Wait a minute, there are cases where this is required? Chacha20/Poly1305 is not one of them, right?
---
Another I have personally seen was using the session key for a Wegman Carter hash (such as Poly1305). I received an email suggesting I do just that in Monocypher, to avoid using up the beginning of the key stream. Didn't realise why this would lead to instant key recovery.
I have since littered my manual with scary tales of total annihilation of security.