DUID 00:04:68:cd:ba:d8:04:98:55:08:1d:08:ab:8f:2f:6c:bb:03
forked to background, child pid 3177
[   26.645437][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.655463][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   48.351066][ T3601] FAULT_INJECTION: forcing a failure.
[   48.351066][ T3601] name failslab, interval 1, probability 0, space 0, times 1
[   48.351162][ T3601] 
[   48.351166][ T3601] ======================================================
[   48.351169][ T3601] WARNING: possible circular locking dependency detected
[   48.351173][ T3601] 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0 Not tainted
[   48.351180][ T3601] ------------------------------------------------------
[   48.351183][ T3601] syz-executor179/3601 is trying to acquire lock:
[   48.351189][ T3601] ffffffff8bc90700 (console_owner){....}-{0:0}, at: console_unlock+0x35e/0xdd0
[   48.351228][ T3601] 
[   48.351228][ T3601] but task is already holding lock:
[   48.351231][ T3601] ffff888072955158 (&port->lock){-...}-{2:2}, at: pty_write+0xea/0x1e0
[   48.351259][ T3601] 
[   48.351259][ T3601] which lock already depends on the new lock.
[   48.351259][ T3601] 
[   48.351262][ T3601] 
[   48.351262][ T3601] the existing dependency chain (in reverse order) is:
[   48.351266][ T3601] 
[   48.351266][ T3601] -> #2 (&port->lock){-...}-{2:2}:
[   48.351280][ T3601]        _raw_spin_lock_irqsave+0x39/0x50
[   48.351298][ T3601]        tty_port_tty_get+0x1f/0x100
[   48.351310][ T3601]        tty_port_default_wakeup+0x11/0x40
[   48.351323][ T3601]        serial8250_tx_chars+0x4f3/0xa50
[   48.351337][ T3601]        serial8250_handle_irq.part.0+0x328/0x3d0
[   48.351352][ T3601]        serial8250_default_handle_irq+0xb2/0x220
[   48.351366][ T3601]        serial8250_interrupt+0xfd/0x200
[   48.351379][ T3601]        __handle_irq_event_percpu+0x22b/0x880
[   48.351390][ T3601]        handle_irq_event+0xa7/0x1e0
[   48.351400][ T3601]        handle_edge_irq+0x25f/0xd00
[   48.351416][ T3601]        __common_interrupt+0x9d/0x210
[   48.351435][ T3601]        common_interrupt+0xa4/0xc0
[   48.351457][ T3601]        asm_common_interrupt+0x1e/0x40
[   48.351479][ T3601]        acpi_idle_do_entry+0x1c6/0x250
[   48.351495][ T3601]        acpi_idle_enter+0x361/0x500
[   48.351511][ T3601]        cpuidle_enter_state+0x1b1/0xc80
[   48.351523][ T3601]        cpuidle_enter+0x4a/0xa0
[   48.351533][ T3601]        do_idle+0x3e8/0x590
[   48.351543][ T3601]        cpu_startup_entry+0x14/0x20
[   48.351554][ T3601]        rest_init+0x169/0x270
[   48.351564][ T3601]        arch_call_rest_init+0xf/0x14
[   48.351577][ T3601]        start_kernel+0x47f/0x4a0
[   48.351586][ T3601]        secondary_startup_64_no_verify+0xc3/0xcb
[   48.351601][ T3601] 
[   48.351601][ T3601] -> #1 (&port_lock_key){-...}-{2:2}:
[   48.351616][ T3601]        _raw_spin_lock_irqsave+0x39/0x50
[   48.351629][ T3601]        serial8250_console_write+0x9cb/0xc30
[   48.351643][ T3601]        console_unlock+0x9bc/0xdd0
[   48.351656][ T3601]        vprintk_emit+0x1b4/0x5f0
[   48.351669][ T3601]        vprintk+0x80/0x90
[   48.351681][ T3601]        _printk+0xba/0xed
[   48.351693][ T3601]        register_console+0x410/0x7c0
[   48.351706][ T3601]        univ8250_console_init+0x3a/0x46
[   48.351720][ T3601]        console_init+0x3c1/0x58d
[   48.351733][ T3601]        start_kernel+0x30b/0x4a0
[   48.351743][ T3601]        secondary_startup_64_no_verify+0xc3/0xcb
[   48.351757][ T3601] 
[   48.351757][ T3601] -> #0 (console_owner){....}-{0:0}:
[   48.351771][ T3601]        __lock_acquire+0x2ac6/0x56c0
[   48.351784][ T3601]        lock_acquire+0x1ab/0x510
[   48.351797][ T3601]        console_unlock+0x3b1/0xdd0
[   48.351809][ T3601]        vprintk_emit+0x1b4/0x5f0
[   48.351822][ T3601]        vprintk+0x80/0x90
[   48.351834][ T3601]        _printk+0xba/0xed
[   48.351845][ T3601]        should_fail+0x472/0x5a0
[   48.351856][ T3601]        should_failslab+0x5/0x10
[   48.351868][ T3601]        __kmalloc+0x7e/0x350
[   48.351879][ T3601]        tty_buffer_alloc+0x23f/0x2a0
[   48.351890][ T3601]        __tty_buffer_request_room+0x156/0x2a0
[   48.351903][ T3601]        tty_insert_flip_string_fixed_flag+0x8c/0x240
[   48.351916][ T3601]        pty_write+0x11c/0x1e0
[   48.351928][ T3601]        n_tty_write+0xa7a/0xfc0
[   48.351937][ T3601]        file_tty_write.constprop.0+0x520/0x900
[   48.351953][ T3601]        new_sync_write+0x38a/0x560
[   48.351964][ T3601]        vfs_write+0x7c0/0xac0
[   48.351974][ T3601]        ksys_write+0x127/0x250
[   48.351984][ T3601]        __do_fast_syscall_32+0x65/0xf0
[   48.351997][ T3601]        do_fast_syscall_32+0x2f/0x70
[   48.352014][ T3601]        entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   48.352029][ T3601] 
[   48.352029][ T3601] other info that might help us debug this:
[   48.352029][ T3601] 
[   48.352032][ T3601] Chain exists of:
[   48.352032][ T3601]   console_owner --> &port_lock_key --> &port->lock
[   48.352032][ T3601] 
[   48.352048][ T3601]  Possible unsafe locking scenario:
[   48.352048][ T3601] 
[   48.352051][ T3601]        CPU0                    CPU1
[   48.352053][ T3601]        ----                    ----
[   48.352055][ T3601]   lock(&port->lock);
[   48.352061][ T3601]                                lock(&port_lock_key);
[   48.352068][ T3601]                                lock(&port->lock);
[   48.352075][ T3601]   lock(console_owner);
[   48.352081][ T3601] 
[   48.352081][ T3601]  *** DEADLOCK ***
[   48.352081][ T3601] 
[   48.352083][ T3601] 6 locks held by syz-executor179/3601:
[   48.352090][ T3601]  #0: ffff88801b0d1098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80
[   48.352118][ T3601]  #1: ffff88801b0d1130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x299/0x900
[   48.352149][ T3601]  #2: ffff88801b0d12e8 (&tty->termios_rwsem){++++}-{3:3}, at: n_tty_write+0x1bf/0xfc0
[   48.352175][ T3601]  #3: ffffc90001c08378 (&ldata->output_lock){+.+.}-{3:3}, at: n_tty_write+0xa47/0xfc0
[   48.352202][ T3601]  #4: ffff888072955158 (&port->lock){-...}-{2:2}, at: pty_write+0xea/0x1e0
[   48.352229][ T3601]  #5: ffffffff8bd70b40 (console_lock){+.+.}-{0:0}, at: vprintk+0x80/0x90
[   48.352258][ T3601] 
[   48.352258][ T3601] stack backtrace:
[   48.352261][ T3601] CPU: 1 PID: 3601 Comm: syz-executor179 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0
[   48.352275][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.352282][ T3601] Call Trace:
[   48.352286][ T3601]  <TASK>
[   48.352290][ T3601]  dump_stack_lvl+0xcd/0x134
[   48.352307][ T3601]  check_noncircular+0x25f/0x2e0
[   48.352321][ T3601]  ? filter_irq_stacks+0x90/0x90
[   48.352337][ T3601]  ? print_circular_bug+0x1e0/0x1e0
[   48.352351][ T3601]  ? pointer+0x950/0x950
[   48.352364][ T3601]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   48.352379][ T3601]  ? add_lock_to_list.constprop.0+0x185/0x370
[   48.352395][ T3601]  __lock_acquire+0x2ac6/0x56c0
[   48.352412][ T3601]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   48.352427][ T3601]  ? msg_add_ext_text+0x1d0/0x1d0
[   48.352443][ T3601]  lock_acquire+0x1ab/0x510
[   48.352456][ T3601]  ? console_unlock+0x35e/0xdd0
[   48.352470][ T3601]  ? lock_release+0x720/0x720
[   48.352484][ T3601]  ? lock_downgrade+0x6e0/0x6e0
[   48.352497][ T3601]  ? do_raw_spin_lock+0x120/0x2a0
[   48.352522][ T3601]  ? rwlock_bug.part.0+0x90/0x90
[   48.352547][ T3601]  ? prb_final_commit+0x64/0xa0
[   48.352575][ T3601]  console_unlock+0x3b1/0xdd0
[   48.352592][ T3601]  ? console_unlock+0x35e/0xdd0
[   48.352606][ T3601]  ? devkmsg_read+0x730/0x730
[   48.352621][ T3601]  ? lock_release+0x720/0x720
[   48.352637][ T3601]  ? vprintk+0x80/0x90
[   48.352651][ T3601]  vprintk_emit+0x1b4/0x5f0
[   48.352665][ T3601]  ? add_lock_to_list.constprop.0+0x185/0x370
[   48.352680][ T3601]  vprintk+0x80/0x90
[   48.352694][ T3601]  _printk+0xba/0xed
[   48.352706][ T3601]  ? record_print_text.cold+0x16/0x16
[   48.352721][ T3601]  ? ___ratelimit+0x222/0x4b0
[   48.352734][ T3601]  should_fail+0x472/0x5a0
[   48.352746][ T3601]  should_failslab+0x5/0x10
[   48.352757][ T3601]  __kmalloc+0x7e/0x350
[   48.352768][ T3601]  ? tty_buffer_alloc+0x23f/0x2a0
[   48.352781][ T3601]  tty_buffer_alloc+0x23f/0x2a0
[   48.352794][ T3601]  __tty_buffer_request_room+0x156/0x2a0
[   48.352808][ T3601]  tty_insert_flip_string_fixed_flag+0x8c/0x240
[   48.352824][ T3601]  pty_write+0x11c/0x1e0
[   48.352838][ T3601]  n_tty_write+0xa7a/0xfc0
[   48.352850][ T3601]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   48.352862][ T3601]  ? _copy_from_iter+0x12b/0x15a0
[   48.352876][ T3601]  ? n_tty_check_unthrottle+0x440/0x440
[   48.352888][ T3601]  ? rcu_read_lock_sched_held+0x3a/0x70
[   48.352903][ T3601]  ? __init_waitqueue_head+0xd0/0xd0
[   48.352918][ T3601]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   48.352931][ T3601]  ? __phys_addr+0xc4/0x140
[   48.352945][ T3601]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   48.352958][ T3601]  ? __phys_addr_symbol+0x2c/0x70
[   48.352971][ T3601]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   48.352983][ T3601]  ? __check_object_size+0x16c/0x4f0
[   48.352998][ T3601]  file_tty_write.constprop.0+0x520/0x900
[   48.353016][ T3601]  ? n_tty_check_unthrottle+0x440/0x440
[   48.353030][ T3601]  new_sync_write+0x38a/0x560
[   48.353041][ T3601]  ? new_sync_read+0x5f0/0x5f0
[   48.353052][ T3601]  ? find_held_lock+0x2d/0x110
[   48.353067][ T3601]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   48.353080][ T3601]  ? security_file_permission+0xab/0xd0
[   48.353096][ T3601]  vfs_write+0x7c0/0xac0
[   48.353108][ T3601]  ksys_write+0x127/0x250
[   48.353120][ T3601]  ? __ia32_sys_read+0xb0/0xb0
[   48.353132][ T3601]  ? syscall_enter_from_user_mode_prepare+0x17/0x40
[   48.353147][ T3601]  __do_fast_syscall_32+0x65/0xf0
[   48.353162][ T3601]  do_fast_syscall_32+0x2f/0x70
[   48.353176][ T3601]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   48.353192][ T3601] RIP: 0023:0xf7eb3549
[   48.353202][ T3601] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   48.353214][ T3601] RSP: 002b:00000000ffe08cfc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   48.353226][ T3601] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080
[   48.353234][ T3601] RDX: 000000000000ff2e RSI: 0000000000000002 RDI: 0000000000040000
[   48.353242][ T3601] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   48.353250][ T3601] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   48.353257][ T3601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   48.353268][ T3601]  </TASK>
[   49.316768][ T3601] CPU: 1 PID: 3601 Comm: syz-executor179 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0
[   49.327249][ T3601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.337301][ T3601] Call Trace:
[   49.340570][ T3601]  <TASK>
[   49.343485][ T3601]  dump_stack_lvl+0xcd/0x134
[   49.348066][ T3601]  should_fail.cold+0x5/0xa
[   49.352555][ T3601]  should_failslab+0x5/0x10
[   49.357040][ T3601]  __kmalloc+0x7e/0x350
[   49.361176][ T3601]  ? tty_buffer_alloc+0x23f/0x2a0
[   49.366185][ T3601]  tty_buffer_alloc+0x23f/0x2a0
[   49.371017][ T3601]  __tty_buffer_request_room+0x156/0x2a0
[   49.376630][ T3601]  tty_insert_flip_string_fixed_flag+0x8c/0x240
[   49.382861][ T3601]  pty_write+0x11c/0x1e0
[   49.387091][ T3601]  n_tty_write+0xa7a/0xfc0
[   49.391489][ T3601]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   49.397203][ T3601]  ? _copy_from_iter+0x12b/0x15a0
[   49.402224][ T3601]  ? n_tty_check_unthrottle+0x440/0x440
[   49.407749][ T3601]  ? rcu_read_lock_sched_held+0x3a/0x70
[   49.413283][ T3601]  ? __init_waitqueue_head+0xd0/0xd0
[   49.418563][ T3601]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   49.424790][ T3601]  ? __phys_addr+0xc4/0x140
[   49.429291][ T3601]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   49.435515][ T3601]  ? __phys_addr_symbol+0x2c/0x70
[   49.440534][ T3601]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   49.446236][ T3601]  ? __check_object_size+0x16c/0x4f0
[   49.451512][ T3601]  file_tty_write.constprop.0+0x520/0x900
[   49.457225][ T3601]  ? n_tty_check_unthrottle+0x440/0x440
[   49.462769][ T3601]  new_sync_write+0x38a/0x560
[   49.467433][ T3601]  ? new_sync_read+0x5f0/0x5f0
[   49.472191][ T3601]  ? find_held_lock+0x2d/0x110
[   49.476945][ T3601]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   49.483166][ T3601]  ? security_file_permission+0xab/0xd0
[   49.488728][ T3601]  vfs_write+0x7c0/0xac0
[   49.492954][ T3601]  ksys_write+0x127/0x250
[   49.497266][ T3601]  ? __ia32_sys_read+0xb0/0xb0
[   49.502023][ T3601]  ? syscall_enter_from_user_mode_prepare+0x17/0x40
[   49.508594][ T3601]  __do_fast_syscall_32+0x65/0xf0
[   49.513605][ T3601]  do_fast_syscall_32+0x2f/0x70
[   49.518439][ T3601]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   49.524774][ T3601] RIP: 0023:0xf7eb3549
[   49.528837][ T3601] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   49.548433][ T3601] RSP: 002b:00000000ffe08cfc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   49.556827][ T3601] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080
[   49.564777][ T3601] RDX: 000000000000ff2e RSI: 0000000000000002 RDI: 0000000000040000
[   49.572731][ T3601] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   49.580682][ T3601] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   49.588637][ T3601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   49.596592][ T3601]  </TASK>
executing program
[   53.350219][ T3602] FAULT_INJECTION: forcing a failure.
[   53.350219][ T3602] name failslab, interval 1, probability 0, space 0, times 0
[   53.362807][ T3602] CPU: 0 PID: 3602 Comm: syz-executor179 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0
[   53.373285][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.383322][ T3602] Call Trace:
[   53.386594][ T3602]  <TASK>
[   53.389526][ T3602]  dump_stack_lvl+0xcd/0x134
[   53.394113][ T3602]  should_fail.cold+0x5/0xa
[   53.398609][ T3602]  should_failslab+0x5/0x10
[   53.403103][ T3602]  __kmalloc+0x7e/0x350
[   53.407249][ T3602]  ? tty_buffer_alloc+0x23f/0x2a0
[   53.412266][ T3602]  tty_buffer_alloc+0x23f/0x2a0
[   53.417108][ T3602]  __tty_buffer_request_room+0x156/0x2a0
[   53.422734][ T3602]  tty_insert_flip_string_fixed_flag+0x8c/0x240
[   53.428969][ T3602]  pty_write+0x11c/0x1e0
[   53.433204][ T3602]  n_tty_write+0xa7a/0xfc0
[   53.437609][ T3602]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   53.443320][ T3602]  ? _copy_from_iter+0x12b/0x15a0
[   53.448335][ T3602]  ? n_tty_check_unthrottle+0x440/0x440
[   53.453867][ T3602]  ? rcu_read_lock_sched_held+0xd/0x70
[   53.459341][ T3602]  ? __init_waitqueue_head+0xd0/0xd0
[   53.464618][ T3602]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   53.470847][ T3602]  ? __phys_addr+0xc4/0x140
[   53.475339][ T3602]  ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[   53.481568][ T3602]  ? __phys_addr_symbol+0x2c/0x70
[   53.486585][ T3602]  ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[   53.492291][ T3602]  ? __check_object_size+0x16c/0x4f0
[   53.497565][ T3602]  file_tty_write.constprop.0+0x520/0x900
[   53.503279][ T3602]  ? n_tty_check_unthrottle+0x440/0x440
[   53.508814][ T3602]  new_sync_write+0x38a/0x560
[   53.513482][ T3602]  ? new_sync_read+0x5f0/0x5f0
[   53.518251][ T3602]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   53.524480][ T3602]  ? security_file_permission+0xab/0xd0
[   53.530017][ T3602]  vfs_write+0x7c0/0xac0
[   53.534249][ T3602]  ksys_write+0x127/0x250
[   53.538565][ T3602]  ? __ia32_sys_read+0xb0/0xb0
[   53.543321][ T3602]  __do_fast_syscall_32+0x65/0xf0
[   53.548340][ T3602]  do_fast_syscall_32+0x2f/0x70
[   53.553180][ T3602]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[   53.559501][ T3602] RIP: 0023:0xf7eb3549
[   53.563556][ T3602] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   53.583150][ T3602] RSP: 002b:00000000ffe08cfc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   53.591548][ T3602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080
[   53.599507][ T3602] RDX: 000000000000ff2e RSI: 0000000000000002 RDI: 0000000000040000
[   53.607462][ T3602] RBP: 000000000000bcc1 R08: 0000000000000000 R09: 0000000000000000
[   53.615417][ T3602] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   53.623372][ T3602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   53.631331][ T3602]  </TASK>
executing program
[   58.351054][ T3603] FAULT_INJECTION: forcing a failure.
[   58.351054][ T3603] name failslab, interval 1, probability 0, space 0, times 0
[   58.363642][ T3603] CPU: 0 PID: 3603 Comm: syz-executor179 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91 #0
[   58.374126][ T3603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.384170][ T3603] Call Trace:
[   58.387447][ T3603]  <TASK>
[   58.390369][ T3603]  dump_stack_lvl+0xcd/0x134
[   58.394953][ T3603]  should_fail.cold+0x5/0xa