------------[ cut here ]------------
WARNING: CPU: 0 PID: 4457 at net/netfilter/nft_socket.c:220 nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
Modules linked in:
CPU: 0 PID: 4457 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
lr : nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
sp : ffff800021217130
x29: ffff800021217130 x28: ffff60001a27f000 x27: dfff800000000000
x26: 0000000003000000 x25: 1fffe0001a27f004 x24: dfff800000000000
x23: ffff0000cbc93322 x22: 0000000000000100 x21: ffff0000d13f8020
x20: ffff0000cbc93318 x19: ffff800021217280 x18: 0000000000000000
x17: ffff80001835b000 x16: ffff8000082d7ed4 x15: ffff800017e3c000
x14: 0000000000000001 x13: 1ffff00002a44071 x12: 0000000000ff0100
x11: ff008000102a0ee0 x10: 0000000000000000 x9 : ffff8000102a0ee0
x8 : ffff0000d2bc3780 x7 : ffff8000102a1de0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000100 x0 : 00000000000000ff
Call trace:
 nft_socket_init+0x2ac/0x380 net/netfilter/nft_socket.c:220
 nf_tables_newexpr net/netfilter/nf_tables_api.c:3065 [inline]
 nf_tables_newrule+0x1174/0x1b70 net/netfilter/nf_tables_api.c:3792
 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:519 [inline]
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:639 [inline]
 nfnetlink_rcv+0xc7c/0x1bfc net/netfilter/nfnetlink.c:657
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x60c/0x814 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x6f4/0x9c0 net/netlink/af_netlink.c:1872
 sock_sendmsg_nosec net/socket.c:718 [inline]
 __sock_sendmsg net/socket.c:730 [inline]
 ____sys_sendmsg+0x5c8/0x938 net/socket.c:2518
 ___sys_sendmsg net/socket.c:2572 [inline]
 __sys_sendmsg+0x288/0x374 net/socket.c:2601
 __do_sys_sendmsg net/socket.c:2610 [inline]
 __se_sys_sendmsg net/socket.c:2608 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2608
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1934
hardirqs last  enabled at (1933): [<ffff800011b24404>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last  enabled at (1933): [<ffff800011b24404>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (1934): [<ffff800011a39234>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (1920): [<ffff80000fdd2bdc>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (1914): [<ffff80000fdd2ba8>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---