[ 292.309231][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 292.370313][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 312.134616][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:40883' (ECDSA) to the list of known hosts. 1970/01/01 00:05:55 fuzzer started 1970/01/01 00:06:09 dialing manager at localhost:35921 [ 375.846709][ T2038] cgroup: Unknown subsys name 'net' [ 377.079752][ T2038] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:16 syscalls: 2818 1970/01/01 00:06:16 code coverage: enabled 1970/01/01 00:06:16 comparison tracing: enabled 1970/01/01 00:06:16 extra coverage: enabled 1970/01/01 00:06:16 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:16 setuid sandbox: enabled 1970/01/01 00:06:16 namespace sandbox: enabled 1970/01/01 00:06:16 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:16 fault injection: enabled 1970/01/01 00:06:16 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:16 net packet injection: enabled 1970/01/01 00:06:16 net device setup: enabled 1970/01/01 00:06:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:17 USB emulation: enabled 1970/01/01 00:06:17 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:17 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:17 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:17 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:22 fetching corpus: 50, signal 31652/35017 (executing program) 1970/01/01 00:06:24 fetching corpus: 100, signal 41197/45937 (executing program) 1970/01/01 00:06:28 fetching corpus: 150, signal 50657/56594 (executing program) 1970/01/01 00:06:32 fetching corpus: 200, signal 57361/64442 (executing program) 1970/01/01 00:06:35 fetching corpus: 250, signal 65885/73841 (executing program) 1970/01/01 00:06:38 fetching corpus: 300, signal 68619/77711 (executing program) 1970/01/01 00:06:41 fetching corpus: 349, signal 72255/82363 (executing program) 1970/01/01 00:06:44 fetching corpus: 399, signal 76285/87316 (executing program) 1970/01/01 00:06:47 fetching corpus: 449, signal 79488/91467 (executing program) 1970/01/01 00:06:49 fetching corpus: 499, signal 82062/94968 (executing program) 1970/01/01 00:06:51 fetching corpus: 549, signal 84864/98601 (executing program) 1970/01/01 00:06:54 fetching corpus: 599, signal 87852/102348 (executing program) 1970/01/01 00:06:57 fetching corpus: 649, signal 90684/105883 (executing program) 1970/01/01 00:07:01 fetching corpus: 699, signal 93481/109360 (executing program) 1970/01/01 00:07:04 fetching corpus: 749, signal 96303/112760 (executing program) 1970/01/01 00:07:07 fetching corpus: 799, signal 99711/116633 (executing program) 1970/01/01 00:07:09 fetching corpus: 848, signal 101173/118879 (executing program) 1970/01/01 00:07:12 fetching corpus: 898, signal 104032/122180 (executing program) 1970/01/01 00:07:15 fetching corpus: 948, signal 105727/124517 (executing program) 1970/01/01 00:07:19 fetching corpus: 997, signal 108349/127586 (executing program) 1970/01/01 00:07:21 fetching corpus: 1047, signal 111340/130837 (executing program) 1970/01/01 00:07:23 fetching corpus: 1096, signal 113426/133282 (executing program) 1970/01/01 00:07:26 fetching corpus: 1146, signal 116953/136893 (executing program) 1970/01/01 00:07:28 fetching corpus: 1195, signal 118997/139268 (executing program) 1970/01/01 00:07:31 fetching corpus: 1245, signal 120419/141119 (executing program) 1970/01/01 00:07:34 fetching corpus: 1295, signal 122037/143088 (executing program) 1970/01/01 00:07:37 fetching corpus: 1344, signal 123659/145081 (executing program) 1970/01/01 00:07:40 fetching corpus: 1394, signal 125344/147041 (executing program) 1970/01/01 00:07:43 fetching corpus: 1444, signal 126682/148720 (executing program) 1970/01/01 00:07:46 fetching corpus: 1494, signal 128196/150489 (executing program) 1970/01/01 00:07:48 fetching corpus: 1543, signal 129652/152197 (executing program) 1970/01/01 00:07:53 fetching corpus: 1593, signal 131365/154060 (executing program) 1970/01/01 00:07:56 fetching corpus: 1643, signal 132499/155483 (executing program) 1970/01/01 00:07:59 fetching corpus: 1693, signal 134073/157098 (executing program) 1970/01/01 00:08:04 fetching corpus: 1742, signal 135116/158408 (executing program) 1970/01/01 00:08:08 fetching corpus: 1792, signal 137322/160433 (executing program) 1970/01/01 00:08:10 fetching corpus: 1841, signal 138884/161959 (executing program) 1970/01/01 00:08:13 fetching corpus: 1891, signal 140392/163491 (executing program) 1970/01/01 00:08:16 fetching corpus: 1941, signal 141589/164765 (executing program) 1970/01/01 00:08:19 fetching corpus: 1990, signal 143497/166498 (executing program) 1970/01/01 00:08:21 fetching corpus: 2040, signal 144515/167641 (executing program) 1970/01/01 00:08:24 fetching corpus: 2090, signal 146017/169029 (executing program) 1970/01/01 00:08:28 fetching corpus: 2139, signal 146878/170082 (executing program) 1970/01/01 00:08:30 fetching corpus: 2189, signal 147798/171131 (executing program) 1970/01/01 00:08:34 fetching corpus: 2239, signal 149227/172430 (executing program) 1970/01/01 00:08:37 fetching corpus: 2289, signal 150446/173568 (executing program) 1970/01/01 00:08:41 fetching corpus: 2339, signal 151343/174507 (executing program) 1970/01/01 00:08:45 fetching corpus: 2389, signal 152482/175565 (executing program) 1970/01/01 00:08:48 fetching corpus: 2439, signal 153351/176446 (executing program) 1970/01/01 00:08:52 fetching corpus: 2489, signal 154212/177346 (executing program) 1970/01/01 00:08:56 fetching corpus: 2539, signal 155046/178211 (executing program) 1970/01/01 00:08:59 fetching corpus: 2589, signal 155981/179123 (executing program) 1970/01/01 00:09:03 fetching corpus: 2639, signal 156985/180055 (executing program) 1970/01/01 00:09:07 fetching corpus: 2689, signal 157878/180870 (executing program) 1970/01/01 00:09:10 fetching corpus: 2739, signal 158610/181615 (executing program) 1970/01/01 00:09:13 fetching corpus: 2789, signal 159585/182446 (executing program) 1970/01/01 00:09:15 fetching corpus: 2839, signal 160537/183243 (executing program) 1970/01/01 00:09:18 fetching corpus: 2889, signal 161323/183925 (executing program) 1970/01/01 00:09:22 fetching corpus: 2938, signal 161921/184515 (executing program) 1970/01/01 00:09:25 fetching corpus: 2988, signal 162809/185244 (executing program) 1970/01/01 00:09:27 fetching corpus: 3037, signal 163602/185894 (executing program) 1970/01/01 00:09:30 fetching corpus: 3087, signal 164467/186563 (executing program) 1970/01/01 00:09:34 fetching corpus: 3136, signal 165159/187151 (executing program) 1970/01/01 00:09:36 fetching corpus: 3186, signal 166136/187833 (executing program) 1970/01/01 00:09:39 fetching corpus: 3235, signal 166972/188470 (executing program) 1970/01/01 00:09:43 fetching corpus: 3285, signal 167935/189139 (executing program) 1970/01/01 00:09:45 fetching corpus: 3334, signal 168403/189612 (executing program) 1970/01/01 00:09:49 fetching corpus: 3384, signal 169219/190225 (executing program) 1970/01/01 00:09:51 fetching corpus: 3434, signal 170176/190802 (executing program) 1970/01/01 00:09:53 fetching corpus: 3484, signal 171186/191380 (executing program) 1970/01/01 00:09:55 fetching corpus: 3533, signal 171951/191901 (executing program) 1970/01/01 00:09:59 fetching corpus: 3583, signal 172914/192414 (executing program) 1970/01/01 00:10:02 fetching corpus: 3633, signal 173592/192843 (executing program) 1970/01/01 00:10:04 fetching corpus: 3683, signal 174216/193270 (executing program) 1970/01/01 00:10:07 fetching corpus: 3733, signal 176302/194075 (executing program) 1970/01/01 00:10:11 fetching corpus: 3783, signal 177418/194587 (executing program) 1970/01/01 00:10:16 fetching corpus: 3832, signal 178264/195036 (executing program) 1970/01/01 00:10:20 fetching corpus: 3882, signal 179559/195566 (executing program) 1970/01/01 00:10:23 fetching corpus: 3932, signal 180385/195936 (executing program) 1970/01/01 00:10:26 fetching corpus: 3981, signal 181044/196240 (executing program) 1970/01/01 00:10:28 fetching corpus: 4031, signal 181740/196607 (executing program) 1970/01/01 00:10:30 fetching corpus: 4081, signal 182198/196872 (executing program) 1970/01/01 00:10:32 fetching corpus: 4131, signal 182784/197136 (executing program) 1970/01/01 00:10:36 fetching corpus: 4181, signal 183407/197403 (executing program) 1970/01/01 00:10:38 fetching corpus: 4230, signal 183975/197702 (executing program) 1970/01/01 00:10:41 fetching corpus: 4280, signal 185186/198034 (executing program) 1970/01/01 00:10:43 fetching corpus: 4330, signal 185760/198253 (executing program) 1970/01/01 00:10:46 fetching corpus: 4379, signal 186436/198516 (executing program) 1970/01/01 00:10:49 fetching corpus: 4429, signal 187170/198726 (executing program) 1970/01/01 00:10:53 fetching corpus: 4479, signal 187903/198910 (executing program) 1970/01/01 00:10:55 fetching corpus: 4528, signal 188449/199066 (executing program) 1970/01/01 00:10:58 fetching corpus: 4578, signal 189153/199258 (executing program) 1970/01/01 00:11:00 fetching corpus: 4628, signal 189779/199408 (executing program) 1970/01/01 00:11:03 fetching corpus: 4677, signal 190436/199571 (executing program) 1970/01/01 00:11:06 fetching corpus: 4726, signal 191123/199685 (executing program) 1970/01/01 00:11:08 fetching corpus: 4776, signal 191809/199782 (executing program) 1970/01/01 00:11:11 fetching corpus: 4826, signal 192397/199880 (executing program) 1970/01/01 00:11:13 fetching corpus: 4876, signal 193045/199962 (executing program) 1970/01/01 00:11:16 fetching corpus: 4926, signal 193478/200038 (executing program) 1970/01/01 00:11:19 fetching corpus: 4976, signal 194013/200038 (executing program) 1970/01/01 00:11:23 fetching corpus: 5026, signal 194532/200067 (executing program) 1970/01/01 00:11:25 fetching corpus: 5076, signal 195217/200067 (executing program) 1970/01/01 00:11:29 fetching corpus: 5126, signal 195740/200067 (executing program) 1970/01/01 00:11:32 fetching corpus: 5176, signal 196315/200067 (executing program) 1970/01/01 00:11:35 fetching corpus: 5226, signal 196882/200067 (executing program) 1970/01/01 00:11:37 fetching corpus: 5276, signal 197254/200069 (executing program) 1970/01/01 00:11:40 fetching corpus: 5326, signal 197657/200069 (executing program) 1970/01/01 00:11:43 fetching corpus: 5358, signal 197944/200069 (executing program) 1970/01/01 00:11:43 fetching corpus: 5359, signal 197945/200069 (executing program) 1970/01/01 00:11:43 fetching corpus: 5359, signal 197945/200069 (executing program) 1970/01/01 00:14:04 starting 2 fuzzer processes 00:14:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@call]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:14:04 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$FBIOGET_FSCREENINFO(r0, 0x4602, &(0x7f0000000000)) [ 876.985343][ T2055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 877.149583][ T2053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 877.285664][ T2055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 877.381896][ T2053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 901.509921][ T2055] device hsr_slave_0 entered promiscuous mode [ 901.646237][ T2055] device hsr_slave_1 entered promiscuous mode [ 905.738184][ T2053] device hsr_slave_0 entered promiscuous mode [ 905.847410][ T2053] device hsr_slave_1 entered promiscuous mode [ 905.898953][ T2053] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 905.910729][ T2053] Cannot create hsr debugfs directory [ 919.482522][ T2055] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 919.875213][ T2055] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 920.336801][ T2055] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 920.762172][ T2055] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 922.130159][ T2053] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 922.321047][ T2053] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 922.581100][ T2053] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 922.900260][ T2053] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 943.304971][ T2055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 943.512177][ T2053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 944.581561][ C0] ================================================================== [ 944.586303][ C0] BUG: KASAN: use-after-free in walk_stackframe+0x11c/0x260 [ 944.587730][ C0] Read of size 8 at addr ffffaf80218c7fa0 by task syz-executor.1/2055 [ 944.589211][ C0] [ 944.591401][ C0] CPU: 0 PID: 2055 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 944.593503][ C0] Hardware name: riscv-virtio,qemu (DT) [ 944.595781][ C0] Call Trace: [ 944.596990][ C0] [] dump_backtrace+0x2e/0x3c [ 944.598501][ C0] [] show_stack+0x34/0x40 [ 944.599950][ C0] [] dump_stack_lvl+0xe4/0x150 [ 944.601421][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 944.603344][ C0] [] kasan_report+0x184/0x1e0 [ 944.604935][ C0] [] __asan_load8+0x6e/0x96 [ 944.606495][ C0] [] walk_stackframe+0x11c/0x260 [ 944.607969][ C0] [] arch_stack_walk+0x2c/0x3c [ 944.609410][ C0] [] stack_trace_save+0xa6/0xd8 [ 944.611158][ C0] [ 944.611992][ C0] The buggy address belongs to the page: [ 944.613558][ C0] page:ffffaf807afb87f8 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa1ac7 [ 944.615307][ C0] flags: 0xa000000000(section=20|node=0|zone=0) [ 944.617756][ C0] raw: 000000a000000000 ffffaf807a85a358 ffffaf807a8e2630 0000000000000000 [ 944.619168][ C0] raw: 0000000000000000 ffffaf800febdde0 00000000ffffffff 0000000000000000 [ 944.620472][ C0] raw: 00000000000007ff [ 944.621519][ C0] page dumped because: kasan: bad access detected [ 944.623480][ C0] page_owner tracks the page as freed [ 944.624492][ C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 2667, ts 926938640500, free_ts 928570857100 [ 944.626793][ C0] __set_page_owner+0x48/0x136 [ 944.627978][ C0] post_alloc_hook+0xd0/0x10a [ 944.629109][ C0] get_page_from_freelist+0x8da/0x12d8 [ 944.630493][ C0] __alloc_pages+0x150/0x3b6 [ 944.631746][ C0] alloc_pages+0x132/0x2a6 [ 944.633116][ C0] __pmd_alloc+0x4e/0x4cc [ 944.634401][ C0] __handle_mm_fault+0xa44/0x23a4 [ 944.635835][ C0] handle_mm_fault+0x296/0x674 [ 944.637095][ C0] do_page_fault+0x308/0xa3c [ 944.638484][ C0] ret_from_exception+0x0/0x10 [ 944.639673][ C0] padzero+0xb8/0xde [ 944.640932][ C0] page last free stack trace: [ 944.641761][ C0] __reset_page_owner+0x4a/0xea [ 944.642904][ C0] free_pcp_prepare+0x29c/0x45e [ 944.645108][ C0] free_unref_page+0x6a/0x31e [ 944.646253][ C0] __free_pages+0xe2/0x112 [ 944.647409][ C0] free_pages.part.0+0xe0/0xf6 [ 944.648532][ C0] free_pages+0xe/0x18 [ 944.649814][ C0] free_pgd_range+0x8b0/0xc54 [ 944.651033][ C0] free_pgtables+0x1bc/0x1c8 [ 944.652200][ C0] exit_mmap+0x168/0x412 [ 944.655086][ C0] mmput+0xee/0x2c2 [ 944.656397][ C0] do_exit+0x6f2/0x18fc [ 944.657554][ C0] do_group_exit+0x90/0x17e [ 944.658818][ C0] __wake_up_parent+0x0/0x4a [ 944.660023][ C0] ret_from_syscall+0x0/0x2 [ 944.661401][ C0] [ 944.662167][ C0] Memory state around the buggy address: [ 944.665225][ C0] ffffaf80218c7e80: 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 [ 944.666795][ C0] ffffaf80218c7f00: 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 [ 944.668167][ C0] >ffffaf80218c7f80: 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 [ 944.669471][ C0] ^ [ 944.670728][ C0] ffffaf80218c8000: f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 944.672113][ C0] ffffaf80218c8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 944.675282][ C0] ================================================================== [ 944.676653][ C0] Disabling lock debugging due to kernel taint [ 944.682864][ T2055] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 944.685081][ T2055] CPU: 0 PID: 2055 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 944.689281][ T2055] Hardware name: riscv-virtio,qemu (DT) [ 944.690499][ T2055] Call Trace: [ 944.691226][ T2055] [] dump_backtrace+0x2e/0x3c [ 944.692586][ T2055] [] show_stack+0x34/0x40 [ 944.693836][ T2055] [] dump_stack_lvl+0xe4/0x150 [ 944.695787][ T2055] [] dump_stack+0x1c/0x24 [ 944.697116][ T2055] [] panic+0x24a/0x634 [ 944.698505][ T2055] [] schedule+0x0/0x14c [ 944.699943][ T2055] [] preempt_schedule_irq+0x4a/0x13e [ 944.701340][ T2055] [] resume_kernel+0x16/0x18 [ 944.702997][ T2055] SMP: stopping secondary CPUs [ 944.706531][ T2055] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:33:23 Registers: info registers vcpu 0 pc ffffffff80dc15ca mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475aca sepc ffffffff82e8a0a2 mcause 8000000000000007 scause 8000000000000001 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc15ca x2/sp ffffaf80218c7980 x3/gp ffffffff85863ac0 x4/tp ffffaf800b0f1840 x5/t0 ffffffff86bcb657 x6/t1 aaae345b4d1af400 x7/t2 0000000000000000 x8/s0 ffffaf80218c79a0 x9/s1 ffffffff86e58900 x10/a0 ffff8f800066c001 x11/a1 0000000000000007 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc15ca x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 0000000000000001 x19/s3 ffffaf80218c7a80 x20/s4 ffffffff86e58900 x21/s5 0000000000000000 x22/s6 ffffffff86e58950 x23/s7 ffffffff8588c3e0 x24/s8 ffffffff8588c220 x25/s9 ffffffff84a88520 x26/s10 ffffffff858655c0 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f004318edc x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff800058f0 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff800058f4 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff800058ec x2/sp ffffaf800742bf40 x3/gp ffffffff85863ac0 x4/tp ffffaf8007410000 x5/t0 ffffaf8007423580 x6/t1 fffff5ef0b53eb62 x7/t2 ffffffffffffffff x8/s0 ffffaf800742bf50 x9/s1 ffffaf8007410000 x10/a0 0000000000000001 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff800058ec x14/a4 ffffaf8007411000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf805a9f5b13 x18/s2 0000000000000001 x19/s3 0000000000000002 x20/s4 0000000000000007 x21/s5 ffffffff8588b420 x22/s6 ffffaf8007410000 x23/s7 fffffffffffffffd x24/s8 00000000800130f0 x25/s9 0000000000000000 x26/s10 0000000000000000 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef0b53eb62 x30/t5 fffff5ef0b53eb63 x31/t6 0000000000000002 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000