Bug ID 624325: Device error: crypto codec queue is stuck

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5

Opened: Oct 21, 2016
Severity: 3-Major

Symptoms

Under some stress conditions, the N3FIPS device in the 10350F platform may stop responding to requests and cause the following error logs to appear in /var/log/ltm.log: Oct 3 11:44:53 n3fips-1 crit tmm1[20259]: 01010025:2: Device error: crypto codec fips-crypto0-1 queue is stuck. Oct 3 11:44:53 n3fips-1 crit tmm9[20259]: 01010025:2: Device error: crypto codec fips-crypto0-9 queue is stuck. From this point on, the command "tmsh show sys crypto fips" will always return an error. As a result, the following SNMP trap will be generated: V2Trap(140) .1.3.6.1.2.1.1.3.0=12682 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.3375.2.4.0.156 .1.3.6.1.4.1.3375.2.4.1.1="Vendor init error: -36 FIPS device fault" .1.3.6.1.6.3.1.1.4.3.0=.1.3.6.1.4.1.3375.2.4

Impact

The unit can no longer process any FIPS related traffic and all FIPS operations will fail. Rebooting the unit will cause the FIPS device to disappear from the system and it will not find any supported FIPS devices.

Conditions

This is seen randomly under some stress conditions.

Workaround

Power cycling the unit will recover full FIPS functionality. This can be done by selecting "P --- Power on/off host subsystem" in the AOM Command Menu and then toggling the power state.

Fix Information

None

Behavior Change