ci starts bisection 2024-07-17 08:14:51.486094322 +0000 UTC m=+52599.847739940 bisecting cause commit starting from d67978318827d06f1c0fa4c31343a279e9df6fde building syzkaller on b66b37bddfae6c25ab8146aae081e25ed554eafd ensuring issue is reproducible on original commit d67978318827d06f1c0fa4c31343a279e9df6fde testing commit d67978318827d06f1c0fa4c31343a279e9df6fde gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 7d72e67199d001c428545d9120276589a45492b057dc705245ece49fb9e5a4dc all runs: crashed: general protection fault in __io_remove_buffers representative crash: general protection fault in __io_remove_buffers, types: [UNKNOWN] check whether we can drop unnecessary instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit d67978318827d06f1c0fa4c31343a279e9df6fde gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d63f5a1f442baaa98516ab3de1b7e33c52edfc2ade3ce4993c4c55bb2c375efb all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] the bug reproduces without the instrumentation disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed kconfig minimization: base=3993 full=8038 leaves diff=2005 split chunks (needed=false): <2005> split chunk #0 of len 2005 into 5 parts testing without sub-chunk 1/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN], they are not needed testing commit d67978318827d06f1c0fa4c31343a279e9df6fde gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 37dd33514aa204357885e6a9095e5695bd1c6e862e2bfc1f4ebf26f701b94f3b all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG KASAN LOCKDEP], they are not needed testing commit d67978318827d06f1c0fa4c31343a279e9df6fde gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9ff81c5beb5870cdcb4a079f2d2fd9b33fcd7465116ec828e8147ab2be7046ac all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit d67978318827d06f1c0fa4c31343a279e9df6fde gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 44b3f74f905be813b5be0561f8ed32401d594f337841c20a61f0582e1ff80290 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit d67978318827d06f1c0fa4c31343a279e9df6fde gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5cef632d487fc266cddb43cbe96b29ddde5d654ff4758efc778132fe8ebcac69 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit d67978318827d06f1c0fa4c31343a279e9df6fde gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b49f2c7f8c89b1f1dfb78ae4b77504ed952b01ccf35510e26edbe47f1269d8aa all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] the chunk can be dropped disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed picked [v6.10 v6.9 v6.8 v6.6 v6.4 v6.2 v6.0 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 33 release tags testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: bc4f5baff6050dc6fc7c26c3622e769dd0e3c46780dd7a635101514f6740b568 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 88399b0c2faa8e298d8a8bc94c9cced871fa6f59c2ed1b5561d37b4e54f6ba0b all runs: OK false negative chance: 0.000 # git bisect start 0c3836482481200ead7b416ca80c68a29cfdaabd a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 Bisecting: 7190 revisions left to test after this (roughly 13 steps) [33e02dc69afbd8f1b85a51d74d72f139ba4ca623] Merge tag 'sound-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 33e02dc69afbd8f1b85a51d74d72f139ba4ca623 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2d08945c52631261d8534d8f48c5839146440f7bcdbb3bc02f536310266e59d0 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad 33e02dc69afbd8f1b85a51d74d72f139ba4ca623 Bisecting: 4252 revisions left to test after this (roughly 12 steps) [b850dc206a57ae272c639e31ac202ec0c2f46960] Merge tag 'firewire-updates-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394 testing commit b850dc206a57ae272c639e31ac202ec0c2f46960 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 93c1cc40fbd668a68ab24df0f093c709ab9b8e8fbcb4b91d3621dfed58a4ef99 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad b850dc206a57ae272c639e31ac202ec0c2f46960 Bisecting: 1559 revisions left to test after this (roughly 11 steps) [59729c8a76544d9d7651287a5d28c5bf7fc9fccc] Merge tag 'tag-chrome-platform-for-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux testing commit 59729c8a76544d9d7651287a5d28c5bf7fc9fccc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c8c894ab551d07ca4a77de1305b58485a979f763e8342d51b46ee95b25a3db29 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad 59729c8a76544d9d7651287a5d28c5bf7fc9fccc Bisecting: 732 revisions left to test after this (roughly 10 steps) [14a60290edf6d947b9e2210f7a223bcc6af1716a] Merge tag 'soc-drivers-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 14a60290edf6d947b9e2210f7a223bcc6af1716a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e31247435c73ebca412a7958c9d936bac1267b90473b832e36111ce01b4c85bc all runs: OK false negative chance: 0.000 # git bisect good 14a60290edf6d947b9e2210f7a223bcc6af1716a Bisecting: 402 revisions left to test after this (roughly 9 steps) [f4e8d80292859809ea135e9f4c43bae47e4f58bc] Merge tag 'vfs-6.10.rw' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs testing commit f4e8d80292859809ea135e9f4c43bae47e4f58bc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4b900cb43c93a438088a6bc46ca5b105230dcb35b8c7a172c52451bb84bac01b all runs: OK false negative chance: 0.000 # git bisect good f4e8d80292859809ea135e9f4c43bae47e4f58bc Bisecting: 208 revisions left to test after this (roughly 8 steps) [92f74f7f4083cb7b1fdab807cbbe4f5ece534fbc] Merge tag 'execve-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux testing commit 92f74f7f4083cb7b1fdab807cbbe4f5ece534fbc gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 37357637dbdde5e18c71a38b6beb3c79ced11dc8912608b888de6d0b715c30f5 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad 92f74f7f4083cb7b1fdab807cbbe4f5ece534fbc Bisecting: 96 revisions left to test after this (roughly 7 steps) [3d8f874bd620ce03f75a5512847586828ab86544] io_uring: fail NOP if non-zero op flags is passed in testing commit 3d8f874bd620ce03f75a5512847586828ab86544 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a2dff4a25ac05b7967e1c6ae579aa4f1b6c2ace4d3dbc465dd3d578f2f2e7ba9 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad 3d8f874bd620ce03f75a5512847586828ab86544 Bisecting: 48 revisions left to test after this (roughly 6 steps) [e270bfd22a2a10d1cfbaddf23e79b6d0b405d21e] io_uring/kbuf: vmap pinned buffer ring testing commit e270bfd22a2a10d1cfbaddf23e79b6d0b405d21e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 69391f3eb7849eb31ab697697a000d4885e28cc26f5d5e703073257a70cb2e21 all runs: OK false negative chance: 0.000 # git bisect good e270bfd22a2a10d1cfbaddf23e79b6d0b405d21e Bisecting: 24 revisions left to test after this (roughly 5 steps) [d6e295061f239bee48c9e49313f68042121e21c2] io_uring/notif: shrink account_pages to u32 testing commit d6e295061f239bee48c9e49313f68042121e21c2 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b7e7a41c727558060aa92fd486bb4d5a53513b7e0320b1a52b4e777d2142df4f all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad d6e295061f239bee48c9e49313f68042121e21c2 Bisecting: 11 revisions left to test after this (roughly 4 steps) [6b7f864bb70591b1ba8f538c13de2a8396bfec8a] io_uring/net: get rid of io_notif_complete_tw_ext testing commit 6b7f864bb70591b1ba8f538c13de2a8396bfec8a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4595b8d3e6dd76e2efd3f53f878302cd701a20b6bad83ad9686609a760c4f0e7 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad 6b7f864bb70591b1ba8f538c13de2a8396bfec8a Bisecting: 5 revisions left to test after this (roughly 3 steps) [f39130004d3a9155d113284c19b5a7c2eccb43fe] io_uring: kill dead code in io_req_complete_post testing commit f39130004d3a9155d113284c19b5a7c2eccb43fe gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b3a2ebec25e71d10c9e94c4d2d52fef065df750eb105237d4e784c0eda15d2fc all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad f39130004d3a9155d113284c19b5a7c2eccb43fe Bisecting: 2 revisions left to test after this (roughly 2 steps) [f15ed8b4d0ce2c0831232ff85117418740f0c529] io_uring: move mapping/allocation helpers to a separate file testing commit f15ed8b4d0ce2c0831232ff85117418740f0c529 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a95dbe50c40fef626d7bca84d0d61213f0afa3a605040988bb9a4d40634e9318 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad f15ed8b4d0ce2c0831232ff85117418740f0c529 Bisecting: 0 revisions left to test after this (roughly 1 step) [18595c0a58ae29ac6a996c5b664610119b73182d] io_uring: use unpin_user_pages() where appropriate testing commit 18595c0a58ae29ac6a996c5b664610119b73182d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 18c6d9ea70ff09e6c9603b426b4f6dfb22b226a18b207b108697b3aa73af4f94 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad 18595c0a58ae29ac6a996c5b664610119b73182d Bisecting: 0 revisions left to test after this (roughly 0 steps) [87585b05757dc70545efb434669708d276125559] io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring testing commit 87585b05757dc70545efb434669708d276125559 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9f2bc3c5d0f875009f4985ec4717297e37f5156763199e7a91203bff5182f551 all runs: crashed: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers representative crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers, types: [UNKNOWN] # git bisect bad 87585b05757dc70545efb434669708d276125559 87585b05757dc70545efb434669708d276125559 is the first bad commit commit 87585b05757dc70545efb434669708d276125559 Author: Jens Axboe Date: Tue Mar 12 20:24:21 2024 -0600 io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring Rather than use remap_pfn_range() for this and manually free later, switch to using vm_insert_page() and have it Just Work. This requires a bit of effort on the mmap lookup side, as the ctx uring_lock isn't held, which otherwise protects buffer_lists from being torn down, and it's not safe to grab from mmap context that would introduce an ABBA deadlock between the mmap lock and the ctx uring_lock. Instead, lookup the buffer_list under RCU, as the the list is RCU freed already. Use the existing reference count to determine whether it's possible to safely grab a reference to it (eg if it's not zero already), and drop that reference when done with the mapping. If the mmap reference is the last one, the buffer_list and the associated memory can go away, since the vma insertion has references to the inserted pages at that point. Signed-off-by: Jens Axboe include/linux/io_uring_types.h | 3 - io_uring/io_uring.c | 58 +++++------------- io_uring/io_uring.h | 6 +- io_uring/kbuf.c | 134 ++++++++--------------------------------- io_uring/kbuf.h | 3 +- 5 files changed, 47 insertions(+), 157 deletions(-) accumulated error probability: 0.00 culprit signature: 9f2bc3c5d0f875009f4985ec4717297e37f5156763199e7a91203bff5182f551 parent signature: 69391f3eb7849eb31ab697697a000d4885e28cc26f5d5e703073257a70cb2e21 revisions tested: 23, total time: 5h30m16.441995907s (build: 3h25m2.584646113s, test: 1h49m53.272388276s) first bad commit: 87585b05757dc70545efb434669708d276125559 io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring recipients (to): ["axboe@kernel.dk" "axboe@kernel.dk" "io-uring@vger.kernel.org"] recipients (cc): ["asml.silence@gmail.com" "linux-kernel@vger.kernel.org"] crash: BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers BUG: kernel NULL pointer dereference, address: 0000000000000002 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Workqueue: iou_exit io_ring_exit_work RIP: 0010:__io_remove_buffers+0x23/0x150 io_uring/kbuf.c:191 Code: 90 90 90 90 90 90 90 55 41 57 41 56 41 55 41 54 53 50 45 31 ed 85 d2 74 7a 49 89 f6 80 7e 20 00 0f 84 83 00 00 00 49 8b 7e 08 <44> 0f b7 6f 0e 41 0f b7 6e 16 66 41 83 7e 12 00 74 48 4d 8d 7e 12 RSP: 0018:ffffc90000127cc0 EFLAGS: 00010202 RAX: ffff8881052f7000 RBX: ffff8881052f7000 RCX: 0000000000000001 RDX: 00000000ffffffff RSI: ffff8881052f7000 RDI: fffffffffffffff4 RBP: 0000000000000005 R08: ffffc90000127cba R09: 0000000000000402 R10: ffff8881052f7000 R11: 0000000000000000 R12: ffff88810dad3198 R13: 0000000000000000 R14: ffff8881052f7000 R15: ffffc90000127d00 FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000002 CR3: 000000010279c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: io_put_bl io_uring/kbuf.c:228 [inline] io_destroy_buffers+0x94/0x160 io_uring/kbuf.c:242 io_ring_ctx_free+0x1d8/0x3b0 io_uring/io_uring.c:2891 io_ring_exit_work+0x270/0x2a0 io_uring/io_uring.c:3122 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0x2a3/0x5b0 kernel/workqueue.c:3335 worker_thread+0x23e/0x300 kernel/workqueue.c:3416 kthread+0xea/0x100 kernel/kthread.c:388 ret_from_fork+0x32/0x40 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: CR2: 0000000000000002 ---[ end trace 0000000000000000 ]--- RIP: 0010:__io_remove_buffers+0x23/0x150 io_uring/kbuf.c:191 Code: 90 90 90 90 90 90 90 55 41 57 41 56 41 55 41 54 53 50 45 31 ed 85 d2 74 7a 49 89 f6 80 7e 20 00 0f 84 83 00 00 00 49 8b 7e 08 <44> 0f b7 6f 0e 41 0f b7 6e 16 66 41 83 7e 12 00 74 48 4d 8d 7e 12 RSP: 0018:ffffc90000127cc0 EFLAGS: 00010202 RAX: ffff8881052f7000 RBX: ffff8881052f7000 RCX: 0000000000000001 RDX: 00000000ffffffff RSI: ffff8881052f7000 RDI: fffffffffffffff4 RBP: 0000000000000005 R08: ffffc90000127cba R09: 0000000000000402 R10: ffff8881052f7000 R11: 0000000000000000 R12: ffff88810dad3198 R13: 0000000000000000 R14: ffff8881052f7000 R15: ffffc90000127d00 FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000002 CR3: 000000010279c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 55 push %rbp 8: 41 57 push %r15 a: 41 56 push %r14 c: 41 55 push %r13 e: 41 54 push %r12 10: 53 push %rbx 11: 50 push %rax 12: 45 31 ed xor %r13d,%r13d 15: 85 d2 test %edx,%edx 17: 74 7a je 0x93 19: 49 89 f6 mov %rsi,%r14 1c: 80 7e 20 00 cmpb $0x0,0x20(%rsi) 20: 0f 84 83 00 00 00 je 0xa9 26: 49 8b 7e 08 mov 0x8(%r14),%rdi * 2a: 44 0f b7 6f 0e movzwl 0xe(%rdi),%r13d <-- trapping instruction 2f: 41 0f b7 6e 16 movzwl 0x16(%r14),%ebp 34: 66 41 83 7e 12 00 cmpw $0x0,0x12(%r14) 3a: 74 48 je 0x84 3c: 4d 8d 7e 12 lea 0x12(%r14),%r15