syzkaller login: [ 282.859585][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 282.938303][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 283.033717][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 283.126843][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:32345' (ECDSA) to the list of known hosts. 1970/01/01 00:05:49 fuzzer started 1970/01/01 00:06:02 dialing manager at localhost:42307 [ 369.442100][ T2026] cgroup: Unknown subsys name 'net' [ 370.508961][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:10 syscalls: 2918 1970/01/01 00:06:10 code coverage: enabled 1970/01/01 00:06:10 comparison tracing: enabled 1970/01/01 00:06:10 extra coverage: enabled 1970/01/01 00:06:10 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:10 setuid sandbox: enabled 1970/01/01 00:06:10 namespace sandbox: enabled 1970/01/01 00:06:10 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:10 fault injection: enabled 1970/01/01 00:06:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:10 net packet injection: enabled 1970/01/01 00:06:10 net device setup: enabled 1970/01/01 00:06:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:10 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:06:10 USB emulation: enabled 1970/01/01 00:06:10 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:10 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:10 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:11 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:17 fetching corpus: 50, signal 32006/35240 (executing program) 1970/01/01 00:06:21 fetching corpus: 99, signal 44885/49303 (executing program) 1970/01/01 00:06:25 fetching corpus: 149, signal 58512/63795 (executing program) 1970/01/01 00:06:29 fetching corpus: 198, signal 65670/71872 (executing program) 1970/01/01 00:06:32 fetching corpus: 247, signal 69900/76988 (executing program) 1970/01/01 00:06:35 fetching corpus: 296, signal 75468/83316 (executing program) 1970/01/01 00:06:38 fetching corpus: 346, signal 78269/86999 (executing program) 1970/01/01 00:06:41 fetching corpus: 396, signal 82424/91836 (executing program) 1970/01/01 00:06:44 fetching corpus: 445, signal 86442/96388 (executing program) 1970/01/01 00:06:49 fetching corpus: 495, signal 92249/102427 (executing program) 1970/01/01 00:06:52 fetching corpus: 544, signal 95468/106099 (executing program) 1970/01/01 00:06:56 fetching corpus: 594, signal 97977/109159 (executing program) 1970/01/01 00:06:59 fetching corpus: 644, signal 100107/111867 (executing program) 1970/01/01 00:07:03 fetching corpus: 693, signal 102111/114411 (executing program) 1970/01/01 00:07:06 fetching corpus: 742, signal 104343/117032 (executing program) 1970/01/01 00:07:11 fetching corpus: 792, signal 106747/119800 (executing program) 1970/01/01 00:07:14 fetching corpus: 842, signal 109452/122698 (executing program) 1970/01/01 00:07:17 fetching corpus: 892, signal 111415/124958 (executing program) 1970/01/01 00:07:20 fetching corpus: 942, signal 113076/126989 (executing program) 1970/01/01 00:07:23 fetching corpus: 992, signal 114736/128911 (executing program) 1970/01/01 00:07:26 fetching corpus: 1040, signal 116567/130956 (executing program) 1970/01/01 00:07:30 fetching corpus: 1090, signal 118541/132994 (executing program) 1970/01/01 00:07:33 fetching corpus: 1140, signal 120489/135073 (executing program) 1970/01/01 00:07:36 fetching corpus: 1190, signal 122831/137370 (executing program) 1970/01/01 00:07:40 fetching corpus: 1240, signal 124674/139234 (executing program) 1970/01/01 00:07:43 fetching corpus: 1290, signal 126633/141136 (executing program) 1970/01/01 00:07:46 fetching corpus: 1338, signal 127960/142536 (executing program) 1970/01/01 00:07:48 fetching corpus: 1388, signal 130260/144541 (executing program) 1970/01/01 00:07:52 fetching corpus: 1438, signal 131550/145911 (executing program) 1970/01/01 00:07:55 fetching corpus: 1487, signal 133502/147672 (executing program) 1970/01/01 00:07:59 fetching corpus: 1536, signal 134785/148960 (executing program) 1970/01/01 00:08:03 fetching corpus: 1585, signal 135828/150038 (executing program) 1970/01/01 00:08:09 fetching corpus: 1635, signal 137334/151370 (executing program) 1970/01/01 00:08:13 fetching corpus: 1685, signal 138713/152566 (executing program) 1970/01/01 00:08:15 fetching corpus: 1734, signal 140093/153825 (executing program) 1970/01/01 00:08:18 fetching corpus: 1784, signal 142001/155309 (executing program) 1970/01/01 00:08:20 fetching corpus: 1834, signal 143205/156301 (executing program) 1970/01/01 00:08:22 fetching corpus: 1883, signal 144065/157128 (executing program) 1970/01/01 00:08:25 fetching corpus: 1933, signal 144987/157995 (executing program) 1970/01/01 00:08:27 fetching corpus: 1983, signal 146470/159080 (executing program) 1970/01/01 00:08:30 fetching corpus: 2033, signal 148833/160609 (executing program) 1970/01/01 00:08:33 fetching corpus: 2082, signal 150199/161606 (executing program) 1970/01/01 00:08:36 fetching corpus: 2132, signal 151043/162306 (executing program) 1970/01/01 00:08:38 fetching corpus: 2181, signal 151814/162985 (executing program) 1970/01/01 00:08:41 fetching corpus: 2231, signal 153182/163885 (executing program) 1970/01/01 00:08:45 fetching corpus: 2279, signal 154873/164917 (executing program) 1970/01/01 00:08:48 fetching corpus: 2328, signal 155851/165607 (executing program) 1970/01/01 00:08:51 fetching corpus: 2378, signal 156891/166236 (executing program) 1970/01/01 00:08:54 fetching corpus: 2426, signal 158132/166926 (executing program) 1970/01/01 00:08:57 fetching corpus: 2475, signal 159344/167596 (executing program) 1970/01/01 00:09:00 fetching corpus: 2523, signal 160555/168311 (executing program) 1970/01/01 00:09:03 fetching corpus: 2572, signal 161537/168858 (executing program) 1970/01/01 00:09:06 fetching corpus: 2621, signal 162447/169363 (executing program) 1970/01/01 00:09:09 fetching corpus: 2670, signal 163648/169969 (executing program) 1970/01/01 00:09:12 fetching corpus: 2720, signal 164539/170405 (executing program) 1970/01/01 00:09:15 fetching corpus: 2769, signal 165641/170940 (executing program) 1970/01/01 00:09:18 fetching corpus: 2817, signal 166284/171276 (executing program) 1970/01/01 00:09:21 fetching corpus: 2866, signal 167042/171624 (executing program) 1970/01/01 00:09:24 fetching corpus: 2915, signal 167710/171909 (executing program) 1970/01/01 00:09:28 fetching corpus: 2965, signal 168521/172213 (executing program) 1970/01/01 00:09:31 fetching corpus: 3015, signal 169231/172534 (executing program) 1970/01/01 00:09:34 fetching corpus: 3064, signal 171083/173113 (executing program) 1970/01/01 00:09:36 fetching corpus: 3078, signal 171411/173249 (executing program) 1970/01/01 00:09:36 fetching corpus: 3078, signal 171411/173297 (executing program) 1970/01/01 00:09:36 fetching corpus: 3078, signal 171411/173327 (executing program) 1970/01/01 00:09:36 fetching corpus: 3078, signal 171411/173350 (executing program) 1970/01/01 00:09:37 fetching corpus: 3079, signal 171447/173412 (executing program) 1970/01/01 00:09:37 fetching corpus: 3079, signal 171447/173453 (executing program) 1970/01/01 00:09:37 fetching corpus: 3079, signal 171447/173493 (executing program) 1970/01/01 00:09:37 fetching corpus: 3079, signal 171447/173528 (executing program) 1970/01/01 00:09:37 fetching corpus: 3079, signal 171447/173570 (executing program) 1970/01/01 00:09:38 fetching corpus: 3079, signal 171449/173612 (executing program) 1970/01/01 00:09:38 fetching corpus: 3079, signal 171449/173650 (executing program) 1970/01/01 00:09:38 fetching corpus: 3079, signal 171449/173696 (executing program) 1970/01/01 00:09:38 fetching corpus: 3079, signal 171449/173740 (executing program) 1970/01/01 00:09:38 fetching corpus: 3079, signal 171449/173778 (executing program) 1970/01/01 00:09:39 fetching corpus: 3079, signal 171449/173807 (executing program) 1970/01/01 00:09:39 fetching corpus: 3079, signal 171449/173838 (executing program) 1970/01/01 00:09:39 fetching corpus: 3079, signal 171449/173859 (executing program) 1970/01/01 00:09:39 fetching corpus: 3079, signal 171449/173901 (executing program) 1970/01/01 00:09:39 fetching corpus: 3079, signal 171449/173947 (executing program) 1970/01/01 00:09:39 fetching corpus: 3080, signal 171450/173991 (executing program) 1970/01/01 00:09:39 fetching corpus: 3080, signal 171450/174035 (executing program) 1970/01/01 00:09:40 fetching corpus: 3080, signal 171453/174060 (executing program) 1970/01/01 00:09:40 fetching corpus: 3080, signal 171453/174100 (executing program) 1970/01/01 00:09:40 fetching corpus: 3080, signal 171453/174138 (executing program) 1970/01/01 00:09:40 fetching corpus: 3080, signal 171453/174141 (executing program) 1970/01/01 00:09:40 fetching corpus: 3080, signal 171453/174141 (executing program) 1970/01/01 00:11:35 starting 2 fuzzer processes 00:11:36 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@ipv6_getroute={0x1c, 0x1a, 0x50b}, 0x1c}}, 0x0) 00:11:36 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x320, 0x25}) [ 726.355851][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.486684][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 730.213552][ T2042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 730.321503][ T2042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 738.466672][ T2040] device hsr_slave_0 entered promiscuous mode [ 738.537917][ T2040] device hsr_slave_1 entered promiscuous mode [ 745.398648][ T2042] device hsr_slave_0 entered promiscuous mode [ 745.451103][ T2042] device hsr_slave_1 entered promiscuous mode [ 745.496678][ T2042] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 745.500568][ T2042] Cannot create hsr debugfs directory [ 747.980335][ T2040] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 748.759278][ T2040] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 749.137605][ T2040] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 749.830957][ T2040] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 754.529426][ T2042] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 754.671400][ T2042] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 754.790846][ T2042] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 754.911599][ T2042] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 760.199270][ C0] ================================================================== [ 760.203430][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 760.206928][ C0] Read of size 8 at addr ffffaf800ef7fc00 by task syz-executor.1/2040 [ 760.210173][ C0] [ 760.211655][ C0] CPU: 0 PID: 2040 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 760.213578][ C0] Hardware name: riscv-virtio,qemu (DT) [ 760.215264][ C0] Call Trace: [ 760.216866][ C0] [] dump_backtrace+0x2e/0x3c [ 760.218395][ C0] [] show_stack+0x34/0x40 [ 760.219742][ C0] [] dump_stack_lvl+0xe4/0x150 [ 760.221283][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 760.223013][ C0] [] kasan_report+0x184/0x1e0 [ 760.225065][ C0] [] __asan_load8+0x6e/0x96 [ 760.226871][ C0] [] walk_stackframe+0x11c/0x260 [ 760.228324][ C0] [] arch_stack_walk+0x2c/0x3c [ 760.229695][ C0] [] stack_trace_save+0xa6/0xd8 [ 760.231146][ C0] [] kasan_save_stack+0x2c/0x58 [ 760.232539][ C0] [] kasan_set_track+0x1a/0x26 [ 760.234008][ C0] [] kasan_set_free_info+0x1e/0x3a [ 760.236030][ C0] [] ____kasan_slab_free+0x15e/0x180 [ 760.237601][ C0] [] __kasan_slab_free+0x10/0x18 [ 760.239060][ C0] [] slab_free_freelist_hook+0x8e/0x1cc [ 760.240752][ C0] [ 760.241646][ C0] Allocated by task 217651264: [ 760.242705][ C0] (stack is not available) [ 760.243614][ C0] [ 760.244572][ C0] Last potentially related work creation: [ 760.246387][ C0] stack_trace_save+0xa6/0xd8 [ 760.247670][ C0] kasan_save_stack+0x2c/0x58 [ 760.248941][ C0] __kasan_kmalloc+0x80/0xb2 [ 760.250104][ C0] __kmalloc+0x190/0x318 [ 760.251247][ C0] aa_str_alloc+0x26/0x64 [ 760.252354][ C0] aa_policy_init+0x15a/0x178 [ 760.253527][ C0] alloc_ns+0xae/0x46c [ 760.255164][ C0] aa_alloc_root_ns+0x24/0x46 [ 760.256468][ C0] apparmor_init+0x9e/0x47e [ 760.257594][ C0] initialize_lsm+0xac/0xfc [ 760.258743][ C0] security_init+0x510/0x53e [ 760.259917][ C0] start_kernel+0x60a/0x698 [ 760.261172][ C0] [ 760.261905][ C0] The buggy address belongs to the object at ffffaf800ef7f000 [ 760.261905][ C0] which belongs to the cache kmalloc-2k of size 2048 [ 760.263707][ C0] The buggy address is located 1024 bytes to the right of [ 760.263707][ C0] 2048-byte region [ffffaf800ef7f000, ffffaf800ef7f800) [ 760.266688][ C0] The buggy address belongs to the page: [ 760.268310][ C0] page:ffffaf807aa7e9c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8f178 [ 760.270125][ C0] head:ffffaf807aa7e9c0 order:3 compound_mapcount:0 compound_pincount:0 [ 760.271661][ C0] flags: 0x8800010200(slab|head|section=17|node=0|zone=0) [ 760.274588][ C0] raw: 0000008800010200 0000000000000000 0000000000000122 ffffaf8007202000 [ 760.276145][ C0] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 760.277554][ C0] raw: 00000000000007ff [ 760.278555][ C0] page dumped because: kasan: bad access detected [ 760.279893][ C0] page_owner tracks the page as allocated [ 760.280935][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 81053470300, free_ts 0 [ 760.283198][ C0] __set_page_owner+0x48/0x136 [ 760.284992][ C0] post_alloc_hook+0xd0/0x10a [ 760.286525][ C0] get_page_from_freelist+0x8da/0x12d8 [ 760.287796][ C0] __alloc_pages+0x150/0x3b6 [ 760.289002][ C0] alloc_page_interleave+0x2a/0x1cc [ 760.290264][ C0] alloc_pages+0x210/0x2a6 [ 760.291458][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 760.293031][ C0] new_slab+0x25a/0x2cc [ 760.295670][ C0] ___slab_alloc+0x56e/0x918 [ 760.297032][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 760.298381][ C0] __kmalloc+0x268/0x318 [ 760.299565][ C0] kzalloc.constprop.0+0x24/0x2e [ 760.300876][ C0] __register_sysctl_table+0xfc/0xcb0 [ 760.302216][ C0] register_net_sysctl+0x23e/0x2f6 [ 760.303537][ C0] __addrconf_sysctl_register+0x198/0x2c2 [ 760.305182][ C0] addrconf_init_net+0x164/0x34c [ 760.306566][ C0] page_owner free stack trace missing [ 760.307690][ C0] [ 760.308453][ C0] Memory state around the buggy address: [ 760.310165][ C0] ffffaf800ef7fb00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 760.311550][ C0] ffffaf800ef7fb80: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 760.312866][ C0] >ffffaf800ef7fc00: fc fc fc fc 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 760.314182][ C0] ^ [ 760.315567][ C0] ffffaf800ef7fc80: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 760.316871][ C0] ffffaf800ef7fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 760.318159][ C0] ================================================================== [ 760.319427][ C0] Disabling lock debugging due to kernel taint [ 760.325106][ T2040] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 760.326512][ T2040] CPU: 0 PID: 2040 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 760.327875][ T2040] Hardware name: riscv-virtio,qemu (DT) [ 760.328639][ T2040] Call Trace: [ 760.329481][ T2040] [] dump_backtrace+0x2e/0x3c [ 760.331112][ T2040] [] show_stack+0x34/0x40 [ 760.332297][ T2040] [] dump_stack_lvl+0xe4/0x150 [ 760.333518][ T2040] [] dump_stack+0x1c/0x24 [ 760.335269][ T2040] [] panic+0x24a/0x634 [ 760.336677][ T2040] [] schedule+0x0/0x14c [ 760.337811][ T2040] [] preempt_schedule_irq+0x4a/0x13e [ 760.339057][ T2040] [] resume_kernel+0x16/0x18 [ 760.340368][ T2040] SMP: stopping secondary CPUs [ 760.342513][ T2040] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:50:03 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80200f72 sepc ffffffff831afd22 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf800ef7f5d0 x3/gp ffffffff85863ac0 x4/tp ffffaf800cf91840 x5/t0 ffffffff86bcb657 x6/t1 a1ca2aa844a5c700 x7/t2 0000000000000000 x8/s0 ffffaf800ef7f600 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffff8f800066c000 x19/s3 000000000000002d x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb69b x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001defe68 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80201320 mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80119b52 sepc ffffffff80119b52 mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80201320 x2/sp ffffaf800f0cb450 x3/gp ffffffff85863ac0 x4/tp ffffaf800ac69840 x5/t0 0000000000046000 x6/t1 a1ca2aa844a5c700 x7/t2 ffffffffffffffff x8/s0 ffffaf800f0cb480 x9/s1 ffffaf800ac69840 x10/a0 0000000000000000 x11/a1 ffffaf800ac69840 x12/a2 0000000000010202 x13/a3 ffffffff8016c4de x14/a4 0000000000000003 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff8016d898 x18/s2 ffffffff8016c4ec x19/s3 7fffffffffffffff x20/s4 000000b0c935f280 x21/s5 7fffffffffffffff x22/s6 0000000000000000 x23/s7 0000000000000001 x24/s8 ffffaf805a9e7478 x25/s9 ffffaf805a9e7468 x26/s10 000000b0c935f280 x27/s11 ffffaf805a9e7448 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001e19624 x31/t6 000000000198a751 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000