program:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x20600, 0x1}}, 0x20)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x2, 0x4e20, @multicast1}, 0x10)

[   74.264521][ T5306] Bluetooth: hci0: command tx timeout
[   74.345961][ T5325] BUG: assuming non migratable context at ./include/linux/filter.h:703
[   74.354305][ T5325] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 5325, name: syz.0.0
[   74.358508][ T5325] 1 lock held by syz.0.0/5325:
[   74.360564][ T5325]  #0: ffffffff8e13c520 (rcu_read_lock){....}-{1:3}, at: nf_hook+0x9d/0x380
[   74.366308][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) 
[   74.366327][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.366334][ T5325] Call Trace:
[   74.366340][ T5325]  <TASK>
[   74.366347][ T5325]  dump_stack_lvl+0x189/0x250
[   74.366376][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.366393][ T5325]  ? print_lock_name+0xde/0x100
[   74.366413][ T5325]  __cant_migrate+0x238/0x2e0
[   74.366426][ T5325]  ? __pfx___cant_migrate+0x10/0x10
[   74.366447][ T5325]  nf_hook_run_bpf+0x8f/0x1f0
[   74.366461][ T5325]  ? __pfx_ipt_do_table+0x10/0x10
[   74.366477][ T5325]  ? __pfx_nf_hook_run_bpf+0x10/0x10
[   74.366489][ T5325]  ? iptable_mangle_hook+0x189/0x4c0
[   74.366499][ T5325]  ? nf_hook+0x9d/0x380
[   74.366508][ T5325]  ? nf_nat_ipv4_out+0x2f7/0x4e0
[   74.366523][ T5325]  ? __pfx_nf_hook_run_bpf+0x10/0x10
[   74.366536][ T5325]  nf_hook_slow+0xc5/0x220
[   74.366555][ T5325]  nf_hook+0x217/0x380
[   74.366569][ T5325]  ? nf_hook+0x9d/0x380
[   74.366576][ T5325]  ? __pfx_nf_hook+0x10/0x10
[   74.366584][ T5325]  ? __pfx_ip_mc_finish_output+0x10/0x10
[   74.366593][ T5325]  ? skb_clone+0x246/0x3a0
[   74.366606][ T5325]  ip_mc_output+0x22d/0x590
[   74.366615][ T5325]  ? __pfx_ip_mc_finish_output+0x10/0x10
[   74.366630][ T5325]  ip_send_skb+0x74/0x100
[   74.366645][ T5325]  udp_send_skb+0xaf1/0x14c0
[   74.366669][ T5325]  udp_sendmsg+0x195b/0x2300
[   74.366691][ T5325]  ? tomoyo_check_inet_address+0x275/0x8c0
[   74.366760][ T5325]  ? __pfx_aa_label_sk_perm+0x10/0x10
[   74.366780][ T5325]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   74.366792][ T5325]  ? __pfx_udp_sendmsg+0x10/0x10
[   74.366828][ T5325]  ? sock_rps_record_flow+0x19/0x410
[   74.366843][ T5325]  ? inet_sendmsg+0x29c/0x370
[   74.366855][ T5325]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   74.366871][ T5325]  __sock_sendmsg+0x19c/0x270
[   74.366886][ T5325]  __sys_sendto+0x3bd/0x520
[   74.366903][ T5325]  ? __pfx___sys_sendto+0x10/0x10
[   74.366927][ T5325]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[   74.366952][ T5325]  ? rcu_is_watching+0x15/0xb0
[   74.366965][ T5325]  __x64_sys_sendto+0xde/0x100
[   74.366982][ T5325]  do_syscall_64+0xfa/0x3b0
[   74.367031][ T5325]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.367046][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.367058][ T5325]  ? clear_bhb_loop+0x60/0xb0
[   74.367070][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.367080][ T5325] RIP: 0033:0x7f220a58e9a9
[   74.367090][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.367099][ T5325] RSP: 002b:00007f220b47a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   74.367112][ T5325] RAX: ffffffffffffffda RBX: 00007f220a7b5fa0 RCX: 00007f220a58e9a9
[   74.367120][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[   74.367125][ T5325] RBP: 00007f220a610d69 R08: 00002000000004c0 R09: 0000000000000010
[   74.367132][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.367138][ T5325] R13: 0000000000000000 R14: 00007f220a7b5fa0 R15: 00007ffea47bf0b8
[   74.367155][ T5325]  </TASK>