[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   20.066995] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   24.701965] random: sshd: uninitialized urandom read (32 bytes read)
[   25.109152] random: sshd: uninitialized urandom read (32 bytes read)
[   25.938464] random: sshd: uninitialized urandom read (32 bytes read)
[   86.336159] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts.
[   91.832690] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   92.071446] ------------[ cut here ]------------
[   92.076630] refcount_t: underflow; use-after-free.
[   92.081785] WARNING: CPU: 0 PID: 4537 at lib/refcount.c:187 refcount_sub_and_test+0x2e7/0x350
[   92.090472] Kernel panic - not syncing: panic_on_warn set ...
[   92.090472] 
[   92.097870] CPU: 0 PID: 4537 Comm: syz-executor066 Not tainted 4.18.0-rc3+ #130
[   92.105430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.114806] Call Trace:
[   92.117409]  dump_stack+0x1c9/0x2b4
executing program
executing program
[   92.121080]  ? dump_stack_print_info.cold.2+0x52/0x52
[   92.126313]  panic+0x238/0x4e7
[   92.129531]  ? add_taint.cold.5+0x16/0x16
[   92.133717]  ? __warn.cold.8+0x148/0x1ba
[   92.137813]  ? __warn.cold.8+0x117/0x1ba
[   92.141900]  ? refcount_sub_and_test+0x2e7/0x350
[   92.146674]  __warn.cold.8+0x163/0x1ba
[   92.150576]  ? refcount_sub_and_test+0x2e7/0x350
[   92.155355]  report_bug+0x252/0x2d0
[   92.159000]  do_error_trap+0x1fc/0x4d0
[   92.162902]  ? math_error+0x3e0/0x3e0
[   92.166720]  ? vprintk_default+0x28/0x30
executing program
[   92.170799]  ? vprintk_func+0x81/0xe7
[   92.174616]  ? printk+0xa7/0xcf
[   92.177924]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   92.182791]  do_invalid_op+0x1b/0x20
[   92.186542]  invalid_op+0x14/0x20
[   92.190039] RIP: 0010:refcount_sub_and_test+0x2e7/0x350
[   92.195419] Code: 89 de e8 6c b6 1c fe 84 db 74 07 31 db e9 46 ff ff ff e8 8c b5 1c fe 48 c7 c7 c0 41 1a 88 c6 05 56 4a 3a 06 01 e8 59 d8 e7 fd <0f> 0b 31 db e9 25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff 
[   92.214961] RSP: 0018:ffff8801d8cd7780 EFLAGS: 00010286
executing program
[   92.220352] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   92.227652] RDX: 0000000000000000 RSI: ffffffff81631851 RDI: ffff8801d8cd7458
[   92.235042] RBP: ffff8801d8cd7868 R08: ffff8801ad296500 R09: 0000000000000006
[   92.242871] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffff
[   92.250291] R13: ffff8801d8cd7840 R14: 0000000000000001 R15: 0000000000000000
[   92.257864]  ? vprintk_func+0x81/0xe7
[   92.261699]  ? refcount_inc_not_zero+0x2f0/0x2f0
[   92.266469]  ? graph_lock+0x170/0x170
[   92.270313]  refcount_dec_and_test+0x1a/0x20
[   92.274743]  smap_release_sock+0x76/0x320
[   92.278916]  ? sock_map_alloc+0x410/0x410
[   92.283093]  sock_hash_ctx_update_elem.isra.27+0x8cb/0x1690
[   92.288845]  ? sock_map_free+0x530/0x530
[   92.292931]  ? rcu_is_watching+0x8c/0x150
[   92.297102]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[   92.301523]  ? __fget+0x414/0x670
[   92.304996]  ? expand_files.part.8+0x9c0/0x9c0
[   92.309700]  ? find_held_lock+0x36/0x1c0
[   92.313962]  sock_hash_update_elem+0x157/0x2f0
[   92.318571]  ? bpf_sock_hash_update+0x90/0x90
[   92.323105]  ? kasan_check_read+0x11/0x20
[   92.327279]  ? rcu_is_watching+0x8c/0x150
[   92.331459]  ? rcu_report_qs_rnp+0x7a0/0x7a0
[   92.335905]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   92.341559]  ? bpf_sock_hash_update+0x90/0x90
[   92.346091]  map_update_elem+0x5c4/0xc90
[   92.350174]  __x64_sys_bpf+0x32d/0x510
[   92.354089]  ? bpf_prog_get+0x20/0x20
[   92.357925]  ? kasan_check_read+0x11/0x20
[   92.362104]  ? do_syscall_64+0x9a/0x820
[   92.366115]  do_syscall_64+0x1b9/0x820
[   92.370048]  ? syscall_return_slowpath+0x5e0/0x5e0
[   92.375005]  ? syscall_return_slowpath+0x31d/0x5e0
[   92.379959]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   92.385345]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   92.390219]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.395450] RIP: 0033:0x4457d9
[   92.398639] Code: e8 3c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   92.417964] RSP: 002b:00007f7f2a6a8da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   92.425693] RAX: ffffffffffffffda RBX: 00000000006dac5c RCX: 00000000004457d9
[   92.432976] RDX: 0000000000000020 RSI: 0000000020000180 RDI: 0000000000000002
[   92.440273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   92.447556] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac58
[   92.455238] R13: ffffffffffffff65 R14: 00007f7f2a6a99c0 R15: 0000000000000007
[   92.463180] Dumping ftrace buffer:
[   92.467076]    (ftrace buffer empty)
[   92.470817] Kernel Offset: disabled
[   92.474483] Rebooting in 86400 seconds..