[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.665456] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.031640] random: sshd: uninitialized urandom read (32 bytes read)
[   22.342380] random: sshd: uninitialized urandom read (32 bytes read)
[   23.180989] random: sshd: uninitialized urandom read (32 bytes read)
[   23.343897] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
[   28.883629] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
[   28.991932] device lo entered promiscuous mode
[   29.064254] ------------[ cut here ]------------
[   29.069140] refcount_t: underflow; use-after-free.
[   29.074294] WARNING: CPU: 0 PID: 4571 at lib/refcount.c:187 refcount_sub_and_test+0x2e7/0x350
[   29.082950] Kernel panic - not syncing: panic_on_warn set ...
[   29.082950] 
[   29.090314] CPU: 0 PID: 4571 Comm: syz-executor167 Not tainted 4.18.0-rc1+ #112
[   29.097760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.107107] Call Trace:
[   29.109695]  dump_stack+0x1c9/0x2b4
executing program
[   29.113346]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.118528]  panic+0x238/0x4e7
[   29.121718]  ? add_taint.cold.5+0x16/0x16
[   29.125874]  ? __warn.cold.8+0x148/0x1ba
[   29.129929]  ? __warn.cold.8+0x117/0x1ba
[   29.133976]  ? refcount_sub_and_test+0x2e7/0x350
[   29.138725]  __warn.cold.8+0x163/0x1ba
[   29.142593]  ? refcount_sub_and_test+0x2e7/0x350
[   29.147333]  report_bug+0x252/0x2d0
[   29.150946]  do_error_trap+0x1fc/0x4d0
[   29.154816]  ? do_raw_spin_unlock+0xa7/0x2f0
[   29.159232]  ? math_error+0x3f0/0x3f0
[   29.163019]  ? vprintk_default+0x28/0x30
[   29.167066]  ? vprintk_func+0x81/0xe7
[   29.170849]  ? printk+0xa7/0xcf
[   29.174118]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.178946]  do_invalid_op+0x1b/0x20
[   29.182646]  invalid_op+0x14/0x20
[   29.186084] RIP: 0010:refcount_sub_and_test+0x2e7/0x350
[   29.191436] Code: 89 de e8 2c c6 1c fe 84 db 74 07 31 db e9 46 ff ff ff e8 4c c5 1c fe 48 c7 c7 40 6e 1a 88 c6 05 26 4f 3a 06 01 e8 39 e5 e7 fd <0f> 0b 31 db e9 25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff 
[   29.210649] RSP: 0018:ffff8801d8cef800 EFLAGS: 00010282
[   29.215995] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   29.223252] RDX: 0000000000000000 RSI: ffffffff816318e1 RDI: ffff8801d8cef4d8
[   29.230504] RBP: ffff8801d8cef8e8 R08: ffff8801ac91a3c0 R09: 0000000000000006
[   29.237759] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff
[   29.245023] R13: ffff8801d8cef8c0 R14: 0000000000000001 R15: ffff8801acd55500
[   29.252289]  ? vprintk_func+0x81/0xe7
[   29.256078]  ? refcount_inc_not_zero+0x2f0/0x2f0
[   29.260817]  ? graph_lock+0x170/0x170
[   29.264616]  ? debug_check_no_obj_freed+0x30b/0x595
[   29.269613]  ? __lock_is_held+0xb5/0x140
[   29.273664]  refcount_dec_and_test+0x1a/0x20
[   29.278058]  smap_release_sock+0x76/0x300
[   29.282208]  ? free_htab_elem+0x40/0x40
[   29.286179]  sock_hash_ctx_update_elem.isra.24+0x89e/0x1580
[   29.291893]  ? smap_read_sock_strparser+0xcc0/0xcc0
[   29.297763]  ? __fget+0x414/0x670
[   29.301208]  ? expand_files.part.8+0x9c0/0x9c0
[   29.305778]  ? find_held_lock+0x36/0x1c0
[   29.309833]  sock_hash_update_elem+0x157/0x2f0
[   29.314400]  ? bpf_sock_hash_update+0x90/0x90
[   29.318882]  ? kasan_check_read+0x11/0x20
[   29.323016]  ? rcu_is_watching+0x8c/0x150
[   29.327152]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[   29.331547]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.337068]  ? bpf_sock_hash_update+0x90/0x90
[   29.341546]  map_update_elem+0x5c4/0xc90
[   29.345593]  __x64_sys_bpf+0x32d/0x510
[   29.349467]  ? bpf_prog_get+0x20/0x20
[   29.353253]  ? ksys_ioctl+0x81/0xd0
[   29.356863]  ? do_syscall_64+0x9a/0x820
[   29.360823]  do_syscall_64+0x1b9/0x820
[   29.364695]  ? syscall_return_slowpath+0x5e0/0x5e0
[   29.369613]  ? syscall_return_slowpath+0x31d/0x5e0
[   29.374530]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   29.379878]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.384720]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.389890] RIP: 0033:0x445a69
[   29.393494] Code: e8 3c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 51 00 00 c3 66 2e 0f 1f 84 00 00 00 00 
[   29.412745] RSP: 002b:00007ff77d9d3db8 EFLAGS: 00000293 ORIG_RAX: 0000000000000141
[   29.420442] RAX: ffffffffffffffda RBX: 00000000006dac94 RCX: 0000000000445a69
[   29.427700] RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002
[   29.434952] RBP: 00000000006dac90 R08: 0000000000000000 R09: 0000000000000000
[   29.442212] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   29.449469] R13: 00007fff6f3a3c3f R14: 00007ff77d9d49c0 R15: 0000000000000001
[   29.457504] Dumping ftrace buffer:
[   29.461143]    (ftrace buffer empty)
[   29.464842] Kernel Offset: disabled
[   29.468464] Rebooting in 86400 seconds..