program:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
socket$kcm(0x11, 0x200000000000002, 0x300)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
close(r1)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r3=>0x0, <r4=>0x0})
close(r3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x17, 0xffff7fff, 0x0, 0x2, 0x300, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x33, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff0012fe00632f77fbac141416ac14141602089f034d2f87e5070c0cab845013f232", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0xc000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socketpair(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x5, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x4}, [@call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{0x0}], 0x1}, 0x0)

[   89.196585][   T57] cfg80211: failed to load regulatory.db
[   89.221498][ T4662] Bluetooth: hci0: command tx timeout
[   89.707259][ T5323] netlink: 'syz.0.0': attribute type 10 has an invalid length.
[   89.765650][ T5324] Zero length message leads to an empty skb
[   89.798595][ T5323] team0: Port device netdevsim0 added
[   89.819944][ T1040] 
[   89.821523][ T1040] ======================================================
[   89.825223][ T1040] WARNING: possible circular locking dependency detected
[   89.829150][ T1040] 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 Not tainted
[   89.840899][ T1040] ------------------------------------------------------
[   89.845464][ T1040] kworker/u4:8/1040 is trying to acquire lock:
[   89.851038][ T1040] ffff888042fcce00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event+0x544/0xa20
[   89.869246][ T1040] 
[   89.869246][ T1040] but task is already holding lock:
[   89.875229][ T1040] ffff88804028cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __linkwatch_run_queue+0x4a0/0x7e0
[   89.895925][ T1040] 
[   89.895925][ T1040] which lock already depends on the new lock.
[   89.895925][ T1040] 
[   89.916412][ T1040] 
[   89.916412][ T1040] the existing dependency chain (in reverse order) is:
[   89.921036][ T1040] 
[   89.921036][ T1040] -> #1 (&dev_instance_lock_key#20){+.+.}-{4:4}:
[   89.926253][ T1040]        lock_acquire+0x120/0x360
[   89.929740][ T1040]        __mutex_lock+0x182/0xe80
[   89.947928][ T1040]        dev_set_mtu+0x10e/0x260
[   89.950380][ T1040]        team_add_slave+0x8b8/0x2840
[   89.952908][ T1040]        do_set_master+0x533/0x6d0
[   89.955693][ T1040]        do_setlink+0xd47/0x40d0
[   89.958408][ T1040]        rtnl_newlink+0x160b/0x1c70
[   89.961526][ T1040]        rtnetlink_rcv_msg+0x7cf/0xb70
[   89.974514][ T1040]        netlink_rcv_skb+0x21c/0x490
[   89.976979][ T1040]        netlink_unicast+0x758/0x8d0
[   89.979177][ T1040]        netlink_sendmsg+0x805/0xb30
[   89.982479][ T1040]        __sock_sendmsg+0x219/0x270
[   89.989626][ T1040]        ____sys_sendmsg+0x505/0x830
[   89.991836][ T1040]        ___sys_sendmsg+0x21f/0x2a0
[   90.008889][ T1040]        __x64_sys_sendmsg+0x19b/0x260
[   90.011135][ T1040]        do_syscall_64+0xf6/0x210
[   90.013349][ T1040]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.016406][ T1040] 
[   90.016406][ T1040] -> #0 (team->team_lock_key){+.+.}-{4:4}:
[   90.020917][ T1040]        validate_chain+0xb9b/0x2140
[   90.023596][ T1040]        __lock_acquire+0xaac/0xd20
[   90.042323][ T1040]        lock_acquire+0x120/0x360
[   90.044891][ T1040]        __mutex_lock+0x182/0xe80
[   90.047229][ T1040]        team_device_event+0x544/0xa20
[   90.050679][ T1040]        notifier_call_chain+0x1b3/0x3e0
[   90.054409][ T1040]        netif_state_change+0x284/0x3a0
[   90.063982][ T1040]        linkwatch_do_dev+0x117/0x170
[   90.066269][ T1040]        __linkwatch_run_queue+0x56d/0x7e0
[   90.068689][ T1040]        linkwatch_event+0x4c/0x60
[   90.070808][ T1040]        process_scheduled_works+0xade/0x17a0
[   90.083806][ T1040]        worker_thread+0x8a0/0xda0
[   90.088454][ T1040]        kthread+0x711/0x8a0
[   90.091074][ T1040]        ret_from_fork+0x4b/0x80
[   90.104347][ T1040]        ret_from_fork_asm+0x1a/0x30
[   90.106761][ T1040] 
[   90.106761][ T1040] other info that might help us debug this:
[   90.106761][ T1040] 
[   90.111405][ T1040]  Possible unsafe locking scenario:
[   90.111405][ T1040] 
[   90.114894][ T1040]        CPU0                    CPU1
[   90.137334][ T1040]        ----                    ----
[   90.139520][ T1040]   lock(&dev_instance_lock_key#20);
[   90.141657][ T1040]                                lock(team->team_lock_key);
[   90.154971][ T1040]                                lock(&dev_instance_lock_key#20);
[   90.158409][ T1040]   lock(team->team_lock_key);
[   90.173084][ T1040] 
[   90.173084][ T1040]  *** DEADLOCK ***
[   90.173084][ T1040] 
[   90.176658][ T1040] 4 locks held by kworker/u4:8/1040:
[   90.179043][ T1040]  #0: ffff88801a079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0
[   90.197804][ T1040]  #1: ffffc90002587c60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[   90.203332][ T1040]  #2: ffffffff8f2f7248 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[   90.208543][ T1040]  #3: ffff88804028cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __linkwatch_run_queue+0x4a0/0x7e0
[   90.225134][ T1040] 
[   90.225134][ T1040] stack backtrace:
[   90.228339][ T1040] CPU: 0 UID: 0 PID: 1040 Comm: kworker/u4:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[   90.228355][ T1040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.228363][ T1040] Workqueue: events_unbound linkwatch_event
[   90.228384][ T1040] Call Trace:
[   90.228391][ T1040]  <TASK>
[   90.228397][ T1040]  dump_stack_lvl+0x189/0x250
[   90.228413][ T1040]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.228425][ T1040]  ? __pfx__printk+0x10/0x10
[   90.228435][ T1040]  ? print_lock_name+0xde/0x100
[   90.228450][ T1040]  print_circular_bug+0x2ee/0x310
[   90.228461][ T1040]  check_noncircular+0x134/0x160
[   90.228471][ T1040]  validate_chain+0xb9b/0x2140
[   90.228484][ T1040]  __lock_acquire+0xaac/0xd20
[   90.228498][ T1040]  ? team_device_event+0x544/0xa20
[   90.228508][ T1040]  lock_acquire+0x120/0x360
[   90.228521][ T1040]  ? team_device_event+0x544/0xa20
[   90.228533][ T1040]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   90.228545][ T1040]  __mutex_lock+0x182/0xe80
[   90.228558][ T1040]  ? team_device_event+0x544/0xa20
[   90.228568][ T1040]  ? __asan_memset+0x22/0x50
[   90.228577][ T1040]  ? call_fib_nh_notifiers+0x33a/0x4e0
[   90.228588][ T1040]  ? __pfx_call_fib_nh_notifiers+0x10/0x10
[   90.228598][ T1040]  ? team_device_event+0x544/0xa20
[   90.228608][ T1040]  ? __pfx___mutex_lock+0x10/0x10
[   90.228621][ T1040]  ? fib_sync_down_dev+0x787/0x7b0
[   90.228632][ T1040]  team_device_event+0x544/0xa20
[   90.228644][ T1040]  notifier_call_chain+0x1b3/0x3e0
[   90.228655][ T1040]  netif_state_change+0x284/0x3a0
[   90.228666][ T1040]  ? __pfx_netif_state_change+0x10/0x10
[   90.228677][ T1040]  ? dev_deactivate+0x129/0x1b0
[   90.228688][ T1040]  ? nsim_get_iflink+0x20/0x280
[   90.228814][ T1040]  ? rfc2863_policy+0x1c6/0x3e0
[   90.228830][ T1040]  linkwatch_do_dev+0x117/0x170
[   90.228845][ T1040]  __linkwatch_run_queue+0x56d/0x7e0
[   90.228859][ T1040]  ? __pfx___linkwatch_run_queue+0x10/0x10
[   90.228873][ T1040]  ? _raw_spin_unlock_irq+0x23/0x50
[   90.228883][ T1040]  ? process_scheduled_works+0x9ec/0x17a0
[   90.228892][ T1040]  ? process_scheduled_works+0x9ec/0x17a0
[   90.228900][ T1040]  linkwatch_event+0x4c/0x60
[   90.228914][ T1040]  process_scheduled_works+0xade/0x17a0
[   90.228930][ T1040]  ? __pfx_process_scheduled_works+0x10/0x10
[   90.228948][ T1040]  worker_thread+0x8a0/0xda0
[   90.228963][ T1040]  kthread+0x711/0x8a0
[   90.228976][ T1040]  ? __pfx_worker_thread+0x10/0x10
[   90.228985][ T1040]  ? __pfx_kthread+0x10/0x10
[   90.228997][ T1040]  ? __pfx_kthread+0x10/0x10
[   90.229007][ T1040]  ? _raw_spin_unlock_irq+0x23/0x50
[   90.229065][ T1040]  ? lockdep_hardirqs_on+0x9c/0x150
[   90.229086][ T1040]  ? __pfx_kthread+0x10/0x10
[   90.229097][ T1040]  ret_from_fork+0x4b/0x80
[   90.229107][ T1040]  ? __pfx_kthread+0x10/0x10
[   90.229117][ T1040]  ret_from_fork_asm+0x1a/0x30
[   90.229129][ T1040]  </TASK>