================================
WARNING: inconsistent lock state
6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted
--------------------------------
inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
syz-executor.3/6340 [HC1[1]:SC0[0]:HE0:SE1] takes:
ffff888026657948 (&timer->lock){?.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff888026657948 (&timer->lock){?.+.}-{2:2}, at: class_spinlock_constructor include/linux/spinlock.h:561 [inline]
ffff888026657948 (&timer->lock){?.+.}-{2:2}, at: snd_hrtimer_callback+0x4d/0x420 sound/core/hrtimer.c:38
{HARDIRQ-ON-W} state was registered at:
  lock_acquire kernel/locking/lockdep.c:5754 [inline]
  lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:351 [inline]
  class_spinlock_constructor include/linux/spinlock.h:561 [inline]
  snd_timer_close_locked+0x65/0xbd0 sound/core/timer.c:412
  snd_timer_close+0x8b/0xf0 sound/core/timer.c:464
  snd_seq_timer_close+0xa4/0x100 sound/core/seq/seq_timer.c:302
  queue_delete+0x49/0xa0 sound/core/seq/seq_queue.c:126
  snd_seq_queue_delete+0x45/0x60 sound/core/seq/seq_queue.c:188
  snd_seq_kernel_client_ctl+0x107/0x1c0 sound/core/seq/seq_clientmgr.c:2526
  delete_seq_queue.isra.0+0xc8/0x150 sound/core/seq/oss/seq_oss_init.c:371
  odev_release+0x52/0x80 sound/core/seq/oss/seq_oss.c:144
  __fput+0x270/0xb80 fs/file_table.c:422
  __fput_sync+0x47/0x50 fs/file_table.c:507
  __do_sys_close fs/open.c:1556 [inline]
  __se_sys_close fs/open.c:1541 [inline]
  __x64_sys_close+0x86/0x100 fs/open.c:1541
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
  entry_SYSCALL_64_after_hwframe+0x6d/0x75
irq event stamp: 32
hardirqs last  enabled at (31): [<ffffffff81e7432a>] kasan_quarantine_put+0x10a/0x240 mm/kasan/quarantine.c:234
hardirqs last disabled at (32): [<ffffffff8ad239ae>] sysvec_apic_timer_interrupt+0xe/0xb0 arch/x86/kernel/apic/apic.c:1043
softirqs last  enabled at (0): [<ffffffff814f168c>] copy_process+0x24cc/0x9160 kernel/fork.c:2335
softirqs last disabled at (0): [<0000000000000000>] 0x0

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&timer->lock);
  <Interrupt>
    lock(&timer->lock);

 *** DEADLOCK ***

1 lock held by syz-executor.3/6340:
 #0: ffffffff8e11e410 (tomoyo_ss){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
 #0: ffffffff8e11e410 (tomoyo_ss){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
 #0: ffffffff8e11e410 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_read_lock security/tomoyo/common.h:1108 [inline]
 #0: ffffffff8e11e410 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_number_perm+0x232/0x590 security/tomoyo/file.c:722

stack backtrace:
CPU: 1 PID: 6340 Comm: syz-executor.3 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_usage_bug kernel/locking/lockdep.c:3971 [inline]
 valid_state kernel/locking/lockdep.c:4013 [inline]
 mark_lock_irq kernel/locking/lockdep.c:4216 [inline]
 mark_lock+0x923/0xc60 kernel/locking/lockdep.c:4678
 mark_usage kernel/locking/lockdep.c:4564 [inline]
 __lock_acquire+0x1359/0x3b30 kernel/locking/lockdep.c:5091
 lock_acquire kernel/locking/lockdep.c:5754 [inline]
 lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 class_spinlock_constructor include/linux/spinlock.h:561 [inline]
 snd_hrtimer_callback+0x4d/0x420 sound/core/hrtimer.c:38
 __run_hrtimer kernel/time/hrtimer.c:1692 [inline]
 __hrtimer_run_queues+0x20c/0xc20 kernel/time/hrtimer.c:1756
 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1818
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x10f/0x410 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:tomoyo_compare_number_union security/tomoyo/file.c:115 [inline]
RIP: 0010:tomoyo_check_path_number_acl+0x100/0x2f0 security/tomoyo/file.c:282
Code: 00 00 48 8d 7d 40 49 8b 5c 24 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 a1 01 00 00 4c 8b 6d 40 <4d> 85 ed 0f 85 ed 00 00 00 e8 72 df 52 fd 48 8d 7d 30 48 b8 00 00
RSP: 0018:ffffc90003cf7bb8 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 0000000000006364 RCX: ffffffff843a18cb
RDX: 1ffff11028ed3bc8 RSI: ffffffff843a18e8 RDI: ffff88814769de40
RBP: ffff88814769de00 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffc90003cf7ca0
R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000002
 tomoyo_check_acl+0x140/0x410 security/tomoyo/domain.c:175
 tomoyo_path_number_perm+0x34a/0x590 security/tomoyo/file.c:733
 security_file_ioctl+0x75/0xc0 security/security.c:2758
 __do_sys_ioctl fs/ioctl.c:898 [inline]
 __se_sys_ioctl fs/ioctl.c:890 [inline]
 __x64_sys_ioctl+0xbb/0x220 fs/ioctl.c:890
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f3f2a47dbcb
Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
RSP: 002b:00007f3f29fff0f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3f2a47dbcb
RDX: 0000000000000000 RSI: 0000000000006364 RDI: 00000000000000d8
RBP: 00007f3f2a5abf80 R08: 0000000000000000 R09: 00007ffc3adf39e7
R10: 0000000000000008 R11: 0000000000000246 R12: ffffffffffffffb0
R13: 000000000000000b R14: 00007ffc3adf3900 R15: 00007ffc3adf39e8
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	48 8d 7d 40          	lea    0x40(%rbp),%rdi
   6:	49 8b 5c 24 20       	mov    0x20(%r12),%rbx
   b:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  12:	fc ff df
  15:	48 89 fa             	mov    %rdi,%rdx
  18:	48 c1 ea 03          	shr    $0x3,%rdx
  1c:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  20:	0f 85 a1 01 00 00    	jne    0x1c7
  26:	4c 8b 6d 40          	mov    0x40(%rbp),%r13
* 2a:	4d 85 ed             	test   %r13,%r13 <-- trapping instruction
  2d:	0f 85 ed 00 00 00    	jne    0x120
  33:	e8 72 df 52 fd       	call   0xfd52dfaa
  38:	48 8d 7d 30          	lea    0x30(%rbp),%rdi
  3c:	48                   	rex.W
  3d:	b8                   	.byte 0xb8