ci2 starts bisection 2025-10-10 00:02:02.213563773 +0000 UTC m=+120.992030290
bisecting fixing commit since 1154f779f3f3d196ace7d5084498f5d7f418ba64
building syzkaller on 7368264b463a401571d2eb381f50ea2a758e9d05
ensuring issue is reproducible on original commit 1154f779f3f3d196ace7d5084498f5d7f418ba64

testing commit 1154f779f3f3d196ace7d5084498f5d7f418ba64 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f64f4a3bab7d3b7be16494d73d415c6fa377e3526aa0b69c06a623ded9d18e70
run #0: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #1: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #2: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #3: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #4: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #5: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #6: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #7: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #8: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #9: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #10: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #11: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #12: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #13: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #14: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #15: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #16: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #17: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #18: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #19: OK
representative crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device, types: [MEMORY_SAFETY_UBSAN]
check whether we can drop unnecessary instrumentation
disabling configs for [locking atomic_sleep hang memleak bug_or_warning kasan], they are not needed
testing commit 1154f779f3f3d196ace7d5084498f5d7f418ba64 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 506cdae6ff609e974828ccda0507d4d9d8b06e0c871957f044704d6f36b00170
run #0: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #1: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #2: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
representative crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device, types: [MEMORY_SAFETY_UBSAN]
kconfig minimization: base=4788 full=6025 leaves diff=250
split chunks (needed=false): <250>
split chunk #0 of len 250 into 5 parts
testing without sub-chunk 1/5
testing commit 1154f779f3f3d196ace7d5084498f5d7f418ba64 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1fc3cf0984f5e3bc84cf20e50c8ae870e8d3d53d15e48897d112b7cd753a68db
all runs: OK
false negative chance: 0.000
testing without sub-chunk 2/5
testing commit 1154f779f3f3d196ace7d5084498f5d7f418ba64 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 20a1e14bc0a1a7b9b9dafc2fc67fc0d477aed04af770e6a4c75bc378cc9cb824
run #0: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #1: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #2: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #3: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #4: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #5: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #6: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #7: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #8: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #9: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #10: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #11: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #12: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device, types: [MEMORY_SAFETY_UBSAN]
the chunk can be dropped
testing without sub-chunk 3/5
testing commit 1154f779f3f3d196ace7d5084498f5d7f418ba64 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a095ceea89fd4f578c6bff6a4497ade56263df590ba885c23f6a3977e1f64047
run #0: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #1: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #2: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #3: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #4: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #5: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #6: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #7: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #8: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #9: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #10: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #11: OK
run #12: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device, types: [MEMORY_SAFETY_UBSAN]
the chunk can be dropped
testing without sub-chunk 4/5
testing commit 1154f779f3f3d196ace7d5084498f5d7f418ba64 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 89078774356a4211506b50758d5ba38bd0cc7dbca18bba78d1e423e16084af1d
run #0: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #1: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #2: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #3: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #4: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #5: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #6: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #7: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #8: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #9: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #10: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #11: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #12: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #13: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device, types: [MEMORY_SAFETY_UBSAN]
the chunk can be dropped
testing without sub-chunk 5/5
testing commit 1154f779f3f3d196ace7d5084498f5d7f418ba64 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 19eb776c2cd478f1bd239d7212d8ba3bee7c228b96bb8e5fc1d325b6a05c9252
run #0: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #1: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #2: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #3: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #4: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #5: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #6: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #7: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #8: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device, types: [MEMORY_SAFETY_UBSAN]
the chunk can be dropped
minimized to 50 configs; suspects: [ARCH_CONFIGURES_CPU_MITIGATIONS ARCH_HAS_CPU_FINALIZE_INIT ARCH_WANT_FRAME_POINTERS BLK_DEV_INITRD CFG80211 CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS DEBUG_INFO_BTF DRAGONRISE_FF DRM DRM_BRIDGE DRM_GEM_SHMEM_HELPER DRM_KMS_HELPER DRM_PANEL DRM_PANEL_BRIDGE DRM_PANEL_ORIENTATION_QUIRKS DRM_TTM DRM_TTM_DMA_PAGE_POOL DRM_VIRTIO_GPU DUMMY_CONSOLE DVB_CORE FB FB_CMDLINE FB_DEFERRED_IO FB_NOTIFY FB_SYS_COPYAREA FB_SYS_FILLRECT FB_SYS_FOPS FB_SYS_IMAGEBLIT GPIOLIB_IRQCHIP GREENASIA_FF HDMI HID_A4TECH HID_ACRUX HID_ACRUX_FF HID_APPLEIR HID_AUREAL HID_BELKIN HID_CHERRY HID_CHICONY HID_CP2112 HID_CYPRESS HID_DRAGONRISE HID_ELO HID_EMS_FF HID_EZKEY HID_GREENASIA HID_GT683R HID_GYRATION HID_ICADE HID_ITE HID_KENSINGTON HID_KEYTOUCH HID_KYE HID_LCPOWER HID_LED HID_LENOVO HID_MONTEREY HID_NTI HID_NTRIG MEDIA_DIGITAL_TV_SUPPORT RFKILL VT WIRELESS]
testing current HEAD 2ece552169c277a60a8b4ee62c478d6224db2db1
testing commit 2ece552169c277a60a8b4ee62c478d6224db2db1 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f2911c4320d172a4bb0d0914992891bc32e200e35ecdb0e35e94b204560e5043
run #0: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #1: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #2: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #3: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #4: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #5: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #6: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #7: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #8: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #9: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #10: crashed: UBSAN: array-index-out-of-bounds in uinput_destroy_device
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
representative crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device, types: [MEMORY_SAFETY_UBSAN]
crash still not fixed/happens on the oldest tested release
reproducer is flaky (0.50 repro chance estimate)
revisions tested: 8, total time: 4h49m6.548585117s (build: 57m17.196640649s, test: 1h47m23.702419873s)
crash still not fixed or there were kernel test errors
commit msg: Revert "genirq: Export affinity setter for modules"
crash: UBSAN: array-index-out-of-bounds in uinput_destroy_device
input: syz1 as /devices/virtual/input/input368
================================================================================
UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9
index 264 is out of range for type 'long unsigned int [8]'
CPU: 0 PID: 1854 Comm: syz.2.382 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack_lvl+0x81/0xac lib/dump_stack.c:118
 dump_stack+0x10/0x12 lib/dump_stack.c:135
 ubsan_epilogue+0x9/0x32 lib/ubsan.c:148
 __ubsan_handle_out_of_bounds.cold+0x44/0x49 lib/ubsan.c:347
 decode_tail kernel/locking/qspinlock.c:130 [inline]
 __pv_queued_spin_lock_slowpath+0xaf0/0xc10 kernel/locking/qspinlock.c:468
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:554 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock_flags include/linux/spinlock.h:195 [inline]
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [inline]
 _raw_spin_lock_irqsave+0xf6/0x120 kernel/locking/spinlock.c:159
 complete+0x18/0x70 kernel/sched/completion.c:32
 uinput_flush_requests drivers/input/misc/uinput.c:213 [inline]
 uinput_destroy_device+0x179/0x200 drivers/input/misc/uinput.c:298
 uinput_release+0x37/0x60 drivers/input/misc/uinput.c:758
 __fput+0x237/0x760 fs/file_table.c:281
 ____fput+0x9/0x10 fs/file_table.c:314
 task_work_run+0xc2/0x140 kernel/task_work.c:189
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x150/0x160 kernel/entry/common.c:199
 syscall_exit_to_user_mode+0x27/0x160 kernel/entry/common.c:274
 do_syscall_64+0x3f/0x50 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f9bf787ab69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9bf72eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007f9bf7aa1fa0 RCX: 00007f9bf787ab69
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
RBP: 00007f9bf78fddf1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f9bf7aa1fa0 R15: 00007ffe416c85f8
================================================================================
general protection fault, probably for non-canonical address 0xdffffc000000aec8: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000000057640-0x0000000000057647]
CPU: 0 PID: 1854 Comm: syz.2.382 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:__pv_queued_spin_lock_slowpath+0x59d/0xc10 kernel/locking/qspinlock.c:471
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 53 05 00 00 4a 03 1c ed 40 47 0c 85 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 23 05 00 00 4c 8d 73 14 4c 89 a5 68 ff ff ff 4c
RSP: 0018:ffffc9000424fc20 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000057641 RCX: ffffffff8133df91
RDX: 000000000000aec8 RSI: 0000000000000004 RDI: ffffffff850c4f80
RBP: ffffc9000424fcf0 R08: 0000000000000001 R09: 0000000000000003
R10: fffffbfff0bc993c R11: 0000000000000001 R12: ffffc9000426fc68
R13: 0000000000000108 R14: 000000000000fc00 R15: ffff8881f7257600
FS:  00007f9bf72eb6c0(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb0685aaf98 CR3: 0000000114bb1000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:554 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock_flags include/linux/spinlock.h:195 [inline]
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [inline]
 _raw_spin_lock_irqsave+0xf6/0x120 kernel/locking/spinlock.c:159
 complete+0x18/0x70 kernel/sched/completion.c:32
 uinput_flush_requests drivers/input/misc/uinput.c:213 [inline]
 uinput_destroy_device+0x179/0x200 drivers/input/misc/uinput.c:298
 uinput_release+0x37/0x60 drivers/input/misc/uinput.c:758
 __fput+0x237/0x760 fs/file_table.c:281
 ____fput+0x9/0x10 fs/file_table.c:314
 task_work_run+0xc2/0x140 kernel/task_work.c:189
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x150/0x160 kernel/entry/common.c:199
 syscall_exit_to_user_mode+0x27/0x160 kernel/entry/common.c:274
 do_syscall_64+0x3f/0x50 arch/x86/entry/common.c:56
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f9bf787ab69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9bf72eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: 0000000000000000 RBX: 00007f9bf7aa1fa0 RCX: 00007f9bf787ab69
RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
RBP: 00007f9bf78fddf1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f9bf7aa1fa0 R15: 00007ffe416c85f8
Modules linked in:
---[ end trace 27b31c95e5712e77 ]---
RIP: 0010:__pv_queued_spin_lock_slowpath+0x59d/0xc10 kernel/locking/qspinlock.c:471
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 53 05 00 00 4a 03 1c ed 40 47 0c 85 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 23 05 00 00 4c 8d 73 14 4c 89 a5 68 ff ff ff 4c
RSP: 0018:ffffc9000424fc20 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000057641 RCX: ffffffff8133df91
RDX: 000000000000aec8 RSI: 0000000000000004 RDI: ffffffff850c4f80
RBP: ffffc9000424fcf0 R08: 0000000000000001 R09: 0000000000000003
R10: fffffbfff0bc993c R11: 0000000000000001 R12: ffffc9000426fc68
R13: 0000000000000108 R14: 000000000000fc00 R15: ffff8881f7257600
FS:  00007f9bf72eb6c0(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb0685aaf98 CR3: 0000000114bb1000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 89 fa             	mov    %rdi,%rdx
   3:	48 c1 ea 03          	shr    $0x3,%rdx
   7:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   b:	0f 85 53 05 00 00    	jne    0x564
  11:	4a 03 1c ed 40 47 0c 	add    -0x7af3b8c0(,%r13,8),%rbx
  18:	85
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 da             	mov    %rbx,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 23 05 00 00    	jne    0x557
  34:	4c 8d 73 14          	lea    0x14(%rbx),%r14
  38:	4c 89 a5 68 ff ff ff 	mov    %r12,-0x98(%rbp)
  3f:	4c                   	rex.WR