================================
WARNING: inconsistent lock state
6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor.2/6736 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff888029943948 (&timer->lock){?.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888029943948 (&timer->lock){?.+.}-{2:2}, at: class_spinlock_constructor include/linux/spinlock.h:561 [inline]
ffff888029943948 (&timer->lock){?.+.}-{2:2}, at: snd_hrtimer_callback+0x4d/0x420 sound/core/hrtimer.c:38
{HARDIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5754 [inline]
  lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:351 [inline]
  class_spinlock_constructor include/linux/spinlock.h:561 [inline]
  snd_timer_close_locked+0x65/0xbd0 sound/core/timer.c:412
  snd_timer_close+0x8b/0xf0 sound/core/timer.c:464
  snd_seq_timer_close+0xa4/0x100 sound/core/seq/seq_timer.c:302
  queue_delete+0x49/0xa0 sound/core/seq/seq_queue.c:126
  snd_seq_queue_client_leave+0x37/0x1a0 sound/core/seq/seq_queue.c:543
  seq_free_client1.part.0+0x10a/0x260 sound/core/seq/seq_clientmgr.c:285
  seq_free_client1 sound/core/seq/seq_clientmgr.c:278 [inline]
  seq_free_client+0x74/0x170 sound/core/seq/seq_clientmgr.c:306
  snd_seq_release+0x50/0xe0 sound/core/seq/seq_clientmgr.c:387
  __fput+0x270/0xb80 fs/file_table.c:422
  __fput_sync+0x47/0x50 fs/file_table.c:507
  __do_sys_close fs/open.c:1556 [inline]
  __se_sys_close fs/open.c:1541 [inline]
  __x64_sys_close+0x86/0x100 fs/open.c:1541
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x6d/0x75
irq event stamp: 28394
hardirqs last  enabled at (28393): [<ffffffff81e7432a>] kasan_quarantine_put+0x10a/0x240 mm/kasan/quarantine.c:234
hardirqs last disabled at (28394): [<ffffffff8ad239ae>] sysvec_apic_timer_interrupt+0xe/0xb0 arch/x86/kernel/apic/apic.c:1043
softirqs last  enabled at (28384): [<ffffffff88b2115e>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last  enabled at (28384): [<ffffffff88b2115e>] qdisc_reset_all_tx_gt include/net/sch_generic.h:762 [inline]
softirqs last  enabled at (28384): [<ffffffff88b2115e>] netif_set_real_num_tx_queues+0x36e/0x880 net/core/dev.c:2907
softirqs last disabled at (28382): [<ffffffff88b2114e>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (28382): [<ffffffff88b2114e>] qdisc_reset_all_tx_gt include/net/sch_generic.h:760 [inline]
softirqs last disabled at (28382): [<ffffffff88b2114e>] netif_set_real_num_tx_queues+0x35e/0x880 net/core/dev.c:2907

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&timer->lock);
  <Interrupt>
    lock(&timer->lock);

 *** DEADLOCK ***

2 locks held by syz-executor.2/6736:
 #0: ffffffff8f2f63c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
 #0: ffffffff8f2f63c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xe60 net/core/rtnetlink.c:6592
 #1: ffffffff8f833c68 (uevent_sock_mutex){+.+.}-{3:3}, at: kobject_uevent_env+0x9c3/0x1830 lib/kobject_uevent.c:586

stack backtrace:
CPU: 0 PID: 6736 Comm: syz-executor.2 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_usage_bug kernel/locking/lockdep.c:3971 [inline]
 valid_state kernel/locking/lockdep.c:4013 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4216 [inline]
 mark_lock+0x923/0xc60 kernel/locking/lockdep.c:4678
 mark_usage kernel/locking/lockdep.c:4564 [inline]
 __lock_acquire+0x1359/0x3b30 kernel/locking/lockdep.c:5091
 lock_acquire kernel/locking/lockdep.c:5754 [inline]
 lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 class_spinlock_constructor include/linux/spinlock.h:561 [inline]
 snd_hrtimer_callback+0x4d/0x420 sound/core/hrtimer.c:38
 __run_hrtimer kernel/time/hrtimer.c:1692 [inline]
 __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756
 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x10f/0x410 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:filter_irq_stacks+0x24/0x90 kernel/stacktrace.c:397
Code: 90 90 90 90 90 90 f3 0f 1e fa 85 f6 74 61 53 31 c0 48 bb 00 00 00 00 00 fc ff df 48 83 ec 10 48 89 fa 48 c1 ea 03 80 3c 1a 00 <75> 4a 48 8b 17 48 81 fa 30 02 e0 8a 72 16 48 81 fa 70 16 e0 8a 73
RSP: 0018:ffffc9000358ece8 EFLAGS: 00000246
RAX: 0000000000000015 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: 1ffff920006b1dc2 RSI: 0000000000000018 RDI: ffffc9000358ee10
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000003 R12: 0000000000082cc0
R13: ffffc9000358ed68 R14: ffff888018ad6a00 R15: 0000000000000280
 stack_depot_save_flags+0x28/0x8f0 lib/stackdepot.c:650
 kasan_save_stack+0x42/0x60 mm/kasan/common.c:48
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:312 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:338
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3798 [inline]
 slab_alloc_node mm/slub.c:3845 [inline]
 kmem_cache_alloc_node+0x177/0x340 mm/slub.c:3888
 kmalloc_reserve+0x18b/0x2c0 net/core/skbuff.c:577
 __alloc_skb+0x164/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1318 [inline]
 alloc_uevent_skb+0x7d/0x210 lib/kobject_uevent.c:290
 uevent_net_broadcast_tagged lib/kobject_uevent.c:351 [inline]
 kobject_uevent_net_broadcast lib/kobject_uevent.c:412 [inline]
 kobject_uevent_env+0x1104/0x1830 lib/kobject_uevent.c:593
 __kobject_del+0x168/0x1f0 lib/kobject.c:601
 kobject_cleanup lib/kobject.c:680 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x31c/0x5b0 lib/kobject.c:737
 net_rx_queue_update_kobjects+0x478/0x5f0 net/core/net-sysfs.c:1174
 netif_set_real_num_rx_queues+0x169/0x210 net/core/dev.c:2941
 veth_init_queues+0x151/0x190 drivers/net/veth.c:1777
 veth_newlink+0x546/0xa10 drivers/net/veth.c:1889
 rtnl_newlink_create net/core/rtnetlink.c:3494 [inline]
 __rtnl_newlink+0x1197/0x1960 net/core/rtnetlink.c:3714
 rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3727
 rtnetlink_rcv_msg+0x3c7/0xe60 net/core/rtnetlink.c:6595
 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2559
 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
 netlink_unicast+0x542/0x820 net/netlink/af_netlink.c:1361
 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1905
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 __sys_sendto+0x47f/0x4e0 net/socket.c:2191
 __do_sys_sendto net/socket.c:2203 [inline]
 __se_sys_sendto net/socket.c:2199 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2199
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fac2b07fb5c
Code: 1a 51 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 60 51 02 00 48 8b
RSP: 002b:00007ffde4cf4620 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fac2bcd4620 RCX: 00007fac2b07fb5c
RDX: 000000000000006c RSI: 00007fac2bcd4670 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007ffde4cf4674 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fac2bcd4670 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	f3 0f 1e fa          	endbr64
   a:	85 f6                	test   %esi,%esi
   c:	74 61                	je     0x6f
   e:	53                   	push   %rbx
   f:	31 c0                	xor    %eax,%eax
  11:	48 bb 00 00 00 00 00 	movabs $0xdffffc0000000000,%rbx
  18:	fc ff df
  1b:	48 83 ec 10          	sub    $0x10,%rsp
  1f:	48 89 fa             	mov    %rdi,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	80 3c 1a 00          	cmpb   $0x0,(%rdx,%rbx,1)
* 2a:	75 4a                	jne    0x76 <-- trapping instruction
  2c:	48 8b 17             	mov    (%rdi),%rdx
  2f:	48 81 fa 30 02 e0 8a 	cmp    $0xffffffff8ae00230,%rdx
  36:	72 16                	jb     0x4e
  38:	48 81 fa 70 16 e0 8a 	cmp    $0xffffffff8ae01670,%rdx
  3f:	73                   	.byte 0x73