syzkaller login: [ 259.056736][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 267.846750][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 267.902599][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 267.949520][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:49679' (ECDSA) to the list of known hosts. 1970/01/01 00:05:22 fuzzer started 1970/01/01 00:05:35 dialing manager at localhost:37477 [ 343.471739][ T2026] cgroup: Unknown subsys name 'net' [ 344.434995][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:44 syscalls: 2918 1970/01/01 00:05:44 code coverage: enabled 1970/01/01 00:05:44 comparison tracing: enabled 1970/01/01 00:05:44 extra coverage: enabled 1970/01/01 00:05:44 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:44 setuid sandbox: enabled 1970/01/01 00:05:44 namespace sandbox: enabled 1970/01/01 00:05:44 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:44 fault injection: enabled 1970/01/01 00:05:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:44 net packet injection: enabled 1970/01/01 00:05:44 net device setup: enabled 1970/01/01 00:05:44 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:44 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:44 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:44 USB emulation: enabled 1970/01/01 00:05:44 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:44 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:44 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:44 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:50 fetching corpus: 50, signal 32519/35751 (executing program) 1970/01/01 00:05:54 fetching corpus: 100, signal 47733/52047 (executing program) 1970/01/01 00:05:59 fetching corpus: 150, signal 59799/65002 (executing program) 1970/01/01 00:06:01 fetching corpus: 198, signal 65154/71355 (executing program) 1970/01/01 00:06:03 fetching corpus: 248, signal 69142/76312 (executing program) 1970/01/01 00:06:05 fetching corpus: 298, signal 73182/81223 (executing program) 1970/01/01 00:06:07 fetching corpus: 348, signal 78104/86783 (executing program) 1970/01/01 00:06:09 fetching corpus: 398, signal 82682/91966 (executing program) 1970/01/01 00:06:12 fetching corpus: 448, signal 86661/96470 (executing program) 1970/01/01 00:06:15 fetching corpus: 497, signal 92309/102359 (executing program) 1970/01/01 00:06:18 fetching corpus: 547, signal 94500/105126 (executing program) 1970/01/01 00:06:21 fetching corpus: 597, signal 96803/107979 (executing program) 1970/01/01 00:06:23 fetching corpus: 646, signal 99958/111470 (executing program) 1970/01/01 00:06:25 fetching corpus: 696, signal 101817/113830 (executing program) 1970/01/01 00:06:28 fetching corpus: 745, signal 105403/117508 (executing program) 1970/01/01 00:06:32 fetching corpus: 795, signal 107917/120303 (executing program) 1970/01/01 00:06:37 fetching corpus: 845, signal 110666/123193 (executing program) 1970/01/01 00:06:39 fetching corpus: 895, signal 112942/125668 (executing program) 1970/01/01 00:06:41 fetching corpus: 944, signal 114635/127631 (executing program) 1970/01/01 00:06:45 fetching corpus: 994, signal 117329/130280 (executing program) 1970/01/01 00:06:47 fetching corpus: 1043, signal 120016/132890 (executing program) 1970/01/01 00:06:50 fetching corpus: 1092, signal 121400/134456 (executing program) 1970/01/01 00:06:53 fetching corpus: 1142, signal 122767/135993 (executing program) 1970/01/01 00:06:55 fetching corpus: 1191, signal 124626/137826 (executing program) 1970/01/01 00:06:58 fetching corpus: 1241, signal 126157/139405 (executing program) 1970/01/01 00:07:01 fetching corpus: 1291, signal 127307/140687 (executing program) 1970/01/01 00:07:03 fetching corpus: 1341, signal 129667/142784 (executing program) 1970/01/01 00:07:06 fetching corpus: 1391, signal 130891/144032 (executing program) 1970/01/01 00:07:09 fetching corpus: 1440, signal 133034/145897 (executing program) 1970/01/01 00:07:12 fetching corpus: 1490, signal 135217/147708 (executing program) 1970/01/01 00:07:14 fetching corpus: 1540, signal 137230/149355 (executing program) 1970/01/01 00:08:05 fetching corpus: 1590, signal 138930/150789 (executing program) 1970/01/01 00:08:09 fetching corpus: 1632, signal 139655/151612 (executing program) 1970/01/01 00:08:12 fetching corpus: 1681, signal 140551/152487 (executing program) 1970/01/01 00:08:17 fetching corpus: 1731, signal 141421/153339 (executing program) 1970/01/01 00:08:19 fetching corpus: 1781, signal 142205/154116 (executing program) 1970/01/01 00:08:21 fetching corpus: 1830, signal 143231/155045 (executing program) 1970/01/01 00:08:24 fetching corpus: 1880, signal 144211/155915 (executing program) 1970/01/01 00:08:26 fetching corpus: 1930, signal 145480/156850 (executing program) 1970/01/01 00:08:30 fetching corpus: 1980, signal 146361/157616 (executing program) 1970/01/01 00:08:33 fetching corpus: 2030, signal 148273/158847 (executing program) 1970/01/01 00:08:35 fetching corpus: 2079, signal 149520/159695 (executing program) 1970/01/01 00:08:38 fetching corpus: 2128, signal 150699/160475 (executing program) 1970/01/01 00:08:40 fetching corpus: 2177, signal 151781/161201 (executing program) 1970/01/01 00:08:44 fetching corpus: 2227, signal 153222/162068 (executing program) 1970/01/01 00:08:47 fetching corpus: 2277, signal 154445/162787 (executing program) 1970/01/01 00:08:49 fetching corpus: 2327, signal 155390/163387 (executing program) 1970/01/01 00:08:52 fetching corpus: 2377, signal 156297/163976 (executing program) 1970/01/01 00:08:55 fetching corpus: 2427, signal 157446/164599 (executing program) 1970/01/01 00:08:57 fetching corpus: 2477, signal 158693/165235 (executing program) 1970/01/01 00:09:01 fetching corpus: 2527, signal 159594/165723 (executing program) 1970/01/01 00:09:03 fetching corpus: 2577, signal 160834/166288 (executing program) 1970/01/01 00:09:07 fetching corpus: 2627, signal 161866/166753 (executing program) 1970/01/01 00:09:09 fetching corpus: 2676, signal 162611/167122 (executing program) 1970/01/01 00:09:11 fetching corpus: 2725, signal 163413/167475 (executing program) 1970/01/01 00:09:13 fetching corpus: 2775, signal 164239/167844 (executing program) 1970/01/01 00:09:16 fetching corpus: 2825, signal 165179/168221 (executing program) 1970/01/01 00:09:19 fetching corpus: 2874, signal 165857/168503 (executing program) 1970/01/01 00:09:21 fetching corpus: 2924, signal 166566/168762 (executing program) 1970/01/01 00:09:23 fetching corpus: 2959, signal 167001/168922 (executing program) 1970/01/01 00:09:23 fetching corpus: 2960, signal 167019/168998 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169039 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169085 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169139 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169191 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169239 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169270 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169320 (executing program) 1970/01/01 00:09:24 fetching corpus: 2960, signal 167019/169357 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169390 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169444 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169479 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169519 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169548 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169593 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169622 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169667 (executing program) 1970/01/01 00:09:25 fetching corpus: 2960, signal 167019/169695 (executing program) 1970/01/01 00:09:26 fetching corpus: 2960, signal 167019/169738 (executing program) 1970/01/01 00:09:26 fetching corpus: 2960, signal 167019/169770 (executing program) 1970/01/01 00:09:26 fetching corpus: 2960, signal 167019/169808 (executing program) 1970/01/01 00:09:26 fetching corpus: 2960, signal 167019/169852 (executing program) 1970/01/01 00:09:26 fetching corpus: 2960, signal 167019/169886 (executing program) 1970/01/01 00:09:26 fetching corpus: 2961, signal 167022/169911 (executing program) 1970/01/01 00:09:26 fetching corpus: 2961, signal 167022/169911 (executing program) 1970/01/01 00:11:14 starting 2 fuzzer processes 00:11:14 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x8000000) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r1, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000007, 0x13, r0, 0x0) syz_io_uring_submit(r2, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4142, 0x0) sendfile(r3, r3, 0x0, 0x100bfab) r4 = syz_open_procfs$userns(0x0, &(0x7f0000000100)) ioctl$NS_GET_PARENT(r4, 0x5460, 0xec000) 00:11:15 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x2f0, 0x0, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x258, 0xffffffff, 0xffffffff, 0x258, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x0, 0x0, 0x0, 0x22ff, 0x0, 0x0, 0x3}}, @common=@ah={{0x30}}]}, @common=@unspec=@AUDIT={0x28}}, {{@ip={@empty, @broadcast, 0x0, 0x0, 'nr0\x00', 'tunl0\x00'}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@set={{0x40}}, @common=@unspec=@helper={{0x48}, {0x0, 'RAS\x00'}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x350) [ 701.302050][ T2037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.475998][ T2037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 703.946893][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 704.056655][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.265813][ C0] ================================================================== [ 712.268458][ C0] BUG: KASAN: slab-out-of-bounds in walk_stackframe+0x11c/0x260 [ 712.270530][ C0] Read of size 8 at addr ffffaf800ce23f90 by task syz-executor.0/2037 [ 712.271757][ C0] [ 712.274300][ C0] CPU: 0 PID: 2037 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 712.275735][ C0] Hardware name: riscv-virtio,qemu (DT) [ 712.276710][ C0] Call Trace: [ 712.277486][ C0] [] dump_backtrace+0x2e/0x3c [ 712.279207][ C0] [] show_stack+0x34/0x40 [ 712.280868][ C0] [] dump_stack_lvl+0xe4/0x150 [ 712.281979][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 712.283185][ C0] [] kasan_report+0x184/0x1e0 [ 712.284248][ C0] [] __asan_load8+0x6e/0x96 [ 712.285276][ C0] [] walk_stackframe+0x11c/0x260 [ 712.286341][ C0] [] arch_stack_walk+0x2c/0x3c [ 712.287354][ C0] [] stack_trace_save+0xa6/0xd8 [ 712.289022][ C0] [] save_stack+0x112/0x16c [ 712.290262][ C0] [ 712.290916][ C0] Allocated by task 794645: [ 712.291585][ C0] (stack is not available) [ 712.292261][ C0] [ 712.292808][ C0] Last potentially related work creation: [ 712.293710][ C0] stack_trace_save+0xa6/0xd8 [ 712.295146][ C0] kasan_save_stack+0x2c/0x58 [ 712.296085][ C0] __kasan_kmalloc+0x80/0xb2 [ 712.297009][ C0] kmem_cache_alloc_trace+0x178/0x2e0 [ 712.298319][ C0] call_usermodehelper_setup+0x88/0x1ac [ 712.299978][ C0] kobject_uevent_env+0xa22/0xdfe [ 712.301038][ C0] kobject_uevent+0x22/0x2e [ 712.301899][ C0] kset_register+0xf8/0x114 [ 712.302754][ C0] __class_register+0x17c/0x2da [ 712.303588][ C0] __class_create+0x90/0xd6 [ 712.304430][ C0] usb_roles_init+0x2e/0x6e [ 712.305245][ C0] do_one_initcall+0x13a/0x7ea [ 712.306034][ C0] kernel_init_freeable+0x510/0x5b4 [ 712.306911][ C0] kernel_init+0x28/0x21c [ 712.307808][ C0] ret_from_exception+0x0/0x10 [ 712.309352][ C0] [ 712.310217][ C0] The buggy address belongs to the object at ffffaf800ce23e80 [ 712.310217][ C0] which belongs to the cache kernfs_node_cache of size 168 [ 712.311672][ C0] The buggy address is located 104 bytes to the right of [ 712.311672][ C0] 168-byte region [ffffaf800ce23e80, ffffaf800ce23f28) [ 712.313176][ C0] The buggy address belongs to the page: [ 712.314235][ C0] page:ffffaf807a9e89d8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8d023 [ 712.315543][ C0] flags: 0x8800000200(slab|section=17|node=0|zone=0) [ 712.317556][ C0] raw: 0000008800000200 0000000000000000 0000000000000122 ffffaf80072ed280 [ 712.319551][ C0] raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000 [ 712.321359][ C0] raw: 00000000000007ff [ 712.322114][ C0] page dumped because: kasan: bad access detected [ 712.323078][ C0] page_owner tracks the page as allocated [ 712.323851][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2037, ts 696402186700, free_ts 696361352700 [ 712.325524][ C0] __set_page_owner+0x48/0x136 [ 712.326411][ C0] post_alloc_hook+0xd0/0x10a [ 712.327276][ C0] get_page_from_freelist+0x8da/0x12d8 [ 712.328666][ C0] __alloc_pages+0x150/0x3b6 [ 712.330034][ C0] alloc_pages+0x132/0x2a6 [ 712.330973][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 712.331811][ C0] new_slab+0x76/0x2cc [ 712.332686][ C0] ___slab_alloc+0x56e/0x918 [ 712.333463][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 712.334509][ C0] kmem_cache_alloc+0x39c/0x3de [ 712.335527][ C0] __kernfs_new_node+0xfc/0x5f2 [ 712.336596][ C0] kernfs_new_node+0x66/0xbe [ 712.337548][ C0] __kernfs_create_file+0x4e/0x1e8 [ 712.338851][ C0] sysfs_add_file_mode_ns+0x138/0x254 [ 712.340051][ C0] internal_create_group+0x274/0x722 [ 712.340903][ C0] internal_create_groups.part.0+0x64/0xe8 [ 712.341816][ C0] page last free stack trace: [ 712.342393][ C0] __reset_page_owner+0x4a/0xea [ 712.343193][ C0] free_pcp_prepare+0x29c/0x45e [ 712.344075][ C0] free_unref_page_list+0x148/0x7fe [ 712.345158][ C0] release_pages+0x3f0/0xad0 [ 712.346129][ C0] free_pages_and_swap_cache+0x74/0x86 [ 712.347208][ C0] tlb_finish_mmu+0xe8/0x29a [ 712.348769][ C0] exit_mmap+0x170/0x412 [ 712.350546][ C0] mmput+0xee/0x2c2 [ 712.351532][ C0] free_bprm+0xbc/0x1de [ 712.352556][ C0] kernel_execve+0x214/0x288 [ 712.353485][ C0] call_usermodehelper_exec_async+0x1c0/0x2dc [ 712.354652][ C0] ret_from_exception+0x0/0x10 [ 712.355909][ C0] [ 712.356604][ C0] Memory state around the buggy address: [ 712.357977][ C0] ffffaf800ce23e80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 712.360013][ C0] ffffaf800ce23f00: 00 00 00 f3 f3 f3 f3 f3 fc fc fc fc fc fc fc fc [ 712.361225][ C0] >ffffaf800ce23f80: fc fc fc fc fc fc fc fc f1 f1 f1 f1 00 00 00 00 [ 712.362315][ C0] ^ [ 712.363257][ C0] ffffaf800ce24000: 00 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 [ 712.364380][ C0] ffffaf800ce24080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 712.365569][ C0] ================================================================== [ 712.366584][ C0] Disabling lock debugging due to kernel taint [ 712.370074][ T2037] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 712.370986][ T2037] CPU: 0 PID: 2037 Comm: syz-executor.0 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 712.371879][ T2037] Hardware name: riscv-virtio,qemu (DT) [ 712.372423][ T2037] Call Trace: [ 712.372847][ T2037] [] dump_backtrace+0x2e/0x3c [ 712.373554][ T2037] [] show_stack+0x34/0x40 [ 712.374254][ T2037] [] dump_stack_lvl+0xe4/0x150 [ 712.374967][ T2037] [] dump_stack+0x1c/0x24 [ 712.375725][ T2037] [] panic+0x24a/0x634 [ 712.376378][ T2037] [] schedule+0x0/0x14c [ 712.377064][ T2037] [] preempt_schedule_irq+0x4a/0x13e [ 712.378061][ T2037] [] resume_kernel+0x16/0x18 [ 712.379291][ T2037] SMP: stopping secondary CPUs [ 712.380971][ T2037] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:07:18 Registers: info registers vcpu 0 pc ffffffff80110fdc mhartid 0000000000000000 mstatus 00000000000001a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff80115bbc mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8011312c x2/sp ffffaf8010a2aec0 x3/gp ffffffff85863ac0 x4/tp ffffaf8010bd6100 x5/t0 fffff5ef020eb718 x6/t1 99480f053182a000 x7/t2 ffffffff83604ca0 x8/s0 ffffaf8010a2b180 x9/s1 ffffffff86d950e0 x10/a0 ffffaf8010bd6120 x11/a1 0000000000000003 x12/a2 1ffff5f001cb14b8 x13/a3 ffffffff8011587a x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80b09d26 x18/s2 0000000000000001 x19/s3 ffffffff84b73ec0 x20/s4 ffffffff838a0620 x21/s5 ffffffff831a2658 x22/s6 ffffffffffffffff x23/s7 ffffffff83637b40 x24/s8 ffffffff85889780 x25/s9 1ffff5f00214561c x26/s10 0000000000000122 x27/s11 ffffaf800ebdc520 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0021455e8 x31/t6 000000000000000f f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8010b250 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff80061052 mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a197a x2/sp ffffaf800ce236c0 x3/gp ffffffff85863ac0 x4/tp ffffaf8007563080 x5/t0 ffffffff86bcb657 x6/t1 99480f053182a000 x7/t2 0000000000000000 x8/s0 ffffaf800ce236d0 x9/s1 ffffaf8007563c80 x10/a0 0000000000000020 x11/a1 00000000000f0000 x12/a2 0000000000000507 x13/a3 0000000000000000 x14/a4 0000000000000001 x15/a5 ffffaf805a9c8840 x16/a6 0000000000f00000 x17/a7 ffffffff80dcc9fe x18/s2 0000000000000000 x19/s3 ffffffff84b73ec0 x20/s4 ffffaf8007564080 x21/s5 ffffffff8343c840 x22/s6 ffffffffffffffff x23/s7 0000000000000020 x24/s8 ffffffff86c1a620 x25/s9 000000000000000d x26/s10 ffffffff86e58918 x27/s11 ffffffff80dcca44 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0019c46bc x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000