INFO: task syz-executor.3:10482 can't die for more than 143 seconds.
task:syz-executor.3  state:R  running task     stack:26552 pid:10482 ppid:  6552 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4983 [inline]
 __schedule+0xab2/0x4d90 kernel/sched/core.c:6293
 preempt_schedule_irq+0x4e/0x90 kernel/sched/core.c:6708
 irqentry_exit+0x31/0x80 kernel/entry/common.c:425
 asm_sysvec_reschedule_ipi+0x12/0x20 arch/x86/include/asm/idtentry.h:643
RIP: 0010:dump_stack_lvl+0x12c/0x134 lib/dump_stack.c:108
Code: 48 85 ed 74 0a e8 cd a2 68 f8 e8 d8 1e 33 00 e8 c3 a2 68 f8 31 ff 48 89 de e8 49 a5 68 f8 48 85 db 74 06 e8 af a2 68 f8 fb 5b <5d> 41 5c e9 a5 a2 68 f8 e8 a0 a2 68 f8 48 c7 c7 e0 0e 08 8a e9 bb
RSP: 0018:ffffc9000521f728 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 1ffff92000a43eea RCX: 0000000000000000
RDX: ffff88803cd98000 RSI: ffffffff890f30d1 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ff7cb2f
R10: ffffffff890f30c7 R11: 0000000000000000 R12: ffffffff8a080ee0
R13: ffff88803cd98000 R14: ffffffff89b74d60 R15: 0000000000000000
 warn_alloc.cold+0x87/0x17a mm/page_alloc.c:4221
 __vmalloc_area_node mm/vmalloc.c:2964 [inline]
 __vmalloc_node_range+0x883/0xab0 mm/vmalloc.c:3065
 __vmalloc_node mm/vmalloc.c:3114 [inline]
 __vmalloc+0x69/0x80 mm/vmalloc.c:3128
 __snd_dma_alloc_pages+0x50/0x90 sound/core/memalloc.c:39
 snd_dma_alloc_dir_pages+0x14d/0x240 sound/core/memalloc.c:73
 do_alloc_pages+0xc2/0x180 sound/core/pcm_memory.c:48
 snd_pcm_lib_malloc_pages+0x3e2/0x990 sound/core/pcm_memory.c:424
 snd_pcm_hw_params+0x1408/0x1990 sound/core/pcm_native.c:719
 snd_pcm_kernel_ioctl+0x164/0x310 sound/core/pcm_native.c:3372
 snd_pcm_oss_change_params_locked+0x1936/0x3a60 sound/core/oss/pcm_oss.c:947
 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1091 [inline]
 snd_pcm_oss_make_ready+0xe7/0x1b0 sound/core/oss/pcm_oss.c:1150
 snd_pcm_oss_sync+0x1de/0x800 sound/core/oss/pcm_oss.c:1717
 snd_pcm_oss_release+0x276/0x300 sound/core/oss/pcm_oss.c:2571
 __fput+0x286/0x9f0 fs/file_table.c:280
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
 exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f093278272b
RSP: 002b:00007ffce679ebc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f093278272b
RDX: 00007f09328e85d0 RSI: ffffffff89425fe1 RDI: 0000000000000004
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b2d3283c4
R10: 0000000000000b2f R11: 0000000000000293 R12: 000000000006d9fa
R13: 00000000000003e8 R14: 00007f09328e2f60 R15: 000000000006d047
 </TASK>
INFO: task syz-executor.1:10485 can't die for more than 144 seconds.
task:syz-executor.1  state:R  running task     stack:26552 pid:10485 ppid:  6548 flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4983 [inline]
 __schedule+0xab2/0x4d90 kernel/sched/core.c:6293
 preempt_schedule_irq+0x4e/0x90 kernel/sched/core.c:6708
 irqentry_exit+0x31/0x80 kernel/entry/common.c:425
 asm_sysvec_reschedule_ipi+0x12/0x20 arch/x86/include/asm/idtentry.h:643
RIP: 0010:dump_stack_lvl+0x12c/0x134 lib/dump_stack.c:108
Code: 48 85 ed 74 0a e8 cd a2 68 f8 e8 d8 1e 33 00 e8 c3 a2 68 f8 31 ff 48 89 de e8 49 a5 68 f8 48 85 db 74 06 e8 af a2 68 f8 fb 5b <5d> 41 5c e9 a5 a2 68 f8 e8 a0 a2 68 f8 48 c7 c7 e0 0e 08 8a e9 bb
RSP: 0018:ffffc900030bf728 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 1ffff92000617eea RCX: 0000000000000000
RDX: ffff88803e4b9d40 RSI: ffffffff890f30d1 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8ff7cb2f
R10: ffffffff890f30c7 R11: 0000000000000000 R12: ffffffff8a080ee0
R13: ffff88803e4b9d40 R14: ffffffff89b74d60 R15: 0000000000000000
 warn_alloc.cold+0x87/0x17a mm/page_alloc.c:4221
 __vmalloc_area_node mm/vmalloc.c:2964 [inline]
 __vmalloc_node_range+0x883/0xab0 mm/vmalloc.c:3065
 __vmalloc_node mm/vmalloc.c:3114 [inline]
 __vmalloc+0x69/0x80 mm/vmalloc.c:3128
 __snd_dma_alloc_pages+0x50/0x90 sound/core/memalloc.c:39
 snd_dma_alloc_dir_pages+0x14d/0x240 sound/core/memalloc.c:73
 do_alloc_pages+0xc2/0x180 sound/core/pcm_memory.c:48
 snd_pcm_lib_malloc_pages+0x3e2/0x990 sound/core/pcm_memory.c:424
 snd_pcm_hw_params+0x1408/0x1990 sound/core/pcm_native.c:719
 snd_pcm_kernel_ioctl+0x164/0x310 sound/core/pcm_native.c:3372
 snd_pcm_oss_change_params_locked+0x1936/0x3a60 sound/core/oss/pcm_oss.c:947
 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1091 [inline]
 snd_pcm_oss_make_ready+0xe7/0x1b0 sound/core/oss/pcm_oss.c:1150
 snd_pcm_oss_sync+0x1de/0x800 sound/core/oss/pcm_oss.c:1717
 snd_pcm_oss_release+0x276/0x300 sound/core/oss/pcm_oss.c:2571
 __fput+0x286/0x9f0 fs/file_table.c:280
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
 exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f2ea5afa72b
RSP: 002b:00007ffd1a0f9ed0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f2ea5afa72b
RDX: 00007f2ea5c60590 RSI: ffffffff89425fe1 RDI: 0000000000000004
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b2cf268f8
R10: 0000000000000b2f R11: 0000000000000293 R12: 000000000006dd3a
R13: 00000000000003e8 R14: 00007f2ea5c5af60 R15: 000000000006d084
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/27:
 #0: ffffffff8bb843e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6458
1 lock held by in:imklog/6238:
 #0: ffff88801e49c870 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:990
1 lock held by syz-executor.3/10482:
1 lock held by syz-executor.1/10485:
1 lock held by syz-executor.4/10524:
1 lock held by vivid-008-sdr-c/10532:

=============================================

----------------
Code disassembly (best guess):
   0:	48 85 ed             	test   %rbp,%rbp
   3:	74 0a                	je     0xf
   5:	e8 cd a2 68 f8       	callq  0xf868a2d7
   a:	e8 d8 1e 33 00       	callq  0x331ee7
   f:	e8 c3 a2 68 f8       	callq  0xf868a2d7
  14:	31 ff                	xor    %edi,%edi
  16:	48 89 de             	mov    %rbx,%rsi
  19:	e8 49 a5 68 f8       	callq  0xf868a567
  1e:	48 85 db             	test   %rbx,%rbx
  21:	74 06                	je     0x29
  23:	e8 af a2 68 f8       	callq  0xf868a2d7
  28:	fb                   	sti
  29:	5b                   	pop    %rbx
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	41 5c                	pop    %r12
  2d:	e9 a5 a2 68 f8       	jmpq   0xf868a2d7
  32:	e8 a0 a2 68 f8       	callq  0xf868a2d7
  37:	48 c7 c7 e0 0e 08 8a 	mov    $0xffffffff8a080ee0,%rdi
  3e:	e9                   	.byte 0xe9
  3f:	bb                   	.byte 0xbb