syzkaller login: [ 273.889441][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 283.430124][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 283.517305][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 283.551207][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:51799' (ECDSA) to the list of known hosts. 1970/01/01 00:05:46 fuzzer started 1970/01/01 00:06:00 dialing manager at localhost:43587 [ 366.462011][ T2031] cgroup: Unknown subsys name 'net' [ 367.482182][ T2031] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:07 syscalls: 2893 1970/01/01 00:06:07 code coverage: enabled 1970/01/01 00:06:07 comparison tracing: enabled 1970/01/01 00:06:07 extra coverage: enabled 1970/01/01 00:06:07 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:07 setuid sandbox: enabled 1970/01/01 00:06:07 namespace sandbox: enabled 1970/01/01 00:06:07 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:07 fault injection: enabled 1970/01/01 00:06:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:07 net packet injection: enabled 1970/01/01 00:06:07 net device setup: enabled 1970/01/01 00:06:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:07 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:07 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:07 USB emulation: enabled 1970/01/01 00:06:07 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:07 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:07 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:07 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:14 fetching corpus: 50, signal 29834/32969 (executing program) 1970/01/01 00:06:17 fetching corpus: 100, signal 41295/45581 (executing program) 1970/01/01 00:06:22 fetching corpus: 149, signal 54564/59518 (executing program) 1970/01/01 00:06:26 fetching corpus: 199, signal 62724/68341 (executing program) 1970/01/01 00:06:29 fetching corpus: 248, signal 68826/75068 (executing program) 1970/01/01 00:06:32 fetching corpus: 296, signal 75212/81888 (executing program) 1970/01/01 00:06:35 fetching corpus: 345, signal 79098/86368 (executing program) 1970/01/01 00:06:38 fetching corpus: 394, signal 81570/89454 (executing program) 1970/01/01 00:06:40 fetching corpus: 443, signal 87199/95213 (executing program) 1970/01/01 00:06:44 fetching corpus: 493, signal 91891/100001 (executing program) 1970/01/01 00:06:47 fetching corpus: 541, signal 95920/104080 (executing program) 1970/01/01 00:06:51 fetching corpus: 590, signal 99911/108025 (executing program) 1970/01/01 00:06:55 fetching corpus: 640, signal 102649/110910 (executing program) 1970/01/01 00:06:57 fetching corpus: 689, signal 104957/113363 (executing program) 1970/01/01 00:07:00 fetching corpus: 738, signal 106604/115231 (executing program) 1970/01/01 00:07:04 fetching corpus: 788, signal 108771/117434 (executing program) 1970/01/01 00:07:07 fetching corpus: 838, signal 110620/119374 (executing program) 1970/01/01 00:07:11 fetching corpus: 887, signal 112739/121413 (executing program) 1970/01/01 00:07:14 fetching corpus: 936, signal 115073/123540 (executing program) 1970/01/01 00:07:17 fetching corpus: 986, signal 117045/125386 (executing program) 1970/01/01 00:07:20 fetching corpus: 1034, signal 118809/126998 (executing program) 1970/01/01 00:07:23 fetching corpus: 1083, signal 120340/128361 (executing program) 1970/01/01 00:07:26 fetching corpus: 1133, signal 122334/130018 (executing program) 1970/01/01 00:07:29 fetching corpus: 1180, signal 123534/131129 (executing program) 1970/01/01 00:07:32 fetching corpus: 1230, signal 125670/132831 (executing program) 1970/01/01 00:07:34 fetching corpus: 1280, signal 127334/134174 (executing program) 1970/01/01 00:07:37 fetching corpus: 1329, signal 129551/135787 (executing program) 1970/01/01 00:07:40 fetching corpus: 1379, signal 130651/136706 (executing program) 1970/01/01 00:07:42 fetching corpus: 1426, signal 131930/137656 (executing program) 1970/01/01 00:07:46 fetching corpus: 1476, signal 133301/138664 (executing program) 1970/01/01 00:07:49 fetching corpus: 1526, signal 134796/139698 (executing program) 1970/01/01 00:07:52 fetching corpus: 1576, signal 135895/140451 (executing program) 1970/01/01 00:07:56 fetching corpus: 1626, signal 137747/141558 (executing program) 1970/01/01 00:07:59 fetching corpus: 1674, signal 139354/142475 (executing program) 1970/01/01 00:08:02 fetching corpus: 1723, signal 140637/143211 (executing program) 1970/01/01 00:08:04 fetching corpus: 1773, signal 141663/143783 (executing program) 1970/01/01 00:08:07 fetching corpus: 1823, signal 142621/144275 (executing program) 1970/01/01 00:08:08 fetching corpus: 1851, signal 143332/144664 (executing program) 1970/01/01 00:08:09 fetching corpus: 1851, signal 143345/144721 (executing program) 1970/01/01 00:08:09 fetching corpus: 1851, signal 143345/144765 (executing program) 1970/01/01 00:08:09 fetching corpus: 1851, signal 143345/144809 (executing program) 1970/01/01 00:08:09 fetching corpus: 1851, signal 143345/144851 (executing program) 1970/01/01 00:08:09 fetching corpus: 1851, signal 143345/144893 (executing program) 1970/01/01 00:08:09 fetching corpus: 1852, signal 143418/144996 (executing program) 1970/01/01 00:08:10 fetching corpus: 1852, signal 143418/145031 (executing program) 1970/01/01 00:08:10 fetching corpus: 1852, signal 143418/145066 (executing program) 1970/01/01 00:08:10 fetching corpus: 1852, signal 143430/145102 (executing program) 1970/01/01 00:08:10 fetching corpus: 1852, signal 143430/145132 (executing program) 1970/01/01 00:08:10 fetching corpus: 1852, signal 143430/145164 (executing program) 1970/01/01 00:08:11 fetching corpus: 1852, signal 143430/145201 (executing program) 1970/01/01 00:08:11 fetching corpus: 1852, signal 143430/145234 (executing program) 1970/01/01 00:08:11 fetching corpus: 1852, signal 143430/145277 (executing program) 1970/01/01 00:08:11 fetching corpus: 1852, signal 143430/145318 (executing program) 1970/01/01 00:08:11 fetching corpus: 1852, signal 143430/145353 (executing program) 1970/01/01 00:08:11 fetching corpus: 1852, signal 143430/145380 (executing program) 1970/01/01 00:08:12 fetching corpus: 1852, signal 143430/145420 (executing program) 1970/01/01 00:08:12 fetching corpus: 1852, signal 143430/145456 (executing program) 1970/01/01 00:08:12 fetching corpus: 1852, signal 143430/145482 (executing program) 1970/01/01 00:08:12 fetching corpus: 1852, signal 143430/145512 (executing program) 1970/01/01 00:08:12 fetching corpus: 1852, signal 143430/145551 (executing program) 1970/01/01 00:08:12 fetching corpus: 1852, signal 143430/145587 (executing program) 1970/01/01 00:08:12 fetching corpus: 1852, signal 143430/145609 (executing program) 1970/01/01 00:08:13 fetching corpus: 1852, signal 143430/145637 (executing program) 1970/01/01 00:08:13 fetching corpus: 1853, signal 143449/145671 (executing program) 1970/01/01 00:08:13 fetching corpus: 1853, signal 143449/145708 (executing program) 1970/01/01 00:08:13 fetching corpus: 1853, signal 143449/145741 (executing program) 1970/01/01 00:08:13 fetching corpus: 1853, signal 143449/145776 (executing program) 1970/01/01 00:08:13 fetching corpus: 1853, signal 143449/145813 (executing program) 1970/01/01 00:08:13 fetching corpus: 1853, signal 143449/145848 (executing program) 1970/01/01 00:08:14 fetching corpus: 1853, signal 143449/145880 (executing program) 1970/01/01 00:08:14 fetching corpus: 1853, signal 143449/145911 (executing program) 1970/01/01 00:08:14 fetching corpus: 1853, signal 143449/145950 (executing program) 1970/01/01 00:08:14 fetching corpus: 1853, signal 143449/145950 (executing program) 1970/01/01 00:10:08 starting 2 fuzzer processes 00:10:08 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000180)=0x5, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0x34000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/96, 0x60}], 0x1) 00:10:08 executing program 1: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000140)={0x0, 0x6}) [ 638.715561][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 638.838304][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 638.925207][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 639.771161][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 651.368194][ T2038] device hsr_slave_0 entered promiscuous mode [ 651.405467][ T2038] device hsr_slave_1 entered promiscuous mode [ 653.429878][ T2039] device hsr_slave_0 entered promiscuous mode [ 653.478593][ T2039] device hsr_slave_1 entered promiscuous mode [ 653.637511][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 653.640539][ T2039] Cannot create hsr debugfs directory [ 661.065154][ T2038] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 661.200598][ T2038] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 661.300531][ T2038] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 661.604773][ T2038] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 662.639769][ T2039] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 662.836235][ T2039] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 663.014485][ T2039] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 663.110164][ T2039] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 664.084225][ C0] ================================================================== [ 664.087811][ C0] BUG: KASAN: slab-out-of-bounds in riscv_intc_irq+0x24/0xc8 [ 664.089404][ C0] Read of size 8 at addr ffffaf802076ff30 by task syz-executor.0/2039 [ 664.090972][ C0] [ 664.092886][ C0] CPU: 0 PID: 2039 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 664.094687][ C0] Hardware name: riscv-virtio,qemu (DT) [ 664.095894][ C0] Call Trace: [ 664.096872][ C0] [] dump_backtrace+0x2e/0x3c [ 664.098228][ C0] [] show_stack+0x34/0x40 [ 664.099444][ C0] [] dump_stack_lvl+0xe4/0x150 [ 664.100698][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 664.102139][ C0] [] kasan_report+0x184/0x1e0 [ 664.104001][ C0] [] __asan_load8+0x6e/0x96 [ 664.105225][ C0] [] riscv_intc_irq+0x24/0xc8 [ 664.106462][ C0] [] generic_handle_arch_irq+0x36/0x54 [ 664.107725][ C0] [] ret_from_exception+0x0/0x10 [ 664.108907][ C0] [] walk_stackframe+0xa0/0x260 [ 664.110349][ C0] [ 664.111141][ C0] Allocated by task 0: [ 664.111956][ C0] (stack is not available) [ 664.113685][ C0] [ 664.115082][ C0] Last potentially related work creation: [ 664.117057][ C0] stack_trace_save+0xa6/0xd8 [ 664.118474][ C0] kasan_save_stack+0x2c/0x58 [ 664.119607][ C0] __kasan_kmalloc+0x80/0xb2 [ 664.120667][ C0] __kmalloc+0x190/0x318 [ 664.122080][ C0] kobject_get_path+0xac/0x16e [ 664.123522][ C0] kobject_uevent_env+0x1de/0xdfe [ 664.124719][ C0] kobject_uevent+0x22/0x2e [ 664.125871][ C0] kset_register+0xf8/0x114 [ 664.126976][ C0] bus_register+0x17e/0x6de [ 664.128092][ C0] subsys_virtual_register+0x34/0x7a [ 664.129300][ C0] wq_sysfs_init+0x24/0x6c [ 664.130271][ C0] do_one_initcall+0x13a/0x7ea [ 664.131266][ C0] kernel_init_freeable+0x510/0x5b4 [ 664.132419][ C0] kernel_init+0x28/0x21c [ 664.134078][ C0] ret_from_exception+0x0/0x10 [ 664.135197][ C0] [ 664.135913][ C0] Second to last potentially related work creation: [ 664.136829][ C0] stack_trace_save+0xa6/0xd8 [ 664.138900][ C0] kasan_save_stack+0x2c/0x58 [ 664.140924][ C0] __kasan_slab_alloc+0x8e/0x98 [ 664.142678][ C0] __kmem_cache_create+0x34c/0x688 [ 664.145429][ C0] create_boot_cache+0x72/0x9c [ 664.147378][ C0] kmem_cache_init+0xe4/0x1ba [ 664.149639][ C0] mm_init+0x10a/0x138 [ 664.150502][ C0] start_kernel+0x20e/0x698 [ 664.151444][ C0] [ 664.151985][ C0] The buggy address belongs to the object at ffffaf802076fe80 [ 664.151985][ C0] which belongs to the cache kernfs_node_cache of size 168 [ 664.153406][ C0] The buggy address is located 8 bytes to the right of [ 664.153406][ C0] 168-byte region [ffffaf802076fe80, ffffaf802076ff28) [ 664.154701][ C0] The buggy address belongs to the page: [ 664.155723][ C0] page:ffffaf807af6a738 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa096f [ 664.156945][ C0] flags: 0xa000000200(slab|section=20|node=0|zone=0) [ 664.158846][ C0] raw: 000000a000000200 0000000000000000 0000000000000122 ffffaf80072ed280 [ 664.159877][ C0] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000 [ 664.160776][ C0] raw: 00000000000007ff [ 664.161476][ C0] page dumped because: kasan: bad access detected [ 664.162969][ C0] page_owner tracks the page as allocated [ 664.164024][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2039, ts 623901312500, free_ts 623820495300 [ 664.173064][ C0] __set_page_owner+0x48/0x136 [ 664.174491][ C0] post_alloc_hook+0xd0/0x10a [ 664.175488][ C0] get_page_from_freelist+0x8da/0x12d8 [ 664.176757][ C0] __alloc_pages+0x150/0x3b6 [ 664.177811][ C0] alloc_pages+0x132/0x2a6 [ 664.178862][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 664.179977][ C0] new_slab+0x76/0x2cc [ 664.180948][ C0] ___slab_alloc+0x56e/0x918 [ 664.181969][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 664.183546][ C0] kmem_cache_alloc+0x39c/0x3de [ 664.185054][ C0] __kernfs_new_node+0xfc/0x5f2 [ 664.186291][ C0] kernfs_new_node+0x66/0xbe [ 664.187333][ C0] __kernfs_create_file+0x4e/0x1e8 [ 664.188392][ C0] sysfs_add_file_mode_ns+0x138/0x254 [ 664.189495][ C0] sysfs_create_file_ns+0x100/0x15a [ 664.190545][ C0] device_create_file+0x9c/0x130 [ 664.191716][ C0] page last free stack trace: [ 664.192702][ C0] __reset_page_owner+0x4a/0xea [ 664.194112][ C0] free_pcp_prepare+0x29c/0x45e [ 664.195180][ C0] free_unref_page_list+0x148/0x7fe [ 664.196290][ C0] release_pages+0x3f0/0xad0 [ 664.197358][ C0] free_pages_and_swap_cache+0x74/0x86 [ 664.198535][ C0] tlb_finish_mmu+0xe8/0x29a [ 664.199571][ C0] exit_mmap+0x170/0x412 [ 664.200570][ C0] mmput+0xee/0x2c2 [ 664.201594][ C0] free_bprm+0xbc/0x1de [ 664.202790][ C0] kernel_execve+0x214/0x288 [ 664.204125][ C0] call_usermodehelper_exec_async+0x1c0/0x2dc [ 664.205354][ C0] ret_from_exception+0x0/0x10 [ 664.206571][ C0] [ 664.207540][ C0] Memory state around the buggy address: [ 664.213156][ C0] ffffaf802076fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 664.214503][ C0] ffffaf802076fe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 664.215596][ C0] >ffffaf802076ff00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 664.216619][ C0] ^ [ 664.217791][ C0] ffffaf802076ff80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 664.219368][ C0] ffffaf8020770000: f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 664.220783][ C0] ================================================================== [ 664.222771][ C0] Disabling lock debugging due to kernel taint [ 664.230169][ T2039] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 664.231556][ T2039] CPU: 0 PID: 2039 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 664.232819][ T2039] Hardware name: riscv-virtio,qemu (DT) [ 664.233511][ T2039] Call Trace: [ 664.234631][ T2039] [] dump_backtrace+0x2e/0x3c [ 664.235875][ T2039] [] show_stack+0x34/0x40 [ 664.236772][ T2039] [] dump_stack_lvl+0xe4/0x150 [ 664.237776][ T2039] [] dump_stack+0x1c/0x24 [ 664.238733][ T2039] [] panic+0x24a/0x634 [ 664.239608][ T2039] [] schedule+0x0/0x14c [ 664.240550][ T2039] [] preempt_schedule_irq+0x4a/0x13e [ 664.241597][ T2039] [] resume_kernel+0x16/0x18 [ 664.242825][ T2039] SMP: stopping secondary CPUs [ 664.244784][ T2039] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:57:57 Registers: info registers vcpu 0 pc ffffffff80475986 mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80009fd6 sepc ffffffff80009fd6 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8010ef76 x2/sp ffffaf802076fac0 x3/gp ffffffff85863ac0 x4/tp ffffaf8007493080 x5/t0 ffffffff86bd9348 x6/t1 bba79335fde1cf00 x7/t2 0000000000000000 x8/s0 ffffaf802076fb30 x9/s1 ffffffff84a88600 x10/a0 ffffaf80074930a0 x11/a1 0000000000000000 x12/a2 0000000000000001 x13/a3 0000000000000000 x14/a4 0000000000000001 x15/a5 0000000000000000 x16/a6 ffffffff80121ba4 x17/a7 ffffffff801073d4 x18/s2 ffffaf8007493080 x19/s3 0000000000000001 x20/s4 0000000000000000 x21/s5 0000000000000001 x22/s6 0000000000000000 x23/s7 ffffffff80121ba4 x24/s8 0000000000000000 x25/s9 ffffffff8588a420 x26/s10 ffffaf8020770020 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0040edf14 x31/t6 ffffffff86bd934b f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80119af8 mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fff9e13bd30 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff802010e8 x2/sp ffffaf800d39b6d0 x3/gp ffffffff85863ac0 x4/tp ffffaf800bbfc8c0 x5/t0 fffff5ef01eb85a5 x6/t1 bba79335fde1cf00 x7/t2 0000000000000018 x8/s0 ffffaf800d39b700 x9/s1 ffffaf800bbfd300 x10/a0 ffffaf805a9e45e8 x11/a1 0000000000000007 x12/a2 1ffff5f00177fa58 x13/a3 ffffffff80112e7c x14/a4 fffffffef0b1899a x15/a5 ffffaf800bbfd2d8 x16/a6 ffffffff866d04d8 x17/a7 ffffffff803e7a46 x18/s2 ffffffff858c4cd0 x19/s3 ffffffff836290e0 x20/s4 ffffaf800ff18950 x21/s5 ffffaf800e643670 x22/s6 0000000000000006 x23/s7 ffffaf800e643668 x24/s8 ffffaf800ff18c80 x25/s9 ffffaf800e643600 x26/s10 ffffaf800e643680 x27/s11 ffffffff803e79a4 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001a736c4 x31/t6 000000000000000f f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000