==================================================================
BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70 fs/sysfs/file.c:522
Read of size 8 at addr ffff888078db6c30 by task syz.4.1138/11153
CPU: 0 UID: 0 PID: 11153 Comm: syz.4.1138 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xcd/0x630 mm/kasan/report.c:482
kasan_report+0xe0/0x110 mm/kasan/report.c:595
sysfs_remove_file_ns+0x63/0x70 fs/sysfs/file.c:522
sysfs_remove_file include/linux/sysfs.h:777 [inline]
driver_remove_file drivers/base/driver.c:201 [inline]
driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
remove_bind_files drivers/base/bus.c:605 [inline]
bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
driver_unregister+0x76/0xb0 drivers/base/driver.c:277
comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207
do_devconfig_ioctl+0x555/0x710 drivers/comedi/comedi_fops.c:848
comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2173
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl fs/ioctl.c:584 [inline]
__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:584
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f4918ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8f4a07d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8f493b5fa0 RCX: 00007f8f4918ebe9
RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000004
RBP: 00007f8f49211e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8f493b6038 R14: 00007f8f493b5fa0 R15: 00007ffdaa52b328
Allocated by task 10666:
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:388 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:405
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4365 [inline]
__kmalloc_noprof+0x223/0x510 mm/slub.c:4377
kmalloc_noprof include/linux/slab.h:909 [inline]
kmalloc_array_noprof include/linux/slab.h:948 [inline]
__list_lru_init+0xe8/0x4c0 mm/list_lru.c:588
alloc_super+0x904/0xbd0 fs/super.c:391
sget_fc+0x116/0xc20 fs/super.c:761
sget_dev fs/super.c:1406 [inline]
get_tree_bdev_flags+0x1ba/0x620 fs/super.c:1678
vfs_get_tree+0x8e/0x340 fs/super.c:1815
do_new_mount fs/namespace.c:3808 [inline]
path_mount+0x1513/0x2000 fs/namespace.c:4123
do_mount fs/namespace.c:4136 [inline]
__do_sys_mount fs/namespace.c:4347 [inline]
__se_sys_mount fs/namespace.c:4324 [inline]
__x64_sys_mount+0x28d/0x310 fs/namespace.c:4324
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 5861:
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
poison_slab_object mm/kasan/common.c:243 [inline]
__kasan_slab_free+0x60/0x70 mm/kasan/common.c:275
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2417 [inline]
slab_free mm/slub.c:4680 [inline]
kfree+0x2b4/0x4d0 mm/slub.c:4879
list_lru_destroy mm/list_lru.c:611 [inline]
list_lru_destroy+0x152/0x700 mm/list_lru.c:602
deactivate_locked_super+0xe1/0x1a0 fs/super.c:484
deactivate_super fs/super.c:507 [inline]
deactivate_super+0xde/0x100 fs/super.c:503
cleanup_mnt+0x225/0x450 fs/namespace.c:1375
task_work_run+0x150/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
The buggy address belongs to the object at ffff888078db6c00
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 48 bytes inside of
freed 256-byte region [ffff888078db6c00, ffff888078db6d00)
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888078db7400 pfn:0x78db6
head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000240 ffff88801b841b40 ffffea0001d79590 ffffea0000bed310
raw: ffff888078db7400 000000000010000b 00000000f5000000 0000000000000000
head: 00fff00000000240 ffff88801b841b40 ffffea0001d79590 ffffea0000bed310
head: ffff888078db7400 000000000010000b 00000000f5000000 0000000000000000
head: 00fff00000000001 ffffea0001e36d81 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5861, tgid 5861 (syz-executor), ts 91940896784, free_ts 91913182591
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1c0/0x230 mm/page_alloc.c:1851
prep_new_page mm/page_alloc.c:1859 [inline]
get_page_from_freelist+0x132b/0x38e0 mm/page_alloc.c:3858
__alloc_frozen_pages_noprof+0x261/0x23f0 mm/page_alloc.c:5148
alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2416
alloc_slab_page mm/slub.c:2487 [inline]
allocate_slab mm/slub.c:2655 [inline]
new_slab+0x247/0x330 mm/slub.c:2709
___slab_alloc+0xcf2/0x1740 mm/slub.c:3891
__slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3981
__slab_alloc_node mm/slub.c:4056 [inline]
slab_alloc_node mm/slub.c:4217 [inline]
__do_kmalloc_node mm/slub.c:4364 [inline]
__kmalloc_noprof+0x2f2/0x510 mm/slub.c:4377
kmalloc_noprof include/linux/slab.h:909 [inline]
kzalloc_noprof include/linux/slab.h:1039 [inline]
fib_create_info+0x53f/0x46b0 net/ipv4/fib_semantics.c:1402
fib_table_insert+0x177/0x1c40 net/ipv4/fib_trie.c:1212
fib_magic+0x4d4/0x5c0 net/ipv4/fib_frontend.c:1133
fib_add_ifaddr+0x4d2/0x580 net/ipv4/fib_frontend.c:1177
fib_netdev_event+0x38a/0x710 net/ipv4/fib_frontend.c:1515
notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2229
call_netdevice_notifiers_extack net/core/dev.c:2267 [inline]
call_netdevice_notifiers net/core/dev.c:2281 [inline]
__dev_notify_flags+0x12c/0x2e0 net/core/dev.c:9576
page last free pid 23 tgid 23 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1395 [inline]
__free_frozen_pages+0x7d5/0x10f0 mm/page_alloc.c:2895
rcu_do_batch kernel/rcu/tree.c:2605 [inline]
rcu_core+0x79c/0x1530 kernel/rcu/tree.c:2861
handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
run_ksoftirqd kernel/softirq.c:968 [inline]
run_ksoftirqd+0x3a/0x60 kernel/softirq.c:960
smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
Memory state around the buggy address:
ffff888078db6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff888078db6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888078db6c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888078db6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888078db6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in kernfs_root+0x290/0x2a0 fs/kernfs/kernfs-internal.h:76
Read of size 8 at addr ffffffff9ae6f9d0 by task syz.4.1138/11153
CPU: 1 UID: 0 PID: 11153 Comm: syz.4.1138 Tainted: G B syzkaller #0 PREEMPT(full)
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xcd/0x630 mm/kasan/report.c:482
kasan_report+0xe0/0x110 mm/kasan/report.c:595
kernfs_root+0x290/0x2a0 fs/kernfs/kernfs-internal.h:76
kernfs_remove_by_name_ns+0x2e/0x110 fs/kernfs/dir.c:1711
sysfs_remove_file include/linux/sysfs.h:777 [inline]
driver_remove_file drivers/base/driver.c:201 [inline]
driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
remove_bind_files drivers/base/bus.c:605 [inline]
bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
driver_unregister+0x76/0xb0 drivers/base/driver.c:277
comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207
do_devconfig_ioctl+0x555/0x710 drivers/comedi/comedi_fops.c:848
comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2173
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl fs/ioctl.c:584 [inline]
__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:584
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f4918ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8f4a07d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8f493b5fa0 RCX: 00007f8f4918ebe9
RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000004
RBP: 00007f8f49211e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8f493b6038 R14: 00007f8f493b5fa0 R15: 00007ffdaa52b328
The buggy address belongs to the variable:
__key.1+0x30/0x40
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ae6f
flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002000 ffffea00006b9bc8 ffffea00006b9bc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)
Memory state around the buggy address:
ffffffff9ae6f880: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
ffffffff9ae6f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9
>ffffffff9ae6f980: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9
^
ffffffff9ae6fa00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff9ae6fa80: 00 00 00 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
==================================================================
==================================================================
BUG: KASAN: global-out-of-bounds in kernfs_root+0x29a/0x2a0 fs/kernfs/kernfs-internal.h:79
Read of size 8 at addr ffffffff9ae6fa18 by task syz.4.1138/11153
CPU: 1 UID: 0 PID: 11153 Comm: syz.4.1138 Tainted: G B syzkaller #0 PREEMPT(full)
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xcd/0x630 mm/kasan/report.c:482
kasan_report+0xe0/0x110 mm/kasan/report.c:595
kernfs_root+0x29a/0x2a0 fs/kernfs/kernfs-internal.h:79
kernfs_remove_by_name_ns+0x2e/0x110 fs/kernfs/dir.c:1711
sysfs_remove_file include/linux/sysfs.h:777 [inline]
driver_remove_file drivers/base/driver.c:201 [inline]
driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
remove_bind_files drivers/base/bus.c:605 [inline]
bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
driver_unregister+0x76/0xb0 drivers/base/driver.c:277
comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207
do_devconfig_ioctl+0x555/0x710 drivers/comedi/comedi_fops.c:848
comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2173
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl fs/ioctl.c:584 [inline]
__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:584
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f4918ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8f4a07d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8f493b5fa0 RCX: 00007f8f4918ebe9
RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000004
RBP: 00007f8f49211e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8f493b6038 R14: 00007f8f493b5fa0 R15: 00007ffdaa52b328
The buggy address belongs to the variable:
shadow_nodes_key+0x38/0x40
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ae6f
flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002000 ffffea00006b9bc8 ffffea00006b9bc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner info is not present (never set?)
Memory state around the buggy address:
ffffffff9ae6f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9
ffffffff9ae6f980: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9
>ffffffff9ae6fa00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
^
ffffffff9ae6fa80: 00 00 00 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
ffffffff9ae6fb00: 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
==================================================================
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: null-ptr-deref in atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:4456 [inline]
BUG: KASAN: null-ptr-deref in rwsem_write_trylock kernel/locking/rwsem.c:268 [inline]
BUG: KASAN: null-ptr-deref in __down_write_common kernel/locking/rwsem.c:1316 [inline]
BUG: KASAN: null-ptr-deref in __down_write kernel/locking/rwsem.c:1326 [inline]
BUG: KASAN: null-ptr-deref in down_write+0xb2/0x200 kernel/locking/rwsem.c:1591
Write of size 8 at addr 0000000000000118 by task syz.4.1138/11153
CPU: 1 UID: 0 PID: 11153 Comm: syz.4.1138 Tainted: G B syzkaller #0 PREEMPT(full)
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
kasan_report+0xe0/0x110 mm/kasan/report.c:595
check_region_inline mm/kasan/generic.c:183 [inline]
kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:189
instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:4456 [inline]
rwsem_write_trylock kernel/locking/rwsem.c:268 [inline]
__down_write_common kernel/locking/rwsem.c:1316 [inline]
__down_write kernel/locking/rwsem.c:1326 [inline]
down_write+0xb2/0x200 kernel/locking/rwsem.c:1591
kernfs_remove_by_name_ns+0x3d/0x110 fs/kernfs/dir.c:1712
sysfs_remove_file include/linux/sysfs.h:777 [inline]
driver_remove_file drivers/base/driver.c:201 [inline]
driver_remove_file+0x4a/0x60 drivers/base/driver.c:197
remove_bind_files drivers/base/bus.c:605 [inline]
bus_remove_driver+0x224/0x2c0 drivers/base/bus.c:743
driver_unregister+0x76/0xb0 drivers/base/driver.c:277
comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207
do_devconfig_ioctl+0x555/0x710 drivers/comedi/comedi_fops.c:848
comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2173
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:598 [inline]
__se_sys_ioctl fs/ioctl.c:584 [inline]
__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:584
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f4918ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8f4a07d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8f493b5fa0 RCX: 00007f8f4918ebe9
RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000004
RBP: 00007f8f49211e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f8f493b6038 R14: 00007f8f493b5fa0 R15: 00007ffdaa52b328
==================================================================