[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.826105] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.463488] random: sshd: uninitialized urandom read (32 bytes read)
[   22.833602] random: sshd: uninitialized urandom read (32 bytes read)
[   23.667541] random: sshd: uninitialized urandom read (32 bytes read)
[  494.845613] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts.
[  500.342056] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  500.596608] ------------[ cut here ]------------
[  500.601545] refcount_t: underflow; use-after-free.
[  500.606766] WARNING: CPU: 1 PID: 4530 at lib/refcount.c:187 refcount_sub_and_test+0x2e7/0x350
[  500.615415] Kernel panic - not syncing: panic_on_warn set ...
[  500.615415] 
[  500.622763] CPU: 1 PID: 4530 Comm: syz-executor169 Not tainted 4.18.0-rc3+ #1
[  500.630025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  500.639397] Call Trace:
[  500.642005]  dump_stack+0x1c9/0x2b4
[  500.645712]  ? dump_stack_print_info.cold.2+0x52/0x52
[  500.650900]  panic+0x238/0x4e7
[  500.654073]  ? add_taint.cold.5+0x16/0x16
[  500.658204]  ? __warn.cold.8+0x148/0x1ba
[  500.662258]  ? __warn.cold.8+0x117/0x1ba
[  500.666313]  ? refcount_sub_and_test+0x2e7/0x350
[  500.671049]  __warn.cold.8+0x163/0x1ba
[  500.674916]  ? refcount_sub_and_test+0x2e7/0x350
[  500.679748]  report_bug+0x252/0x2d0
[  500.683359]  do_error_trap+0x1fc/0x4d0
[  500.687318]  ? math_error+0x3e0/0x3e0
[  500.691107]  ? vprintk_default+0x28/0x30
[  500.695146]  ? vprintk_func+0x81/0xe7
[  500.698926]  ? printk+0xa7/0xcf
[  500.702188]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  500.707013]  do_invalid_op+0x1b/0x20
[  500.710748]  invalid_op+0x14/0x20
[  500.714182] RIP: 0010:refcount_sub_and_test+0x2e7/0x350
[  500.719519] Code: 89 de e8 2c b7 1c fe 84 db 74 07 31 db e9 46 ff ff ff e8 4c b6 1c fe 48 c7 c7 c0 40 1a 88 c6 05 36 66 3a 06 01 e8 19 d9 e7 fd <0f> 0b 31 db e9 25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff 
[  500.738689] RSP: 0018:ffff8801a8d0f780 EFLAGS: 00010286
[  500.744041] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  500.751297] RDX: 0000000000000000 RSI: ffffffff81631851 RDI: ffff8801a8d0f458
[  500.758546] RBP: ffff8801a8d0f868 R08: ffff8801d8f402c0 R09: 0000000000000006
[  500.765806] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff
[  500.773064] R13: ffff8801a8d0f840 R14: 0000000000000001 R15: ffff8801ce39ed00
[  500.780334]  ? vprintk_func+0x81/0xe7
[  500.784137]  ? refcount_inc_not_zero+0x2f0/0x2f0
[  500.788879]  ? graph_lock+0x170/0x170
[  500.792666]  refcount_dec_and_test+0x1a/0x20
[  500.797055]  smap_release_sock+0x76/0x320
[  500.801183]  ? sock_map_alloc+0x410/0x410
[  500.805326]  sock_hash_ctx_update_elem.isra.27+0x8cb/0x1690
[  500.811025]  ? sock_map_free+0x530/0x530
[  500.815084]  ? rcu_is_watching+0x8c/0x150
[  500.819213]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  500.823963]  ? __fget+0x414/0x670
[  500.827505]  ? expand_files.part.8+0x9c0/0x9c0
[  500.832074]  ? find_held_lock+0x36/0x1c0
[  500.836149]  sock_hash_update_elem+0x157/0x2f0
[  500.840715]  ? bpf_sock_hash_update+0x90/0x90
[  500.845202]  ? kasan_check_read+0x11/0x20
[  500.849340]  ? rcu_is_watching+0x8c/0x150
[  500.853587]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[  500.857992]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  500.863524]  ? bpf_sock_hash_update+0x90/0x90
[  500.868089]  map_update_elem+0x5c4/0xc90
[  500.872137]  __x64_sys_bpf+0x32d/0x510
[  500.876017]  ? bpf_prog_get+0x20/0x20
[  500.879811]  ? kasan_check_read+0x11/0x20
[  500.883996]  ? _raw_spin_unlock_irq+0x27/0x70
[  500.889102]  ? do_syscall_64+0x9a/0x820
[  500.893061]  do_syscall_64+0x1b9/0x820
[  500.896934]  ? syscall_return_slowpath+0x5e0/0x5e0
[  500.901865]  ? syscall_return_slowpath+0x31d/0x5e0
[  500.906805]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[  500.912155]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  500.916996]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  500.922167] RIP: 0033:0x445689
[  500.925335] Code: e8 3c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[  500.944823] RSP: 002b:00007f09f353fdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  500.952635] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445689
[  500.959943] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000002
[  500.968009] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[  500.975274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  500.982543] R13: 00007ffdb104596f R14: 00007f09f35409c0 R15: 0000000000000005
[  500.990491] Dumping ftrace buffer:
[  500.994138]    (ftrace buffer empty)
[  500.997842] Kernel Offset: disabled
[  501.001724] Rebooting in 86400 seconds..