From nobody@FreeBSD.org  Fri Jan  6 17:52:51 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 70FAF16A41F
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  6 Jan 2006 17:52:51 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E27943D46
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  6 Jan 2006 17:52:51 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k06Hqoui003161
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 6 Jan 2006 17:52:50 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k06Hqomx003140;
	Fri, 6 Jan 2006 17:52:50 GMT
	(envelope-from nobody)
Message-Id: <200601061752.k06Hqomx003140@www.freebsd.org>
Date: Fri, 6 Jan 2006 17:52:50 GMT
From: Nate Nielsen <nielsen@memberwebs.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Kernel panic when heavily loading crypto/hifn drivers
X-Send-Pr-Version: www-2.3

>Number:         91407
>Category:       kern
>Synopsis:       [crypto] [panic] Kernel panic when heavily loading crypto/hifn drivers
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 06 18:00:14 GMT 2006
>Closed-Date:    Sat Mar 10 13:17:57 UTC 2012
>Last-Modified:  Sat Mar 10 13:17:57 UTC 2012
>Originator:     Nate Nielsen
>Release:        FreeBSD 6.0
>Organization:
>Environment:
FreeBSD test-bsd.ws.local 6.0-RELEASE-p1 FreeBSD 6.0-RELEASE-p1 #0: Fri Jan  6 17:26:53 CST 2006     root@test-bsd.ws.local:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
I have a hifn 7955 card hardware crypto acellerator card in my system. The
'cryptotest' program (from tools) allows testing and loading of this card.

If I heavily load the card with ~500 simultaneous operations FreeBSD panics
(with a corrupt stack?):

Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0xc29a8248
fault code              = supervisor write, page not present
instruction pointer     = 0x20:0xc08058f6
stack pointer           = 0x28:0xde37ac5c
frame pointer           = 0x28:0xde37ac84
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 29 (irq18: hifn0 uhci2)
trap number             = 12
panic: page fault
Uptime: 1m24s
Dumping 767 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 767MB (196301 pages) 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15

#0  doadump () at pcpu.h:165
165             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) backtrace
#0  doadump () at pcpu.h:165
#1  0xc0638202 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0xc0638498 in panic (fmt=0xc084e5a2 "%s") at /usr/src/sys/kern/kern_shutdown.c:555
#3  0xc0807c30 in trap_fatal (frame=0xde37ac1c, eva=3264905800)
    at /usr/src/sys/i386/i386/trap.c:831
#4  0xc080799b in trap_pfault (frame=0xde37ac1c, usermode=0, eva=3264905800)
    at /usr/src/sys/i386/i386/trap.c:742
#5  0xc08075d9 in trap (frame=
      {tf_fs = 8, tf_es = -1041825752, tf_ds = -1036648408, tf_edi = -1030061496, tf_esi = -1030627336, tf_ebp = -566776700, tf_isp = -566776760, tf_ebx = 8, tf_edx = -1030627336, tf_ecx = 2, tf_eax = 565840, tf_trapno = 12, tf_err = 2, tf_eip = -1065330442, tf_cs = 32, tf_eflags = 66050, tf_esp = 8, tf_ss = -1033646980})
    at /usr/src/sys/i386/i386/trap.c:432
#6  0xc07f6dca in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc08058f6 in generic_bcopy () at /usr/src/sys/i386/i386/support.s:489
Previous frame inner to this frame (corrupt stack?)

>How-To-Repeat:
Run the following command: 

# time cryptotest -t 500 -a des 200 2048
>Fix:
              
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: jh 
State-Changed-When: Sat Mar 10 08:50:42 UTC 2012 
State-Changed-Why:  
Can you still reproduce this on recent FreeBSD versions? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91407 
State-Changed-From-To: feedback->closed 
State-Changed-By: jh 
State-Changed-When: Sat Mar 10 13:17:56 UTC 2012 
State-Changed-Why:  
Hardware is no longer available for testing. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91407 
>Unformatted:
