From owner-freebsd-bugs@freebsd.org  Wed May 17 14:39:37 2017
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CB4FD70DC2
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Wed, 17 May 2017 14:39:37 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id DEAE5C08
 for <freebsd-bugs@FreeBSD.org>; Wed, 17 May 2017 14:39:36 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v4HEdadk065884
 for <freebsd-bugs@FreeBSD.org>; Wed, 17 May 2017 14:39:36 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 219356] Using AES-GCM with IPSEC with aesni module loaded
 panics FreeBSD 11 stable
Date: Wed, 17 May 2017 14:39:36 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: lab@gta.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-219356-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2017 14:39:37 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219356

            Bug ID: 219356
           Summary: Using AES-GCM with IPSEC with aesni module loaded
                    panics FreeBSD 11 stable
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: lab@gta.com

Created attachment 182666
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D182666&action=
=3Dedit
Core text file from panic

Using iperf to pass data between two hosts behind two FreeBSD gateways that
have an IPSec tunnel between them will panic gateway. The gateway that pani=
cs
os the one doing most of the decryption (gateway in front of iperf running =
in
server mode). I used iperf in UDP mode. Not sure if that is needed. If I use
11.0-RELEASE-p9 I do not see this issue.=20

I used strongswan to create IPSec tunnel between gateways. If duplicating, =
make
sure GCM option is turned on for strongswan.

Setkey -D shows:
172.16.72.71 172.16.73.67
        esp mode=3Dtunnel spi=3D3420721730(0xcbe41242) reqid=3D1(0x00000001)
        E: aes-gcm-16  83cc9338 e415ad69 340ecec3 1e698f52 c2b2dc8e 19687c70
192200ca 9c7564a8
 27bba7d2
        seq=3D0x00000001 replay=3D0 flags=3D0x00000000 state=3Dmature
        created: May 17 10:37:56 2017   current: May 17 10:38:01 2017
        diff: 5(s)      hard: 3600(s)   soft: 2935(s)
        last: May 17 10:37:57 2017      hard: 0(s)      soft: 0(s)
        current: 140(bytes)     hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=3D1 pid=3D808 refcnt=3D1
172.16.73.67 172.16.72.71
        esp mode=3Dtunnel spi=3D3464455471(0xce7f652f) reqid=3D1(0x00000001)
        E: aes-gcm-16  032a2b86 1f878f00 b7b09d0e f95233e1 14af88a4 f5e3ad11
380a9fa7 8afc3a01
 c72438bc
        seq=3D0x00000000 replay=3D4 flags=3D0x00000000 state=3Dmature
        created: May 17 10:37:56 2017   current: May 17 10:38:01 2017
        diff: 5(s)      hard: 3600(s)   soft: 2530(s)
        last: May 17 10:37:57 2017      hard: 0(s)      soft: 0(s)
        current: 84(bytes)      hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=3D0 pid=3D808 refcnt=3D1

--=20
You are receiving this mail because:
You are the assignee for the bug.=