------------[ cut here ]------------ WARNING: CPU: 1 PID: 13487 at net/core/flow_dissector.c:1107 __skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1102 Modules linked in: CPU: 1 PID: 13487 Comm: syz.2.1692 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 RIP: 0010:__skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1107 Code: db 59 00 00 80 3d f0 a1 fd 05 01 0f 85 01 5a 00 00 e8 46 1c 0f f9 e9 17 f9 ff ff e8 3c 1c 0f f9 e9 b4 03 00 00 e8 32 1c 0f f9 <0f> 0b e9 00 ff ff ff e8 26 1c 0f f9 c6 05 bb a1 fd 05 01 48 c7 c7 RSP: 0000:ffffc900036968c0 EFLAGS: 00010246 RAX: ffffffff887805ce RBX: ffff888067ae8370 RCX: ffff88802fcf5a00 RDX: 0000000000000100 RSI: ffffffff8b1c8fc0 RDI: ffffffff8b1c8f80 RBP: ffffc90003696ed8 R08: dffffc0000000000 R09: 1ffffffff2238ca0 R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: ffffffff8e8b8bb8 R13: ffffffff8877fbe9 R14: 0000000000000000 R15: 1ffffffff1d17178 FS: 0000555563fd7500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055558ec6b4e8 CR3: 00000000639e7000 CR4: 00000000003526e0 Call Trace: skb_flow_dissect_flow_keys include/linux/skbuff.h:1544 [inline] ___skb_get_hash net/core/flow_dissector.c:1801 [inline] __skb_get_hash+0xf3/0x2e0 net/core/flow_dissector.c:1866 skb_get_hash include/linux/skbuff.h:1586 [inline] nft_trace_init+0x1bb/0x410 net/netfilter/nf_tables_trace.c:316 nft_do_chain+0x14fc/0x1600 net/netfilter/nf_tables_core.c:268 nf_route_table_hook6+0x366/0x7b0 net/netfilter/nft_chain_route.c:88 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline] nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:259 [inline] __ip6_local_out+0x784/0x8a0 net/ipv6/output_core.c:143 ip6_local_out+0x2a/0x130 net/ipv6/output_core.c:153 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline] udp_tunnel6_xmit_skb+0x53e/0x970 net/ipv6/ip6_udp_tunnel.c:109 tipc_udp_xmit+0x58d/0xb40 net/tipc/udp_media.c:220 tipc_bearer_xmit_skb+0x2ad/0x3f0 net/tipc/bearer.c:575 tipc_disc_timeout+0x596/0x6f0 net/tipc/discover.c:338 call_timer_fn+0x189/0x540 kernel/time/timer.c:1701 expire_timers kernel/time/timer.c:1752 [inline] __run_timers+0x542/0x800 kernel/time/timer.c:2023 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036 handle_softirqs+0x280/0x820 kernel/softirq.c:578 __do_softirq kernel/softirq.c:612 [inline] invoke_softirq kernel/softirq.c:452 [inline] __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline] sysvec_apic_timer_interrupt+0x56/0xc0 arch/x86/kernel/apic/apic.c:1088 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687 RIP: 0033:0x7f3ebb86d2b2 Code: 48 39 d1 72 f3 48 8d 46 f8 48 8b 76 f8 48 39 f2 73 13 66 0f 1f 44 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 48 39 c3 73 3e <48> 89 33 48 89 c6 48 83 c3 08 48 89 08 48 8b 0b 48 8b 55 00 eb c0 RSP: 002b:00007fffbf443d80 EFLAGS: 00000283 RAX: 00007f3ebb565520 RBX: 00007f3ebb550dd0 RCX: ffffffff8870e454 RDX: ffffffff8870e454 RSI: ffffffff8870e454 RDI: 00007f3ebb561888 RBP: 00007f3ebb54a630 R08: 00007f3ebbc00000 R09: 00007f3ebbc16038 R10: 0000000000000001 R11: 0000000000000012 R12: 00007f3ebb578ae8 R13: 000000000000001b R14: 0000000000005c97 R15: 0000000000000001