public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks
@ 2025-10-20 21:07 syzbot
  2025-10-21  1:54 ` [PATCH] [patch] syz test Pei Xiao
  2025-10-21  8:35 ` [PATCH] syz test Pei Xiao
  0 siblings, 2 replies; 9+ messages in thread
From: syzbot @ 2025-10-20 21:07 UTC (permalink / raw)
  To: davem, herbert, linux-crypto, linux-kernel, syzkaller-bugs

Hello,

syzbot found the following issue on:

HEAD commit:    211ddde0823f Linux 6.18-rc2
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11af9734580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=01fcd39a0d90cdb0e3df
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11099492580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1096eb04580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c24dbd5a18/disk-211ddde0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4d12e20e76d7/vmlinux-211ddde0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9e4b9dd5db28/bzImage-211ddde0.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+01fcd39a0d90cdb0e3df@syzkaller.appspotmail.com

=====================================================
BUG: KMSAN: uninit-value in poly1305_blocks+0x1a9/0x5f0 lib/crypto/x86/poly1305.h:110
 poly1305_blocks+0x1a9/0x5f0 lib/crypto/x86/poly1305.h:110
 poly1305_update+0x169/0x400 lib/crypto/poly1305.c:50
 poly_hash+0x9f3/0x1a00 crypto/chacha20poly1305.c:168
 poly_genkey+0x3b6/0x450 crypto/chacha20poly1305.c:233
 chacha_encrypt crypto/chacha20poly1305.c:269 [inline]
 chachapoly_encrypt+0x48a/0x5c0 crypto/chacha20poly1305.c:284
 crypto_aead_encrypt+0xe2/0x160 crypto/aead.c:91
 tls_do_encryption net/tls/tls_sw.c:582 [inline]
 tls_push_record+0x38c7/0x5810 net/tls/tls_sw.c:819
 bpf_exec_tx_verdict+0x1a0c/0x26a0 net/tls/tls_sw.c:859
 tls_sw_sendmsg_locked net/tls/tls_sw.c:1138 [inline]
 tls_sw_sendmsg+0x3401/0x4560 net/tls/tls_sw.c:1281
 inet6_sendmsg+0x26c/0x2a0 net/ipv6/af_inet6.c:659
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x145/0x3d0 net/socket.c:742
 sock_write_iter+0x3a6/0x420 net/socket.c:1195
 do_iter_readv_writev+0x9e1/0xc20 fs/read_write.c:-1
 vfs_writev+0x52a/0x1500 fs/read_write.c:1057
 do_writev+0x1b5/0x580 fs/read_write.c:1103
 __do_sys_writev fs/read_write.c:1171 [inline]
 __se_sys_writev fs/read_write.c:1168 [inline]
 __x64_sys_writev+0x99/0xf0 fs/read_write.c:1168
 x64_sys_call+0x24b1/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:21
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable desc created at:
 poly_hash+0x11d/0x1a00 crypto/chacha20poly1305.c:135
 poly_genkey+0x3b6/0x450 crypto/chacha20poly1305.c:233

CPU: 1 UID: 0 PID: 6030 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [PATCH] [patch] syz test
  2025-10-20 21:07 [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
@ 2025-10-21  1:54 ` Pei Xiao
  2025-10-21  2:51   ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
  2025-10-21  8:35 ` [PATCH] syz test Pei Xiao
  1 sibling, 1 reply; 9+ messages in thread
From: Pei Xiao @ 2025-10-21  1:54 UTC (permalink / raw)
  To: syzbot+01fcd39a0d90cdb0e3df
  Cc: davem, herbert, linux-crypto, linux-kernel, syzkaller-bugs,
	Pei Xiao

#syz test
---
 include/crypto/internal/poly1305.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/crypto/internal/poly1305.h b/include/crypto/internal/poly1305.h
index a72fff409ab8..f6de53965319 100644
--- a/include/crypto/internal/poly1305.h
+++ b/include/crypto/internal/poly1305.h
@@ -8,6 +8,7 @@
 
 #include <crypto/poly1305.h>
 #include <linux/types.h>
+#include <linux/string.h>
 
 /*
  * Poly1305 core functions.  These only accept whole blocks; the caller must
@@ -21,7 +22,8 @@ void poly1305_core_setkey(struct poly1305_core_key *key,
 			  const u8 raw_key[POLY1305_BLOCK_SIZE]);
 static inline void poly1305_core_init(struct poly1305_state *state)
 {
-	*state = (struct poly1305_state){};
+	//*state = (struct poly1305_state){};
+	memset(state, 0, sizeof(struct poly1305_state));
 }
 
 void poly1305_core_blocks(struct poly1305_state *state,
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks
  2025-10-21  1:54 ` [PATCH] [patch] syz test Pei Xiao
@ 2025-10-21  2:51   ` syzbot
  2025-10-21  3:08     ` [PATCH] [patch] syz test Pei Xiao
  0 siblings, 1 reply; 9+ messages in thread
From: syzbot @ 2025-10-21  2:51 UTC (permalink / raw)
  To: davem, herbert, linux-crypto, linux-kernel, syzkaller-bugs,
	xiaopei01

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in poly1305_blocks

=====================================================
BUG: KMSAN: uninit-value in poly1305_blocks+0x1a9/0x5f0 lib/crypto/x86/poly1305.h:110
 poly1305_blocks+0x1a9/0x5f0 lib/crypto/x86/poly1305.h:110
 poly1305_update+0x169/0x400 lib/crypto/poly1305.c:50
 poly_hash+0x9f3/0x1a00 crypto/chacha20poly1305.c:168
 poly_genkey+0x3b6/0x450 crypto/chacha20poly1305.c:233
 chacha_encrypt crypto/chacha20poly1305.c:269 [inline]
 chachapoly_encrypt+0x48a/0x5c0 crypto/chacha20poly1305.c:284
 crypto_aead_encrypt+0xe2/0x160 crypto/aead.c:91
 tls_do_encryption net/tls/tls_sw.c:582 [inline]
 tls_push_record+0x38c7/0x5810 net/tls/tls_sw.c:819
 bpf_exec_tx_verdict+0x1a0c/0x26a0 net/tls/tls_sw.c:859
 tls_sw_sendmsg_locked net/tls/tls_sw.c:1138 [inline]
 tls_sw_sendmsg+0x3401/0x4560 net/tls/tls_sw.c:1281
 inet6_sendmsg+0x26c/0x2a0 net/ipv6/af_inet6.c:659
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x145/0x3d0 net/socket.c:742
 sock_write_iter+0x3a6/0x420 net/socket.c:1195
 do_iter_readv_writev+0x9e1/0xc20 fs/read_write.c:-1
 vfs_writev+0x52a/0x1500 fs/read_write.c:1057
 do_writev+0x1b5/0x580 fs/read_write.c:1103
 __do_sys_writev fs/read_write.c:1171 [inline]
 __se_sys_writev fs/read_write.c:1168 [inline]
 __x64_sys_writev+0x99/0xf0 fs/read_write.c:1168
 x64_sys_call+0x24b1/0x3e30 arch/x86/include/generated/asm/syscalls_64.h:21
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable desc created at:
 poly_hash+0x11d/0x1a00 crypto/chacha20poly1305.c:135
 poly_genkey+0x3b6/0x450 crypto/chacha20poly1305.c:233

CPU: 1 UID: 0 PID: 6603 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
=====================================================


Tested on:

commit:         6548d364 Merge tag 'cgroup-for-6.18-rc2-fixes' of git:..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d40d2f980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=01fcd39a0d90cdb0e3df
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14c58e7c580000


^ permalink raw reply	[flat|nested] 9+ messages in thread
* [PATCH] [patch] syz test
  2025-10-21  2:51   ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
@ 2025-10-21  3:08     ` Pei Xiao
  2025-10-21  3:12       ` Herbert Xu
  2025-10-21  4:46       ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
  0 siblings, 2 replies; 9+ messages in thread
From: Pei Xiao @ 2025-10-21  3:08 UTC (permalink / raw)
  To: syzbot+01fcd39a0d90cdb0e3df
  Cc: davem, herbert, linux-crypto, linux-kernel, syzkaller-bugs,
	xiaopei01

#syz test
---
 lib/crypto/x86/poly1305.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/crypto/x86/poly1305.h b/lib/crypto/x86/poly1305.h
index ee92e3740a78..3b9f1024a18d 100644
--- a/lib/crypto/x86/poly1305.h
+++ b/lib/crypto/x86/poly1305.h
@@ -8,6 +8,7 @@
 #include <linux/jump_label.h>
 #include <linux/kernel.h>
 #include <linux/sizes.h>
+#include <linux/string.h>
 
 struct poly1305_arch_internal {
 	union {
@@ -86,6 +87,7 @@ static __ro_after_init DEFINE_STATIC_KEY_FALSE(poly1305_use_avx512);
 static void poly1305_block_init(struct poly1305_block_state *state,
 				const u8 raw_key[POLY1305_BLOCK_SIZE])
 {
+	memset(state, 0, sizeof(struct poly1305_block_state));
 	poly1305_init_x86_64(state, raw_key);
 }
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [PATCH] [patch] syz test
  2025-10-21  3:08     ` [PATCH] [patch] syz test Pei Xiao
@ 2025-10-21  3:12       ` Herbert Xu
  2025-10-21  4:46       ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
  1 sibling, 0 replies; 9+ messages in thread
From: Herbert Xu @ 2025-10-21  3:12 UTC (permalink / raw)
  To: Pei Xiao
  Cc: syzbot+01fcd39a0d90cdb0e3df, davem, linux-crypto, linux-kernel,
	syzkaller-bugs

On Tue, Oct 21, 2025 at 11:08:54AM +0800, Pei Xiao wrote:
> #syz test
> ---
>  lib/crypto/x86/poly1305.h | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/lib/crypto/x86/poly1305.h b/lib/crypto/x86/poly1305.h
> index ee92e3740a78..3b9f1024a18d 100644
> --- a/lib/crypto/x86/poly1305.h
> +++ b/lib/crypto/x86/poly1305.h
> @@ -8,6 +8,7 @@
>  #include <linux/jump_label.h>
>  #include <linux/kernel.h>
>  #include <linux/sizes.h>
> +#include <linux/string.h>
>  
>  struct poly1305_arch_internal {
>  	union {
> @@ -86,6 +87,7 @@ static __ro_after_init DEFINE_STATIC_KEY_FALSE(poly1305_use_avx512);
>  static void poly1305_block_init(struct poly1305_block_state *state,
>  				const u8 raw_key[POLY1305_BLOCK_SIZE])
>  {
> +	memset(state, 0, sizeof(struct poly1305_block_state));
>  	poly1305_init_x86_64(state, raw_key);
>  }

Please stop sending random patches to me.  If you want to test
random patches, send it to syzbot only and not anyone else.

When you hit an uninitialised access in crypto code, it's usually
the caller at fault.  So I suggest that you focus your energies
further up the stack.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks
  2025-10-21  3:08     ` [PATCH] [patch] syz test Pei Xiao
  2025-10-21  3:12       ` Herbert Xu
@ 2025-10-21  4:46       ` syzbot
  1 sibling, 0 replies; 9+ messages in thread
From: syzbot @ 2025-10-21  4:46 UTC (permalink / raw)
  To: davem, herbert, linux-crypto, linux-kernel, syzkaller-bugs,
	xiaopei01

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+01fcd39a0d90cdb0e3df@syzkaller.appspotmail.com
Tested-by: syzbot+01fcd39a0d90cdb0e3df@syzkaller.appspotmail.com

Tested on:

commit:         6548d364 Merge tag 'cgroup-for-6.18-rc2-fixes' of git:..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1266fde2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=01fcd39a0d90cdb0e3df
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13b58e7c580000

Note: testing is done by a robot and is best-effort only.

^ permalink raw reply	[flat|nested] 9+ messages in thread
* [PATCH] syz test
@ 2025-10-21  8:35 ` Pei Xiao
  2025-10-21  8:46   ` Pei Xiao
  2025-10-21  9:21   ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
  0 siblings, 2 replies; 9+ messages in thread
From: Pei Xiao @ 2025-10-21  8:35 UTC (permalink / raw)
  To: syzbot+01fcd39a0d90cdb0e3df; +Cc: linux-kernel, Pei Xiao

#syz test
---
 lib/crypto/poly1305.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/crypto/poly1305.c b/lib/crypto/poly1305.c
index f313ccc4b4dd..25018e3fb487 100644
--- a/lib/crypto/poly1305.c
+++ b/lib/crypto/poly1305.c
@@ -13,6 +13,7 @@
 #include <linux/module.h>
 #include <linux/string.h>
 #include <linux/unaligned.h>
+#include <linux/kmsan.h>
 
 #ifdef CONFIG_CRYPTO_LIB_POLY1305_ARCH
 #include "poly1305.h" /* $(SRCARCH)/poly1305.h */
@@ -31,6 +32,7 @@ void poly1305_init(struct poly1305_desc_ctx *desc,
 	desc->s[3] = get_unaligned_le32(key + 28);
 	desc->buflen = 0;
 	poly1305_block_init(&desc->state, key);
+	kmsan_unpoison_memory(desc, sizeof(struct poly1305_desc_ctx));
 }
 EXPORT_SYMBOL(poly1305_init);
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread
* [PATCH] syz test
  2025-10-21  8:35 ` [PATCH] syz test Pei Xiao
@ 2025-10-21  8:46   ` Pei Xiao
  2025-10-21  9:21   ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
  1 sibling, 0 replies; 9+ messages in thread
From: Pei Xiao @ 2025-10-21  8:46 UTC (permalink / raw)
  To: syzbot+01fcd39a0d90cdb0e3df; +Cc: linux-kernel, syzkaller-bugs, Pei Xiao

#syz test
---
 lib/crypto/poly1305.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/crypto/poly1305.c b/lib/crypto/poly1305.c
index f313ccc4b4dd..25018e3fb487 100644
--- a/lib/crypto/poly1305.c
+++ b/lib/crypto/poly1305.c
@@ -13,6 +13,7 @@
 #include <linux/module.h>
 #include <linux/string.h>
 #include <linux/unaligned.h>
+#include <linux/kmsan.h>
 
 #ifdef CONFIG_CRYPTO_LIB_POLY1305_ARCH
 #include "poly1305.h" /* $(SRCARCH)/poly1305.h */
@@ -31,6 +32,7 @@ void poly1305_init(struct poly1305_desc_ctx *desc,
 	desc->s[3] = get_unaligned_le32(key + 28);
 	desc->buflen = 0;
 	poly1305_block_init(&desc->state, key);
+	kmsan_unpoison_memory(desc, sizeof(struct poly1305_desc_ctx));
 }
 EXPORT_SYMBOL(poly1305_init);
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks
  2025-10-21  8:35 ` [PATCH] syz test Pei Xiao
  2025-10-21  8:46   ` Pei Xiao
@ 2025-10-21  9:21   ` syzbot
  1 sibling, 0 replies; 9+ messages in thread
From: syzbot @ 2025-10-21  9:21 UTC (permalink / raw)
  To: linux-kernel, syzkaller-bugs, xiaopei01

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+01fcd39a0d90cdb0e3df@syzkaller.appspotmail.com
Tested-by: syzbot+01fcd39a0d90cdb0e3df@syzkaller.appspotmail.com

Tested on:

commit:         6548d364 Merge tag 'cgroup-for-6.18-rc2-fixes' of git:..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1287a3e2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bbd3e7f3c2e28265
dashboard link: https://syzkaller.appspot.com/bug?extid=01fcd39a0d90cdb0e3df
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1530cd42580000

Note: testing is done by a robot and is best-effort only.

^ permalink raw reply	[flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-10-21  9:21 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-20 21:07 [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
2025-10-21  1:54 ` [PATCH] [patch] syz test Pei Xiao
2025-10-21  2:51   ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
2025-10-21  3:08     ` [PATCH] [patch] syz test Pei Xiao
2025-10-21  3:12       ` Herbert Xu
2025-10-21  4:46       ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot
2025-10-21  8:35 ` [PATCH] syz test Pei Xiao
2025-10-21  8:46   ` Pei Xiao
2025-10-21  9:21   ` [syzbot] [crypto?] KMSAN: uninit-value in poly1305_blocks syzbot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox