Skip to content
This repository has been archived by the owner on Apr 14, 2023. It is now read-only.

Not getting shell #43

Closed
oxemanuelexo opened this issue Mar 25, 2022 · 4 comments
Closed

Not getting shell #43

oxemanuelexo opened this issue Mar 25, 2022 · 4 comments

Comments

@oxemanuelexo
Copy link

I am booting emulator with auto boot instructions but not getting shell access. This is the log of running it

AppleUSBDeviceMux build: Aug 12 2020 22:50:42
000042.269962 AppleNubSynopsysOTG3Device@: IOUSBDeviceController::gated_registerFunction: register function AppleUSBMux
IOAccessoryPortUSB::start
AppleUSBEthernetDevice::start: no device-mac-address present
000042.274005 AppleNubSynopsysOTG3Device@: IOUSBDeviceController::gated_registerFunction: register function AppleUSBNCMControl
000042.274572 AppleNubSynopsysOTG3Device@: IOUSBDeviceController::gated_registerFunction: register function IapOverUsbHid
000042.282476 AppleNubSynopsysOTG3Device@: IOUSBDeviceController::gated_registerFunction: register function AppleUSBNCMData
000042.295219 AppleNubSynopsysOTG3Device@: IOUSBDeviceController::gated_registerFunction: register function PTP
000042.295823 AppleNubSynopsysOTG3Device@: IOUSBDeviceController::gated_registerFunction: register function Valeria
000042.296267 AppleNubSynopsysOTG3Device@: IOUSBDeviceController::startUSBStack: starting usb stack
qemu-system-aarch64: usb_tcp_host_attach: failed to connect to server: -1

apfs_is_valid_class:2253: rejecting class open (class 2) because we're not content protected
handle_mount:627: vol-uuid: FE08F35A-6B73-4D6B-A39A-B83D81136524 block size: 4096 block count: 8388597 (unencrypted; flags: 0x1; features: 8.0.12)
handle_mount:640: setting dev block size to 4096 from 512
nx_volume_group_update:6634: Volume System is not in a volume group
apfs_vfsop_mount:2171: disk0s1s1:0 mounted volume: System
handle_revert_to_snapshot:5195: On next mount, volume will revert to snapshot 'com.apple.os.update-5118EA8F39FF61D152BA7E1F92591910CDE7A2B09B867D8D58DC37E2CDC0B7C98DD296D4BF57862D143413DD17012D70' w/snap xid 133
apfs_stop_bg_work:1028: disk0s1s1:0 Volume System is unmounting, stop any bg work
apfs_vfsop_unmount:2375: disk0s1: unmounting volume 'System'
apfs: total mem allocated: 11952394 (11 mb);
apfs_vfsop_unmount:2682: all done.  going home.  (numMountedAPFSVolumes 5)
tx_flush:1075: disk0s1 xid 242 tx stats: # 20 finish 20 enter 775 wait 1 3033us close 2317us flush 8062us
revert_to_snapshot:1260: Reverting to snapshot w/xid 133 and old sblock oid 8259547.
revert_extents_to_snapshot:1093: free'ing extents in main extentref tree 8257579
free_allocated_snapshot_extents:1008: processed 0 extents and free'd 0 blocks
obj_cache_remove_reverted_fs_objects:1547: disk0s1s1:0 removing reverted fs objects for fs 1026: 134 - 244
revert_to_snapshot:1336: DONE reverting to snapshot w/xid 133
handle_mount:627: vol-uuid: FE08F35A-6B73-4D6B-A39A-B83D81136524 block size: 4096 block count: 8388597 (unencrypted; flags: 0x1; features: 8.0.12)
handle_mount:640: setting dev block size to 4096 from 512
nx_volume_group_update:6634: Volume System is not in a volume group
apfs_vfsop_mount:2171: disk0s1s1:0 mounted volume: System
apfs_vfsop_unmount:2375: disk0s1: unmounting volume 'System'
apfs: total mem allocated: 12886655 (12 mb);
apfs_vfsop_unmount:2682: all done.  going home.  (numMountedAPFSVolumes 5)
static IOReturn AppleMobileFileIntegrityUserClient::isCdhashInTrustCache(OSObject *, void *, IOExternalMethodArguments *): Process 163 is checking if a cdhash is in the trust cache
static IOReturn AppleMobileFileIntegrityUserClient::isCdhashInTrustCache(OSObject *, void *, IOExternalMethodArguments *): Returning IOReturn 0x0 to process 163
ls
tx_flush:1075: disk0s1 xid 262 tx stats: # 40 finish 40 enter 3141 wait 6 2470us close 1664us flush 13359us

ls
tx_flush:1075: disk0s1 xid 282 tx stats: # 60 finish 60 enter 2155 wait 6 2470us close 1219us flush 19586us
@asdfugil
Copy link

asdfugil commented Mar 29, 2022

handle_revert_to_snapshot:5195: On next mount, volume will revert to snapshot 'com.apple.os.update-5118EA8F39FF61D152BA7E1F92591910CDE7A2B09B867D8D58DC37E2CDC0B7C98DD296D4BF57862D143413DD17012D70' w/snap xid 133

You need to rename the system snapshot to a name that is not named com.apple.os.update-*, such as orig-fs or it will try to restore rootfs.

@iarchiveml
Copy link

Where is the snapshot located in the rootfs?

@asdfugil
Copy link

it's a property of the APFS volume responsible for the rootfs

@iarchiveml
Copy link

Fix:
Mount the rootfs and follow these steps to rename the snapshot (can be renamed to anything else such as "orig-fs"): https://support.apple.com/en-vn/guide/disk-utility/dskuf82354dc/mac

shannon2893 pushed a commit to shannon2893/qemu-t8030 that referenced this issue Jul 25, 2022
Include the qtest reproducer provided by Alexander Bulekov
in https://gitlab.com/qemu-project/qemu/-/issues/542.
Without the previous commit, we get:

  $ make check-qtest-i386
  ...
  Running test tests/qtest/intel-hda-test
  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==1580408==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc3d566fe0
      #0 0x63d297cf in address_space_translate_internal softmmu/physmem.c:356
      TrungNguyen1909#1 0x63d27260 in flatview_do_translate softmmu/physmem.c:499:15
      TrungNguyen1909#2 0x63d27af5 in flatview_translate softmmu/physmem.c:565:15
      TrungNguyen1909#3 0x63d4ce84 in flatview_write softmmu/physmem.c:2850:10
      TrungNguyen1909#4 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      TrungNguyen1909#5 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      TrungNguyen1909#6 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      TrungNguyen1909#7 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      TrungNguyen1909#8 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      TrungNguyen1909#9 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
      TrungNguyen1909#10 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
      TrungNguyen1909#11 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
      TrungNguyen1909#12 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
      TrungNguyen1909#13 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
      TrungNguyen1909#14 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
      TrungNguyen1909#15 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
      TrungNguyen1909#16 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
      TrungNguyen1909#17 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
      TrungNguyen1909#18 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
      TrungNguyen1909#19 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
      TrungNguyen1909#20 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
      TrungNguyen1909#21 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
      TrungNguyen1909#22 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
      TrungNguyen1909#23 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
      TrungNguyen1909#24 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      TrungNguyen1909#25 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      TrungNguyen1909#26 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      #27 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      TrungNguyen1909#28 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      TrungNguyen1909#29 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
      TrungNguyen1909#30 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
      TrungNguyen1909#31 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
      TrungNguyen1909#32 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
      TrungNguyen1909#33 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
      TrungNguyen1909#34 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
      TrungNguyen1909#35 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
      TrungNguyen1909#36 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
      TrungNguyen1909#37 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
      TrungNguyen1909#38 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
      TrungNguyen1909#39 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
      TrungNguyen1909#40 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
      TrungNguyen1909#41 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
      TrungNguyen1909#42 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
      TrungNguyen1909#43 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
      TrungNguyen1909#44 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
      TrungNguyen1909#45 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
      TrungNguyen1909#46 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
      TrungNguyen1909#47 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
      TrungNguyen1909#48 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
      ...
  SUMMARY: AddressSanitizer: stack-overflow softmmu/physmem.c:356 in address_space_translate_internal
  ==1580408==ABORTING
  Broken pipe
  Aborted (core dumped)

Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Acked-by: Thomas Huth <[email protected]>
Message-Id: <[email protected]>
Signed-off-by: Thomas Huth <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants