UPDATE: This is NOT an OpenSSL bug. Root cause identified. Hardware: HP Pavilion 14-ec0xxx, Realtek RTL8852AE (rtw89_8852ae), AMD Ryzen 5 5500U, 16GB RAM, Ubuntu 26.04 (kernel 7.0.0-22-generic).
Root cause: AMD IOMMU running in DMA-FQ (flush queue) mode causes stale IOTLB entries during RX DMA buffer recycling in the rtw89 PCI WiFi driver. When applications use non-blocking I/O (poll/epoll → recvfrom), RX buffers are consumed and recycled in bursts. The IOMMU batches TLB invalidations via the flush queue, so the WiFi chip writes new packet data using stale IOMMU mappings — data lands in wrong memory, corrupting TLS records. The TLS MAC check catches the corruption and reports "bad record MAC." Evidence: - curl (OpenSSL, non-blocking I/O) → FAILS - Docker/containerd (Go crypto/tls, non-blocking I/O) → FAILS - wget (GnuTLS, blocking I/O) → works, full speed, 245MB+ transfers - python3 urllib (OpenSSL, blocking I/O) → works, 256MB transfer - openssl s_client (OpenSSL, blocking I/O) → works, full speed - curl over localhost (no WiFi/DMA) → works, 50MB verified by SHA256 Fix: Adding iommu=pt (passthrough mode) to kernel boot parameters permanently resolves the issue. This bypasses IOMMU address translation, eliminating the stale IOTLB problem. GRUB_CMDLINE_LINUX_DEFAULT="quiet splash iommu=pt" Alternative: iommu.strict=1 (keeps IOMMU active but disables lazy flush queue). This likely affects other Realtek RTL8852AE/BE users on AMD systems with IOMMU enabled in DMA-FQ mode (the default on modern kernels). Suggesting this bug be reassigned from openssl to the linux kernel package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2157062 Title: Large TLS downloads fail with "bad record MAC" — curl/apt fail, wget succeeds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2157062/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
