include/crypto/internal/poly1305.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
#syz test
---
include/crypto/internal/poly1305.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/crypto/internal/poly1305.h b/include/crypto/internal/poly1305.h
index a72fff409ab8..f6de53965319 100644
--- a/include/crypto/internal/poly1305.h
+++ b/include/crypto/internal/poly1305.h
@@ -8,6 +8,7 @@
#include <crypto/poly1305.h>
#include <linux/types.h>
+#include <linux/string.h>
/*
* Poly1305 core functions. These only accept whole blocks; the caller must
@@ -21,7 +22,8 @@ void poly1305_core_setkey(struct poly1305_core_key *key,
const u8 raw_key[POLY1305_BLOCK_SIZE]);
static inline void poly1305_core_init(struct poly1305_state *state)
{
- *state = (struct poly1305_state){};
+ //*state = (struct poly1305_state){};
+ memset(state, 0, sizeof(struct poly1305_state));
}
void poly1305_core_blocks(struct poly1305_state *state,
--
2.25.1Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: KMSAN: uninit-value in poly1305_blocks ===================================================== BUG: KMSAN: uninit-value in poly1305_blocks+0x1a9/0x5f0 lib/crypto/x86/poly1305.h:110 poly1305_blocks+0x1a9/0x5f0 lib/crypto/x86/poly1305.h:110 poly1305_update+0x169/0x400 lib/crypto/poly1305.c:50 poly_hash+0x9f3/0x1a00 crypto/chacha20poly1305.c:168 poly_genkey+0x3b6/0x450 crypto/chacha20poly1305.c:233 chacha_encrypt crypto/chacha20poly1305.c:269 [inline] chachapoly_encrypt+0x48a/0x5c0 crypto/chacha20poly1305.c:284 crypto_aead_encrypt+0xe2/0x160 crypto/aead.c:91 tls_do_encryption net/tls/tls_sw.c:582 [inline] tls_push_record+0x38c7/0x5810 net/tls/tls_sw.c:819 bpf_exec_tx_verdict+0x1a0c/0x26a0 net/tls/tls_sw.c:859 tls_sw_sendmsg_locked net/tls/tls_sw.c:1138 [inline] tls_sw_sendmsg+0x3401/0x4560 net/tls/tls_sw.c:1281 inet6_sendmsg+0x26c/0x2a0 net/ipv6/af_inet6.c:659 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0x145/0x3d0 net/socket.c:742 sock_write_iter+0x3a6/0x420 net/socket.c:1195 do_iter_readv_writev+0x9e1/0xc20 fs/read_write.c:-1 vfs_writev+0x52a/0x1500 fs/read_write.c:1057 do_writev+0x1b5/0x580 fs/read_write.c:1103 __do_sys_writev fs/read_write.c:1171 [inline] __se_sys_writev fs/read_write.c:1168 [inline] __x64_sys_writev+0x99/0xf0 fs/read_write.c:1168 x64_sys_call+0x24b1/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:21 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable desc created at: poly_hash+0x11d/0x1a00 crypto/chacha20poly1305.c:135 poly_genkey+0x3b6/0x450 crypto/chacha20poly1305.c:233 CPU: 1 UID: 0 PID: 6603 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(none) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 ===================================================== Tested on: commit: 6548d364 Merge tag 'cgroup-for-6.18-rc2-fixes' of git:.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11d40d2f980000 kernel config: https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265 dashboard link: https://syzkaller.appspot.com/bug?extid=01fcd39a0d90cdb0e3df compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 patch: https://syzkaller.appspot.com/x/patch.diff?x=14c58e7c580000
#syz test
---
lib/crypto/x86/poly1305.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/crypto/x86/poly1305.h b/lib/crypto/x86/poly1305.h
index ee92e3740a78..3b9f1024a18d 100644
--- a/lib/crypto/x86/poly1305.h
+++ b/lib/crypto/x86/poly1305.h
@@ -8,6 +8,7 @@
#include <linux/jump_label.h>
#include <linux/kernel.h>
#include <linux/sizes.h>
+#include <linux/string.h>
struct poly1305_arch_internal {
union {
@@ -86,6 +87,7 @@ static __ro_after_init DEFINE_STATIC_KEY_FALSE(poly1305_use_avx512);
static void poly1305_block_init(struct poly1305_block_state *state,
const u8 raw_key[POLY1305_BLOCK_SIZE])
{
+ memset(state, 0, sizeof(struct poly1305_block_state));
poly1305_init_x86_64(state, raw_key);
}
--
2.25.1Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-by: syzbot+01fcd39a0d90cdb0e3df@syzkaller.appspotmail.com Tested-by: syzbot+01fcd39a0d90cdb0e3df@syzkaller.appspotmail.com Tested on: commit: 6548d364 Merge tag 'cgroup-for-6.18-rc2-fixes' of git:.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1266fde2580000 kernel config: https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265 dashboard link: https://syzkaller.appspot.com/bug?extid=01fcd39a0d90cdb0e3df compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 patch: https://syzkaller.appspot.com/x/patch.diff?x=13b58e7c580000 Note: testing is done by a robot and is best-effort only.
On Tue, Oct 21, 2025 at 11:08:54AM +0800, Pei Xiao wrote:
> #syz test
> ---
> lib/crypto/x86/poly1305.h | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/lib/crypto/x86/poly1305.h b/lib/crypto/x86/poly1305.h
> index ee92e3740a78..3b9f1024a18d 100644
> --- a/lib/crypto/x86/poly1305.h
> +++ b/lib/crypto/x86/poly1305.h
> @@ -8,6 +8,7 @@
> #include <linux/jump_label.h>
> #include <linux/kernel.h>
> #include <linux/sizes.h>
> +#include <linux/string.h>
>
> struct poly1305_arch_internal {
> union {
> @@ -86,6 +87,7 @@ static __ro_after_init DEFINE_STATIC_KEY_FALSE(poly1305_use_avx512);
> static void poly1305_block_init(struct poly1305_block_state *state,
> const u8 raw_key[POLY1305_BLOCK_SIZE])
> {
> + memset(state, 0, sizeof(struct poly1305_block_state));
> poly1305_init_x86_64(state, raw_key);
> }
Please stop sending random patches to me. If you want to test
random patches, send it to syzbot only and not anyone else.
When you hit an uninitialised access in crypto code, it's usually
the caller at fault. So I suggest that you focus your energies
further up the stack.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
© 2016 - 2026 Red Hat, Inc.