================================
WARNING: inconsistent lock state
syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz.1.919/8972 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff888033c6a4a8 (&p->tcfa_lock){+.?.}-{3:3}, at: est_timer+0xd4/0x9f0
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x120/0x360
  _raw_spin_lock+0x2e/0x40
  tcf_ct_init+0x7cc/0x1950
  tcf_action_init_1+0x463/0x6d0
  tcf_action_init+0x2cf/0xab0
  tc_ctl_action+0x430/0xbd0
  rtnetlink_rcv_msg+0x77c/0xb70
  netlink_rcv_skb+0x208/0x470
  netlink_unicast+0x82f/0x9e0
  netlink_sendmsg+0x805/0xb30
  __sock_sendmsg+0x21c/0x270
  ____sys_sendmsg+0x505/0x830
  ___sys_sendmsg+0x21f/0x2a0
  __x64_sys_sendmsg+0x19b/0x260
  do_syscall_64+0xfa/0x3b0
  entry_SYSCALL_64_after_hwframe+0x77/0x7f
irq event stamp: 4466
hardirqs last  enabled at (4466): [<ffffffff8b7cceb3>] _raw_spin_unlock_irq+0x23/0x50
hardirqs last disabled at (4465): [<ffffffff8b7ccc2d>] _raw_spin_lock_irq+0x7d/0xf0
softirqs last  enabled at (4220): [<ffffffff8184f4da>] __irq_exit_rcu+0xca/0x1f0
softirqs last disabled at (4457): [<ffffffff8184f4da>] __irq_exit_rcu+0xca/0x1f0

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&p->tcfa_lock);
  <Interrupt>
    lock(&p->tcfa_lock);

 *** DEADLOCK ***

7 locks held by syz.1.919/8972:
 #0: ffffffff8f52be90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
 #1: ffffffff8f28bcb0 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x19a/0x270
 #2: ffffffff8f28be70 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x1d2/0x270
 #3: ffff888121110f98 (&device->compat_devs_mutex){+.+.}-{4:4}, at: add_one_compat_dev+0xee/0x5c0
 #4: ffff88801b6f0188 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_add_one+0x41/0x520
 #5: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: kernfs_root+0x1c/0x230
 #6: ffffc90000007be0 ((&est->timer)){+.-.}-{0:0}, at: call_timer_fn+0xbe/0x5f0

stack backtrace:
CPU: 0 UID: 0 PID: 8972 Comm: syz.1.919 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <IRQ>
 dump_stack_lvl+0x189/0x250
 print_usage_bug+0x297/0x2e0
 valid_state+0xc3/0xf0
 mark_lock_irq+0x36/0x390
 mark_lock+0x11b/0x190
 __lock_acquire+0x680/0xd20
 lock_acquire+0x120/0x360
 _raw_spin_lock+0x2e/0x40
 est_timer+0xd4/0x9f0
 call_timer_fn+0x17e/0x5f0
 __run_timer_base+0x61a/0x860
 run_timer_softirq+0xb7/0x180
 handle_softirqs+0x286/0x870
 __irq_exit_rcu+0xca/0x1f0
 irq_exit_rcu+0x9/0x30
 sysvec_apic_timer_interrupt+0xa6/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x83/0x90
Code: 8d 52 28 4d 39 ca 77 22 89 ff 89 f6 49 ff c0 4c 89 01 48 c7 44 11 08 05 00 00 00 48 89 7c 11 10 48 89 74 11 18 48 89 44 11 20 <e9> c8 6a bd 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000457f508 EFLAGS: 00000297
RAX: ffffffff825d45f1 RBX: ffffffff825d450c RCX: 0000000000000002
RDX: ffff888023251cc0 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff825d450c
R10: dffffc0000000000 R11: ffffed10036de025 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff8880296f3e10 R15: ffff8880213a84b0
 kernfs_root+0x101/0x230
 kernfs_parent+0x51/0x190
 kernfs_add_one+0x49/0x520
 __kernfs_create_file+0x22b/0x2e0
 sysfs_add_file_mode_ns+0x238/0x300
 internal_create_group+0x66d/0x1110
 sysfs_create_groups+0x59/0x120
 ib_setup_port_attrs+0x1407/0x2070
 add_one_compat_dev+0x3d6/0x5c0
 rdma_dev_init_net+0x1dd/0x270
 ops_init+0x35c/0x5c0
 setup_net+0x10c/0x320
 copy_net_ns+0x31b/0x4d0
 create_new_namespaces+0x3f3/0x720
 unshare_nsproxy_namespaces+0x11c/0x170
 ksys_unshare+0x4c8/0x8c0
 __x64_sys_unshare+0x38/0x50
 do_syscall_64+0xfa/0x3b0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f240198ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f24027c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f2401bc5fa0 RCX: 00007f240198ebe9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
RBP: 00007f2401a11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2401bc6038 R14: 00007f2401bc5fa0 R15: 00007ffeecc4eb28
 </TASK>
bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
