Why is my buffer stored in two locations in stack?

Code:

#include <stdio.h>

    int main(int argc, char *argv[]){
    char buf[512];
    strcpy(buf, argv[1]);
    return 0;
}

Compilation:

gcc -g -z execstack buf.c -o buf -fno-stack-protector

Question:

So Basically using gdb I set a breakpoint on line return 0; and run the script as follow: run $(python -c 'print "A"*600'), and then when I do x/600x $rsp, I get my buffer start at:

0x7fffffffdcf0: 0xffffdfe8      0x00007fff      0xf7fd3298      0x00000002
0x7fffffffdd00: 0x41414141      0x41414141      0x41414141      0x41414141
0x7fffffffdd10: 0x41414141      0x41414141      0x41414141      0x41414141

// it goes on... until
0x7fffffffdf50: 0x41414141      0x41414141      0x00000000      0x00000000

But then when I go further down the stack, I also see:

0x7fffffffe2f0: 0x776f6c66      0x6675622f      0x41414100      0x41414141
0x7fffffffe300: 0x41414141      0x41414141      0x41414141      0x41414141

// It goes until
0x7fffffffe540: 0x41414141      0x41414141      0x41414141      0x41414141
0x7fffffffe550: 0x48530041      0x3d4c4c45      0x6e69622f      0x7361622f

Also for buffer overflow exploit, If I use first location, my exploit doesn't work, but if I use second location it works.

So May I know why is my buffer stored in two different locations?

Your buffer isn’t stored in two places. You’re just copying the data yourself in your code. There’s the input that’s given to main and then your buffer where you copy the input. That’s two copies of it but only one is your buffer.

Using gdb to show where argv[1] is stored will also show this:

p argv[1]
$1 = 0x7ffffffee2ce 'A' <repeats 600 times>

The address will of course be different on different systems.