program:
ioprio_set$pid(0x7, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0x78, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0x64, 0x1, [@m_mirred={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0900000004000000563c000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf79d}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={0x0, 0x270}}, 0x2c0c4)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r6, 0xc0096616, &(0x7f0000000180)={0x2, [0x0, 0x0]})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0))
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

[  107.929943][ T5329] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[  107.941193][ T5329] team0: Port device dummy0 added
[  107.949592][ T5329] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[  107.953476][ T5329] 
[  107.954732][ T5329] ======================================================
[  107.957942][ T5329] WARNING: possible circular locking dependency detected
[  107.960961][ T5329] 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 Not tainted
[  107.964509][ T5329] ------------------------------------------------------
[  107.967301][ T5329] syz.0.0/5329 is trying to acquire lock:
[  107.969602][ T5329] ffff888033794e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event+0x182/0xa20
[  107.974431][ T5329] 
[  107.974431][ T5329] but task is already holding lock:
[  107.982080][ T5329] ffff888035826d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[  107.988920][ T5329] 
[  107.988920][ T5329] which lock already depends on the new lock.
[  107.988920][ T5329] 
[  107.994172][ T5329] 
[  107.994172][ T5329] the existing dependency chain (in reverse order) is:
[  107.998290][ T5329] 
[  107.998290][ T5329] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[  108.001995][ T5329]        lock_acquire+0x120/0x360
[  108.004355][ T5329]        __mutex_lock+0x182/0xe80
[  108.006751][ T5329]        dev_set_mtu+0x10e/0x260
[  108.009083][ T5329]        team_add_slave+0x8b8/0x2840
[  108.011752][ T5329]        do_set_master+0x530/0x6d0
[  108.014128][ T5329]        do_setlink+0xcf0/0x41c0
[  108.016324][ T5329]        rtnl_newlink+0x160b/0x1c70
[  108.018742][ T5329]        rtnetlink_rcv_msg+0x7cc/0xb70
[  108.021409][ T5329]        netlink_rcv_skb+0x208/0x470
[  108.024152][ T5329]        netlink_unicast+0x75b/0x8d0
[  108.026597][ T5329]        netlink_sendmsg+0x805/0xb30
[  108.028925][ T5329]        __sock_sendmsg+0x219/0x270
[  108.031218][ T5329]        ____sys_sendmsg+0x505/0x830
[  108.033546][ T5329]        ___sys_sendmsg+0x21f/0x2a0
[  108.035864][ T5329]        __x64_sys_sendmsg+0x19b/0x260
[  108.038468][ T5329]        do_syscall_64+0xfa/0x3b0
[  108.041169][ T5329]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.044194][ T5329] 
[  108.044194][ T5329] -> #0 (team->team_lock_key){+.+.}-{4:4}:
[  108.047690][ T5329]        validate_chain+0xb9b/0x2140
[  108.049801][ T5329]        __lock_acquire+0xab9/0xd20
[  108.051890][ T5329]        lock_acquire+0x120/0x360
[  108.054059][ T5329]        __mutex_lock+0x182/0xe80
[  108.056305][ T5329]        team_device_event+0x182/0xa20
[  108.058726][ T5329]        notifier_call_chain+0x1b3/0x3e0
[  108.060985][ T5329]        __dev_notify_flags+0x18d/0x2e0
[  108.063302][ T5329]        netif_change_flags+0xe8/0x1a0
[  108.065668][ T5329]        do_setlink+0xc55/0x41c0
[  108.067931][ T5329]        rtnl_newlink+0x160b/0x1c70
[  108.070201][ T5329]        rtnetlink_rcv_msg+0x7cc/0xb70
[  108.072612][ T5329]        netlink_rcv_skb+0x208/0x470
[  108.074960][ T5329]        netlink_unicast+0x75b/0x8d0
[  108.077244][ T5329]        netlink_sendmsg+0x805/0xb30
[  108.079486][ T5329]        __sock_sendmsg+0x219/0x270
[  108.081823][ T5329]        ____sys_sendmsg+0x505/0x830
[  108.084243][ T5329]        ___sys_sendmsg+0x21f/0x2a0
[  108.086531][ T5329]        __x64_sys_sendmsg+0x19b/0x260
[  108.088940][ T5329]        do_syscall_64+0xfa/0x3b0
[  108.091110][ T5329]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.093905][ T5329] 
[  108.093905][ T5329] other info that might help us debug this:
[  108.093905][ T5329] 
[  108.098240][ T5329]  Possible unsafe locking scenario:
[  108.098240][ T5329] 
[  108.101356][ T5329]        CPU0                    CPU1
[  108.103986][ T5329]        ----                    ----
[  108.106330][ T5329]   lock(&dev_instance_lock_key#3);
[  108.108670][ T5329]                                lock(team->team_lock_key);
[  108.111770][ T5329]                                lock(&dev_instance_lock_key#3);
[  108.115347][ T5329]   lock(team->team_lock_key);
[  108.117528][ T5329] 
[  108.117528][ T5329]  *** DEADLOCK ***
[  108.117528][ T5329] 
[  108.121083][ T5329] 2 locks held by syz.0.0/5329:
[  108.123256][ T5329]  #0: ffffffff8f50ff48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  108.127163][ T5329]  #1: ffff888035826d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[  108.131580][ T5329] 
[  108.131580][ T5329] stack backtrace:
[  108.134280][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  108.134296][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.134304][ T5329] Call Trace:
[  108.134318][ T5329]  <TASK>
[  108.134325][ T5329]  dump_stack_lvl+0x189/0x250
[  108.134348][ T5329]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.134362][ T5329]  ? __pfx__printk+0x10/0x10
[  108.134373][ T5329]  ? print_lock_name+0xde/0x100
[  108.134385][ T5329]  print_circular_bug+0x2ee/0x310
[  108.134398][ T5329]  check_noncircular+0x134/0x160
[  108.134410][ T5329]  validate_chain+0xb9b/0x2140
[  108.134422][ T5329]  ? __lock_acquire+0xab9/0xd20
[  108.134440][ T5329]  __lock_acquire+0xab9/0xd20
[  108.134454][ T5329]  ? team_device_event+0x182/0xa20
[  108.134465][ T5329]  lock_acquire+0x120/0x360
[  108.134476][ T5329]  ? team_device_event+0x182/0xa20
[  108.134490][ T5329]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  108.134507][ T5329]  __mutex_lock+0x182/0xe80
[  108.134524][ T5329]  ? team_device_event+0x182/0xa20
[  108.134537][ T5329]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  108.134547][ T5329]  ? team_device_event+0x182/0xa20
[  108.134558][ T5329]  ? __pfx___mutex_lock+0x10/0x10
[  108.134571][ T5329]  ? __timer_delete_sync+0x218/0x2d0
[  108.134584][ T5329]  team_device_event+0x182/0xa20
[  108.134597][ T5329]  notifier_call_chain+0x1b3/0x3e0
[  108.134615][ T5329]  __dev_notify_flags+0x18d/0x2e0
[  108.134628][ T5329]  ? __pfx___dev_notify_flags+0x10/0x10
[  108.134638][ T5329]  ? __dev_change_flags+0x4cc/0x6d0
[  108.134652][ T5329]  ? __pfx___dev_change_flags+0x10/0x10
[  108.134662][ T5329]  ? __pfx_console_unlock+0x10/0x10
[  108.134674][ T5329]  netif_change_flags+0xe8/0x1a0
[  108.134686][ T5329]  do_setlink+0xc55/0x41c0
[  108.134701][ T5329]  ? __pfx_do_setlink+0x10/0x10
[  108.134711][ T5329]  ? _printk+0xcf/0x120
[  108.134719][ T5329]  ? __pfx____ratelimit+0x10/0x10
[  108.134734][ T5329]  ? __lock_acquire+0xab9/0xd20
[  108.134747][ T5329]  ? __mutex_trylock_common+0x153/0x260
[  108.134757][ T5329]  ? __pfx___mutex_trylock_common+0x10/0x10
[  108.134767][ T5329]  ? rcu_is_watching+0x15/0xb0
[  108.134783][ T5329]  ? trace_contention_end+0x39/0x120
[  108.134792][ T5329]  ? __mutex_lock+0x330/0xe80
[  108.134807][ T5329]  ? __pfx_aa_get_newest_label+0x10/0x10
[  108.134883][ T5329]  ? rtnl_newlink+0x8db/0x1c70
[  108.134895][ T5329]  ? rcu_is_watching+0x15/0xb0
[  108.134912][ T5329]  ? __pfx___mutex_lock+0x10/0x10
[  108.134927][ T5329]  ? ns_capable+0x8a/0xf0
[  108.134939][ T5329]  ? rtnl_link_get_net_capable+0x16a/0x350
[  108.134949][ T5329]  rtnl_newlink+0x160b/0x1c70
[  108.134959][ T5329]  ? netlink_sendmsg+0x805/0xb30
[  108.134973][ T5329]  ? __pfx_rtnl_newlink+0x10/0x10
[  108.134987][ T5329]  ? kasan_quarantine_put+0xdd/0x220
[  108.135003][ T5329]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.135018][ T5329]  ? nlmon_xmit+0xb0/0x100
[  108.135029][ T5329]  ? kmem_cache_free+0x18f/0x400
[  108.135040][ T5329]  ? __local_bh_enable_ip+0x12d/0x1c0
[  108.135054][ T5329]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.135064][ T5329]  ? __local_bh_enable_ip+0x12d/0x1c0
[  108.135077][ T5329]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  108.135090][ T5329]  ? __dev_queue_xmit+0x27e/0x3a70
[  108.135104][ T5329]  ? __lock_acquire+0xab9/0xd20
[  108.135120][ T5329]  ? __pfx_rtnl_newlink+0x10/0x10
[  108.135129][ T5329]  rtnetlink_rcv_msg+0x7cc/0xb70
[  108.135140][ T5329]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  108.135149][ T5329]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  108.135158][ T5329]  ? ref_tracker_free+0x63a/0x7d0
[  108.135169][ T5329]  ? __copy_skb_header+0xa7/0x550
[  108.135180][ T5329]  ? __pfx_ref_tracker_free+0x10/0x10
[  108.135191][ T5329]  ? __skb_clone+0x63/0x7a0
[  108.135203][ T5329]  netlink_rcv_skb+0x208/0x470
[  108.135214][ T5329]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  108.135224][ T5329]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  108.135236][ T5329]  ? netlink_deliver_tap+0x2e/0x1b0
[  108.135245][ T5329]  ? netlink_deliver_tap+0x2e/0x1b0
[  108.135256][ T5329]  netlink_unicast+0x75b/0x8d0
[  108.135267][ T5329]  netlink_sendmsg+0x805/0xb30
[  108.135280][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  108.135295][ T5329]  ? aa_sock_msg_perm+0x94/0x160
[  108.135306][ T5329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  108.135328][ T5329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  108.135339][ T5329]  __sock_sendmsg+0x219/0x270
[  108.135355][ T5329]  ____sys_sendmsg+0x505/0x830
[  108.135368][ T5329]  ? __pfx_____sys_sendmsg+0x10/0x10
[  108.135379][ T5329]  ? import_iovec+0x74/0xa0
[  108.135389][ T5329]  ___sys_sendmsg+0x21f/0x2a0
[  108.135400][ T5329]  ? __pfx____sys_sendmsg+0x10/0x10
[  108.135418][ T5329]  ? __fget_files+0x2a/0x420
[  108.135429][ T5329]  ? __fget_files+0x3a0/0x420
[  108.135441][ T5329]  __x64_sys_sendmsg+0x19b/0x260
[  108.135454][ T5329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  108.135467][ T5329]  ? rcu_is_watching+0x15/0xb0
[  108.135483][ T5329]  ? do_syscall_64+0xbe/0x3b0
[  108.135492][ T5329]  do_syscall_64+0xfa/0x3b0
[  108.135501][ T5329]  ? lockdep_hardirqs_on+0x9c/0x150
[  108.135514][ T5329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.135524][ T5329]  ? clear_bhb_loop+0x60/0xb0
[  108.135536][ T5329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.135546][ T5329] RIP: 0033:0x7f33aa98e929
[  108.135558][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.135568][ T5329] RSP: 002b:00007f33ab8a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  108.135581][ T5329] RAX: ffffffffffffffda RBX: 00007f33aabb5fa0 RCX: 00007f33aa98e929
[  108.135589][ T5329] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000007
[  108.135596][ T5329] RBP: 00007f33aaa10b39 R08: 0000000000000000 R09: 0000000000000000
[  108.135603][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  108.135610][ T5329] R13: 0000000000000000 R14: 00007f33aabb5fa0 R15: 00007ffea9aded28
[  108.135619][ T5329]  </TASK>
[  108.382396][ T5329] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  108.402169][ T5308] Bluetooth: hci0: command tx timeout
[  108.404866][ T5329] team0: Failed to send options change via netlink (err -105)
[  108.408809][ T5329] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  108.412792][ T5329] team0: Port device dummy0 removed
[  108.420392][ T5329] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  108.448564][ T5329] syz.0.0 (5329) used greatest stack depth: 20376 bytes left