[....] Starting OpenBSD Secure Shell server: sshd[   18.525376] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.839489] random: sshd: uninitialized urandom read (32 bytes read)
[   23.192775] sshd (4472) used greatest stack depth: 16248 bytes left
[   23.208507] random: sshd: uninitialized urandom read (32 bytes read)
[   23.919117] random: sshd: uninitialized urandom read (32 bytes read)
[   24.072741] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
[   29.541808] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   29.628759] ==================================================================
[   29.636199] BUG: KASAN: null-ptr-deref in refcount_inc_not_zero+0x8f/0x2d0
[   29.643188] Read of size 4 at addr 0000000000000004 by task syzkaller821394/4488
[   29.650691] 
[   29.652301] CPU: 1 PID: 4488 Comm: syzkaller821394 Not tainted 4.17.0-rc1+ #12
[   29.659635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.668971] Call Trace:
[   29.671541]  dump_stack+0x1b9/0x294
[   29.675151]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.680321]  ? kasan_check_write+0x14/0x20
[   29.684533]  ? do_raw_spin_lock+0xc1/0x200
[   29.688746]  ? vprintk_func+0x81/0xe7
[   29.692528]  ? refcount_inc_not_zero+0x8f/0x2d0
[   29.697173]  kasan_report.cold.7+0x6d/0x2fe
[   29.701474]  check_memory_region+0x13e/0x1b0
[   29.705860]  kasan_check_read+0x11/0x20
[   29.709811]  refcount_inc_not_zero+0x8f/0x2d0
[   29.714288]  ? refcount_add_not_zero+0x320/0x320
[   29.719033]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.724035]  ? lock_sock_nested+0x9f/0x120
[   29.728251]  refcount_inc+0x15/0x70
[   29.731857]  llc_ui_release+0xba/0x2b0
[   29.735724]  ? fsnotify_first_mark+0x330/0x330
[   29.740285]  sock_release+0x96/0x1b0
[   29.743979]  ? sock_alloc_file+0x4e0/0x4e0
[   29.748193]  sock_close+0x16/0x20
[   29.751623]  __fput+0x34d/0x890
[   29.754881]  ? fput+0x1a0/0x1a0
[   29.758143]  ? _raw_spin_unlock_irq+0x27/0x70
[   29.762618]  ____fput+0x15/0x20
[   29.765876]  task_work_run+0x1e4/0x290
[   29.769743]  ? task_work_cancel+0x240/0x240
[   29.774049]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   29.779563]  ? switch_task_namespaces+0xa2/0xd0
[   29.784213]  do_exit+0x1aee/0x2730
[   29.787733]  ? mm_update_next_owner+0x980/0x980
[   29.792380]  ? kasan_kmalloc+0xc4/0xe0
[   29.796243]  ? kasan_slab_alloc+0x12/0x20
[   29.800367]  ? kmem_cache_alloc+0x12e/0x760
[   29.804667]  ? get_empty_filp+0x125/0x520
[   29.808792]  ? alloc_file+0x24/0x3e0
[   29.812484]  ? sock_alloc_file+0x1f3/0x4e0
[   29.816700]  ? __sys_socket+0x16f/0x250
[   29.820651]  ? __x64_sys_socket+0x73/0xb0
[   29.824779]  ? do_syscall_64+0x1b1/0x800
[   29.828818]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.834164]  ? find_held_lock+0x36/0x1c0
[   29.838205]  ? debug_mutex_init+0x1c/0x60
[   29.842331]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.847327]  ? graph_lock+0x170/0x170
[   29.851104]  ? lockdep_init_map+0x9/0x10
[   29.855144]  ? __mutex_init+0x1ef/0x280
[   29.859098]  ? find_held_lock+0x36/0x1c0
[   29.863165]  ? lock_downgrade+0x8e0/0x8e0
[   29.867296]  ? kasan_check_read+0x11/0x20
[   29.871449]  ? rcu_is_watching+0x85/0x140
[   29.875576]  ? __lock_is_held+0xb5/0x140
[   29.879617]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   29.884790]  ? __fd_install+0x2de/0x880
[   29.888745]  ? get_unused_fd_flags+0x190/0x190
[   29.893308]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   29.898821]  ? alloc_file+0x44/0x3e0
[   29.902514]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   29.908035]  ? sock_alloc_file+0x2a4/0x4e0
[   29.912250]  ? sock_release+0x1b0/0x1b0
[   29.916206]  ? get_unused_fd_flags+0x121/0x190
[   29.920769]  ? __alloc_fd+0x700/0x700
[   29.924549]  ? fd_install+0x4d/0x60
[   29.928155]  do_group_exit+0x16f/0x430
[   29.932031]  ? __ia32_sys_exit+0x50/0x50
[   29.936074]  ? do_syscall_64+0x92/0x800
[   29.940034]  __x64_sys_exit_group+0x3e/0x50
[   29.944332]  do_syscall_64+0x1b1/0x800
[   29.948199]  ? syscall_return_slowpath+0x5c0/0x5c0
[   29.953107]  ? syscall_return_slowpath+0x30f/0x5c0
[   29.958023]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   29.963371]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.968194]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.973361] RIP: 0033:0x43e878
[   29.976527] RSP: 002b:00007fffa13cebb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   29.984214] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e878
[   29.991461] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   29.998708] RBP: 00000000004be220 R08: 00000000000000e7 R09: ffffffffffffffd0
[   30.005956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   30.013203] R13: 00000000006cc160 R14: 0000000000000000 R15: 0000000000000000
[   30.020454] ==================================================================
[   30.027785] Disabling lock debugging due to kernel taint
[   30.033326] Kernel panic - not syncing: panic_on_warn set ...
[   30.033326] 
[   30.040688] CPU: 1 PID: 4488 Comm: syzkaller821394 Tainted: G    B             4.17.0-rc1+ #12
[   30.049409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.058735] Call Trace:
[   30.061302]  dump_stack+0x1b9/0x294
[   30.064908]  ? dump_stack_print_info.cold.2+0x52/0x52
[   30.070075]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.074810]  ? refcount_add_not_zero+0x320/0x320
[   30.079543]  panic+0x22f/0x4de
[   30.082711]  ? add_taint.cold.5+0x16/0x16
[   30.086840]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.091225]  ? do_raw_spin_unlock+0x9e/0x2e0
[   30.095611]  ? refcount_inc_not_zero+0x8f/0x2d0
[   30.100255]  kasan_end_report+0x47/0x4f
[   30.104206]  kasan_report.cold.7+0x76/0x2fe
[   30.108504]  check_memory_region+0x13e/0x1b0
[   30.112898]  kasan_check_read+0x11/0x20
[   30.116858]  refcount_inc_not_zero+0x8f/0x2d0
[   30.121333]  ? refcount_add_not_zero+0x320/0x320
[   30.126067]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.131063]  ? lock_sock_nested+0x9f/0x120
[   30.135276]  refcount_inc+0x15/0x70
[   30.138884]  llc_ui_release+0xba/0x2b0
[   30.142749]  ? fsnotify_first_mark+0x330/0x330
[   30.147311]  sock_release+0x96/0x1b0
[   30.151003]  ? sock_alloc_file+0x4e0/0x4e0
[   30.155219]  sock_close+0x16/0x20
[   30.158650]  __fput+0x34d/0x890
[   30.161910]  ? fput+0x1a0/0x1a0
[   30.165169]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.169640]  ____fput+0x15/0x20
[   30.172900]  task_work_run+0x1e4/0x290
[   30.176763]  ? task_work_cancel+0x240/0x240
[   30.181063]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   30.186577]  ? switch_task_namespaces+0xa2/0xd0
[   30.191224]  do_exit+0x1aee/0x2730
[   30.194741]  ? mm_update_next_owner+0x980/0x980
[   30.199392]  ? kasan_kmalloc+0xc4/0xe0
[   30.203254]  ? kasan_slab_alloc+0x12/0x20
[   30.207379]  ? kmem_cache_alloc+0x12e/0x760
[   30.211677]  ? get_empty_filp+0x125/0x520
[   30.215798]  ? alloc_file+0x24/0x3e0
[   30.219488]  ? sock_alloc_file+0x1f3/0x4e0
[   30.223697]  ? __sys_socket+0x16f/0x250
[   30.227646]  ? __x64_sys_socket+0x73/0xb0
[   30.231775]  ? do_syscall_64+0x1b1/0x800
[   30.235811]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.241156]  ? find_held_lock+0x36/0x1c0
[   30.245193]  ? debug_mutex_init+0x1c/0x60
[   30.249319]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.254312]  ? graph_lock+0x170/0x170
[   30.258089]  ? lockdep_init_map+0x9/0x10
[   30.262127]  ? __mutex_init+0x1ef/0x280
[   30.266076]  ? find_held_lock+0x36/0x1c0
[   30.270114]  ? lock_downgrade+0x8e0/0x8e0
[   30.274238]  ? kasan_check_read+0x11/0x20
[   30.278362]  ? rcu_is_watching+0x85/0x140
[   30.282484]  ? __lock_is_held+0xb5/0x140
[   30.286606]  ? rcu_bh_force_quiescent_state+0x20/0x20
[   30.291775]  ? __fd_install+0x2de/0x880
[   30.295724]  ? get_unused_fd_flags+0x190/0x190
[   30.300285]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.305796]  ? alloc_file+0x44/0x3e0
[   30.309488]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   30.315004]  ? sock_alloc_file+0x2a4/0x4e0
[   30.319220]  ? sock_release+0x1b0/0x1b0
[   30.323172]  ? get_unused_fd_flags+0x121/0x190
[   30.327728]  ? __alloc_fd+0x700/0x700
[   30.331506]  ? fd_install+0x4d/0x60
[   30.335111]  do_group_exit+0x16f/0x430
[   30.338976]  ? __ia32_sys_exit+0x50/0x50
[   30.343023]  ? do_syscall_64+0x92/0x800
[   30.346974]  __x64_sys_exit_group+0x3e/0x50
[   30.351273]  do_syscall_64+0x1b1/0x800
[   30.355136]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.360040]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.364948]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   30.370288]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.375107]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.380271] RIP: 0033:0x43e878
[   30.383436] RSP: 002b:00007fffa13cebb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   30.391118] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043e878
[   30.398361] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   30.405605] RBP: 00000000004be220 R08: 00000000000000e7 R09: ffffffffffffffd0
[   30.412851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   30.420094] R13: 00000000006cc160 R14: 0000000000000000 R15: 0000000000000000
[   30.427822] Dumping ftrace buffer:
[   30.431339]    (ftrace buffer empty)
[   30.435021] Kernel Offset: disabled
[   30.438624] Rebooting in 86400 seconds..