[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   14.887091] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.151748] random: sshd: uninitialized urandom read (32 bytes read)
[   17.314932] random: sshd: uninitialized urandom read (32 bytes read)
[   18.009651] random: sshd: uninitialized urandom read (32 bytes read)
[   18.170771] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
[   23.606181] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   23.801528] ------------[ cut here ]------------
[   23.806365] refcount_t: underflow; use-after-free.
[   23.811541] WARNING: CPU: 0 PID: 4437 at lib/refcount.c:187 refcount_sub_and_test+0x2e7/0x350
[   23.820199] Kernel panic - not syncing: panic_on_warn set ...
[   23.820199] 
[   23.827542] CPU: 0 PID: 4437 Comm: syz-executor494 Not tainted 4.18.0-rc3+ #48
[   23.834879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.844216] Call Trace:
[   23.846806]  dump_stack+0x1c9/0x2b4
[   23.850430]  ? dump_stack_print_info.cold.2+0x52/0x52
[   23.855643]  panic+0x238/0x4e7
[   23.858815]  ? add_taint.cold.5+0x16/0x16
[   23.862942]  ? __warn.cold.8+0x148/0x1ba
[   23.866982]  ? __warn.cold.8+0x117/0x1ba
[   23.871034]  ? refcount_sub_and_test+0x2e7/0x350
[   23.875770]  __warn.cold.8+0x163/0x1ba
[   23.879638]  ? refcount_sub_and_test+0x2e7/0x350
[   23.884374]  report_bug+0x252/0x2d0
[   23.888005]  do_error_trap+0x1fc/0x4d0
[   23.891889]  ? math_error+0x3e0/0x3e0
[   23.895673]  ? vprintk_default+0x28/0x30
[   23.899715]  ? vprintk_func+0x81/0xe7
[   23.903506]  ? printk+0xa7/0xcf
[   23.906773]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   23.911597]  do_invalid_op+0x1b/0x20
[   23.915290]  invalid_op+0x14/0x20
[   23.918730] RIP: 0010:refcount_sub_and_test+0x2e7/0x350
[   23.924076] Code: 89 de e8 ec c0 1c fe 84 db 74 07 31 db e9 46 ff ff ff e8 0c c0 1c fe 48 c7 c7 a0 41 1a 88 c6 05 cd 82 3a 06 01 e8 d9 e2 e7 fd <0f> 0b 31 db e9 25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff 
[   23.943194] RSP: 0018:ffff8801abf27780 EFLAGS: 00010286
[   23.948537] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   23.955783] RDX: 0000000000000000 RSI: ffffffff81631851 RDI: ffff8801abf27458
[   23.963036] RBP: ffff8801abf27868 R08: ffff8801abe0e4c0 R09: fffffbfff11f1220
[   23.970288] R10: fffffbfff11f1220 R11: ffffffff88f89103 R12: 00000000ffffffff
[   23.977535] R13: ffff8801abf27840 R14: 0000000000000001 R15: 0000000000000000
[   23.984794]  ? vprintk_func+0x81/0xe7
[   23.988579]  ? refcount_inc_not_zero+0x2f0/0x2f0
[   23.993318]  ? trace_hardirqs_off+0xd/0x10
[   23.997532]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   24.002617]  refcount_dec_and_test+0x1a/0x20
[   24.007008]  smap_release_sock+0x76/0x320
[   24.011142]  ? sock_map_alloc+0x410/0x410
[   24.015269]  ? __kasan_slab_free+0x131/0x170
[   24.019658]  ? trace_hardirqs_on+0xd/0x10
[   24.023797]  sock_hash_ctx_update_elem.isra.27+0x8cb/0x1690
[   24.029488]  ? sock_map_free+0x530/0x530
[   24.033527]  ? save_stack+0xa9/0xd0
[   24.037142]  ? __fget+0x414/0x670
[   24.040575]  ? expand_files.part.8+0x9c0/0x9c0
[   24.045140]  ? lock_acquire+0x1e4/0x540
[   24.049099]  ? fs_reclaim_acquire+0x20/0x20
[   24.053401]  ? lock_acquire+0x1e4/0x540
[   24.057357]  sock_hash_update_elem+0x157/0x2f0
[   24.061920]  ? bpf_sock_hash_update+0x90/0x90
[   24.066398]  ? lock_release+0xa30/0xa30
[   24.070357]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   24.075874]  ? bpf_sock_hash_update+0x90/0x90
[   24.080350]  map_update_elem+0x5c4/0xc90
[   24.084407]  __x64_sys_bpf+0x32d/0x510
[   24.088278]  ? bpf_prog_get+0x20/0x20
[   24.092065]  ? kasan_check_read+0x11/0x20
[   24.096195]  ? compat_start_thread+0x80/0x80
[   24.100585]  do_syscall_64+0x1b9/0x820
[   24.104460]  ? syscall_return_slowpath+0x5e0/0x5e0
[   24.109369]  ? syscall_return_slowpath+0x31d/0x5e0
[   24.114286]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   24.119283]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   24.124117]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   24.129284] RIP: 0033:0x445689
[   24.132450] Code: e8 3c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   24.151571] RSP: 002b:00007f89e24a9db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   24.159262] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445689
[   24.166510] RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002
[   24.173759] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[   24.181010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   24.188273] R13: 00007ffc6d5c336f R14: 00007f89e24aa9c0 R15: 0000000000000005
[   24.195987] Dumping ftrace buffer:
[   24.199505]    (ftrace buffer empty)
[   24.203192] Kernel Offset: disabled
[   24.206801] Rebooting in 86400 seconds..