====================================================== WARNING: possible circular locking dependency detected 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 Not tainted ------------------------------------------------------ syz.8.2174/13866 is trying to acquire lock: ffff88802463ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88802463ef30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x1bc/0x280 net/hsr/hsr_device.c:234 but task is already holding lock: ffff88805fbf6d18 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff88805fbf6d18 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: __netif_tx_lock include/linux/netdevice.h:4445 [inline] ffff88805fbf6d18 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: sch_direct_xmit+0x340/0xc30 net/sched/sch_generic.c:341 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}: __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] __netif_tx_lock include/linux/netdevice.h:4445 [inline] sch_direct_xmit+0x340/0xc30 net/sched/sch_generic.c:341 __dev_xmit_skb net/core/dev.c:3827 [inline] __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] hsr_xmit net/hsr/hsr_forward.c:430 [inline] hsr_forward_do net/hsr/hsr_forward.c:571 [inline] hsr_forward_skb+0xca3/0x2650 net/hsr/hsr_forward.c:730 hsr_dev_xmit+0x1c7/0x280 net/hsr/hsr_device.c:235 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606 __dev_queue_xmit+0x7f0/0x43e0 net/core/dev.c:4434 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_connected_output+0x45c/0x630 net/core/neighbour.c:1543 neigh_output include/net/neighbour.h:539 [inline] ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netfilter.h:308 [inline] mld_sendpack+0x9f0/0x11d0 net/ipv6/mcast.c:1819 mld_send_cr net/ipv6/mcast.c:2120 [inline] mld_ifc_work+0x740/0xca0 net/ipv6/mcast.c:2651 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #0 (&hsr->seqnr_lock){+.-.}-{3:3}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] hsr_dev_xmit+0x1bc/0x280 net/hsr/hsr_device.c:234 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606 __dev_queue_xmit+0x7f0/0x43e0 net/core/dev.c:4434 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_connected_output+0x45c/0x630 net/core/neighbour.c:1543 neigh_output include/net/neighbour.h:539 [inline] ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ndisc_send_skb+0xa69/0x1c50 net/ipv6/ndisc.c:511 ndisc_send_ns+0xc7/0x150 net/ipv6/ndisc.c:669 ndisc_solicit+0x2f7/0x510 net/ipv6/ndisc.c:761 neigh_probe+0xcb/0x110 net/core/neighbour.c:1026 __neigh_event_send+0xace/0x13e0 net/core/neighbour.c:1193 neigh_event_send_probe include/net/neighbour.h:463 [inline] neigh_event_send include/net/neighbour.h:469 [inline] neigh_event_send include/net/neighbour.h:467 [inline] neigh_resolve_output+0x5ed/0x950 net/core/neighbour.c:1498 neigh_output include/net/neighbour.h:539 [inline] ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] ip6_local_out+0xcd/0x4a0 net/ipv6/output_core.c:155 ip6_send_skb+0x112/0x460 net/ipv6/ip6_output.c:1976 ip6_push_pending_frames+0xe0/0x110 net/ipv6/ip6_output.c:1997 icmpv6_push_pending_frames+0x2dc/0x460 net/ipv6/icmp.c:311 icmp6_send+0x1c4a/0x2970 net/ipv6/icmp.c:630 __icmpv6_send include/linux/icmpv6.h:28 [inline] icmpv6_send include/linux/icmpv6.h:49 [inline] ip6_link_failure+0x31/0x5a0 net/ipv6/route.c:2799 dst_link_failure include/net/dst.h:429 [inline] ip_tunnel_xmit+0x2f54/0x3580 net/ipv4/ip_tunnel.c:864 __gre_xmit+0x8bc/0xc00 net/ipv4/ip_gre.c:484 erspan_xmit+0x570/0x25b0 net/ipv4/ip_gre.c:743 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606 sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343 __dev_xmit_skb net/core/dev.c:3827 [inline] __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_resolve_output net/core/neighbour.c:1514 [inline] neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494 neigh_output include/net/neighbour.h:539 [inline] ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] rawv6_send_hdrinc net/ipv6/raw.c:661 [inline] rawv6_sendmsg+0x2306/0x4440 net/ipv6/raw.c:914 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] ____sys_sendmsg+0x98c/0xc90 net/socket.c:2583 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2637 __sys_sendmmsg+0x201/0x420 net/socket.c:2726 __do_sys_sendmmsg net/socket.c:2753 [inline] __se_sys_sendmmsg net/socket.c:2750 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2750 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&qdisc_xmit_lock_key#3); lock(&hsr->seqnr_lock); lock(&qdisc_xmit_lock_key#3); lock(&hsr->seqnr_lock); *** DEADLOCK *** 12 locks held by syz.8.2174/13866: #0: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #0: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rawv6_send_hdrinc net/ipv6/raw.c:659 [inline] #0: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rawv6_sendmsg+0x2153/0x4440 net/ipv6/raw.c:914 #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x3db/0x2070 net/ipv6/ip6_output.c:126 #2: ffffffff8e1bb4a0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline] #2: ffffffff8e1bb4a0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline] #2: ffffffff8e1bb4a0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x277/0x43e0 net/core/dev.c:4359 #3: ffff88807ebf9258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline] #3: ffff88807ebf9258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:197 [inline] #3: ffff88807ebf9258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}, at: qdisc_run_begin include/net/sch_generic.h:194 [inline] #3: ffff88807ebf9258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}, at: __dev_xmit_skb net/core/dev.c:3814 [inline] #3: ffff88807ebf9258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{3:3}, at: __dev_queue_xmit+0x11b2/0x43e0 net/core/dev.c:4400 #4: ffff88805fbf6d18 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #4: ffff88805fbf6d18 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: __netif_tx_lock include/linux/netdevice.h:4445 [inline] #4: ffff88805fbf6d18 (&qdisc_xmit_lock_key#3){+.-.}-{3:3}, at: sch_direct_xmit+0x340/0xc30 net/sched/sch_generic.c:341 #5: ffff8880320d0958 (k-slock-AF_INET6){+.-.}-{3:3}, at: spin_trylock include/linux/spinlock.h:361 [inline] #5: ffff8880320d0958 (k-slock-AF_INET6){+.-.}-{3:3}, at: icmpv6_xmit_lock net/ipv6/icmp.c:108 [inline] #5: ffff8880320d0958 (k-slock-AF_INET6){+.-.}-{3:3}, at: icmp6_send+0x8a4/0x2970 net/ipv6/icmp.c:551 #6: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #6: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #6: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: icmp6_send+0xfec/0x2970 net/ipv6/icmp.c:619 #7: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #7: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #7: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: ip6_send_skb+0xc4/0x460 net/ipv6/ip6_output.c:1975 #8: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #8: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #8: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x3db/0x2070 net/ipv6/ip6_output.c:126 #9: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #9: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #9: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x8a0/0x1c50 net/ipv6/ndisc.c:507 #10: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #10: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #10: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x3db/0x2070 net/ipv6/ip6_output.c:126 #11: ffffffff8e1bb4a0 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline] #11: ffffffff8e1bb4a0 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline] #11: ffffffff8e1bb4a0 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x277/0x43e0 net/core/dev.c:4359 stack backtrace: CPU: 1 UID: 0 PID: 13866 Comm: syz.8.2174 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_circular_bug+0x419/0x5d0 kernel/locking/lockdep.c:2074 check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] hsr_dev_xmit+0x1bc/0x280 net/hsr/hsr_device.c:234 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606 __dev_queue_xmit+0x7f0/0x43e0 net/core/dev.c:4434 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_connected_output+0x45c/0x630 net/core/neighbour.c:1543 neigh_output include/net/neighbour.h:539 [inline] ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ndisc_send_skb+0xa69/0x1c50 net/ipv6/ndisc.c:511 ndisc_send_ns+0xc7/0x150 net/ipv6/ndisc.c:669 ndisc_solicit+0x2f7/0x510 net/ipv6/ndisc.c:761 neigh_probe+0xcb/0x110 net/core/neighbour.c:1026 __neigh_event_send+0xace/0x13e0 net/core/neighbour.c:1193 neigh_event_send_probe include/net/neighbour.h:463 [inline] neigh_event_send include/net/neighbour.h:469 [inline] neigh_event_send include/net/neighbour.h:467 [inline] neigh_resolve_output+0x5ed/0x950 net/core/neighbour.c:1498 neigh_output include/net/neighbour.h:539 [inline] ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] ip6_local_out+0xcd/0x4a0 net/ipv6/output_core.c:155 ip6_send_skb+0x112/0x460 net/ipv6/ip6_output.c:1976 ip6_push_pending_frames+0xe0/0x110 net/ipv6/ip6_output.c:1997 icmpv6_push_pending_frames+0x2dc/0x460 net/ipv6/icmp.c:311 icmp6_send+0x1c4a/0x2970 net/ipv6/icmp.c:630 __icmpv6_send include/linux/icmpv6.h:28 [inline] icmpv6_send include/linux/icmpv6.h:49 [inline] ip6_link_failure+0x31/0x5a0 net/ipv6/route.c:2799 dst_link_failure include/net/dst.h:429 [inline] ip_tunnel_xmit+0x2f54/0x3580 net/ipv4/ip_tunnel.c:864 __gre_xmit+0x8bc/0xc00 net/ipv4/ip_gre.c:484 erspan_xmit+0x570/0x25b0 net/ipv4/ip_gre.c:743 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3606 sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343 __dev_xmit_skb net/core/dev.c:3827 [inline] __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_resolve_output net/core/neighbour.c:1514 [inline] neigh_resolve_output+0x5bc/0x950 net/core/neighbour.c:1494 neigh_output include/net/neighbour.h:539 [inline] ip6_finish_output2+0xb1b/0x2070 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0x3f9/0x1360 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x1f8/0x540 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] rawv6_send_hdrinc net/ipv6/raw.c:661 [inline] rawv6_sendmsg+0x2306/0x4440 net/ipv6/raw.c:914 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] ____sys_sendmsg+0x98c/0xc90 net/socket.c:2583 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2637 __sys_sendmmsg+0x201/0x420 net/socket.c:2726 __do_sys_sendmmsg net/socket.c:2753 [inline] __se_sys_sendmmsg net/socket.c:2750 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2750 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f9e1677ff19 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9e145f6058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f9e16945fa0 RCX: 00007f9e1677ff19 RDX: 0000000000000002 RSI: 0000000020001e80 RDI: 0000000000000003 RBP: 00007f9e167f3cc8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f9e16945fa0 R15: 00007ffe0084a428 syz.8.2174 (13866) used greatest stack depth: 19888 bytes left