Re: [syzbot] [crypto?] KMSAN: uninit-value in adiantum_crypt

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: syzbot <syzbot+703d8a2cd20971854b06@syzkaller.appspotmail.com>
Cc: davem@davemloft.net, herbert@gondor.apana.org.au,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [crypto?] KMSAN: uninit-value in adiantum_crypt
Date: Mon, 12 Jan 2026 11:39:02 -0800	[thread overview]
Message-ID: <20260112193902.GB1952@sol> (raw)
In-Reply-To: <692f9906.a70a0220.d98e3.01ae.GAE@google.com>

On Tue, Dec 02, 2025 at 05:57:26PM -0800, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    6cf62f0174de Merge tag 'char-misc-6.18-rc8' of git://git.k..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1727df42580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=61a9bf3cc5d17a01
> dashboard link: https://syzkaller.appspot.com/bug?extid=703d8a2cd20971854b06
> compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13bfa112580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=169e422c580000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/fb216361ff9c/disk-6cf62f01.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/eb55e25eb970/vmlinux-6cf62f01.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/5110f00a1a4e/bzImage-6cf62f01.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/7a62729c5268/mount_0.gz
>   fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=16dd8112580000)
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+703d8a2cd20971854b06@syzkaller.appspotmail.com
> 
> =====================================================
> BUG: KMSAN: uninit-value in subshift lib/crypto/aes.c:150 [inline]
> BUG: KMSAN: uninit-value in aes_encrypt+0x1239/0x1960 lib/crypto/aes.c:283
>  subshift lib/crypto/aes.c:150 [inline]
>  aes_encrypt+0x1239/0x1960 lib/crypto/aes.c:283
>  aesti_encrypt+0x7d/0xf0 crypto/aes_ti.c:31
>  cipher_crypt_one+0x120/0x2e0 crypto/cipher.c:75
>  crypto_cipher_encrypt_one+0x33/0x40 crypto/cipher.c:82
>  adiantum_crypt+0x939/0xe60 crypto/adiantum.c:383
>  adiantum_encrypt+0x33/0x40 crypto/adiantum.c:419
>  crypto_skcipher_encrypt+0x18a/0x1e0 crypto/skcipher.c:195
>  fscrypt_crypt_data_unit+0x38e/0x590 fs/crypto/crypto.c:139
>  fscrypt_encrypt_pagecache_blocks+0x430/0x900 fs/crypto/crypto.c:197

ext4 sometimes encrypts uninitialized memory.  Duplicate of already-
reported bug, see https://lore.kernel.org/r/20251210022202.GB4128@sol/

#syz dup: KMSAN: uninit-value in fscrypt_crypt_data_unit

- Eric

next prev parent reply	other threads:[~2026-01-12 19:39 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-03  1:57 [syzbot] [crypto?] KMSAN: uninit-value in adiantum_crypt syzbot
2025-12-13 22:47 ` Forwarded: [PATCH] crypto: adiantum: initialize rbuf.bignum to avoid KMSAN warning syzbot
2025-12-16 22:52 ` Forwarded: [PATCH] crypto: adiantum: initialize rbuf.bignum to fix KMSAN uninit-value bug syzbot
2025-12-22 15:57 ` Forwarded: Re: KMSAN: uninit-value in adiantum_crypt syzbot
2026-01-12 19:39 ` Eric Biggers [this message]
     [not found] <20251213224229.1116077-2-katharasasikumar007@gmail.com>
2025-12-13 23:35 ` [syzbot] [crypto?] " syzbot
     [not found] <20251216224902.104945-2-katharasasikumar007@gmail.com>
2025-12-16 23:21 ` syzbot
     [not found] <CAPqLRf0y3GkQbWnqdD3d9ncr3itTS_39evbHhtrD3E1p-Fyojg@mail.gmail.com>
2025-12-22 17:06 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260112193902.GB1952@sol \
    --to=ebiggers@kernel.org \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzbot+703d8a2cd20971854b06@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.