------------[ cut here ]------------
WARNING: CPU: 1 PID: 0 at net/core/flow_dissector.c:1107 __skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1102
Modules linked in:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:__skb_flow_dissect+0xbde/0x6d60 net/core/flow_dissector.c:1107
Code: db 59 00 00 80 3d 00 aa fd 05 01 0f 85 01 5a 00 00 e8 d6 28 0f f9 e9 17 f9 ff ff e8 cc 28 0f f9 e9 b4 03 00 00 e8 c2 28 0f f9 <0f> 0b e9 00 ff ff ff e8 b6 28 0f f9 c6 05 cb a9 fd 05 01 48 c7 c7
RSP: 0018:ffffc900001ef920 EFLAGS: 00010246
RAX: ffffffff8877f93e RBX: ffff8880569da140 RCX: ffff88801be63c00
RDX: 0000000000000100 RSI: ffffffff8b1c8e40 RDI: ffffffff8b1c8e00
RBP: ffffc900001eff38 R08: dffffc0000000000 R09: 1ffffffff2238aa0
R10: dffffc0000000000 R11: fffffbfff2238aa1 R12: ffffffff8e8b86b8
R13: ffffffff8877ef59 R14: 0000000000000000 R15: 1ffffffff1d170d8
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f99482fb4ac CR3: 00000000637b4000 CR4: 00000000003506e0
Call Trace:
 <IRQ>
 skb_flow_dissect_flow_keys include/linux/skbuff.h:1544 [inline]
 ___skb_get_hash net/core/flow_dissector.c:1801 [inline]
 __skb_get_hash+0xf3/0x2e0 net/core/flow_dissector.c:1866
 skb_get_hash include/linux/skbuff.h:1586 [inline]
 nft_trace_init+0x1bb/0x410 net/netfilter/nf_tables_trace.c:316
 nft_do_chain+0x14fc/0x1600 net/netfilter/nf_tables_core.c:268
 nf_route_table_hook6+0x366/0x7b0 net/netfilter/nft_chain_route.c:88
 nf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]
 nf_hook_slow+0xbd/0x200 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:259 [inline]
 __ip6_local_out+0x784/0x8a0 net/ipv6/output_core.c:143
 ip6_local_out+0x2a/0x130 net/ipv6/output_core.c:153
 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline]
 udp_tunnel6_xmit_skb+0x53e/0x970 net/ipv6/ip6_udp_tunnel.c:109
 tipc_udp_xmit+0x58d/0xb40 net/tipc/udp_media.c:220
 tipc_udp_send_msg+0x27e/0x3e0 net/tipc/udp_media.c:271
 tipc_bearer_xmit_skb+0x2ad/0x3f0 net/tipc/bearer.c:575
 tipc_disc_timeout+0x596/0x6f0 net/tipc/discover.c:338
 call_timer_fn+0x189/0x540 kernel/time/timer.c:1701
 expire_timers kernel/time/timer.c:1752 [inline]
 __run_timers+0x542/0x800 kernel/time/timer.c:2023
 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:pv_native_safe_halt+0xf/0x10 arch/x86/kernel/paravirt.c:148
Code: 29 21 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 83 e3 41 00 fb f4 <c3> 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80
RSP: 0018:ffffc90000187de0 EFLAGS: 000002c6
RAX: d3f4ef6915642800 RBX: ffffffff8162aa0d RCX: d3f4ef6915642800
RDX: 0000000000000001 RSI: ffffffff8acac9e0 RDI: ffffffff8b1c8e60
RBP: ffffc90000187f20 R08: ffff8880b8f36b2b R09: 1ffff110171e6d65
R10: dffffc0000000000 R11: ffffed10171e6d66 R12: 1ffff92000030fc8
R13: dffffc0000000000 R14: 1ffff110037cc780 R15: 0000000000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:753
 default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
 cpuidle_idle_call kernel/sched/idle.c:178 [inline]
 do_idle+0x33d/0x590 kernel/sched/idle.c:302
 cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:401
 start_secondary+0xee/0xf0 arch/x86/kernel/smpboot.c:323
 secondary_startup_64_no_verify+0x179/0x17b
 </TASK>
----------------
Code disassembly (best guess):
   0:	29 21                	sub    %esp,(%rcx)
   2:	02 c3                	add    %bl,%al
   4:	cc                   	int3
   5:	cc                   	int3
   6:	cc                   	int3
   7:	cc                   	int3
   8:	cc                   	int3
   9:	cc                   	int3
   a:	cc                   	int3
   b:	f3 0f 1e fa          	endbr64
   f:	0f 0b                	ud2
  11:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  18:	00 00 00
  1b:	f3 0f 1e fa          	endbr64
  1f:	66 90                	xchg   %ax,%ax
  21:	0f 00 2d 83 e3 41 00 	verw   0x41e383(%rip)        # 0x41e3ab
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	c3                   	ret <-- trapping instruction
  2b:	66 0f 1f 00          	nopw   (%rax)
  2f:	55                   	push   %rbp
  30:	41 57                	push   %r15
  32:	41 56                	push   %r14
  34:	41 54                	push   %r12
  36:	53                   	push   %rbx
  37:	50                   	push   %rax
  38:	8b 2f                	mov    (%rdi),%ebp
  3a:	eb 2e                	jmp    0x6a
  3c:	41 89 de             	mov    %ebx,%r14d
  3f:	80                   	.byte 0x80