kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 17716 Comm: syz-executor.1 Not tainted 4.14.146 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a3e20440 task.stack: ffff888055b48000
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:atomic_read arch/x86/include/asm/atomic.h:27 [inline]
RIP: 0010:refcount_sub_and_test+0x2b/0xf0 lib/refcount.c:179
RSP: 0018:ffff888055b4fb98 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888086481340 RCX: ffffffff84263c10
RDX: 0000000000000004 RSI: 0000000000000020 RDI: 0000000000000001
RBP: ffff888055b4fbc0 R08: 00000000f0a5e5e7 R09: ffff8880a3e20d08
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000020
R13: 0000000000000001 R14: ffff888086481354 R15: 0000000000000000
FS:  0000555556256940(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31924000 CR3: 00000000a08cd000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kobject: 'loop2' (ffff8880a4a391a0): kobject_uevent_env
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 refcount_dec_and_test+0x1b/0x20 lib/refcount.c:212
 vb2_vmalloc_put+0x18/0x70 drivers/media/v4l2-core/videobuf2-vmalloc.c:68
 __vb2_buf_mem_free+0x103/0x1e0 drivers/media/v4l2-core/videobuf2-core.c:240
 __vb2_free_mem drivers/media/v4l2-core/videobuf2-core.c:409 [inline]
 __vb2_queue_free+0x634/0x7d0 drivers/media/v4l2-core/videobuf2-core.c:454
 vb2_core_queue_release+0x64/0x80 drivers/media/v4l2-core/videobuf2-core.c:2043
 vb2_queue_release drivers/media/v4l2-core/videobuf2-v4l2.c:669 [inline]
 _vb2_fop_release+0x1cf/0x2a0 drivers/media/v4l2-core/videobuf2-v4l2.c:840
 vb2_fop_release+0x75/0xc0 drivers/media/v4l2-core/videobuf2-v4l2.c:854
 vivid_fop_release+0x180/0x3f0 drivers/media/platform/vivid/vivid-core.c:486
 v4l2_release+0xf9/0x190 drivers/media/v4l2-core/v4l2-dev.c:446
kobject: 'loop2' (ffff8880a4a391a0): fill_kobj_path: path = '/devices/virtual/block/loop2'
 __fput+0x275/0x7a0 fs/file_table.c:210
 ____fput+0x16/0x20 fs/file_table.c:244
 task_work_run+0x114/0x190 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x1da/0x220 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4bc/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x413711
RSP: 002b:00007ffd54f80710 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413711
RDX: 0000001b31b20000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000001 R08: 000000006e783fbb R09: 000000006e783fbf
R10: 00007ffd54f807f0 R11: 0000000000000293 R12: 000000000075bf20
R13: 0000000000056b2f R14: 0000000000761f38 R15: 000000000075bf2c
Code: 55 48 89 e5 41 56 41 55 41 89 fd 41 54 49 89 f4 53 48 
EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
83 ec 08 e8 76 5b 85 fe 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 e0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 
RIP: __read_once_size include/linux/compiler.h:183 [inline] RSP: ffff888055b4fb98
RIP: atomic_read arch/x86/include/asm/atomic.h:27 [inline] RSP: ffff888055b4fb98
RIP: refcount_sub_and_test+0x2b/0xf0 lib/refcount.c:179 RSP: ffff888055b4fb98
EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
kobject: 'loop0' (ffff88805cffe9e0): kobject_uevent_env
EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock
kobject: 'loop0' (ffff88805cffe9e0): fill_kobj_path: path = '/devices/virtual/block/loop0'
EXT4-fs (loop2): failed to open journal device unknown-block(0,0): -6
kobject: 'rx-0' (ffff88808c206e50): kobject_cleanup, parent ffff8880a5a74c48
kobject: 'loop3' (ffff8880a4a620e0): kobject_uevent_env
kobject: 'rx-0' (ffff88808c206e50): auto cleanup 'remove' event
kobject: 'loop3' (ffff8880a4a620e0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'rx-0' (ffff88808c206e50): kobject_uevent_env
kobject: 'loop2' (ffff8880a4a391a0): kobject_uevent_env
kobject: 'loop2' (ffff8880a4a391a0): fill_kobj_path: path = '/devices/virtual/block/loop2'
kobject: 'loop5' (ffff8880a4b121e0): kobject_uevent_env
kobject: 'rx-0' (ffff88808c206e50): kobject_uevent_env: uevent_suppress caused the event to drop!
kobject: 'loop5' (ffff8880a4b121e0): fill_kobj_path: path = '/devices/virtual/block/loop5'
kobject: 'rx-0' (ffff88808c206e50): auto cleanup kobject_del
caif:caif_disconnect_client(): nothing to disconnect
kobject: 'loop0' (ffff88805cffe9e0): kobject_uevent_env
kobject: 'rx-0' (ffff88808c206e50): calling ktype release
kobject: 'loop0' (ffff88805cffe9e0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'rx-0': free name
kobject: 'tx-0' (ffff888098de6798): kobject_cleanup, parent ffff8880a5a74c48
kobject: 'tx-0' (ffff888098de6798): auto cleanup 'remove' event
kobject: 'tx-0' (ffff888098de6798): kobject_uevent_env
kobject: 'tx-0' (ffff888098de6798): kobject_uevent_env: uevent_suppress caused the event to drop!
kobject: 'tx-0' (ffff888098de6798): auto cleanup kobject_del
kobject: 'loop3' (ffff8880a4a620e0): kobject_uevent_env
kobject: 'loop3' (ffff8880a4a620e0): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'tx-0' (ffff888098de6798): calling ktype release
kobject: 'loop4' (ffff8880a4a7c160): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a7c160): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880a5a74c48): kobject_cleanup, parent           (null)
kobject: 'queues' (ffff8880a5a74c48): calling ktype release
kobject: 'queues' (ffff8880a5a74c48): kset_release
kobject: 'queues': free name
caif:caif_disconnect_client(): nothing to disconnect
kobject: 'ip6gre0' (ffff8880907a1070): kobject_uevent_env
kobject: 'ip6gre0' (ffff8880907a1070): kobject_uevent_env: uevent_suppress caused the event to drop!
---[ end trace a670a9a37c2f1d09 ]---