program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)={0x34, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}}, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000d00)=[{{&(0x7f0000000000)={0x2, 0x234e, @empty}, 0x10, 0x0}}], 0x1, 0x20000080)

[   68.532345][ T5095] Bluetooth: hci0: command tx timeout
[   68.651569][    C0] 
[   68.652560][    C0] ============================================
[   68.654815][    C0] WARNING: possible recursive locking detected
[   68.657116][    C0] 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 Not tainted
[   68.659749][    C0] --------------------------------------------
[   68.662099][    C0] syz.0.0/5109 is trying to acquire lock:
[   68.664238][    C0] ffff888011961958 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40
[   68.667733][    C0] 
[   68.667733][    C0] but task is already holding lock:
[   68.670388][    C0] ffff88803fddf018 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40
[   68.673752][    C0] 
[   68.673752][    C0] other info that might help us debug this:
[   68.676743][    C0]  Possible unsafe locking scenario:
[   68.676743][    C0] 
[   68.679536][    C0]        CPU0
[   68.680805][    C0]        ----
[   68.682043][    C0]   lock(k-slock-AF_INET);
[   68.683703][    C0]   lock(k-slock-AF_INET);
[   68.685337][    C0] 
[   68.685337][    C0]  *** DEADLOCK ***
[   68.685337][    C0] 
[   68.688113][    C0]  May be due to missing lock nesting notation
[   68.688113][    C0] 
[   68.690793][    C0] 7 locks held by syz.0.0/5109:
[   68.692441][    C0]  #0: ffff888011960e18 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x153/0x1b10
[   68.695744][    C0]  #1: ffff88803fdde458 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg_fastopen+0x11f/0x530
[   68.699498][    C0]  #2: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x5f/0x1b80
[   68.702778][    C0]  #3: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x45f/0x1390
[   68.706082][    C0]  #4: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: process_backlog+0x33b/0x15b0
[   68.709220][    C0]  #5: ffffffff8e938320 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x230/0x5f0
[   68.712563][    C0]  #6: ffff88803fddf018 (k-slock-AF_INET){+.-.}-{2:2}, at: sk_clone_lock+0x2cd/0xf40
[   68.716072][    C0] 
[   68.716072][    C0] stack backtrace:
[   68.718247][    C0] CPU: 0 UID: 0 PID: 5109 Comm: syz.0.0 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
[   68.722062][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.726086][    C0] Call Trace:
[   68.727387][    C0]  <IRQ>
[   68.728466][    C0]  dump_stack_lvl+0x241/0x360
[   68.730238][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.732219][    C0]  ? print_deadlock_bug+0x479/0x620
[   68.734191][    C0]  validate_chain+0x15d3/0x5900
[   68.736023][    C0]  ? mark_lock+0x9a/0x350
[   68.737659][    C0]  ? __pfx_validate_chain+0x10/0x10
[   68.739689][    C0]  ? __lock_acquire+0x137a/0x2040
[   68.741648][    C0]  ? look_up_lock_class+0x77/0x160
[   68.743680][    C0]  ? register_lock_class+0x102/0x980
[   68.745764][    C0]  ? __pfx_register_lock_class+0x10/0x10
[   68.747984][    C0]  ? mark_lock+0x9a/0x350
[   68.749529][    C0]  ? mark_lock+0x9a/0x350
[   68.751056][    C0]  __lock_acquire+0x137a/0x2040
[   68.752799][    C0]  lock_acquire+0x1ed/0x550
[   68.754381][    C0]  ? sk_clone_lock+0x2cd/0xf40
[   68.756034][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   68.757912][    C0]  ? __pfx_lockdep_init_map_type+0x10/0x10
[   68.760191][    C0]  ? sock_lock_init+0x3cd/0x7f0
[   68.762107][    C0]  _raw_spin_lock+0x2e/0x40
[   68.763823][    C0]  ? sk_clone_lock+0x2cd/0xf40
[   68.765645][    C0]  sk_clone_lock+0x2cd/0xf40
[   68.767488][    C0]  mptcp_sk_clone_init+0x32/0x13c0
[   68.769471][    C0]  ? __pfx_tcp_v4_syn_recv_sock+0x10/0x10
[   68.771710][    C0]  subflow_syn_recv_sock+0x931/0x1920
[   68.773814][    C0]  ? __pfx_subflow_syn_recv_sock+0x10/0x10
[   68.776047][    C0]  tcp_check_req+0xfe4/0x1a20
[   68.777939][    C0]  ? __pfx_tcp_check_req+0x10/0x10
[   68.779958][    C0]  ? tcp_v4_rcv+0x1987/0x37f0
[   68.781800][    C0]  tcp_v4_rcv+0x1c3e/0x37f0
[   68.783591][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   68.785455][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   68.787261][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[   68.789059][    C0]  ip_protocol_deliver_rcu+0x22e/0x440
[   68.791123][    C0]  ? ip_local_deliver_finish+0x230/0x5f0
[   68.793286][    C0]  ip_local_deliver_finish+0x341/0x5f0
[   68.795450][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   68.797714][    C0]  NF_HOOK+0x3a4/0x450
[   68.799277][    C0]  ? NF_HOOK+0x9a/0x450
[   68.800866][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   68.802649][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[   68.804988][    C0]  ? ip_rcv_finish+0x406/0x560
[   68.806847][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   68.808839][    C0]  NF_HOOK+0x3a4/0x450
[   68.810320][    C0]  ? __lock_acquire+0x137a/0x2040
[   68.811982][    C0]  ? NF_HOOK+0x9a/0x450
[   68.813528][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[   68.815183][    C0]  ? ip_rcv_core+0x801/0xd10
[   68.816809][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[   68.818679][    C0]  ? __pfx_ip_rcv+0x10/0x10
[   68.820482][    C0]  __netif_receive_skb+0x2bf/0x650
[   68.822330][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   68.824239][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[   68.826372][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.828807][    C0]  ? __pfx_lock_release+0x10/0x10
[   68.830780][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[   68.832718][    C0]  process_backlog+0x662/0x15b0
[   68.834568][    C0]  ? process_backlog+0x33b/0x15b0
[   68.836498][    C0]  ? __pfx_process_backlog+0x10/0x10
[   68.838553][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.840880][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.843303][    C0]  __napi_poll+0xcb/0x490
[   68.844934][    C0]  net_rx_action+0x89b/0x1240
[   68.846737][    C0]  ? __pfx_net_rx_action+0x10/0x10
[   68.848737][    C0]  ? do_softirq+0x11b/0x1e0
[   68.850464][    C0]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[   68.852640][    C0]  ? lockdep_softirqs_on+0x334/0x5a0
[   68.854626][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.857083][    C0]  handle_softirqs+0x2c4/0x970
[   68.858957][    C0]  ? do_softirq+0x11b/0x1e0
[   68.860646][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[   68.862608][    C0]  do_softirq+0x11b/0x1e0
[   68.864194][    C0]  </IRQ>
[   68.865208][    C0]  <TASK>
[   68.866314][    C0]  ? __pfx_do_softirq+0x10/0x10
[   68.868193][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[   68.870324][    C0]  ? rcu_is_watching+0x15/0xb0
[   68.872175][    C0]  __local_bh_enable_ip+0x1bb/0x200
[   68.874131][    C0]  ? dev_hard_start_xmit+0x773/0x7e0
[   68.876136][    C0]  ? __dev_queue_xmit+0x2da/0x3e90
[   68.878113][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   68.880317][    C0]  ? __dev_queue_xmit+0x2da/0x3e90
[   68.882224][    C0]  __dev_queue_xmit+0x1763/0x3e90
[   68.884150][    C0]  ? __dev_queue_xmit+0x2da/0x3e90
[   68.886170][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[   68.888292][    C0]  ? mark_lock+0x9a/0x350
[   68.889985][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.892302][    C0]  ? ip_finish_output2+0xa14/0x1390
[   68.894305][    C0]  ? ip_finish_output2+0x45f/0x1390
[   68.896342][    C0]  ip_finish_output2+0xd41/0x1390
[   68.898274][    C0]  ? ip_finish_output2+0x45f/0x1390
[   68.900254][    C0]  ? __pfx_ip_finish_output2+0x10/0x10
[   68.902326][    C0]  ? ip_skb_dst_mtu+0x6ba/0x9b0
[   68.904215][    C0]  ? __ip_finish_output+0x349/0x400
[   68.906129][    C0]  __ip_queue_xmit+0x118c/0x1b80
[   68.908004][    C0]  ? __pfx_mptcp_write_options+0x10/0x10
[   68.910121][    C0]  ? __ip_queue_xmit+0x5f/0x1b80
[   68.912039][    C0]  ? __pfx_ip_queue_xmit+0x10/0x10
[   68.913924][    C0]  __tcp_transmit_skb+0x2544/0x3b30
[   68.915914][    C0]  ? __pfx___tcp_transmit_skb+0x10/0x10
[   68.918009][    C0]  ? __pfx_tcp_rcv_fastopen_synack+0x10/0x10
[   68.920268][    C0]  ? __tcp_send_ack+0x17e/0x600
[   68.922149][    C0]  tcp_rcv_state_process+0x2c32/0x4570
[   68.924312][    C0]  ? lock_sync+0x267/0x310
[   68.926094][    C0]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[   68.928372][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   68.930258][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[   68.932083][    C0]  ? __local_bh_enable_ip+0x168/0x200
[   68.933925][    C0]  ? __release_sock+0x9a/0x350
[   68.935584][    C0]  tcp_v4_do_rcv+0x77d/0xc70
[   68.937126][    C0]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[   68.938871][    C0]  __release_sock+0x214/0x350
[   68.940507][    C0]  release_sock+0x61/0x1f0
[   68.942033][    C0]  mptcp_sendmsg_fastopen+0x1ad/0x530
[   68.943949][    C0]  mptcp_sendmsg+0x1884/0x1b10
[   68.945812][    C0]  ? aa_sk_perm+0x96d/0xab0
[   68.947600][    C0]  ? __pfx_aa_sk_perm+0x10/0x10
[   68.949455][    C0]  ? iovec_from_user+0x61/0x240
[   68.951320][    C0]  ? __pfx_mptcp_sendmsg+0x10/0x10
[   68.953279][    C0]  ? sock_rps_record_flow+0x1a/0x400
[   68.955261][    C0]  ? inet_sendmsg+0x330/0x390
[   68.957017][    C0]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   68.959034][    C0]  ? security_socket_sendmsg+0x87/0xb0
[   68.961112][    C0]  __sock_sendmsg+0x1a6/0x270
[   68.962851][    C0]  ____sys_sendmsg+0x525/0x7d0
[   68.964720][    C0]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.966678][    C0]  __sys_sendmmsg+0x3b2/0x740
[   68.968482][    C0]  ? __pfx___sys_sendmmsg+0x10/0x10
[   68.970511][    C0]  ? __pfx___might_resched+0x10/0x10
[   68.972552][    C0]  ? __might_fault+0xaa/0x120
[   68.974371][    C0]  ? inet_stream_connect+0x88/0xa0
[   68.976310][    C0]  ? __pfx_lock_release+0x10/0x10
[   68.978240][    C0]  ? do_futex+0x33b/0x560
[   68.979932][    C0]  ? __rseq_handle_notify_resume+0x353/0x14e0
[   68.982253][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   68.984548][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   68.986826][    C0]  ? do_syscall_64+0x100/0x230
[   68.988616][    C0]  __x64_sys_sendmmsg+0xa0/0xb0
[   68.990385][    C0]  do_syscall_64+0xf3/0x230
[   68.992103][    C0]  ? clear_bhb_loop+0x35/0x90
[   68.993912][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.996131][    C0] RIP: 0033:0x7f312ef79eb9
[   68.997827][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.005004][    C0] RSP: 002b:00007f312fcfa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   69.008206][    C0] RAX: ffffffffffffffda RBX: 00007f312f115f80 RCX: 00007f312ef79eb9
[   69.011193][    C0] RDX: 0000000000000001 RSI: 0000000020000d00 RDI: 0000000000000005
[   69.014223][    C0] RBP: 00007f312efe793e R08: 0000000000000000 R09: 0000000000000000
[   69.017168][    C0] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000
[   69.020125][    C0] R13: 0000000000000000 R14: 00007f312f115f80 R15: 00007ffc95134888
[   69.023283][    C0]  </TASK>