[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   14.536892] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.543834] random: sshd: uninitialized urandom read (32 bytes read)
[   16.808556] random: sshd: uninitialized urandom read (32 bytes read)
[   17.473990] random: sshd: uninitialized urandom read (32 bytes read)
[   25.881478] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts.
[   31.343997] random: sshd: uninitialized urandom read (32 bytes read)
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   31.489712] ------------[ cut here ]------------
[   31.494503] refcount_t: underflow; use-after-free.
[   31.499580] WARNING: CPU: 0 PID: 4380 at lib/refcount.c:189 refcount_sub_and_test+0x2e7/0x350
[   31.508213] Kernel panic - not syncing: panic_on_warn set ...
[   31.508213] 
[   31.515552] CPU: 0 PID: 4380 Comm: syz-executor587 Not tainted 4.18.0-rc3-next-20180706+ #1
[   31.524009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.533335] Call Trace:
[   31.535897]  dump_stack+0x1c9/0x2b4
[   31.539515]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.544690]  panic+0x238/0x4e7
[   31.547860]  ? add_taint.cold.5+0x16/0x16
[   31.551986]  ? __warn.cold.8+0x148/0x1ba
[   31.556031]  ? __warn.cold.8+0x117/0x1ba
[   31.560070]  ? refcount_sub_and_test+0x2e7/0x350
[   31.564801]  __warn.cold.8+0x163/0x1ba
[   31.568664]  ? refcount_sub_and_test+0x2e7/0x350
[   31.573396]  report_bug+0x252/0x2d0
[   31.576998]  do_error_trap+0x1fc/0x4d0
[   31.580861]  ? math_error+0x3e0/0x3e0
[   31.584639]  ? vprintk_default+0x28/0x30
[   31.588674]  ? vprintk_func+0x81/0xe7
[   31.592447]  ? printk+0xa7/0xcf
[   31.595703]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.600518]  do_invalid_op+0x1b/0x20
[   31.604205]  invalid_op+0x14/0x20
[   31.607633] RIP: 0010:refcount_sub_and_test+0x2e7/0x350
[   31.612964] Code: 89 de e8 9c 3e 1a fe 84 db 74 07 31 db e9 46 ff ff ff e8 bc 3d 1a fe 48 c7 c7 c0 61 1a 88 c6 05 1d e7 37 06 01 e8 e9 07 e5 fd <0f> 0b 31 db e9 25 ff ff ff 48 8b bd 28 ff ff ff 89 85 34 ff ff ff 
[   31.632080] RSP: 0018:ffff8801b3d17780 EFLAGS: 00010286
[   31.637421] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   31.644666] RDX: 0000000000000000 RSI: ffffffff81634381 RDI: ffff8801b3d17458
[   31.651908] RBP: ffff8801b3d17868 R08: ffff8801b6602580 R09: fffffbfff11f1260
[   31.659151] R10: fffffbfff11f1260 R11: ffffffff88f89303 R12: 00000000ffffffff
[   31.666396] R13: ffff8801b3d17840 R14: 0000000000000001 R15: ffff8801cd6a5c00
[   31.673648]  ? vprintk_func+0x81/0xe7
[   31.677430]  ? refcount_inc_not_zero+0x2f0/0x2f0
[   31.682171]  ? trace_hardirqs_off+0xd/0x10
[   31.686383]  ? _raw_spin_unlock_irqrestore+0x63/0xc0
[   31.691465]  refcount_dec_and_test+0x1a/0x20
[   31.695851]  smap_release_sock+0x76/0x320
[   31.699975]  ? sock_map_alloc+0x410/0x410
[   31.704098]  ? __kasan_slab_free+0x131/0x170
[   31.708483]  ? trace_hardirqs_on+0xd/0x10
[   31.712606]  sock_hash_ctx_update_elem.isra.27+0x8cb/0x1690
[   31.718291]  ? sock_map_free+0x530/0x530
[   31.722330]  ? __fget+0x4d5/0x740
[   31.725759]  ? ksys_dup3+0x690/0x690
[   31.729448]  ? trace_hardirqs_off+0xd/0x10
[   31.733659]  ? lock_acquire+0x1e4/0x540
[   31.737611]  ? fs_reclaim_acquire+0x20/0x20
[   31.741907]  ? lock_acquire+0x1e4/0x540
[   31.745858]  sock_hash_update_elem+0x157/0x2f0
[   31.750421]  ? bpf_sock_hash_update+0x90/0x90
[   31.754890]  ? lock_release+0xa30/0xa30
[   31.758844]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.764357]  ? bpf_sock_hash_update+0x90/0x90
[   31.768829]  map_update_elem+0x5c4/0xc90
[   31.772870]  __x64_sys_bpf+0x32d/0x510
[   31.776732]  ? bpf_prog_get+0x20/0x20
[   31.780508]  ? kasan_check_read+0x11/0x20
[   31.784635]  ? compat_start_thread+0x80/0x80
[   31.789019]  do_syscall_64+0x1b9/0x820
[   31.792894]  ? syscall_return_slowpath+0x5e0/0x5e0
[   31.797800]  ? syscall_return_slowpath+0x31d/0x5e0
[   31.802706]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   31.807696]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.812517]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.817679] RIP: 0033:0x445689
[   31.820842] Code: e8 3c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.839952] RSP: 002b:00007fea8b29ddb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   31.847640] RAX: ffffffffffffffda RBX: 00000000006dac3c RCX: 0000000000445689
[   31.854887] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000002
[   31.862149] RBP: 00000000006dac38 R08: 0000000000000000 R09: 0000000000000000
[   31.869399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   31.876643] R13: 00007ffd0fe4b6bf R14: 00007fea8b29e9c0 R15: 0000000000000005
[   31.884279] Dumping ftrace buffer:
[   31.887792]    (ftrace buffer empty)
[   31.891476] Kernel Offset: disabled
[   31.895079] Rebooting in 86400 seconds..