP...
progress: 6 0.530000
Extracting N104_LeapHapticsFirmware.im4p (Firmware/N104_LeapHapticsFirmware.im4p)...
Not personalizing component LeapHaptics...
Sending IsFUDFirmware for LeapHaptics...
progress: 6 0.600000
Extracting N104_Multitouch.im4p (Firmware/N104_Multitouch.im4p)...
Not personalizing component Multitouch...
Sending IsFUDFirmware for Multitouch...
FDR 0x56033bcb5bc0 timeout waiting for command
FDR 0x56033bcb5bc0 waiting for message...
progress: 6 0.660000
Extracting t8030pmp.im4p (Firmware/pmp/t8030pmp.im4p)...
Not personalizing component PMP...
Sending IsFUDFirmware for PMP...
progress: 6 0.730000
Extracting 018-92126-069.dmg.trustcache (Firmware/018-92126-069.dmg.trustcache)...
Not personalizing component RestoreTrustCache...
Sending IsFUDFirmware for RestoreTrustCache...
progress: 6 0.800000
Extracting SmartIOFirmware_ASCv2.im4p (Firmware/SmartIOFirmware_ASCv2.im4p)...
Not personalizing component SIO...
Sending IsFUDFirmware for SIO...
progress: 6 0.860000
Extracting 018-91937-063.dmg.trustcache (Firmware/018-91937-063.dmg.trustcache)...
Not personalizing component StaticTrustCache...
Sending IsFUDFirmware for StaticTrustCache...
progress: 6 0.930000
Extracting 018-91937-063.dmg.root_hash (Firmware/018-91937-063.dmg.root_hash)...
Not personalizing component SystemVolume...
Sending IsFUDFirmware for SystemVolume...
progress: 6 1.000000
Updating gas gauge software (47)
Updating gas gauge software (47)
Updating Stockholm (55)
Requesting FUD data (36)
progress: 6 0.010000
Found IsFUDFirmware component ANE
Found IsFUDFirmware component AOP
Found IsFUDFirmware component AVE
Found IsFUDFirmware component Ap,HapticAssets
Found IsFUDFirmware component Ap,SystemVolumeCanonicalMetadata
Found IsFUDFirmware component AudioCodecFirmware
Found IsFUDFirmware component GFX
Found IsFUDFirmware component ISP
Found IsFUDFirmware component LeapHaptics
Found IsFUDFirmware component Multitouch
Found IsFUDFirmware component PMP
Found IsFUDFirmware component RestoreTrustCache
Found IsFUDFirmware component SIO
Found IsFUDFirmware component StaticTrustCache
Found IsFUDFirmware component SystemVolume
Sending IsFUDFirmware image list
progress: 6 0.060000
progress: 6 0.130000
progress: 6 0.200000
progress: 6 0.260000
Extracting 018-91937-063.dmg.mtree (Firmware/018-91937-063.dmg.mtree)...
Not personalizing component Ap,SystemVolumeCanonicalMetadata...
Sending IsFUDFirmware for Ap,SystemVolumeCanonicalMetadata...
progress: 6 0.330000
progress: 6 0.400000
progress: 6 0.460000
progress: 6 0.530000
progress: 6 0.600000
progress: 6 0.660000
progress: 6 0.730000
Extracting 018-92126-069.dmg.trustcache (Firmware/018-92126-069.dmg.trustcache)...
Not personalizing component RestoreTrustCache...
Sending IsFUDFirmware for RestoreTrustCache...
progress: 6 0.800000
progress: 6 0.860000
progress: 6 0.930000
Extracting 018-91937-063.dmg.root_hash (Firmware/018-91937-063.dmg.root_hash)...
Not personalizing component SystemVolume...
Sending IsFUDFirmware for SystemVolume...
progress: 6 1.000000
Updating Veridian (66)
Unknown operation (79)
Unhandled progress operation 79 (79)
Requesting EAN Data (74)
Creating Protected Volume (67)
ERROR: Could not read data (-256). Aborting.
FDR 0x56033bcb5bc0 terminating...
idevice_event_cb: device 1122334455667788 (udid: 00008030-1122334455667788) disconnected
ERROR: Unable to restore device
@TrungNguyen1909
Copy link
Owner

@asdfugil Hi, it is taking rather long for me to download the ipsw. If you don't mind, can you try restoring again with this line removed? Thanks.

@asdfugil
Copy link
Author

asdfugil commented Mar 10, 2022
edited
Loading

It appears to get stuck trying to create the encrypted data volume.

entering commit_sep_os
device has no sep
entering ramrod_kill_sep_nonce
device has no sep
[09:28:07.0802-GMT]{3>6} CHECKPOINT END: (null):[0x066F] commit_sep_os
restore-step-ids = {0x1103067B:62}
restore-step-names = {0x1103067B:perform_restore_installing}
restore-step-uptime = 1705
restore-step-user-progress = 97
[09:28:07.0813-GMT]{3>6} CHECKPOINT BEGIN: (null):[0x0674] create_protected_filesystems
restore-step-ids = {0x1103067B:62;0x11030674:98}
restore-step-names = {0x1103067B:perform_restore_installing;0x11030674:create_protected_filesystems}
restore-step-uptime = 1705
restore-step-user-progress = 97
entering create_protected_filesystems
ramrod_display_set_granular_progress_forced: 97.000000
creating class d key for /mnt2
creating encrypted data partition
unable to open /dev/disk0s1 to get block size: Resource busy
block size for /dev/disk0s1: 0
/System/Library/Filesystems/apfs.fs/newfs_apfs -A -D -o role=d -v Data -P /dev/disk0s1 
executing /System/Library/Filesystems/apfs.fs/newfs_apfs -A -D -o role=d -v Data -P /dev/disk0s1
(30 minutes later)
virtual bool CoreAnalyticsPipe::checkForWork()::174:starting CoreAnalyticsMessenger
(stuck)

idevicerestore printed these lines repeatedly

No data to read (timeout)
FDR 0x55a0e36125d0 timeout waiting for command
FDR 0x55a0e36125d0 waiting for message...
No data to read (timeout)
FDR 0x55a0e36125d0 timeout waiting for command
FDR 0x55a0e36125d0 waiting for message...
FDR 0x55a0e36125d0 timeout waiting for command
FDR 0x55a0e36125d0 waiting for message...
No data to read (timeout)
FDR 0x55a0e36125d0 timeout waiting for command
FDR 0x55a0e36125d0 waiting for message..

I suppose we need a kernel patch to allow unencrypted data partition...

@TrungNguyen1909
Copy link
Owner

Umm, this one is complicated. It is not like we can't make a kernel patch but I also saw messages after restore from apfs that it is rejecting open because of content protect so there might be more issues down the line. I am not really sure if we can do encrypted data partition without SEP...

@TrungNguyen1909
Copy link
Owner

Temporary solution:

set_dtb_prop(child, "product-name", 8, (uint8_t *)"FastSim");

after this line and the mount should got through...

Undo the change mentioned above:

@asdfugil Hi, it is taking rather long for me to download the ipsw. If you don't mind, can you try restoring again with this line removed? Thanks.

@asdfugil
Copy link
Author

asdfugil commented Mar 11, 2022
edited
Loading

@TrungNguyen1909

that didn't do anything (the original panic happened again)

executing /sbin/mount_apfs -R /dev/disk0s1s2 /mnt2
apfs_mount:26376: disk0s1s2 mount for ramdisk
set_cloneinfo_id_epoch:25743: disk0s1s2 set cloneinfo_id_epoch to 16
apfs_log_mount_unmount:1828: disk0s1s2 mounting volume Data, requested by: mount_apfs (pid 37); parent: restored_externa (pid 6)
handle_mount:654: disk0s1s2 vol-uuid: 61706673-7575-6964-0040-766F6C756D01 block size: 4096 block count: 8388597 (unencrypted; flags: 0x1; features: 8.0.2)
handle_mount:667: disk0s1s2 setting dev block size to 4096 from 512
nx_volume_group_update:7715: disk0s1s2 Volume Data is not in a volume group
IOPlatformPanicAction -> AppleANS2NVMeController
IOPlatformPanicAction -> AppleT8030PMGR
IOPlatformPanicAction -> AppleARMWatchdogTimer
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> AppleSMC
panic(cpu 1 caller 0xfffffff0093c31c8): "unencrypted data volume is not allowed" @apfs_vfsops.c:2357
Debugger message: panic
Memory ID: 0x0
OS release type: Restore
OS version: 19D52
Kernel version: Darwin Kernel Version 21.3.0: Wed Jan  5 21:44:45 PST 2022; root:xnu-8019.80.24~23/RELEASE_ARM64_T8030
Kernel UUID: 5703F07F-AEE8-3207-8205-203C7B11B3C2
iBoot version: qemu-t8030
secure boot?: YES
Paniclog version: 13
Kernel text base:  0xfffffff007004000
mach_absolute_time: 0x9081f75c0
Epoch Time:        sec       usec
  Boot    : 0x622aa7d0 0x000980d2
  Sleep   : 0x00000000 0x00000000
  Wake    : 0x00000000 0x00000000
  Calendar: 0x622aae1d 0x0007f812

Zone info:
Foreign   : 0xfffffff09c3dc000 - 0xfffffff09c3ec000
Native    : 0xffffffe000088000 - 0xffffffe600088000
Readonly  : 0xffffffe0e66ec000 - 0xffffffe1333b0000
Metadata  : 0xffffffeb015cc000 - 0xffffffeb05840000
Bitmaps   : 0xffffffeb02dcc000 - 0xffffffeb03828000
CORE 0: PC=0xfffffff007d4e650, LR=0xfffffff007d4e64c, FP=0xffffffeb0581be80
CORE 1 is the one that panicked. Check the full backtrace for details.
CORE 2: PC=0xfffffff007d4e650, LR=0xfffffff007d4e64c, FP=0xffffffebb886be80
CORE 3: PC=0xfffffff007d4e650, LR=0xfffffff007d4e64c, FP=0xffffffeb0544be80
Panicked task 0xffffffe3e686acd8: 658 pages, 1 threads: pid 37: mount_apfs
Panicked thread: 0xffffffe4ccc16940, backtrace: 0xffffffeb101a2990, tid: 572
                  lr: 0xfffffff007c08c18  fp: 0xffffffeb101a29d0
                  lr: 0xfffffff007c08938  fp: 0xffffffeb101a2a40
                  lr: 0xfffffff007d5a2cc  fp: 0xffffffeb101a2a60
                  lr: 0xfffffff007d4bae0  fp: 0xffffffeb101a2ae0
                  lr: 0xfffffff007d4a894  fp: 0xffffffeb101a2ba0
                  lr: 0xfffffff00835a610  fp: 0xffffffeb101a2bb0
                  lr: 0xfffffff007c08604  fp: 0xffffffeb101a2f40
                  lr: 0xfffffff007c08604  fp: 0xffffffeb101a2fa0
                  lr: 0xfffffff009cf01a8  fp: 0xffffffeb101a2fc0
                  lr: 0xfffffff0093c31c8  fp: 0xffffffeb101a3890
                  lr: 0xfffffff007de7ee0  fp: 0xffffffeb101a3b40
                  lr: 0xfffffff007de9974  fp: 0xffffffeb101a3d70
                  lr: 0xfffffff007de96bc  fp: 0xffffffeb101a3db0
                  lr: 0xfffffff0081a8a98  fp: 0xffffffeb101a3e50
                  lr: 0xfffffff007d4a960  fp: 0xffffffeb101a3f10
                  lr: 0xfffffff00835a610  fp: 0xffffffeb101a3f20


** Stackshot Succeeded ** Bytes Traced 18955 (Uncompressed 51584) **
IOPlatformPanicAction -> AppleANS2NVMeController
IOPlatformPanicAction -> AppleT8030PMGR
IOPlatformPanicAction -> AppleARMWatchdogTimer
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> AppleSMC
IOPlatformPanicAction -> AppleANS2NVMeController
IOPlatformPanicAction -> AppleT8030PMGR
IOPlatformPanicAction -> AppleARMWatchdogTimer
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> AppleSMC

Please go to https://panic.apple.com to report this panic

@TrungNguyen1909
Copy link
Owner

TrungNguyen1909 commented Mar 11, 2022
edited
Loading

@asdfugil, I just tested mounting manually using the command from the ramdisk. It should work...

xnu.c:

static const char *REM_PROPS[] = {
    "function-error_handler", "nvme-coastguard", "nand-debug",
    "function-spi0_sclk_config", "function-spi0_mosi_config",
    "function-pmp_control", "function-mcc_ctrl", "pmp",
    "function-vbus_voltage",
    "function-brick_id_voltage", "function-ldcm_bypass_en",
    "content-protect", /* We don't want encrypted data volume */
};
...
    child = get_dtb_node(root, "product");
    assert(child);
    data = 1;
    // TODO: Workaround: AppleKeyStore SEP(?)
    set_dtb_prop(child, "boot-ios-diagnostics", sizeof(data), (uint8_t *)&data);
    set_dtb_prop(child, "product-name", 8, (uint8_t *)"FastSim");

@asdfugil
Copy link
Author

manually mounting just makes the vm panic earlier for me (note parent: bash (pid 3))
Also I used while true;do /sbin/mount_apfs -R /dev/disk0s1s2 /mnt2; done to mount
As soon as the partition is detected by the kernel (request from restored_external?) and mount is attempted it panics again

apfs_mount:26376: disk0s1s2 mount for ramdisk
spaceman_scan_free_blocks:3171: disk0s1 scan took 0.027274 s (no trims)
set_cloneinfo_id_epoch:25743: disk0s1s2 set cloneinfo_id_epoch to 16
apfs_log_mount_unmount:1828: disk0s1s2 mounting volume Data, requested by: mount_apfs (pid 33); parent: bash (pid 3)
handle_mount:654: disk0s1s2 vol-uuid: 61706673-7575-6964-0040-766F6C756D01 block size: 4096 block count: 8388597 (unencrypted; flags: 0x1; features: 8.0.2)
handle_mount:667: disk0s1s2 setting dev block size to 4096 from 512
nx_volume_group_update:7715: disk0s1s2 Volume Data is not in a volume group
IOPlatformPanicAction -> AppleANS2NVMeController
IOPlatformPanicAction -> AppleT8030PMGR
IOPlatformPanicAction -> AppleARMWatchdogTimer
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> AppleSMC
panic(cpu 3 caller 0xfffffff0093c31c8): "unencrypted data volume is not allowed" @apfs_vfsops.c:2357
Debugger message: panic
Memory ID: 0x0
OS release type: Restore
OS version: 19D52
Kernel version: Darwin Kernel Version 21.3.0: Wed Jan  5 21:44:45 PST 2022; root:xnu-8019.80.24~23/RELEASE_ARM64_T8030
Kernel UUID: 5703F07F-AEE8-3207-8205-203C7B11B3C2
iBoot version: qemu-t8030
secure boot?: YES
Paniclog version: 13
Kernel text base:  0xfffffff007004000
mach_absolute_time: 0x680e53f1
Epoch Time:        sec       usec
  Boot    : 0x622ad15e 0x00049396
  Sleep   : 0x00000000 0x00000000
  Wake    : 0x00000000 0x00000000
  Calendar: 0x622ad1a3 0x000e38e8

Zone info:
Foreign   : 0xfffffff0be3dc000 - 0xfffffff0be3ec000
Native    : 0xffffffe0007c4000 - 0xffffffe6007c4000
Readonly  : 0xffffffe0e6e28000 - 0xffffffe133aec000
Metadata  : 0xffffffeb01428000 - 0xffffffeb05720000
Bitmaps   : 0xffffffeb02c28000 - 0xffffffeb03434000
CORE 0: PC=0xfffffff007d4e650, LR=0xfffffff007d4e64c, FP=0xffffffeb0554be80
CORE 1: PC=0x0000000104d0657c, LR=0x0000000104d12840, FP=0x000000016b113240
CORE 2: PC=0xfffffff007c1c0e8, LR=0xfffffff008384080, FP=0xffffffeb0513b980
CORE 3 is the one that panicked. Check the full backtrace for details.
Panicked task 0xffffffe21a1e3340: 657 pages, 1 threads: pid 33: mount_apfs
Panicked thread: 0xffffffe3e6f0cdc0, backtrace: 0xffffffeb050ea990, tid: 441
                  lr: 0xfffffff007c08c18  fp: 0xffffffeb050ea9d0
                  lr: 0xfffffff007c08938  fp: 0xffffffeb050eaa40
                  lr: 0xfffffff007d5a2cc  fp: 0xffffffeb050eaa60
                  lr: 0xfffffff007d4bae0  fp: 0xffffffeb050eaae0
                  lr: 0xfffffff007d4a894  fp: 0xffffffeb050eaba0
                  lr: 0xfffffff00835a610  fp: 0xffffffeb050eabb0
                  lr: 0xfffffff007c08604  fp: 0xffffffeb050eaf40
                  lr: 0xfffffff007c08604  fp: 0xffffffeb050eafa0
                  lr: 0xfffffff009cf01a8  fp: 0xffffffeb050eafc0
                  lr: 0xfffffff0093c31c8  fp: 0xffffffeb050eb890
                  lr: 0xfffffff007de7ee0  fp: 0xffffffeb050ebb40
                  lr: 0xfffffff007de9974  fp: 0xffffffeb050ebd70
                  lr: 0xfffffff007de96bc  fp: 0xffffffeb050ebdb0
                  lr: 0xfffffff0081a8a98  fp: 0xffffffeb050ebe50
                  lr: 0xfffffff007d4a960  fp: 0xffffffeb050ebf10
                  lr: 0xfffffff00835a610  fp: 0xffffffeb050ebf20


** Stackshot Succeeded ** Bytes Traced 19777 (Uncompressed 53360) **
IOPlatformPanicAction -> AppleANS2NVMeController
IOPlatformPanicAction -> AppleT8030PMGR
IOPlatformPanicAction -> AppleARMWatchdogTimer
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> AppleSMC
IOPlatformPanicAction -> AppleANS2NVMeController
IOPlatformPanicAction -> AppleT8030PMGR
IOPlatformPanicAction -> AppleARMWatchdogTimer
IOPlatformPanicAction -> AppleNubSynopsysOTG3Device
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> RTBuddyV2
IOPlatformPanicAction -> AppleSMC

Please go to https://panic.apple.com to report this panic

@TrungNguyen1909
Copy link
Owner

really weird. The only way I could explain that was you forgot to run make again .-.

@asdfugil
Copy link
Author

asdfugil commented Mar 11, 2022
edited
Loading

really weird. The only way I could explain that was you forgot to run make again .-.

nick@nick-pc [255]:~$ strings qemu-t8030/build/qemu-system-aarch64 | grep -E 'content-protect|FastSim'
FastSim
content-protect
nick@nick-pc [0]:~$

So I definitely did not forgot and it did get compiled in.

@TrungNguyen1909
Copy link
Owner

Add these lines to the end of macho_load_dtb in xnu.c

    FILE* fd = fopen("deviceTree-processed", "wb");
    fwrite(buf, info->dtb_size, 1, fd);
    fclose(fd);

This should produce a deviceTree-processed file every boot so please run and send it to me.

@asdfugil
Copy link
Author

asdfugil commented Mar 11, 2022
edited
Loading

(gzipped file)
deviceTree-processed.gz

also

nick@nick-pc [0]:~/vm_images/t8030$ strings /home/nick/vm_images/t8030/deviceTree-processed  | grep FastSim
FastSim

@TrungNguyen1909
Copy link
Owner

@asdfugil you put the FastSim thing in the wrong position.

@asdfugil
Copy link
Author

I see, there's two // TODO: Workaround: AppleKeyStore SEP(?) and I put it under the wrong comment

@asdfugil
Copy link
Author

asdfugil commented Mar 11, 2022
edited
Loading

the restore seems to have worked...ish. It says it failed but then the system seemed to work.

@asdfugil
Copy link
Author

idevicerestore log

[06:11:33.0870-GMT]{4>10} CHECKPOINT BEGIN: RESTORED:[0x0647] cleanup_check_result
restore-step-ids = {0x1103060E:19;0x11030647:22}
restore-step-names = {0x1103060E:update_NAND_firmware;0x11030647:cleanup_check_result}
restore-step-uptime = 35
restore-step-user-progress = 0
[06:11:33.0881-GMT]{4>10} CHECKPOINT END: RESTORED:[0x0647] cleanup_check_result
restore-step-ids = {0x1103060E:19}
restore-step-names = {0x1103060E:update_NAND_firmware}
restore-step-uptime = 35
restore-step-user-progress = 0
[06:11:33.0892-GMT]{4>10} CHECKPOINT BEGIN: RESTORED:[0x0648] cleanup_send_final_status
restore-step-ids = {0x1103060E:19;0x11030648:23}
restore-step-names = {0x1103060E:update_NAND_firmware;0x11030648:cleanup_send_final_status}
restore-step-uptime = 35
restore-step-user-progress = 0

ERROR: Unable to successfully restore device
FDR 0x55a8c877a950 timeout waiting for command
FDR 0x55a8c877a950 waiting for message...
No data to read (timeout)
FDR 0x55a8c877a950 terminating...
ERROR: Unable to restore device

serial output

[06:12:12.0196-GMT]{4>10} CHECKPOINT WARNING: RESTORED:[0x0651] not rebooting on failure[6] (CHECKPOINT FINISHED could be lost)
restored_external: not rebooting on failure[6] (CHECKPOINT FINISHED could be lost)
[06:12:12.0198-GMT]{4>10} CHECKPOINT END: RESTORED:[0x0651] cleanup_failure_warning
restore-step-ids = {0x1103060E:19}
restore-step-names = {0x1103060E:update_NAND_firmware}
restore-step-warnings = {0x11060651:{0:"not rebooting on failure[6] (CHECKPOINT FINISHED could be lost)"}}
restore-step-uptime = 74
restore-step-user-progress = 0
[06:12:12.0217-GMT]{4>10} CHECKPOINT BEGIN: RESTORED:[0x064B] cleanup_post_restore
restore-step-ids = {0x1103060E:19;0x1103064B:27}
restore-step-names = {0x1103060E:update_NAND_firmware;0x1103064B:cleanup_post_restore}
restore-step-uptime = 74
restore-step-user-progress = 0
000077.080318 AppleNubSynopsysOTG3Device@2: IOUSBDeviceController::gated_setProperties: unknown command StoreDriverDebugLog
IOUSBDeviceControllerSendCommand failed: 0xe0000001
waiting for disconnect to continue
[06:12:42.0651-GMT]{4>10} CHECKPOINT END: RESTORED:[0x064B] cleanup_post_restore
restore-step-ids = {0x1103060E:19}
restore-step-names = {0x1103060E:update_NAND_firmware}
restore-step-uptime = 104
restore-step-user-progress = 0
[06:12:42.0665-GMT]{4>10} CHECKPOINT BEGIN: RESTORED:[0x064C] cleanup_release
restore-step-ids = {0x1103060E:19;0x1103064C:28}
restore-step-names = {0x1103060E:update_NAND_firmware;0x1103064C:cleanup_release}
restore-step-uptime = 104
restore-step-user-progress = 0
[06:12:42.0675-GMT]{4>10} CHECKPOINT END: RESTORED:[0x064C] cleanup_release
restore-step-ids = {0x1103060E:19}
restore-step-names = {0x1103060E:update_NAND_firmware}
restore-step-uptime = 104
restore-step-user-progress = 0
restore completed (-1), requesting reboot [FAILURE]
[06:12:42.0687-GMT]{4>10} CHECKPOINT NOTICE: MAIN:[0x0104] handle_new_connections
[06:12:42.0688-GMT]{4>10} CHECKPOINT FINISHED-ENGINES:(FAILURE:1)  {0x1107060E:{0:6}}
[06:12:42.0690-GMT]{4>10} CHECKPOINT PROGRESS: FAILED (initial_engine_no_return) -> (initial_engine_failure_no_return)
restore-outcome = initial_engine_failure_no_return
executing /usr/sbin/nvram -s restore-outcome=initial_engine_failure_no_return
recv(9, 4) failed: connection closed
unable to read message size: -1
could not receive message
[06:12:43.0382-GMT]{4>10} CHECKPOINT NOTICE: (NVRAM set) restore-outcome=initial_engine_failure_no_return [sync=true] (engine process terminating)
[06:12:43.0524-GMT]{1>4} CHECKPOINT NOTICE: Post-engines NVRAM variable: auto-boot=true
[06:12:43.0535-GMT]{1>4} CHECKPOINT NOTICE: Post-engines NVRAM variable: restore-outcome=initial_engine_failure_no_return
[06:12:43.0607-GMT]{1>4} CHECKPOINT PROGRESS: NO_REBOOT_RETRY (initial_monitor_no_return) -> (recovery_mode)
restore-child-failures = {initial:EXIT(1)[REBOOT]}
executing /usr/sbin/nvram restore-child-failures={initial:EXIT(1)[REBOOT]}
restore-outcome = recovery_mode
executing /usr/sbin/nvram restore-outcome=recovery_mode
restored exited normally with status 1 - rebooting
[06:12:44.0887-GMT]{1>4} CHECKPOINT MONITOR:(FAILURE:256) [0x020A] set_exit_status
restore-step-monitor = {0x1101020A:"set_exit_status"}
restored-exit-status = 0x100
executing /usr/sbin/nvram restored-exit-status=0x100
Searching for NAND service
Found NAND service: AppleANS2NVMeController
NAND initialized. Waiting for devnode.
entering wait_for_device: 'EmbeddedDeviceTypeRoot'
Using device path /dev/disk0 for EmbeddedDeviceTypeRoot
entering ramrod_probe_media_internal
entering wait_for_device: 'EmbeddedDeviceTypeRoot'
Using device path /dev/disk0 for EmbeddedDeviceTypeRoot
device partitioning scheme is GPT
APFS Container 'Container' /dev/disk0s1
device is APFS formatted
Captured preboot partition on main OS container 2
Data volume access is restricted..Checking for path on update volume to sync read/write ramdisk

Read/Write ramdisk will be synced to the Update partition

Update partition is not mounted..Attempting to mount

executing /sbin/mount_apfs -R /dev/disk0s1s5 /mnt4
dev_init:307: disk0s1 device accelerated crypto: 3 (compiled @ Jan  6 2022 23:35:15)
dev_init:310: disk0s1 device_handle block size 4096 block count 8388597 features 22 internal solidstate
nx_mount:1184: disk0s1 initializing cache w/hash_size 4096 and cache size 10064
nx_mount:1460: disk0s1 checkpoint search: largest xid 129, best xid 129 @ 69
nx_mount:1462: disk0s1 reloading after unclean unmount, checkpoint xid 129, superblock xid 117
spaceman_metazone_init:191: disk0s1 metazone for device 0 of size 262143 blocks (encrypted: 8126454-8257525 unencrypted: 8257525-8388597)
spaceman_datazone_init:625: disk0s1 allocation zone on dev 0 for allocations of 1 blocks starting at paddr 4096000
spaceman_datazone_init:625: disk0s1 allocation zone on dev 0 for allocations of 2 blocks starting at paddr 32768
spaceman_datazone_init:625: disk0s1 allocation zone on dev 0 for allocations of 3 blocks starting at paddr 65536
spaceman_datazone_init:625: disk0s1 allocation zone on dev 0 for allocations of 4 blocks starting at paddr 98304
dev_dump:256: Aggregate constructed: dev=<ptr> di=0 dv_num_slice=15 dv_num_slice_blk=589824 dv_num_lslice_blk=131061
apfs_mount:26376: disk0s1s5 mount for ramdisk
apfs_log_mount_unmount:1828: disk0s1s5 mounting volume Update, requested by: mount_apfs (pid 20); parent: restored_externa (pid 4)
handle_mount:654: disk0s1s5 vol-uuid: FFD26470-68B0-4E28-933C-CA1FB90A25E4 block size: 4096 block count: 8388597 (unencrypted; flags: 0x1; features: 8.0.2)
spaceman_scan_free_blocks:3171: disk0s1 scan took 0.028441 s (no trims)
handle_mount:667: disk0s1s5 setting dev block size to 4096 from 512
nx_volume_group_update:7709: disk0s1s5 Volume Update role c0 Not a System or data volume
fastsim_is_enabled:9581: ================ fastsim is enabled ================
/dev/disk0s1s5 mounted on /mnt4
Successfully found/mounted Update partition at /mnt4!

Update Partition(/dev/disk0s1s5) is mounted at /mnt4.
Successfully created CrashReporter folder at /mnt4/mobile/Library/Logs/CrashRepospaceman_scan_free_blocks:3153: disk0s1 scan took 0.371239 s, trims took 0.318758 s
rter
spaceman_scan_free_blocks:3155: disk0s1 6071401 blocks free in 18334 extents

spaceman_scan_free_blocks:3163: disk0s1 6071401 blocks trimmed in 18334 extents (17 us/trim, 57516 trims/s)
lastOTA log dir will be saved to /mnt4/lastOTA
spaceman_scan_free_blocks:3166: disk0s1 trim distribution 1:12479 2+:1974 4+:2547 16+:817 64+:302 256+:215

Searching /mnt5 for crash logs
Skipping unrecognized file checkpoint
Total files:    1 Crash logs:    0 Files copied:    0
Searching /mnt5/checkpoint for checkpoint history and tolerated files
Copying restore_perform.txt to /mnt4/mobile/Library/Logs/CrashReporter/restore_perform.txt
Copying restore_perform.txt to /mnt4/lastOTA/restore_perform.txt
Total files|directories:    1 History files:    1 Status files:    0 Files copied:    1
[06:12:47.0042-GMT]{1>4} CHECKPOINT MONITOR: [0x1183] sync_ramdisk
restore-step-monitor = {0x11011183:"sync_ramdisk"}
[06:12:47.0055-GMT]{1>4} CHECKPOINT MONITOR: [0x1181] unmount_ramdisk
restore-step-monitor = {0x11011181:"unmount_ramdisk"}
Tried to unmount a volume at '/mnt5' that wasn't mounted. Ignoring the error.
successfully unmounted tmpfs
[06:12:47.0060-GMT]{1>4} CHECKPOINT MONITOR: [0x1182] eject_ramdisk
restore-step-monitor = {0x11011182:"eject_ramdisk"}
[06:12:47.0063-GMT]{1>4} CHECKPOINT FINAL-MONITOR:(FAILURE:1)  [EXIT] {initial:EXIT(1)[REBOOT]}

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[06:12:47.0063-GMT]{1>4} CHECKPOINT FINAL-MONITOR:(FAILURE:1)  [EXIT] {initial:EXIT(1)[REBOOT]}

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[06:12:47.0063-GMT]{1>4} CHECKPOINT FINAL-MONITOR:(FAILURE:1)  [EXIT] {initial:EXIT(1)[REBOOT]}

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
executing /usr/sbin/nvram -d ramrod-kickstart-aces
Successfully deleted ramrod-kickstart-acesramrod-kickstart-aces
No valid port micro usbc,cdXXXX value. Not restarting port micro
executing /sbin/reboot
com.apple.xpc.launchd|2022-03-11 06:12:50.489439 (system) <Warning>: failed lookup: name = com.apple.system.notification_center, flags = 0x9, requestor = reboot[22], error = 3: No such process
com.apple.xpc.launchd|2022-03-11 06:12:50.501639 (system) <Warning>: failed lookup: name = com.apple.logd, flags = 0x9, requestor = reboot[22], error = 3: No such process
2022-03-11 06:12:50.511367+0000 reboot[22:429] rebooted by root
com.apple.xpc.launchd|2022-03-11 06:12:50.664157 (system) <Notice>: System shutdown initiated by: reboot[22]<-restored_extern[4]<-launchd[1]
com.apple.xpc.launchd|2022-03-11 06:12:50.664463 (system) <Notice>: system shutdown: flags = 0x0, caller = reboot[22]<-restored_extern[4]<-launchd[1]
com.apple.xpc.launchd|2022-03-11 06:12:50.664623 <Notice>: committing to system shutdown
apfs_stop_bg_work:1056: System is shutting down stop any bg work
com.apple.xpc.launchd|2022-03-11 06:13:20.668228 <Notice>: shutdown UNINITIALIZED -> COMMITTED
apfs_log_mount_unmount:1828: disk0s1s5 unmounting volume Update, requested by: launchd (pid 1); parent: kernel_task (pid 0)
apfs_vfsop_unmount:2648: disk0s1s5 waiting for purgatory cleaner to finish
nx_volume_group_update:7709: disk0s1s5 Volume Update role c0 Not a System or data volume
apfs_vfsop_unmount:2982: disk0s1 nx_num_vols_mounted is 0
dev_dump:256: Aggregate destructed: dev=<ptr> di=0 dv_num_slice=15 dv_num_slice_blk=589824 dv_num_lslice_blk=131061
container_unload:1641: vnode_close() invoked in the container unload path
apfs: total mem allocated: 64 (0 mb);
apfs_vfsop_unmount:2995: all done.  going home.  (numMountedAPFSVolumes 0)
hfs: unmount initiated on SkyD19D52.arm64eCustomerRamDisk on device b(3, 0)
AppleUSBDeviceMux::message - kMessageInterfaceWasDeActivated
AppleUSBDeviceMux::reportStats: USB mux statistics: 
USB mux: 106 reads / 0 errors, 69 writes / 0 errors
USB mux: 0 short packets, 0 dups
asyncReadComplete:1825 USB read status = 0xe00002eb
asyncReadComplete:1825 USB read status = 0xe00002eb
virtual void IONVMeController::systemWillShutdown(IOOptionBits)::564:Entry, inOptions - 0xe0000310
virtual IOReturn AppleNVMeController::performNVMeShutdownTasks()::1326:Entry
virtual void IONVMeController::systemWillShutdown(IOOptionBits)::648:Exit, inOptions - 0xe0000310
IOPlatformHaltRestartAction -> AppleT8030PMGR
AppleNVMe Assert failed: 0 == (status) ResetUtilUser file: /Library/Caches/com.apple.xbs/Sources/IONVMeFamily/IONVMeFamily-640/Embedded/AppleEmbeddedNVMeNVRAM.cpp line: 410 
wdog restart
wdt_update: wdog reset system

@TrungNguyen1909
Copy link
Owner

Doesnt look quite successful to me ngl

@asdfugil
Copy link
Author

I can't seem to restore iOS 14.3 successfully as well, however the restored system still work. Both iOS 15.3.1 and 14.3 restore fails at sealing the system volume afaik is introduced with iOS 14.2

@asdfugil
Copy link
Author

asdfugil commented Mar 11, 2022
edited
Loading

This is the serial output for the iOS 14.3 restore:
this appears to be where it failed

restore-step-user-progress = 98
[11:57:21.0137-GMT]{4>7} CHECKPOINT BEGIN: RESTORED:[0x068B] seal_system_volume
restore-step-ids = {0x1103068B:114}
restore-step-names = {0x1103068B:seal_system_volume}
restore-step-uptime = 1345
restore-step-user-progress = 98
Running mtree and saving output to /mnt5/mtree_remap.xml
2022-03-11 11:57:28.042400+0000 restored_external[7:383] [library] failed to open AppleI
mage4 service: 0xe00002c2
2022-03-11 11:57:28.044485+0000 restored_external[7:383] [library] initialized default r
untime: darwin userspace [version 0x1]
2022-03-11 11:57:28.046008+0000 restored_external[7:383] [library] initialized internal
runtime: null [version 0x1]
2022-03-11 11:57:28.047139+0000 restored_external[7:383] [library] initialized internal
runtime: restore ramdisk [version 0x1]
2022-03-11 11:57:28.049003+0000 restored_external[7:383] [library] returning secure boot
 chip: sha2-384 arm ap
restored_external: AppleImage4  [INFO]  authenticating firmware on chip: 4cc = msys, chi
p = sha2-384 arm ap
restored_external: AppleImage4 [DEBUG]   chip allows mix-n-match
restored_external: AppleImage4  [INFO]  subsequent stage of trust chain; querying previo
us stage manifest hash
restored_external: AppleImage4  [INFO]  chip allows mix-n-match; ignoring previous stage
 manifest hash
restored_external: AppleImage4 [DEBUG]   wrapped Image4 payload
restored_external: AppleImage4 [DEBUG]   attached Image4 manifest
restored_external: AppleImage4 [ERROR] _Img4DecodeInitAsManifest: [2 unexpected tag foun
d while decoding]
restored_external: AppleImage4 [DEBUG]   calling out to execution context: 79
img4_firmware_execute failed: 79
[11:57:28.0065-GMT]{4>7} CHECKPOINT FAILURE:(FAILURE:6) RESTORED:[0x068B] seal_system_vo
lume [0]D(failed to seal system volume.)[1]D(img4_firmware_execute failed)

restore.log

@TrungNguyen1909
Copy link
Owner

@asdfugil, the sealing problem is quite problematic on 15.3.1 since it is enforced by default and there is no override from outside possible... but we can patch restored_update though...

@asdfugil
Copy link
Author

asdfugil commented Mar 11, 2022
edited
Loading

A file named /restore.log is also written onto (by restored_external? idk) the rootfs in the iOS 14.3 restore (that's another iphone vm btw), which may be problematic for the seal... The restore.log I sent above is that file.

@TrungNguyen1909
Copy link
Owner

@asdfugil, well, I don't think sealing is possible with the current setup though...
But maybe I'm wrong

@asdfugil asdfugil mentioned this issue Apr 13, 2022
Closed
@asdfugil
Copy link
Author

Doesnt look quite successful to me ngl

the most obvious side effect is that there are no snapshots created

@iTheGentle
Copy link

i had the same issue, it can't create an encrypted fs,
restore-step-uptime = 3823 restore-step-user-progress = 97 entering create_protected_filesystems ramrod_display_set_granular_progress_forced: 97.000000 content-protect property not found encryptable property not found creating class d key for /mnt2 void CoreAnalyticsHub::handleNagTimerExpiry(IOTimerEventSource *)::627:messageClients of 3 available events
OS ver: 15.4.1

@asdfugil
Copy link
Author

@iTheGentle this is another issue first reported in #37, but please make a new issue anyways

shannon2893 pushed a commit to shannon2893/qemu-t8030 that referenced this issue Jul 25, 2022
@philmd @huth
tests/qtest/intel-hda-test: Add reproducer for issue #542
19a5452 
Include the qtest reproducer provided by Alexander Bulekov
in https://gitlab.com/qemu-project/qemu/-/issues/542.
Without the previous commit, we get:

  $ make check-qtest-i386
  ...
  Running test tests/qtest/intel-hda-test
  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==1580408==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc3d566fe0
      #0 0x63d297cf in address_space_translate_internal softmmu/physmem.c:356
      TrungNguyen1909#1 0x63d27260 in flatview_do_translate softmmu/physmem.c:499:15
      TrungNguyen1909#2 0x63d27af5 in flatview_translate softmmu/physmem.c:565:15
      TrungNguyen1909#3 0x63d4ce84 in flatview_write softmmu/physmem.c:2850:10
      TrungNguyen1909#4 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      TrungNguyen1909#5 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      TrungNguyen1909#6 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      TrungNguyen1909#7 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      TrungNguyen1909#8 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      TrungNguyen1909#9 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
      TrungNguyen1909#10 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
      TrungNguyen1909#11 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
      TrungNguyen1909#12 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
      TrungNguyen1909#13 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
      TrungNguyen1909#14 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
      TrungNguyen1909#15 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
      TrungNguyen1909#16 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
      TrungNguyen1909#17 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
      TrungNguyen1909#18 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
      TrungNguyen1909#19 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
      TrungNguyen1909#20 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
      TrungNguyen1909#21 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
      TrungNguyen1909#22 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
      TrungNguyen1909#23 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
      TrungNguyen1909#24 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      TrungNguyen1909#25 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      TrungNguyen1909#26 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      #27 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      TrungNguyen1909#28 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      TrungNguyen1909#29 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
      TrungNguyen1909#30 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
      TrungNguyen1909#31 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
      TrungNguyen1909#32 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
      TrungNguyen1909#33 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
      TrungNguyen1909#34 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
      TrungNguyen1909#35 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
      TrungNguyen1909#36 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
      TrungNguyen1909#37 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
      TrungNguyen1909#38 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
      TrungNguyen1909#39 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
      TrungNguyen1909#40 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
      TrungNguyen1909#41 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
      TrungNguyen1909#42 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
      TrungNguyen1909#43 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
      TrungNguyen1909#44 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      TrungNguyen1909#45 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      TrungNguyen1909#46 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      TrungNguyen1909#47 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      TrungNguyen1909#48 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      ...
  SUMMARY: AddressSanitizer: stack-overflow softmmu/physmem.c:356 in address_space_translate_internal
  ==1580408==ABORTING
  Broken pipe
  Aborted (core dumped)

Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Acked-by: Thomas Huth <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iTheGentle @TrungNguyen1909 @asdfugil