------------[ cut here ]------------
netdev_lock_pos() could not find dev_type=26
WARNING: net/core/dev.c:531 at netdev_lock_pos net/core/dev.c:531 [inline], CPU#0: syz.0.17/5985
WARNING: net/core/dev.c:531 at netdev_set_xmit_lockdep_class net/core/dev.c:540 [inline], CPU#0: syz.0.17/5985
WARNING: net/core/dev.c:531 at netdev_init_one_queue+0x1c5/0x440 net/core/dev.c:11180, CPU#0: syz.0.17/5985
Modules linked in:
CPU: 0 UID: 0 PID: 5985 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
RIP: 0010:netdev_lock_pos net/core/dev.c:531 [inline]
RIP: 0010:netdev_set_xmit_lockdep_class net/core/dev.c:540 [inline]
RIP: 0010:netdev_init_one_queue+0x1c7/0x440 net/core/dev.c:11180
Code: bf 42 00 00 00 e8 39 fd 58 f8 66 41 83 ff 41 0f 87 59 01 00 00 e8 89 f9 58 f8 eb 19 e8 82 f9 58 f8 48 8d 3d 3b 33 92 06 89 ee <67> 48 0f b9 3a 41 bf 41 00 00 00 4e 8d 24 fd 40 41 bb 8c 4c 89 e0
RSP: 0018:ffffc9000397f2a0 EFLAGS: 00010293
RAX: ffffffff896b7dce RBX: ffff88807e61b800 RCX: ffff88802f991e80
RDX: 0000000000000000 RSI: 000000000000001a RDI: ffffffff8ffdb110
RBP: 000000000000001a R08: 0000000000000003 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1fde36f R12: 000000000000fffe
R13: dffffc0000000000 R14: 0000000000000041 R15: ffffffff8cbb447e
FS: 000055555e382500(0000) GS:ffff8881256f5000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005647821e70a0 CR3: 000000007694a000 CR4: 00000000003526f0
Call Trace:
<TASK>
dev_ingress_queue_create+0x119/0x190 net/core/dev.c:11940
__tc_modify_qdisc net/sched/sch_api.c:1610 [inline]
tc_modify_qdisc+0x640/0x2290 net/sched/sch_api.c:1817
rtnetlink_rcv_msg+0x77e/0xbe0 net/core/rtnetlink.c:6967
netlink_rcv_skb+0x232/0x4b0 net/netlink/af_netlink.c:2550
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x80f/0x9b0 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg net/socket.c:742 [inline]
____sys_sendmsg+0xa68/0xad0 net/socket.c:2592
___sys_sendmsg+0x2a5/0x360 net/socket.c:2646
__sys_sendmsg net/socket.c:2678 [inline]
__do_sys_sendmsg net/socket.c:2683 [inline]
__se_sys_sendmsg net/socket.c:2681 [inline]
__x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2681
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f827879af79
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffea34c0958 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f8278a15fa0 RCX: 00007f827879af79
RDX: 00000000000008c0 RSI: 00002000000001c0 RDI: 0000000000000004
RBP: 00007f82788316e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8278a15fac R14: 00007f8278a15fa0 R15: 00007f8278a15fa0
</TASK>
----------------
Code disassembly (best guess):
0: bf 42 00 00 00 mov $0x42,%edi
5: e8 39 fd 58 f8 call 0xf858fd43
a: 66 41 83 ff 41 cmp $0x41,%r15w
f: 0f 87 59 01 00 00 ja 0x16e
15: e8 89 f9 58 f8 call 0xf858f9a3
1a: eb 19 jmp 0x35
1c: e8 82 f9 58 f8 call 0xf858f9a3
21: 48 8d 3d 3b 33 92 06 lea 0x692333b(%rip),%rdi # 0x6923363
28: 89 ee mov %ebp,%esi
* 2a: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction
2f: 41 bf 41 00 00 00 mov $0x41,%r15d
35: 4e 8d 24 fd 40 41 bb lea -0x7344bec0(,%r15,8),%r12
3c: 8c
3d: 4c 89 e0 mov %r12,%rax