kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 19725 Comm: syz-executor.1 Not tainted 4.14.152 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8881d8f840c0 task.stack: ffff8881d8d48000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:atomic_read arch/x86/include/asm/atomic.h:27 [inline]
RIP: 0010:refcount_sub_and_test+0x2b/0xf0 lib/refcount.c:179
RSP: 0018:ffff8881d8d4f900 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880465367c0 RCX: ffffc9000885a000
RDX: 0000000000000004 RSI: ffffffff82d77e7a RDI: 0000000000000001
RBP: ffff8881d8d4f928 R08: 000000001defa8bc R09: ffff8881d8f84988
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000020
R13: 0000000000000001 R14: ffff8880465367d4 R15: 0000000000000000
FS:  00007fd460243700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000020a7a90 CR3: 00000001d82f7000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 refcount_dec_and_test+0x1b/0x20 lib/refcount.c:212
 vb2_vmalloc_put+0x18/0x70 drivers/media/v4l2-core/videobuf2-vmalloc.c:68
 __vb2_buf_mem_free+0x103/0x1e0 drivers/media/v4l2-core/videobuf2-core.c:240
 __vb2_free_mem drivers/media/v4l2-core/videobuf2-core.c:409 [inline]
 __vb2_queue_free+0x634/0x7d0 drivers/media/v4l2-core/videobuf2-core.c:454
 vb2_core_queue_release+0x64/0x80 drivers/media/v4l2-core/videobuf2-core.c:2043
 vb2_queue_release drivers/media/v4l2-core/videobuf2-v4l2.c:669 [inline]
 _vb2_fop_release+0x1cf/0x2a0 drivers/media/v4l2-core/videobuf2-v4l2.c:840
 vb2_fop_release+0x75/0xc0 drivers/media/v4l2-core/videobuf2-v4l2.c:854
 vivid_fop_release+0x180/0x3f0 drivers/media/platform/vivid/vivid-core.c:486
 v4l2_release+0xf9/0x190 drivers/media/v4l2-core/v4l2-dev.c:446
 __fput+0x275/0x7a0 fs/file_table.c:210
 ____fput+0x16/0x20 fs/file_table.c:244
 task_work_run+0x114/0x190 kernel/task_work.c:113
 get_signal+0x18a8/0x1cd0 kernel/signal.c:2220
 do_signal+0x86/0x19a0 arch/x86/kernel/signal.c:814
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
 exit_to_usermode_loop+0x15c/0x220 arch/x86/entry/common.c:160
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a219
RSP: 002b:00007fd460242c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000045a219
protocol 88fb is buggy, dev hsr_slave_0
RDX: 0000000020000100 RSI: 00000000c100565c RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4602436d4
R13: 00000000004c5875 R14: 00000000004da8d0 R15: 00000000ffffffff
Code: 
protocol 88fb is buggy, dev hsr_slave_1
55 48 89 e5 41 56 41 55 41 89 fd 41 54 49 89 f4 53 48 83 ec 08 e8 86 75 85 fe 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 e0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 
RIP: __read_once_size include/linux/compiler.h:183 [inline] RSP: ffff8881d8d4f900
RIP: atomic_read arch/x86/include/asm/atomic.h:27 [inline] RSP: ffff8881d8d4f900
RIP: refcount_sub_and_test+0x2b/0xf0 lib/refcount.c:179 RSP: ffff8881d8d4f900
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
---[ end trace c02c23172da92509 ]---