syzkaller login: [  301.850277][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  310.330639][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  310.359395][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  320.260346][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:64150' (ECDSA) to the list of known hosts.
1970/01/01 00:06:15 fuzzer started
1970/01/01 00:06:28 dialing manager at localhost:39489
[  394.558618][ T2027] cgroup: Unknown subsys name 'net'
[  395.541267][ T2027] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:06:35 syscalls: 2870
1970/01/01 00:06:35 code coverage: enabled
1970/01/01 00:06:35 comparison tracing: enabled
1970/01/01 00:06:35 extra coverage: ioctl(KCOV_DISABLE) failed: invalid argument
1970/01/01 00:06:35 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:06:35 setuid sandbox: enabled
1970/01/01 00:06:35 namespace sandbox: enabled
1970/01/01 00:06:35 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:06:35 fault injection: enabled
1970/01/01 00:06:35 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:06:35 net packet injection: enabled
1970/01/01 00:06:35 net device setup: enabled
1970/01/01 00:06:35 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:06:35 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:06:35 USB emulation: enabled
1970/01/01 00:06:35 hci packet injection: /dev/vhci does not exist
1970/01/01 00:06:35 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:06:35 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:06:35 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:06:41 fetching corpus: 50, signal 32686/35486 (executing program)
1970/01/01 00:06:44 fetching corpus: 100, signal 43228/46858 (executing program)
1970/01/01 00:06:49 fetching corpus: 148, signal 54701/58748 (executing program)
1970/01/01 00:06:52 fetching corpus: 197, signal 61722/66113 (executing program)
1970/01/01 00:06:56 fetching corpus: 247, signal 69037/73484 (executing program)
1970/01/01 00:06:59 fetching corpus: 294, signal 72613/77337 (executing program)
1970/01/01 00:07:02 fetching corpus: 343, signal 76775/81525 (executing program)
1970/01/01 00:07:05 fetching corpus: 392, signal 84867/88880 (executing program)
1970/01/01 00:07:08 fetching corpus: 438, signal 87988/91973 (executing program)
1970/01/01 00:07:10 fetching corpus: 488, signal 92379/95906 (executing program)
1970/01/01 00:07:13 fetching corpus: 537, signal 95428/98631 (executing program)
1970/01/01 00:07:16 fetching corpus: 585, signal 97778/100679 (executing program)
1970/01/01 00:07:19 fetching corpus: 634, signal 99368/102104 (executing program)
1970/01/01 00:07:21 fetching corpus: 684, signal 102717/104761 (executing program)
1970/01/01 00:07:25 fetching corpus: 734, signal 104670/106311 (executing program)
1970/01/01 00:07:30 fetching corpus: 782, signal 106830/107937 (executing program)
1970/01/01 00:07:34 fetching corpus: 827, signal 108797/109336 (executing program)
1970/01/01 00:07:34 fetching corpus: 831, signal 108871/109410 (executing program)
1970/01/01 00:07:34 fetching corpus: 831, signal 108871/109438 (executing program)
1970/01/01 00:07:34 fetching corpus: 832, signal 108882/109472 (executing program)
1970/01/01 00:07:35 fetching corpus: 832, signal 108882/109507 (executing program)
1970/01/01 00:07:35 fetching corpus: 832, signal 108882/109524 (executing program)
1970/01/01 00:07:35 fetching corpus: 832, signal 108882/109550 (executing program)
1970/01/01 00:07:35 fetching corpus: 833, signal 108884/109581 (executing program)
1970/01/01 00:07:35 fetching corpus: 833, signal 108884/109609 (executing program)
1970/01/01 00:07:35 fetching corpus: 833, signal 108884/109640 (executing program)
1970/01/01 00:07:36 fetching corpus: 833, signal 108884/109679 (executing program)
1970/01/01 00:07:36 fetching corpus: 833, signal 108884/109710 (executing program)
1970/01/01 00:07:36 fetching corpus: 833, signal 108884/109739 (executing program)
1970/01/01 00:07:36 fetching corpus: 833, signal 108884/109776 (executing program)
1970/01/01 00:07:36 fetching corpus: 833, signal 108884/109805 (executing program)
1970/01/01 00:07:36 fetching corpus: 833, signal 108884/109839 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/109870 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/109902 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/109931 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/109960 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/110023 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/110055 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/110100 (executing program)
1970/01/01 00:07:37 fetching corpus: 833, signal 108884/110139 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110178 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110236 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110269 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110311 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110341 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110375 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110408 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110439 (executing program)
1970/01/01 00:07:38 fetching corpus: 833, signal 108884/110469 (executing program)
1970/01/01 00:07:39 fetching corpus: 833, signal 108884/110513 (executing program)
1970/01/01 00:07:39 fetching corpus: 833, signal 108884/110552 (executing program)
1970/01/01 00:07:39 fetching corpus: 833, signal 108884/110594 (executing program)
1970/01/01 00:07:39 fetching corpus: 833, signal 108884/110626 (executing program)
1970/01/01 00:07:39 fetching corpus: 833, signal 108884/110648 (executing program)
1970/01/01 00:07:39 fetching corpus: 833, signal 108884/110662 (executing program)
1970/01/01 00:07:39 fetching corpus: 833, signal 108884/110662 (executing program)
1970/01/01 00:09:41 starting 2 fuzzer processes
00:09:41 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000006500)={0x0, 0x0, &(0x7f00000064c0)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101}], {0x14}}, 0x64}}, 0x0)

00:09:41 executing program 1:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000000))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r1, &(0x7f0000000080), 0x10)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000040)=[{}], 0x8)

[  614.702575][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  614.855070][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  618.128748][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  618.352829][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  630.033581][ T2038] device hsr_slave_0 entered promiscuous mode
[  630.119994][ T2038] device hsr_slave_1 entered promiscuous mode
[  633.721055][ T2039] device hsr_slave_0 entered promiscuous mode
[  633.770578][ T2039] device hsr_slave_1 entered promiscuous mode
[  633.789609][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  633.794447][ T2039] Cannot create hsr debugfs directory
[  636.973789][    C0] ==================================================================
[  636.976887][    C0] BUG: KASAN: slab-out-of-bounds in __bfs+0x154/0x394
[  636.979587][    C0] Read of size 8 at addr ffffaf8010303b50 by task syz-executor.0/2039
[  636.980922][    C0] 
[  636.983167][    C0] CPU: 0 PID: 2039 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  636.984918][    C0] Hardware name: riscv-virtio,qemu (DT)
[  636.986028][    C0] Call Trace:
[  636.987067][    C0] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  636.988691][    C0] [<ffffffff831668cc>] show_stack+0x34/0x40
[  636.989830][    C0] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  636.990967][    C0] [<ffffffff8047479e>] print_address_description.constprop.0+0x2a/0x330
[  636.992403][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[  636.993601][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[  636.994838][    C0] [<ffffffff8010dd9a>] __bfs+0x154/0x394
[  636.995837][    C0] [<ffffffff8010e52a>] check_path.constprop.0+0x24/0x46
[  636.997585][    C0] [<ffffffff8010f95c>] check_noncircular+0x11a/0x1fe
[  636.999451][    C0] [<ffffffff80113c26>] __lock_acquire+0x19a4/0x333e
[  637.000631][    C0] [<ffffffff80116582>] lock_acquire.part.0+0x1d0/0x424
[  637.001897][    C0] [<ffffffff8011682a>] lock_acquire+0x54/0x6a
[  637.003044][    C0] [<ffffffff80416d44>] get_page_from_freelist+0xbc2/0x12d8
[  637.004520][    C0] 
[  637.005196][    C0] Allocated by task 2038:
[  637.006060][    C0]  stack_trace_save+0xa6/0xd8
[  637.007461][    C0]  kasan_save_stack+0x2c/0x58
[  637.008597][    C0]  __kasan_kmalloc+0x80/0xb2
[  637.009592][    C0]  __kmalloc+0x190/0x318
[  637.010562][    C0]  kobject_get_path+0xac/0x16e
[  637.011614][    C0]  kobject_uevent_env+0x1de/0xdfe
[  637.012728][    C0]  kobject_uevent+0x22/0x2e
[  637.013694][    C0]  net_rx_queue_update_kobjects+0xd6/0x3c6
[  637.014885][    C0]  netdev_register_kobject+0x166/0x208
[  637.015932][    C0]  register_netdevice+0x8ee/0xc6a
[  637.017342][    C0]  veth_newlink+0x30e/0x7dc
[  637.018343][    C0]  __rtnl_newlink+0xc16/0xfa0
[  637.019354][    C0]  rtnl_newlink+0x60/0x8c
[  637.020547][    C0]  rtnetlink_rcv_msg+0x338/0x9a0
[  637.021558][    C0]  netlink_rcv_skb+0xf8/0x2be
[  637.022562][    C0]  rtnetlink_rcv+0x26/0x30
[  637.023493][    C0]  netlink_unicast+0x40e/0x5fe
[  637.024405][    C0]  netlink_sendmsg+0x4e0/0x994
[  637.025330][    C0]  sock_sendmsg+0xa0/0xc4
[  637.026318][    C0]  __sys_sendto+0x1f2/0x2e0
[  637.027202][    C0]  sys_sendto+0x3e/0x52
[  637.028034][    C0]  ret_from_syscall+0x0/0x2
[  637.029049][    C0] 
[  637.029622][    C0] The buggy address belongs to the object at ffffaf8010303b00
[  637.029622][    C0]  which belongs to the cache kmalloc-64 of size 64
[  637.031190][    C0] The buggy address is located 16 bytes to the right of
[  637.031190][    C0]  64-byte region [ffffaf8010303b00, ffffaf8010303b40)
[  637.032800][    C0] The buggy address belongs to the page:
[  637.034777][    C0] page:ffffaf807aad68d8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90503
[  637.036280][    C0] flags: 0x9000000200(slab|section=18|node=0|zone=0)
[  637.038803][    C0] raw: 0000009000000200 0000000000000000 0000000000000122 ffffaf8007201640
[  637.040088][    C0] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[  637.041142][    C0] raw: 00000000000007ff
[  637.041942][    C0] page dumped because: kasan: bad access detected
[  637.043034][    C0] page_owner tracks the page as allocated
[  637.043807][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2457, ts 627705598000, free_ts 621603118000
[  637.045678][    C0]  __set_page_owner+0x48/0x136
[  637.046737][    C0]  post_alloc_hook+0xd0/0x10a
[  637.047714][    C0]  get_page_from_freelist+0x8da/0x12d8
[  637.048705][    C0]  __alloc_pages+0x150/0x3b6
[  637.049723][    C0]  alloc_pages+0x132/0x2a6
[  637.066584][    C0]  alloc_slab_page.constprop.0+0xc2/0xfa
[  637.067999][    C0]  new_slab+0x76/0x2cc
[  637.068903][    C0]  ___slab_alloc+0x56e/0x918
[  637.069891][    C0]  __slab_alloc.constprop.0+0x50/0x8c
[  637.070910][    C0]  __kmalloc+0x268/0x318
[  637.071857][    C0]  tomoyo_encode2.part.0+0xf0/0x264
[  637.072887][    C0]  tomoyo_realpath_from_path+0x14c/0x3f4
[  637.073948][    C0]  tomoyo_check_open_permission+0x282/0x348
[  637.074936][    C0]  tomoyo_file_open+0x78/0x7c
[  637.075855][    C0]  security_file_open+0x44/0x9a
[  637.077000][    C0]  do_dentry_open+0x1c6/0x7d4
[  637.078495][    C0] page last free stack trace:
[  637.079155][    C0]  __reset_page_owner+0x4a/0xea
[  637.080043][    C0]  free_pcp_prepare+0x29c/0x45e
[  637.080955][    C0]  free_unref_page+0x6a/0x31e
[  637.081878][    C0]  __free_pages+0xe2/0x112
[  637.082790][    C0]  __free_slab+0x122/0x27c
[  637.083682][    C0]  discard_slab+0x4c/0x7a
[  637.084576][    C0]  __slab_free+0x20a/0x29c
[  637.085495][    C0]  ___cache_free+0x17c/0x354
[  637.086652][    C0]  qlist_free_all+0x7c/0x132
[  637.087892][    C0]  kasan_quarantine_reduce+0x14c/0x1c8
[  637.088917][    C0]  __kasan_slab_alloc+0x5c/0x98
[  637.089916][    C0]  __kmalloc+0x156/0x318
[  637.090793][    C0]  tomoyo_realpath_from_path+0x9c/0x3f4
[  637.091783][    C0]  tomoyo_path_perm+0x1fc/0x3a8
[  637.092665][    C0]  tomoyo_inode_getattr+0x1e/0x28
[  637.093607][    C0]  security_inode_getattr+0x82/0xc6
[  637.094850][    C0] 
[  637.095430][    C0] Memory state around the buggy address:
[  637.096617][    C0]  ffffaf8010303a00: f1 f1 f1 f1 00 f3 f3 f3 fc fc fc fc fc fc fc fc
[  637.099921][    C0]  ffffaf8010303a80: fa fb fb fb fb fb fb fb fc fc fc fc 00 00 00 00
[  637.102471][    C0] >ffffaf8010303b00: f1 f1 f1 f1 00 f2 f2 f2 fc fc fc fc 00 00 00 f3
[  637.103462][    C0]                                                  ^
[  637.104410][    C0]  ffffaf8010303b80: f3 f3 f3 f3 fb fb fb fb fc fc fc fc fc fc fc fc
[  637.105408][    C0]  ffffaf8010303c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  637.106493][    C0] ==================================================================
[  637.108052][    C0] Disabling lock debugging due to kernel taint
[  637.114416][ T2039] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  637.115782][ T2039] CPU: 0 PID: 2039 Comm: syz-executor.0 Tainted: G    B             5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  637.118129][ T2039] Hardware name: riscv-virtio,qemu (DT)
[  637.118913][ T2039] Call Trace:
[  637.119452][ T2039] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  637.120503][ T2039] [<ffffffff831668cc>] show_stack+0x34/0x40
[  637.121420][ T2039] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  637.122526][ T2039] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  637.123570][ T2039] [<ffffffff83166fa8>] panic+0x24a/0x634
[  637.124500][ T2039] [<ffffffff831a688a>] schedule+0x0/0x14c
[  637.125488][ T2039] [<ffffffff831a70f8>] preempt_schedule_irq+0x4a/0x13e
[  637.127019][ T2039] [<ffffffff800057cc>] resume_kernel+0x16/0x18
[  637.128261][ T2039] SMP: stopping secondary CPUs
[  637.130424][ T2039] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:21:03  Registers:
info registers vcpu 0
 pc       ffffffff80474724
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80475986
 sepc     ffffffff80115bbc
 mcause   8000000000000007
 scause   8000000000000009
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80474724 x2/sp ffffaf80103038e0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800b9dc8c0 x5/t0 ffffffff86bcb657 x6/t1 fffff5ef0b53910c x7/t2 0000000000000000
 x8/s0 ffffaf80103038f0 x9/s1 ffffaf8010303b50 x10/a0 0000000090503b50 x11/a1 00000000000f0000
 x12/a2 0000000000000504 x13/a3 ffffffff80014bc6 x14/a4 ffffaf800b9dc8c0 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffaf805a9c8863 x18/s2 ffffaf8010303b50 x19/s3 ffffffff8010dd9a
 x20/s4 0000000000000000 x21/s5 ffffffff85863560 x22/s6 ffffffff8588bb20 x23/s7 ffffffff85e09180
 x24/s8 ffffaf8010303a60 x25/s9 ffffaf800b9dd468 x26/s10 ffffffff85899680 x27/s11 ffffaf800b9dc8c0
 x28/t3 ffffffff801163b2 x29/t4 fffff5ef0b53910c x30/t5 fffff5ef0b53910d x31/t6 ffffaf8010303438
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff80475986
 mhartid  0000000000000001
 mstatus  00000000000000a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff804759c8
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff80119b52 x2/sp ffffaf800b11f7e0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800e5bb080 x5/t0 00000000000001f8 x6/t1 f2ead475ac995e00 x7/t2 ffffffffffffffff
 x8/s0 ffffaf800b11f820 x9/s1 ffffaf80103f1898 x10/a0 ffffaf80103f1898 x11/a1 0000000000000003
 x12/a2 1ffff5f00207e313 x13/a3 ffffffff80119b52 x14/a4 0000000000000000 x15/a5 0000000000000001
 x16/a6 0000000000f00000 x17/a7 ffffffff826e6226 x18/s2 0000000000000001 x19/s3 ffffaf800e5bb080
 x20/s4 ffffaf80103f18a8 x21/s5 ffffaf80103f18a0 x22/s6 ffffaf800b11f960 x23/s7 ffffaf800b11fb00
 x24/s8 0000000000000000 x25/s9 0000000000004000 x26/s10 0000000000000040 x27/s11 0000000000000001
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001623eb4 x31/t6 000000000137797d
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000