QAT_Engine
QAT_Engine copied to clipboard
intel
QAT_Engine occur SIGSEGV, Segmentation fault
Segmentation fault when visit https://cbc.badssl.com/
QAT_driver version
[root@localhost QAT]# cat versionfile
PACKAGE_TYPE=QAT1.7
PACKAGE_OS=L
PACKAGE_VERSION_MAJOR_NUMBER=4
PACKAGE_VERSION_MINOR_NUMBER=7
PACKAGE_VERSION_PATCH_NUMBER=0
PACKAGE_VERSION_BUILD_NUMBER=00006
QAT_Engine version
it just git clone from master, tag is v0.5.42
gdb bt
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffea70c700 (LWP 42010)]
0x00007fffebf79a71 in LacSymCb_ProcessCallback () from /opt/qat_driver/lib/libqat_s.so
(gdb) bt
#0 0x00007fffebf79a71 in LacSymCb_ProcessCallback () from /opt/qat_driver/lib/libqat_s.so
#1 0x00007fffebf96307 in adf_user_notify_msgs_poll () from /opt/qat_driver/lib/libqat_s.so
#2 0x00007fffebf91ab8 in adf_pollRing () from /opt/qat_driver/lib/libqat_s.so
#3 0x00007fffebf91e5f in icp_adf_pollInstance () from /opt/qat_driver/lib/libqat_s.so
#4 0x00007fffebf8a889 in icp_sal_CyPollInstance () from /opt/qat_driver/lib/libqat_s.so
#5 0x00007fffec21fb09 in timer_poll_func (ih=<optimized out>) at qat_polling.c:220
#6 0x00007ffff7bc6e65 in start_thread () from /lib64/libpthread.so.0
#7 0x00007ffff3bdb88d in clone () from /lib64/libc.so.6
(gdb) f 0
#0 0x00007fffebf79a71 in LacSymCb_ProcessCallback () from /opt/qat_driver/lib/libqat_s.so
(gdb) info local
No symbol table info available.
(gdb) info args
No symbol table info available.
(gdb) f 1
#1 0x00007fffebf96307 in adf_user_notify_msgs_poll () from /opt/qat_driver/lib/libqat_s.so
(gdb) info local
No symbol table info available.
(gdb) info args
No symbol table info available.
(gdb) f 2
#2 0x00007fffebf91ab8 in adf_pollRing () from /opt/qat_driver/lib/libqat_s.so
(gdb) info local
No symbol table info available.
(gdb) info args
No symbol table info available.
(gdb) f 3
#3 0x00007fffebf91e5f in icp_adf_pollInstance () from /opt/qat_driver/lib/libqat_s.so
(gdb) info local
No symbol table info available.
(gdb) info args
No symbol table info available.
(gdb) f 4
#4 0x00007fffebf8a889 in icp_sal_CyPollInstance () from /opt/qat_driver/lib/libqat_s.so
(gdb) info local
No symbol table info available.
(gdb) info args
No symbol table info available.
(gdb) f 5
#5 0x00007fffec21fb09 in timer_poll_func (ih=<optimized out>) at qat_polling.c:220
220 status = icp_sal_CyPollInstance(qat_instance_handles[inst_num], 0);
(gdb) info local
status = <optimized out>
inst_num = 0
req_time = {tv_sec = 0, tv_nsec = 10000}
rem_time = {tv_sec = 0, tv_nsec = 28591}
timeout_time = {tv_sec = 1, tv_nsec = 0}
retry_count = <optimized out>
sig = <optimized out>
eintr_count = 0
previous_time = {tv_sec = 0, tv_nsec = 0}
__func__ = "timer_poll_func"
(gdb) info args
ih = <optimized out>
(gdb) disas
Dump of assembler code for function timer_poll_func:
0x00007fffec21f8c0 <+0>: push %r15
0x00007fffec21f8c2 <+2>: lea 0x18cb7(%rip),%r9 # 0x7fffec238580 <__func__.20210>
0x00007fffec21f8c9 <+9>: lea 0x189c1(%rip),%rcx # 0x7fffec238291
0x00007fffec21f8d0 <+16>: lea 0x18b89(%rip),%rdx # 0x7fffec238460
0x00007fffec21f8d7 <+23>: mov $0xb1,%r8d
0x00007fffec21f8dd <+29>: mov $0x1,%esi
0x00007fffec21f8e2 <+34>: push %r14
0x00007fffec21f8e4 <+36>: push %r13
0x00007fffec21f8e6 <+38>: push %r12
0x00007fffec21f8e8 <+40>: push %rbp
0x00007fffec21f8e9 <+41>: push %rbx
0x00007fffec21f8ea <+42>: sub $0x78,%rsp
0x00007fffec21f8ee <+46>: mov 0x2225fb(%rip),%rax # 0x7fffec441ef0
0x00007fffec21f8f5 <+53>: movq $0x0,0x30(%rsp)
0x00007fffec21f8fe <+62>: movq $0x0,0x38(%rsp)
0x00007fffec21f907 <+71>: movq $0x0,0x40(%rsp)
0x00007fffec21f910 <+80>: movq $0x0,0x48(%rsp)
0x00007fffec21f919 <+89>: mov (%rax),%rdi
0x00007fffec21f91c <+92>: xor %eax,%eax
0x00007fffec21f91e <+94>: movq $0x0,0x50(%rsp)
0x00007fffec21f927 <+103>: movq $0x0,0x58(%rsp)
0x00007fffec21f930 <+112>: movq $0x0,0x60(%rsp)
0x00007fffec21f939 <+121>: movq $0x0,0x68(%rsp)
0x00007fffec21f942 <+130>: callq 0x7fffec21b480 <__fprintf_chk@plt>
0x00007fffec21f947 <+135>: mov 0x2225a2(%rip),%rax # 0x7fffec441ef0
0x00007fffec21f94e <+142>: mov (%rax),%rdi
0x00007fffec21f951 <+145>: callq 0x7fffec21ad80 <fflush@plt>
0x00007fffec21f956 <+150>: callq 0x7fffec21b1b0 <pthread_self@plt>
0x00007fffec21f95b <+155>: mov 0x2224d6(%rip),%rcx # 0x7fffec441e38
0x00007fffec21f962 <+162>: lea 0x18c17(%rip),%r9 # 0x7fffec238580 <__func__.20210>
0x00007fffec21f969 <+169>: lea 0x18b20(%rip),%rdx # 0x7fffec238490
0x00007fffec21f970 <+176>: mov $0xb5,%r8d
0x00007fffec21f976 <+182>: mov $0x1,%esi
0x00007fffec21f97b <+187>: mov %rax,(%rcx)
0x00007fffec21f97e <+190>: mov 0x222603(%rip),%rcx # 0x7fffec441f88
0x00007fffec21f985 <+197>: movl $0x1,(%rcx)
0x00007fffec21f98b <+203>: mov %rax,(%rsp)
0x00007fffec21f98f <+207>: lea 0x188fb(%rip),%rcx # 0x7fffec238291
0x00007fffec21f996 <+214>: mov 0x222553(%rip),%rax # 0x7fffec441ef0
0x00007fffec21f99d <+221>: mov (%rax),%rdi
0x00007fffec21f9a0 <+224>: xor %eax,%eax
0x00007fffec21f9a2 <+226>: callq 0x7fffec21b480 <__fprintf_chk@plt>
0x00007fffec21f9a7 <+231>: mov 0x222542(%rip),%rax # 0x7fffec441ef0
0x00007fffec21f9ae <+238>: mov (%rax),%rdi
0x00007fffec21f9b1 <+241>: callq 0x7fffec21ad80 <fflush@plt>
0x00007fffec21f9b6 <+246>: callq 0x7fffec21a320 <qat_get_sw_fallback_enabled@plt>
0x00007fffec21f9bb <+251>: test %eax,%eax
0x00007fffec21f9bd <+253>: jne 0x7fffec21fc52 <timer_poll_func+914>
0x00007fffec21f9c3 <+259>: lea 0x40(%rsp),%rax
0x00007fffec21f9c8 <+264>: mov 0x222541(%rip),%r12 # 0x7fffec441f10
0x00007fffec21f9cf <+271>: mov %rax,0x10(%rsp)
0x00007fffec21f9d4 <+276>: lea 0x30(%rsp),%rax
0x00007fffec21f9d9 <+281>: mov %rax,0x18(%rsp)
0x00007fffec21f9de <+286>: lea 0x60(%rsp),%rax
0x00007fffec21f9e3 <+291>: mov %rax,0x28(%rsp)
0x00007fffec21f9e8 <+296>: lea 0x50(%rsp),%rax
0x00007fffec21f9ed <+301>: mov %rax,0x20(%rsp)
0x00007fffec21f9f2 <+306>: nopw 0x0(%rax,%rax,1)
0x00007fffec21f9f8 <+312>: mov (%r12),%edi
0x00007fffec21f9fc <+316>: test %edi,%edi
0x00007fffec21f9fe <+318>: je 0x7fffec21fbde <timer_poll_func+798>
0x00007fffec21fa04 <+324>: mov 0x222535(%rip),%rbx # 0x7fffec441f40
0x00007fffec21fa0b <+331>: mov (%rbx),%esi
0x00007fffec21fa0d <+333>: test %esi,%esi
0x00007fffec21fa0f <+335>: jne 0x7fffec21faa0 <timer_poll_func+480>
0x00007fffec21fa15 <+341>: callq 0x7fffec21a320 <qat_get_sw_fallback_enabled@plt>
0x00007fffec21fa1a <+346>: test %eax,%eax
0x00007fffec21fa1c <+348>: jne 0x7fffec21fbc0 <timer_poll_func+768>
0x00007fffec21fa22 <+354>: movq $0x1,0x50(%rsp)
0x00007fffec21fa2b <+363>: movq $0x0,0x58(%rsp)
0x00007fffec21fa34 <+372>: mov $0x3,%ebp
0x00007fffec21fa39 <+377>: callq 0x7fffec21a260 <__errno_location@plt>
0x00007fffec21fa3e <+382>: mov 0x22259b(%rip),%r13 # 0x7fffec441fe0
0x00007fffec21fa45 <+389>: mov 0x20(%rsp),%r15
0x00007fffec21fa4a <+394>: mov %rax,%r14
0x00007fffec21fa4d <+397>: xor %esi,%esi
0x00007fffec21fa4f <+399>: mov %r15,%rdx
0x00007fffec21fa52 <+402>: mov %r13,%rdi
0x00007fffec21fa55 <+405>: callq 0x7fffec21a840 <sigtimedwait@plt>
---Type <return> to continue, or q <return> to quit---
0x00007fffec21fa5a <+410>: cmp $0xffffffff,%eax
0x00007fffec21fa5d <+413>: jne 0x7fffec21fab8 <timer_poll_func+504>
0x00007fffec21fa5f <+415>: cmpl $0x4,(%r14)
0x00007fffec21fa63 <+419>: jne 0x7fffec21fa6a <timer_poll_func+426>
0x00007fffec21fa65 <+421>: sub $0x1,%ebp
0x00007fffec21fa68 <+424>: jne 0x7fffec21fa4d <timer_poll_func+397>
0x00007fffec21fa6a <+426>: callq 0x7fffec21a320 <qat_get_sw_fallback_enabled@plt>
0x00007fffec21fa6f <+431>: test %eax,%eax
0x00007fffec21fa71 <+433>: je 0x7fffec21f9f8 <timer_poll_func+312>
0x00007fffec21fa73 <+435>: mov (%r14),%eax
0x00007fffec21fa76 <+438>: cmp $0x4,%eax
0x00007fffec21fa79 <+441>: je 0x7fffec21fa84 <timer_poll_func+452>
0x00007fffec21fa7b <+443>: cmp $0xb,%eax
0x00007fffec21fa7e <+446>: jne 0x7fffec21f9f8 <timer_poll_func+312>
0x00007fffec21fa84 <+452>: mov 0x28(%rsp),%rsi
0x00007fffec21fa89 <+457>: mov $0x4,%edi
0x00007fffec21fa8e <+462>: callq 0x7fffec21a4a0 <clock_gettime@plt>
0x00007fffec21fa93 <+467>: callq 0x7fffec21ac30 <poll_heartbeat@plt>
0x00007fffec21fa98 <+472>: jmpq 0x7fffec21f9f8 <timer_poll_func+312>
0x00007fffec21fa9d <+477>: nopl (%rax)
0x00007fffec21faa0 <+480>: callq 0x7fffec21a320 <qat_get_sw_fallback_enabled@plt>
0x00007fffec21faa5 <+485>: test %eax,%eax
0x00007fffec21faa7 <+487>: jne 0x7fffec21fbcf <timer_poll_func+783>
0x00007fffec21faad <+493>: nopl (%rax)
0x00007fffec21fab0 <+496>: callq 0x7fffec21a260 <__errno_location@plt>
0x00007fffec21fab5 <+501>: mov %rax,%r14
0x00007fffec21fab8 <+504>: mov 0x222501(%rip),%rax # 0x7fffec441fc0
0x00007fffec21fabf <+511>: mov 0x22237a(%rip),%rbp # 0x7fffec441e40
0x00007fffec21fac6 <+518>: mov (%rax),%eax
0x00007fffec21fac8 <+520>: cmpw $0x0,0x0(%rbp)
0x00007fffec21facd <+525>: mov %rax,0x38(%rsp)
0x00007fffec21fad2 <+530>: je 0x7fffec21fb24 <timer_poll_func+612>
0x00007fffec21fad4 <+532>: mov (%rbx),%ecx
0x00007fffec21fad6 <+534>: test %ecx,%ecx
0x00007fffec21fad8 <+536>: je 0x7fffec21fb24 <timer_poll_func+612>
0x00007fffec21fada <+538>: xor %r15d,%r15d
0x00007fffec21fadd <+541>: mov 0x22239c(%rip),%r13 # 0x7fffec441e80
0x00007fffec21fae4 <+548>: jmp 0x7fffec21faf6 <timer_poll_func+566>
0x00007fffec21fae6 <+550>: nopw %cs:0x0(%rax,%rax,1)
0x00007fffec21faf0 <+560>: mov (%rbx),%edx
0x00007fffec21faf2 <+562>: test %edx,%edx
0x00007fffec21faf4 <+564>: je 0x7fffec21fb24 <timer_poll_func+612>
0x00007fffec21faf6 <+566>: mov 0x0(%r13),%rax
0x00007fffec21fafa <+570>: movzwl %r15w,%edx
0x00007fffec21fafe <+574>: xor %esi,%esi
0x00007fffec21fb00 <+576>: mov (%rax,%rdx,8),%rdi
0x00007fffec21fb04 <+580>: callq 0x7fffec21a750 <icp_sal_CyPollInstance@plt>
=> 0x00007fffec21fb09 <+585>: test %eax,%eax
0x00007fffec21fb0b <+587>: jne 0x7fffec21fc66 <timer_poll_func+934>
0x00007fffec21fb11 <+593>: mov (%r12),%eax
0x00007fffec21fb15 <+597>: test %eax,%eax
0x00007fffec21fb17 <+599>: je 0x7fffec21fb24 <timer_poll_func+612>
0x00007fffec21fb19 <+601>: add $0x1,%r15d
0x00007fffec21fb1d <+605>: cmp %r15w,0x0(%rbp)
0x00007fffec21fb22 <+610>: ja 0x7fffec21faf0 <timer_poll_func+560>
0x00007fffec21fb24 <+612>: mov $0x6,%ebx
0x00007fffec21fb29 <+617>: mov 0x10(%rsp),%rbp
0x00007fffec21fb2e <+622>: mov 0x18(%rsp),%r13
0x00007fffec21fb33 <+627>: jmp 0x7fffec21fb4a <timer_poll_func+650>
0x00007fffec21fb35 <+629>: nopl (%rax)
0x00007fffec21fb38 <+632>: sub $0x1,%ebx
0x00007fffec21fb3b <+635>: je 0x7fffec21f9f8 <timer_poll_func+312>
0x00007fffec21fb41 <+641>: cmp $0x4,%eax
0x00007fffec21fb44 <+644>: jne 0x7fffec21f9f8 <timer_poll_func+312>
0x00007fffec21fb4a <+650>: mov %rbp,%rsi
0x00007fffec21fb4d <+653>: mov %r13,%rdi
0x00007fffec21fb50 <+656>: callq 0x7fffec21a760 <nanosleep@plt>
0x00007fffec21fb55 <+661>: mov 0x40(%rsp),%rax
0x00007fffec21fb5a <+666>: mov %rax,0x30(%rsp)
0x00007fffec21fb5f <+671>: mov 0x48(%rsp),%rax
0x00007fffec21fb64 <+676>: mov %rax,0x38(%rsp)
0x00007fffec21fb69 <+681>: mov (%r14),%eax
0x00007fffec21fb6c <+684>: test %eax,%eax
0x00007fffec21fb6e <+686>: jns 0x7fffec21fb38 <timer_poll_func+632>
0x00007fffec21fb70 <+688>: mov %eax,(%rsp)
0x00007fffec21fb73 <+691>: mov 0x222376(%rip),%rax # 0x7fffec441ef0
0x00007fffec21fb7a <+698>: lea 0x189ff(%rip),%r9 # 0x7fffec238580 <__func__.20210>
0x00007fffec21fb81 <+705>: lea 0x18709(%rip),%rcx # 0x7fffec238291
0x00007fffec21fb88 <+712>: lea 0x18939(%rip),%rdx # 0x7fffec2384c8
0x00007fffec21fb8f <+719>: mov $0xee,%r8d
---Type <return> to continue, or q <return> to quit---
0x00007fffec21fb95 <+725>: mov $0x1,%esi
0x00007fffec21fb9a <+730>: mov (%rax),%rdi
0x00007fffec21fb9d <+733>: xor %eax,%eax
0x00007fffec21fb9f <+735>: callq 0x7fffec21b480 <__fprintf_chk@plt>
0x00007fffec21fba4 <+740>: mov 0x222345(%rip),%rax # 0x7fffec441ef0
0x00007fffec21fbab <+747>: mov (%rax),%rdi
0x00007fffec21fbae <+750>: callq 0x7fffec21ad80 <fflush@plt>
0x00007fffec21fbb3 <+755>: jmpq 0x7fffec21f9f8 <timer_poll_func+312>
0x00007fffec21fbb8 <+760>: nopl 0x0(%rax,%rax,1)
0x00007fffec21fbc0 <+768>: mov 0x28(%rsp),%rdi
0x00007fffec21fbc5 <+773>: callq 0x7fffec21f660 <qat_poll_heartbeat_timer_expiry>
0x00007fffec21fbca <+778>: jmpq 0x7fffec21fa22 <timer_poll_func+354>
0x00007fffec21fbcf <+783>: mov 0x28(%rsp),%rdi
0x00007fffec21fbd4 <+788>: callq 0x7fffec21f660 <qat_poll_heartbeat_timer_expiry>
0x00007fffec21fbd9 <+793>: jmpq 0x7fffec21faad <timer_poll_func+493>
0x00007fffec21fbde <+798>: callq 0x7fffec21a500 <getpid@plt>
0x00007fffec21fbe3 <+803>: mov %eax,(%rsp)
0x00007fffec21fbe6 <+806>: mov 0x222303(%rip),%rax # 0x7fffec441ef0
0x00007fffec21fbed <+813>: lea 0x1898c(%rip),%r9 # 0x7fffec238580 <__func__.20210>
0x00007fffec21fbf4 <+820>: lea 0x18696(%rip),%rcx # 0x7fffec238291
0x00007fffec21fbfb <+827>: lea 0x18906(%rip),%rdx # 0x7fffec238508
0x00007fffec21fc02 <+834>: mov $0xf6,%r8d
0x00007fffec21fc08 <+840>: mov $0x1,%esi
0x00007fffec21fc0d <+845>: mov (%rax),%rdi
0x00007fffec21fc10 <+848>: xor %eax,%eax
0x00007fffec21fc12 <+850>: callq 0x7fffec21b480 <__fprintf_chk@plt>
0x00007fffec21fc17 <+855>: mov 0x2222d2(%rip),%rax # 0x7fffec441ef0
0x00007fffec21fc1e <+862>: mov (%rax),%rdi
0x00007fffec21fc21 <+865>: callq 0x7fffec21ad80 <fflush@plt>
0x00007fffec21fc26 <+870>: mov 0x22220b(%rip),%rax # 0x7fffec441e38
0x00007fffec21fc2d <+877>: movq $0x0,(%rax)
0x00007fffec21fc34 <+884>: mov 0x22234d(%rip),%rax # 0x7fffec441f88
0x00007fffec21fc3b <+891>: movl $0x0,(%rax)
0x00007fffec21fc41 <+897>: add $0x78,%rsp
0x00007fffec21fc45 <+901>: xor %eax,%eax
0x00007fffec21fc47 <+903>: pop %rbx
0x00007fffec21fc48 <+904>: pop %rbp
0x00007fffec21fc49 <+905>: pop %r12
0x00007fffec21fc4b <+907>: pop %r13
0x00007fffec21fc4d <+909>: pop %r14
0x00007fffec21fc4f <+911>: pop %r15
0x00007fffec21fc51 <+913>: retq
0x00007fffec21fc52 <+914>: lea 0x60(%rsp),%rsi
0x00007fffec21fc57 <+919>: mov $0x4,%edi
0x00007fffec21fc5c <+924>: callq 0x7fffec21a4a0 <clock_gettime@plt>
0x00007fffec21fc61 <+929>: jmpq 0x7fffec21f9c3 <timer_poll_func+259>
0x00007fffec21fc66 <+934>: cmp $0xfffffff9,%eax
0x00007fffec21fc69 <+937>: je 0x7fffec21fb11 <timer_poll_func+593>
0x00007fffec21fc6f <+943>: cmp $0xfffffffe,%eax
0x00007fffec21fc72 <+946>: je 0x7fffec21fb11 <timer_poll_func+593>
0x00007fffec21fc78 <+952>: mov %eax,(%rsp)
0x00007fffec21fc7b <+955>: mov 0x22226e(%rip),%rax # 0x7fffec441ef0
0x00007fffec21fc82 <+962>: lea 0x188f7(%rip),%r9 # 0x7fffec238580 <__func__.20210>
0x00007fffec21fc89 <+969>: lea 0x18601(%rip),%rcx # 0x7fffec238291
0x00007fffec21fc90 <+976>: lea 0x18781(%rip),%rdx # 0x7fffec238418
0x00007fffec21fc97 <+983>: mov $0xe0,%r8d
0x00007fffec21fc9d <+989>: mov $0x1,%esi
0x00007fffec21fca2 <+994>: mov (%rax),%rdi
0x00007fffec21fca5 <+997>: xor %eax,%eax
0x00007fffec21fca7 <+999>: callq 0x7fffec21b480 <__fprintf_chk@plt>
0x00007fffec21fcac <+1004>: mov 0x22223d(%rip),%rax # 0x7fffec441ef0
0x00007fffec21fcb3 <+1011>: mov (%rax),%rdi
0x00007fffec21fcb6 <+1014>: callq 0x7fffec21ad80 <fflush@plt>
0x00007fffec21fcbb <+1019>: jmpq 0x7fffec21fb11 <timer_poll_func+593>
End of assembler dump.
(gdb)
Hi @l-w-p Is this seg fault happened when using the nginx . Could you please give more information on the test steps to reproduce this issue ? Or check with the latest Nginx and Driver Version and see if its reproducible.
