This problem is reproducible at least with iproute2-{3.8.0,3.9.0,3.11.0} $ sudo LANG=C ip xfrm state add proto esp src 192.168.11.223 dst 192.168.11.211 spi 0xfcd97fca mode transport enc 'cbc(des3_ede)' 3a86494104869430429062ca *** buffer overflow detected ***: ip - terminated ip: buffer overflow attack in function <unknown> - terminated Report to http://bugs.gentoo.org/ Seems like it should be fixed by the following commit (I didn't test it yet): https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=99500b56d94dfa735a3d088fdbdde6c0c2638e78
Yes, that patch fixes the issue.
3.12.0 is in the tree now