This seems to be related to the way hisi_sec2 implements aead, specifically with authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)) and authenc(hmac(sha512),cbc(aes)). Other aead algorithms seem to work fine as they don't rely on this module.
Notice that net:xfrm_policy.sh also fails similarly on this node, as it also uses aes and sha1. See LP #2011414.
When running either net:vrf-xfrm-tests.sh or net:xfrm_policy.sh, we get the same output from dmesg:
`hisi_sec2 0000:76:00.0: flag[3], icv[2]`, showing that something is off with the integrity check value.
This seems to be related to the way hisi_sec2 implements aead, specifically with authenc( hmac(sha1) ,cbc(aes) ), authenc( hmac(sha256) ,cbc(aes) ) and authenc( hmac(sha512) ,cbc(aes) ). Other aead algorithms seem to work fine as they don't rely on this module.
Notice that net:xfrm_policy.sh also fails similarly on this node, as it also uses aes and sha1. See LP #2011414. xfrm-tests. sh or net:xfrm_policy.sh, we get the same output from dmesg:
When running either net:vrf-
`hisi_sec2 0000:76:00.0: flag[3], icv[2]`, showing that something is off with the integrity check value.