On Fri, Jul 3, 2009 at 6:18 PM, Jim Paris<j...@jtan.com> wrote: > G wrote: >> Hello again, >> >> I've continued my attempts to get the HASP dongle working, but with no >> success: >> >> Downloaded kvm-72.tar.gz through kvm-87.tar.gz to find out when the >> problem first appear, as kvm-72 is working. Unfortunately, kvm-72 >> through kvm-82 fails to compile on my Debian system with kernel 2.6.30 >> and gcc 4.3, and kvm-83 crashes in the same way that kvm-87 crashes. >> >> I have also tested two other USB devices: a C-Pen (www.cpen.com) and a >> GEM card reader, both successfully. So it seems it is the HASP >> dongle/driver combo which is doing something naughty that makes KVM >> versions newer than kvm-72 crash... >> >> Anyone got any ideas what I might try out to find the cause for the >> crashes? > > You might try uncommenting "//#define DEBUG" at the top of usb-linux.c > to get some more verbose output from qemu.
Good idea. The results from three test runs after that change are in the attached files. The third was done while also dumping the USB bus, and the output from that dump is also attached.
Scenario: boot, install the HASP SRM drivers, after install completes issue "usb_add host:0529:0001" command in qemu monitor, dumps core after windows discovers qemu usb hub. % qemu-system-x86_64 -no-acpi -hda WinXP_eng_32bit_kvm87.img -m 4096 -net nic -net user -usb -monitor stdio -usbdevice tablet QEMU 0.10.50 monitor - type 'help' for more information (qemu) usb_add host:0529:0001 husb: opened /proc/bus/usb/devices husb: using proc file-system with /proc/bus/usb husb: open device 4.4 husb: opened /proc/bus/usb/004/004 === begin dumping device descriptor data === 12 01 00 02 ff 00 00 08 29 05 01 00 21 03 01 02 00 01 09 02 14 00 01 01 00 80 19 09 04 00 00 00 ff 00 00 00 02 ff === end dumping device descriptor data === husb: claiming interfaces. config -1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need -1 husb: 1 interfaces claimed for configuration 1 husb: grabbed usb device 4.4 (qemu) husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 64 husb: submit ctrl. len 72 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 18 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x0 req 0x5 val 0x2 index 0 len 0 husb: ctrl set addr 2 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 20 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status -32 alen 0 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status -32 alen 0 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status -32 alen 0 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 64 husb: submit ctrl. len 72 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 18 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x0 req 0x5 val 0x4 index 0 len 0 husb: ctrl set addr 4 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 36 husb: submit ctrl. len 44 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 20 husb: ctrl type 0x0 req 0x9 val 0x1 index 0 len 0 husb: releasing interfaces husb: ctrl set config 1 ret 0 errno 11 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0xc0 req 0x80 val 0x21b9 index 0 len 7 husb: submit ctrl. len 15 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 7 husb: ctrl type 0xc0 req 0xa0 val 0x0 index 0 len 1 husb: submit ctrl. len 9 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 1 husb: ctrl type 0xc0 req 0xa1 val 0x3 index 0 len 8 husb: submit ctrl. len 16 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 8 husb: ctrl type 0xc0 req 0xa1 val 0x1 index 0 len 47 husb: submit ctrl. len 55 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 47 husb: ctrl type 0xc0 req 0xa2 val 0x0 index 0 len 1985 husb: submit ctrl. len 1993 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 1985 husb: ctrl type 0xc0 req 0xa1 val 0x1 index 0 len 47 husb: submit ctrl. len 55 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 47 husb: ctrl type 0xc0 req 0xa1 val 0x0 index 0 len 3 husb: submit ctrl. len 11 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 3 husb: ctrl type 0xc0 req 0xa1 val 0x1 index 0 len 47 husb: submit ctrl. len 55 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 47 husb: ctrl type 0x40 req 0x26 val 0xcaff index 2176 len 16 husb: submit ctrl. len 24 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 16 husb: ctrl type 0xc0 req 0xa6 val 0x0 index 0 len 33 husb: submit ctrl. len 41 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 33 husb: ctrl type 0x40 req 0x26 val 0xcdff index 2304 len 8 husb: submit ctrl. len 16 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 8 husb: ctrl type 0xc0 req 0xa6 val 0x0 index 0 len 17 husb: submit ctrl. len 25 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 17 husb: ctrl type 0x40 req 0x26 val 0xcbff index 2560 len 8 husb: submit ctrl. len 16 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 8 husb: ctrl type 0xc0 req 0xa6 val 0x0 index 0 len 17 husb: submit ctrl. len 25 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 17 husb: ctrl type 0xc0 req 0xa1 val 0x2 index 0 len 14 husb: submit ctrl. len 22 aurb 0x176ed10 husb: async completed. aurb 0x176ed10 status 0 alen 14 Segmentation fault (core dumped) % gdb /usr/local/bin/qemu-system-x86_64 core-qemu-system-x86-4848-1000-1000-11-1246698455 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... warning: core file may not match specified executable file. warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libm.so.6...done. [snip] Loaded symbols for /usr/lib/libXfixes.so.3 Core was generated by `qemu-system-x86_64 -no-acpi -hda /home/tomhal/WinXP_eng_32bit_kvm87.img -m 4096'. Program terminated with signal 11, Segmentation fault. [New process 4848] [New process 4854] [New process 4849] #0 0x00007f4868df01f3 in ?? () from /lib/libc.so.6 (gdb) info threads 3 process 4849 0x00007f4868e41977 in ioctl () from /lib/libc.so.6 2 process 4854 0x00007f4869d17ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 * 1 process 4848 0x00007f4868df01f3 in ?? () from /lib/libc.so.6 (gdb) thread 3 [Switching to thread 3 (process 4849)]#0 0x00007f4868e41977 in ioctl () from /lib/libc.so.6 (gdb) bt #0 0x00007f4868e41977 in ioctl () from /lib/libc.so.6 #1 0x000000000053f1b6 in kvm_run (vcpu=0x16d5550, env=0x16c32a0) at /usr/src/kvm-87/qemu-kvm.c:979 #2 0x000000000054052b in kvm_cpu_exec (env=0x16c32a0) at /usr/src/kvm-87/qemu-kvm.c:1745 #3 0x0000000000540bdd in kvm_main_loop_cpu (env=0x16c32a0) at /usr/src/kvm-87/qemu-kvm.c:1954 #4 0x0000000000540cfb in ap_main_loop (_env=0x16c32a0) at /usr/src/kvm-87/qemu-kvm.c:1989 #5 0x00007f4869d13f7a in start_thread () from /lib/libpthread.so.0 #6 0x00007f4868e48a4d in clone () from /lib/libc.so.6 #7 0x0000000000000000 in ?? () (gdb) thread 2 [Switching to thread 2 (process 4854)]#0 0x00007f4869d17ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 (gdb) bt #0 0x00007f4869d17ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #1 0x00000000004aa9ae in cond_timedwait (cond=0xbd3a60, mutex=0xbd3a20, ts=0x7f476577e080) at posix-aio-compat.c:68 #2 0x00000000004aaf96 in aio_thread (unused=0x0) at posix-aio-compat.c:301 #3 0x00007f4869d13f7a in start_thread () from /lib/libpthread.so.0 #4 0x00007f4868e48a4d in clone () from /lib/libc.so.6 #5 0x0000000000000000 in ?? () (gdb) thread 1 [Switching to thread 1 (process 4848)]#0 0x00007f4868df01f3 in ?? () from /lib/libc.so.6 (gdb) bt #0 0x00007f4868df01f3 in ?? () from /lib/libc.so.6 #1 0x00007f4868df1e88 in malloc () from /lib/libc.so.6 #2 0x00007f48674d6ed1 in ?? () from /usr/lib/libxcb.so.1 #3 0x00007f48674d7498 in xcb_poll_for_event () from /usr/lib/libxcb.so.1 #4 0x00007f486935a85d in ?? () from /usr/lib/libX11.so.6 #5 0x00007f486935b177 in _XEventsQueued () from /usr/lib/libX11.so.6 #6 0x00007f486933301a in XFlush () from /usr/lib/libX11.so.6 #7 0x00007f486968162d in ?? () from /usr/lib/libSDL-1.2.so.0 #8 0x00007f48696816eb in ?? () from /usr/lib/libSDL-1.2.so.0 #9 0x00007f48696556e0 in SDL_PumpEvents () from /usr/lib/libSDL-1.2.so.0 #10 0x00007f4869655b99 in SDL_PollEvent () from /usr/lib/libSDL-1.2.so.0 #11 0x00000000004f575d in sdl_refresh (ds=0x16dd7f0) at sdl.c:511 #12 0x000000000040d556 in dpy_refresh (s=0x16dd7f0) at /usr/src/kvm-87/console.h:215 #13 0x000000000040d4c3 in gui_update (opaque=0x16dd7f0) at /usr/src/kvm-87/vl.c:3572 #14 0x0000000000408fe2 in qemu_run_timers (ptimer_head=0xbd15a0, current_time=323489289) at /usr/src/kvm-87/vl.c:1260 #15 0x000000000040e0b9 in main_loop_wait (timeout=1000) at /usr/src/kvm-87/vl.c:4369 #16 0x00000000005410df in kvm_main_loop () at /usr/src/kvm-87/qemu-kvm.c:2139 #17 0x000000000040e56e in main_loop () at /usr/src/kvm-87/vl.c:4537 #18 0x0000000000411a6c in main (argc=15, argv=0x7fffb206cd78, envp=0x7fffb206cdf8) at /usr/src/kvm-87/vl.c:6419 (gdb)
Scenario: boot, issue "usb_add host:0529:0001" command (see note in debug output) in qemu monitor, select "Cancel" in Windows "Found new hardware" dialog, install the HASP SRM drivers, dumps core while "Aladdin HASP HL Key" new hardware pop-up box is still being displayed in lower right corner of screen (near end of driver installation procedure). % qemu-system-x86_64 -no-acpi -hda WinXP_eng_32bit_kvm87.img -m 4096 -net nic -net user -usb -monitor stdio -usbdevice tablet QEMU 0.10.50 monitor - type 'help' for more information (qemu) usb_add host:0529:0001 husb: opened /proc/bus/usb/devices husb: using proc file-system with /proc/bus/usb husb: open device 4.4 husb: opened /proc/bus/usb/004/004 === begin dumping device descriptor data === 12 01 00 02 ff 00 00 08 29 05 01 00 21 03 01 02 00 01 09 02 14 00 01 01 00 80 19 09 04 00 00 00 ff 00 00 00 02 ff === end dumping device descriptor data === husb: claiming interfaces. config -1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need -1 husb: 1 interfaces claimed for configuration 1 husb: grabbed usb device 4.4 (qemu) husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 64 husb: submit ctrl. len 72 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 18 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x0 req 0x5 val 0x2 index 0 len 0 husb: ctrl set addr 2 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 255 husb: submit ctrl. len 263 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 20 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status -32 alen 0 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status -32 alen 0 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status -32 alen 0 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 64 husb: submit ctrl. len 72 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 18 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x0 req 0x5 val 0x4 index 0 len 0 husb: ctrl set addr 4 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x3292f10 husb: async completed. aurb 0x3292f10 status 0 alen 32 [this is where I press "Cancel" in found new hardware dialog, and start installing the HASP SRM drivers] husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 36 husb: submit ctrl. len 44 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 20 husb: ctrl type 0x0 req 0x9 val 0x1 index 0 len 0 husb: releasing interfaces husb: ctrl set config 1 ret 0 errno 11 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0xc0 req 0x80 val 0x81b6 index 0 len 7 husb: submit ctrl. len 15 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 7 husb: ctrl type 0xc0 req 0xa0 val 0x0 index 0 len 1 husb: submit ctrl. len 9 aurb 0x2535cf0 husb: async completed. aurb 0x2535cf0 status 0 alen 1 husb: ctrl type 0xc0 req 0xa1 val 0x3 index 0 len 8 husb: submit ctrl. len 16 aurb 0x2535fa0 husb: async completed. aurb 0x2535fa0 status 0 alen 8 husb: ctrl type 0xc0 req 0xa1 val 0x1 index 0 len 47 husb: submit ctrl. len 55 aurb 0x2535fa0 husb: async completed. aurb 0x2535fa0 status 0 alen 47 husb: ctrl type 0xc0 req 0xa2 val 0x0 index 0 len 1985 husb: submit ctrl. len 1993 aurb 0x2535fa0 husb: async completed. aurb 0x2535fa0 status 0 alen 1985 Segmentation fault (core dumped) % gdb /usr/local/bin/qemu-system-x86_64 core-qemu-system-x86-4862-1000-1000-11-1246698865 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... warning: core file may not match specified executable file. warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libm.so.6...done. [snip] Loaded symbols for /usr/lib/libXfixes.so.3 Core was generated by `qemu-system-x86_64 -no-acpi -hda /home/tomhal/WinXP_eng_32bit_kvm87.img -m 4096'. Program terminated with signal 11, Segmentation fault. [New process 4862] [New process 4865] [New process 4863] #0 0x00000000004c1f62 in async_complete (opaque=0x2535010) at usb-linux.c:271 271 usb-linux.c: No such file or directory. in usb-linux.c (gdb) info threads 3 process 4863 0x00007fa04f56e977 in ioctl () from /lib/libc.so.6 2 process 4865 0x00007fa050444ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 * 1 process 4862 0x00000000004c1f62 in async_complete (opaque=0x2535010) at usb-linux.c:271 (gdb) thread 3 [Switching to thread 3 (process 4863)]#0 0x00007fa04f56e977 in ioctl () from /lib/libc.so.6 (gdb) bt #0 0x00007fa04f56e977 in ioctl () from /lib/libc.so.6 #1 0x000000000053f1b6 in kvm_run (vcpu=0x1e02550, env=0x1df02a0) at /usr/src/kvm-87/qemu-kvm.c:979 #2 0x000000000054052b in kvm_cpu_exec (env=0x1df02a0) at /usr/src/kvm-87/qemu-kvm.c:1745 #3 0x0000000000540bdd in kvm_main_loop_cpu (env=0x1df02a0) at /usr/src/kvm-87/qemu-kvm.c:1954 #4 0x0000000000540cfb in ap_main_loop (_env=0x1df02a0) at /usr/src/kvm-87/qemu-kvm.c:1989 #5 0x00007fa050440f7a in start_thread () from /lib/libpthread.so.0 #6 0x00007fa04f575a4d in clone () from /lib/libc.so.6 #7 0x0000000000000000 in ?? () (gdb) thread 2 [Switching to thread 2 (process 4865)]#0 0x00007fa050444ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 (gdb) bt #0 0x00007fa050444ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #1 0x00000000004aa9ae in cond_timedwait (cond=0xbd3a60, mutex=0xbd3a20, ts=0x7f9f4beab080) at posix-aio-compat.c:68 #2 0x00000000004aaf96 in aio_thread (unused=0x0) at posix-aio-compat.c:301 #3 0x00007fa050440f7a in start_thread () from /lib/libpthread.so.0 #4 0x00007fa04f575a4d in clone () from /lib/libc.so.6 #5 0x0000000000000000 in ?? () (gdb) thread 1 [Switching to thread 1 (process 4862)]#0 0x00000000004c1f62 in async_complete (opaque=0x2535010) at usb-linux.c:271 271 in usb-linux.c (gdb) bt #0 0x00000000004c1f62 in async_complete (opaque=0x2535010) at usb-linux.c:271 #1 0x000000000040def9 in main_loop_wait (timeout=1000) at /usr/src/kvm-87/vl.c:4329 #2 0x00000000005410df in kvm_main_loop () at /usr/src/kvm-87/qemu-kvm.c:2139 #3 0x000000000040e56e in main_loop () at /usr/src/kvm-87/vl.c:4537 #4 0x0000000000411a6c in main (argc=15, argv=0x7ffffd3879b8, envp=0x7ffffd387a38) at /usr/src/kvm-87/vl.c:6419 (gdb)
Scenario: boot, run "cat /sys/kernel/debug/usbmon/4u > /forensics/4.usbmon.out" as root on the host, issue "usb_add host:0529:0001" command (see note in debug output) in qemu monitor, select "Cancel" in Windows "Found new hardware" dialog, install the HASP SRM drivers, dumps core while "Aladdin HASP HL Key" new hardware pop-up box is still being displayed in lower right corner of screen (near end of driver installation procedure), Ctrl-C the usbmon dump. % qemu-system-x86_64 -no-acpi -hda WinXP_eng_32bit_kvm87.img -m 4096 -net nic -net user -usb -monitor stdio -usbdevice tablet QEMU 0.10.50 monitor - type 'help' for more information (qemu) usb_add host:0529:0001 husb: opened /proc/bus/usb/devices husb: using proc file-system with /proc/bus/usb husb: open device 4.4 husb: opened /proc/bus/usb/004/004 === begin dumping device descriptor data === 12 01 00 02 ff 00 00 08 29 05 01 00 21 03 01 02 00 01 09 02 14 00 01 01 00 80 19 09 04 00 00 00 ff 00 00 00 02 ff === end dumping device descriptor data === husb: claiming interfaces. config -1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need -1 husb: 1 interfaces claimed for configuration 1 husb: grabbed usb device 4.4 (qemu) husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 64 husb: submit ctrl. len 72 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 18 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x0 req 0x5 val 0x2 index 0 len 0 husb: ctrl set addr 2 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 255 husb: submit ctrl. len 263 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 20 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status -32 alen 0 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status -32 alen 0 husb: ctrl type 0x80 req 0x6 val 0x3ee index 0 len 18 husb: submit ctrl. len 26 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status -32 alen 0 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 64 husb: submit ctrl. len 72 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 18 husb: reset device 4.4 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0x0 req 0x5 val 0x4 index 0 len 0 husb: ctrl set addr 4 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x12b2840 husb: async completed. aurb 0x12b2840 status 0 alen 32 [this is where I press "Cancel" in found new hardware dialog, and start installing the HASP SRM drivers] husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x300 index 0 len 255 husb: submit ctrl. len 263 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 4 husb: ctrl type 0x80 req 0x6 val 0x302 index 1033 len 255 husb: submit ctrl. len 263 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 32 husb: ctrl type 0x80 req 0x6 val 0x100 index 0 len 18 husb: submit ctrl. len 26 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 18 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 9 husb: submit ctrl. len 17 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 9 husb: ctrl type 0x80 req 0x6 val 0x200 index 0 len 36 husb: submit ctrl. len 44 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 20 husb: ctrl type 0x0 req 0x9 val 0x1 index 0 len 0 husb: releasing interfaces husb: ctrl set config 1 ret 0 errno 11 husb: claiming interfaces. config 1 husb: i is 18, descr_len is 38, dl 9, dt 2 husb: config #1 need 1 husb: 1 interfaces claimed for configuration 1 husb: ctrl type 0xc0 req 0x80 val 0x522a index 0 len 7 husb: submit ctrl. len 15 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 7 husb: ctrl type 0xc0 req 0xa0 val 0x0 index 0 len 1 husb: submit ctrl. len 9 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 1 husb: ctrl type 0xc0 req 0xa1 val 0x3 index 0 len 8 husb: submit ctrl. len 16 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 8 husb: ctrl type 0xc0 req 0xa1 val 0x1 index 0 len 47 husb: submit ctrl. len 55 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 47 husb: ctrl type 0xc0 req 0xa2 val 0x0 index 0 len 1985 husb: submit ctrl. len 1993 aurb 0x23aefa0 husb: async completed. aurb 0x23aefa0 status 0 alen 1985 Segmentation fault (core dumped) % gdb /usr/local/bin/qemu-system-x86_64 core-qemu-system-x86-5118-1000-1000-11-1246700231 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... warning: core file may not match specified executable file. warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libm.so.6...done. [snip] Loaded symbols for /usr/lib/libXfixes.so.3 Core was generated by `qemu-system-x86_64 -no-acpi -hda /home/tomhal/WinXP_eng_32bit_kvm87.img -m 4096'. Program terminated with signal 11, Segmentation fault. [New process 5118] [New process 5119] [New process 5121] #0 0x0000000000502f39 in slirp_select_poll (readfds=0x7fffb914cc00, writefds=0x7fffb914cb80, xfds=0x7fffb914cb00) at slirp/slirp.c:540 540 slirp/slirp.c: No such file or directory. in slirp/slirp.c (gdb) info threads 3 process 5121 0x00007fb259986ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 2 process 5119 0x00007fb258ab0977 in ioctl () from /lib/libc.so.6 * 1 process 5118 0x0000000000502f39 in slirp_select_poll ( readfds=0x7fffb914cc00, writefds=0x7fffb914cb80, xfds=0x7fffb914cb00) at slirp/slirp.c:540 (gdb) thread 3 [Switching to thread 3 (process 5121)]#0 0x00007fb259986ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 (gdb) bt #0 0x00007fb259986ded in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #1 0x00000000004aa9ae in cond_timedwait (cond=0xbd3a60, mutex=0xbd3a20, ts=0x7fb1553ed080) at posix-aio-compat.c:68 #2 0x00000000004aaf96 in aio_thread (unused=0x0) at posix-aio-compat.c:301 #3 0x00007fb259982f7a in start_thread () from /lib/libpthread.so.0 #4 0x00007fb258ab7a4d in clone () from /lib/libc.so.6 #5 0x0000000000000000 in ?? () (gdb) thread 2 [Switching to thread 2 (process 5119)]#0 0x00007fb258ab0977 in ioctl () from /lib/libc.so.6 (gdb) bt #0 0x00007fb258ab0977 in ioctl () from /lib/libc.so.6 #1 0x000000000053f1b6 in kvm_run (vcpu=0x120f550, env=0x11fd2a0) at /usr/src/kvm-87/qemu-kvm.c:979 #2 0x000000000054052b in kvm_cpu_exec (env=0x11fd2a0) at /usr/src/kvm-87/qemu-kvm.c:1745 #3 0x0000000000540bdd in kvm_main_loop_cpu (env=0x11fd2a0) at /usr/src/kvm-87/qemu-kvm.c:1954 #4 0x0000000000540cfb in ap_main_loop (_env=0x11fd2a0) at /usr/src/kvm-87/qemu-kvm.c:1989 #5 0x00007fb259982f7a in start_thread () from /lib/libpthread.so.0 #6 0x00007fb258ab7a4d in clone () from /lib/libc.so.6 #7 0x0000000000000000 in ?? () (gdb) thread 1 [Switching to thread 1 (process 5118)]#0 0x0000000000502f39 in slirp_select_poll (readfds=0x7fffb914cc00, writefds=0x7fffb914cb80, xfds=0x7fffb914cb00) at slirp/slirp.c:540 540 in slirp/slirp.c (gdb) bt #0 0x0000000000502f39 in slirp_select_poll (readfds=0x7fffb914cc00, writefds=0x7fffb914cb80, xfds=0x7fffb914cb00) at slirp/slirp.c:540 #1 0x000000000040e020 in main_loop_wait (timeout=1000) at /usr/src/kvm-87/vl.c:4351 #2 0x00000000005410df in kvm_main_loop () at /usr/src/kvm-87/qemu-kvm.c:2139 #3 0x000000000040e56e in main_loop () at /usr/src/kvm-87/vl.c:4537 #4 0x0000000000411a6c in main (argc=15, argv=0x7fffb914d738, envp=0x7fffb914d7b8) at /usr/src/kvm-87/vl.c:6419 (gdb)
4.usbmon.out
Description: Binary data
